Building a Strong Compliance Program That Meets the Revised DOJ Corporate Enforcement Policy

J.S. Held’s Inaugural Global Risk Report Examines Potential Business Risks & Opportunities in 2024

Read More close Created with Sketch.


A corporate compliance program can be thought of as a magnet that brings a company’s compliance efforts together. It is an operational program, not simply a code of expected ethical behavior [1].

An effective compliance program mitigates errors and protects the company from unnecessary risks, litigation, and negative publicity. In the long run, protecting the business from risk has a significant return on investment by preserving brand reputation, bolstering ethical standing, and providing a competitive advantage. Additionally, a well-run corporate compliance program can help your business attract and retain top talent. If that is insufficient impetus, consider the regulatory implications and positions.

In this article, we examine the U.S. Department of Justice’s (DOJ) newly revised Corporate Enforcement Policy (CEP), and detail methodologies and tools corporations can leverage to ensure they have a comprehensive compliance program in place that meets the new CEP and can help them avoid prosecution.

The DOJ’s Updated Incentives for Corporate Compliance [2]

In January 2023, Assistant Attorney General for the DOJ’s criminal division, Kenneth Polite, Jr., announced the most significant changes to the CEP since 2017 with the addition of more incentives for companies to avoid prosecution. The policy changes provide companies new incentives for self-disclosure, cooperation, and remediation.

If aggravating circumstances are present, a company generally will not qualify for a presumption of a declination to prosecute. But under the revised CEP, prosecutors may nonetheless determine that a declination is the appropriate outcome if the company can demonstrate that it has met each of the following three factors:

  • The voluntary self-disclosure was made immediately upon the company becoming aware of the allegation of misconduct;
  • At the time of the misconduct and the disclosure, the company had an effective compliance program and system of internal controls that enabled the identification of the misconduct and led to the company’s voluntary self-disclosure; and
  • The company provided extraordinary cooperation with the DOJ’s investigation and undertook extraordinary remediation.

By creating a voluntary self-disclosure program in each of DOJ’s U.S. Attorney’s offices around the country, geographic differences and uncertainties will be eliminated, according to Deputy Attorney General Lisa Monaco in a recent speech [3]. “I want every general counsel, every executive and board member to take this message to heart: where your company discovers criminal misconduct, the pathway to the best resolution will involve prompt voluntary self-disclosure to the DOJ,” Monaco said.

She pointed to a deferred prosecution agreement (DPA) the DOJ recently entered into with a Swiss multinational engineering firm, despite its history of misconduct. The company voluntarily self-disclosed a Foreign Corrupt Practices Act violation, cooperated with the DOJ, and performed extensive remediation, leading to the DPA. “What this shows is that even a company with a significant history of misconduct has a powerful incentive to make a timely self-disclosure,” Monaco said in the speech.

Putting Together an Effective Corporate Compliance Program

Recently, the Association of Certified Fraud Examiners (ACFE), in its Occupational Fraud 2022: A Report to the Nations, stated that lack of internal controls was the biggest factor contributing to occupational fraud. The report noted that “29% of victim organizations did not have adequate controls in place to prevent the fraud from occurring. Another 20% of cases involved an override of existing internal controls, meaning the victim organization had implemented mechanisms to protect against fraud, but the perpetrator was able to circumvent those controls.” The study concluded that together, “nearly half of the frauds in [the] study likely could have been prevented with a stronger system of anti-fraud controls.” The importance of internal controls, in the event the DOJ shines a light on a company, is evident as it is specifically addressed in the factors noted above.

Figure 1
Figure 1

Considering the findings from that report and the DOJ’s recent guidance, when putting together a strong corporate compliance program, there are certain questions that are essential for organizations to ask and address, including:

  • Does the company have an effective compliance program in place?
  • Are the company’s internal controls operating effectively?
  • Has management periodically assessed the company’s risk for potential fraud and misconduct?

Once those questions have been answered, senior executives should consider several factors as they move toward creating a comprehensive compliance program that both prevents and detects fraud and related misconduct. In doing so, companies should evaluate the strength of their compliance programs in the following areas, which include but are not limited to:

  • Use of Data: Companies should regularly assess risk by leveraging existing data. This may require data specialists to assist in analyzing relevant data and assess employee adherence to protocols as well as establish and monitor reporting metrics.
  • Compliance Program Monitoring: Companies should consider working with independent experts who can:
    • Assist with conducting regular risk assessments to ensure the company stays proactive in keeping up with industry enforcement trends and preventing compliance violations;
    • Advise on the design and implementation of an effective system of internal controls;
    • Assist with ongoing monitoring of internal controls to ascertain whether the components of the company’s internal control are present and functioning [4]; and
    • Conduct employee training.


As Monaco said in her speech: “An ounce of prevention is worth a pound of cure. Investing now in a robust compliance program is good for business, and it is good for our collective economic and national security.”

In light of these policy changes, companies would be wise to fully evaluate their compliance programs, including partnering with experts who specialize in identifying enhancement opportunities to maintain strong compliance programs. By utilizing the right expertise to build, assess, strengthen, and monitor their corporate compliance programs, companies get the type of robust compliance that the DOJ is seeking when it is considering a declination to prosecute and / or reducing the amount of penalties or fines. A strong, comprehensive compliance program can mitigate criminal prosecution, civil litigation, financial losses, and reputational damage.


We would like to thank John Kim, CPA, CFE, and Megan Gilberg, CFE, CVA, for providing insight and expertise that greatly assisted this research.

More About J.S. Held's Contributor

John Kim is a Senior Managing Director in J.S. Held’s Global Investigations practice. John has more than 25 years of global professional experience advising executive leaders, corporate boards, and audit committees through complex accounting, financial reporting, auditing, and compliance issues. He has led numerous highly sensitive investigations and disputes in connection with the application of Generally Accepted Accounting Principles (GAAP), Generally Accepted Auditing Standards (GAAS), and Public Company Accounting Oversight Board (PCAOB) Auditing Standards, anti-bribery, and corruption (Foreign Corrupt Practices Act “FCPA”), employee misconduct, misappropriation of funds, and kickbacks. In addition, John has been extensively involved in developing methodologies and tools for fraud risk assessments and has assisted organizations with their anti-fraud programs and controls. John is a certified public accountant (CPA) and certified fraud examiner (CFE).

John can be reached at [email protected] or +1 201 229 8031.




[3] Monaco made this speech in March 2023 before the American Bar Association National Institute on White Collar Crime.


Find your expert.

This publication is for educational and general information purposes only. It may contain errors and is provided as is. It is not intended as specific advice, legal, or otherwise. Opinions and views are not necessarily those of J.S. Held or its affiliates and it should not be presumed that J.S. Held subscribes to any particular method, interpretation, or analysis merely because it appears in this publication. We disclaim any representation and/or warranty regarding the accuracy, timeliness, quality, or applicability of any of the contents. You should not act, or fail to act, in reliance on this publication and we disclaim all liability in respect to such actions or failure to act. We assume no responsibility for information contained in this publication and disclaim all liability and damages in respect to such information. This publication is not a substitute for competent legal advice. The content herein may be updated or otherwise modified without notice.

noun_Download_747989_000000 Created with Sketch. Download PDF
You May Also Be Interested In

Risky Business: How Fintech Firms Can Build Better AML and Sanctions Risk Assessments

This article examines the risks to Fintechs and how to create an AML and sanctions program that complies with regulatory requirements....


Off-Channel Communications: How Financial Services Organizations Can Address Regulators’ Latest Target

This article is on the risks that off-channel communications (OCC) pose for financial services firms and how they should manage their OCC to ensure compliance....


Crosscurrents: Corporate Sustainability Reporting Directive (CSRD) & ESG Reporting in Europe

In mid-November 2022, the European Parliament adopted the Corporate Sustainability Reporting Directive (CSRD), a major expansion of the 2014 Non-Financial Reporting Directive (NFRD). The new rules will quadruple the number of companies required to provide...

Keep up with the latest research and announcements from our team.
Our Experts