Skip to content
doj-eccp

Why GAN Integrity

GAN Integrity is how compliance teams get the tools and expertise they need to deliver effective corporate compliance programs. With less effort but more reach, you finally get a better way to do your good work.

Pillar_icon_See

See everything – Gain a comprehensive view of your internal and third-party risks and controls in one centralized platform.

Pillar_icon_Adapt (1)

Adapt to anything – Utilize a dynamic solution that adapts to regulatory changes and evolves with your program.

Pillar_icon_Get Help

Get all the help you need – Receive dedicated support from GAN Integrity’s team of experts.

Understanding The Guidelines For The Evaluation Of Corporate Compliance Programs

doj-eccp

First issued by the U.S. Department of Justice’s Criminal Division in February 2017, and updated in June 2020, March 2023 and September 2024, the "Guidelines for the Evaluation of Corporate Compliance Programs" have become a key resource for today's compliance practices.

Companies use these Guidelines to assess their regulatory risk and improve their compliance efforts. Initially created to help federal prosecutors evaluate large organizations, the Guidelines now play a vital role in shaping effective compliance programs across various industries.

To keep up with these standards, companies need to establish strong internal controls and continuously monitor and update their compliance measures to meet the latest requirements. This often means investing in technology, providing thorough training, and fostering a culture of compliance throughout the organization. It’s a complex process that requires a proactive approach, combining compliance know-how with technology to manage risks effectively.

The Challenge Of Meeting Expectations In Corporate Compliance Programs

The main challenge of addressing this and other forms of guidance is finding the right balance between meeting regulatory demands and maintaining operational efficiency. Compliance efforts need to be thorough yet flexible enough to adapt to the ever-changing global business environment. By achieving this balance, companies can create a sustainable compliance strategy that not only meets legal requirements but also supports their business goals.

What the DOJ’s Guidance Covers In Evaluating Corporate Compliance Programs

Is the corporation’s compliance program well-designed?

  • Risk Assessment: Evaluating the company’s identification of its compliance risks and the program’s design to address those risks.
  • Policies and Procedures: Reviewing the effectiveness and accessibility of the company’s policies and procedures to guide employee conduct.
  • Training and Communications: Ensuring employees are trained on compliance policies and procedures and that there is ongoing communication about the importance of compliance.
  • Confidential Reporting Structure and Investigation Process: Assessing the availability and effectiveness of mechanisms for confidential reporting and investigation of misconduct.
  • Third-Party Management: Examining the company’s procedures for managing risks associated with third parties.
  • Mergers and Acquisitions (M&A): Considering how compliance is integrated into the company’s M&A processes.

Is the corporation’s compliance program being applied earnestly and in good faith?

  • Commitment by Senior and Middle Management: Evaluating the level of commitment to compliance from the company’s senior and middle management.
  • Autonomy and Resources: Reviewing whether the compliance program has sufficient autonomy from management and the necessary resources to be effective.
  • Incentives and Disciplinary Measures: Assessing the consistency and fairness of incentives and disciplinary measures related to compliance.

Does the corporation’s compliance program work in practice?

  • Continuous Improvement, Periodic Testing, and Review: Ensuring the company regularly tests and reviews its compliance program to improve its effectiveness.
  • Investigation of Misconduct: Evaluating how well the company investigates and remediates compliance violations.
  • Analysis and Remediation of Any Underlying Misconduct: Ensuring that the company analyzes the root causes of misconduct and remediates them to prevent recurrence.