Regulations
DOJ Guidelines on Corporate Compliance (ECCP)
Benefit from a centralized, risk-based approach to ensure you are meeting corporate compliance expectations as outlined by the DOJ. Gain a thorough understanding of your overall compliance program and operate with the confidence that you have robust and effective procedures in place.
Why GAN Integrity
GAN Integrity is how compliance teams get the tools and expertise they need to deliver effective corporate compliance programs. With less effort but more reach, you finally get a better way to do your good work.
See everything – Gain a comprehensive view of your internal and third-party risks and controls in one centralized platform.
Adapt to anything – Utilize a dynamic solution that adapts to regulatory changes and evolves with your program.
Get all the help you need – Receive dedicated support from GAN Integrity’s team of experts.
Understanding The Guidelines For The Evaluation Of Corporate Compliance Programs
First issued by the U.S. Department of Justice’s Criminal Division in February 2017, and updated in June 2020, March 2023 and September 2024, the "Guidelines for the Evaluation of Corporate Compliance Programs" have become a key resource for today's compliance practices.
Companies use these Guidelines to assess their regulatory risk and improve their compliance efforts. Initially created to help federal prosecutors evaluate large organizations, the Guidelines now play a vital role in shaping effective compliance programs across various industries.
To keep up with these standards, companies need to establish strong internal controls and continuously monitor and update their compliance measures to meet the latest requirements. This often means investing in technology, providing thorough training, and fostering a culture of compliance throughout the organization. It’s a complex process that requires a proactive approach, combining compliance know-how with technology to manage risks effectively.
The Challenge Of Meeting Expectations In Corporate Compliance Programs
The main challenge of addressing this and other forms of guidance is finding the right balance between meeting regulatory demands and maintaining operational efficiency. Compliance efforts need to be thorough yet flexible enough to adapt to the ever-changing global business environment. By achieving this balance, companies can create a sustainable compliance strategy that not only meets legal requirements but also supports their business goals.
What the DOJ’s Guidance Covers In Evaluating Corporate Compliance Programs
Is the corporation’s compliance program well-designed?
- Risk Assessment: Evaluating the company’s identification of its compliance risks and the program’s design to address those risks.
- Policies and Procedures: Reviewing the effectiveness and accessibility of the company’s policies and procedures to guide employee conduct.
- Training and Communications: Ensuring employees are trained on compliance policies and procedures and that there is ongoing communication about the importance of compliance.
- Confidential Reporting Structure and Investigation Process: Assessing the availability and effectiveness of mechanisms for confidential reporting and investigation of misconduct.
- Third-Party Management: Examining the company’s procedures for managing risks associated with third parties.
- Mergers and Acquisitions (M&A): Considering how compliance is integrated into the company’s M&A processes.
Is the corporation’s compliance program being applied earnestly and in good faith?
- Commitment by Senior and Middle Management: Evaluating the level of commitment to compliance from the company’s senior and middle management.
- Autonomy and Resources: Reviewing whether the compliance program has sufficient autonomy from management and the necessary resources to be effective.
- Incentives and Disciplinary Measures: Assessing the consistency and fairness of incentives and disciplinary measures related to compliance.
Does the corporation’s compliance program work in practice?
- Continuous Improvement, Periodic Testing, and Review: Ensuring the company regularly tests and reviews its compliance program to improve its effectiveness.
- Investigation of Misconduct: Evaluating how well the company investigates and remediates compliance violations.
- Analysis and Remediation of Any Underlying Misconduct: Ensuring that the company analyzes the root causes of misconduct and remediates them to prevent recurrence.
GAN Integrity for the DOJ’s Guidelines for Corporate Compliance Programs
GAN Integrity allows compliance teams to manage their corporate compliance programs in an easy to use, unified compliance platform that organizes requirements, automates tasks and provides powerful reporting. With GAN Integrity compliance programs are not merely paper programs but are effectively integrated into the company’s operations and culture, capable of preventing and detecting misconduct and promoting ethical behavior.
Policy Management
Manage approvals, distribution, and attestation of policies, along with centralized portals for easy access to the latest policies and procedures. Capabilities include:
- Regulatory change management: Identify policies that require updates and timely distribution to employees in response to regulatory changes.
- Automated workflow: Optimize the review and approval process for policies, operating procedures, and work instructions with automated workflows.
- Comprehensive reporting and documentation: Maintain a full audit trail and generate detailed reports to provide clear evidence of compliance to stakeholders and regulators.
ABAC Program Management
Ensure your organization upholds ethical integrity and ABAC compliance through comprehensive risk assessments, effective policy management, and continuous monitoring. Capabilities include:
- Third-Party due diligence: Mitigate bribery and corruption risks with integrated questionnaires, sanctions checks, and risk intelligence data.
- Disclosure management: Consolidate and assess conflicts of interest (COI), gifts, travel, entertainment, and political and charitable contribution disclosures.
- Reporting and documentation: Maintain a complete audit trail and detailed reporting to easily demonstrate compliance to stakeholders and regulators.
Disclosure Management
Consolidate your disclosures for conflicts of interest (COI), gifts, travel, entertainment, and political and charitable donations, sponsorships or contributions. Capabilities include:
- Policy management: Develop and enforce comprehensive disclosure policies. Educate and engage your workforce with targeted training and policy attestations.
- Flexible disclosure process: Simplify the submission of potential conflicts of interest with user-friendly forms, ensuring easy access for employees.
- Automated approvals and reviews: Enhance compliance with automated approval and review workflows. Quickly escalate notifications to relevant stakeholders to address potential risks.
Third-Party Risk Management
Manage risks associated with third parties and assess these against relevant laws and organizational standards. Capabilities include:
- Lifecycle management: Automated workflows for onboarding, risk assessment, issue management, monitoring and off-boarding.
- Integrated due diligence: Initial and ongoing screening of third parties for sanctions, adverse media, forced labor, ESG and more.
- Reporting and analytics: Executive dashboards and reports: Consolidate third party data to identify risks and potential exposure to your organization.
Reporting and Documentation
See everything across your compliance program, and generate reports and dashboards to demonstrate compliance program effectiveness to stakeholders and evidence to regulators. Capabilities include:
- Reporting and analytics: Executive, role-based dashboards to review the effectiveness of your compliance program initiatives.
- Evidence-based compliance: Maintain an auditable trail of all activity with the platform’s integrated and automated audit log.
- Compliance insights: See risk trends and patterns within your program, including third-party and supply chain risk, policies and disclosures.