In early March 2023, the US Department of Justice quietly updated its Evaluation of Corporate Compliance Programs (ECCP). The new updates amend previous announcements revealed in the fall of 2022 by Deputy Attorney General Lisa Monaco.

The ECCP guidance outlines how prosecutors evaluate a business entity’s adherence to a corporate compliance program. Corporate counsel representing the interests of large business entities, and their corresponding subsidiaries, can use the ECCP guidance to strengthen the standards of their own corporate compliance policies for their respective organizations.

What are the new ECCP guidelines?

The purpose of the ECCP is to help DOJ prosecutors enforce standardized corporate compliance policies among business entities across the United States. The guidelines help prosecutors determine the effectiveness of an entity’s corporate compliance program, and evaluate how adequately the program is applied.

Strict policies related to compensation and compliance

The most notable updates to the ECCP guidance are in regards to executive compensation and consequence management policies. According to an analysis submitted by Ankura Consulting Group to Lexology, there are four new guidelines related to compensation that prosecutors will consider when evaluating an entity’s corporate compliance policies.

1. How effectively is an entity tracking disciplinary action data for malfeasance?

2. Is compensation ever used as an incentive for adherence to corporate compliance?

3. Are compensation packages recouped as a consequence for compliance violations?

4. Does compliance influence career planning and promotion evaluations?

Corporate communication compliance for all communication channels

The second biggest change to the ECCP guidance relates to how executives and employees of a business entity issue communications. Most businesses have HR policies that offer broad guidance on what is and is not permissible to communicate, which the DOJ reviews if an entity is ever subjected to audits or criminal investigations.

Under the new ECCP guidance, those reviews will now include evaluating corporate policies on communicating via personal messaging applications. The ECCP emphasizes that any and all communications regarding corporate business must be part of a compliance risk management program, including communications issued outside of official company channels.

Entity management software helps enforce compliance

Compensation and communications are two important aspects of a corporate compliance policy. Enforcing the standards of the policy is an important part of the job of any in-house corporate counselor. The question for in-house counsel becomes: what is the best approach to enforce corporate compliance?

Entity management software is one of the best resources for business entities to adhere to their corporate compliance policies. Entity management software is a modernized approach to minute book management, enabling counsel to add new records to corporate documentation in a matter of seconds.

Suppose a round of bonuses is to be issued to various corporate managers and directors. Using entity management software, counsel can provide detailed accounts of the value of the compensation, when it was distributed, how it was distributed, and even into which account it was administered.

All those records are protected in secure cloud storage backed by biometric and hardware key authentication, ensuring all information remains secure and confidential. If federal or state auditors have questions about the compensation packages, your legal team can simply pull up the records in the account and provide a transparent summary of how compensation was issued. This is one of the many perks of secure cloud storage of business entity information.

Expect stricter enforcement of corporate compliance in 2023

The move by the ECCP to provide more guidance around corporate compliance shouldn’t come as a surprise. In recent months, several high profile businesses have been exposed for failing to uphold proper corporate compliance policies that are resulting in significant personal, financial, and criminal penalties.

In November 2022, the collapse of cryptocurrency exchange FTX highlighted the consequences of companies that lack proper organizational structure. Former FTX CEO Sam Bankman-Fried faces multiple charges related to fraud that could result in years of imprisonment for the 31-year-old former executive.

SBF’s misappropriation of customer funds to finance his trading firm, Alameda Research, lies at the heart of charges brought against him. Regulators have identified a lapse in organizational oversight at FTX, including the fact there was no CFO in place to properly manage the flow of cash in and out of the company.
More recently, the collapse and insolvency of Silicon Valley Bank risks exposing another case of financial mismanagement. In the aftermath of federal regulators seizing control of the company, they determined that SVB lacked a Chief Risk Officer to oversee risk management policies. Authorities believe that a Chief Risk Officer would have objected and prevented questionable moves by the CEO and CFO to sell millions of dollars in stock only weeks before the collapse. Those former executives are now being investigated for violating insider trading policies.