The Department of Justice (DOJ) recently released updated guidance (Guidance) for prosecutors when evaluating a financial institution's financial crimes compliance program. The Guidance focuses on three core principles, considering whether a compliance program is:
2. Adequately resourced and functioning effectively
3. Working in practice
The DOJ makes clear that they expect compliance programs to be specifically-tailored and continuously evolving, providing "…revisions to corporate compliance programs in light of lessons learned." As a result, the Guidance explicitly highlights expectations regarding how a financial institution executes its risk assessment, but also how it makes use of the results and learns from its peers.
However, there are additional areas of focus that financial institutions should evaluate in light of the DOJ's risk-based approach, including training, reporting, third-party management, testing and governance.
This paper discusses several of these themes in greater detail below.