Workshop B

The Nuts and Bolts of DOJ’s Guidance and the Core Components of an Effective Compliance Program: From Risk Assessments, Internal Controls and Policies, to Third-Party Management

November 28, 2023 2:00pm

Jannette Hasan

Jannette Hasan
Corporate Director, Assistant General Counsel, Global Compliance Program
Northrop Grumman Corporation Law Department

Marnee Rand
Trial Attorney, Corporate Enforcement, Compliance, and Policy Unit, Fraud Section
U.S. Department of Justice

Frederick Ratliff
Managing Counsel, Anti-Corruption

Caitlin Sheard
Senior Associate
Orrick Herrington & Sutcliffe LLP

The DOJ announced significant updates to its corporate compliance programs guidance, corporate criminal enforcement policies, as well as an increase of enforcement resources to address national security concerns.

The updates to the Guidance send a clear message that DOJ continues to heighten expectations, and will closely evaluate the design and effectiveness of compliance programs.

This practical session — designed for organizations with diverse size, operational and organizational complexities, and varying resources — will delve into the finer points of the DOJ Guidance, and the building blocks for an effective compliance and third-party management program, including:

  • Developing your risk profile, conducting risk assessments and identifying compliance weak spots
  • Customizing your program by developing an understanding of the current state of affairs; finding out what risks already exist; and documenting the key company processes, systems, and transactions that need to be monitored
  • Mapping out the potential risk contact points that exist throughout the company
  • Best practices for periodically updating risk assessment priorities
  • How to continuously test the effectiveness of a compliance program, to show that it is improving, adapting and sustainable
  • Satisfying obligations to report on the status of the compliance program
  • Monitoring and auditing compliance program components, as well as reporting on current or anticipated enhancements
  • How to truly know if your program is working—and when to sound the alarm
  • What it now takes, and the extent of due diligence required for your program to be “reasonably designed”
  • When and how much due diligence to perform for an ongoing, existing third-party relationship
  • When and how much to train third parties
  • Identifying the solutions and applications that are needed to risk-rank transactions and geographic regions; to readily identify areas that require enhanced third-party due diligence
  • Best practices for advising the organization on internal controls; including through legal, compliance and financial perspectives
  • Identifying common examples of inadequate internal controls and related program deficiencies to avoid