3 Fundamental Pieces of an FBI Compliance Program - Medicare RAC Audits & Appeals Services
WSJ logo
Forbes logo
Fox News logo
Bloomberg logo
Los Angeles Times logo
Washington Post logo
The Epoch Times logo
CNN logo
Telemundo logo
New York Times
NY Post logo
NBC logo
Daily Beast logo
USA Today logo
Miami Herald logo
CNBC logo
Dallas News logo
Quick Practice Area Locator

3 Fundamental Pieces of an FBI Compliance Program


The U.S. Department of Justice Criminal Division published its updated “Evaluation of Corporate Compliance Programs” memo in June 2020. It provides detailed information on what factors prosecutors should consider when (1) conducting their investigations of a corporation, (2) determining whether to bring charges, and (3) negotiating pleas or other agreements. One critical factor concerns the adequacy and effectiveness of a corporation’s compliance program at the time of the offense and at the time of a charging decision as well as the remedial efforts used by the corporation to address the program and improve it.

The effectiveness of a corporation’s compliance program assists the FBI and prosecutors in determining the appropriate form of any resolution or prosecution; the monetary penalty, if any, to be imposed; and the extent of compliance obligations that the corporation will be obligated to perform such as reporting or monitorship obligations.

There are three fundamental questions that prosecutors ask regarding a corporation’s compliance program each of which contains vital elements of an FBI compliance program. In this article, we explain the most important elements of a corporate compliance program within each fundamental question, as detailed in the DOJ’s memo on compliance programs.

I. Is the Corporation’s Compliance Program Well Designed?

The first question examines whether the corporation’s compliance program is effectively designed to prevent and detect wrongdoing as well as whether corporate management is adequately enforcing the program. An effective design strategy is the backbone of a successful corporate compliance program. Corporations should make it their priority to design a program that easily satisfies the following elements:

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden



Lynette S. Byrd
Lynette S. Byrd

Former DOJ Trial Attorney


Brian J. Kuester
Brian J. Kuester

Former U.S. Attorney

Amanda Marshall
Amanda Marshall

Former U.S. Attorney

Local Counsel

Joe Brown
Joe Brown

Former U.S. Attorney

Local Counsel

John W. Sellers
John W. Sellers

Former Senior DOJ Trial Attorney

Linda Julin McNamara
Linda Julin McNamara

Federal Appeals Attorney

Aaron L. Wiley
Aaron L. Wiley

Former DOJ attorney

Local Counsel

Roger Bach
Roger Bach

Former Special Agent (DOJ)

Chris Quick
Chris J. Quick

Former Special Agent (FBI & IRS-CI)

Michael S. Koslow
Michael S. Koslow

Former Supervisory Special Agent (DOD-OIG)

Ray Yuen
Ray Yuen

Former Supervisory Special Agent (FBI)

  1. The compliance program is designed in a manner that detects the types of misconduct most likely to occur in the corporation’s line of business. This involves examining whether the corporation has analyzed risks presented from its operations, location, size, industry, regulatory landscape, market competitiveness, clients, business partners, foreign government transactions, payments to foreign officials, and the use of gifts or donations.
  2. The code of conduct sets forth the corporation’s commitment to full compliance with federal law and is accessible to all employees. The code of conduct must be accessible and comprehensible to all employees. It is the corporation’s job to establish policies and procedures that incorporate management’s commitment to compliance in its day-to-day operations.
  3. The corporations’ training programs and communications are integral components of the compliance program. All personnel should receive periodic training and certifications—including all directors, officers, relevant employees, and agents and business partners.
  4. The compliance program contains an anonymous and confidential mechanism for employees to report allegations of wrongdoing. The complaint-handling process within the corporation—the corporation’s whistleblower program—should be proactive and promoted without fear of retaliation.
  5. The corporation maintains an effective risk-based due diligence approach towards third-party relationships. The corporation should be able to explain the business rationale for transacting with the third party as well as identify the risks posed by third-party partners.
  6. The compliance program includes both pre- and post-acquisition due diligence and integration procedures. Healthy due diligence and integration procedures are important parts of the compliance program because they prevent misconduct, reputational harm, and civil or criminal liability.

II. Is the Corporation’s Compliance Program Adequately Resourced and Empowered to Function Effectively?

The second question delves deeper into the compliance program by examining whether it is effective in practice as opposed to whether it is a mere “paper program.” In order to successfully satisfy this question, corporations should ensure that their compliance program meets the following elements:

  1. Corporate employees are regularly informed about the compliance program and the corporation’s commitment to it. It is critical that the corporation’s top leaders—including management, the broad of directors, and executives—set the tone for the business and lead by example and action.
  2. Those charged with the oversight of the compliance program have the adequate authority and resources to implement it. While the degree and extent of a corporation’s resources will depend on the size, structure, and risk profile of the business, effective implementation always depends on the adequate authority of those charged with oversight of the compliance program.
  3. The corporation establishes and implements a system for incentives for employee compliance and disincentives for employee non-compliance. The corporation must have not only a clear system in place for disciplinary actions, but it must also enforce these procedures consistently within the corporation regardless of the position or title of the personnel member who engages in the conduct.

III. Does the Corporation’s Compliance Program Work in Practice?

The last question determines whether the corporation’s compliance program was working effectively at the time of the offense. Prosecutors often examine how the misconduct was detected, what resources were in place to investigate the misconduct, and the nature of the corporation’s remedial efforts. As a result, it is incumbent upon corporations to double check that their compliance program meets the following elements:

  1. The corporation promotes improving, evolving, and periodically testing its compliance program. Because a company’s business and regulatory laws change over time, a corporation must continuously engage in meaningful efforts to review and update its compliance program.
  2. The compliance program appropriately and timely investigates allegations or suspicions of misconduct and documents the corporation’s response. This element reveals whether the corporation’s compliance program is working effectively due to its ability to monitor, identify, remediate, and document allegations or suspicions of misconduct.
  3. The compliance program is able to effectively pinpoint the cause of the misconduct and remediate it. An effective compliance program will be able to identify the source of the misconduct, remediate it, and prevent it from occurring in the future.


These factors represent important elements that a corporation should incorporate within its compliance program to avoid federal investigation, monetary penalties, reputational harm, and even jail time. However, the elements identified are not a checklist to be satisfied by a rigid set of criteria applicable to all corporations. The means by which prosecutors will examine corporations for an effective compliance program depends on the nature of the corporation’s business, size, location, risk profile, and numerous additional factors. It is nevertheless always critical for corporations to ensure that they have a robust compliance program in place to guard against liability under federal law and demonstrate full compliance.

Why Clients Trust Oberheiden P.C.

  • 95% Success Rate
  • 2,000+ Cases Won
  • Available Nights & Weekends
  • Experienced Trial Attorneys
  • Former Department of Justice Trial Attorneys
  • Former Federal Prosecutors, U.S. Attorney’s Office
  • Former Agents from FBI, OIG, DEA
  • Cases Handled in 48 States
Email Us 888-680-1745