Every financial institution knows that regulatory agencies evaluate a FI’s compliance program as part of the exam process. But did you know the Department of Justice cares about it too?
Every financial institution knows that regulatory agencies evaluate a FI’s compliance program as part of the exam process. But did you know the Department of Justice cares about it too?
The DOJ will take a close look at a company’s compliance program during investigations and consider it as a factor when deciding whether to bring charges, negotiate plea agreements, or calculate criminal fines. It also impacts what, if any, kind of monitoring will be required. This includes both the “adequacy and effectiveness” of the compliance plan when an offense was committed and improvements made afterward.
In its most recent guidance “Evaluation of Corporate Compliance Programs,” the DOJ’s evaluation boils down to three questions:
The DOJ’s evaluation of a compliance program shares many similarities with those of federal regulators, including a focus on:
Risk-based compliance. The DOJ uses a flexible approach that recognizes compliance programs vary based on factors like size and geography. It expects FIs to have a risk management process and to use that information to allocate resources proportionately. It also expects companies to track and learn from both their own issues as well as other similar companies.
Policies and procedures. This includes maintaining and monitoring policies and procedures and ensuring staff is adequately trained on them.
Third-party management. The DOJ expects to see risk-based due diligence and monitoring of third-party relationships. They also want a documented business reason for choosing a vendor. The DOJ is particularly interested in monitoring that could uncover misconduct.
Monitoring and review functions. This includes internal audits, control testing, and regularly updated risk assessments.
Other elements the DOJ looks for include confidential reporting mechanisms where employees can report misconduct and due diligence of potential misconduct in acquisition targets.
Fair Lending cases are typically referred to the Justice Department by federal regulatory agencies, but not always. Last year a DOJ bank investigation raised eyebrows because it made no mention of a regulatory investigation, which means the issue came to the DOJ’s attention another way.
That means it’s in a FI’s best interest to look at the DOJ’s Evaluation of Corporate Compliance Programs so they can feel confident that existing policies and procedures align with DOJ expectations. While most of it mirrors what’s expected by the regulatory agencies, the DOJ especially emphasizes detecting misconduct, adequate staffing and resources, and employee discipline and incentives.
The next time you’re reviewing your compliance program and compliance management system, it’s worthwhile to assess how it would stack up to a DOJ review.
For a quick evaluation of your Fair Lending compliance foundation, download our Free Fair Lending Compliance Checklist.