New DOJ Chief Compliance Officer Signals Increased Oversight of Compliance Program | Knowledge


DOJ’s Historical Approach to Compliance Expertise

Internal DOJ guidelines require federal prosecutors to consider certain factors when deciding whether or not to charge companies. Two of these factors compel prosecutors to assess companies’ compliance programs: “the existence and effectiveness of the company’s pre-existing compliance program” and “the company’s corrective actions, including any efforts to implement an effective corporate compliance program or improve an existing one. , to replace responsible management, to discipline or terminate wrongdoers, to pay restitution, and to cooperate with relevant government agencies.”1

To help prosecutors weigh these factors, the DOJ in 2015 created the position of compliance attorney within its criminal division and staffed it with a former prosecutor who also had compliance expertise in the private sector. The head of the DOJ’s fraud section at the time said the compliance attorney position was set up to help create “benchmarks” for corporate compliance with companies in various industries. and through prosecutors’ offices. The position has been designed to enable the compliance attorney to parachute into cases and assist prosecutors by providing corporate compliance expertise when evaluating whether to indict companies .

In 2017, when the former compliance adviser left, the DOJ changed its strategy. Rather than hiring another person to fill a centralized compliance advisory role, the DOJ instead focused on building a full staff of competent compliance attorneys, including training attorneys and l Hiring attorneys who brought first-hand experience in private sector compliance.

Increased transparency from the DOJ on its compliance expectations

In addition to the DOJ’s emphasis on compliance expertise within its ranks, the DOJ has also increased its transparency to the public about its expectations of corporate compliance programs. companies in recent years. Specifically, first in 2017 and then via two subsequent updates in 2019 and 2020, the DOJ’s Fraud Section issued new guidance, titled “Evaluating Business Compliance Programs” (available here), intended to provide more specific examples of how federal prosecutors would investigate companies. ‘ compliance programs in the process of investigating and resolving enforcement issues. The guidelines set out sample questions organized under a number of topics that prosecutors might ask when evaluating corporate compliance programs in criminal investigations. The questions are designed to review companies’ paper-based compliance programs to assess how the programs have been implemented, maintained, and enforced in practice. The guidelines indicated the large-scale “pressure tests” of corporate compliance programs that were to take place as part of the DOJ’s investigative process.

The new DOJ compliance expert

The DOJ’s new compliance expert, Matt Galvin, will use the DOJ’s compliance guidelines to pressure test the compliance programs of companies under investigation by the DOJ. Although Galvin has never previously worked for the DOJ or for government at large, he brings with him key private sector compliance experience as Global Chief Compliance Officer of Anheuser-Busch InBev. Additionally, his compliance tenure at Anheuser-Busch includes experience in the private sector during an FCPA investigation, which resulted in a multimillion-dollar enforcement action by the Securities and Exchange Commission in 2016.

Galvin will also have the benefit of assisting attorneys with in-house compliance training and providing private sector compliance experience. Indeed, Galvin will have company in the direction of the DOJ with expertise in compliance, as the DOJ’s assistant attorney general for the criminal division and the new head of the DOJ’s fraud section have both previously held the position. position of compliance officers in the private sector.

Finally, Galvin’s hiring may indicate increased oversight of the use of data analytics by corporate compliance programs. While at Anheuser-Busch, Galvin led the development of a data analytics system that used Anheuser-Busch data to attempt to identify high-risk business partners and inappropriate payments. He also led an effort to try to get companies to share data for compliance purposes. Using data analytics for compliance purposes was a topic the DOJ highlighted when it released its latest compliance guidelines in 2020, in which the DOJ said companies should ask themselves: “The compliance and control staff have sufficient direct or indirect access to relevant sources? data to enable rapid and effective monitoring and/or testing of policies, controls and transactions? It appears that Galvin’s work at the DOJ will also focus on the fraud section’s data analysis capabilities.

In light of the DOJ’s focus on compliance resources in recent years, Galvin’s hiring isn’t particularly surprising. Rather, it is another clear signal from the DOJ that companies need to prioritize (and improve) their compliance programs to avoid government investigations and be able to defend their compliance programs should they come under attack. a government investigation. Galvin and the DOJ’s recent emphasis on data analysis also suggests that companies would do well to assess their own data-driven compliance efforts.


1US Department of Justice, Justice Manual 9-28.300.

Previous Goldman's (GS) Apple Card business has a surprising subprime problem
Next Pendleton Whiskey Velocity Tour returns to Charleston, WV January 13-14