What the DOJ Looks For: Key Insights into Evaluating Your Compliance Program

October 21, 2024

The Department of Justice's Criminal Division recently released an updated version of its Evaluation of Corporate Compliance Programs document (the "Guidance" or “ECCP”). This Guidance is designed to be a resource for prosecutors in assessing corporate compliance programs, making it a valuable tool for companies to evaluate and strengthen their own programs.

Key Updates

The updated Guidance introduces several notable changes that have implications for companies in FDA-regulated industries. Some of the key areas of focus include:

  • Data Analytics and Artificial Intelligence (AI): The Guidance emphasizes the importance of leveraging data analytics and AI to identify and address potential compliance risks. Companies should consider implementing robust data governance and analytics capabilities to monitor compliance data effectively.
  • Third-Party Relationships: The DOJ now places greater emphasis on the need for companies to have effective oversight and risk management processes for third-party relationships, including vendors, contractors, and consultants. This includes conducting due diligence, implementing contractual safeguards, and monitoring third-party compliance.
  • Individual Accountability: The Guidance reinforces the importance of individual accountability within corporate compliance programs. Companies should ensure their programs promote a culture of ethical behavior and that individuals are held responsible for their actions.
  • Global Compliance: With the increasing globalization of the healthcare industry, the DOJ is now paying closer attention to global compliance efforts. Companies should have robust processes in place to address cross-border compliance risks and ensure adherence to applicable laws and regulations in different jurisdictions.

Implications for FDA-Regulated Companies 

The updated Guidance presents both challenges and opportunities for companies regulated by the FDA. To ensure compliance and mitigate risks, companies should consider the following:

  • Leverage Data Analytics and AI for Compliance Monitoring: FDA-regulated companies should invest in data analytics tools to proactively identify and manage compliance risks. By harnessing AI, companies can flag potential issues more efficiently, ensuring they maintain regulatory standards. Set up a cross-functional team to develop a data governance strategy, ensuring all compliance data is properly managed, validated, and protected.
  • Enhance Third-Party Due Diligence and Contractual Safeguards: Review and update third-party vendor contracts to include specific compliance provisions and metrics. Regularly conduct third-party audits to ensure vendors, contractors, and consultants adhere to compliance standards. Implement automated monitoring tools to track third-party activities, helping identify red flags before they become legal issues.
  • Promote Individual Accountability with Strong Compliance Training: To encourage accountability, review your current compliance training programs and ensure they focus on ethical behavior, real-life case studies, and repercussions for misconduct. Design clear escalation pathways for reporting misconduct and take disciplinary action when needed to show a strong stance on accountability.
  • Centralize Global Compliance Management: Given the DOJ's increased focus on global compliance, consider centralizing your compliance management, especially for multinational companies. Appoint a global compliance officer or create a dedicated team to ensure adherence to international regulations and harmonize local policies with global expectations. This will ensure consistency in compliance practices across all jurisdictions.
“The DOJ’s updated guidance underscores the need for FDA-regulated companies to be proactive, using tools like data analytics and AI to spot compliance risks early. Companies must also prioritize strong oversight of third-party relationships and promote individual accountability to meet these heightened expectations and ensure compliance across global operations.”

Amanda Johnston, Partner at Gardner Law

“FDA regulated industries need to understand the boundaries of FDA authority and when FDA is acting outside those boundaries. Companies also need to be able to determine when it is advantageous to challenge FDA decisions and how the process will unfold and what impact it might have on the company’s business.”

— David Graham, Senior Counsel at Gardner Law

Contact Us for More Information

Contact Gardner Law for assistance in evaluating your compliance programs, identifying gaps, and ensuring your compliance framework aligns with DOJ guidance and industry best practices.