Compliance Community Divided on DOJ’s Compliance Certification Requirement

In March 2022, Assistant Attorney General Kenneth Polite announced that the Criminal Division of the U.S. Department of Justice (DOJ) will consider requiring CEOs and CCOs to certify the effectiveness of their compliance programs at the end of a criminal resolution. Following the announcement, Ropes & Gray surveyed 172 compliance professionals, including in-house officers, government enforcers, corporate monitor team members and others, to “take the temperature” of the compliance community: would a certification requirement empower compliance programs and departments, or would the potential harms outweigh the benefits? 

Our survey revealed that the compliance community is divided on this issue. While 31% of respondents believe that a certification requirement would make compliance programs more effective, 48% believe that it would not, and 21% are uncertain. On the question of whether a certification requirement would empower compliance departments, respondents are almost evenly split, with 48% leaning “yes” and 52% leaning “no.”

Supporters of the DOJ’s proposed rule maintain that such a requirement would serve as an excellent motivator for CEOs and CCOs to introduce transparency into their company's operations and to focus both attention and resources on improving their compliance programs. Supporters also argue that the move would empower CCOs to have a seat at the strategic table. Skeptics of the rule hold that requiring certification could have several unintended consequences, including turning compliance into a “check-the-box exercise,” making CCOs “sacrificial lambs” for any compliance problems post-certification, creating conflicts of interest between CEOs and CCOs, and disincentivizing top talent from pursuing a career in compliance.

Respondents also weighed in on best practices for measuring the effectiveness of a compliance program as well as key metrics that should be taken into consideration. Conducting independent audits, implementing and measuring against program KPIs, and performing regular risk assessments were cited by several respondents as best practices for measuring program effectiveness. Key metrics included statistics on allegations and investigations, the level of buy-in from leadership and employees, and the “openness” of whistleblowing channels within an organization. 

View the full results of the survey, including comments from respondents.

The compliance community is patiently awaiting further announcement from the DOJ on this issue. Stay tuned for further updates from Ropes & Gray’s team of attorneys and compliance professionals.