Melissa L. Jampol, Gary W. Herschman

Download a PDF of this piece


The Criminal Fraud Section of the U.S. Department of Justice (DOJ) recently released guidance entitled “Evaluation of Corporate Compliance Programs,” setting forth over 100 questions in 11 categories that the Fraud Section may ask in assessing the “effectiveness” of an entity’s compliance program when determining whether to bring charges or negotiating resolutions of white-collar criminal matters. This guidance is the DOJ’s most comprehensive compilation of such factors to date, and it provides insights into the DOJ’s thought process.

Notably, there is a separate section on “Mergers and Acquisitions”—simply put, there will be ramifications for companies that fail not only to conduct robust due diligence but also to remediate misconduct uncovered during the due diligence process after entities are acquired.

Thus, boards and senior management of any health care company—including private equity funds and other investors with expanding health care company portfolios—must be aware of these principles and fully implement them into their acquisition strategies and processes.

In addition to the above, the top five takeaways from this recent DOJ guidance concern:

  1. Acquisition Due Diligence: The DOJ will consider whether a buyer identified misconduct in its due diligence process, and how compliance issues were remediated. For example: (a) whether the compliance issues were addressed in the deal agreements, (b) whether they were remediated pre- or post-closing, and (c) whether there is ongoing monitoring at a newly acquired entity to ensure that the issues do not recur.
  2. Root Cause Analysis: The DOJ will ask if the company performed a “root cause analysis” of the misconduct and identified any underlying systemic issues, and if any corrective actions taken are closely monitored thereafter.
  3. Board and Senior Management Involvement: The DOJ wants to see that the company’s top management and board are committed to compliance and involved in (a) adequately funding and monitoring the compliance program, (b) remediation of identified noncompliance, (c) direct reporting from the compliance officer, and (d) access to outside auditors and experts.
  4. Dedication to Compliance: The DOJ will explore if the company dedicates enough funds to (a) hire sufficient, qualified compliance staff; (b) train company staff on compliance and job-specific compliance areas; and (c) establish confidential reporting mechanisms.
  5. Robust Auditing: The DOJ wants to know that the company has been conducting robust compliance auditing, on a regular basis, focused on top risk areas pertaining to the company’s particular services and operations to head off new issues and address previously identified issues.

* * *

This advisory was authored by Melissa L. Jampol and Gary W. Herschman of Epstein Becker Green. For additional information about the issues discussed in this advisory, please contact one of the authors or the Epstein Becker Green attorney or EBG Advisors consultant who regularly assists you.

The contents of this document should not be construed as legal, investment, tax, regulatory, or accounting advice. The recipient should consult with qualified professional advisors before acting on pertinent matters. The information contained herein does not necessarily reflect the official position of the sponsoring entities.

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.