On April 30, 2019, the Department of Justice (DOJ) released a new guidance document on the Evaluation of Corporate Compliance Programs. The document updates the guidance released in February 2017 that outlines the ways federal prosecutors evaluate compliance programs.

In releasing this DOJ evaluation guidance, the US government provides organizations with tips and examples on how to design and implement a strong compliance program that would hold up during a criminal investigation.

The purpose of this document, according to Michael Volkov, former federal prosecutor and CEO of The Volkov Law Group, is to give companies "an outline for self-assessment of your own program." It can also give companies arguing points if they find themselves in the crosshairs of a federal investigation.

Read on for eight major takeaways from the 2019 DOJ guidance document.

Assess your compliance program so you can catch any issues before they escalate. Find out how in this free eBook.

1. Consider Three Main Questions

The DOJ evaluation guidance document notes that there are three "fundamental questions" prosecutors should ask when assessing a compliance program:

1. Is the corporation's compliance program well designed?
2. Is the program being applied earnestly and in good faith?
3. Does the corporation's compliance program work?

When designing and implementing your organization's compliance program, keep these questions in mind. Create a program that fits your industry, the size of your company and your needs.

The second and third questions involve the effectiveness of your compliance program. In order to be effective in practice, your program must be fluid and able to evolve in response to risk.

2. Establish a Culture of Compliance

One of the biggest changes from the previous DOJ evaluation guidance is a heavier emphasis on a culture of compliance. Prosecutors expect companies to encourage ethics and compliance throughout their workplace by integrating it with other functions. When compliance is a proactive part of internal audits, procurement and third-party management, it becomes a systematic part of the company.

Similarly, prosecutors will look at whether your "company has established policies and procedures that incorporate the culture of compliance into its day-to-day operations." When developing your code of conduct and other workplace policies, compliance should be at the front of your mind.

Need some ideas for incorporating ethics and compliance into your culture? Watch Tone from the Top, Bottom and Everywhere in Between.

3. Devote Resources to Compliance

The DOJ Evaluation of Corporate Compliance Programs emphasizes the importance of devoting plenty of resources to compliance in your organization. Programs should have enough funding and staff to "audit, document, analyze and act."

In terms of compliance staff, it is not enough to give them compliance-related duties. According to the document, companies should provide extra training to these employees so they know how to properly respond to high-risk activities.

Violating laws and regulations can have a negative impact on your company's reputation and bottom line. Learn from 13 companies that were caught in the act in this eBook.

4. Audit Third Parties

Every business has to work with third parties. The new DOJ evaluation guidance urges companies to closely monitor their relationships with third parties to avoid being brought down by a mistake they didn't directly make.

The document says that prosecutors will ask if your organization engaged "in ongoing monitoring of the third-party relationships, be it through updated due diligence, training, audits, and/or annual compliance certifications by the third-party."

Following up to make sure your safeguards are actually being performed and clearly communicating your policies to third-parties can save you a lot of stress should your organization come under investigation.

5. Adopt a Risk-Based Approach

Adopting a risk-based approach to compliance is another key point of the DOJ evaluation guidance document. Organizations should not "devote a disproportionate amount of time to policing low-risk areas instead of high-risk areas."

Your company may fear federal investigations and want to commit too many resources to areas of low risk. However, the DOJ understands that no compliance program can detect every single incident, so using your resources for areas of higher-risk makes more legal and financial sense.

6. Focus on Documentation

The DOJ recognizes that even the best compliance program can't prevent 100 per cent of crimes. That's why the 2019 DOJ evaluation guidance emphasizes the importance of documentation.

Michael Volkov says that putting your focus on the compliance program's structure and "document[ing] why you chose to design your program in a certain way" helps demonstrate the effectiveness of your program to investigators.

Through documentation, you can show that you have had an effective compliance program in place for years when prosecutors investigate "the adequacy and effectiveness of the compliance program at the time of the offense, as well as at the time of a charging decision."

RELATED: The Changing Compliance Environment: What it Means for You

7. Encourage Whistleblowers

Whistleblowers are a valuable resource when it comes to stopping crime before it escalates. For this reason, the DOJ wants organizations to take a "pro-active measure to create a workplace atmosphere without fear of retaliation, appropriate processes for the submission of complaints, and processes to protect whistle-blowers."

Prosecutors will also ask if your company has a whistleblower procedure  "and if not, why not?" Your whistleblower program should be accessible and publicized to all employees. It must also "apply timing metrics to ensure responsiveness." According to the new DOJ evaluation guidance document, simply having a whistle blower platform is not enough; your company must also respond to the complaints in a timely manner.

Best practices suggest that having an anonymous mechanism for reporting issues, such as a hot line or webform, and case management software demonstrates a commitment to ethics and compliance.

8. Review Your Program Frequently

Setting up an effective compliance program is one thing. Ensuring it can adapt to change, though, is imperative, according to the DOJ evaluation guidance. Investigators will ask if your organization "engaged in meaningful efforts to review [your] compliance program, and ensure that it is not stale."

This internal evaluation should include "a gap analysis to determine if particular areas of risk are not sufficiently addressed in [your] policies, controls, or training." Risk assessment is a major focus of the 2019 DOJ guidance document, so be sure that your process is effective and tailored to your company's needs.

While the newly-released DOJ evaluation guidance is not starkly different from the 2017 version, there are a few key changes. The new document uses affirmative statements rather than questions to describe program evaluation. Focus has also shifted to risk assessment and establishing a culture of compliance.