Gaurav Kapoor on the Updated DOJ Guidance [Podcast]


By Adam Turteltaub

The U.S. Department of Justice (DOJ) Criminal Division Evaluation of Corporate Compliance Programs document was updated in March 2023. Since then compliance teams and the broader compliance community have examined it closely, searching to better understand the government’s expectations.

Gaurav Kapoor, co-CEO and co-founder of MetricStream, sees an overarching key message to the update: The DOJ expects organizations to have a well-designed compliance, ethics and risk program and, with it, the ability to closely evaluate and monitor its effectiveness. The bar has definitely been raised.

So what should the compliance team do? First, to his reading, the DOJ is encouraging organizations to follow connected, holistic approaches to compliance programs. Second, how you train and communicate must be well organized and integrated into business processes. Third, third-party risk must be scrutinized and the interconnectedness with the business must be made more visible.

As for boards, they need to understand that they must continue to play their role in the business and risk governance. They must also, though, act in overseeing the risk management and compliance programs and ensuring they are successful. To that end, boards need to ensure that these programs are sufficiently funded and led, understand where compliance reports and remove any conflicts of interest.

Listen in to learn more about these topics as well as adopting a compliance culture, looking beyond the guidance, and the proliferation of guidance documents that compliance teams need to navigate.