In this episode I visit with Jonathan Armstrong on his views on the new DOJ Evaluation of Corporate Compliance Programs. Armstrong provides a detailed analysis of some of the key differences between how compliance is operationalized in the US as opposed to the UK and EU countries. He explains how the enhanced requirements for root cause analysis, risk assessments and investigations and the supplemented requirements to tie back into the ongoing compliance monitoring and updating, could run afoul of UK and EU data protection and data privacy requirements. He also considers what a non-US company, subject to the FCPA what should look to as a best practices compliance program to best protect the organization. Finally explores just how far does all of this go? He provides on statistic that puts a huge bow on the difficulties going forward.
For the Cordery Compliance article see the following, US Department of Justice on Evaluation of Corporate Compliance : how does it compare to UK Bribery Act 2010?