Filed Under:

2019 Update: How to implement the DOJ's Evaluation of Corporate Compliance Programs

June 6, 2019 3:50:38 PM CDT / by Ricardo Pellafone

Hey, the Department of Justice updated the Evaluation of Corporate Compliance Programs—that thing that sets out the bare minimum standard for doing your job.

It’s super important that you know what’s in the ECCP. And that’s not because it sets out best practices, but because it sets out the minimum standard, and the minimum standard is surprisingly tough in several areas.

That is, you can believe you have a robust or best-practices program and still struggle to answer the bare-minimum questions in this document, because what the ECCP articulates and what people actually think are “best practices” do not always align.

And hey! We’re to help you make sense of this.

In this post, we’re going to cover:

  • The two critical things you need to know about the ECCP, illustrated with a fail video and a long analogy to a TV baking competition
  • How we transformed the ECCP into a roadmap, workbook, and board deck you can actually use
  • How you can get the first section of our ECCP workbook for free



Can’t wait to get the workbook preview? Click here to get it now!

Download the Workbook Preview now


Two critical things you need to know

Hui Chen, the author of the 2017 version of the guidance (and Broadcat friend!), wrote an article for Bloomberg hitting on a few caveats to the new edition of this. I want to explain two critical points she made—and, because this is the Broadcat blog, do so with fail videos and an analogy to a TV baking competition.


Critical Point #1: The ECCP is a floor, not a ceiling.

First, the ECCP applies to companies that are being criminally prosecuted—so, it’s a really low bar.

It’s kind of like the guidelines a child protective services officer would use in determining if they should put your kid in foster care. If you meet the guidelines, you get to keep your kid, but that’s not a “World’s Best Parent” award. It just means you’ve met the bare minimum standard for being allowed to have a kid.

Here’s another way to think about it: please watch this video compilation of on-the-job fails.

Are you in that video? No?

Great! But that does not mean you are good at your job. It just means you meet the rock-bottom, bare-minimum standard of not being so bad that you end up in a fail compilation.

That’s what the EECP is like. It represents the bare minimum, not a best practice.

And that means failing to have a good answer for some of the questions in the ECCP, or realizing you’ve never thought them through, is therefore VERY BAD.

That is, the ECCP isn’t a “oh well, we’ll get there some day” kind of thing. It is not an aspirational document; it a lowest-common-denominator document.

So if you’re in the bucket of folks who never read it, like the knuckleheads back at the 2017 Compliance Week conference (read this post), GET ON IT.

It’s not going to tell you best practices, but it’ll at least keep you from getting shamed by a prosecutor (and probably released from your job) for failing to meet the bare minimum standard.

(OK, and I have to make good on a request, here: Forrest from Abercrombie asked me to note that when I took those photos of the Compliance Week audience admitting they hadn’t read the original ECCP, he was sitting next to me and had two copies of the ECCP on his person. I can also confirm that he was audibly horrified at the survey results.)


Critical Point #2: The document isn’t written for you…so you gotta do some work.

Second, Hui notes that the document is written for prosecutors, not in-house people.

And while she notes that it still has use for you in thinking through your program, the fact that it's written for prosecutors means you have to do a lot of work to make it useful, reframing and re-contextualizing the questions into something that you can use to actually take action.

Please, allow me to illustrate with an extended analogy to a TV cooking competition.


Imagine that you get invited to compete on your favorite cooking show, which is The Great British Bake-Off because duh it definitely is. You accept and are delighted to discover that the BBC further allows you to borrow the TARDIS in order to travel back in time and compete on the version with Mary Berry and not the new one that no one likes as much.

Once you arrive at the tent, you are told that you have to first meet a bare-minimum qualification round before you get on the real show.

A friendly production assistant, who thinks you are wearing a fun hat and wants you to win (in this analogy you’re wearing a hat), slips you a copy of the rulebook that the judges use.

You open it and find it is a long series of questions that they should ask themselves in determining if you make the bare-minimum cut, so that each judge is deciding based on the same general thought process.

You look at it and think “this is great—but what now?”

That’s because the questions, by themselves, do not lend themselves to action. You would have to put them in a logical order to suss out how they impact each stage of your baking, from pre-baking to baking and then all the way to post-baking, and at this point it should be pretty clear that I’ve exhausted the baking knowledge I’ve acquired from being in the room when my wife watches that show.

So, you’d need more help.

You would need some type of baking-rules-super-nerd to be your secret weapon, obsessively combing through the questions to sort them into an order that allows you to use them to make sure you meet that bare-minimum standard and can make it on the show.

Unfortunately, in our analogy that person does not exist. You do your best to review the questions, but you get overwhelmed and miss a few critical things. You don’t make the cut and go home disappointed.

But in the real world, that person does exist.

And there is exactly such a secret weapon for making sense of all the questions in the ECCP, organizing and framing them into something you can use to make sure you’re able to pass the bare minimum standard that they articulate.

That person is Broadcat.

And making a secret weapon for you is exactly we did.

(And please, send your awards for Slickest Segue Ever to our new office on the Katy Trail in Dallas.)



Want the workbook preview NOW? Click here to get it!

Download the Workbook Preview now


How we made the ECCP useful (for you).

Back in 2017, we took the ECCP and turned it into a toolkit containing three documents, all framed around your experience as an in-house compliance professional.


We made a roadmap that keeps all the questions the same, but organizes them based on when and how you’d actually use them.

We made a workbook that lets you put the roadmap into practice, logging your answers to each question.

We made a board deck that helps you not only give the guidance to your board members, but explain it at a 10,000-foot level that they’ll actually read. 

We made this toolkit by keeping the DOJ’s original questions, but we reorganized them around:

When you’d ask each question,

Who you’d probably task with answering it, and

How often you’d be likely to update your response.

That is, we re-sorted the DOJ's subject-matter topics into practical categories so you can get value out of the DOJ's guidance—before you're sitting across from a prosecutor.

We called our practical categories "Governance and Structure," "Program Operations," and "Incident Response."

Overview of operational categories for DOJ Evaluation of Corporate Compliance Programs.png

Each category reflects a consistent approach to when you'll answer its questions, who will answer them, and how often you'll need to check in for an update. They use the DOJ's original questions—they're just sorted by how you'll actually answer them, because the DOJ’s organization was never intended for an in-house audience to use.

Since the DOJ added a slew of questions this year, as well as modified a bunch of the old questions, we went through a very painful process of updating all of these documents, re-evaluating how we categorized things and where to put the new questions.

And we put together a changelog too, so you can easily see the difference between the two versions of the ECCP questions, in a format that you can read without wanting to poke out your own eyes.

This project was…unpleasant. So, you’re welcome.

Now, you’ll use the toolkit like this:

  • The roadmap will give you an overview of how the questions shake out. If you want to give something to your board or General Counsel for a pre-read, this is what you’d give them.

  • The board deck is what you’ll actually present to your board to explain what’s up. It is objectively great, but it's going to make you look super amazing; because “a DOJ guidance update” sounds like the most boring thing in the world, your board’s expectations are going to be super low and having clean, simple slides that don’t suck is going to make you the hero of the board meeting.

  • And finally, the workbook is what you’ll actually use yourself. It follows the same structure as the roadmap, but it’s designed to be actively used as a place to organize your work as you sail through answering each question. We’ve also given you guidance in a few places to help you think through how to tackle the questions to make getting started a breeze.

Suffice it to say that this is the best thing you’re going to use on DOJ guidance, end of sentence. Our old version was downloaded approximately one jillion times; this one’s even better because it saves you from the agony of figuring out “what’s the difference”?


How you can get it!

Right, enough talk: how do you get it?

Well, back in 2017, we gave away the roadmap for free. And originally, we were going to do that here too. But then we realized that the roadmap gives you the analytical framework for understanding it, but it doesn’t get you started; it's a passive document.

So this year, we are giving away the first part of the workbook itself for free—the entire section on Governance and Structure. You can grab that here and get to work.

And once you get going, you’re probably going to say something like “well, that was stupid easy to use; how do I get the rest of it, and also the board deck and roadmap so I look super smart to my board?”

There, you’ve got a couple options.

If you were an early adopter—you were one of the forward-thinking visionaries who signed up when we were still offering all-access passes to everything we do—then you already have it. (It's in the Library, hit us up in chat if you need help.)

If you are a Champions or Bundles customer, this is available as an add-on. Contact us and we’ll get you set up right quick.

If you don’t work with us yet, BOO. But you can get this by:

(1) signing up for Champions (our manager kit plan) or Bundles (our themed packages) and getting it as an add-on,


(2) as part of being a launch customer for Compliance Design Club, in which case you’ll get it for free.

What’s Compliance Design Club? It’s the a la carte membership plan we’re launching in Fall 2019. We heard that you wanted the flexibility to buy just what you wanted, and we decided to innovate on our business model to let you get exactly that.

Compliance Design Club members get three big things:

  1. Tokens to redeem for a la carte purchases from us (think: Dave ‘n Busters). You can redeem them for stuff like our manager kits:


    And awareness materials that will make your employees be like “wait, this is from compliance?! This is great!”:


    And killer templates that will require you to take up a new hobby to make use of all the time you’re going to save:


    And power tools that make you so efficient and productive that your executives will secretly wonder if you’re some type of cyborg sent from the future to monitor them, Skynet-style:


    But that’s not all.

  2. Members also get a monthly free surprise resource (think: Birchbox, Loot Crate, etc). The first six surprises are all mega-awesome, because we want to reward our early adopters.

    For example, here’s what we’re giving away for free in November:


    And if you join after November, you can still get it—you’ll just have to spend 20 tokens. And there’s still more!

  3. Members will also get the ability to use their tokens to team up with other customers and fund new work (think: Kickstarter), because we love you.


Compliance Design Club is set to launch in October—but if you sign up now, you’ll get our ECCP toolkit for free.

But hey, try out the workbook first. It’ll help you understand how passionate we are about making compliance simple and accessible, and then getting on board with Champions, Bundles, or Compliance Design Club will be a no-brainer.



What are you waiting for? Click here to get the workbook preview now!

Download the Workbook Preview now

Ricardo Pellafone

Written by

Ricardo Pellafone

As Broadcat’s Founder, Ricardo is responsible for setting and obsessively refining Broadcat’s core methodology, approach, and vision of practical, useful compliance.