Periodic monitoring is crucial for corporate counsel to ensure that their companies’ compliance programs continue to align with changing business profiles, geographic footprints, channels to market and clients served. In fact, the U.S. Department of Justice (DOJ) emphasized the importance of periodic testing and ensuring that compliance programs “work in practice” in its 2019 guidance document evaluation of corporate compliance programs. Despite this mandate to companies, enforcement agencies have neither outlined criteria for best-in-class compliance monitoring systems nor provided practical guidance as to how practitioners should test their effectiveness.

In this article, we will outline an approach for the design of a compliance monitoring system aimed at detecting compliance violations and identifying trends, outliers and red flags. It is important to keep in mind that what works for one company may not work for another—practitioners should read this article with an eye toward what is feasible within their companies.