The Justice Department gave compliance officers invaluable guidance when it published its “Evaluation of Corporate Compliance Programs.” The document is invaluable because it doesn’t just describe how companies can define effectiveness for one part of a compliance program; it spells out how prosecutors evaluate effectiveness for any part of a compliance program. It shows how prosecutors will try to think about compliance and corporate misconduct regardless of the specific question at hand.

In that sense, then, compliance officers can (and should) revisit the Evaluation Guidance time and again. And, thankfully, part of the guidance touches on the one risk area most likely leave corporate compliance officers at their wits’ end: third parties, and the risks they can bring to your organization without proper oversight.

So what can that Evaluation Guidance tell us about how the Justice Department expects corporations to manage their third-party risks? And how should compliance officers consider that section of the guidance, to reverse engineer compliance programs that regulators would deem effective? Download  “Managing Third-Party Risk: What Counts as ‘Effective’ Compliance?” to learn more.