Is Your Compliance Program Strong Enough for DOJ’s New 2025 Standards?
Schulz Trade Consulting LLC
by Mark Jenkins, Managing Director, Schulz Trade Consulting LLC
August 25, 2025
At the last two compliance conferences, I’ve been asked the same question: What’s new in the Department of Justice’s (DOJ) approach under the new administration? Are they “soft on crime”? The quick answer is “I doubt it” and many caveats are very similar to past administrations. Below is the latest update, crucial for any company hoping to avoid prosecution through compliance and self-reporting.
May 2025 DOJ Policy Update
On May 12, 2025, the DOJ’s Criminal Division released an updated Corporate Enforcement and Voluntary Self-Disclosure Policy. This new policy clarifies that only companies that detect, investigate, and remediate problems early—and report first—will qualify for declinations (decisions not to prosecute). The policy replaces the prior “presumption” language with a formal process: qualifying companies can expect actual declination, while “near miss” cases may earn Non-Prosecution Agreements (NPAs) with requirements and transparency. [1]
Overview of DOJ Guidance
- Declination of prosecution is available if a company:
– Voluntarily self-discloses misconduct
– Fully cooperates with DOJ investigators
– Undertakes timely and appropriate remediation (see below)
– Has no severe aggravating factors like recidivism or obstruction
- Near miss or aggravating cases may receive:
– Non-Prosecution Agreements (NPAs) with reduced penalties, public disclosures, and no monitor requirement in many cases
- Transparency: All declinations will be publicly posted and require forfeiture and restitution—even if prosecution is declined
- Strict definitions: “Full cooperation” and “remediation” are now clearly detailed, including compliance structure and immediate action expectations
Compliance Takeaways—Appendix: “Timely and Appropriate Remediation”
The appendix lays out DOJ expectations:
- Root-cause analysis: Go beyond fixing the problem—address the underlying causes.
- Compliance program structure: Sufficient resources, independence, authority, quality risk assessments, and board access.
- Consistent discipline: Accountability at all levels, including management.
- Modern information controls: Policies on data retention, personal devices, and ephemeral messaging.
- Regular testing for effectiveness: Routinely evaluate if compliance controls and procedures actually work in practice. Examples include internal audits, compliance program and fraud risk assessments, and adjustment of controls based on real outcomes and evolving risks.
- Proactive measures: Ongoing risk reduction efforts, not just after-the-fact fixes.
Early Self-Disclosure Requires a Robust Compliance Program
To truly benefit from self-disclosure, your compliance program must be capable of detecting and investigating issues internally—before a whistleblower reports straight to the government. DOJ gives a brief window for self-reporting, but you’ll miss it if you’re not monitoring and acting quickly.
Liberty Mutual Declination Example
Liberty Mutual recently received a declination from the DOJ by voluntarily disclosing, cooperating fully, and swiftly remediating the underlying issues—with real changes to its compliance program, in line with these new guidelines. If you missed our prior article on Liberty Mutual, see footnote link. [2]
Bottom line for compliance officers
The DOJ makes it clear: only organizations with robust, proactive, and regularly tested compliance programs will earn leniency. Waiting until a whistleblower acts is waiting too long.
[1] For details, see the DOJ’s official update: https://www.justice.gov/criminal/media/1400031/dl?inline
[2] https://schulztc.com/dont-let-your-compliance-program-collect-dust-lessons-from-liberty-mutual/