The "Principles of Federal Prosecution of Business Organizations" in the U.S. Attorney's Manual sets out the so-called "Filip Factors" for use in deciding whether or not to bring charges or in negotiating plea or other types of agreements.
This differs from, and is in addition to the OIG's review of compliance programs to determine whether or not a corporate integrity agreement or certificate of compliance should be imposed
Eleven broad categories are examined. The sub-points indicate more detailed analysis within the category.
1. Analysis & Remediation of Underlying Misconduct
Includes root cause analysis, prior indications of misconduct; remediation pursued by the organization.
2. Senior and Middle Management.
Includes an analysis of the conduct by senior leaders, indications of commitment to compliance and communication of the commitment, quality of oversight by the governing body.
3. Autonomy and Resources
What was the role of compliance in decision-making, control and training functions related to the misconduct, what is the stature of the compliance role compared to other functions in the organization, are compliance personnel qualified and experienced, does the compliance officer have sufficient autonomy to carry out necessary functions; is funding of the compliance function adequate.
4. Policies and Procedures
Includes analysis of the process for designing and reviewing compliance policies, are policies adequate and fully implemented and enforced, is there effective training on policies, are policies well-communicated, are policies extended to vendors.
5. Risk Assessment
What processes are used to identify risk areas, what information or metrics are used to detect misconduct.
6. Training and Communications
What training is provided and to whom, is the training effective, has it been measured, how does the organization communicate remediation of misconduct, what resources are available to provide guidance to employees about compliance
7. Confidential Reporting and Investigation
Inquiry into the processes, analyses and follow-up steps when compliance issues are reported, are investigations properly conducted by trained personnel, how does the organization respond to the results of investigations.
8. Incentives and Disciplinary Measures
What disciplinary actions were taken as a result of investigations of misconduct, who participated in the disciplinary process, are disciplinary actions fairly and consistently applied across the organization and at all levels of the organization, how has the organization incentivized compliance and ethical behavior.
9. Continuous Improvement
Periodic Testing & Review. How and what does the organization audit in terms of compliance issues, how are audits reported and addressed, is the audit program itself reviewed and evaluated, do audit results inform policy and procedure updates.
10. Third Party Management
Are there third-party managers involved in the organization, are there appropriate controls over third party managers.
11. Mergers and Acquisition
M&A. Does the due diligence process identify possible misconduct, how has the compliance function been integrated into the merger, acquisition, and integration process