Overview In February 2017, the Fraud Section of the United States Department of Justice’s Criminal Division published a document entitled ‘Evaluation of Corporate Compliance Programs’,1 its most recent communication of the DOJ’s assessment criteria for effective corporate compliance programmes. The DOJ recognises that each company’s risk profile and the solutions it adopts to reduce risks should be evaluated on their own merits. The DOJ therefore tailors its determination to each case. However, even tailored determinations raise many of the same questions. The DOJ document explains the questions the DOJ may ask about a corporate compliance programme. However, it gives no guidance on how companies can provide the right answers. In December 2014, the International Organization for Standardization published ISO International Standard 19600 – Compliance management systems – Guidelines,2 which helps organisations establish, develop, implement, evaluate, maintain and improve an effective and responsive compliance management system. In 2018, ISO 19600 was confirmed, and it is currently advanced to a requirements standard (ISO 37301), which is planned to be published in 2020. ISO 19600 is the first international standard on state-of-the-art compliance management and provides the basis for other international standards, such as ISO 37001 – Anti-bribery management systems.