The Department of Justice (DOJ) recently issued its Evaluation of Corporate Compliance Programs (ECCP) update in September 2024. While this update might seem like it’s aimed at large corporations with sophisticated legal teams, it has important implications for small and mid-sized consumer packaged goods (CPG) and manufacturing companies as well. Whether your company has limited in-house legal resources or none at all, compliance with this guidance is essential. As a sole practitioner providing fractional and virtual general counsel services, I work with businesses like yours to navigate these legal requirements without the hefty price tags of big law firms. I understand that for many CPG and manufacturing companies, the focus is on production, distribution, and growth—legal compliance often feels like something for larger corporations. But the DOJ’s updated guidance emphasizes that every company, regardless of size, must have a well-thought-out compliance program that reflects its unique risks. Here’s a breakdown of what this means for your business, and how you can implement cost-effective compliance measures that minimize your outside legal spend.
Private Companies: Risk Management Without Breaking the Bank
For privately owned CPG and manufacturing companies, legal compliance is often not the first thing on your mind. You may already be dealing with tight margins, supply chain disruptions, and other operational challenges. But the DOJ expects all companies to develop compliance programs that match their risk profiles, even if you don’t have a full-time legal team.
Tailoring Compliance to Your Business
The DOJ understands that smaller companies have different risks than major corporations. They aren’t expecting you to have the same level of resources, but they do expect you to have a compliance program that addresses the specific risks your company faces. Example:
Imagine you run a mid-sized manufacturing company that imports materials from overseas. The DOJ will expect your compliance program to account for supply chain risks, including potential violations of anti-bribery laws like the Foreign Corrupt Practices Act (FCPA). Even without an in-house legal team, you need clear policies and procedures to manage those risks. A simple, tailored compliance program can protect you from fines and DOJ investigations without requiring a big legal spend.
Supply Chain and Third-Party Risk
If your business relies heavily on third-party suppliers or distributors, the DOJ expects you to have controls in place to monitor and manage those relationships. The updated guidance makes it clear that failing to oversee third-party activities can leave companies vulnerable to legal liabilities. Example:
Let’s say your CPG company sources raw materials from a supplier in another country. If that supplier engages in corrupt practices, your business could be held accountable unless you’ve taken reasonable steps to monitor their activities. A cost-effective compliance program that includes third-party risk assessments and periodic audits can help you avoid these potential pitfalls.
Environmental and Safety Compliance
For manufacturing companies, staying compliant with environmental and workplace safety regulations is a major concern. The DOJ is increasingly focused on companies that cut corners when it comes to safety, and even small businesses are not immune. Example:
If your small manufacturing plant has been cited for OSHA violations, the DOJ will scrutinize how you addressed those issues. Did you have safety protocols in place? Were employees trained properly? A lack of compliance could lead to fines or even criminal charges. By developing an affordable safety and compliance program, you can reduce your legal exposure without having to rely on expensive external legal counsel.
Public Companies: Compliance on a Budget for Mid-Market CPG and Manufacturing
For small to mid-sized CPG and manufacturing companies that are publicly traded, the compliance stakes are higher. The DOJ’s updated guidance expects public companies to not only manage their risks but to have robust programs in place for everything from board oversight to cybersecurity. However, you don’t need a full legal department to stay compliant.
Board Involvement in Compliance
Even if you don’t have an extensive legal team, the DOJ expects your board of directors to be actively involved in overseeing compliance efforts. For public companies, this is especially important in managing risks related to corporate governance and regulatory reporting. Example:
Let’s say your mid-sized CPG company is facing a product recall due to potential safety concerns. The DOJ will look at how involved your board was in addressing the issue. Did they ensure that proper procedures were followed? Were corrective actions taken quickly? By ensuring your board is engaged with compliance matters, you can minimize your risk and avoid further scrutiny.
Cybersecurity and Data Privacy
As more CPG and manufacturing companies digitize their operations, cybersecurity has become a top concern. Public companies are under increased pressure to report cyber breaches, and the DOJ will examine whether your company had the right protections in place. Example:
If a data breach occurs at your manufacturing company, affecting customer or supplier information, the DOJ will look into your incident response plan. Did you notify the relevant authorities? Did you take appropriate steps to mitigate the breach? Having a well-structured plan in place can help you avoid legal repercussions, and it doesn’t need to cost a fortune. By working with fractional general counsel services, you can create a cybersecurity policy that fits your budget.
Practical Steps for Cost-Effective Compliance
The DOJ’s 2024 update highlights the need for CPG and manufacturing companies to build compliance programs that address their specific risks, regardless of their size or legal resources. But there’s no need to go overboard with expensive legal services or complex programs. Here’s how small and mid-sized businesses can implement practical, affordable compliance programs:
- Start with a Risk Assessment: Identify the key risks your business faces—whether it’s supply chain management, environmental safety, or data privacy. A targeted risk assessment will help you focus your compliance efforts where they’re needed most.
- Implement Scalable Policies: You don’t need a one-size-fits-all solution. Tailor your compliance policies to fit the size and scope of your operations. For instance, simple supplier vetting processes and employee training programs can go a long way in minimizing risk.
- Use Fractional Legal Support: Instead of hiring full-time legal staff or relying on big law firms, fractional general counsel services offer the flexibility and cost-effectiveness your business needs. This allows you to have ongoing legal support without the overhead of a traditional legal department.
- Leverage Technology: There are many affordable compliance tools that can help you manage legal obligations, monitor third-party risks, and track employee training. Automating these processes can reduce the need for outside legal help.
How Fractional General Counsel Services Can Help
For CPG and manufacturing companies looking to minimize their legal spend, fractional general counsel services provide a cost-effective solution. I offer flexible, scalable legal support tailored to the unique challenges of your industry—whether it’s managing compliance risks, drafting policies, or responding to regulatory inquiries. If you’re concerned about your company’s compliance in light of the DOJ’s updated guidance, I can help you build a practical, affordable compliance program that fits your business needs. Ready to strengthen your compliance program without breaking the bank? Let’s talk. I specialize in helping small and mid-sized CPG, manufacturing, logistics, and other product or services companies like yours navigate the complex world of legal compliance, all while keeping costs manageable. Email: jeneralcounsel@gmail.com to learn more about how we can work together to protect your business.
