DOJ announces policy changes and enhanced guidance for corporate compliance programs: Key takeaways
In a series of speeches given during the American Bar Association (ABA)’s National Institute on White Collar Crime in Miami, Florida, senior officials from the US Department of Justice (DOJ) delivered remarks on the ever-changing landscape of corporate criminal enforcement policies and the Department’s enhanced expectations when it comes to evaluating corporate compliance programs.
Specifically, in her address on March 2, Deputy Attorney General Lisa Monaco highlighted DOJ’s recent implementation of a cohesive voluntary self-disclosure policy, announced resource commitments to support the department’s focus on corporate crime as a national security priority, and previewed the introduction of a Pilot Program on Compensation Initiatives and Clawbacks (Pilot Program).
The following day, Assistant Attorney General Kenneth Polite expanded on Monaco’s remarks, providing more detail on the Pilot Program, and announcing further revisions to DOJ’s Evaluation of Corporate Compliance Program (ECCP) geared towards the Department’s assessment of companies’ compensation structures and their approach to the use of personal devices, communication platforms and messaging applications. Polite also previewed a revised memorandum on the selection of monitors.
In this alert, we highlight the key takeaways of these recent pronouncements and the new policy memorandums released concurrently with DOJ’s remarks.
In September 2022, Monaco issued a memorandum (the Monaco Memo) that instructed each component of DOJ that prosecutes corporate crime to review their policies on corporate voluntary self-disclosure (VSD).
Last month, Damian Williams, US Attorney for the Southern District of New York, and Breon Peace, US Attorney for the Eastern District of New York, announced a new policy that: (i) standardizes how VSDs are defined and credited by US attorney’s offices (USAOs) nationwide; (ii) clarifies the requirements for companies to voluntarily self-disclose; and (iii) incentivizes companies to maintain effective compliance programs capable of identifying misconduct, expeditiously and voluntarily disclose and remediate misconduct, and cooperate fully with the government in corporate criminal investigations (the Policy). [See our prior alert].
Monaco’s remarks from last week reiterate the Policy’s goals to provide transparency, clarity and enhanced incentives for companies to voluntarily self-disclose misconduct to the Department. She further notes that each US Attorney’s Office that prosecutes corporate crime now has an “operative, predictable and transparent voluntary self-disclosure program,” that affirmatively states that – absent aggravating factors – DOJ will not seek a guilty plea if a company has voluntarily self-disclosed, cooperated with DOJ, and implemented remedial measures.
Additional resource commitments to combat corporate crime as national security priority
Monaco also previewed additional resource commitments to corporate criminal enforcement to address “the intersection of corporate crime and national security,” reiterating her previous statement that “sanctions are the new FCPA.”
These new resource commitments within the National Security Division will practically translate as follows: (i) addition of 25 new prosecutors – including first ever National Security Division’s Chief Counsel for Corporate Enforcement – who will investigate and prosecute sanctions evasion, export controls violations and other economic crimes; (ii) issuance of joint advisories with the Commerce and Treasury Departments to inform the private sector about enforcement trends and the Department’s expectations as to national security-related compliance; and (iii) substantial investment in the Bank Integrity Unit (BIU) in the Criminal Division’s Money Laundering and Asset Recovery Section.
The Pilot Program
The three-year Pilot Program announced by Monaco and Polite has two key components.
First, any company entering into a corporate resolution with the Criminal Division will now be required to include compliance-promoting criteria in its compensation and bonus systems. Monaco noted that this requirement had already been incorporated into recent resolutions and the criteria should be tailored to the company’s existing compensation system.
Second, the Division will offer fine reductions to companies that seek to claw back compensation (provided the company is also fully cooperating with DOJ’s investigation and took timely and appropriate steps to remediate the misconduct). At the time the resolution is entered, the resolving company will be allowed to pay the applicable fine, less the amount of compensation it is seeking to recover from those involved in the misconduct. At the close of the resolution period, the company will be permitted to keep all compensation recovered. Companies that pursue clawbacks in good faith, but are unsuccessful, will also be eligible for a fine reduction.
As Monaco statedin announcing the Pilot Program, DOJ seeks to shift the burden of corporate wrongdoing away from shareholders to those directly responsible for the misconduct and “encourage companies who do not already factor compliance into compensation to retool their programs and get ahead of the curve.”
For greater detail on this program, and steps that companies can take now to best position themselves, please see our Client Alert here.
Compensation structure and consequence management
Polite emphasized that under the revised ECCP, DOJ will consider numerous factors to determine how a company’s compensation system “contributes to the presence – or lack – of an effective compliance program.” Prosecutors are instructed to assess whether the company has clear consequence management policies and procedures in place that are consistently enforced and commensurate with the violations.
The revised ECCP emphasizes that the design and implementation of compensation systems contribute to fostering a compliance culture and that compensation structures that clearly and effectively impose financial penalties for misconduct can deter it. In assessing whether companies have incentivized compliance through their compensation systems, prosecutors are encouraged to consider whether companies (i) defer or escrow certain compensation tied to conduct consistent with company values and policies; (ii) enforce contract provisions that permit the company to recoup previously awarded compensation when the recipient is engaged in corporate wrongdoing; and (iii) maintain and enforce provisions for recoupment or deduction of compensation due to compliance violations or misconduct.
The revised ECCP also invites prosecutors to examine whether a company has made working on compliance a means of career advancement or metric for management bonuses.
Using personal devices and retaining messages
Polite also previewed additional changes to the ECCP focused on the use of personal devices and the retention of ephemeral messaging. While noting that DOJ understands that the use of communications platforms and ephemeral messaging platforms is “ubiquitous,” Polite emphasized that DOJ expects companies to update their policies and procedures to adapt to this reality.
To that end, the revised ECCP directs prosecutors to consider whether a company has policies related to these topics. Policies should be tailored to each company’s specific risk profile and business needs and companies are expected to take steps to ensure that such communications can be preserved and accessed. Under the revised ECCP, the Department will evaluate how companies communicate these policies to employees and how they enforce such policies on a regular and consistent basis.
In making this evaluation, DOJ will consider several factors:
- Communication channels. DOJ will look at the type of communications channel the company and its employees use or allow to be used to conduct business and the mechanisms in place to manage and preserve information contained within each of the communication channels.
- Policy environment. Prosecutors will look at the policies and procedures in place to ensure that data is preserved, including from devices that are replaced. In particular, DOJ will look into a company’s “bring your own device” (BYOD) programs and related policies governing preservation and access to corporate data stored on personal devices, including messaging platforms.
- Risk management. The Department will assess how companies implement their data retention policies and the consequences for employees who refuse the company access to corporate communications. Specifically, DOJ will look into whether companies discipline employees who fail to comply with the policy and whether the company’s approach to managing communication channels – including BYOD – reasonable in the context of the company’s business and risk profile.
In announcing the new guidance, Polite cautioned that, during an investigation, prosecutors will not accept at face value a company’s failure to produce communications from third-party messaging applications. Should a company not produce such data, DOJ will ask probing questions about the company’s ability to access such communications, the answers to which “may very well affect the offer it receives to resolve criminal liability.”
Changes to the selection of corporate monitors
DOJ’s revised memorandum on the selection of corporate monitors, clearly sets forth how DOJ selects monitors, and explains conflicts of interest obligations.
The Revised Memorandum reiterates the “ten non-exclusive factors” DOJ will evaluate when assessing the necessity and potential benefits of a monitor. It re-emphasizes that the state of a company’s compliance program will be a core component of this evaluation, stressing that DOJ attorneys should consider imposing a monitor where “a corporation’s compliance program and controls are untested, ineffective, inadequately resourced, or not fully implemented at the time of a resolution.”
The memorandum also makes explicit, as Polite underscored, that the submission and selection of a monitor candidate should be consistent with DOJ’s commitments to diversity, equity, and inclusion.
Monaco and Polite’s speeches and the related new policy releases make clear that DOJ is committed to aggressively investigating and prosecuting corporate crime and holding individual actors accountable. Further, it is clear that efforts to root out and curb corporate crime are viewed favorable and, in some instances, rewarded by DOJ.
It is important for companies to understand the recent policy changes and priorities of DOJ, so, they can best position themselves to deter wrongdoing, and, if wrongdoing does occur, identify it promptly, and remediate.
In the short term, companies should consider:
- Reviewing and possibly revising policies related to device usage, and data retention, particularly BYOD programs
- Training employees on best practices related to device usage
- Reviewing evaluation and compensation metrics, to determine if there is space for adjustments based on compliance successes and failures
- Holding remedial trainings on compliance policies and procedures, and, if possible, the relation between compliance, evaluations, and compensation
Find out more about these policy changes and their impact on your company by contacting any of the authors.