Home “Corporate Citizen, Police Thyself”: How the DOJ Is Changing Its Corporate Enforcement Policy to Encourage Self-Policing

“Corporate Citizen, Police Thyself”: How the DOJ Is Changing Its Corporate Enforcement Policy to Encourage Self-Policing

By J. P. Christian Milde, Esq.

Self-Reporting Remains a Major Focus

Few executives expect to interact with the Department of Justice (DOJ) during their careers, but the current DOJ has given companies some homework, and the assignment applies to everyone. Recent changes to the DOJ’s corporate enforcement policy are designed to encourage companies to self-monitor for illegal activity and to self-report misconduct to authorities. Given the implications of the changes, even smaller companies and those in lightly regulated industries should be paying attention.

As announced on January 17, 2023, companies with effective compliance programs that detect criminal conduct can now generally expect that the DOJ will decline to prosecute them if they immediately self-report a violation, enthusiastically cooperate in the investigation, and thoroughly remediate the offense’s causes and effects. These changes represent the continuation of a push for corporate self-policing that Deputy Attorney General (DAG) Lisa Monaco previously outlined in September of 2022.

In response to these changes, companies are well advised to reinforce existing compliance programs, ensure that their programs are adequate to engender an ethical and self-policing corporate culture, revise compensation agreements to include incentives for compliance such as clawbacks of executive compensation in cases of misconduct, and develop a rapid response plan for both internal reports of misconduct and external investigative inquiries.

Why This Matters to Your Company

Companies are criminally responsible for crimes committed by their employees while serving the company’s interests. Corporate criminal prosecutions are a small percentage of total federal prosecutions each year, but a conviction can destroy a company’s reputation and carry massive fines. Companies in every sector and of every size have the potential to break criminal laws, and the list of potential violations is broad. For example, a company could be criminally prosecuted for submitting an inaccurate bid for a government contract, collecting unearned fees or billing inaccurately for certain professional services, failing to keep licenses or certifications up to date with authorities, failing to properly pay employees, running afoul of immigration laws, selling certain products to overseas buyers, or even responding inaccurately to a federal inquiry.

With so many ways to do something wrong, even the most scrupulous and well-managed companies need to plan for possible issues. The good news is that new DOJ policy is quite forgiving of companies that have effective compliance programs and self-report issues promptly. Having a compliance program designed to teach employees to avoid issues and report concerns is a good start, but, in the present environment, companies must also consider how to ensure that reported issues are quickly investigated, reported to authorities, and remediated. Preparing for internal investigations, reporting, and remediation is something that all companies should be planning with their white collar counsel, in conjunction with their compliance counsel. For those companies that do not have a relationship with white collar counsel, choosing counsel before an issue arises may be key to responding to any future incident quickly and decisively enough to satisfy federal authorities.

The Thrust of the New Policy

DAG Monaco’s first changes to the DOJ’s corporate enforcement policy came in a memo issued on October 28, 2021. That memo announced a few major policy changes, notably a directive that, when deciding how to resolve criminal charges against a company, federal prosecutors should consider the company’s entire record of misconduct, including both civil and criminal misconduct, misconduct in foreign countries, and misconduct by other entities in the same corporate family. The memo also announced a return to a policy (originally stated by then-DAG Sally Yates in the 2015 “Yates Memo”) that a company cannot receive any cooperation credit at sentencing unless it provided the DOJ with “all relevant facts relating to the individuals responsible for the misconduct.”

The return to the Yates Memo signaled a return to a policy of prioritizing the investigation and prosecution of individuals involved in misconduct. When DAG Monaco further defined the new policy in a speech and concurrent memo on September 15, 2022, the first section of her memo focused on holding individuals accountable. The 2022 memo reinforced the requirements of the Yates Memo and also instituted a rule that prosecutors should generally resolve investigations of companies and culpable individuals simultaneously. This new policy is likely to increase pressure on companies to move quickly in their internal investigations to expedite prosecutors’ charging decisions about individual wrongdoers so that a company can resolve its own potential charges. Companies may benefit from having clear investigation plans and policies in place so that employees know what to expect and inquiries can proceed without delay.

How the DOJ Is Seeking to Encourage Corporate Accountability

DAG Monaco’s 2022 memo provided considerable guidance on how prosecutors should evaluate a company’s history of misconduct, a company’s self-disclosure of the current issue, a company’s investigative cooperation, and a company’s compliance program as factors in the resolution of a criminal matter. In general, the guidance emphasized the importance of preventative measures and signaled a harsher approach to corporate repeat offenders.

The memo requires prosecutors to consider a company’s history and examine how a company has addressed “the root causes of prior misconduct, including employee discipline, compensation clawbacks, restitution, management restructuring, and compliance program upgrades.” Prosecutors are instructed to deal more harshly with companies whose misconduct involves employees at any level who were involved in prior misconduct by the company.

The memo also does not permit a prosecutor to offer a non-prosecution agreement (NPA) or deferred prosecution agreement (DPA) to a company that has already received one of these favorable dispositions in a different matter, unless the prosecutor first seeks approval from the Office of the Deputy Attorney General. In light of these changes, companies with past compliance issues should not just increase their vigilance and update their written policies, but should actively examcoprate ine and remove the structures and individuals that caused or permitted the issue. Merely keeping a closer eye on individuals or departments that were involved in prior misconduct is now a much riskier approach.

With regard to voluntary self-disclosure of misconduct, the 2022 memo seeks to show companies the advantages of self-disclosure and to create a roadmap for how and when to disclose. The memo requires DOJ divisions to clearly define what companies must do to receive credit for voluntary self-disclosure and to define the benefits that a company will receive for disclosing. The memo promises that, when a company voluntarily self-discloses and fully cooperates, unless there are aggravating factors, the DOJ will not seek a guilty plea, and will not seek independent compliance monitoring if the company has an effective internal compliance program.

What Does the DOJ Want in a Compliance Program?

The 2022 memo provides guidelines for the evaluation of corporate compliance programs and directs that, when deciding how to resolve a case, prosecutors should consider both the compliance program that was in place at the time of the misconduct and the compliance program that existed at the time of the matter’s resolution. Compliance programs are often heavily focused on training and monitoring, but the new policy emphasizes fostering a broader culture of compliance, instructing prosecutors to pay particular attention to how a company incentivizes good behavior and discourages misconduct.

The new policy focuses on how corporations can shift the burden of misconduct away from shareholders and onto responsible individuals. The 2022 memo states that adequate compliance programs should show a corporation’s willingness to hold wrongdoers accountable, including through retroactive discipline such as clawback provisions. Prosecutors are also instructed to consider not only what policies exist at a company, but whether the policies were followed and enforced. As such, companies cannot afford to merely write policies and hold occasional trainings—companies must consistently evaluate whether the policies are being adequately applied.

The DOJ’s focus on companies providing all relevant information to authorities extends to communications outside of the company’s network, such as correspondence between employees on their personal devices and via messaging services not controlled by the company. The 2022 memo explicitly notes that a company’s cooperation will be evaluated based in part on whether the company’s policies allow it to effectively collect all relevant evidence. As such, companies must develop (and enforce) policies preventing work-related communications from occurring outside of the company’s digital purview.

Changes to Monitorship Guidelines

The 2022 memo also provided considerable guidance on how prosecutors should evaluate whether it is necessary to appoint an independent compliance monitor to oversee a company’s adherence to a settlement resolving criminal charges. Companies may be able to avoid monitorships by voluntarily self-disclosing, reinforcing and testing internal compliance controls before the settlement is finalized, and taking strong and immediate remedial measures including the termination of business relationships and employees that contributed to the misconduct. A company that takes these measures may still not be able to avoid a monitorship, though, if the misconduct was facilitated or ignored by management or compliance personnel, if the misconduct involved exploiting inadequate internal controls, if poor corporate culture permitted the misconduct, or if the company has been unable to render the risk of re-offense “minimal or nonexistent.”

Given this guidance, companies cannot afford complacency, because, if prosecutors perceive that misconduct was enabled by corporate culture or by failings of an existing compliance program, even a favorable resolution could result in a monitorship. The new guidance also reinforces that prosecutors should receive regular reporting from monitors, and, if necessary, make alterations to the scope or duration of monitorships, so companies that fail to adequately self-monitor are risking open-ended supervision by federal authorities.

The Elevated Importance of Self-Reporting

Since the issuance of DAG Monaco’s 2022 memo, the DOJ has continued to place heavy emphasis on corporate self-reporting. In a speech on January 17, 2023, the Assistant Attorney General (AAG) in charge of the DOJ’s Criminal Division, Kenneth Polite, announced revisions to the Division’s Corporate Enforcement Policy that further encourage self-reporting. The policy changes expand and codify self-disclosure incentives that the DOJ has been developing and trialing since 2016.

AAG Polite’s speech struck a slightly softer tone than that of DAG Monaco’s 2022 memo, or, at least, focused more heavily on positive incentives. He noted that, under current policy, if a company voluntarily self-discloses, fully cooperates, and timely and appropriately remediates, there is a presumption that the Criminal Division will decline to prosecute the company, absent certain aggravating circumstance. Those aggravating circumstances include involvement in the misconduct by executive management, a significant profit to the company from the wrongdoing, particular egregiousness or pervasiveness of the misconduct within the company, and criminal recidivism on the company’s part.

Under the new policy, though, even when aggravating circumstances are present, a company may still successfully avoid prosecution by showing that the voluntary disclosure was immediate, that there was an effective compliance program in place at the time of the misconduct that enabled the discovery and reporting of the misconduct, and that the company provided extraordinary cooperation and undertook extraordinary remediation. This shows, yet again, the importance of self-reporting and the importance of a strong compliance program. Even a company that profits greatly from misconduct by its executives may be able to avoid prosecution by promptly discovering, reporting, and remedying the issue.

For companies that are unable to avoid prosecution, the new policy still rewards timely self-disclosure, investigative cooperation, and full remediation. A company that is prosecuted because its misconduct is particularly egregious, but did self-disclose, cooperate, and remediate, can still expect to receive up to a 75% reduction of its fines below the low end of the U.S. Sentencing Guidelines. Companies that fail to disclose but still cooperate and remediate can receive up to a 50% reduction. The fine amounts calculated under the Sentencing Guidelines can be staggering, and prosecutors have considerable discretion regarding how much of a cooperation reduction to give or to recommend to a judge under the new policy. As such, early self-reporting, clear cooperation, and rapid remediation are better paths than ever before for companies that discover even egregious misconduct.

How Companies Can Benefit from the New Policies

The catch for any company looking to these new policies for leniency is that companies must have had the foresight to set themselves up for success well in advance. If a company does not plan to deter, detect, and respond to potential misconduct until after receiving an investigative inquiry, it will be too late to receive much benefit from the DOJ’s new policies. These benefits are largely only available to companies that have strong compliance programs—not only on paper, but in practice—and that use those programs to discover and self-report misconduct.

Creating a plan for how your company will discover, respond to, and report misconduct is cheap insurance against the tremendous economic and reputational costs of a government prosecution. Especially given the DOJ’s focus on timely reporting and disclosure of relevant information, companies cannot afford to spend time finding white collar counsel and planning an internal investigation after a whistleblower makes a report or an existing compliance control uncovers an irregularity. Companies of all sizes and in all markets should consult with counsel and develop a response plan before an issue arises. This should be done in addition to maintaining regular compliance programs appropriate to a company’s industry and relationships. Having a response plan for reported or suspected misconduct may be the difference between a delayed response that causes a whistleblower to report concerns directly to a government agency and a prompt self-report and corrective action that results in no prosecution.

Christian Milde is an attorney in the White Collar Criminal/Regulatory practice of Conn Kavanaugh Rosenthal Peisch & Ford, LLP, a Boston-based law firm. He can be reached at cmilde@connkavanaugh.com

Share with your network:

How Can We Help?

Contact us today for a solution best suited to your legal needs.