DOJ Toughens Its Stance on Corporate Criminal Enforcement in a New Round of Policy Changes and Updates

DOJ Toughens Its Stance on Corporate Criminal Enforcement in a New Round of Policy Changes and Updates

September 23, 2022, Covington Alert

What You Need to Know:

• On September 15, U.S. Deputy Attorney General Lisa Monaco provided new and expanded policy guidance (the “DAG Memo”) on corporate criminal enforcement. The guidance portends harsher treatment for companies that do not voluntarily self-report misconduct or meet expanding notions of “full” cooperation and effective remediation, with the harshest treatment likely in store for certain kinds of “recidivist” companies.
• Specifically, as gating issues around voluntary disclosure, the DAG Memo makes clear that the Department:
  • Will not seek a guilty plea where a company has self-disclosed, cooperated, and remediated misconduct, “[a]bsent aggravating factors”; and
  • Will not impose independent compliance monitors on cooperating companies that voluntarily disclose, provided they have implemented and tested “an effective compliance program.”
• The DAG Memo forcefully clarifies that “fully” cooperating in Department investigations includes producing all relevant, non-privileged facts about individual misconduct “swiftly and without delay”—e.g., upon discovery of “hot documents or evidence,” a company’s “first reaction” should be to notify DOJ prosecutors.
• The DAG Memo highlights new areas of emphasis for the Department in evaluating remediation and the effectiveness of corporate compliance programs:
  • DOJ prosecutors will consider whether corporations have implemented compensation systems that are designed to deter and penalize misconduct and reward compliance, with a particular focus on compensation clawback mechanisms; and
  • DOJ will consider whether companies have developed and effectively implemented policies governing the use of personal devices and third-party messaging platforms, including ephemeral and encrypted messaging applications, for corporate communications.
• For recidivist companies, the Department clarified that:
  • Of greatest significance will be recent U.S. criminal resolutions and prior misconduct connected to the enforcement action at hand through similarity of the conduct, shared root causes, overlapping management, or overlapping compliance failures, as well as whether a company was subject to probation, supervision, monitorship, or another obligation imposed by a prior resolution at the time of the conduct under investigation;
  • Less weight will be given to “dated” criminal resolutions (10 or more years before the conduct under investigation) and civil or regulatory resolutions (five or more years before the conduct under investigation); and
  • Successive non-prosecution agreements (“NPAs”) and deferred prosecution agreements (“DPAs”) are “generally disfavored,” particularly when successive resolutions involved overlapping conduct, personnel, and entities, but the Department will still “weigh and appropriately credit voluntary and timely self-disclosures of current or prior conduct,” even for repeat offenders.
• And on the imposition of an independent compliance monitor, the DAG Memo provides a non-exhaustive list of 10 factors that prosecutors should consider, with a focus on allowing companies that voluntarily disclose, fully cooperate, effectively remediate, and make meaningful investments in enhancing compliance programs and corporate culture to avoid monitorships.
• With these changes and clarifications, the Department is going to great lengths to make the benefits of compliance investment clear while strongly messaging its commitment to robust white collar enforcement. And the Department has signaled even more changes and updates to come. Thus, companies should prepare for increased scrutiny and would be wise to conduct a close review of existing compliance programs and culture to ensure alignment with Department expectations.

New DOJ Policies Signal Harsher Treatment for Companies That Do Not Voluntarily Disclose, Fully Cooperate, and Effectively Remediate

Last October, the Department of Justice announced and released policy changes and updates designed to provide prosecutors with additional tools to combat corporate crime, along with promises of more changes and updates to come, which we covered in a previous alert. Building on that foundation, in a speech made and a memorandum issued last week, Deputy Attorney General Lisa Monaco reaffirmed the Department’s commitment to holding individuals and companies accountable for white collar crimes and promoting better corporate conduct through investment in compliance programs and corporate cultures. The Deputy Attorney General made clear that the “combination of carrots and sticks” are meant to empower in-house lawyers and chief compliance officers to make the business case for responsible corporate behavior. The policy changes and clarifications were also designed to promote transparency and predictability so that companies could better understand the benefits available under Department policy. These same policy updates were reinforced the following day in a speech given by Assistant Attorney General for the Criminal Division Kenneth Polite, with a particular emphasis on deterring misconduct and promoting “responsible corporate citizenship” through compliance initiatives, and earlier this week in a speech by Principal Associate Deputy Attorney General Marshall Miller.

The DAG Memo represents the newest phase of DOJ’s ongoing campaign to incentivize companies to self-police and voluntarily disclose misconduct by purportedly sweetening the benefits of disclosure and raising the costs of non-disclosure. But only time will tell whether the baseline benefits of voluntary disclosure set out in the memo will be enough to persuade companies to more routinely voluntarily disclose misconduct. The announcement also arms prosecutors with additional tools to detect and prosecute corporate and individual misconduct and to demand prompt, proactive, and far-reaching cooperation from corporations under investigation. The policies also establish more demanding expectations that companies will need to satisfy before being viewed as having effective compliance programs. Altogether, these changes and clarifications signal harsher treatment for companies that do not voluntarily self-report misconduct and meet expanding notions of “full” cooperation and effective remediation.

The DAG Memo also clarifies changes announced last October that were intended to deter corporate recidivism by evaluating a corporation’s history of misconduct and removing any presumption against imposing an independent compliance monitor. These clarifications provide welcome limiting guidance regarding the scope of prior misconduct that may result in a harsher resolution outcome. But they also put companies on notice that certain kinds of recidivists are likely to receive harsh penalties, regardless of whether they meet the Department’s voluntary disclosure, full cooperation, and effective remediation framework. With respect to independent compliance monitors, the DAG Memo may make the path to avoiding the imposition of a monitor more difficult, in the sense that the 10 non-exhaustive factors DOJ indicated it will consider when deciding when to impose a monitor may be read to de-emphasize consideration of the costs and burdens associated with a monitorship. At the same time, the DAG Memo also provides the potential for more control over a monitor once one is imposed, with emphasis on the need for close oversight of the monitorship by prosecutors during the monitorship’s term.

With these changes and clarifications, DOJ clearly is looking to eradicate any perception that corporate criminal resolutions are a cost of doing business or that it will not pursue individual wrongdoers. Instead, through a combination of incentives and disincentives, the Department is going to great lengths to make the benefits of compliance investments clear, and strongly messaging its commitment to robust white collar enforcement. Thus, companies should prepare for increased scrutiny and should conduct a close review of existing compliance programs and culture to ensure alignment with Department expectations. Finally, as in last October’s announcement, the Deputy Attorney General foreshadowed that more changes and updates are coming. Looking ahead, we expect that this announcement is just one of several that will continue to shift the landscape for white collar enforcement and compliance program expectations.

We discuss below the key changes and updates that were announced last week.

1. Incentivizing Voluntary Disclosure, but Will It Be Enough to Move the Needle for Companies?

Key Policy Statements

• The DAG Memo makes clear that the Department:
  • Will not seek a guilty plea where a company has self-disclosed, cooperated, and remediated misconduct, “[a]bsent aggravating factors”; and
  • Will not impose independent compliance monitors on cooperating companies that voluntarily disclose, provided they have implemented and tested “an effective compliance program.”
• The DAG Memo also directed all DOJ criminal components, which have not already done so, to publish written policies on voluntary self-disclosure that must, at a minimum, adopt the two principles above, clarify the component’s expectations regarding what constitutes self-disclosure, and detail what benefits self-disclosure yields.

Analysis

Running throughout the DAG Memo are incentives and disincentives—in the form of carrots that can be received and sticks that can be avoided—encouraging companies to voluntarily “step up and own up” to misconduct within their organizations. In her speech, the Deputy Attorney General did not mince words about how companies should think about voluntary disclosure: “Simply put, the math is easy: voluntary self-disclosure can save a company hundreds of millions of dollars in fines, penalties, and costs. It can avoid reputational harms that arise from pleading guilty. And it can reduce the risk of collateral consequences like suspension and debarment in relevant industries.”

It remains to be seen whether the baseline benefits announced in the DAG Memo will prove enough to push companies to self-disclose, but existing frameworks suggest that DOJ’s efforts could fall short. As a comparator, the Foreign Corrupt Practices Act (“FCPA”) Corporate Enforcement Policy (covered in a previous alert), which has been used as informal guidance within the Criminal Division since 2018, establishes a presumption of a declination for a company that voluntarily self-discloses misconduct, fully cooperates in the Department’s investigation, and timely and appropriately remediates, absent aggravating circumstances. Meanwhile, the floor established by the DAG Memo is not to require a guilty plea in similar circumstances or impose a monitor where a company also has implemented and tested an effective compliance program. While the DAG Memo may lead to increased transparency and predictability around the benefits of voluntary disclosure as DOJ criminal components adopt their own policies, only time will tell whether the more modest commitments established in the DAG Memo, if the components do not go further, will convince companies to self-disclose. Even under the more generous regime of the FCPA Corporate Enforcement Policy, decisions around voluntary disclosure remain extraordinarily difficult for companies as they weigh the relatively unpredictable and uncertain potential benefits and much more certain costs associated with disclosure. And it is unclear why a company that is deemed to have an effective compliance program, even if it did not self-disclose, ever should be subject to a monitorship, which is not intended to be punitive.

2. Upping the Ante on What “Full” Cooperation Means (and Related Obligations for Prosecutors), Framed in Terms of Pursuing Individual Wrongdoers

Key Policy Statements

• The DAG Memo forcefully clarifies that “fully” cooperating in Department investigations includes producing all relevant, non-privileged facts about individual misconduct “swiftly and without delay”—e.g., upon discovery of “hot documents or evidence,” a company’s “first reaction” should be to notify DOJ prosecutors.
• The DAG Memo also places new obligations on prosecutors to speed up investigations into individuals and seek any warranted criminal charges prior to or simultaneously with the entry of a corporate resolution.

Analysis

The Deputy Attorney General’s announcement raised expectations for corporations seeking to obtain full cooperation credit during government investigations, and linked these new expectations to the Department’s “number one priority” of “individual accountability.” Acknowledging the difficulty of pursuing individual prosecutions without timely provision of key information from corporations, the DAG Memo notes that “[t]he mere disclosure of records” is not sufficient for companies to receive full cooperation credit. Even if what the Department suggests here would have been ordinary practice for certain defense counsel seeking to best position their clients in the past, it is now official policy to require companies to do more to meet Department cooperation expectations.

Looking to turn up the heat on the other side of the table as well, if individual and corporate resolutions cannot come together on the same timetable, prosecutors must provide a plan for resolving individual prosecutions to supervisors alongside their request for authorization for a corporate resolution. The Deputy Attorney General noted in her speech that both prosecutors and corporate counsel should “feel like they are ‘on the clock’” to expedite investigations. Perhaps by marrying enhanced expectations imposed on companies with enhanced obligations imposed on prosecutors, DOJ leadership expects to see a more significant uptick in prioritization of individual prosecutions, even as that oft-stated goal has been a familiar refrain for years.

3. Increased Emphasis on Certain Areas in Evaluating Remediation and Compliance Program Effectiveness, with Effective Programs Having a Substantial Impact on Resolution Terms

Key Policy Statements

• DOJ prosecutors will consider whether corporations have implemented compensation systems that are designed to deter and penalize misconduct and reward compliance, with a particular focus on compensation clawback mechanisms; and
• DOJ will consider whether companies have developed and effectively implemented policies governing the use of personal devices and third-party messaging platforms, including ephemeral and encrypted messaging applications, for corporate communications.

Analysis

DOJ has previously considered a company’s incentives for compliance and disincentives for non-compliance as part of its evaluation of a compliance program, including as part of its Evaluation of Corporate Compliance Programs guidance. Building on that guidance, the DAG Memo places particular emphasis on whether corporations have implemented compensation systems that are designed to deter and penalize misconduct and reward compliance. Notably, the DAG Memo specifically highlights compensation clawback provisions, which enable companies to levy penalties against current and former employees who contributed to criminal conduct, including retroactively, as effective tools to deter and punish misconduct. In a speech this week, Principal Associate Deputy Attorney General Miller reinforced that the Department envisions “robust and regularly deployed clawback programs,” not paper policies to be dusted off only when the government comes knocking. On the other hand, the DAG Memo and the Principal Associate Deputy Attorney General both noted that companies can promote compliance by introducing affirmative financial incentives—such as incorporating compliance metrics into compensation and bonus calculations—that reward employees who embody and promote compliance.

In addition, with respect to evaluating policies governing the use of personal devices and third-party messaging platforms, DOJ also has previously addressed this topic, as we covered in an alert, but it is expanding on that guidance and elaborating on how it will consider such controls in its evaluation of a company’s compliance program. In particular, the DAG Memo noted that policies in this area should promote a corporation’s ability to preserve business communications and collect and produce to DOJ all non-privileged documents relevant to an investigation. The Deputy Attorney General tasked the Criminal Division with further studying corporate best practices regarding the use of personal devices and third-party messaging platforms and foreshadowed that the next edition of DOJ’s Evaluation of Corporate Compliance Programs will provide companies with further guidance on this topic.

Companies have long struggled with operationalizing elements of compliance programs dealing with these issues, but DOJ surely is looking to raise the bar based on its experience with companies who have made strides in these areas. We will be watching to see how DOJ incorporates these topics into its compliance programs guidance. DOJ’s recent hiring of Glenn Leon as head of the Fraud Section and Matt Galvin in the Corporate Enforcement, Compliance, & Policy Unit, both of whom have significant in-house compliance expertise, further suggests that DOJ will even more carefully (and practically) scrutinize compliance programs in connection with corporate criminal resolutions. The Deputy Attorney General made as much clear: The effectiveness of a company’s compliance program will have a “significant impact on the terms of a corporation’s potential resolution with the Department . . . including whether an independent compliance monitor is warranted.” The Criminal Division Chief of the U.S. Attorney’s Office for the Southern District of New York reaffirmed this point, saying that “[w]e expect platinum-level compliance from your platinum-level clients,” and suggesting that a poor compliance program, paired with lack of self-reporting, could take a DPA (or NPA) off the table. As such, companies would be well served to invest in compliance, including through program and risk assessments to gain comfort that their compliance programs are appropriately tailored to key risks facing their businesses and benchmark well against peer companies and best practices.

4. The DAG Memo Provides Welcome Clarification of Previously Announced Changes Aimed at Deterring Corporate Recidivism, but a Key Tension in DOJ Policy Remains

Key Policy Statements

• For recidivist companies, the Department clarified that:
  • Of greatest significance will be recent U.S. criminal resolutions and prior misconduct connected to the enforcement action at hand through similarity of the conduct, shared root causes, overlapping management, or overlapping compliance failures, as well as whether a company was subject to probation, supervision, monitorship, or another obligation imposed by a prior resolution at the time of the conduct under investigation;
  • Less weight will be given to “dated” criminal resolutions (10 or more years before the conduct under investigation) and civil or regulatory resolutions (five or more years before the conduct under investigation); and
  • Successive NPAs and DPAs are “generally disfavored,” particularly when successive resolutions involved overlapping conduct, personnel, and entities, but the Department will still “weigh and appropriately credit voluntary and timely self-disclosures of current or prior conduct,” even for repeat offenders.

Analysis

Last year, the Deputy Attorney General announced significant changes cracking down on recidivists—instructing prosecutors to consider a corporation’s full (as opposed to similar) history of past misconduct, which we covered in a previous alert. Following that announcement, DOJ’s FCPA Unit chief confirmed, in a panel moderated by Covington’s Steven Fagell, that prosecutors would consider the recency, similarity, and pervasiveness of the past misconduct, as well as the involvement of senior management, in weighing the impact of prior misconduct on charging decisions. In a welcome move, the DAG Memo memorialized those factors, noting that “[n]ot all instances of prior misconduct . . . are equally relevant or probative.” 

From a big picture standpoint, the DAG Memo instructed prosecutors to evaluate whether the conduct at issue in prior and current matters reflects broader weaknesses in a company’s compliance culture or practices. But the Department seems particularly focused on any lines connecting the historical misconduct to the enforcement action at hand. In short, DOJ seems to expect companies not to make a similar mistake twice. In addition, the DAG Memo instructs prosecutors to consider mitigating context, such as whether a company operates in a highly regulated industry or environment and therefore may have comparatively more historical regulatory misconduct, and allows for acquiring companies to avoid being tagged as recidivists simply because they acquired a company with a history of misconduct, provided that they have adequately integrated the acquired company into their compliance program.

Even with these clarifications and the scope of the most significant prior misconduct being narrowed, the Deputy Attorney General followed up on a promise from her speech last October by stating that successive NPAs and DPAs would be “generally disfavored,” particularly when successive resolutions involved overlapping conduct, personnel, or entities. Going forward, prosecutors will be required to seek the written approval of high-level supervisors before entering an NPA or DPA with a recidivist company. Although the DAG Memo acknowledged the tension between DOJ’s new policy disfavoring multiple NPAs or DPAs and the Department’s guidance that companies should voluntarily disclose misconduct, and indicates that prosecutors would still “weigh and appropriately credit voluntary and timely self-disclosures of current or prior conduct,” companies are left to predict what that will mean in practice. As we pointed out in a previous alert, the uncertainty surrounding how the Department will treat recidivists could chill self-reports for fear that the self-report could lead to formal charges. That concern will be most acute for recidivist companies with recent prior misconduct involving similar management, countries, or business practices. But the potential consequence of not self-reporting could be a demand by the Department for a guilty plea, making the voluntary disclosure decision all the more difficult for this group of companies.

5. Further Updates to Criteria to Consider to Impose an Independent Compliance Monitor, Making a Monitor More Likely for Some, Plus Welcome Checks on Monitors

Key Policy Statements

• The DAG Memo provides a non-exhaustive list of 10 factors that prosecutors should consider when deciding whether to impose an independent compliance monitor, with a focus on allowing companies that voluntarily disclose, fully cooperate, effectively remediate, and make meaningful investments in enhancing compliance programs and corporate culture to avoid monitorships
• In addition, the DAG Memo instructs prosecutors to continually review ongoing monitorships, including their cost, with an ability to deem a monitorship “broader than necessary.”

Analysis

The Deputy Attorney General’s announcement last October removed any presumption against imposing monitors. Building on that clarification, the DAG Memo’s non-exhaustive factors that prosecutors should evaluate when considering whether to impose a monitor could be read to de-emphasize cost and burden considerations, even though the Deputy Attorney General’s October announcement did retain previous DOJ guidance’s focus on both the potential benefits and costs or burdens associated with imposing a monitor. Without focusing on costs or burdens, however, the DAG Memo’s updated and clarified factors tend to reward companies that voluntarily disclose, fully cooperate, effectively remediate, and make meaningful investments in enhancing compliance programs and corporate culture. If prosecutors over-index an emphasis on voluntary disclosure in this analysis, it is theoretically possible under the DAG Memo for a company with a tested, effective, adequately resourced, and fully implemented compliance program and that effectively remediated the relevant misconduct to nonetheless receive a monitor—a result that likely is not intended. Time will tell how the DAG Memo is put into practice in this regard, but now companies that do not meet DOJ’s disclosure, cooperation, and remediation rubric theoretically can be penalized multiple times—whether through the resolution vehicle, the severity of penalties, or the imposition of a monitor. This programmatic clarification, at a minimum, bolsters the case for companies to complete compliance program and risk assessments as part of broader efforts to enhance and appropriately tailor compliance programs to ensure that they benchmark well against peer companies and best practices.

Separately, in a nod to concerns from corporations about the potential for monitors’ efforts to sweep more broadly than their mandates, once a monitor is imposed, the DAG Memo puts in place some welcome checks and balances on monitors. In particular, the DAG Memo places responsibility on prosecutors to provide close oversight of the monitorship during the monitorship’s term. In this way, the DAG Memo acknowledges that a monitor can introduce unintended administrative and financial burdens on a company, while simultaneously signaling that the Department intends to continue imposing monitorships when they are deemed justified under the circumstances.

6. Prepare for Close Scrutiny and Enhanced Expectations, with More Changes and Updates to Come

The DAG Memo solidifies a new game plan for DOJ’s approach to corporate criminal enforcement—harsher outcomes for companies that do not voluntarily disclose misconduct, meet DOJ’s enhanced cooperation expectations, and invest in corporate compliance programs. Legal and compliance departments should take stock of their compliance programs and adjust their playbooks as necessary. Companies with prior resolutions, with the Department or otherwise, should be especially proactive.

Exactly how certain aspects of the new playing field promised by the Deputy Attorney General will play out in practice—across the Department’s numerous criminal components and in forthcoming policies—remains to be seen. But the Department’s focus on continued prioritization of and a desire for an uptick in white collar and corporate criminal enforcement actions cannot be mistaken.

If you have any questions concerning the material discussed in this client alert, please contact the members of our White Collar Defense and Investigations practice.