In July 2015, the U.S. Department of Justice’s Criminal Division revealed that it was hiring a Compliance Counsel to assist in assessing the quality and effectiveness of companies’ corporate compliance programs under scrutiny by the DOJ.1 On November 2, 2015, the DOJ announced that it has appointed Hui Chen, a former federal prosecutor, to this role as part of the Criminal Division’s Fraud Section. Before joining DOJ, Ms. Chen held senior in-house compliance roles for two major companies.
In conjunction with the announcement of Ms. Chen’s appointment, U.S. Assistant Attorney General (“AAG”) Leslie Caldwell outlined several metrics, detailed below, that the Compliance Counsel will use to evaluate the effectiveness of corporate compliance programs.2 The Compliance Counsel will also help the DOJ in tailoring remedial compliance measures as part of legal resolutions with companies.
AAG Caldwell’s remarks reflect the latest development in a series of guidance by DOJ officials over the last year related to corporate criminal conduct. In particular, the DOJ has made clear in public statements, as well as the recent “Yates Memorandum,” that it expects companies under investigation to provide information on culpable individuals to assist the DOJ in its investigation.3 The Compliance Counsel role, coupled with the related metrics, further demonstrate the scrutiny DOJ will place on corporate compliance programs to assist in determining whether, or to what extent, a company should be held responsible for the actions of its employees or agents.
Role of DOJ’s Compliance Counsel
AAG Caldwell made it clear that the addition of the Compliance Counsel is not “an indication that the department is moving toward recognizing or instituting a ‘compliance defense.’” Rather, the retention is an acknowledgment that over the past twenty years corporate compliance programs have become not only sophisticated but also industry- and company-specific. The Compliance Counsel’s chief mandates are to assist the DOJ in assessing corporate compliance programs in a more uniform manner, and to suggest upon resolution tailored reforms to corporate compliance programs.4 In this capacity, the Compliance Counsel will help the DOJ to determine whether company compliance programs are essentially “window dressing,” by testing the validity of company claims about their programs.
Corporate Compliance Program Evaluation
AAG Caldwell highlighted the following key considerations for the Compliance Counsel, in conjunction with the lead prosecutors, to use in assessing corporate compliance programs on a “case-by-case” basis.
- Does the company ensure that its directors and senior managers provide strong, explicit and visible support for its corporate compliance policies?
- Do the people who are responsible for compliance have stature within the company? Do compliance teams get adequate funding and access to necessary resources?
- AAG Caldwell noted that the DOJ will not expect a small company to have the same compliance resources as a Fortune-50 company.
- Are the company’s compliance policies clear and in writing? Are they easily understood by employees? Are the policies translated into languages spoken by the company’s employees?
- Does the company ensure that its compliance policies are effectively communicated to all employees? Are its written policies easy for employees to find? Do employees have repeated trainings, which should include direction regarding what to do or with whom to consult when issues arise?
- Does the company review its policies and practices to keep them up-to-date with evolving risks and circumstances?
- AAG Caldwell emphasized the importance of this metric for U.S.-based entities that acquire or merge with other businesses, especially foreign ones.
- Are there mechanisms to enforce compliance policies? Do they include both incentivizing good compliance and disciplining violations? Is discipline evenhanded?
- AAG Caldwell added that the DOJ does not look favorably on situations in which low-level employees who may have engaged in misconduct are terminated, but the more senior people who either directed or deliberately turned a blind eye to the conduct suffer no consequences, because such action sends the wrong message – to other employees, to the market and to the government – about the company’s commitment to compliance.
- Does the company sensitize third parties like vendors, agents or consultants to the company’s expectation that its partners are also serious about compliance?
In the anti-money laundering and sanctions context, AAG Caldwell pointed out that for financial institutions, effective corporate compliance programs require even more than the above-listed considerations. In addition to tailor-made “know-your-customer” policies and compliance with U.S. laws, financial institutions must generally diffuse information about potentially suspicious activity throughout the bank’s branches or offices, and banks with a U.S. presence must give U.S. senior managers a “material role” in the overall compliance framework. AAG Caldwell also stressed that financial institutions under scrutiny must be candid with regulators.
While AAG Caldwell acknowledged that the vast majority of financial institutions correctly file Suspicious Activity Reports when they suspect that an account is connected to “nefarious” activity, AAG Caldwell also encouraged financial institutions to consider, in appropriate cases, whether to take more action: specifically, to alert law enforcement authorities about the problem, because they may be able to seize the funds, initiate an investigation, or take other proactive steps. Financial institutions that unilaterally take proactive steps by, for example, closing suspicious accounts risk prompting criminals to move illicit funds elsewhere.
Following the “Yates Memorandum,” the new Compliance Counsel and AAG Caldwell’s latest remarks underscore the DOJ’s emphasis on effective corporate compliance programs when assessing whether to charge corporations for failing to detect or prevent criminal wrongdoing by their employees. Notably, AAG Caldwell made clear that neither the DOJ nor the Compliance Counsel will seek to prosecute the mistakes, accidents, or bad business judgment of compliance professionals. Rather, AAG Caldwell said that the DOJ views compliance professionals “as the good guys and as our allies.” Accordingly, compliance professionals will continue to play an important role going forward in the maintenance of effective corporate compliance programs.