The Fraud Section of the U.S. Department of Justice (“DOJ”) has retained Hui Chen as its full-time, resident Compliance Counsel. Ms. Chen has a background in compliance at various multinational companies, most recently having served as Global Head for Anti-Bribery and Corruption at Standard Chartered Bank.
Ms. Chen officially began work at the DOJ on November 3, 2015, and will report to Andrew Weissman, Chief of the Fraud Section, and Dan Braun, Acting Chief of the Strategy, Policy, and Training Unit in the Fraud Section. The Fraud Section is responsible for prosecuting violations of the U.S. Foreign Corrupt Practices Act (“FCPA”) and a litany of other fraud-related matters. The DOJ’s press release about Ms. Chen’s appointment (which can be read in full here) explains that:
“[Ms.] Chen will provide expert guidance to Fraud Section prosecutors as they consider the enumerated factors in the United States Attorneys’ Manual concerning the prosecution of business entities, including the existence and effectiveness of any compliance program that a company had in place at the time of the conduct giving rise to the prospect of criminal charges, and whether the corporation has taken meaningful remedial action, such as the implementation of new compliance measures to detect and prevent future wrongdoing.
During a speech in New York on November 2, Leslie Caldwell, Assistant Attorney General for the Criminal Division of the DOJ, outlined the metrics by which Ms. Chen will evaluate the effectiveness of compliance programs for companies that appear before the DOJ. (The full speech can be read here.) The metrics outlined by Ms. Caldwell are encapsulated in seven core considerations that Ms. Chen will use to assess corporate compliance programs:
- Does the institution ensure that its directors and senior managers provide strong, explicit and visible support for its corporate compliance policies?
- Do the people who are responsible for compliance have stature within the company? Do compliance teams get adequate funding and access to necessary resources?
- Are the institution’s compliance policies clear and in writing? Are they easily understood by employees? Are the policies translated into languages spoken by the company’s employees?
- Does the institution ensure that its compliance policies are effectively communicated to all employees? Are its written policies easy for employees to find? Do employees have repeated training, which should include direction regarding what to do or with whom to consult when issues arise?
- Does the institution review its policies and practices to keep them up to date with evolving risks and circumstances?
- Are there mechanisms to enforce compliance policies? Those include both incentivizing good compliance and disciplining violations. Is discipline even handed?
- Does the institution sensitize third parties like vendors, agents or consultants to the company’s expectation that its partners are also serious about compliance?
In addition, Ms. Caldwell set out a number of additional metrics that are applicable specifically to financial institutions:
- Can the financial institution identify its customers?
- Is the company complying with U.S. laws?
- Are reports of suspicious activity shared with other branches or offices?
- Do banks with a U.S. presence give U.S. senior managers a “material role” in compliance?
- Is the company candid with regulators?
The retention of Ms. Chen and accompanying commentary from Ms. Caldwell highlight the U.S. government’s expectations with respect to corporate compliance, particularly the compliance programs of companies subject to criminal enforcement actions in the United States. The DOJ has also sent a clear message about how important it considers compliance in the resolution of these matters and how closely a company’s program will be scrutinized during that process. Ms. Caldwell noted:
“Our hiring of a compliance counsel should be an indication to companies about just how seriously we take compliance.”
She further explained that:
“[T]he department looks closely at whether compliance programs are simply ‘paper programs,’ or whether the institution and its culture actually support compliance. We look at pre-existing programs, as well as what remedial measures a company took after discovering misconduct – including efforts to implement or improve a compliance program.”
The retention of Ms. Chen by the DOJ is a positive development. She brings to the DOJ an array of experience in assessing the design, implementation, and operation of complex corporate compliance programs and an appreciation for the significant challenges that companies face in this area with respect to resources, risk profiling, internal controls, program monitoring, and issue remediation (among other things).
The message coming from DOJ in connection with the appointment of Ms. Chen and the spotlighting of key program metrics by Ms. Caldwell are consistent with prior U.S. government guidance on compliance, including that contained in the joint DOJ and SEC Resource Guide to the FCPA (released in November 2012, see here). Baker & McKenzie has distilled key U.S. compliance expectations with relevant international guidance into the Five Essential Elements of Corporate Compliance:
- Risk Assessment;
- Standards and Controls;
- Training and Communication; and
- Monitoring, Auditing, and Response.