In a somewhat surprising development, press outlets reported last week that the U.S. Department of Justice (“DOJ”) has hired a corporate compliance program expert who will work alongside federal prosecutors evaluating whether to prosecute companies when employees engage in criminal conduct. The lawyer who will step into this newly created role is reportedly from the private sector and has substantial experience building compliance programs. He or she is expected to start within the next six to eight weeks.
In a recent interview, Andrew Weissman, Chief of the DOJ Criminal Division's Fraud Section, stated that the hire will help prosecutors to determine whether businesses have effective compliance programs in place to detect and deter wrongdoing by employees and executives and distinguish between robust, state of the art compliance programs and those that are superficial. “Our compliance counsel will be instrumental in ferreting out whether a corporate compliance program is truly effective or a mere paper tiger,” Weissman said.1 “This person should recognize when you have rogue employees versus a systemic issue,” he said.2
Various iterations of the DOJ’s principles applicable to the prosecution of business organizations3 and the federal Sentencing Guidelines,4 have, for years, placed evaluation of corporate compliance programs front and center in the government’s charging decisions. The appointment of a “dedicated” compliance expert makes clear that, going forward, companies should be prepared for their compliance programs to be scrutinized rigorously. The government, with the input of its new in-house expert, will no doubt “drill down” into the details of policies and procedures to determine whether the company employs best practices, the adequacy of technology and record keeping, and the rigor with which the company detects and addresses violations.
This continued focus on corporate compliance programs is consistent with global trends. For example, the U.K. Bribery Act of 2010 provides an affirmative defense for criminal bribery violations if the company had “adequate procedures” in place to prevent bribery.5 Brazil’s recently enacted Clean Company Act also provides that sanctions may be reduced with the implementation or enhancement of a compliance program.6
In recent public remarks, Assistant Attorney General Leslie R. Caldwell, who heads the DOJ’s Criminal Division, stated that companies seeking to determine whether its compliance program will pass muster should look to documents released by the DOJ in connection with the resolutions of investigations of corporate misconduct, including plea agreements, deferred prosecution agreements, and non-prosecution agreements.7 Of note, from a review of such recent materials:
- In a case the DOJ described as “emblematic of how the [DOJ] will investigate and prosecute [Foreign Corrupt Practices Act (“FCPA”)] cases—and other corporate crimes,” Assistant Attorney General Caldwell stated that companies should “maintain robust compliance programs, to voluntarily disclose and eradicate misconduct when it is detected, and to cooperate in the government’s investigation.”8 Thus, compliance programs must not only have policies in place designed to prevent misconduct in key risk areas, but also the adequate technology, infrastructure, software, and record keeping tools to allow the company to conduct effective internal investigations, report wrongdoing, and to cooperate with a government investigation.
- For companies facing FCPA risks, this may include requiring employees at all levels to report to the compliance department all meetings with government officials and whether anything of monetary value was exchanged during such meetings. In addition, compliance departments should thoroughly vet consultants and any third party authorized to act for the company before they are retained, and carefully monitor such consultants throughout their retention. In the FCPA context, consultants purportedly retained to provide consulting services often actually serve as conduits for corrupt payments to government officials.9
- Companies must ensure that compliance departments have adequate resources. In a recent case, the DOJ explicitly stated that a factor in its decision to enter into a deferred prosecution agreement with a company was that the company took steps to enhance its compliance program including hiring a significant number of new compliance employees.
- Compliance programs must include effective training protocols to educate employees about the company’s compliance policies.10
- Compensation structures should be evaluated to assess whether employees have monetary incentives to commit unlawful acts.
- The company’s board of directors and/or senior management must be committed to the effective implementation of the compliance program.
- The company should have policies in place to discipline employees who violate company policies and should keep records of how violations were handled.11
Companies should continuously assess their programs to be sure that they are in line with current best practices and consistent with the DOJ’s expectations as they can be gleaned from the publicly announced resolutions of investigations conducted by the DOJ and other guidance that the DOJ makes publicly available.12