On September 15, 2022, Deputy Attorney General Lisa Monaco announced new changes to the United States Department of Justice's (the "DOJ") corporate criminal enforcement policies, through the publication of a new memo titled "Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group" (the "DOJ Memo").
The DOJ Memo was published eleven months after DAG Monaco had announced the establishment of a Corporate Crime Advisory Group to consider revisions and reforms on the DOJ's approach on corporate crime, including what constitutes cooperation by a corporation. The DOJ Memo outlined one of the DOJ's most elaborate overhauls of corporate enforcement in recent years, with greater credit to be given to companies that self-report, cooperate and remediate corporate wrongdoing, and conveyed that corporate criminal enforcement remains as one of the DOJ's enforcement priorities.
The principles set out in the DOJ Memo will be useful for all corporations with a US nexus, including Asian companies with operations in the US (and vice versa). These principles would apply generally to all types of corporate crime under US law, which would include, inter alia, bribery and corruption under the Foreign Corrupt Practices Act (FCPA), money laundering under applicable US federal statutes, embezzlement and theft from employee benefit plans, and for pharmaceutical companies with a US nexus, healthcare fraud and bribery of healthcare professionals.
This alert discusses key highlights of the DOJ Memo.
The DOJ Memo stressed that the DOJ's "first priority" in dealing with corporate crime is to "hold accountable the individuals who commit and profit from corporate crime."3 This is not a new approach – the DOJ has always emphasized the importance of holding individuals accountable for corporate wrongdoing: see for example a previous memorandum from then Deputy Attorney General Sally Yates in 2015.4 The present policies serve as an affirmation of the DOJ's longstanding approach, and provides greater incentives for corporations to disclose and report misbehavior by individuals in a timely manner. In this spirit, the DOJ Memo introduces the following new policies:
- In order to receive any cooperation credit from the DOJ, corporations must disclose all "relevant, non-privileged facts about individual misconduct."5
- Such disclosure should not just be cursory. The DOJ stressed that corporations must produce on a "timely basis" all relevant and non-privileged facts and evidence about individual misconduct in order to receive full corporation credit.6
- Should a prosecutor identify "undue or intentional delay in the production of information or documents", the DOJ will reduce or eliminate cooperation credit.7
The DOJ Memo enumerated the following principles when determining the culpability of a corporation:
History of misconduct
- In evaluating a corporation's culpability, the DOJ would consider, amongst other factors, the corporation's record of past misconduct, including prior criminal, civil and regulatory resolutions, both domestically and internationally.8
- The DOJ stressed that not all instances of prior misconduct are "equally relevant or probative."9 Rather, the DOJ would assign greater significance to recent US criminal resolutions, and prior misconduct involving the same personnel or management.10
- Prosecutors would also assess whether the conduct at issue in the current matter "reflects broader weaknesses" in the corporation's compliance practices or culture, or what the DOJ has previously termed to be "systemic weaknesses" in the corporation's compliance framework.11 In making this analysis, prosecutors would consider if prior misconduct shared the same root causes, and if remediation was ever taken to address these root causes.12
- The DOJ Memo also stated that it would disfavor multiple non-prosecution or deferred prosecution agreements, especially if they involved similar types of misconduct, the same personnel, officers or executives, or the same entities.13 This signals a tougher approach for recidivist companies. Offers that involve multiple non-prosecution or deferred prosecution agreements will now require the written approval of the responsible US Attorney or Assistant Attorney General, and notice to be submitted to the Office of the Deputy Attorney General.14 At the same time, the DOJ Memo stated that disfavoring multiple non-prosecution or deferred prosecution agreements is not intended to discourage self-disclosure.15
Voluntary Self-Disclosure by Companies
- The DOJ stressed the importance of incentivizing companies to self-report any misconduct to the DOJ. Absent aggravating factors, such as where an act poses a grave threat to US national security or where the offending act is deeply pervasive throughout the company, the DOJ would not seek a guilty plea where a corporation has voluntarily self-disclosed, fully cooperated with prosecutors, and timely and appropriately remediated the criminal conduct.16
- The DOJ would also not seek the imposition of an independent compliance monitor if, at the time of resolution, the corporation has implemented and tested an effective compliance program.17
Evaluation of Cooperation by Companies
- The DOJ recognized that in today's globalized era, business-related data and communications may be held or processed in locations all over the world, and data privacy laws, blocking statutes and other non-US law restrictions may complicate cross-border data transfer.18 In this regard, the DOJ would give credit to corporations that find ways to "timely preserve, collect, and disclose relevant documents."19 This may increase costs and resources for corporations particularly those with international footprints to tackle data privacy laws, blocking statutes and other laws in applicable non-US jurisdictions in order to receive credit from the DOJ.
Evaluation of Corporate Compliance Programs
This DOJ Memo reiterated the importance of an effective compliance program and ethical corporate culture albeit they do not constitute a defense to prosecution of corporate misconduct (instead, they likely would be considered helpful for cooperation credit and as an mitigant for any negotiated settlement).20 In our previous client alert, we discussed the DOJ's continued emphasis on a practical and dynamic approach to evaluating the effectiveness of a company's compliance program, as set forth in the Evaluation of Corporate Compliance Programs (updated June 2020) (the "Corporate Guidance").21 To further the Corporate Guidance, the DOJ Memo provided additional metrics relevant to the DOJ's evaluation of a corporation's compliance program and culture. Those metrics included:
- Whether a corporation's compensation structures promote compliance by rewarding compliant behavior and penalizing individuals who engage in misconduct.22 In particular, the DOJ Memo indicated that the DOJ would consider whether a corporation has included clawback provisions in its compensation agreements with employees and, if so, whether a corporation has enforced clawback provisions against individual wrongdoers, particularly current or former executives.23
- Whether a corporation has implemented effective policies and procedures governing the use of personal devices and third-party messaging platforms to ensure that business-related electronic data and communications are preserved.24 Furthermore, the DOJ Memo indicated that to what extent a corporation instituted such policies to preserve business-related data and communications may affect cooperation credit that the corporation may receive.25 This requires corporations to reexamine their "bring your own device" policies or other policies of a similar nature that regulate the use of personal devices for work-related purposes at the workplace. This also requires corporations to strike a balance between individuals' right of privacy in relevant jurisdictions in the context of more rigorous data privacy regulatory environment and corporations' capabilities to collect work-related communications, particularly in response to internal or government investigations.
Notably, this DOJ Memo emphasized that the DOJ would evaluate a corporation's compliance program according to what has been put into action, not merely what has been written down.26
The DOJ Memo affirmed the DOJ's position stated in the Memorandum from DAG Monaco, "Corporate Crime Advisory Group and Initial Revisions to Corporate Criminal Enforcement Policies," (Oct. 28, 2021) that the DOJ would not presume an independent compliance monitor as part of a corporate criminal resolution.27 This DOJ Memo noted that the DOJ would determine the need for a monitor on a case-by-case basis.28 In connection with this, this DOJ Memo provided a non-exhaustive list of factors. This list put emphasis on the importance of voluntary disclosure and effectiveness of a corporate compliance program that, among other things, included29:
- Whether the corporation voluntarily self-disclosed the underlying misconduct;
- Whether, at the time of the resolution, the corporation has adequately tested its compliance program and internal controls to demonstrate that they would likely detect and prevent similar misconduct in the future; and
- Whether the underlying criminal conduct was attributable to an inadequate compliance program or system of internal controls.
In her remarks on Corporate Criminal Enforcement on September 15, 2022, DAG Monaco similarly emphasized the benefits of voluntary self-disclosure and required "for the first time ever" that every DOJ "component that prosecutes corporate crime will have a program that incentivizes voluntary self-disclosure."30
The DOJ Memo sends a clear message to corporations that when evaluating corporate wrongdoing, substance will matter a lot more than form. Corporations that seek full cooperation credit must do a lot more than just cursory acts of disclosure: the DOJ will look at, among other things, a corporation's history of misconduct, compliance program and culture, and the acts taken by the corporation to investigate and remediate the wrongdoing and disclose it to the DOJ.
Companies are also put on notice that, as part of its determination of robust corporate criminal enforcement, the DOJ will, among other things, further publish guidance, for example, on how to reward corporations that develop and apply compensation clawback policies, and best corporate practices regarding use of personal devices and third-party messaging platforms.
In light of the above, corporations should take this opportunity to consider the following:
- Review their compliance program regularly to ensure that there are processes in place that can effectively detect and deter individual misconduct.
- Take concrete steps to ensure their compliance function has the necessary manpower, resources, and mandate to evaluate and enhance their compliance programs continuously.
- Evaluate and reexamine corporations' policies on clawback provisions with key executives as appropriate, and consider such provisions' enforceability under local laws if non-US jurisdictions are involved.
- Evaluate and reexamine corporations' policies on the use of personal devices to ensure that corporations are able to preserve business-related data and communications in view of data privacy laws and other restrictions on cross-border data collection and transfer in applicable jurisdictions.
- Ensure that their compliance program continually adapts to fit the companies' needs and risk profile, and that such changes are made in the context of a relevant matrix of facts and analysis stemming from those facts.
- Ensure that their compliance program has a robust auditing and testing component to ensure all the pieces are working correctly together.
- Once an act of individual misconduct is identified, corporations should promptly assess whether these acts should be disclosed to the DOJ, and cooperate with the DOJ by providing relevant non-privileged information in a timely manner.