When can a corporation’s compliance program help stave off indictment? Or at least secure it more lenient treatment from the Department of Justice when resolving a case? DOJ has given fresh guidance on this issue for our clients, signaling what we see as a new emphasis in evaluating corporate compliance. That guidance came in October 7, 2014 remarks by Marshall L. Miller, the Criminal Division’s Principal Deputy Assistant Attorney General (PDAAG)1
DOJ bases its corporate charging and resolution decisions on the Principles of Federal Prosecution in the U.S. Attorneys’ Manual, and specifically on the nine so-called Filip factors the Manual lists. Filip factor 5 advises companies that DOJ considers “the existence and effectiveness of the corporation’s pre-existing compliance program” in evaluating whether to indict a company or give it a break in a resolution. And the Manual has long warned that “prosecutors may consider whether the corporation has established corporate governance mechanisms that can effectively detect and prevent misconduct.” USAM 9-28.800. But there was little formal indication of what things DOJ deems most critical in assessing corporate compliance programs when making charging decisions. Until now.
The most effective corporate compliance programs, according to the PDAAG, are those that have procedures designed to (1) “uncover wrongdoing” and (2) “expose individuals responsible for criminal behavior.” The PDAAG makes no bones about it: a company’s “ability to use compliance to uncover misconduct and, just as importantly, identify wrongdoers is central to [DOJ’s] evaluation of a compliance program.” Viewing a program’s effectiveness through the lens of how well its procedures find and cough up culpable individuals may not surprise those watching the changes in DOJ’s approach under the new Criminal Division head, Assistant Attorney General Leslie Caldwell. And the PDAAG’s comments are consistent with his recent comments that full credit under Filip factor 4 (“the corporation’s willingness to cooperate in the investigation of its agents”) will be forthcoming only to companies that make their own “extensive efforts to secure evidence of individual culpability the first thing” they discuss when meeting with DOJ and also “the last thing.”2 Companies “will pay a price when they ask for cooperation credit” under Filip factor 4 if they conduct investigations “that serve to spread corporate talking points rather than secure facts relating to individual culpability.”3
So for all practical purposes, Filip factors 4 and 5 are two sides of the same coin, at least under DOJ’s recently stated views about what is primary or central to its analysis. A company will get full cooperation credit only if it turns over the culpable individuals and its compliance program will be considered effective only if it has mechanisms that allow for the identification of those culpable individuals. In contrast, the PDAAG noted the example of two banks that “actively hampered the Department’s efforts to prosecute the responsible individual executives and employees” and, as a result, paid the “historic price” of “parent-level guilty pleas and multi-billion dollar penalties.”4
The PDAAG summed up DOJ’s outlook concisely: a “compliance program’s ability to uncover wrongdoing and the responsible individuals, coupled with a corporation’s decision to disclose that information to the government, is significant in our evaluation of the compliance program and the company’s overall posture with the government.”5
Mr. Miller also usefully highlighted some of the key hallmarks of an effective compliance program and described what DOJ considers “a few primary strengths and weaknesses” it has observed in such programs.6 Some key hallmarks he emphasized are:
- High-level commitment. In addition to “widespread prophylactic and training mechanisms,” effective compliance programs “need to have appropriate stature within corporations.” That means sufficient resources as well as “teeth and respect.” The program must be “more than a pile of papers or an entry on a website.” One sign DOJ looks for is whether “compliance executives sitting in true positions of authority at a corporation” are “reporting directly to independent monitoring bodies like internal audit committees or boards.”
- Scaling up. A major weakness DOJ has noted is “the failure to expand compliance programs to meet the needs of growing corporations—particularly global corporations.” An effective program not only “grows with the company” after iterative risk reassessment, but also manages to “bridge the geographic divides and cultural gaps exposed by global corporate expansion.” It will do a global company no good to create a “culture of compliance” if it fails to ensure it “extend[s] beyond U.S. borders.”
- Fair discipline and enforcement. Compliance must be incentivized and violations disciplined. But the company’s disciplinary “response must be even-handed.” That means it will not satisfy DOJ if a company fires “low-level employees who implemented bad conduct” but leaves “without sanction” the “bosses who did nothing to stop the conduct—and may even have directed it.”
Mr. Miller’s comments are a timely reminder of the importance of having an effective compliance program that is up- to-date and fully implemented, as well as the dire consequences of failing to maintain such a program.
His remarks provide a transparent and unequivocal warning to companies that they disregard the DOJ guidance on compliance programs at their peril.