Recent comments by a senior DOJ official provide useful guidance for the Audit and Compliance Committee on the attributes of both effective, and ineffective, compliance programs.
The comments were provided on November 28 by Principal Deputy Assistant Attorney General John P. Cronan in a presentation to the Practising Law Institute (PLI). Much of Mr. Cronan’s comments focused on the importance attributed by DOJ to the existence and effectiveness of a company’s preexisting compliance program in making a decision as to whether to charge a corporation. Mr. Cronan provided several examples of what he referred to as effective and ineffective programs. One such example was a global money services company that recently agreed to extend its original deferred prosecution agreement (DPA) and forfeit $125 million due to what DOJ determined to be serious flaws in its anti-fraud and anti-money laundering programs.
According to DOJ, the company failed to maintain effective compliance programs during the course of the DPA, inadequately disclosed those weaknesses to the government, and failed to complete the enhanced compliance undertakings required by its 2012 DPA. These and other alleged compliance failures led to an extension of the original DPA and the monetary forfeiture.
Another example of ineffective compliance cited by DOJ was the failure of an international financial services company to take corrective action after initially identifying numerous corporate agents who were allegedly involved in or facilitated fraud-related transactions. The company allegedly continued to conduct business with these agents after internal recommendations that they be suspended or otherwise disciplined. As a result of this conduct, which occurred over a period of years, the company entered into a DPA in which it agreed to forfeit almost $600 million (and also settled a related action with the FTC).
The DOJ official also notes several examples in which voluntary disclosures by the company (involving conduct of senior executives), grounded in strong compliance programs, prompted DOJ to decline to prosecute the company, instead bringing charges against culpable individuals.