On October 28, U.S. Deputy Attorney General Lisa Monaco announced three notable changes to Department of Justice (DOJ) corporate criminal enforcement policies. Monaco announced these changes through her keynote address at the American Bar Association National Institute on White Collar Crime, which followed remarks made in recent weeks by other senior DOJ officials. Collectively, these remarks previewed a “surge” of resources to further corporate enforcement, emphasized the importance DOJ places on holding individuals accountable for white collar crime, highlighted new tools (including data analytics) to be used to identify and investigate cases, and encouraged white collar prosecutors to be “bold” in their work.

Monaco’s speech in particular outlined three specific changes to DOJ’s current policies and previewed certain other steps that DOJ will take in the short term. Each is described in turn below, followed by steps that companies should take to prepare for the signaled increase in enforcement.

First, Monaco announced that DOJ would restore the principles found in guidance issued in 2015—commonly referred to as the “Yates Memo,” as it was released by then-Deputy Attorney General Sally Yates—that required companies seeking cooperation credit to provide “all relevant facts” and “identify all individuals” involved in or responsible for corporate misconduct. The policy outlined in the Yates Memo was narrowed by the Trump administration in 2018, which limited the scope of required disclosure to individuals “substantially involved” in the corporate misconduct. The return to the more aggressive Yates formulation extends the disclosure requirement to all individuals involved—regardless of an individual’s status, seniority, position, or level of involvement.

Second, Monaco announced that DOJ will significantly expand the scope of prior corporate misconduct that will be considered when determining the appropriate corporate resolution. The new framework will take into account a company’s “whole criminal, civil and regulatory” record, “whether or not that misconduct is similar to the conduct at issue in a particular investigation.” Under the previous framework, DOJ considered only past criminal misconduct that was similar to the conduct under investigation. Monaco stressed that this change allows DOJ to evaluate a company’s overall commitment to compliance and whether the company culture as a whole disincentivizes criminal activity. Such an expansive scope suggests the possibility of stricter settlement resolutions for companies that have a history of civil or regulatory misconduct and could pose challenges to companies in heavily regulated industries, which often are more susceptible to the risk of such enforcement.

Third, Monaco rescinded any prior DOJ guidance suggesting that corporate monitors are “the exception and not the rule” or that such appointments were “disfavored” — a sharp contrast to the Trump administration, which issued guidance viewed by many as counseling against their use. Monaco observed that corporate resolutions “involve[] a significant amount of trust on the part of the government ... that a corporation will commit itself to improvement, change its corporate culture, and self-police its activities.” She highlighted the usefulness of monitorships when that “trust is limited or called into question” and declared that DOJ is “free to require the imposition of independent monitors” when appropriate to ensure that the company is complying with its resolution obligations. The appointment of a monitor can be extremely burdensome on a company. This shift makes it even more important for companies to continue to review and update their compliance programs and maintain a strong culture of compliance.

Finally, while not a policy change, Monaco announced the formation of the Corporate Crime Advisory Group, which will have a broad mandate to consider enforcement issues and provide recommendations on policy revisions. Monaco provided several examples of the advisory group’s mandate, including a review of corporate resolutions and identification of “repeat offenders” to determine whether pretrial diversion remains appropriate for those companies in subsequent investigations. DOJ will also evaluate whether companies subject to deferred prosecution agreements (DPAs) and non-prosecution agreements (NPAs) are complying with their obligations, and will enforce consequences for noncompliance.

Remarks made by senior DOJ officials over the past few weeks and crystallized by Monaco in her recent speech signal a significant forthcoming uptick in corporate criminal enforcement. As Monaco advised at the conclusion of her speech, companies should look ahead: “[T]his is a start—and not the end—of this administration’s actions.” To prepare for this increased enforcement, companies should consider the following steps:

  • Review and update existing compliance policies and ensure that the policies address relevant issues that the company and its employees may face in the course of business as well as relevant market risks and developments in the law.
  • Consider whether there are new tools or techniques, including through the use of data analytics, that can be used to protect against and identify potential misconduct, particularly as theories of misconduct evolve in light of emerging technology and related risks.
  • Ensure that employees at all levels are aware of the company’s compliance hotline and nonretaliation policies, and encourage employees to use the hotline.
  • Ensure that the compliance hotline is functioning properly and that submissions are appropriately investigated—including, as appropriate, with the involvement of outside counsel.
  • Cultivate and maintain an appropriate tone at the top, with a commitment to compliance communicated by top executives and managers on a regular basis.
  • Ensure that robust compliance extends not just to corporate criminal fraud issues but also to the civil and regulatory frameworks pursuant to and under which the company operates.
  • Remain attentive to obligations set forth in existing DPAs, NPAs, or similar resolutions currently in place.
  • Consider, overall, whether the compliance program would instill confidence if tested by regulators and reflects that the company can be trusted to commit itself to ongoing improvement and change.