On October 28, Deputy Attorney General Lisa Monaco announced that corporate monitors will once again play a key role in Department of Justice (DOJ) enforcement actions, stating that DOJ is “committed to imposing monitors where appropriate in corporate criminal matters.” This change reflects a significant departure from 2018 DOJ guidance, which suggested that “monitors would be the exception and not the rule.” As our colleagues previously discussed here, DOJ’s embrace of corporate monitors was one of three significant revisions to its corporate criminal enforcement policies, delineated in the October 28 memorandum and corresponding address.
The reintroduction of corporate monitors comes on the heels of unprecedented disruption to “business as usual,” in which compliance departments had to quickly adapt to monitoring a virtual world. This challenge was made all the more acute by the financial constraints and uncertainty that accompanied the pandemic, which led many companies to reduce compliance budgets and staffing. However, while the last two years may have been a historically challenging time for compliance, these challenges did not slow down DOJ’s record-breaking enforcement actions. And DOJ has made clear its view that financial pressures and business disruptions do not excuse the failure to have a well-functioning, well-resourced compliance program. As DAG Monaco succinctly warned, a corporate culture that “fails to invest in compliance … leads to bad results.”
The memorandum instructs prosecutors to assess the “potential benefits” the monitor will afford both to the corporation and the public against the cost of the monitor and its impact on the corporation’s operations. When a company’s compliance program and controls are deficient or inadequately resourced, DOJ instructs its attorneys to consider imposing a monitor. Conversely, for companies that can demonstrate “tested, effective, adequately resourced and fully implemented” compliance programs, a monitor may not be necessary.
This assessment includes certain resource-heavy areas that have been, and continue to be, key areas of interest for the DOJ. Not only will these areas be evaluated in determining if imposing a monitor is appropriate, they also will be key areas of focus when and if a monitor is put in place. They include:
Mergers and Acquisitions. DOJ’s Evaluation of Corporate Compliance Programs (updated June 2020) states that a well-designed compliance program should include not only pre-acquisition due diligence, but also sufficient onboarding post-closing to ensure that the acquired entity is fully integrated into “existing compliance program structures and internal controls.”
Continuous Improvement Through Data Analytics. DOJ is increasingly relying on data analytics to aid in its investigations, and it expects companies to do the same. To satisfy these expectations, companies should ensure they have sufficient capabilities and personnel to analyze, monitor, and act upon relevant sources of data.
Third-Party Monitoring. A well-designed compliance program does not stop at the company’s doors. Just as with their own internal operations, companies should apply risk-based due diligence when engaging with third parties, as well as ongoing monitoring of the relationship.
In light of this guidance, companies that may have scaled back their compliance programs during the pandemic should consider reinvesting resources and personnel back into these programs. Should your company end up in DOJ’s crosshairs, a well-designed, well-resourced, and well-functioning compliance program may help you avoid having a compliance monitor looking over your shoulder for the next several years.