September 20, 2022
Nathaniel B. Edmonds
and Josh ChristensenOn September 15, 2022, Deputy Attorney General Lisa Monaco (the “DAG”) announced a series of notable changes to the U.S. Department of Justice’s corporate enforcement program.
As detailed in a DOJ memorandum released the same day, the policy revisions cover a wide range of areas, including the focus on prosecution of individuals, requirements for corporate cooperation credit, evaluating a corporation’s prior history of misconduct, expectations for compliance programs, and factors for determining whether to impose a monitor. The new proposals build upon policy changes the DAG previously announced in October 2021, and once again re-balanced the system of “carrots and sticks” that it has long-used to encourage responsible corporate behavior. In this Alert, we discuss these changes and takeaways for companies seeking to mitigate the increased enforcement risks.
Changes to Corporate Criminal Enforcement
In her October 2021 announcements, the DAG noted that DOJ was returning to a prior policy governing individual accountability, which requires companies seeking cooperation credit to disclose to DOJ all non-privileged information relevant to all individuals involved in the misconduct. Under the new policy, companies are now also required to produce documents and information on a “timely” basis without any undue delay. For particularly relevant information (such as hot documents), companies are expected to disclose that information immediately after it is discovered. DOJ has previously reduced cooperation credit for cooperation delays, and the DAG made clear that, going forward, any “gamesmanship” in disclosure delay for strategic reasons will result in reduced or no cooperation credit.
Relatedly, DOJ issued guidance for evaluating cooperation credit for companies that are confronted with issues under foreign data privacy or similar laws. Prosecutors are now instructed to provide credit where companies produce records notwithstanding the existence of such laws and to reduce credit where a company uses those laws to “shield misconduct inappropriately.”
The DAG announced last October that in making determinations about criminal charges and resolutions, prosecutors were required to consider all historical misconduct of a company. Under the new guidance, DOJ provided additional clarity on this policy and outlined numerous factors that prosecutors should consider, such as the age of the prior misconduct (presumptively, less weight will be given to criminal resolutions older than 10 years and civil/regulatory resolutions older than 5 years), whether the prior resolution was criminal or civil, and whether it involved the same management or personnel.
More noteworthy, however, was the DAG’s announcement that, going forward, companies that had received non-prosecution agreements (NPAs) or deferred prosecution agreements (DPAs) in the past should not assume that they would receive such resolutions in the future. Rather, the DAG stated that multiple NPAs or DPAs for companies (and their affiliated entities) were generally disfavored, and that any exceptions would require written approval from DOJ leadership.
The DAG announced a new policy that requires all DOJ components that prosecute corporate crime to have a formal, written policy on voluntary self-disclosures (“VSDs”). The policy must be transparent enough to allow companies to understand what qualifies as a VSD and to predict what benefits the company will receive in return. In addition, DOJ’s guidance requires any VSD policy to include two “core principles”:
Anticipating a question on how DOJ’s new policy for disfavoring successive NPA/DPA resolutions will square with its policy on VSDs, the guidance provides it should not “disincentivize corporations that have been the subject of prior resolutions from voluntarily disclosing misconduct.” DOJ did not, however, provide specific guidance on how much credit such companies would receive, simply stating that where companies have made a qualifying VSD, prosecutors will “credit such disclosure appropriately.”
The DAG’s remarks were also focused on DOJ’s long-standing goal of creating a strong corporate culture that encourages companies to invest corporate resources into compliance and “rejects wrongdoing for the sake of profit.” The DAG announced two new compliance factors to support those goals.
First, in evaluating the strength and effectiveness of corporate compliance programs, prosecutors should consider whether a company employs a compensation structure that financially rewards corporate personnel who engage in compliant conduct, and financially sanction those involved in the misconduct. For the latter, DOJ specifically pointed to the use of claw back provisions or escrowing of compensation to punish those individuals who contribute to the misconduct.
Second, DOJ’s guidance addresses compliance issues that may arise where company employees use personal devices (such as smartphones) and ephemeral messaging platforms for company business. As a general matter, the guidance instructs that effective compliance programs should allow a cooperating company to preserve and collect all relevant company communications and materials, even those found on personal devices or on ephemeral messaging platforms. Failure to do so would likely result in not only an adverse finding on the effectiveness of the compliance program, but also a reduction in cooperation credit.
Finally, building on prior guidance, the DAG announced a new policy for evaluating when a monitor is appropriate and the role of prosecutors during the term of the monitorship. Notably, the DAG made clear that prosecutors would not apply a presumption either in favor or against a monitor.
DOJ’s guidance includes a non-exhaustive list of 10 factors that prosecutors should consider when evaluating the necessity and potential benefits of a monitor. Unsurprisingly, in addition to whether the company has made a VSD, at the top of the list of factors is whether, at the time of resolution, the company has demonstrated that its compliance program is sufficiently well-designed and adequately tested to demonstrate that it would likely detect and prevent similar misconduct in the future. Other factors include the pervasiveness of the misconduct, whether wrongdoers were able to exploit an inadequate compliance program or involved compliance personnel, and whether the company had taken adequate remedial measures.
DOJ also issued guidance requiring prosecutors to play a more active role with respect to monitorships and to engage in ongoing communication with both the monitor and company. This is meant to ensure that monitors are not being denied access to information, resources, or employees necessary to their work and that the monitor’s workplan is appropriately scoped and that the monitor’s review remains reasonable, including with respect to issues of cost.
Takeaways for Companies
The new guidance makes clear that DOJ continues to expect more from companies with respect to cooperation, remediation, and compliance, and that it will treat corporate targets, particularly recidivists, more harshly. Moreover, the DAG announced that DOJ would request Congress to appropriate $250 million specifically for corporate crime initiatives, which supports the proposition that DOJ is planning a more active role in corporate criminal enforcement.
To mitigate enforcement risks, companies should consider the following:
An earlier version of the alert was published on Law360.