March 17, 2023
The US Department of Justice (“DOJ”) made several recent announcements expanding on its expectations for corporate compliance programs and unveiling new guidance on executive compensation structures, consequence management and business communications and ephemeral messaging.
DOJ also announced a new enforcement push focused on the intersection of corporate crime and national security.
Updated Guidance on the Evaluation of Corporate Compliance Programs
DOJ Deputy Attorney General Lisa Monaco and Assistant Attorney General Kenneth Polite recently announced a number of significant policy changes affecting corporate criminal enforcement by DOJ during presentations at the ABA’s Institute on White Collar Crime in early March. These announcements expand on Monaco’s September 15, 2022 Memo on Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group, which laid the foundation for more detailed guidance on corporate compliance programs.
Among the more notable changes are:
Companies and regulated entities will need to reevaluate existing compliance programs to ensure their compliance programs are accounting for this new guidance.
Executive Compensation and Clawbacks
In his speech on March 3, Polite announced two key changes to DOJ policies pertaining to the evaluation of corporate compensation systems for all companies. Effective immediately, prosecutors assessing a corporation’s compliance program under DOJ’s updated guidance document, Evaluation of Corporate Compliance Programs (the “ECCP”), are directed to consider the design and implementation of a company’s compensation schemes to determine whether compensation is configured to incentivize compliance. The revised ECCP provides that prosecutors may consider, for example, “whether a company has incentivized compliance by designing compensation systems that defer or escrow certain compensation tied to conduct consistent with company values and policies” and whether a company maintains and enforces “provisions for recoupment or reduction of compensation due to compliance violations or misconduct.”
In addition to the ECCP changes, DOJ is rolling out a three-year Pilot Program, effective March 15, 2023. Pursuant to the Pilot Program, DOJ’s Criminal Division will:
Prosecutors are directed to integrate compliance-related criteria tied to compensation and bonuses into all corporate resolutions during the Pilot Program. Such criteria could include a prohibition on bonuses for employees who do not satisfy compliance performance requirements, disciplinary measures for employees who violate applicable law (and potentially their supervisors as well) and incentives for employees who demonstrate full commitment to compliance processes.
Likewise, the Pilot Program provides that an additional fine reduction may be warranted where a company:
In these circumstances, DOJ will reduce “the fine in the amount of 100% of any such compensation that is recouped during the period of the resolution.”
Relatedly, the ECCP provides guidance for prosecutors to consider whether a company has effective “consequence management” procedures in place that allow it to identify, investigate, discipline and remediate violations of law or misconduct. Prosecutors may consider whether a company has publicized disciplinary actions internally (as a deterrent effect) and whether it is tracking data related to disciplinary actions, compliance-related allegations and compliance investigations. Prosecutors are also directed to consider whether a company has effective human resources processes in place to ensure consistent application of compliance-related investigation procedures and disciplinary actions.
Guidance on Use of Personal Devices, Communications Platforms and Messaging Applications
DOJ also revised the ECCP to include new guidance on how it will consider corporate practices on the use of personal devices, messaging applications (including ephemeral messaging) and communications platforms in the workplace.
DOJ will evaluate a corporation’s policies governing electronic devices and data against the backdrop of the company’s risk profile and specific business needs, all the while assessing the company’s ability to access and preserve electronic data and communications. In conducting this evaluation, prosecutors are directed to consider three factors:
As Polite made clear, DOJ will expect companies to maintain, communicate and enforce policies that ensure that “business-related electronic data and communications can be preserved and accessed,” regardless of the medium on which they are maintained. Where companies fail to produce communications, prosecutors will ask about where they are stored and the company’s ability to access them. Polite was pointed in noting that “a company’s answers—or lack of answers—may very well affect the offer it receives to resolve criminal liability. So when crisis hits, let this be top of mind.”
Focus on National Security-Related Compliance Enforcement
Finally, Deputy Attorney General Monaco announced in her speech that DOJ would be making significant resource investments in the DOJ’s National Security Division so that the division is better able to focus on the intersection of corporate crime and national security. Citing the importance of sanctions and export control enforcement in US national security, Monaco noted that corporations “are on the front lines of today’s geopolitical and national security challenges” and that “corporate criminal investigations carry profound national security implications.”
Monaco admonished business leaders to take sanctions seriously, noting that DOJ is presently handing “corporate investigations that involve sanctions evasion” across the globe, in industries as varied as transportation, financial technology, banking, defense and agriculture. According to Monaco, “sanctions are the new FCPA.”
To better equip DOJ in these efforts, Monaco announced a surge in resources to address the intersection between corporate crime and national security, including hiring 25 new prosecutors to investigate sanctions evasions, export compliance and other economic crimes.
In addition, NSD will begin issuing joint advisories with the US Department of Commerce and the US Department of the Treasury to inform the private sector about enforcement trends and “convey [DOJ’s] expectations as to national security-related compliance.”
DOJ’s latest guidance provides tangible considerations for all companies to consider for their compliance programs. Details from the ECCP and Pilot Program provide companies and their compliance officers and employees the benefit of particular expectations and benchmarks from DOJ. It remains to be seen how the new guidance will pan out in practice, however.
For instance, while DOJ notes that the new revisions are intended to provide transparency around DOJ policy, prosecutors will retain significant discretion over, among other things, fine reduction recommendations and subjective assessments of “good faith” efforts to clawback compensation and overall effectiveness of compliance programs. This is particularly the case where prosecutors have broad discretion to require companies entering into criminal resolutions to implement the broadly worded “compliance-related criteria” in their compensation systems. It remains to be seen whether different prosecutors can cohesively implement such a policy with a measure of predictable consistency.
Additionally, the broad scope and coverage of DOJ’s guidance is significant. In contrast to specific rules that exist for public companies and regulated entities (such as broker-dealers and investment advisers) around recordkeeping obligations and executive compensation clawbacks, DOJ’s guidance applies to all companies. The practical result may mean that private entities currently not subject to existing obligations under the federal securities laws will likely need to consider the implementation of similar programs implemented.
Finally, many companies have likely not paid much attention to sanctions and national-security related issues when building out their compliance programs. To the extent that sanctions do in fact become “the new FCPA,” companies will need to bolster or implement policies and procedures that ensure the same degree of corporate compliance in the sanctions context as has become standard in the FCPA context.