What Happened

On Thursday, September 15, 2022, the Deputy Attorney General for the US Department of Justice (“DOJ”), Lisa Monaco, issued a memorandum that establishes new policies on corporate criminal enforcement. This memorandum (the “new memorandum” or the “Monaco memo”) augments the DOJ’s October 2021 memorandum that outlined the DOJ’s efforts to combat corporate crime. The new memorandum addresses―among other issues―cooperation credit, compliance programs, data collection, foreign prosecutions, and independent compliance monitorships. The revisions touch on multiple different areas and have critical implications for any company operating in the United States or subject to the DOJ’s jurisdiction.

Analysis

For over a decade, the most important issue in criminal law has been the DOJ’s conscription of the corporate world to help it uncover and prosecute white collar crime. As the DOJ continues to bring fewer cases on a year-by-year basis, it continues to offer more incentives to companies that monitor, detect, and self-disclose crimes, while punishing companies that do not engage in robust compliance efforts or report their own misconduct (or that of their employees). The DOJ’s latest memorandum is not only a full-throated reaffirmance of this trend, but also provides practical guidance to companies wondering how to navigate these inherently difficult issues in the real world. For purposes of this client alert, we have grouped the guidance into four categories:

  • Guidance on Individual Accountability
  • Guidance to Corporations on Compliance Programs
  • Forthcoming DOJ Policies on Self-Disclosure and Independent Compliance Monitors
  • The DOJ’s Recognition of International Issues

I. Guidance on Individual Accountability

The Monaco memo emphasizes individual accountability as its “first priority.” Under the policy announced by former Deputy Attorney General (“DAG”) Sally Yates in 2015, and relaxed under the prior administration, companies seeking cooperation credit are required to completely disclose to DOJ all relevant facts about individual misconduct.

The new memorandum incorporates the Yates memo’s message while placing additional emphasis on the speed of disclosure by requiring cooperating companies to come forward more quickly with evidence of individual wrongdoing: “to receive full cooperation credit, corporations must produce on a timely basis all relevant, non-privileged facts and evidence about individual misconduct.” Companies that delay production or disclosure of significant facts risk losing their eligibility for cooperation credit. In fact, the new guidance emphasizes that production of evidence related to individual culpability should be prioritized because “if disclosures come too long after the misconduct in question, they reduce the likelihood that the government may be able to adequately investigate the matter in time to seek appropriate criminal charges against individuals.”

The new guidance also states that DOJ will not enter into non-prosecution agreements (“NPAs”), or deferred prosecution agreements (“DPAs”) with companies until it has either commenced any relevant individual prosecutions or has developed a full investigative plan and timeline for doing so.

II. Guidance to Corporations on Compliance Programs

A. How to Assess Corporate Compliance Programs

The DOJ reaffirms the June 2020 Guidance on Corporate Compliance Programs by directing prosecutors to assess a company’s compliance program “both at the time of the offense and at the time of the charging decision and resolution.” The June 2020 Guidance required prosecutors and companies to ask “three fundamental questions” that lay at the heart of DOJ’s evaluation of any compliance program:

1. Is the corporation’s compliance program well designed?

2. Is the program being applied earnestly and in good faith? In other words, is the program being adequately resourced and empowered to function effectively?

3. Does the corporation’s compliance program work in practice?

The June 2020 Guidance made a number of changes regarding the need for compliance programs to be dynamic and data-driven; the new memorandum adds two additional metrics for prosecutors and companies to consider when evaluating compliance programs. First, adding to the requirement that companies take remedial actions against employee wrongdoers, the memorandum directs prosecutors to consider whether a company provides “affirmative incentives for compliance-promoting behavior.” Specifically, the memorandum requires prosecutors to consider whether the company has a compensation system that “clearly and effectively imposes[s] financial penalties for misconduct.” The memorandum suggests multiple times that this can be accomplished by a “compensation clawback provision” wherein companies would have a mechanism to recoup the employee’s fraudulent proceeds. The goal of requiring such a clawback provision would be to shift the burden of corporate penalties from the company’s shareholders to the culpable individuals.  

Second, further recognizing the need of compliance programs to track and analyze data, the memorandum requires prosecutors―when deciding whether to grant cooperation credit―to determine whether a company has the ability to collect and turn over all non-privileged responsive and relevant documents. What constitutes “best corporate practices” on issues of data collection has long been subject to lengthy and expensive disagreements. However, this memorandum indicates that while further DOJ guidance is coming on this subject, prosecutors must now, at a minimum, consider whether a company has policies on the use and abuse of personal cell phones and devices and the use of third-party messaging apps to ensure that work-related electronic data and communications can be preserved and collected and that such platforms cannot be used to obstruct a potential investigation.

B. History of Misconduct

Refining the DOJ’s October 2021 memorandum that required prosecutors to investigate and consider prior misconduct before seeking criminal charges, the new memorandum provides common sense guidance to prosecutors on how they should conduct this analysis. For example:

  • Timing matters. Greater weight should be given to recent misconduct involving the same personnel or underlying facts, while older criminal or regulatory violations should be given less weight.
  • No repeat customers. Prosecutors should not offer a Non-Prosecution Agreement (“NPA”) or a Deferred Prosecution Agreement (“DPA”) to a company that has received one in the past.
  • Industry matters. A company with a history of compliance in a highly regulated industry should be evaluated against other similarly situated companies within that industry.
  • Acquisitions matters. For companies that acquire a company that has prior violations, it is crucial that the acquiring company has implemented an effective compliance program that addresses the root cause of the prior misconduct.

C. The DOJ Determines Timeliness

Companies under federal investigation can receive credit for cooperating with the DOJ and, thereby, be eligible for lesser penalties, NPAs, or DPAs. Indeed, absent aggravating factors, the DOJ will not seek a guilty plea where a company has timely and voluntarily self-disclosed, cooperated, and remediated misconduct. The new memorandum emphasizes that such credit is premised on cooperation being timely―“to receive full cooperation credit, corporations must produce on a timely basis all relevant, non-privileged facts and evidence about individual misconduct.” Moreover, the new memorandum instructs companies to prioritize evidence that is “most relevant for assessing individual culpability.” 

The new memorandum also re-endorses the 2015 Yates Memo that guides prosecutors to resolve individual liability before resolving corporate liability. For prosecutors wishing to resolve a corporate case prior to completing the investigation into potentially responsible individuals, the memorandum requires the prosecutor to write a formal justification memorandum requiring approval by the supervising US Attorney or Assistant Attorney General. By requiring corporations to wait until the DOJ finishes its investigation and prosecution of individuals, companies are increasingly under investigation for longer time periods with undefined end points. This memorandum reaffirms what companies under federal investigation have already known: the DOJ’s concerns about timeliness are largely one-sided. 

III. Forthcoming DOJ Policies on Self-Disclosure and Independent Compliance Monitors

The new memorandum also directs DOJ officials and prosecutors to create uniform practices. Some of these changes reflect practices that most prosecutors already adhere to. For example, the memorandum directs prosecutors drafting corporate agreements to include a statement of facts and a discussion of the considerations that led the DOJ to enter into the agreement. 

Other changes are meant to offer a carrot to companies with strong cultures of compliance. The memorandum directs every DOJ component to adopt a formal written policy that ensures that a company benefits from voluntary self-disclosure of misconduct. These written policies must include the following “core principles”: (i) DOJ generally will not seek a guilty plea where a company has self-reported, cooperated, and remediated the wrongdoing; and (ii) DOJ will not impose an “independent compliance monitor” for self-reporting companies that have demonstrated effective compliance programs.

The new memorandum also instructs all relevant DOJ components to adopt a public monitor selection process by the end of 2022 and outlines specific factors that prosecutors must consider in deciding whether to seek a monitorship. These factors include:

  • Does the company have an effective compliance program?
  • How long did the misconduct occur?
  • Did the company take steps to remediate the misconduct?
  • Did the company self-disclose the conduct?
  • Are there unique compliance risks that the company faces and are they already subject to regulatory oversight?

IV. The DOJ’s Recognition of International Issues

Finally, the new memorandum contains two pieces of guidance for companies with international operations. First, consistent with its “no piling on” policy, the memorandum allows federal prosecutors to refrain from prosecuting individuals that are subject to prosecution in foreign countries for the same underlying facts. However, this decision is highly discretionary and the prosecutor is entitled to rely on a panoply of factors―probable sentence, willingness of foreign jurisdiction to prosecute, strength of evidence―when deciding to allow a foreign country to prosecute. 

Second, for companies navigating the various data-privacy laws enacted by different countries and states, the memorandum takes a sword and shield approach. While recognizing that these data privacy laws can hamper good faith efforts by companies to turn over evidence and self-report violations, the memorandum also instructs prosecutors to determine whether a corporation is acting sincerely or “actively seek[ing] to capitalize on data privacy laws and similar statutes to shield misconduct inappropriately from detection and investigation by US law enforcement.” 

Takeaways

The key message of the Monaco memo is that the DOJ views companies that employ preemptive, systemic tools, and financial incentives to deter corporate malfeasance as best positioned to investigate and root out such misconduct. While the DOJ continues to adopt a carrot and a stick approach with its corporate guidance, this memorandum also suggests that it is willing to offer nuanced guidance in response to practical, real world problems that companies face when implementing compliance programs.