Dramatically New DOJ Expectations for Compliance Programs: What You Need to Know
The world of corporate compliance is in continuous evolution. Sometimes, however, it suffers a slight paradigm shift. With apologies to Yentl, “this is one of those moments.”
The DOJ has now outlined a number of prioritized topics that you might find alarming:
1. Clawbacks for guilty executives;
2. CCO Certifications; and
3. Personal messaging.
Before we jump into these topics, a quick overview: on September 15, 2022, Deputy Attorney General Lisa Monaco (“DAG Monaco”) announced in New York (and issued a memo regarding) new policies and directives on compliance enforcement against corporations and its leaders. One day after DAG Monaco’s speech, Assistant Attorney General Kenneth Polite noted in Dallas that CCOs must now certify that their compliance programs pass muster.
As always, the DOJ conscientiously avoided being pigeonholed by its public pronouncements by employing lots of generalizations and non-committal declarations (e.g., relating to aggravating and mitigating elements). A few thoughts:
1. The DOJ has reiterated that sanctions regime enforcement is a top priority for the department (in conjunction with the Office of Foreign Assets Control). Notably, DAG Monaco has likened the DOJ’s new shift to prioritize sanctions enforcement to the DOJ’s historic focus on anti-bribery and anti-corruption enforcement actions over the past decade.
2. Businesses have been clamoring for metrics that help them judge liability and mitigation…and the DOJ somewhat delivered. “Dated” conduct (criminal resolutions over 10 years old and civil/regulatory resolutions over 5 years old) will be expressly less relevant.
3. Cooperation credit will require, among other things, charges against those individuals responsible (or, in the alternative, a plan for completing an investigation).
4. Absent aggravating circumstances, cooperation, remediation, and the maintenance of an effective compliance program should obviate the need for a guilty plea and/or a monitor.
5. The DOJ’s departments will publish a monitor selection process. (This is important to combat the presumption that monitors are ex-DOJ law firm partners who maintained good relations with the government.)
One of the largest complaints about corporate monitorships in past enforcement actions (especially in the anti-bribery sector) has been burdensome—and often, outrageous—billings associated with the practice. DAG Monaco is now putting corporate monitors on notice that DOJ prosecutors will be monitoring the monitors to keep within budgetary limits and ensure the process is expeditiously executed and only used as needed.
Now let’s jump into the initial red flag topics:
Clawbacks: Prosecutors are now directed to evaluate incentives for compliance and penalties for violations. With respect to executive compensation, the DOJ specifically wants to see bonus escrows or clawback provisions; it also wants to see “actual” clawbacks after the discovery of misconduct.
In criminal investigations, the idea of incenting compliance is a bit harder to measure. While we should receive more details relating to the DOJ’s expectations in this regard, it is clear that paper programs with little application will not withstand DOJ scrutiny. It will be interesting to see whether contractual terms relating to executive compensation are revisited or revised based on this government advice.
CCO Certifications: The DOJ underscored its commitment to the use of CCO certifications. Chief Compliance Officers must now evaluate and certify that their compliance programs are “reasonably designed to detect and prevent violations.” No less than the DOJ’s former Compliance Expert, Hui Chen, has criticized the use of badly-designed certifications. One major problem: The absence of objective criteria. (We as lawyers recognize that the “reasonableness” standard allows for a wide range of subjectivity.) Any CCO required to certify its company’s compliance program should, among other things, (a) back up his/her assessment with evidence and metrics; and (b) be prepared to walk away from a job instead of falsely certifying the program to the government. Additionally, a CCO attorney should recognize the tension between “compliance” (i.e., full transparency and remediation) and “legal” (i.e., privilege and protection from third-party suits).
Personal Messaging: There is a clear expectation that all relevant evidence be preserved; this expectation becomes more challenging with personal devices and third-party messaging platforms (like WhatsApp or WeChat). The DOJ expects “effective policies,” “clear training,” and policy enforcement “when violations are identified.” While theoretically sound, the practical implementation of these expectations is complicated by privacy factors and technological impediments. (Many of these platforms offer “ephemeral (or disappearing) messaging” that makes preservation a challenge.)
Also, note that the Treasury department explicitly stated it would focus on and target violators of Russia-targeted sanctions. The importance of due diligence and know-your-customer checks cannot be overstated. Ensuring that you understand your commercial counterparties is of utmost importance.
We at Wallenstein Law Group have extensive experience working with the Department of Justice and its compliance monitors. We are uniquely positioned to assist companies in developing corporate compliance policies and procedures, as well as helping companies navigate DOJ enforcement guidelines, ever-changing sanctions regimes, and export controls. If your company needs a compliance program rehaul or advice on sanctions or trade control compliance, we are the firm for you. Contact us today!