On September 15, 2022, Deputy Attorney General Lisa O. Monaco announced new Department of Justice (“DOJ”) policies on corporate criminal enforcement. DOJ designed the new policies based on recommendations by the Corporate Crime Advisory Group, a group of DOJ experts that reviewed previous corporate enforcement efforts and met with in-house attorneys, former corporate monitors, members of the business community and defense bar and others to obtain feedback on how their existing policies aligned or clashed with business realities.
DOJ’s new policies aim to encourage voluntary disclosure and cooperation more than ever, and to do that by providing greater predictability and insight into how cooperation credit will be determined and how corporate responsibility will be evaluated. In addition, DOJ announced a renewed focus on individual accountability, moving investigations more quickly, and providing greater transparency about the appointment and selection of corporate compliance monitors. Below are the highlights of the new policies.
- Voluntary Self-Disclosure Explained. Although some DOJ components have written policies on voluntary self-disclosure, many do not, and the new guidelines aim to create uniformity and transparency across all DOJ components. Accordingly, each DOJ component is directed to draft and publicly share its policy on corporate voluntary self-disclosure. The policies should set forth what constitutes a voluntary self-disclosure, when disclosure should occur, and what specific benefits corporations can expect to receive if they meet that standard. Across all components, though, DOJ announced that (absent certain aggravating factors) it will not seek a guilty plea where the corporation has voluntarily disclosed and fully cooperated, nor will it require a compliance monitor in such cases if the corporation demonstrates that it has an effective compliance program.
- Focus on Compensation Systems. Given DOJ’s continued focus on individual accountability, the new policies will expand DOJ’s evaluation of a company’s compliance program to include corporate compensation systems and the incentives created. In particular, DOJ will assess whether a company uses metrics to reward compliance-promoting behavior as well as clawbacks to deter and punish individuals who engage in corporate misconduct, suggesting that clawbacks appropriately shift the financial burden of misconduct away from shareholders and toward the individuals responsible. DOJ’s Criminal Division has been directed to issue further guidance by the end of the year specifically on how prosecutors should reward companies that adopt compensation incentives and penalties that promote compliance.
- Focus on Personal Devices and Third-Party Platforms. Pointing out that companies can neither monitor nor recover data as easily from personal devices and third-party platforms, DOJ announced that companies must address their use as part of an effective compliance program. Additionally, it directed the Criminal Division to issue best practices on the use of personal devices and third-party messaging platforms and include them in the next edition of the Evaluation of Corporate Compliance Programs.
- Cooperation Must Move Quickly. DOJ intends to move investigations more quickly, and companies that seek cooperation credit will have to adjust their timelines accordingly. Those that delay in producing documents and other information risk being accused of gameplaying and being denied credit altogether.
In addition to the above, DOJ provided further guidance on how a history of misconduct will be viewed and stated that companies should be prepared to provide a list and summary of all pending investigations, all prior criminal resolutions within the last ten years, and all civil or regulatory resolutions within the last five years. Finally, DOJ provided additional guidance to improve transparency in the process of determining the need for a corporate compliance monitor as well as the process for selecting a monitor.
Given these DOJ developments, it would be prudent for companies to revisit their current compensation plans as well as their policies concerning the use of personal devices and third-party messaging platforms, as both of these items should be designed to further (or at least align with) the company’s overall compliance plan.