DOJ Updates Corporate Compliance Program Guidance and Announces New Policy Initiatives and Enforcement Resources
The Situation: As a follow-up to the deputy attorney general's September 2022 memorandum, the U.S. Department of Justice ("DOJ" or "Department") announced in March 2023 significant updates to its corporate compliance programs guidance, corporate criminal enforcement policies, and an increase of enforcement resources to address national security concerns.
The Result: With DOJ's policy initiatives in mind, companies should carefully evaluate their compliance policies and procedures, particularly those regarding compensation structures, the use of personal mobile devices and messaging applications, and compliance with export and sanctions laws.
Looking Ahead: The updates to DOJ's compliance guidance send a message that DOJ continues to raise the bar on corporate compliance program standards and will closely evaluate the design and effectiveness of corporate compliance programs when making corporate charging, resolution, and monitorship decisions.
At the American Bar Association's National Institute on White Collar Crime in March 2023, Deputy Attorney General ("DAG") Lisa Monaco and Assistant Attorney General for the Criminal Division ("AAG") Kenneth A. Polite, Jr. announced enhanced DOJ compliance program standards as a follow-up to DAG Monaco's September 2022 Memorandum containing compliance program pronouncements. The updates include a new pilot program to promote corporate compensation incentives and clawbacks. DOJ also updated its standards for appointing corporate monitors and revealed a push to prosecute sanctions evasion and export control violations.
Additional Guidance Regarding Use of Personal Devices and Communications Platforms
The Criminal Division revised the guidance its prosecutors refer to when evaluating the adequacy of a company's compliance program (at both the time of the offense and the time of a charging decision) and when ultimately determining the terms of a corporate resolution.
First, the updated guidance includes more detail regarding how prosecutors will evaluate whether a company has implemented effective policies and procedures governing the use of personal devices and third-party messaging platforms—including ephemeral and encrypted messaging applications (e.g., WhatsApp and WeChat)—to ensure that business-related electronic data and communications are preserved.
According to the updated guidance, these policies should be tailored to the corporation's risk profile, with the goal of making business-related data accessible to the company for preservation. Prosecutors are now directed to consider three specific topic areas related to company-related data and communications: (i) the company's communication channels; (ii) the company's policy environment; and (iii) the company's risk management. In this regard, relevant questions include:
- Which electronic communication channels do company employees use? What preservation or deletion settings are available to each employee under each channel?
- What procedures has the company implemented to manage and preserve electronically communicated information?
- Does the company have policies to make sure business-related data is preserved and accessible by the company?
- If the company has a "bring your own device" ("BYOD") program, does the company have policies governing preservation of and access to corporate data stored on those personal devices—including data contained within messaging platforms?
- If the company has a policy regarding whether employees should transfer data from personal phones or messaging applications to the company's systems to preserve them, do employees follow and does the company enforce the policy?
- Has the company communicated these policies to employees and enforced the policies and procedures on a regular and consistent basis in practice?
- Has the company ever exercised any policy rights to access business-related data? What are the consequences for employees who do not follow these policies? Has the company disciplined employees who fail to comply with these policies?
- Has employee use of personal devices or third-party messaging applications—including ephemeral messaging applications—impaired the company's compliance program, ability to conduct internal investigations, or ability to respond to government requests for information?
- How does the company exercise control over business-related communication channels?
- Is the company's approach reasonable in the context of the company's business needs and risk profile?
This updated guidance clearly reflects DOJ's strong interest in company-related data on personal devices, company-issued devices, and third-party messaging platforms. Indeed, in a speech on March 3, AAG Polite remarked that DOJ would more actively seek data from mobile devices, including data from third-party messaging applications. AAG Polite added that should the Criminal Division become aware during an investigation that a company has not produced relevant communications from mobile devices and third-party messaging applications, prosecutors will ask questions about the failure to produce such communications—which may impact the Criminal Division's charging decision as to the company and its assessment of the company's cooperation.
Additional Guidance Regarding Compensation Incentives, Clawbacks, and Related Criminal Division Pilot Program
The Criminal Division's revised guidance also discusses how prosecutors will assess whether a company's compensation system promotes compliant behavior. DOJ renamed a section of its guidance previously titled "Incentives and Disciplinary Measures" to "Compensation Structures and Consequence Management," and updated the section with several revisions related to: (i) compensation structures; (ii) disciplinary measures; and (iii) incentives. The Department also announced a new pilot program to promote compensation systems and compensation clawbacks. These revisions emphasize how DOJ prosecutors will scrutinize whether a company has adequate "consequence management" procedures to identify, investigate, discipline, and remediate violations of law.
Compensation Structures. The guidance includes new questions on how the Criminal Division will evaluate a company's compensation structures and whether they foster a culture of compliance. This reflects DOJ's emphasis on turning to companies to also punish corporate wrongdoers. Criminal Division prosecutors are now directed to consider the following:
- Does the company have policies to recoup or reduce compensation due to compliance violations, policy violations, or misconduct?
- Has the company enforced clawback provisions that permit the company to recoup previously awarded compensation in the event of corporate wrongdoing?
- Does the company have compensation systems that defer or escrow certain compensation tied to conduct consistent with the company's values and policies?
Disciplinary Measures. The guidance includes additional questions indicating how the Criminal Division will evaluate a company's disciplinary program:
- Has the company publicized disciplinary actions internally?
- Is the company tracking data relating to disciplinary actions to measure the effectiveness of its consequence management program?
- Is the company monitoring the number of compliance-related allegations that are substantiated, the average time to complete a compliance investigation, and the effectiveness and consistency of disciplinary measures throughout the organization?
Incentives to Promote Compliant Behavior. Finally, the Criminal Division updated how it will evaluate whether a company has effective incentives to promote compliant behavior. Prosecutors' evaluations here will consider, among other things, whether the company has made compliance a means of career advancement, offered opportunities for management to serve as a compliance "champion," or made compliance a significant metric for management bonuses.
Compensation Incentives and Clawbacks Pilot Program. In connection with these updates, the DOJ Criminal Division unveiled a new Pilot Program Regarding Compensation Incentives and Clawbacks ("Pilot Program"). The Pilot Program has two parts:
- First, each corporate resolution with the Criminal Division will include a requirement that the company involved implement compliance-promoting criteria within its compensation and bonus system. These criteria, which will take into consideration the company's existing compensation program, may include: (i) no bonuses for employees who do not satisfy compliance objectives; (ii) disciplinary measures for employees who violate law or for those who supervised employees who engaged in misconduct and knew of, or were willfully blind to, such misconduct; and (iii) incentives for employees who demonstrate a full commitment to compliance.
DAG Monaco noted that this part of the Pilot Program has been used recently, referring to a plea agreement that a Danish global financial institution entered into in December 2022, relating to inadequate money laundering controls. As part of the plea agreement, the bank agreed to revise its performance review and bonus system to include criteria related to compliance. Going forward, a bank executive who achieves a failing score in compliance will be ineligible for any bonus that year.
- Second, companies that seek to claw back compensation from corporate wrongdoers will be eligible for fine reductions in connection with DOJ resolutions. Where a criminal resolution is warranted and a company fully cooperates with DOJ, timely and appropriately remediates the misconduct, and initiates the process to recover such compensation by the time of the resolution, DOJ will accord a fine reduction equal to the amount of any compensation that is recouped within the term of the resolution. Notably, the Pilot Program accounts for the practical difficulty of securing such clawbacks; where clawback efforts are pursued in good faith but are ultimately unsuccessful, the company will still be eligible to receive a fine reduction of up to 25% of the amount of compensation that was sought.
The Pilot Program becomes effective March 15, 2023, and will be in effect for three years.
Revised Criteria for the Selection of Corporate Compliance Monitors
The AAG issued a revised memorandum on the selection of monitors in Criminal Division matters. The revised memorandum clarifies four policy positions: (i) monitor selections are and will be made in keeping with the Department's commitment to diversity, equity, and inclusion; (ii) prosecutors should not apply presumptions for or against monitors; (iii) the requirements for monitors apply to a monitor's entire team in addition to the lead monitor; and (iv) the cooling off period for monitors is now not less than three years, rather than two years, from the date of monitorship termination.
Recent statistics bear out DOJ's commitment to diversity, equity, and inclusion in monitor selections. Five out of seven DOJ corporate monitors selected during the Biden administration are diverse (four are women and the fifth is a non-white man). In comparison, for example, between 2004 and 2018, six out of 45 corporate monitors were diverse (three women and three non-white male attorneys). For more background on this topic, please review Jones Day's September 2021 White Paper on Diversity in Monitorship Selection.
When considering whether to impose a monitor, the Criminal Division is still directed to do so where there is a demonstrated need or benefit from a monitorship. This includes situations where the corporation's compliance program and controls are untested, ineffective, inadequately resourced, or not fully implemented at the time of a resolution. On the other hand, a monitor may not be necessary if a company's compliance program and controls are "tested, effective, adequately resourced, and fully implemented at the time of a resolution."
More DOJ Resources to Prosecute Exports and Sanctions Violations
As part of DOJ's recognition of the increasing intersection between national security concerns and corporate crime, the DAG announced a plan to significantly restructure and devote more resources to the Department's National Security Division ("NSD"). The NSD is responsible for investigating, prosecuting, and supervising the general enforcement of federal criminal laws related to counterintelligence and counterterrorism. The NSD's purview includes, among other things, criminal enforcement of U.S. economic sanctions and export control laws and regulations that are respectively administered by agencies within the Treasury and Commerce Departments, which have significantly expanded in recent years to address evolving and complex national security concerns posed by foreign adversaries. The Biden Administration has prioritized using these authorities to hinder Russia's war efforts against Ukraine and to restrict Chinese access to U.S. advanced technologies.
The Department's plan will reportedly consist of adding more than 25 prosecutors to focus on enforcement efforts concerning sanctions evasion, export control violations, and similar crimes. These prosecutors will be housed within NSD under the DOJ's forthcoming appointment of its first-ever Chief Counsel for Corporate Enforcement. With this new restructuring of resources and personnel, the NSD is expected to work with private industry to investigate sanctions and export control evasion. Highlighting the importance of this "surge of resources," and with a nod to DOJ's long-standing prioritization of Foreign Corrupt Practices Act ("FCPA") enforcement, the DAG stated: "As I've said before, sanctions are the new FCPA."
The announcement reflects a concerted effort to increase collaboration and coordination among federal agencies and with the private sector to bolster enforcement efforts. Last month, DOJ announced that the NSD would be partnering with the Commerce Department to form a "Disruptive Technology Strike Force" in an effort to prevent countries such as China and Russia from obtaining sensitive data and technologies. In addition to increasing enforcement of U.S. export controls, the Task Force will aim to develop and strengthen partnerships between prosecutors, the intelligence community, and the private sector.
The NSD has also started to issue joint advisories and compliance publications with the sanctions and export controls regulators within the U.S. Commerce and Treasury departments to inform the business community about DOJ's expectations as to national security compliance. One such publication is the March 2, 2023, Tri-Seal Compliance Note, which focuses on efforts to prevent the use of third-party intermediaries to evade Russia-related sanctions and export controls. The publication admonishes the private sector to remain vigilant in identifying, preventing, and disclosing transactions that may have been used or were intended to circumvent applicable sanctions; provides a list of common red flags or scenarios that companies should consider when evaluating whether a transaction may implicate U.S. sanctions or export controls; and underscores the U.S. government's use of civil and criminal authorities to identify and redress violations.
Four Key Takeaways
- The updates to the DOJ Criminal Division's guidance on the Evaluation of Corporate Compliance Programs reinforce DOJ's commitment to elevate corporate compliance program standards and provide companies with additional insight as to how DOJ will evaluate the compliance program of a company that is facing a corporate criminal investigation.
- As DOJ works to implement the new guidance, companies should review their compliance programs to ensure that they adequately assess, monitor for, and remediate misconduct. Such a review should include assessments of corporate policies governing corporate access to business-related data on personal devices, company-issued devices, and third-party messaging platforms. It should also include a review of whether corporate compensation systems and related policies encourage compliance and deter wrongdoing.
- DOJ's revised monitor selection memorandum demonstrates the Department's commitment to promote diversity, equity, and inclusion in Criminal Division monitor selections.
- DOJ's plans to bolster enforcement resources for the investigation and prosecution of export control and sanctions violations signal an even more aggressive approach by the Department in these areas and further entrench national security concerns as a top U.S. enforcement priority.