DOJ's Evaluation Of Corporate Compliance Programs

On February 8, 2017, the U.S. Senate confirmed Senator Jeff Sessions of (R - Alabama) as the Attorney General of the United States, a little over one week after Acting U.S. Attorney General Sally Quillian Yates was dismissed from her position at the U.S. Department of Justice ("DOJ"). In the aftermath of her dismissal, many companies and practitioners quietly wondered what would be the practical fate of the so-called "Yates Memo," a memorandum issued by Sally Yates, DOJ's then-Deputy Attorney General, dated September 9, 2015, entitled, "Individual Accountability for Corporate Wrongdoing,"1 as well as the so-called "DOJ FCPA Pilot Program," described in a DOJ Criminal Division communication from Andrew Weissmann, Fraud Division Chief, dated April 5, 2016, entitled, "The Fraud Section's Foreign Corrupt Practices Act Enforcement Plan and Guidance"2 (which went into effect for one year.)

Also on February 8, 2017, DOJ provided some clues that may indicate what companies, individuals and practitioners can expect from U.S. prosecutors; that is, a lot more of the same. A preliminary review of a DOJ document entitled, "Evaluation of Corporate Compliance Programs," from DOJ's Criminal Division, Fraud Section ("DOJ's Compliance Program Evaluation"),3 suggests that the safest approach is for companies to continue to conduct independent internal investigations with a view towards providing prosecutors information about individuals (including senior managers and officers, if any) engaged in misconduct, in hopes that DOJ will continue to consider the effectiveness of a company's existing compliance program (and remedial efforts to implement an effective program or improve an existing program) in deciding whether to bring charges against the company, or negotiating an agreement or other settlement with the company under investigation.

Compliance Program Effectiveness Factors Include Individual Accountability For Manager And Senior Executive Actions Based On DOJ Questions

The Yates Memo enforcement principles related to individual accountability for corporate wrongdoing appear to have found a home in DOJ's Compliance Program Evaluation, at least based upon a review of the sample topics and questions that prosecutors should consider in determining whether to bring a case against a company, or negotiate a favorable settlement or agreement. Specifically, in Topic 1, "Analysis and Remediation of Underlying Misconduct," DOJ's questions seek identification of exactly who within the company was involved in making the root cause analysis of the corporate misconduct at issue. Every person involved and their position and department should be clearly identified.4 In Topic 2, "Senior and Middle Management," DOJ seeks information regarding what actions senior leaders took (by words or actions) to encourage or discourage the misconduct that occurred at the company.5 The questions raise justifiable concern that conduct of managers could be misinterpreted by employees or third parties with less than full knowledge of the facts behind a manager's decision or actions.

Similarly, Topic 7, "Confidential Reporting and Investigation," reiterates a theme of individual accountability for prosecution in discussing a company's response to investigations. DOJ focuses on whether the accountability lapses include supervisory manager and senior executives, and how high up within the company the investigative findings go.6 Thus, these questions suggest that DOJ will not be satisfied with the cooperation of companies that merely identify an individual who is considered to be a "rogue employee" wrongdoer; DOJ also appears to want to hold their managers and executives accountable for what they knew or should have known about the rogue employee's misconduct at the company. Finally, in Topic 8, "Incentives and Disciplinary Measures," it is important to DOJ for managers to be held accountable for misconduct that occurred under their supervision, and whether the company provided disciplinary action for supervisors' failure in oversight.7 DOJ also seeks to know the specific nature of any disciplinary action taken with respect to employees (termination, reduction of bonuses, or warning letter) for the misconduct at issue.8 A company's answers to DOJ's questions in this regard would provide the road map for DOJ to possibly investigate certain individuals in the company for a criminal offense who the company's independent investigators may not have uncovered sufficient evidence of wrongdoing to even support a criminal referral of the individual(s) to DOJ.

Compliance Program Evaluation Effectiveness Factors Are Similar To Those Described In The DOJ FCPA Pilot Program

A company's responses to the above topics in DOJ's Compliance Program Evaluation would not only support the DOJ prosecution principles identified in the Yates Memo; but a preliminary review indicates that the company responses could also support the requirements for compliance and ethics program credit in the DOJ FCPA Pilot Program with respect to voluntary self-disclosure, full and timely cooperation, as well as timely and appropriate remediation in FCPA matters.9 The DOJ FCPA Pilot Program considers the following:

  • Whether the company has established a culture of compliance;
  • Whether the company dedicates sufficient resources to the compliance function;
  • The quality and experience of the compliance personnel such that they can understand and indentify the transactions identified as posing a potential risk;
  • The independence of the compliance function;
  • Whether the company's compliance program has performed an effective risk assessment and designed a program commensurate with that risk;
  • How compliance personnel are compensated and promoted compared to other employees;
  • Auditing the compliance program to ensure effectiveness;
  • The reporting structure of compliance personnel within the company;
  • Appropriate discipline for employees, including those identified as responsible for the misconduct, as well as discipline for other with oversight of the responsible individuals; and
  • Any additional steps that demonstrate recognition of the seriousness of the corporate misconduct, acceptance of responsibility, and measures to reduce the risk of repetition of misconduct.10

However, DOJ's Compliance Program Evaluation posted on February 8, 2017, includes several explanatory questions for eleven broad topics that will reveal specific compliance and ethics program details for each topic so that DOJ can distinguish between a well-drafted "paper" corporate compliance program and a highly rigorous "best practices" corporate compliance program. These eleven topics include the first two already mentioned, as well as Autonomy and Resources (Topic 3), Policies and Procedures (Topic 4), Risk Assessment (Topic 5), Training and Communications (Topic 6), Confidential Reporting and Investigation (Topic 7), Continuous Improvement, Periodic Testing (Topic 9), Third Party Management (Topic 10), and Mergers and Acquisitions (Topic 10).11

It is reasonable for companies to assume that DOJ will view differences in a company's evaluated compliance programs in a manner that could result in a DOJ enforcement declination, or the award of a high level of cooperation credit that results in reduced fines or penalties for a company under investigation, or the award of very little cooperation credit by DOJ due to the lack of voluntary cooperation by a company, or because a company failed to provide information on individuals engaged in misconduct, or a company had an inadequate and ineffective corporate compliance program or remediation efforts.

In light of the issuance of DOJ's Compliance Program Evaluation, we recommend that despite the recent change in DOJ senior leadership, the safest approach is for companies to continue to update compliance programs and procedures in accordance with the focus of the topics covered on February 8, in hopes that DOJ prosecutors will continue to afford the most favorable enforcement action outcomes (on FCPA and other Fraud Section cases) to those companies that voluntarily and timely cooperate, while also having highly effective compliance programs and appropriate remediation for misconduct of all parties involved in the corporate wrongdoing.

Footnotes

1. A copy of the Yates Memo may be downloaded by clicking on the following link: https://www.justice.gov/dag/file/769036/download.

2. A copy of the DOJ FCPA Pilot Program may be downloaded by clicking on the following link: https://www.justice.gov/criminal-fraud/file/838416/download

3. A copy of DOJ's Compliance Program Evaluation posted on February 8, 2017 is available for download by clicking on the following link: https://www.justice.gov/criminal-fraud/page/file/937501/download

4. See DOJ's Compliance Program Evaluation at 1.

5. See DOJ's Compliance Program Evaluation at 2.

6. See id. at 5.

7. See id. at 6.

8. Id.

9. See generally DOJ FCPA Pilot Program.

10. See id. at 7-8.

11. See generally DOJ's Compliance Program Evaluation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.