On March 2 and 3, 2023, the U.S. Department of Justice (“DOJ”) announced several
updates to its corporate enforcement policies, in significant part formalizing recent
pronouncements about corporate compliance programs. Deputy Attorney General Lisa
Monaco and Assistant Attorney General Kenneth A. Polite, Jr. announced these updates
in remarks at the ABA’s National Institute on White Collar Crime. In particular, DOJ:

  • revised its guidance to federal prosecutors relating to the Evaluation of Corporate
    Compliance Programs, most notably regarding how companies approach (i) the use of
    personal devices and different communications platforms and (ii) corporate
    compensation systems;
  • launched a Compensation Incentives and Clawbacks Pilot Program that requires
    settling companies to include compensation-related criteria in their compliance
    programs and offers criminal fine reductions for companies that claw back
    compensation from individual wrongdoers; and
  • revised its Memorandum on Selection of Monitors in Criminal Division Matters to,
    among other things, include the 10 factors introduced in the September 2022 Monaco
    memo to clarify how DOJ selects monitors.

Consistent with corporate enforcement memos released in October 2021 and September
2022, these changes reflect DOJ’s continued prioritization of incentivizing companies to
help deter criminal conduct in the first place. This includes developing and
implementing effective programs that foster a compliance-promoting culture and
holding individual wrongdoers accountable. The changes are intended in part to assist
in-house legal and compliance personnel and other executives in making the case for
investing in compliance rather than treating it principally as a cost center.

The Revised Evaluation of Corporate Compliance Programs (“ECCP”)

The ECCP features a lengthy list of questions that DOJ uses to evaluate companies’
compliance programs when making charging decisions, including whether to impose a
monitor or other compliance obligations. The Fraud Section of DOJ’s Criminal Division
issued its first ECCP in February 2017, which it then revised in April 2019 and June 2020.
Since 2019, DOJ has structured the ECCP around three core questions, namely whether
a compliance program is: (1) well designed; (2) applied earnestly and in good faith; and
(3) working in practice.

The revised ECCP adds additional requirements to the guidance on two increasingly
important aspects: monitoring off-system communications and implementing
compliance-promoting compensation structures.

Off-System Communications

The proliferation of personal devices and third-party messaging apps can present
significant compliance challenges for companies. In today’s business world, much
communication happens via text and messaging apps rather than email or other
corporate systems more easily monitored. First and foremost, this is an issue for brokerdealers and other regulated entities subject to stringent recordkeeping requirements
under the federal securities laws. As noted in our 2022 Year in Review, several Wall
Street banks and brokerages recently agreed to pay a combined $1.8 billion to resolve
investigations brought by the SEC and CFTC relating to off-system communications.
However, DOJ in particular has broadened the focus to all companies, even those
without such specific recordkeeping obligations. The 2022 Monaco Memo provided a
“general rule” that all companies’ compliance programs should contain effective and
enforced policies governing the use of personal devices and messaging platforms, as well
as clear employee training and enforcement of such policies. In our recent article in Reuters on this topic, we offered 10 practical compliance steps for companies to
consider.

DOJ’s revised ECCP now includes a detailed section on the Criminal Division’s
expectations regarding how companies approach the use of personal devices and
messaging applications. Prosecutors are now explicitly instructed to consider the
relevant communications channels, policies and risk mitigation, including:

  • the types of electronic communication channels used by a company and its
    employees and their preservation and deletion settings (particularly important with
    ephemeral messaging platforms where messages disappear instantly);
  • whether the company employs a “bring your own device” (BYOD) policy and
    associated preservation and similar policies;
  • how policies and procedures governing the use of messaging applications are tailored
    to the company’s risk profile and how they ensure that business-related electronic
    data and communications can be preserved and collected, if needed (e.g., in the FCPA
    context where companies operate in foreign jurisdictions where text messaging on
    personal devices or the use of apps like WeChat, WhatsApp or Signal may be more
    common for business communications); and
  • how policies and procedures have been communicated to employees, and whether
    they are enforced on a regular and consistent basis.

Importantly, AAG Polite noted in announcing the revisions that a “company’s answers –
or lack of answers may very well affect the offer it receives to resolve criminal liability.”
The bottom line is companies need to understand common messaging platforms and
how they are used by their employees.

Compliance-Promoting Compensation Structures

Following a similar move by the SEC last October, the revised ECCP emphasizes that
the design and implementation of compensation systems play important roles in
fostering a culture of compliance. In the revised “Compensation Structures and
Consequence Management” section (previously called the “Incentives and Disciplinary
Measures”), DOJ added a number of questions that help determine how a company’s
compensation system contributes to or undermines an effective compliance program.
Prosecutors are instructed to consider how a company’s HR process, disciplinary
measures and financial incentives foster a compensation structure that promotes and
prioritizes compliance, and how effective that structure is in practice.

More specifically, prosecutors now should consider (among other things) whether a
company:

  • maintains and enforces policies and procedures that allow compliance performance
    to proactively and retroactively influence compensation packages, for example,
    through compensation systems that (i) recoup or reduce compensation in the wake
    of compliance violations via deferred or escrowed payments, particularly for
    compensation that would have not been earned but for the violations and also (ii)
    reward exemplary compliance behaviors with bonuses, establishing opportunities for
    employees to serve as compliance “champions” and making compliance performance
    a key metric for career advancement;
  • tracks metrics and other data relating to disciplinary actions to measure effectiveness
    of the investigation and consequence management functions (e.g., effectiveness and
    consistency of disciplinary measures across seniority levels, business units and
    regions) and adapts as needed its practices based on the analysis of those findings;
    and
  • maintains a nimble compliance function that gathers insights from its hotline and
    other indicia of compliance performance (e.g., the number of allegations
    substantiated and the average investigation duration) and is therefore able to evolve
    and adapt.

Compensation structures that effectively impose financial penalties for misconduct can
deter employees’ risky or “gray area” behavior by pinning the expenses of wrongdoing
on culpable persons’ wallets. Companies should involve Compliance department
personnel in designing, approving and awarding financial incentives, including for
personnel in senior levels of the organization.

Hotline Data Analytics

The revised “Compensation Structures and Consequence Management” section also
includes new metrics for companies’ hotline data. These include how hotline
substantiation rates compare for similar types of wrongdoing across a company, such as
across states, countries, or departments, or in comparison to similar companies.

Additionally, based on that analysis, companies are expected to conduct root cause
analysis for areas where conduct is relatively underreported or overreported.

Compensation Incentives and Clawbacks Pilot Program

Relatedly, DOJ also launched its first-ever Pilot Program on Compensation Incentives
and Clawbacks, allowing prosecutors to acknowledge clawbacks and thereby reduce
corporate fines. The program, which will run for three years before being extended or
modified:

  • requires that companies entering a corporate resolution involving the Criminal
    Division develop compliance-promoting criteria within their compensation and
    bonus systems and report to DOJ annually about their implementation during the
    resolution term; and
  • for companies that fully cooperate, timely and appropriately remediate, and have
    implemented programs to recoup compensation, reduces the applicable criminal fines by the amount of compensation the company attempts to claw back from
    culpable employees and those who “(a) had supervisory authority over the
    employee(s) or business area engaged in the misconduct and (b) knew of, or were
    willfully blind to, the misconduct.” This clawed-back portion stays with the
    company and does not go to DOJ, effectively doubling the value of any clawback by
    reducing its penalty obligations in addition to receipt of the clawback itself.

Acknowledging the expenses around pursuing clawbacks, such as potential litigation
costs, the program will ensure that companies that pursue clawbacks in good faith but
without success are still eligible to receive a fine reduction of up to 25% of the targeted
recoupment amount.

DAG Monaco explained that DOJ’s “goal is simple: to shift the burden of corporate
wrongdoing away from shareholders, who frequently play no role in misconduct, onto
those directly responsible.”

Revised Memorandum on Selection of Monitors in Criminal Division Matters

DOJ also issued a revised memo on the Selection of Monitors in Criminal Division
Matters, which builds off the 2018 Benczkowski Memo and incorporates updates
previewed in the October 2021 Monaco Memo and the September 2022 Monaco Memo
(discussed in our September 2022 FCPA Update) to clarify how DOJ selects monitors.
The slightly revised memo provides clarity on four fronts:

  • Prosecutors should neither apply a presumption for nor against monitors, but
    instead should consider the provided 10 (non-exhaustive) factors when assessing the
    appropriateness of a monitor;
  • Many of the requirements for monitors also apply to monitor teams;
  • Monitor selections are made according to DOJ’s commitment to diversity, equity and
    inclusion; and
  • The cooling off period has been increased from no less than two years to no less than
    three years from the date of the monitorship’s termination.

These changes clarify the process around implementing monitorships, particularly with
respect to when monitorships may be required and which candidates are available to
perform the monitorship.

Cooling Off Period

Although these revisions are aimed squarely at ensuring the independence of monitors,
the breadth of the requirements may leave a shallower pool of candidates available to
take on particular monitorships. The cooling off period, i.e. the period within which the
company may not conduct other business with the monitoring firm/individual after the
monitorship’s end, was increased from two years to three years. This provision also
included language outlining the various prohibited relationships, including “any
employment, consultant, agency, attorney-client, auditing, or other professional
relationship” with the company or any of its personnel, subsidiaries, affiliates,
successors, or agents.

Further, monitor candidates must certify that they, their firms, and their team members
have no current or former interest in or relationship with the company or affiliated
entities or personnel. As many companies seek legal advice and other professional
services from multiple firms, this requirement may significantly reduce the number of
candidates available to perform a monitorship.

Future Implications

In many ways, revisions to the ECCP and monitorship memo involve DOJ formalizing
guidance it has offered over the past few years rather than any sort of sea change to the
enforcement environment. That said, the formality, and indeed the repetition of the
guidance, amplifies DOJ’s priorities and further guides what companies can expect from
the enforcement process.

Notably, it remains to be seen how companies implement this guidance (especially
DOJ’s increasingly complex and high expectations) and how DOJ will react to those
efforts. These policy guideposts should help companies better direct their compliance
resources and draft their internal policies. However, DOJ’s actual enforcement
resolutions undoubtedly will provide the best measure of corporate efforts against DOJ’s
expectations and the benefits that DOJ is correspondingly willing to extend. While there
have been some positive signs on this front, such as the ABB Ltd. DPA, DOJ has shown
its teeth recently too, including recently extending Ericsson’s monitorship and imposing
an additional $206 million fine for breach of its DPA. We will be watching closely
upcoming resolutions for indications of precisely how DOJ applies its escalating
expectations in assessing cooperation and compliance programs on the ground.

Author

Kara Brockmeyer is a litigation partner in the firm’s Washington D.C. office, where she represents companies and individuals in anti-corruption, fraud and related government investigations and internal investigations, and advises on deal due diligence and compliance matters. She is a member of the White Collar & Regulatory Defense and Strategic Crisis Response and Solutions Groups.

Author

Andrew Levine is a litigation partner who focuses his practice on white collar and regulatory defense, internal investigations and a broad range of complex commercial litigation. He regularly defends companies in criminal, civil and regulatory enforcement matters and has conducted numerous investigations throughout the world. Mr. Levine frequently advises companies on compliance matters, including with respect to the U.S. Foreign Corrupt Practices Act, and the assessment and management of risks presented by potential mergers, acquisitions and other transactions. In 2014, Mr. Levine was named to Global Investigations Review’s inaugural “40 Under 40” list of the world’s leading investigations lawyers, and he was recognized in 2013 as a Rising Star by the New York Law Journal. Mr. Levine is recommended for international litigation in The Legal 500 US (2022), where clients have described him as “smart, responsive, collaborative and sharp in his advice.” He is ranked as a leading lawyer for FCPA by Chambers USA (2022), where clients say “he is focused on pragmatic solutions.” Sources have also said that “his breadth of knowledge is unparalleled,” he is “exceptionally able and capable,” and “very pragmatic and hands-on. He’s able to conceptualize and simplify quite quickly complex considerations and situations.” In Chambers Global (2023) and Chambers Latin America (2023), where Mr. Levine is recommended as a top-tier lawyer, clients note that “he stands out for his client service and attention to detail,” describing him as “a lawyer that turns complexity into simplicity.” They also note that he is “extremely professional and technical” and he has “a deep experience in Latin America.” In previous editions of the guides, he has been lauded as “an impressive and tireless thought leader,” “an extremely well-known figure globally,” “a very thoughtful and service-oriented lawyer,” “a reassuring presence in tumultuous times,” “a calm, competent and thorough practitioner” and “brilliant, hard-working and thoughtful.” Clients are said to value his “encyclopedic knowledge” and his “ability to condense a complex situation into something understandable and manageable.” Mr. Levine is also ranked as a leading lawyer by The Legal 500 Latin America (2023), where clients describe him as “an amazing lawyer” and “the US lawyer that knows the Latin America compliance and investigation market the best.” In previous editions of the guide, he is described as a “superstar,” with clients noting that “he has a wealth of experience,” is “extremely articulate” and “he has an amazing analytical ability.” Latin Lawyer notes Mr. Levine’s “substantial work in Latin America,” recognizing him as one of the top lawyers active on anti-corruption matters in the region.

Author

David A. O’Neil is a litigation partner and member of the firm’s White Collar & Regulatory Defense Group. Recommended by Chambers USA (2021) and The Legal 500 US (2021) as a leading lawyer in White Collar Crime & Government Investigations and International Litigation, his practice focuses on white collar criminal defense, internal investigations, anti-corruption and FCPA defense and congressional investigations. In both 2018 and 2020, Mr. O’Neil was recognized as a Litigation Trailblazer by the National Law Journal and he was named a White Collar MVP by Law 360 in 2018. In Chambers USA (2020), clients report that he is “driven, practical and offers a level of common sense and solutions focus that few bring.” He has also been described as “responsive and sharp, he spots the key issues straightaway and is able to quickly analyze and break them down in a manner to be tackled.” Mr. O’Neil is also recommended for compliance and investigations by The Legal 500 Latin America (2021).

Author

Kristin Snyder is a litigation partner and member of the firm’s White Collar & Regulatory Defense Group. Her practice focuses on securities-related regulatory and enforcement matters, particularly for private investment firms and other asset managers.

Author

Bruce Yannett is Deputy Presiding Partner of the firm, a member of the firm’s Management Committee and Chair of the White Collar & Regulatory Defense Practice Group. He focuses on white collar criminal defense, regulatory enforcement and internal investigations. He represents a broad range of companies, financial institutions and their executives in matters involving securities fraud, accounting fraud, foreign bribery, cybersecurity, insider trading and money laundering. He has extensive experience representing corporations and individuals outside the United States in responding to inquiries and investigations.

Author

Charu A. Chandrasekhar is a litigation partner based in the New York office and a member of the firm’s White Collar & Regulatory Defense and Data Strategy & Security Groups. Her practice focuses on securities enforcement and government investigations defense and cybersecurity regulatory counseling and defense.

Author

Andreas A. Glimenakis is a litigation associate and a member of the firm’s White Collar & Regulatory Defense Group. His practice focuses on government and internal investigations, securities enforcement actions, and compliance advice. Mr. Glimenakis is also an associate editor of FCPA Update, the firm’s monthly newsletter addressing developments in anti-corruption law enforcement and related compliance topics.

Author

Joseph Ptomey is a litigation associate. He can be reached at jptomey@debevoise.com