All too often, corporations and executives trying to “do the right thing” find little preventative guidance coming from the Department of Justice. Companies seeking to ensure their corporate compliance programs are robust enough to withstand government scrutiny frequently must resort to reviewing the United States Sentencing Guidelines or prior Non-Prosecution Agreements or Deferred Prosecution Agreements for guidance.
Recently, though, the DOJ Fraud Section quietly issued additional information about how DOJ prosecutors evaluate a company’s compliance program in “conducting an investigation of a corporate entity, determining whether to bring charges, and negotiating plea or other agreements.” The guidance was issued on February 8, 2017, and was not accompanied by so much as a press release or other public statement. Titled “Evaluation of Corporate Compliance Programs,” it can be found in full here.
Although the guidance explicitly cautions that it is neither a checklist nor a formula, its bullet-point format clearly lends itself to use by executives or in-house counsel as they engage in internal investigations, present to government authorities, or endeavor to formulate robust compliance programs.
The guidance is divided into the following eleven topics, each of which is followed by three–four bullet points—with each bullet point then containing several questions and real-world scenarios that corporations will find helpful:
- Analysis and Remediation of Underlying Conduct;
- Senior and Middle Management;
- Autonomy and Resources;
- Policies and Procedures;
- Risk Assessment;
- Training and Communications;
- Confidential Reporting and Investigation;
- Incentives and Disciplinary Measures;
- Continuous Improvement, Periodic Testing and Review;
- Third-Party Management;
- Mergers and Acquisitions.
It bears mention at the outset that these eleven topics, as well as DOJ’s discussion of them in the other subparts of the recently issued guidance, track well the nine traditional factors a prosecutor is to consider in assessing how to treat a corporation under investigation. Principles of Federal Prosecution of Business Organizations, in 9 U.S. Attorneys’ Manual 9-28.300 (2008).
Moreover, there is nothing in the recent guidance that would seem to undercut DOJ’s position recently articulated (with much more fanfare) in the Yates Memorandum. Memorandum from Sally Quillian Yates, Deputy Attorney Gen., to All United States Attorneys, Re: Individual Accountability for Corporate Wrongdoing (Sept. 9, 2015), available at http://www.justice.gov/dag/file/769036/download. The Yates Memorandum, of course, reinforces that DOJ’s stated goal of individual accountability breeds deterrence of illegal activity and correspondingly incentivizes changes in corporate culture, promotes the federal sentencing goal of retribution by ensuring appropriate individuals are held responsible for their actions, and enhances the public’s confidence in the criminal justice system. Because the DOJ’s recent guidance is targeted explicitly to corporations, it is best viewed as a companion to the Yates Memorandum for companies facing potential corporate liability premised on individual wrongdoing.
In the early days of an administration that is expected to disfavor Non-Prosecution and Deferred Prosecution Agreements, the recent guidance serves as a timely and useful starting point in evaluating a corporation’s compliance program.
Certain highlights of the guidance are that it reinforces the importance of tone at the top (and at the middle)—asking “[w]hat concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts.” It also underscores that the stature and autonomy of the compliance department will be scrutinized—as well as the resources devoted to compliance and the qualifications of relevant personnel. Executives and in-house counsel know well the importance of internal controls in detecting and preventing misconduct, and the recent guidance continues to reflect this as an important consideration. Prosecutors specifically consider whether and when such controls were put in place, who specifically was responsible for their rollout, and whether such policies and procedures were integrated throughout the company. Finally, properly training and incentivizing employees, as well as providing sufficient reporting mechanisms, continue to be considerations at the forefront of DOJ compliance program evaluation.
In conclusion, the recently-issued DOJ guidance on how prosecutors evaluate corporate compliance programs when conducting investigations and considering possible charges or case resolutions reinforces that the government intends to closely scrutinize corporate compliance programs even while focusing efforts on individual wrongdoers. While this guidance should not be considered a checklist to achieve a robust compliance program, it does serve as a useful illustration of current DOJ thinking for corporations and executives who wish to take all possible steps in creating an ethical and successful corporate culture.