DOJ’s new guidance on compliance programmes
December 2017 | SPOTLIGHT | FRAUD & CORRUPTION
Financier Worldwide Magazine
December 2017 Issue
On 8 February 2017, the Fraud Section of the Department of Justice (DOJ) quietly published pointed and specific guidance on how it assesses – and intends to assess – compliance programmes in a report: “Evaluation of Corporate Compliance Programs”. Much of the substantive guidance in the report draws from pre-existing DOJ materials, and is consistent with other well-known compliance guidance. The report provides insight into the questions corporate counsel should expect from DOJ prosecutors during a criminal investigation and it highlights common indicators of a strong corporate culture of compliance. In the months that have passed since the report was introduced, a few themes have emerged from the resolution of investigations that have been announced and from some of the charging decisions that the DOJ has made. In particular, a strong corporate culture of compliance will still feature prominently in how investigations will be resolved, and the DOJ will still expect companies that are under investigation to focus their efforts on identifying any individuals responsible for misconduct.
Since at least 1999, when the ‘Holder Memo’ addressed principles of prosecution of business organisations, companies have looked to a variety of DOJ publications for clues on how compliance programmes are evaluated and weighed in the context of corporate criminal investigations. The report is an explicit continuation of DOJ guidance that previously addressed compliance programmes, including the United States Federal Sentencing Guidelines, the United States Attorney’s Manual and A Resource Guide to the US Foreign Corrupt Practices Act. These earlier materials, such as the Federal Sentencing Guidelines and US Attorney’s Manual, have helped defence lawyers frame corporate cooperation with criminal investigations, but proved less effective guides to DOJ compliance programme evaluations (as has been made clear many times over, an effective compliance programme is not a complete defence for a corporation). Although the 2008 ‘Filip Factors’, listed in the US Attorney’s Manual, instruct prosecutors to consider the effectiveness of a compliance programme when conducting an investigation or negotiating a resolution, they lack the detail necessary to evaluate complex compliance programmes for multinational companies that rely on layers of internal corporate review and data analysis. More recent guidance, such as the FCPA Guide, provides insight into how the effectiveness of companies’ compliance programmes would be assessed by the DOJ in the event of an investigation. That is, valuable after-the-fact measures that provide only a baseline for creating compliance policies and turning them into an effective compliance programme.
The report gives a further window into what DOJ prosecutors are looking for when analysing a company’s compliance operation. Though its approach is consistent with prior DOJ guidance, the new release could mark a subtle departure from the DOJ’s allowance that compliance programmes are individually evaluated in light of a company’s specific needs and risk profile. Instead, the report is a roadmap of questions that companies and their counsel should expect and be able to answer and, importantly, should be able to explain why inapplicable questions are not relevant to a company’s specific needs or risk profile. Two pronounced themes that are present throughout the report are accountability from individuals and an expected corporate culture of compliance.
Focus on individual responsibility and corporate culture
The report reflects the DOJ’s continued interest in individual responsibility, as recently articulated in the 2015 Yates Memo, which prioritised individual accountability in corporate investigations. The report further evidences the DOJ’s interest in pursuing individuals in cases of corporate wrongdoing. The report identifies 11 broad topic areas, along with numerous sub-topics and questions that prosecutors may ask when evaluating a compliance programme. Several of these topics, sub-topics and specific questions focus on individual responsibility; some examples are: “How have senior leaders, through their words and actions, encouraged or discouraged the type of misconduct in question?” “What specific actions have senior leaders…taken to demonstrate their commitment to compliance, including their remediation efforts?” “Who reviewed the performance of the compliance function and what was the review process?”
The 11 broad topic areas in the report also set forth a detailed framework of the DOJ’s corporate culture expectations. For example, the report includes questions regarding: (i) the stature and power of the compliance programme; (ii) compliance officers’ access to the company’s board of directors; (iii) the design and implementation of compliance policies and procedures; (iv) how the company assesses and tests for risk; (v) whether employees are adequately trained to recognise and respond to misconduct; (vi) the company’s reporting and investigatory mechanisms; and (vii) whether the company takes appropriate disciplinary actions in the event of misconduct. While none of these questions is novel, it is undeniably essential that a responsible company official be able to provide satisfactory answers to them in the face of enforcement scrutiny.
The DOJ’s continued focus on these issues, and in particular, on individual accountability, has been evidenced in recent remarks by DOJ officials. Attorney general Jeff Sessions stated that, “[t]he Department of Justice will continue to emphasise the importance of holding individuals accountable for corporate misconduct. It is not merely companies, but specific individuals who break the law.” Similarly, in remarks in early October, Deputy Attorney General Rod Rosenstein reaffirmed that DOJ is committed “to hold[ing] individuals accountable for corporate wrongdoing” and highlighted that, in 2016, over 50 percent of cases in which an organisation was convicted of wrongdoing involved a separate conviction of a related individual. One example of the DOJ’s dedication to prosecuting individuals is the government’s ongoing investigation into foreign-exchange rigging. The investigation resulted in four banks pleading guilty to conspiring to manipulate currency prices. In addition, on 23 October 2017, after a jury trial, the DOJ secured a conviction of the former head of global foreign exchange cash trading at HSBC Bank for wire fraud and conspiracy to commit wire fraud. Over the past two years, the DOJ has also resolved several FCPA cases against individuals, including against individuals related to the DOJ’s ongoing investigation into energy contracts with Venezuelan state-owned energy company Petroleos de Venezuela SA.
In addition, the DOJ is continuing to evaluate companies’ corporate culture when determining appropriate resolutions after finding evidence of misconduct. In late September, Stockholm-based Telia Company AB agreed to a total penalty of nearly $1bn to resolve FCPA allegations. Despite being the third-largest FCPA monetary penalty of all time, the company’s dedication to reforming its corporate culture, including the termination of all employees involved in the misconduct and everyone who supervised them, factored into the DOJ’s decision to not impose a monitor, saving the company considerable resources. In assessing the merits and faults of a company’s corporate culture, the DOJ will also evaluate whether, if compliance issues are brought to light, the company acted quickly and efficiently in remedying such issues. In particular, enforcement actions in 2016 and 2017 demonstrate the importance of timely remedying issues identified in internal audits, and that the DOJ will undoubtedly consider a company’s response to such audits in the event of a subsequent enforcement action.
Even though the report contains guidance previously addressed through existing DOJ materials, it provides a sharper lens into how the DOJ evaluates the effectiveness of corporate compliance programmes. Only time will tell the extent to which the DOJ treats the report as a checklist (which it explicitly denies it does or will) when it subjects a compliance programme to close scrutiny and even then, whether the DOJ’s approach will be publicly discernible in resolved cases.
Philip J. Bezanson is a managing partner, Glen A. Kopp is a partner and Chelsea L. O’Donnell is an associate at Bracewell LLP. Mr Bezanson can be contacted on +1 (212) 204 6206 or by email: firstname.lastname@example.org. Mr Kopp can be contacted on +1 (212) 508 6123 or by email: email@example.com. Ms O’Donnell can be contacted on +1 (212) 938 6421 or by email: firstname.lastname@example.org.#
© Financier Worldwide
Philip J. Bezanson, Glen A. Kopp and Chelsea L. O’Donnell