DOJ Announces Revamped Corporate Enforcement, Compliance and Policy Unit
On March 25, 2022, Assistant Attorney General Kenneth A. Polite Jr. of the U.S. Department of Justice (“DOJ”) delivered a speech to New York University Law’s Program on Corporate Compliance and Enforcement highlighting the DOJ’s recent internal moves to devote additional resources to compliance issues. Notably in order to incentivize CEOs and CCOs to strengthen corporate compliance within their companies, the DOJ is considering requiring CEOs and CCOs to provide compliance certifications at the end of the term of a corporate resolution agreement (including guilty pleas, deferred prosecution agreements, and non-prosecution agreements) and in any annual self-reports to the DOJ.
DOJ Enhances Resources to Combat Criminal Misconduct
AAG Polite Jr. stated that the DOJ is prioritizing building a wealth of compliance expertise amongst its prosecutors to strengthen the DOJ’s ability to assess the effectiveness of corporate compliance programs. Recently, the DOJ revamped the Fraud Section’s former Strategy, Policy, and Training Unit and has now dubbed it the Corporate Enforcement, Compliance, and Policy (“CECP”) Unit, which will include new management comprised of both prosecutors and former compliance and defense lawyers with deep experience in compliance, monitorships, and corporate enforcement matters. AAG Polite Jr. indicated that the DOJ currently has plans to add additional capability to the Unit.
The CECP is responsible for providing trainings on compliance and monitorship matters to prosecutors within and outside the Fraud Section. It also works on policy issues, reviews work plans and self-reports of companies, and evaluates their progress in enhancing their compliance programs.
Three Key Features of an Effective Corporate Compliance Program
AAG Polite Jr. reiterated that the DOJ expects “an effective corporate compliance program to be much more than a company’s policies, procedures, and internal controls.” Specifically, the DOJ expects companies to implement programs that have three key features:
- They must be well-designed;
- They must be adequately resourced and empowered to function effectively; and
- They must work in practice.
Well-designed programs should be developed to address the key areas identified in a company’s risk assessment and should be easily accessible and understandable to the company’s employees and business partners. Well-designed programs also establish a process for reporting violations of law, encourage employees to speak up without fear of retaliation, and take seriously, all substantiated reports.
Adequately resourced programs are comprised of compliance personnel who possess the relevant expertise and qualifications for their roles. These programs also ensure that compliance officers have adequate access to and engagement with the business, management, and board of directors. AAG Polite Jr. noted that it is “critical” that a company’s commitment to promoting compliance and ethical values is reflected at all levels of the company — from the CEO to the lower-level managers.
Lastly, AAG Polite Jr. stated that when the DOJ is evaluating whether a company’s compliance program actually works in practice, the DOJ is looking to see whether the company is continuously testing the effectiveness of its compliance program, improving, and updating the program to ensure that it is sustainable and adapting to evolving risks. According to AAG Polite Jr., companies that test the effectiveness of training, communications, and compliance culture, and make subsequent improvements, “set themselves apart.”
Consequences for Noncompliance and Increased Roles for CEOs and CCOs
In AAG Polite Jr.’s speech, his message was clear — “support your compliance team now or pay later.” He stressed that companies which come in to make compliance presentations to the Fraud Section will face “tough and probing questions from [the DOJ’s] compliance specialists.” Moreover, the DOJ does not want to hear a ‘check-the-box’ presentation from outside counsel, but instead would like to see the Chief Compliance Officer and other senior management leading presentations and demonstrating their knowledge and ownership of the compliance program. Specifically, companies must demonstrate how their compliance program has been upgraded to address the root cause of the misconduct, and how it is being tested to ensure it is sustainable and adaptable to changing risks.
Based on what the DOJ learns through the companies’ compliance presentations, AAG Polite Jr. said that the DOJ, under a non-trial resolution, will determine whether an independent compliance monitor should be imposed or whether the company will be allowed to implement the changes on their own via a resolution agreement. In this regard, he noted that monitorships may not be appropriate where a company:
- Has a concerted commitment from the top down in implementing a strong compliance program;
- Has been able to test its controls and demonstrate that they are effective;
- Has made relevant updates to its program to adapt changing risks; and
- Has cultivated a strong culture of compliance and ethical values.
However, if a monitorship is imposed on a company, AAG Polite Jr. emphasized that the DOJ encourages companies to not only ensure that the candidates for the monitorship are eminently qualified with deep compliance experience, but that they also are diverse in terms of their types of experience as well as their backgrounds. This recommendation aligns with the Department’s commitment to diversity, equity, and inclusion.
Companies without a monitor still have ongoing obligations to continue to test, improve, and demonstrate the effectiveness of its compliance program and must report to the Department regarding the status of their compliance obligations.
AAG Polite Jr. warned that there are consequences for companies that violate their resolution agreements. The DOJ will tailor its proposed sanctions to address the particular facts and circumstances of any given case: “Whether it’s a corporate guilty plea or an extension of a monitorship, [the DOJ] will pursue appropriate punishments.”
Call to Action to CEOs and CCOs
Underpinning AAG Polite Jr.’s speech is the DOJ’s interest in empowering Chief Compliance Officers, Chief Executive Officers, and other senior management to take on more ownership of their roles in their companies compliance programs. AAG Polite Jr. reflected on his own time as a CCO of a Fortune 500 company and stated that he believes compliance roles are the most impactful because CCOs have a “direct role in utilizing the most effective tool in addressing crime…preventing it in the first place.”
To this end, in addition to wanting CCOs to lead compliance presentations to the DOJ and certify any annual self-reports to the DOJ, AAG Polite Jr. has asked his team to consider requiring both the CEO and CCO in all of the DOJ’s corporate resolutions (including guilty pleas, deferred prosecution agreements, and non-prosecution agreements) to certify at the end of the term of an agreement, that the company’s compliance program is functioning effectively and is reasonably designed and implemented to detect and prevent violations of law.
- In lieu of having outside counsel give compliance presentations to the DOJ, the Department is interested in seeing CCOs lead presentations to demonstrate their knowledge and ownership of their companies’ compliance programs.
- DOJ is looking to require CEOs and CCOs to make compliance certifications in both annual self-reports and at the end of the term of a corporate resolution agreement with the DOJ.
- When a monitorship is imposed on a company for compliance misconduct, the DOJ expects the company to align with the Department’s diversity, equity, and inclusion initiatives by presenting monitor candidates who not only have a wealth of compliance experience but have diverse backgrounds.
- Companies that make a serious investment in improving their compliance programs and internal controls will be viewed in a better light by the DOJ than those who do not make the investment.