Mid-year round-up on compliance trends from the Department of Justice

~ DOJ Compliance and Enforcement trends January 2023 through June 2023 ~

“Investing now in a robust compliance program is good for business, and it is good for our collective economic and national security.” – Lisa Monaco, Deputy Attorney General at the American Bar Association National Institute on White Collar Crime, March 2, 2023.

Overview

As shared by Principal Associate Deputy Attorney General Marshall Miller at the May 2023 Ethics and Compliance Initiative IMPACT Conference, “Investing in significant additional compliance resources at this time is common sense; it’s good business; and it’s the right thing to do.”

Through its policies and enforcement actions, the Department of Justice strives to deter criminal conduct, incentivize the development and implementation of effective compliance programs, and promote ethical corporate cultures. The DOJ’s 2023 focus, thus far, has been on incentivizing corporations to develop and maintain strong compliance programs that are tested, effective, adequately resourced, and fully implemented. If there’s one thing on which the DOJ advises corporations to focus, it’s compliance, compliance, and more compliance.

Trends

I. Revisions to the Criminal Division’s Voluntary Self-Disclosure and Corporate Enforcement Policy (CEP)

In January 2023, Assistant Attorney General Kenneth Polite unveiled significant changes to the Corporate Enforcement Policy (CEP). In light of these changes one thing has become abundantly clear: the DOJ is placing a new and enhanced premium on voluntary self-disclosure.

According to the DOJ, when a company discovers criminal misconduct, the best resolution will involve prompt and judicious voluntary self-disclosure. A company that voluntarily self-discloses and fully meets the other requirements of the CEP, by fully cooperating with Government authorities and by timely and appropriate remediation of the company vulnerabilities to criminal conduct, will receive a declination, absent any aggravating factors. U.S. Dep’t of Just., Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy, at 1 (2023). A declination, pursuant to the CEP, is a case that would have been prosecuted or criminally resolved except for the company’s voluntary disclosure, full cooperation, remediation, and payment of disgorgement, forfeiture, and/or restitution. If a company receives a declination, the DOJ will decline to prosecute their case. To qualify for a declination, a company is required to pay all disgorgement, forfeiture, and/or restitution resulting from the misconduct at issue.

To implement these CEP revisions, every U.S. Attorney’s Office now has an operative, predictable, and transparent voluntary self-disclosure program aligned with the revised CEP. Across all DOJ components, company compliance with the revised CEP and an absence of aggravating factors comes with several benefits: no DOJ component will seek a guilty plea where a company has voluntarily self- disclosed, cooperated, and remediated the misconduct; companies will receive a fifty to seventy-five percent reduction off the possible fine range; and if an effective compliance program is implemented, the offending company will not be required to take on an independent compliance monitor. U.S. Dep’t of Just., Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy, at 2 (2023).

The DOJ claims that even with aggravating factors, prosecutors may nonetheless determine that a declination is an appropriate outcome if the company demonstrates to the DOJ’s Criminal Division that:

• the voluntary self-disclosure was made immediately upon the company becoming aware of the allegation of misconduct;
• the company had an effective compliance program and system of internal accounting controls in place, which enabled the identification of the misconduct and led to the company’s voluntary self-disclosure; and the
• company provided extraordinary cooperation with the DOJ’s investigation and undertook extraordinary remediation that exceeds the respective factors.

While the CEP revisions did not define the expected timelines for “immediate” self-disclosure, the revised CEP adds that “[t]he Criminal Division encourages self-disclosure of potential wrongdoing at the earliest possible time, even when a company has not yet completed an internal investigation, if it chooses to conduct one.” The revisions were also silent on the standards for “extraordinary” cooperation. Given the emphasis on self-disclosure, it may be safe to assume that any company action falling short of full disclosure, full cooperation, and timely, appropriate remediation in response to criminal misconduct will not meet the threshold of “extraordinary.” Overall, the DOJ seems to expect companies to affirmatively develop robust and effective compliance programs to take advantage of any potential benefits offered under the revised CEP.

Voluntary self-disclosure in mergers and acquisitions

The DOJ’s Criminal Division kept mergers and acquisitions at the forefront when implementing the revised CEP, recognizing the potential benefits of an acquiring entity with a robust compliance program implementing their program as quickly as practicable after merger or the acquisition of another entity. The Criminal Division’s Voluntary Self-Disclosure Policy aims to incentivize companies to timely disclose misconduct uncovered during due diligence in the M&A process by offering a presumption of a declination and declining to take enforcement action against companies that promptly and voluntarily self-disclose misconduct uncovered in the M&A context.

An increased emphasis on disclosure during due diligence in the M&A process stems from the DOJ’s 2021 False Claims Act compliance initiatives. During the 2021 fiscal year, the DOJ emphasized the importance of preserving security during due diligence in the M&A process as it recovered more than five billion dollars on False Claim Act Settlements and Judgments. For the last two years, the DOJ has continued to emphasize cybersecurity compliance as a top priority to combat new and emerging cyber threats. More on the DOJ’s technology national security initiatives and the crossover with corporate compliance below in
the “National Security-Related Compliance Enforcement” section.

The DOJ continues to promote and standardize voluntary self-disclosure policies and to incentivize companies to implement effective compliance programs. If you have any compliance questions or need assistance implementing a compliance program sufficiently designed to promote voluntary self-disclosure policies, please don’t hesitate to contact the compliance experts at Ward and Berry.

II. Pilot Program on Compensation Incentives and Clawbacks

In March 2023, the DOJ announced the Criminal Division’s Pilot Program regarding compensation incentives and clawbacks, as another means of incentivizing corporate compliance. Over the next three years, the Criminal Division will require corporate defendants resolving criminal cases to implement compliance-related criteria in their compensation systems and will offer fine reductions to companies that seek in good faith to clawback compensation when appropriate.

Under the Pilot Program, the DOJ claims their Criminal Division will provide fine reductions to companies who seek to claw back compensation from corporate wrongdoers and their supervisors. Possible fine reductions arise where:

•  Companies withhold bonuses from employees who do not satisfy compliance requirements.
•  Companies provide incentives to employees who demonstrate commitment to compliance requirements.
•  Companies hold supervisors with authority over an employee who engaged in misconduct accountable for the employee’s misconduct.
•  Companies implement a system whereby executives and employees are required to forfeit their bonuses if they fail to meet certain compliance- related objectives.

In such circumstances, according to the DOJ their prosecutors shall grant, in addition to any other reduction available under applicable policy, a reduction of the fine in the amount of 100% of any such compensation that is recouped during the period of the resolution. If a company indicates to the DOJ that it will clawback a set amount from a corporate wrongdoer, the company’s fine will be nominally reduced by that amount. If the company then recovers the full indicated amount, it will enjoy the benefit of not only the reduced fine from the DOJ but also the dollars recovered. If, however, the company recovers less than it indicated it would, the company’s fine will be reduced only by what was actually recovered. U.S. Dep’t of Just., The Criminal Division’s Pilot Program Regarding Compensation Incentives and Clawbacks, at 2 (2023).

The DOJ claims the Pilot Program will also ensure that those who pursue clawbacks in good faith, but are unsuccessful, will still be eligible for fine reductions up to 25% of the amount of compensation the company attempted to clawback. U.S. Dep’t of Just., The Criminal Division’s Pilot Program Regarding Compensation Incentives and Clawbacks, at 2 (2023).

The DOJ hopes the Pilot Program will empower corporate general counsels and compliance officers to emphasize the need for an investment in robust compliance programs, ensure the individuals committing misconduct do not profit from their misdeeds, and promote personal investment in compliance programming by executives and employees. The DOJ aims at shifting the burden of corporate wrongdoing away from shareholders, who frequently play no role in the misconduct, and onto those directly responsible and their supervisors. However only time will tell whether the Pilot Program succeeds in all these goals.

If you have any questions or need assistance developing a compliance program that aligns with the compensation incentives and clawback provisions of the Pilot Program, please do not hesitate to contact the compliance experts at Ward and Berry.

III. Updated Evaluation of Corporate Compliance Programs addresses use of personal electronic devices and third-party messaging platforms

In March 2023, Assistant Attorney General Kenneth Polite announced significant changes to the Evaluation of Corporate Compliance Programs (ECCP), including changes on how the DOJ considers a corporation’s approach to the use of personal electronic communications devices, various communications platforms, and ephemeral messaging applications. Given the uptick in personal communication mechanisms in corporate practice and potential criminal conduct coverups springing from those mechanisms, the DOJ is placing an increased emphasis on compliant corporate use of personal devices.

Under the updated ECCP, the DOJ will evaluate whether companies have effective electronic data governance policies as part of their compliance programs, the extent to which companies communicate such policies to employees, and whether companies follow through with enforcement.

When conducting an evaluation of a corporation’s use of personal devices and communication platforms, the DOJ guidance instructs prosecutors to consider the following factors:

• Whether policies governing messaging applications were tailored to the corporation’s risk profile and specific business needs.
•  Whether the corporation’s business-related electronic data and communications can be preserved and accessed including devices outside the corporate server.
• How corporations communicate their compliance communication policies to their employees, and whether they enforce them on a consistent basis.
• Whether the electronic communication channels used by the business and their preservation and deletion settings are compliant, including “bring your own device” programs.

According to the DOJ, corporations should tailor policies to their specific risk profile and provide for appropriate access to and preservation of business-related communications, even those on personal devices. As mentioned above, where documents and communications exchanged via personal devices signify evidence of actions requiring disclosure, corporations will be expected to achieve an “extraordinary” degree of cooperation in collecting and disclosing such records.

Corporations should consider this expectation when implementing their personal device compliance programs and ensure the necessary retrieval of required information from personal devices is possible. To ensure compliance, working with internal compliance officers and outside counsel to adopt appropriate policies governing electronic communications is a must to avoid criminal liability sparked from the potential misuse of various communications platforms or insufficiency in cooperation.

If you have any questions regarding your communications compliance policy or amending your policy to include personal electronic devices, please do not hesitate to contact the experts at Ward and Berry.

IV. National Security-Related Compliance Enforcement

The Department of Justice is dramatically scaling up their efforts and investment in fighting national security-related corporate crime. To address the increasing intersection of corporate crime and national security, the DOJ announced significant restructuring and resource commitments within their National Security Division. This initiative included adding over two dozen new prosecutors to the National Security Division to focus on investigating and prosecuting corporations for sanctions evasion, export control violations, and similar economic crimes relating to national security.

Additionally, in February 2023, the DOJ announced the formation of the Disruptive Technology Strike Force. The Strike Force is an inter-agency effort to strike back against adversaries trying to siphon off technology and attack national security vulnerabilities. The Strike Force’s work focuses on:

• enhancing administrative enforcement of U.S. export controls by
  investigating and prosecuting criminal violations of export laws;
• fostering partnerships with the private sector while strengthening
  connectivity between the Strike Force and the Intelligence Community;
• utilizing advanced data analytics and all-source intelligence to develop and build investigations; and  protecting critical technological assets from being acquired or used by adversaries.

In May 2023, less than three months after the formation of the Strike Force, the DOJ announced five cases and four arrests arising from five different U.S. Attorney Offices per the efforts of the Strike Force. The recent enforcement actions by the Strike Force underscore the unique risks technology companies may face when engaging foreign subsidiaries, distributors, and resellers and emphasize the critical importance of maintaining effective compliance controls.

According to Associate Deputy Attorney General Marshall Miller, “Where in years past a compliance team might have mitigated national security risks through sanctions-screening software and attention to a few sanctioned countries, today a new level of diligence and attention is required.” Particularly for any company whose operations touch parts of the world controlled by autocracies, the DOJ’s message is simple: national security laws must rise to the top of your compliance risk chart, with the recognition that even the most innocuous-looking transaction or activity could implicate our collective security.

Considering the realities that corporate crime increasingly — now almost routinely — intersects with national security concerns, the DOJ is emphasizing national security-related compliance and encourages corporations to do the same. If you have any questions on national security compliance programming or need assistance with creating or amending your compliance program to reflect the requirements by the DOJ, please do not hesitate to contact the compliance experts at Ward and Berry.

V. Increased Antitrust Division Investigations

The DOJ’s Antitrust Division currently is — and will continue — working with individuals and responsible corporate citizens as part of the DOJ’s ongoing efforts to identify criminal anti-competitive conduct. As part of those efforts, the Antitrust Division is pursuing proactive investigations at a pace not seen in decades to make sure that antitrust risk is front and center when corporations are deciding where to invest in compliance.

This continued DOJ initiative derives from the Procurement Collusion Strike Force (PCSF), established in 2019 to combat antitrust crimes and related fraudulent schemes. As of 2023, the PCSF has rendered more than forty guilty pleas and trial convictions from bid-rigging and procurement fraud schemes resulting in over $50 million in criminal fines and restitution. According to the DOJ, the PCSF’s efforts will not decelerate any time soon and they hope to expand their reach and access.

In June 2023, Deputy Assistant Attorney General Manish Kumar reiterated the Antitrust Division’s efforts to collaborate with the corporate citizens to detect anti-competitive conduct. These efforts include upholding a consistent practice to “protect the identity of complainants and the information they provide to the full extent of the law.” To facilitate this protection, the Antitrust Division is looking to promote access via their website and Citizen Complaint Center so that members of the public can register antitrust complaints and concerns more efficiently.

The Antitrust Division is aware many responsible corporate citizens might be witnesses to anti-competitive conduct. In fact, those citizen insiders will likely see red flags and indicia of collusion before the Antitrust Division will, especially in procurement departments. Such collusion risks are especially acute given continued supply chain disruptions and inflationary pressures that impact the macro-economy.

Collusion and anti-competitive conduct detection may be a frequently overlooked aspect of corporate compliance training, but it is vital to protecting against antitrust violations and broader corporate collusion. Such training can limit or even mitigate criminal sanctions on the one hand, and potentially allow for recovering damages on the other. The DOJ strongly believes we all benefit when markets are free from collusion. To accomplish this aim, effective antitrust enforcement requires a coordinated approach, especially within the corporate sector.

Corporations would be well advised to implement or refresh robust antitrust compliance programs. If you have any questions or need assistance, please don’t hesitate to contact the compliance experts at Ward and Berry.

Need Compliance Guidance?

Compliance is the magic word for the DOJ so far this year, reaching far and wide to various corporate practices. Whether it’s voluntary self-disclosure, compensation incentives, personal electronic devices, national security, or antitrust concerns, the same phrase is shared time and time again by the DOJ: “implement a robust compliance program.” If you need assistance developing and implementing a strong compliance program that is effective and adequately resourced don’t hesitate to contact the compliance experts at Ward and Berry.