Latest DOJ Guidance and Non-US Companies: What to Expect and How to Handle it
By Nicola Bonucci, Leo Tsao, Julie Bermond & Aïssatou Fall
Since his election, President Joe Biden has loudly reaffirmed U.S. ambitions in the fight against global corruption, domestically and abroad.
Thus, in June 2021 the “Biden memorandum” declared the fight against corruption a “core U.S. national security interest.” Last December, the U.S. issued its first Strategy on Countering Corruption indicating one of its strategic objectives of the U.S. resolve is to “increase its focus on the transnational aspects of corruption.”
More recently, the United States indicated in its National Security Strategy that it “will elevate and expand the scale of diplomatic engagement and foreign assistance, including by enhancing partner governments’ capacities to fight corruption in cooperation with U.S. law enforcement authorities and bolstering the prevention and oversight capacities of willing governments.”
This increased focus on the fight against corruption has also led to the issuance of more operational guidance designed to translate these policies into concrete actions:
- In June 2020, the Department of Justice released its revised Evaluation of Corporate Compliance Programs;
- On 28 October 2021, the Deputy Attorney General (“DAG”) Lisa Monaco issued a memorandum with new guidance for the prosecution of individuals and companies; and
- This guidance was supplemented and/or clarified by a second memorandum dated 15 September 2022.
These documents reaffirm the U.S. government’s commitment to fighting corporate crime by prosecuting companies, as well as executives and other individuals, involved in illegal activities.
This client alert is specifically designed for the benefit of non-U.S. companies and complements a previous client alert. Indeed, while the Department of Justice (“DOJ”) guidance is applicable to all companies (I), certain points are worth noting for non-U.S. companies (II).
- Selected key points for all companies and what they mean for non U.S. companies
- A renewed emphasis on voluntary self-disclosure
In its latest guidance, the DOJ emphasized the importance of incentivizing companies to voluntarily self-disclose corporate misconduct to the DOJ on a timely basis. Under the new policy, all DOJ components are required to adopt policies setting forth the potential benefits that a company may receive for timely voluntary self-disclosures, including the following:
- There is a presumption against a guilty plea, if the company has also fully cooperated and taken appropriate remedial action; and
- The DOJ will not impose a monitor if the company itself has already implemented a compliance program.
The DOJ’s efforts to increase transparency for voluntary self-disclosures is commendable, but the policies still raise many questions for non-U.S. companies, which may face investigations by both their home jurisdiction and the United States, as well as other jurisdictions. How should a company weigh whether to disclose if more than one jurisdiction may investigate? Should they disclose to all potential jurisdictions? If they disclose to their home authority first will this be held against them?
- Increased requirements for companies cooperating with the DOJ’s investigation
In her recent announcement, the DAG restated the DOJ’s longstanding policy to focus on the prosecution of individuals. To support such prosecutions, the DOJ’s new policies increased the burden on what companies are required to do to receive cooperation credit. Specifically, for a company to receive any cooperation credit, it must do the following:
- Identification of all individuals involved, regardless of their position, status or seniority, whether inside or outside the company;
- Disclosure of all relevant facts about the individuals responsible for the misconduct, i.e., all relevant non-privileged information; and
- The disclosures must be made without delay, including the immediate disclosure of any particularly important or relevant evidence.
The DOJ thus now will not only expect more cooperation from companies, but will also expect it to be provided on a faster basis. Non-U.S. companies should understand how these increased expectations may apply in making the decision whether to cooperate.
- Linking resolution of corporations with investigations of individuals
The latest Monaco Memorandum requires prosecutors to do all they can to conclude investigations into individual misconduct either before or simultaneously with resolving allegations of wrongdoing against the corporation. Prosecutors seeking to resolve corporate cases before concluding investigations of individuals will be required to submit a memorandum that identifies all potentially culpable individuals, details any remaining investigative steps, and describes a plan to resolve the matter within the applicable statute of limitations period.
The impact of this guidance on investigations targeting non-U.S. companies remains to be seen, but it appears that U.S. prosecutors will be under pressure to adopt a more aggressive stance with respect to individual targets, including non-U.S. ones. In addition, we can expect U.S. prosecutors to take other steps to prioritize individual prosecutions, including increasing their formal and informal cooperation with foreign authorities in order to conclude their investigations in a timely fashion. It should be noted that charges against non-U.S. individual defendants may not be announced at the same time as a corporate resolution, as U.S. prosecutors will often keep charges under seal to avoid tipping off the defendants.
- Implementation of an adequate and effective compliance program that demonstrates the company’s commitment to fostering a culture of compliance at all levels of the company.
The DOJ made clear in its two memoranda that the determination of whether the company’s compliance program is adequate and effective requires a detailed review. In that context, the involvement of personnel at different levels of the company in the misconduct may be an indication of a failure in the company’s compliance program.
The compliance program will be analyzed in particular with regard to the level of effectiveness of the activity and the specificities of the company, the prosecuting authority, and the resources granted to the compliance officer.
In this context, the DOJ will look at whether:
- The company has sanctioned any misconduct by employees, managers, and directors;
- The compliance function has adequate resources;
- The company measures and identifies compliance risks;
- The company monitors payment and supplier systems for suspicious transactions;
- Senior management promotes a culture of compliance (e.g., through words, speeches, etc.);
- The company promotes a culture of compliance more broadly among all employees, perhaps through positive incentives that reward employees (e.g., financial incentives); and
- The company has a policy and procedure in place for the use of personal electronic devices (e.g., phones or computers) and third-party communication platforms to ensure that company-related electronic data and communications are safeguarded.
Within this general context three points are worth noting for non-U.S. companies.
First, the last bullet point above is particularly impactful for non-U.S. companies. Indeed, employees at many non-U.S. companies use third-party applications like WhatsApp or Signal to conduct business communications. Because such data may not be preserved, the DOJ expects companies to adopt compliance policies to ensure that it will be able to preserve and collect business communications, and to later produce such materials in the event of a DOJ investigation. The failure to do so may result in not only a finding that the company’s compliance program is not fully effective, but also a reduction in cooperation credit.
However, the DOJ’s expectations may run counter to the fact that home countries of non-U.S. companies may have strict privacy rules that restrict access to personal devices even if used for professional purposes. For example, a French 2019 ruling of the highest court (Cour de Cassation), concerning MSN Messenger indicates that if the employee uses a professional account, then the employer can access the messages except those identified as personal. On the other hand, if the message comes from a personal e-mail account, it is covered by the secrecy of correspondence. The means of access to the server (professional computer or smartphone) has no impact on the reasoning. In that case the MSN Messenger application was installed via the personal mail and not the professional mail of the employee. As a number of companies have a Bring Your Own Device policy, in particular with respect to smartphones, it may be difficult to access materials on those devices.
Second, in its October 2021 memorandum the DOJ indicated that for companies entering into resolutions with the DOJ, it would/could require compliance officers to certify that their compliance program was reasonably designed to prevent violations of anti-bribery laws. This has been applied once in a particular case.
This begs at least two questions for non-U.S. companies:
- Will other law enforcement authorities follow the U.S. lead on this?
- What would be the value of such certification with respect to other forms of control such as the ex-ante control exercised by the French anticorruption agency?
Third, the latest Monaco memorandum puts the accent on the need for compensation systems to be “crafted in a way that allows retroactive discipline, including through the use of claw back measures, partial escrowing of compensation, or equivalent arrangements.” However, national legislations may differ considerably on what the employer is allowed to do or not against employees or former employees even in the context of a disciplinary action.
The DAG in her September 2022 Memorandum indicated that further guidance is expected by the end of the year on this area, in particular on “how to shift the burden of corporate financial penalties away from shareholders—who in many cases do not have a role in misconduct—onto those more directly responsible.” It will be interesting to see if this further guidance will be adaptable to non-U.S. companies.
The September 2022 Memorandum has introduced helpful clarity on the imposition of monitors. The DAG made clear that prosecutors would not apply a presumption either in favor or against a monitor but would consider a non-exhaustive list of ten factors when evaluating the necessity and potential benefits of a monitor.
To be noted is factor 10, which provides that the U.S. prosecutors should consider “whether and to what extent the corporation is subject to oversight from industry regulators or a monitor imposed by another domestic or foreign enforcement authority or regulator.”
Indeed, designation of monitors for non-U.S. companies is always a delicate exercise and has led in one case in the past to a designation of two monitors (the Petrobras case) which is not what any company would wish for.
- Specific points of interest for non U.S. companies
Among the various points outlined in the various guidance issued since 2020, some of them are of particular interest to non-U.S. companies as they are directly related to foreign jurisdiction or foreign laws.
- Past misconduct
The DOJ has announced that it will take into account the history of all misconduct previously committed by the company. The DOJ will not only take into account similar offenses that may have been committed previously by the company, but all of the offenses, whether criminal, civil, or regulatory, and whether the resolution is with U.S. or foreign authorities. In this context the DOJ will focus on those committed:
- 10 years prior to the current investigation, for criminal offenses; and
- 5 years prior to the current investigation, for civil and regulatory violations.
This includes any such actions against the target company’s parent, divisions, affiliates, subsidiaries, and other entities within the corporate family.
In subsequent public meetings DOJ officials have recognized that U.S. resolutions would, in principle, be given a greater weight than foreign ones, but also stressed that a non-U.S. company faced with a record of similar offences in countries outside the U.S. could still face heavier penalties and is unlikely to be able to benefit from receiving a non-guilty plea resolution, i.e., a DPA or NPA.
A practical difficulty, however, may arise from the fact that non U.S. countries may have different standards for liability. For example, in some countries a violation of antitrust provision may be a criminal an offense in others it may be civil/regulatory/administrative. The other difficulty relates to the robustness of the rule of law in the country that sanctioned the company. In a case where a company has been convicted in a country with a weak rule of law what weight should be given to such ruling?
- Foreign prosecution of individuals
The DOJ reserves its right to investigate and prosecute an individual who is also being investigated abroad.
The Memorandum of 15 September 2022 gives 3 criteria that prosecutors should consider to determine whether an individual is subject to effective prosecution in another jurisdiction, namely:
- The strength of the other jurisdiction’s interest in the prosecution;
- The other jurisdiction’s ability and willingness to prosecute effectively; and
- The probable sentence and/or other consequences if the individual is convicted in the other jurisdiction.
By relying on these criteria, the DAG made it clear that an individual simply facing the risk of prosecution abroad will not be enough to deter a DOJ prosecution. Instead, the memorandum expressly states that “prosecutors should not be deterred from pursuing charges just because an individual liable for corporate crime is located outside the United States”.
As a practical matter, in many cases, the DOJ will work with its international criminal enforcement partners to decide which agencies will take the lead on the prosecution of specific individuals. The DOJ does not, however, have such open lines of communication with all foreign law enforcement agencies. Thus, while these clarifications are welcome, in such cases, the question remains open on how the DOJ would make those determinations.
- Relevance of non U.S. laws
In addition to the various elements highlighted above, two points are worth noting:
- With regard to compliance programs: the updated Evaluation of Corporate Compliance Programs, dated June 2020, included a new footnote which states that if a company asserts that it has structured its compliance program in a particular way or has made a compliance decision based on requirements of foreign law, “prosecutors should ask the company the basis for the company’s conclusion about foreign law, and how the company has addressed the issue to maintain the integrity and effectiveness of its compliance program while still abiding by foreign law.” The burden of proof is therefore on the company.
- With regard to cooperation credit: the 15 September 2022 memorandum recognized that there may be foreign data and information protection laws that prohibit the company from disclosing documents that may be relevant to the investigation. However, the DAG made clear that the company is still expected to cooperate within the limits imposed by the law. The DOJ will therefore verify that the non-U.S. company is not using national and/or European laws as a shield to withhold relevant information.
In practice this means that:
- the burden of proof is on the company to convince and demonstrate that there is a restriction on the production of documents;
- the company must, nevertheless, seek to identify any “reasonable alternatives” to provide the requested evidence; and
- the company must, therefore, identify all available legal bases for preserving, collecting, and producing such documents, data, and other evidence as soon as possible.
Thus, despite the restriction imposed by the foreign national law, a company is expected to find a legal way to “navigate” such restrictions(s) in order to produce the requested documents. This can be particularly challenging for European-based companies (under GDPR and blocking statutes).
² ² ²
In conclusion, the overall policy message sent by the U.S. authorities to the rest of the world can be distilled as follows:
- the fight against corruption is a top priority of the current administration, and the prosecution of foreign companies and individuals is part of the anti-corruption strategy;
- the administration fully recognizes the benefit of international cooperation, including the fact that foreign jurisdictions’ investigations and foreign laws may impact a U.S. investigation; but
- this recognition will not shield or delay any U.S. prosecution if this is deemed to be in the interest of the United States.
In practical terms, non-U.S. companies are strongly invited to:
- take due notice of this new set of DOJ guidance;
- review their compliance programs in light of the new expectations set out by the DOJ, in particular for those companies with a presence in the U.S. or that may be subject to U.S. jurisdiction;
- raise awareness within the company and, in particular, among key individuals, including at board level; and
- “hope for the best but prepare for the worst” and, as such, develop appropriate internal guidance and early response plans to cover situations in which DOJ actions require a speedy reaction (e.g., responding efficiently to DOJ requests for information, addressing subpoenas, or establishing a procedure in case of arrest/custody of a company employee, etc.).
 United States Strategy on Countering Corruption—pursuant to the national security study memorandum on establishing the fight against corruption as a core united states national security interest—December 2021 (available here).
 Reaffirmed during Loretta Lynch’s speech at the University of Lausanne on October 3, 2022.