On September 15, 2022, Deputy Attorney General Lisa Monaco (the “DAG”) announced a series of notable changes to the U.S. Department of Justice’s corporate enforcement program.

As detailed in a DOJ memorandum released the same day, the policy revisions cover a wide range of areas, including the focus on prosecution of individuals, requirements for corporate cooperation credit, evaluating a corporation’s prior history of misconduct, expectations for compliance programs, and factors for determining whether to impose a monitor. The new proposals build upon policy changes the DAG previously announced in October 2021, and once again re-balanced the system of “carrots and sticks” that it has long-used to encourage responsible corporate behavior. In this Alert, we discuss these changes and takeaways for companies seeking to mitigate the increased enforcement risks.

Changes to Corporate Criminal Enforcement

1. Focus on Prosecution of Individuals

In her October 2021 announcements, the DAG noted that DOJ was returning to a prior policy governing individual accountability, which requires companies seeking cooperation credit to disclose to DOJ all non-privileged information relevant to all individuals involved in the misconduct. Under the new policy, companies are now also required to produce documents and information on a “timely” basis without any undue delay. For particularly relevant information (such as hot documents), companies are expected to disclose that information immediately after it is discovered. DOJ has previously reduced cooperation credit for cooperation delays, and the DAG made clear that, going forward, any “gamesmanship” in disclosure delay for strategic reasons will result in reduced or no cooperation credit.

Relatedly, DOJ issued guidance for evaluating cooperation credit for companies that are confronted with issues under foreign data privacy or similar laws. Prosecutors are now instructed to provide credit where companies produce records notwithstanding the existence of such laws and to reduce credit where a company uses those laws to “shield misconduct inappropriately.”

2. Consideration of Prior Misconduct

The DAG announced last October that in making determinations about criminal charges and resolutions, prosecutors were required to consider all historical misconduct of a company. Under the new guidance, DOJ provided additional clarity on this policy and outlined numerous factors that prosecutors should consider, such as the age of the prior misconduct (presumptively, less weight will be given to criminal resolutions older than 10 years and civil/regulatory resolutions older than 5 years), whether the prior resolution was criminal or civil, and whether it involved the same management or personnel.

More noteworthy, however, was the DAG’s announcement that, going forward, companies that had received non-prosecution agreements (NPAs) or deferred prosecution agreements (DPAs) in the past should not assume that they would receive such resolutions in the future. Rather, the DAG stated that multiple NPAs or DPAs for companies (and their affiliated entities) were generally disfavored, and that any exceptions would require written approval from DOJ leadership.

3. Voluntary Self-Disclosures

The DAG announced a new policy that requires all DOJ components that prosecute corporate crime to have a formal, written policy on voluntary self-disclosures (“VSDs”). The policy must be transparent enough to allow companies to understand what qualifies as a VSD and to predict what benefits the company will receive in return. In addition, DOJ’s guidance requires any VSD policy to include two “core principles”:

• First, unless there are “aggravating factors,” DOJ will not seek a guilty plea for a company that has made a VSD, fully cooperated, and timely and appropriately remediated the criminal conduct.
• Second, where a company has self-disclosed, DOJ will not impose a monitor if, at the time of the resolution, the company has demonstrated that it has implemented and tested an effective compliance program.

Anticipating a question on how DOJ’s new policy for disfavoring successive NPA/DPA resolutions will square with its policy on VSDs, the guidance provides it should not “disincentivize corporations that have been the subject of prior resolutions from voluntarily disclosing misconduct.” DOJ did not, however, provide specific guidance on how much credit such companies would receive, simply stating that where companies have made a qualifying VSD, prosecutors will “credit such disclosure appropriately.”

4. Expectations for Corporate Compliance Programs

The DAG’s remarks were also focused on DOJ’s long-standing goal of creating a strong corporate culture that encourages companies to invest corporate resources into compliance and “rejects wrongdoing for the sake of profit.” The DAG announced two new compliance factors to support those goals.

First, in evaluating the strength and effectiveness of corporate compliance programs, prosecutors should consider whether a company employs a compensation structure that financially rewards corporate personnel who engage in compliant conduct, and financially sanction those involved in the misconduct. For the latter, DOJ specifically pointed to the use of claw back provisions or escrowing of compensation to punish those individuals who contribute to the misconduct.

Second, DOJ’s guidance addresses compliance issues that may arise where company employees use personal devices (such as smartphones) and ephemeral messaging platforms for company business. As a general matter, the guidance instructs that effective compliance programs should allow a cooperating company to preserve and collect all relevant company communications and materials, even those found on personal devices or on ephemeral messaging platforms. Failure to do so would likely result in not only an adverse finding on the effectiveness of the compliance program, but also a reduction in cooperation credit.

5. Monitorships

Finally, building on prior guidance, the DAG announced a new policy for evaluating when a monitor is appropriate and the role of prosecutors during the term of the monitorship. Notably, the DAG made clear that prosecutors would not apply a presumption either in favor or against a monitor.

DOJ’s guidance includes a non-exhaustive list of 10 factors that prosecutors should consider when evaluating the necessity and potential benefits of a monitor. Unsurprisingly, in addition to whether the company has made a VSD, at the top of the list of factors is whether, at the time of resolution, the company has demonstrated that its compliance program is sufficiently well-designed and adequately tested to demonstrate that it would likely detect and prevent similar misconduct in the future. Other factors include the pervasiveness of the misconduct, whether wrongdoers were able to exploit an inadequate compliance program or involved compliance personnel, and whether the company had taken adequate remedial measures.

DOJ also issued guidance requiring prosecutors to play a more active role with respect to monitorships and to engage in ongoing communication with both the monitor and company. This is meant to ensure that monitors are not being denied access to information, resources, or employees necessary to their work and that the monitor’s workplan is appropriately scoped and that the monitor’s review remains reasonable, including with respect to issues of cost.

Takeaways for Companies

The new guidance makes clear that DOJ continues to expect more from companies with respect to cooperation, remediation, and compliance, and that it will treat corporate targets, particularly recidivists, more harshly. Moreover, the DAG announced that DOJ would request Congress to appropriate $250 million specifically for corporate crime initiatives, which supports the proposition that DOJ is planning a more active role in corporate criminal enforcement.

To mitigate enforcement risks, companies should consider the following:

• Continued Focus on Compliance Programs: As evidenced by the DAG’s remarks on compliance and culture, DOJ’s focus on compliance remains front and center to its corporate enforcement framework. Companies should take a fresh look at their compliance programs and examine again the core questions—whether the corporation's compliance program is well designed, adequately resourced, empowered to function effectively, and working in practice. In addition, companies should evaluate how they can demonstrate a culture of compliance using data, including whether the compensation structure provides for the financial incentives and sanctions to encourage compliant behavior. Similarly, companies should evaluate whether their policies on personal devices and ephemeral messaging are sufficient to preserve business communications. Most critically given DOJ’s continued focus on testing, companies should consider whether their strategies for evaluating the effectiveness of their compliance programs are keeping up with the latest developments.
• New Guidance on Voluntary Disclosures: DOJ’s new policy on VSDs will help bring consistency across DOJ on the credit that companies should receive for making such disclosures. Unfortunately, the guidance is still not sufficiently clear such that companies can predict how much weight making a VSD will carry for the final resolution. This is especially true for companies that have previously had a resolution with DOJ, and which are now likely to be required to plead guilty under DOJ’s new policy.
• Conditions on Cooperation Credit: Penalties can be dramatically reduced by a company demonstrating cooperation with DOJ. However, companies seeking cooperation credit should fully understand DOJ’s evolving expectations, including the importance of a clear plan for timely providing information to DOJ. Effective and frequent communication by company counsel may help to avoid unexpected issues and smooth the inevitable challenges that companies face in investigations, including challenges with producing information because of foreign law. DOJ has ultimate authority over what is “cooperation,” so companies should be sure to understand the expectations to maximize the chance of a benefit.
• Greater Guidance on Monitors: Companies should appreciate DOJ’s decision to publish factors for evaluating whether to impose a monitor. If a monitor is ultimately imposed, DOJ’s acknowledgement of its responsibility to “monitor the monitor” may give companies under monitorship more leverage to raise concerns with DOJ to help ensure monitorships remain in scope and focused on their stated purpose, and that associated costs do not become unreasonable “penalties.” DOJ’s continued hiring of former compliance personnel, including those with experience in data analytics, should bring additional expertise to this oversight role by prosecutors.

An earlier version of the alert was published on Law360.