Corporate Criminal Enforcement Predictions for 2023
With all eyes turning to 2023, recent Department of Justice (DOJ) corporate enforcement policy changes and clarifications hint at what can be expected from the DOJ in the year ahead. In September, Deputy Attorney General (DAG) Lisa Monaco announced significant changes and updates to the DOJ’s corporate criminal enforcement policies which help guide prosecutors in making corporate charging and resolution decisions. As incorporated in the concurrently-published Memorandum titled “Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group” (the Memo), the revamped policy broadens the DOJ’s consideration of a company’s past misconduct, doubles down on the DOJ’s commitment to holding individuals accountable for corporate misdeeds, and clarifies what the DOJ will require of companies who seek “full” cooperation and voluntary disclosure credit. In recent weeks, the DOJ’s top brass have expanded on these goals and previewed more updates for the new year.
Compliance, Compliance, Compliance
The Memo continues to underscore the importance of effective compliance programs. This focus on compliance is unsurprising and tracks with past guidance and the DOJ’s recent additions of former compliance chiefs to senior positions—Glenn Leon (Hewlett-Packard) as Chief of DOJ’s Fraud Section, and Matt Galvin (Anheuser-Bush InBev) as the Fraud Section’s newly-created compliance and big data counsel.
When evaluating the effectiveness of a company’s compliance program, prosecutors will continue to rely on factors including the program’s design; the resources, funding, and internal empowerment given to the compliance program; and, whether the compliance program works in practice. The Memo also directs prosecutors to consider:
- Compensation: Prosecutors will now consider whether a company has compensation systems that are crafted in a way that allows for retroactive discipline, including through the use of clawback measures, in the event misconduct is discovered. But having such a mechanism is not enough—prosecutors must also assess whether the company actually executed permissible clawbacks upon discovery of the misconduct when assessing the practical functionality of its corporate compliance program. On the other side of the coin, the DOJ will reward companies that promote an ethical corporate culture by using financial incentives like bonuses based on compliance metrics. Notably absent from the Memo, however, is exactly what that “reward” will look like—companies will have to wait for future guidance for such quantification.
- NDAs: Prosecutors will also give weight to whether a company uses or has used non-disclosure, non-disparagement, or other confidentiality provisions to prevent public disclosure of criminal misconduct.
- Bring Your Own Device and Third-Party Messaging: As part of its holistic compliance review, prosecutors will consider a company’s policies governing the use of personal devices and third-party messaging platforms. The Memo makes clear that a company should be able to provide the DOJ with all non-privileged, work-related communications, text messages, and third-party messages on personal and company-issued devices during an investigation—including those sent via ephemeral and encrypted messaging applications such as Signal, WhatsApp, and WeChat.
- Big Data: Building on the Memo, Fraud Section Chief Leon recently emphasized the benefits of big data in corporate compliance by encouraging all companies to think carefully about how they can use data to improve compliance program functionality. Specifically, compliance professionals should use data analytics to track risk and identify red flags.
Cooperation and Disclosure Carrots
The Memo also represents the DOJ’s latest effort to encourage companies to voluntarily self-disclose individual and corporate wrongdoing. Most notably, it requires every DOJ division responsible for prosecuting corporate crime to adopt or update voluntary disclosure policies. New or updated policies — many expected in the new year — will likely have several commonalities.
- Declinations: As a carrot to corporations, the Memo specifies that, absent “aggravating factors,” the DOJ will not seek a guilty plea where a company has voluntarily self-disclosed, fully-cooperated, and timely remediated misconduct. All DOJ components must adhere to that principle and, as part of its written guidance on voluntary self-disclosure, provide information on what circumstances would constitute such aggravating factors (e.g., misconduct that is deeply pervasive throughout the company or that poses a grave threat to national security).
- Compliance Monitors: 2022 brought with it an increase in the DOJ’s use of compliance monitors. For example, several 2022 FCPA resolutions imposed compliance monitors, something absent from similar resolutions in 2020 and 2021. However, as an additional carrot, the Memo offers that a company may avoid the inclusion of a compliance monitor requirement in any DOJ resolution if it can demonstrate that it has implemented and tested an effective compliance program (provided that it also voluntarily self-disclosed the relevant conduct).
- Full Cooperation: The revised policy also includes additional principles prosecutors should consider when assessing whether a company truly cooperated and is entitled to cooperation credit.
- Speed & Details Regarding Individual Culpability: The policy doubles down on the individual accountability requirements established in the 2015 Yates Memorandum and sets clear expectations for what the DOJ considers “full” cooperation for the purposes of achieving cooperation credit. For credit, companies are expected to produce all relevant, non-privileged facts about individual misconduct “swiftly and without delay.” Forthcoming division-specific voluntary disclosure policies will likely shift to companies the burden for ensuring the timely production of “hot documents or evidence” to the DOJ so that “prosecutors have the opportunity to effectively investigate and seek criminal charges against culpable individuals.” Further, the Memo directs that such policies require corporations to prioritize the disclosure of evidence that is most relevant for assessing individual culpability, including communications with the relevant individuals during the period of misconduct. Going forward, the DOJ expects companies to be on notice that such evidence of individual misconduct is “most significant,” and disclosure must be a priority.
- Foreign Evidence: While recognizing that certain evidence located abroad may be subject to foreign blocking statutes and data privacy regimes, the Memo specifically provides that companies seeking cooperation credit bear the burden of establishing the existence and application of any restriction on production and identifying reasonable alternatives to provide necessary facts and evidence. As a carrot, however, it also explicitly states that prosecutors “should provide credit to corporations that find ways to navigate such issues of foreign law and produce such records.” Conversely, an adverse inference with respect to cooperation will arise in situations where the DOJ believes that a corporation has capitalized on such laws to shield misconduct.
Corporate Recidivism
The Memo also makes clear that the DOJ will “generally disfavor[ ]” successive resolutions for recidivist companies. Still, prosecutors are expected to recognize that “[n]ot all instances of misconduct . . . are equally relevant.”
- Relatedness: The biggest factor affecting how prosecutors are likely to view prior misconduct is how it relates to the current enforcement action. Prosecutors will look at the similarity of the conduct (even if prosecuted under different statutes), management, and compliance failures. Still, prosecutors may also consider unrelated past civil, criminal, and administrative resolutions when making a resolution decision.
- Time: Prosecutors are generally expected to give less weight to “dated” resolutions and misconduct. Criminal conduct already addressed by prior resolutions that are more than 10 years old, and civil/regulatory resolutions resolved 5 years or more before the conduct at issue, should be afforded less weight. However, because repeated misconduct could be indicative of a corporation’s continued operation without an “appropriate compliance culture or institutional safeguards”—particularly when it involves failures under the same management team and/or overlap of the personnel involved—conduct falling outside these time frames may be considered depending on the facts of the specific case.
- Successive NPAs/DPAs: The Memo also reflects DOJ’s disfavor of successive non-prosecution agreements (NPAs) and deferred prosecution agreements (DPAs) for repeat offenders. Under the new guidelines, prosecutors must seek elevated approval (including notice to the DAG) to make any resolution offer that would result in multiple NPAs or DPAs.
While promulgated in 2022, these updated guidelines provide insight into how the DOJ will likely approach criminal enforcement in 2023 and for the duration of the Biden Administration (if not beyond). First, the DOJ will continue to reward companies with strong compliance programs that voluntarily self-disclose and provide “full” cooperation. Second, companies with compliance gaps, which are found to have engaged in criminal misconduct, can expect that any DOJ resolution will require compliance enhancements and even corporate monitorship. Finally, companies with a history of criminal, civil, or regulatory resolutions are less likely to receive a non-plea resolution.
With the DOJ’s promise to continue updating corporate enforcement guidelines in the new year, companies should look to update their compliance programs to conform to new guidelines. Special consideration should be given to the use of big data in detecting possible wrongdoing and policies related to third-party and ephemeral messaging applications and personal devices. And, as always, companies should continue to have mechanisms in place for employees to report perceived issues so compliance teams can timely identify and address concerns.