No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Corporate Compliance as a Matter of National Security: DOJ ‘Surging’ Criminal Enforcement Resources

Lower enforcement numbers could signal calm before storm

by Adam Goldberg
November 1, 2023
in Compliance, Featured
us doj building

The DOJ has taken several steps in recent years to sharpen its focus on corporate crime. And while enforcement numbers haven’t yet caught up, Adam Golberg argues that because the agency is increasingly tying corporate crime to national security and boosting resources for investigators, companies must mirror the DOJ’s actions and ensure their compliance programs are well-appointed.

The DOJ has committed in recent years to bolstering corporate criminal enforcement. In recent years, Deputy Attorney General Lisa Monaco has issued a series of memos (I and II) and policy updates aimed at strengthening corporate criminal enforcement, including matters related to individual accountability, prior misconduct, cooperation credit, business communications, voluntary self-disclosure, compliance program assessment and monitors, among other issues. 

All versions of the Monaco memo come as the DOJ invests heavily in corporate enforcement resources — and as the agency links corporate crime to national security. 

In March of this year, the DOJ announced it planned to add 25 new prosecutors to the National Security Division to assist with corporate criminal enforcement. In July, the DOJ, OFAC and Bureau of Industry & Security (BIS) released a joint compliance note highlighting the benefits of voluntary self-disclosure for U.S. sanctions, export controls and national security laws violations, emphasizing that businesses play “a critical role in identifying threats from malicious actors and helping to protect our national security[.]” In September 2023, the department appointed its first-ever chief counsel for corporate enforcement. The DOJ is “surg[ing] resources” at corporate criminal enforcement, Principal Associate Deputy Attorney General Marshall Miller confirmed in a September 2023 address and, “so too must companies invest in compliance measures if they are to mitigate national security risks.” According to Miller, corporate compliance now requires a “new level of diligence and attention[.]” (Emphasis added.)     

The DOJ could not be clearer about its priorities. Yet, recent years have not seen a material bump in blockbuster corporate enforcement matters. The DOJ reported no new FCPA enforcement actions in Q2 2023, and 2023 is on track to be the third consecutive year with FCPA enforcement activity below the 10-year average. The DOJ Fraud Section charged 72 individuals in 2022, entering into just seven corporate resolutions and two corporate enforcement policy declinations that year. Just nine corporations faced criminal antitrust charges in 2022, the third-lowest annual total in the past decade. And while the DOJ was involved in the $629 million settlement with British American Tobacco and an affiliate, resolving charges of bank fraud and sanctions violations arising from North Korea sales, most recent sanctions and export controls matters brought by the DOJ’s National Security Division have involved charges against individuals. 

What does this data signify? It would be unwise to assume that it belies the sincerity of the DOJ’s stated focus on corporate crime. The implementation of new policies takes time. Enforcement actions might not yet be public. Newly added resources may have yet to produce new matters. Regardless, companies should take the DOJ at its word when it says that more enforcement is imminent. If this moment is a period of calm before a coming storm of enforcement, companies should consider utilizing this time to bolster compliance programs in accordance with updated DOJ guidance and expectations.  

Fox Monaco doctrine wp_f
Compliance

The Monaco Doctrine: A Jolt for Compliance

by Corporate Compliance Insights
October 17, 2022

September saw the announcement of a significant refinement of Department of Justice (DOJ) enforcement policies around FCPA enforcement and corporate compliance programs. Tom Fox, author, podcaster and compliance expert, shares insights from his conversations with several thought leaders in compliance.

Read moreDetails

Companies with cross-border operations, investment or supply chains should be especially thoughtful in assessing their compliance programs. The Monaco memo and the DOJ’s March 2023 updated “Evaluation of Corporate Compliance Programs” provide a useful framework. These documents indicate that, at a high level, prosecutors will assess whether a corporate compliance program is well-designed, adequately resourced, empowered to function effectively and working in practice. These questions will be answered by looking at more concrete factors, including: 

  • How (and how often) corporations measure and identify compliance risk.
  • How policies are designed and updated.
  • Whether the compliance function is well-resourced and independent.
  • What training is provided to employees, management and gatekeepers.
  • How the company monitors payment and vendor systems for suspicious transactions.
  • Whether confidential reporting structures exist; how investigations are handled.
  • How disciplinary decisions are made.
  • How senior leaders and middle management foster compliance.
  • The management of third-party compliance risk.
  • Compliance due diligence, oversight and integration in the M&A context.
  • Whether compensation structures discourage compliance violations.
  • Whether the compliance program is tested and improved over time.
  • How the company tracks business communications, including on personal devices.
  • Whether identified concerns are remediated appropriately.   

Two enforcement considerations highlighted in the second Monaco memo may be especially challenging for companies with multinational exposure. First is the use of personal devices and third-party messaging platforms. Monaco II states that corporations “should have effective policies governing the use of personal devices and third-party messaging platforms for corporate communications, should provide clear training to employees about such policies, and should enforce such policies when violations are identified.” The oversight of corporate communications on personal devices is challenging enough in the United States, where corporate email continues to be a primary means of communication. In other countries, third-party applications and messaging platforms accessed by personal devices can be the primary or even sole means of corporate communication. Subjecting these communications to compliance oversight can be complicated simply as a matter of logistics. Local data privacy, national security, cybersecurity and other measures may make such monitoring even more challenging. 

The potential tension between U.S. and foreign legal obligations is the second Monaco II consideration that can be difficult for multinational operators. In an era of growing geopolitical tension, some foreign countries have laws in place that restrict companies’ ability to share foreign documents and information with U.S. regulators, including data privacy, data security, cybersecurity and national security regulations, blocking statutes and laws prohibiting cooperation with overseas law enforcement. Monaco II notes that while foreign law may complicate a company’s ability to cooperate with DOJ information requests, companies have the burden of “establishing the existence of any restriction on production,” “identifying reasonable alternatives to provide the requested facts and evidence” and working “diligently to identify all available legal bases to preserve, collect, and produce such documents, data, and other evidence expeditiously.” 

The DOJ retains broad discretion to withhold cooperation credit from companies when compliance with foreign law results in a failure to produce requested evidence; companies that wish to cooperate with the DOJ without subjecting themselves to foreign liability sometimes must engage in a balancing act between legal regimes that offer no clear path to compromise.

Despite the challenges, the DOJ’s stated intent to ramp up corporate criminal enforcement means that companies should continue to assess whether their compliance programs have kept pace with the DOJ’s evolving expectations. This will be particularly necessary for companies that operate in sensitive geopolitical locations and sectors, as well as those that employ new technologies including but not limited to advanced computing, advanced engineering materials, traditional and advanced manufacturing, aerospace, autonomous systems, robotics, biotech, communication networking technologies, food production, traditional and renewable energy, semiconductors, space technologies, surveillance technologies, AI/machine learning and military and dual-use technologies. These businesses in particular should be proactive in (a) periodically measuring risk exposure and (b) assessing whether their compliance programs address the identified risks sufficiently. Program improvements should be made as necessary. Any issues should be remediated promptly. 

An effective compliance program is more critical than ever. As the DOJ increasingly views corporate compliance as a matter of national security, companies should heed the call for a “new level” of diligence in implementing, testing and improving their compliance programs before the DOJ comes knocking.


Tags: DOJMonaco Memo
Previous Post

Long Covid & Invisible Disabilities: Revisiting ADA Compliance for 2024

Next Post

General Counsel’s Decision Tree for Internal Investigations

Adam Goldberg

Adam Goldberg

Adam Goldberg is a partner in Pillsbury’s litigation practice with a focus on white-collar and corporate investigations, U.S. regulatory compliance and cross-border disputes involving high-risk jurisdictions, including in Asia, the Middle East and Latin America.

Related Posts

doj sign front

Assessing the Business Risks of the Trump Administration’s ‘Total Elimination’ Strategy

by José Cortina and Jennifer Christian
May 20, 2025

As cartels increasingly participate in mainstream economic activities, traditional due diligence practices become inadequate to address new material support risks

doj sign and sculpture

DOJ’s New CEP Proposes Guaranteed Declination for Some Self-Reporters

by Jennifer L. Gaskin
May 13, 2025

The Trump Administration continues reshaping its approach to corporate crime, with the DOJ issuing major revisions of its corporate enforcement...

doj building sign with flags

‘Reasonable Steps’: What the DOJ Expects From Your Bulk Data Transfer Compliance Program

by Alexandra P. Moylan, Alisa L. Chestler and Michael J. Halaiko
May 5, 2025

Sample provisions offer blueprint for compliant data brokerage with foreign entities

data security program concept cameras

Your Sensitive Data Is Now a National Security Matter: The DOJ’s New Data Security Program

by Randall Cook, Vince Mekles and Rachel Woloszynski
April 29, 2025

90-day implementation window closing on regulations affecting companies with genomic, biometric, health and other personal information

Next Post
General Counsel Decision Tree for Internal Investigations_f

General Counsel’s Decision Tree for Internal Investigations

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights