The DOJ’s updated corporate enforcement policy continues to push companies to self-disclose potential criminal issues “at the earliest possible time” and introduces new potential rewards for doing so, especially for companies with prior criminal histories. The policy also gives prosecutors more discretion to reward degrees of corporate cooperation and remediation. However, as Miller & Chevalier’s John E. Davis and Surur Fatema Younce explain, companies will need to consider factors beyond the scope of the policy to effectively weigh the risks and benefits of disclosure — and those looking for new guidance on DOJ expectations on such hot-button issues like managing compensation clawbacks or business communications on personal devices will have to wait for future DOJ pronouncements.
In mid-January, the DOJ’s Criminal Division issued the first major revision to its corporate enforcement policy (CEP) since it was announced in 2017, following on policy guidance Deputy Attorney General Lisa Monaco provided in September 2022 — what’s come to be known as the Monaco memo.
While the most recent release from the DOJ is long on incentives companies will have to self-disclose misconduct they uncover, to the likely disappointment of some, the revised policy does not contain promised guidance on other important issues, such as how the DOJ will assess compensation clawbacks and specific DOJ expectations related to corporate policies on the management of use of personal devices and third-party messaging platforms.
Still, let’s take a closer look at just what has changed:
The DOJ’s three fundamental standards for companies remain the same, but the revised policy enhances potential benefits in certain circumstances
The primary CEP revisions center on incentives prosecutors may offer to companies facing certain “aggravating circumstances.” Consistent with longstanding DOJ practice, the actions that companies need to take to be eligible for these incentives remain tied to three broad categories: (1) voluntary self-disclosure “at the earliest possible time”; (2) full cooperation with the DOJ’s investigation; and (3) “timely and appropriate remediation” of the issues raised by the potential misconduct.
Potential relief for recidivists and others with ‘aggravating circumstances’
The revised policy continues the “presumption that [a] company will receive a declination” (with payment of disgorgement, as appropriate) if the company “has voluntarily self-disclosed misconduct to the Criminal Division, fully cooperated, and timely and appropriately remediated” under the policy’s standards, “absent aggravating circumstances involving the seriousness of the offense or the nature of the offender.”
Aggravating circumstances include “involvement by executive management of the company in the misconduct; a significant profit to the company from the misconduct; egregiousness or pervasiveness of the misconduct within the company; or criminal recidivism.”
The revised policy contains a new section on how companies with aggravating circumstances will be treated. While in such cases the presumption of a declination would not apply, prosecutors can still offer a declination (with disgorgement) if the following factors are present (emphasis added):
- Self-disclosure “was made immediately upon the company becoming aware of the allegation of misconduct”
- “At the time of the misconduct and disclosure, the company had an effective compliance program and system of internal accounting controls”
- “The company provided extraordinary cooperation with the Department’s investigation and undertook extraordinary remediation that exceeds” the normal standards under the revised policy
The revised policy also offers added incentives to companies (including those facing aggravating circumstances) that self-disclose, fully cooperate and effectively remediate in circumstances where the DOJ determines that a company is ineligible for a declination.
First, the policy states that the DOJ “will accord, or recommend to a sentencing court, at least 50% and up to a 75% reduction off of the low end of the U.S. sentencing guidelines (USSG) fine range, except in the case of a criminal recidivist.” This marks an increase in the prior maximum potential penalty reduction of 50%. Recidivists can still obtain a reduction of 50%-75%, but such a reduction “will generally not be from the low end of the [fine range], and prosecutors will have discretion to determine the starting point for the reduction based on … particular facts and circumstances.”
Second, in such cases the DOJ ” will generally not require a corporate guilty plea … absent the presence of particularly egregious or multiple aggravating circumstances.” The eligibility of recidivists for such a benefit softens earlier statements by Monaco criticizing past patterns of successive deferred prosecution agreements (DPAs)/non-prosecution agreements (NPAs) for repeat offenders but is meant to emphasize the importance that the DOJ places on voluntary self-disclosure.
Third, “generally” no corporate monitor will be required “if a company has, at the time of resolution, demonstrated that it has implemented and tested an effective compliance program and remediated the root cause of the misconduct.” This aspect of the policy continues the DOJ’s focus on companies’ ensuring that their compliance program is sufficiently tested before making a final determination on a monitorship.
September saw the announcement of a significant refinement of Department of Justice (DOJ) enforcement policies around FCPA enforcement and corporate compliance programs. Tom Fox, author, podcaster and compliance expert, shares insights from his conversations with several thought leaders in compliance.Read more
Enhanced incentives even where self-disclosure is not credited
The revised policy updates the incentives offered by the DOJ in cases in which the company did not self-disclose, “but later fully cooperated and timely and appropriately remediated in accordance with the standards set forth” in the policy. In such cases, “the company will receive … up to a 50% reduction off of the low end of the [fine range.]” If recidivism is present, the company is still eligible to receive up to a 50% reduction, but the starting point to apply the reduction will “generally not be from the low end… of the fine range.” In a speech introducing the revised CEP, Assistant Attorney General Kenneth Polite Jr. noted, however, that “[a] reduction of 50% will not be the new norm; it will be reserved for companies that truly distinguish themselves and demonstrate extraordinary cooperation and remediation.”
Additional DOJ definitions, commentary and open questions
The revised policy contains additional or updated commentary on several aspects of the core requirements but does not provide additional insight into several open questions originating from the Monaco memo.
Timing and effectiveness of self-disclosures
The revised policy is the latest in a long line of DOJ attempts to encourage companies to self-disclose potential issues to obtain favorable treatment in investigations. The policy, while retaining the generally broad discretion available to prosecutors to address case-specific facts and circumstances, sets out significant and concrete benefits available to disclosing companies.
The DOJ also continues to push companies toward disclosure at a very early stage. In new language, the revised policy states that the DOJ “encourages self-disclosure of potential wrongdoing at the earliest possible time, even when a company has not yet completed an internal investigation, if it chooses to conduct one” (emphasis added). The pressure on companies facing aggravating circumstances is even greater since, as noted, to gain benefits such companies must disclose “immediately upon the company becoming aware of the allegation of misconduct.” Also, the revised language makes clear that, to be credited, a disclosure “must be to the Criminal Division” or another DOJ component.
Given that FCPA investigations increasingly involve authorities in other countries, companies also will be forced to consider the costs and benefits of ever-earlier disclosure to non-U.S. enforcement agencies, as well — such as the investigation costs of potential earlier involvement of local counsel or potential fallout if the company’s disclosures to the various agencies are not aligned. Early disclosure also risks a company entering a DOJ (and potential SEC) investigation without necessarily knowing whether the facts present aggravating circumstances and present continuing challenges regarding the content and timing of public company disclosures to the market. Decisions on whether and when to disclose will continue to require analysis of factors outside the scope of the revised CEP.
‘Full’ and ‘extraordinary’ cooperation and updated foreign data privacy law requirements
The revised policy’s standards for credit for full cooperation mostly carry over the key considerations from the former FCPA CEP. Language requiring, for example, “attribution of facts to specific sources where such attribution does not violate the attorney-client privilege” and “rolling disclosures of information” to the DOJ as internal investigations proceed remains in place. New commentary makes clear that “a company starts at zero cooperation credit and then earns credit for specific cooperative actions” (emphasis added). A new and lengthy paragraph discusses how prosecutors should weigh different aspects of cooperation.
This continues to bolster the DOJ’s insistence that, to receive credit for cooperation, companies must be “proactive,” “voluntary” and “genuine” cooperators and that “the most substantial reductions [should be] reserved for only the most extraordinary levels of cooperation and remediation.” In his speech, Polite shared guidance that DOJ prosecutors will consider four concepts when assessing whether cooperation could be considered extraordinary: “immediacy, consistency, degree, and impact.”
For example, prosecutors can consider whether a corporate defendant cooperated immediately from the start of an investigation, “consistently told the truth,” or provided evidence that might be otherwise unobtainable, “like quickly obtaining and imaging electronic devices or [providing] recorded conversations.”
The policy contains revised language as to companies’ obligations related to the effect of foreign data privacy and similar laws on access to evidence. Companies continue to “bear the burden of establishing the existence of such a prohibition or restriction” and now must “identify reasonable and legal alternatives to help the Criminal Division preserve and obtain the necessary facts, documents, and evidence for its investigations and prosecutions.” This new language arguably could be read to allow for greater flexibility for companies to work out potential practical solutions or alternatives, though that will depend on future DOJ positions in each case.
Effective remediation and no additional guidance on executive compensation or management of personal devices and third-party applications
The language in the revised policy largely duplicates the prior iteration’s standards for companies to obtain credit for effective remediation, though there are several modifications to the eight criteria set out for an effective compliance program. For example, the fourth element specifically adds consideration of “the access the compliance function has to senior leadership and governance bodies,” recognizing this important aspect for ensuring effective program support.
Overall, a clear goal of the revised policy is to encourage further the proactive development and maintenance of effective compliance programs, in particular for companies at risk of being considered recidivists. Recidivists or others facing aggravating circumstances can receive substantial benefits, but only if they have effective compliance programs in place at the time of misconduct.
Unfortunately, the revised policy does not include promised additional DOJ guidance on expectations related to compensation clawbacks and related remediation. One potential challenge related to clawbacks is the policy’s continued requirement that, to obtain remediation credit, a “company must have effectively remediated at the time of the resolution.” Given that clawbacks can result in sometimes protracted litigation, it is unclear how the DOJ will weigh the efforts of companies that engage in attempts to retrieve compensation related to potential wrongdoing but are unable to finalize the process before the time to negotiate a disposition with the DOJ.
The revised policy also does not include any new guidance on DOJ expectations for corporate practices regarding use of personal devices and third-party messaging platforms — additional information on this topic is expected for the next reiteration of the DOJ’s guidance in the Evaluation of Corporate Compliance Programs. The policy includes the same language as before requiring companies to “implement appropriate guidance and controls on the use of personal communications and messaging applications … that may undermine the company’s ability to appropriately retain business records.” One possibility that could play out in the future is that, to qualify for “extraordinary” cooperation that may lead to a declination, the DOJ may expect all types of companies to implement the stringent document retention requirements that at present are only required of financial institutions.
Overall, the revised Policy represents the latest DOJ attempt to encourage early self-disclosure, full cooperation and substantial remediation efforts by companies facing FCPA and other criminal issues. However, companies likely will continue to want to see further examples of coherent application of such benefits in future cases, especially as regards the always complicated decision regarding self-disclosure.