Navigating New Criminal Division Guidance and Accelerating Remediation
The Department of Justice’s Criminal Division has recently issued new guidelines for corporate compliance and monitorships, and Bart Schwartz, Chairman of Guidepost Solutions, discusses the opening they provide to businesses to reassess and bolster their compliance programs.
In his remarks at the Corporate Compliance and Enforcement Conference earlier this month, Assistant Attorney General Brian A. Benczkowski expanded on the Department of Justice’s (DOJ) new guidelines for corporate compliance and monitorships, issued on October 11, 2018.
While it is yet to be seen how these new guidelines will impact the frequency of monitorships, it does seem clear that the DOJ will encourage prompt remediation and continued improvement in compliance. This is an opportunity for companies to reassess their compliance programs to ensure they are effective, reliable, high-functioning and consistently being updated. The advantages, in terms of avoiding the costs and reputational damage of facing an enforcement action, can be significant. Those benefits, however, will accrue to those who approach adapting to these guidelines with a sense of urgency. If a company wants to demonstrate to the DOJ that it does not need a monitor and/or avoid prosecution, it had better have remediated any problems and showed an effort to continually improve its compliance program.
The Role of the Monitor
Monitors act as external compliance officers whose primary role is to solve conflicts and regulatory matters while ensuring a company’s compliance with laws and regulations, in cases of fraud, misconduct or illegal activity. A monitor makes an assessment and guides the implementation of a framework negotiated by the company and the DOJ and for reporting back to the authorities and the court.
When deciding whether to mandate an appointment of a monitor, the government evaluates a number of factors: the type of misconduct, its pervasiveness and whether it involved senior management. The new guidelines represent a chance for companies to be proactive in assessing their compliance program and risk controls and to implement ongoing review to ensure that it remains in conformity to the evolving policies and regulations. This is a call to action to accelerate achieving a higher level of best practices in compliance and, if needed, also remediation.
In the new guidelines, the government will take a closer look at the compliance program in place both during the misconduct and after. So, in addition to proper remediation efforts, the government will be looking at not only whether a company’s compliance program is adequate at the time of the resolution of the dispute, but also whether it is reliable and effective enough to withstand any future risks.
The emphasis of the new guidelines is on ensuring that the remedial improvements have been tested to prevent and detect similar misconduct. Companies should be proactive and take it upon themselves to rectify and prevent being the subject of a government action. Bringing in an independent party to remediate as soon as a problem is detected will put a company in a better position to negotiate with the DOJ or voluntarily disclose any infraction in a timely fashion.
Building an Effective Compliance Program
How can companies detect potential misconduct, implement remediation efforts and build a strong compliance program, all in time to illustrate to authorities that it can maintain a compliant corporate environment?
The new guidelines shouldn’t be interpreted as some kind of lax enforcement posture from the DOJ. There’s a window of opportunity here to upgrade a compliance program on a timely basis. If a problem occurs, the company may want to hire an independent party to do what a monitor would do, but without the structure and government involvement that comes with a monitor.
Of paramount concern to the DOJ is this: If it decides a monitor is necessary, it wants to ensure that the independence of this third-party is, truly, independent. The selection process according to the new guidelines must therefore be “free of any actual or potential conflict of interest.” In order to even be considered, a potential monitor must submit “a written certification that he/she has notified any clients that the candidate represents in a matter involving the Criminal Division Section handling the monitor selection process and that the candidate has either obtained a waiver from those clients or has withdrawn as counsel in the other matter(s),” as stated in the new guidelines.
Once that hurdle is cleared, the independent third-party monitor enables a company to expedite the process and take advantage of the benefits that come with a speedy remediation. In addition, an independent review demonstrates a company’s good faith in not just becoming but also staying compliant.
For example, many companies are not prepared to handle FCPA violations on their own, especially when it comes to voluntary disclosures. The government gives more incentives to companies that voluntarily disclose potential FCPA violations and the recently revised policy now states that self-disclosure, followed by full cooperation and a detailed plan for remediation, entitles a company to a declination on a presumptive basis.
Should a company voluntarily disclose wrongdoing immediately before the remediation, or should they remediate first and then disclose? There is no simple answer to this question, since by the time it takes to remediate the infraction, what would be a voluntary disclosure could surface publicly, via the media or a whistleblower. Having an independent evaluator and remediator who can navigate these challenges is also more likely to accelerate the process and ensure its credibility in the eyes of government.
The Ongoing Challenges of Compliance
Benczkowski recognized that “as companies continue to grow in size, scope and complexity, and as international business becomes the norm rather than the exception, compliance is of ever greater importance,” which further confirms the need for companies to maintain an updated and effective compliance program. According to the DOJ, in 2017, it imposed $4.6 billion in corporate U.S. criminal fines, penalties, forfeiture and restitution, with enforcement actions amounting to a total of $6.8 billion, payable to the government.
There are steps that firms can take to ensure ongoing compliance and prevent finding themselves the subject of a government investigation, penalties and/or a monitor. It all begins with the implementation of a reliable compliance infrastructure and internal risk controls within a firm. However, it should not stop there. Ongoing independent biannual or annual reviews are a way to stay current and show authorities that your compliance system works and is continually evaluated for improvements and attention to risks.
DOJ Adopting a Common Compliance Approach
Benczkowski announced that, rather than centralizing compliance expertise in one person in one part of the criminal division, the DOJ would engage in broad training so that many more prosecutors would have the working knowledge and expertise. This is precisely what many compliance programs attempt to achieve – that is, to make compliance an integral part of understanding the entire process, rather than making compliance an isolated hurdle. One question this raises is whether the DOJ‘s official Evaluation of Corporate Compliance Programs will change with the new guidance.