The Monaco memo’s imposition of CCO certification in DOJ investigations has, reasonably, been a major anxiety-inducer for compliance professionals. And while DOJ officials have said the requirement is designed to “empower” CCOs to ensure their programs are up to snuff, with great empowerment comes, well, great risk. Luke Cass, Michael E. Clark and Chukwukpee Nzegwu from Womble Bond Dickinson dig into the DOJ’s statements and offer guidance for smart CCOs.
Under the so-called Monaco memo authored by Deputy Attorney General Lisa Monaco, the DOJ adds more pressure to its ongoing “carrot and stick” approach to resolving corporate criminal matters that is intended to force companies to implement more effective compliance programs, voluntarily self-disclose misconduct and demonstrate their cooperation if they hope to obtain non-prosecution or leniency.
As part of this approach, corporate compliance officers and CEOs now must sign a certification of compliance — under penalty of perjury — to resolve such matters in certain cases, while an associated policy revision involves the use of compliance monitors. Under the Biden Administration, DOJ likely will more often seek to impose corporate monitorships than it had under the Trump Administration, which also will increase the costs and risks to such entities.
The DOJ hopes the changes will “empower” CCOs to regularly review and audit their compliance programs for factors the department will evaluate — such as how payment activities are monitored, the behavior of senior leadership, how disciplinary decisions are made for rulebreakers, how compliance risks are measured and identified and so on. However, it is undeniable that with that “empowerment” comes the associated risk of a felony prosecution under Title 18, United States Code, Sections 1001, 1517 and 1519.
DOJ increasingly using certification for corporate officers in enforcement actions
It appears the DOJ derived its CCO-centered approach from its requirement that chief financial officers and CEOs certify pursuant to 18 U.S.C. § 1001 that they will satisfy their financial disclosure obligations under agreements with the government. For example, Deutsche Bank’s CEO and CFO were required to sign a disclosure certification as part of a deferred prosecution agreement with the government. Part of the certification involved “any and all Disclosable Information that has been identified through the Company’s compliance and controls program, whistleblower channel, internal audit reports, due diligence procedures, investigation process, or other processes.”
Compliance certification and enforcement have continued to grow in the DOJ’s toolkit. This has been ongoing since Sarbanes-Oxley, as Norman Veasey, former chief justice of the Delaware Supreme Court, explains in greater detail, pointing to the increased number of formal complaints, sanctions and convictions against general counsel. For example, in 2019, civil monetary penalty charges were brought against the former general counsel of Rabobank by the Office of the Comptroller of the Currency over allegations that he participated in concealment on reporting obligations, among other things.
As Details of $1B Glencore FCPA Settlement Show, Cooperation Pays
The blockbuster settlement and plea agreement by Glencore tells the story of a multinational culture of corruption. Attorney and podcaster Tom Fox breaks down the gory details and offers insight into what this case might reveal about where FCPA enforcement is headed under the Biden Administration.Read more
A more recent example was in May 2022, when the DOJ entered a billion-dollar settlement after bringing an FCPA charge against a large mining company, Glencore. That agreement required its CEO and CCO to sign under penalty of perjury that:
(1) “the undersigned are aware of the Company’s compliance obligations under … the Agreement”; (2) “the Company has implemented a compliance program that meets the requirements set forth in … the Agreement”; and (3) “such compliance program is reasonably designed to detect and prevent violations of the [applicable law] (as defined in the Agreement) throughout the company’s operations.”
This certification included a confirmation that the CEO and CCO were duly authorized to sign the certification and that the certification constituted “a material statement and representation by the undersigned and by, on behalf of, and for the benefit of, the Company to the executive branch of the United States for purposes of 18 U.S.C. § 1001.”
Under 18 U.S.C. § 1001(a), any CCO who “knowingly and willfully” makes a false statement or fraudulent representation through signing the certification may face fines and potential imprisonment. Direct or circumstantial evidence is sufficient to find that the designated signees “knowingly and willfully” made a false statement when signing the certification — such as misrepresenting whether the compliance program the company implemented is reasonably designed to detect and prevent the violations outlined in the agreement with the government. Though the DOJ says its CCO-centered approach doesn’t provide “fodder for criminal prosecution of CEOs or CCOs,” and instead “memorializes [a] company’s commitment to take its compliance obligations seriously,” signing individuals should have a heightened awareness of the risks associated with certification.
An ounce of prevention …
While this certification is most notable for entities facing DOJ enforcement actions, all CEOs and CCOs should proactively and carefully review existing insurance coverage policies to see if they adequately protect them given these heightened risks since such policies often have interpretive language as to what triggers coverage of a “claim” and since such policies may have other limitations such as coverage at artificially low rates that will not be adequate to compensate experienced white collar counsel to advise them.
As part of this certification process, CEOs and CCOs should request, at the company’s expense, for independent counsel to be engaged to advise them on the certification process. An examination of the adequacy of related documents designed to protect these key individuals, such as whether the advancement of legal fees by the entity is mandatory or discretionary, is also well-advised. In that regard, given these heightened new potential risks, it may be advisable for CEOs and CCOs to negotiate agreements with their employers that provide them with independent counsel of their choice to advise them about the relative risks and benefits if called on to make such sworn certifications.
In recent remarks at a recent FCPA conference, DOJ’s Fraud Section Chief Glenn Leon said the certification was meant only for a narrow band of cases where a company admits to compliance program failures — it is not intended as a “gotcha” requirement. He said the certification would be the capstone of a long relationship with DOJ and is intended for only a small number of companies. Leon described this as a reasonable request and downplayed that it should not be a “hard ask” to certify that a compliance program is reasonably designed to prevent and detect violations of law. Far from a tool of empowerment, this requirement has the ability to be a Sword of Damocles hanging over the heads of CCOs and CEOs.
- CCOs should review their company’s compliance programs and revise them to benefit from some of the DOJ’s carrots so that if there comes a time where the DOJ has an enforcement action against the company, the terms of the later agreement will be more favorable to the company.
- At a minimum, a CCO and CEO should not sign such a certification without having conducted adequate due diligence as to the facts to which they are attesting. Having independent, experienced outside counsel to consult with and obtain advice from before taking such steps will likely help in showing good faith by the certifying officers—but there are always associated risks, including the fact that full disclosure of known facts to such counsel is a key element to establishing the reliance on counsel defense (which will typically require the waiver of privilege). Signing pursuant to 18 U.S.C. § 1001 increases a CCO’s risk.
- CCOs should investigate the details of their insurance agreements and related documents to gauge how their coverage may be affected in view of the Monaco Memo. CCOs may have a right to greater compensation and even increased indemnification from the companies that they oversee.
- CCOs may see this as the right time to review their employment contracts and re-negotiate the terms to reflect the new liability that they may face.
Does the Monaco Memo empower compliance programs or complicate the jobs of CCOs through increased risk? Who pays the fees when a compliance program is found to be ineffective? Having a knowledgeable team of attorneys to help negotiate terms of a new employment contract to reflect additional risks post-Monaco or to help negotiate the terms of the certificate of compliance will be in a CEO or CCO’s best interest.
Authors Luke Cass, Michael E. Clark and Chukwukpee Nzegwu, are attorneys in Womble Bond Dickinson’s white-collar defense, investigations and regulatory enforcement group. Cass, a partner in the firm’s Washington, D.C., office, has significant experience defending clients against a variety of federal criminal allegations and previously served as a federal prosecutor for over a decade. Clark, senior counsel in the Houston office, is an accomplished litigator with years of experience in private practice and in the federal government, including previously serving as the chief of the Criminal Division for the U.S. Attorney’s Office for the Southern District of Texas. Nzegwu is an associate in the Baltimore office who focuses his practice on complex commercial litigation.