Companies that discover potential misconduct can now point to a single DOJ-wide framework governing self-disclosure. Stinson attorneys Bernadette Sargeant, Reginald Harris and Alexandra Stanley explain how the new policy works and why the time to build voluntary disclosure infrastructure is before it’s needed.
In March, the DOJ issued a first-of-its-kind corporate enforcement and voluntary self-disclosure policy (CEP) governing how federal prosecutors evaluate corporate self-disclosure, cooperation and remediation. The CEP, which applies to all corporate matters except criminal antitrust proceedings, replaces the patchwork of policies that existed across DOJ components and US attorneys’ offices with a standardized set of rules.
Nine days later, the DOJ announced the first resolution under the CEP when it declined to prosecute French medical device company Balt SAS in connection with alleged violations of the FCPA, although two individuals were indicted for their roles in the alleged bribery scheme. According to the DOJ, Balt identified the misconduct during its own internal investigation and chose to self-report before the investigation was complete.
Taken together, the CEP and Balt declination may change how companies approach internal investigations. To take full advantage of the CEP in the event wrongdoing is discovered, companies need investigation protocols that account for the possibility of self-reporting from the outset, teams trained to recognize the kinds of findings that should accelerate a disclosure decision and counsel engaged early enough to preserve both privilege and strategic flexibility.
CEP framework
Federal prosecutors have long credited voluntary disclosure and cooperation (see U.S.S.C. §§ 8B2.1, 8C2.5(g)), but standards varied across offices. The CEP replaces that patchwork with a three-tier framework.
Under Part I, the DOJ will decline to prosecute a company that voluntarily self-discloses, fully cooperates and timely remediates as long as there are no aggravating circumstances. The company must still pay disgorgement and restitution.
Under Part II, companies that self-reported in good faith but fell short of the full voluntary self-disclosure standard — or that face aggravating circumstances — may receive a nonprosecution agreement (NPA) of fewer than three years, no compliance monitor and a 50%-75% fine reduction.
Under Part III, prosecutors retain discretion over the resolution, with penalty reductions capped at 50%.
The CEP also intersects with the DOJ’s corporate whistleblower awards pilot program: If a whistleblower reports misconduct both internally and to the DOJ, the company can still qualify for a declination but only if it self-reports within 120 days of the internal report. Companies that delay risk losing their window for the most favorable treatment.
Internal investigations
The Balt SAS resolution illustrates how the CEP works in practice. Balt self-disclosed while its internal investigation was still ongoing, consistent with the CEP’s call to self-disclose “at the earliest possible time, even when a company has not yet completed an internal investigation.” It then cooperated fully, providing all known relevant facts and identifying the individuals involved, and took timely remedial action, including disciplinary measures, termination of the business relationships at issue and improvements to its compliance program. The DOJ found no aggravating circumstances.
The DOJ simultaneously indicted two individuals associated with Balt, reinforcing that leniency for the company does not shield culpable individuals. As Assistant Attorney General A. Tysen Duva put it, the resolution “demonstrates the value of voluntarily self-reporting wrongdoing to the Department of Justice.”
Balt is proof that the CEP rewards speed and cooperation. But for companies to act quickly, the infrastructure must already be in place. Companies need to have compliance plans and procedures in place to respond to concerns, whether raised through hotline complaints, internal reporting, audits or other channels.
When a potential issue surfaces, a prudent company will need to conduct its own investigation with the support of counsel, whether internal or external. The CEP frames this as optional — “if the company chooses to conduct one” — but as a practical matter, an investigation is how a company determines whether and when to self-report, gathers the facts to satisfy the CEP’s cooperation requirements and positions counsel to advocate on its behalf.
Investigations should be structured from the outset to support what the CEP defines as full cooperation. That means proactively disclosing relevant facts, attributing those facts to specific sources rather than offering a general narrative, identifying responsible individuals, providing rolling disclosures as the investigation progresses, preserving documents — including those located overseas — and making employees available for interviews. The CEP’s cooperation standard demands more than passive responsiveness; it rewards companies that get ahead of the government’s questions.
Remediation should not wait for the investigation to conclude, either. Companies should begin remedial measures as the investigation progresses, including but not limited to root-cause analysis, compliance program enhancements and disciplinary action against responsible employees. This demonstration of good faith positions the company for the strongest possible outcome under the CEP.
Self-reporting
Every investigation is different, and the decision to self-report requires careful judgment. But certain findings during an investigation should weigh heavily in favor of disclosure. The most obvious is credible evidence of criminal conduct, particularly bribery, fraud or corruption, that could implicate federal statutes.
The risk of being beaten to the DOJ’s door also matters. With the corporate whistleblower awards pilot program in effect, employees and other insiders have financial incentives to report misconduct directly to the department. Once a whistleblower has already reported internally, the company has at most 120 days to self-report and preserve its eligibility for a declination. Delay can be costly.
When the investigation identifies specific individuals who engaged in wrongdoing, self-reporting positions the company to demonstrate that it is not shielding bad actors, a consideration that clearly mattered in the Balt SAS resolution. Similarly, if there is a realistic possibility that the conduct will surface independently through regulatory audits, media reporting, civil litigation or other means, the CEP’s requirement that disclosure occur before “an imminent threat of disclosure or government investigation” makes early action essential.
Finally, the CEP’s broader Part II reduction range — 505–75% off the low end of the sentencing guidelines fine range — may signal that the DOJ intends to give credit in more situations than prior policies allowed, making self-reporting valuable even in less clear-cut cases. And because the CEP does not displace prosecutors’ traditional discretion under the “Principles of Federal Prosecution of Business Organizations,” internal investigations conducted by counsel also position the company to advocate through those avenues.
Conclusion
The Balt SAS resolution demonstrates what companies stand to gain by investing in compliance infrastructure and treating internal investigations as a strategic function rather than a reactive one. Under the CEP, the incentives for voluntary disclosure are more clearly defined and more consistently applied than ever before. The time to build that capability is now.
Bernadette C. Sargeant
Reginald L. Harris
Alexandra P. Stanley
