No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Monaco Memo 2.0: Companies Should Start Preparing Now for Future DOJ Investigations

Use of third-party apps, executive compensation need attention sooner rather than later

by Miller & Chevalier
November 2, 2022
in Compliance, FCPA
doj outside sculpture_n

Following up on her watershed 2021 memo, Deputy Attorney General Lisa Monaco’s latest missive highlights a pair of issues that companies need to begin preparing for now if they are to avoid major FCPA repercussions down the line. John E. Davis, member and practice lead of Miller & Chevalier’s FCPA and international anti-corruption practice in Washington, D.C., digs into the issues.

Recent guidance by the U.S. Department of Justice (DOJ) regarding corporate criminal investigations will require attention and potentially significant compliance program upgrades by companies to ensure they remain eligible for favorable consideration in the event of a DOJ investigation. Among other areas, companies should start to review their oversight of employee communications using personal devices and ephemeral messaging applications such as WhatsApp and their executive compensation systems, focusing on incentives and discipline related to compliance behaviors. 

On Sept. 15, Deputy Attorney General Lisa Monaco issued a new memorandum on “Further Revisions to Corporate Criminal Enforcement Policies” that will apply across all of the DOJ’s components, including the Fraud Section, which enforces the U.S. Foreign Corrupt Practices Act (FCPA). This new memorandum follows Monaco’s Oct. 28, 2021, memorandum on “initial revisions” to those policies and is the result of an evaluation process by the DOJ’s corporate crime advisory group. 

The new Monaco memorandum announces new guidance for DOJ prosecutors in several key areas of interest to companies potentially facing criminal investigations, including:

  • The prioritization of building cases against culpable individuals in parallel with related corporate investigations and clarification on whether corporate self-disclosures are “timely” as they relate to conduct by employees.
  • Discussion of how to evaluate a company’s history of prior corporate misconduct in making decisions about resolving current investigations.
  • New commentary on how to evaluate a company’s corporate compliance program, including new specific discussion of the role of executive compensation structures (incentives and disciplinary mechanisms).
  • Expansion of prior DOJ guidance on corporate policies related to use of personal devices and third-party applications (such as WhatsApp and other chat applications), focused on the need for corporate policies to ensure that information from these sources can be provided to the DOJ in investigations.
  • New discussion on the imposition, selection and management of independent compliance monitors, including the need for active DOJ engagement throughout the term of any monitorship 

Monaco and Assistant Attorney General for the Criminal Division Kenneth Polite have spoken publicly on the new memorandum, offering additional commentary related to the topics above and other issues. In many instances, the new memorandum extends principles articulated in the previously issued FCPA corporate enforcement policy across the entire DOJ (except for other existing policies, such as those long issued by the Antitrust Division). As such, in the world of FCPA enforcement, the new memorandum is not a game changer, but companies involved in DOJ FCPA inquiries now face multiple new challenges as a result of the new guidance. 

Two of the most critical challenges involve employees’ use of personal devices and third-party applications for work communications and the use of employee compensation to discipline and incentivize compliance. The DOJ plans to issue further guidance on both areas in the future, but companies should begin assessing how to manage these issues now. 


Fox Monaco doctrine wp_f
Compliance

The Monaco Doctrine: A Jolt for Compliance

by Corporate Compliance Insights
October 17, 2022

September saw the announcement of a significant refinement of Department of Justice (DOJ) enforcement policies around FCPA enforcement and corporate compliance programs. Tom Fox, author, podcaster and compliance expert, shares insights from his conversations with several thought leaders in compliance.

Read more

Managing company data on personal devices and third-party applications

The new Monaco memo summarizes past DOJ policies on evaluating the effectiveness of corporate compliance programs, including the Criminal Division’s guidance, which was most recently updated in 2020. The discussion reiterates that, in the context of determining an appropriate disposition to an investigation, the DOJ should “assess the adequacy and effectiveness of the corporation’s compliance program at two points in time: (1) the time of the offense; and (2) the time of a charging decision.” 

The memorandum also identifies two “additional metrics relevant to prosecutors’ evaluation of a corporation’s compliance program and culture.” One additional metric directs DOJ prosecutors to “consider whether the corporation has implemented effective policies and procedures governing the use of personal devices and third-party messaging platforms [such as WhatsApp or, perhaps more challenging, the Chinese WeChat] to ensure that business-related electronic data and communications are preserved (emphasis added).” The memorandum notes further that “[a]s a general rule, all corporations with robust compliance programs should have effective policies governing the use of personal devices and third-party messaging platforms for corporate communications, should provide clear training to employees about such policies, and should enforce such policies when violations are identified.”

Preservation of such data was also the focus of the SEC’s recent penalties (totaling close to $2 billion) levied against various financial services institutions for “for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications” per specific recordkeeping requirements under federal securities laws. Much of the penalized activity involved employee use of “text messaging applications on their personal devices” for “off-channel communications” that the companies did not maintain or preserve. While the rules at issue in these settlements are limited to financial services, the DOJ is pushing all companies to preserve similar communications in order to be eligible for full credit for cooperation in any DOJ investigation.   

The scope of the new Monaco memorandum’s language is broad, covering data on all personal devices, including phones, tablets, and laptops, that employees use for business communications. Relevant software and applications that fall under this guidance if used for business purposes includes outside ephemeral messaging applications that automatically delete messages after a certain period of time like Snapchat, WeChat or Signal; outside applications that use end-to-end encryption like WhatsApp or Telegram; and outside email programs like Gmail. 

The focus on personal devices and third-party applications is not new, as the DOJ’s 2019 revisions to the FCPA corporate enforcement policy emphasize the need to preserve data from “personal communications and ephemeral messaging platforms that undermine the company’s ability to appropriately retain business records or communications.” Nevertheless, this requirement remains a challenge for companies to implement, especially with regard to non-U.S. applications like WeChat and as other countries’ data privacy and national security regulations continue to develop and apply to data on personal devices. 

In recognition of these challenges, the new Monaco memorandum directs the DOJ’s Criminal Division “to further study best corporate practices regarding use of personal devices and third-party messaging platforms and incorporate the product of that effort into the next edition of its Evaluation of Corporate Compliance Programs, so that the department can address these issues thoughtfully and consistently.” That said, companies that wish to benefit from the DOJ guidance are expected to implement controls on the use of personal devices and ephemeral communications before any FCPA matter arises. Companies thus should consider:

  • Conducting a reasonable, risk-based, demonstrable assessment of employees’ use of personal devices and ephemeral communications to assess the company’s need for appropriate controls over personal devices and ephemeral messaging platforms that are tailored to a company’s specific operations.
  • In light of the assessment’s findings, modifying any existing policies or develop new guidance that clearly instruct employees regarding (1) what types of personal devices (if any) and communication software are permissible to use in connection with business matters and (2) the rules that apply to preserving all such business communications on a timeline consistent with the company’s other document/data preservation requirements.
  • Checking those rules for potential issues under relevant data privacy or other applicable data management regimes, such as the EU’s General Data Protection Regulation (GDPR).
  • As needed, developing and implementing new training to employees on the rules related to personal devices and third-party applications, focused on preservation requirements.
  • Being ready to enforce the rules appropriately across the company.

Incentivizing and disciplining executives using compliance metrics

The second “additional metric” related to corporate compliance programs and cultures focuses on the role of compensation structures — both disciplinary measures and incentives that support compliant behaviors. Such structures, especially on the discipline side, have long been considered a key element of an effective compliance program by the DOJ and SEC, as well as under international standards. 

The DOJ’s existing compliance program effectiveness guidance has included questions as to “[h]ow the company incentivize[s] compliance and ethical behavior” and whether “there [have] been specific examples of actions taken (e.g., promotions or awards denied) [or bonuses, cited elsewhere] as a result of compliance and ethics considerations.” The new Monaco memorandum builds on this language by stating that “[p]rosecutors should … consider whether a corporation’ s compensation systems provide affirmative incentives for compliance-promoting behavior.” The memorandum notes that such affirmative incentives could include “the use of compliance metrics and benchmarks in compensation calculations and the use of performance reviews that measure and reward compliance-promoting behavior, both as to the employee and any subordinates whom they supervise.” 

As the DOJ is aware, many companies have already deployed these types of incentives, though the details and execution can vary widely based on many factors. The formal addition of this metric will mean that companies that have resisted these types of incentives in the past may want to reconsider such incentives’ potential benefits for managing enforcement risks.

The memorandum also expands on the assessment of disciplinary measures, noting that “prosecutors should examine whether compensation systems are crafted in a way that allows for retroactive discipline, including through the use of [compensation] clawback measures, partial escrowing of compensation, or equivalent arrangements.” Further, the memorandum instructs prosecutors to evaluate whether and how a company has “taken affirmative steps to execute on such agreements and clawback compensation previously paid to current or former executives whose actions or omissions resulted in, or contributed to, the criminal conduct at issue (emphasis added).” In a speech at Global Investigation Review’s GIR Live event on Sept. 20, Principal Associate Deputy Attorney General Marshall Miller discussed the DOJ’s expectations as to clawbacks, stating, “[w]hat we expect now in 2022 is that companies will have robust and regularly deployed clawback programs, [as] [a]ll too often we see companies scramble to dust off and implement dormant policies once they’re in the crosshairs of an investigation.” He also noted that prosecutors would assess whether “the company [is] targeting bonuses to employees and supervisors who set the right tone.”

Other statements by Monaco at the time of her speech indicate that the DOJ’s focus on clawbacks is being coordinated with recent SEC statements regarding increased enforcement of Section 304 of the Sarbanes-Oxley Act, under which the SEC has required CEOs and CFOs to reimburse their companies for certain compensation if the company is required to restate its financials resulting from misconduct. 

It is unclear how extensively the DOJ has considered the potential challenges for companies to implement such features as clawbacks in their existing executive compensation systems (especially as to former executives), given the rules that govern such systems and the market dynamics that drive such compensation at senior levels. Often the money at issue has already been taxed, invested, or spent, and managing the tax consequences can be difficult for both the company and executives. 

Perhaps a sign of the awareness of these difficulties is that the new Monaco memorandum directs the Criminal Division to “develop further guidance by the end of [2022] on how to reward corporations that develop and apply compensation clawback policies, including how to shift the burden of corporate financial penalties away from shareholders — who in many cases do not have a role in misconduct — onto those more directly responsible.” In his speech, Polite noted that, during this process, the division will “get inputs” from “experts on executive compensation.” 

In the meantime, companies should consider:

  • Reviewing company bylaws, articles, and compensation policies to determine the level of existing authority and flexibility for executing clawbacks and related actions.
  • Ensuring that current policies, processes, and related training and management messaging make clear that compliance-related lapses by employees can trigger clawbacks or other appropriate financial circumstances.
  • Assessing whether existing policies adequately allow for clawbacks or related actions in cases of executives’ failure in supervision or omissions that caused compliance or controls failures.
  • Analyzing the state of any compliance-related incentives for employees and managers and determining whether additional financial or other incentives or key performance indicators (KPIs) are appropriate to reinforce a strong compliance culture.

Tags: Data GovernanceDOJ
Previous Post

Refinitiv Introduces Digital Onboarding Tools

Next Post

Why Our Best Employees Don’t Speak Up

Miller & Chevalier

Miller & Chevalier

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

safe harbor

What Is Safe in a World Without Antitrust Safe Harbors?

by Fiona Schaeffer and Adam Di Vincenzo
March 22, 2023

A trio of policy statements dating back to 1993 established the concept of safety zones with regard to information exchanges...

banks information sharing_f

Sharing Is Caring? Lessons From Dutch Banks’ Data-Sharing Program

by Sukirt Singh
March 22, 2023

With federal investigations pending, the autopsy of Silicon Valley Bank and resulting cascade of bank failures is only just beginning....

Next Post
best employees speak up

Why Our Best Employees Don’t Speak Up

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT