One CEP to Rule Them All?

The Holder memo. The Thompson memo. The McNulty memo. The Yates memo. The Monaco memo. The Blanche memo. Since the 1990s, the DOJ has published a litany of missives on its policies for prosecuting corporate criminal cases. In a March 10 news release announcing its latest CEP update, this time, the DOJ went a step further, applying the policy department-wide, except for antitrust cases, and saying it supersedes other policies across DOJ divisions and US attorneys offices.

Among the questions for senior corporate leaders, according to the experts who spoke with CCI about the new CEP, are what exactly supersession means and whether the blanket application of the policy, the text of which is largely identical to a 2025 update, with important exceptions, will meaningfully inform a company’s decision-making on whether to self-report misconduct.

“As with the previous versions of the CEP, the new CEP moves the needle somewhat because it provides a more uniform framework and gives companies more clarity about the likely range of outcomes, but it does not completely change the analysis,” said Laura Perkins, a former prosecutor in the DOJ’s Criminal Division who now is a partner in the global litigation group at Cadwalader, Wickersham & Taft. “Even with the benefits offered by the CEP, the decision of whether to self-report remains a complicated one that needs to be carefully evaluated.”

What’s new in the 2026 CEP?

The text of the 2026 update is quite similar to the Criminal Division CEP published in 2025, with “Department” replacing “Criminal Division.” However, at least one substantive change was made, one that may inject even more uncertainty. 

In 2025, the Criminal Division introduced a series of potential paths to declination, which were outlined in a flow chart it said would help companies decide whether to self-report. The chart included a “near-miss” category in which a company could receive a fine reduction even if it did not meet the conditions for a declination. That flow chart is duplicated in the 2026 DOJ-wide CEP (in fact, it looks like a copy of a copy), but the promised fine reduction for near-miss cases has changed, from a flat 75% off the low end of the US sentencing guidelines range to between 50% and 75% of the sentencing guidelines range. (The 2023 CEP, released under the previous presidential administration, similarly had a 50% to 75% range.)

So while added uniformity in handling disclosures is a step in the right direction, said Keith Rosen, a former assistant US attorney and now co-head of global investigations at Norton Rose Fulbright, certainty is not iron-clad.

“This iteration may actually make outcomes less predictable, as in some places it dilutes the level of certainty offered to companies and inserts more prosecutorial discretion into the process,” Rosen told CCI.

Other substantive changes:

• Recidivism: The 2025 version disqualified companies with a resolution or enforcement action “within the last five years based on similar conduct.” The new version adds “or otherwise,” removing the time limit for similar misconduct and leaving it to the DOJ’s discretion to determine when past conduct is similar enough to be disqualifying.
• Whistleblowing: In 2025, the Criminal Division gave companies 120 days from an internal whistleblower report to self-disclose conduct; now, the guidance requires disclosure “as soon as reasonably practicable but no later than 120 days.” That means even if a company reports within the 120-day window, the department may still find the report was too slow.
• Regulatory disclosure: Both the 2023 and 2025 Criminal Division CEPs were silent on whether disclosures to regulators or civil enforcement agencies could qualify as self-reporting; the 2026 version is explicit: it’s up to the DOJ. This is handled in a footnote rather than in the policy itself.

Notably, the language around supersession of DOJ component- and US attorneys office-specific policies appears only in the news release announcing the policy, not in the policy itself. And the timing of the new DOJ-wide CEP is eyebrow-raising, coming just two weeks after the US Attorney’s Office for the Southern District of New York (SDNY) released its own corporate enforcement policy, which while it has a narrower scope, applying only to financial crimes affecting market integrity, offered more definitive policies: a defined timeline, a narrower definition of aggravating circumstances and a more forgiving definition of voluntary disclosure.

Whether the timing of the two announcements is more than simple coincidence is unclear, and experts who spoke with CCI were split on exactly what supersession means in this case.

“In light of the odd sequence of events, it is notable that the language about the CEP superseding other policies appeared in DOJ’s announcement of the CEP, not in the policy itself, which invites the question to what extent other policies are prohibited, particularly where they enhance but do not contradict with the CEP,” Perkins said. “Given that, it is possible that SDNY will take the position that certain features of its policy, such as how it approaches conditional declination, remain despite the CEP because they simply describe how SDNY intends to exercise its discretion in areas where the CEP has left flexibility, rather than contradicting the CEP.”

In a written Q&A with CCI, Eric Beste and Scott Hulsey, both former DOJ officials who now are partners at Barnes & Thornburg, said that the DOJ’s desire for one blanket CEP will indeed constrain individual offices.

“SDNY may have been trying to stake out ground or move quickly on an issue it viewed as important, while Main Justice was focused on standardization across the department,” they wrote. “The March 10 policy makes clear, however, that DOJ ultimately wants a single, unified framework — and that individual offices will have less room to differentiate going forward, at least at the policy level.”

Featured

2 Paths, 2 Outcomes: DOJ’s Inconsistent Corporate Self-Disclosure Policies

by Josh Hurwit, Greg Goldberg, John Anderson and John Sullivan

December 22, 2025

Read moreDetails

Carrots, sticks & fine print

For all of the DOJ’s years of deploying a variety of carrots and sticks to incentivize self-reporting of misconduct, that remains a difficult decision, affected by many moving parts, experts agreed. So while the new CEP seeks to provide unified guidance, the document is just that — guidance.

“The policy serves as a guide — not a guarantee,” Beste and Hulsey wrote. “Early strategic judgment still matters enormously, including how and when to engage DOJ, how to frame the narrative and how to sequence internal investigative steps.”

They also cautioned that while corporate compliance, risk and governance professionals are closely examining this CEP, the corporate community is not exactly the audience and that the government and business leaders may have different goals.

“Keep in mind that this memo is directed to prosecutors to guide their efforts and does not create ‘rights’ for defendants. The department’s objective is to encourage early disclosure, but this objective may not always be what is best for a company.”

Perkins agreed, adding that individual fact patterns matter more than flow charts.

“Overall, compliance officers should not read the CEP as making self-reporting an easy or automatic choice,” Perkins said. “The CEP may offer meaningful benefits, but the decision as to whether to self-report still requires a careful, case-specific analysis.”

Rosen similarly cautioned companies against assuming they will have ample time to run their internal investigation.

“The issue that some might overestimate is the amount of time a company has to make a decision about whether to disclose and try to get credit for self-reporting an issue,” Rosen said. “To get credit, the self-disclosure needs to happen at the ‘earliest possible time,’ which for many companies may be before there is time to fully investigate and assess an allegation.”