Biden Administration Doubles Down on Corporate Criminal Enforcement

In a coordinated set of speeches this month, Deputy Attorney General Lisa Monaco and two of her top staff - Principal Associate DAG Marshall Miller and Criminal Division head Kenneth Polite - provided new guidance for companies and individuals facing criminal investigations.1 In particular, the speeches, and an accompanying memo released on September 15 (the "Monaco Memo"), reiterated DOJ's prioritization of individual accountability, provided additional helpful guidance on how DOJ views recidivism, self-disclosure, and monitors, and discussed the importance of compensation clawbacks and policies related to personal devices.

In this article, we highlight the new guidance and summarize DOJ's reiteration of some common themes, including the prioritization of individual prosecutions, the premiums placed on self-reporting and corporate cooperation, and the use of monitors, and consider how these may impact FCPA compliance and enforcement activity.

Individual Accountability and Corporate Cooperation

Despite noting an overall decline in criminal prosecutions, DOJ emphasized that individual accountability remains DOJ's "first priority," adding that DOJ must "do more and move faster" to expedite investigations of individuals. Those who follow this space regularly will note that this has been DOJ's approach for a number of years. The DAG reiterated the guidance from last year, underscoring that cooperating companies must timely come forward with all relevant, non-privileged facts about individual misconduct in order to receive cooperation credit. According to DAG Monaco, the collection of such evidence should be prioritized, and prosecutors will assess whether they were notified promptly of relevant information or if the company inappropriately delayed disclosure in such a manner that inhibited the investigation. In his speech, Principal Associate DAG Miller expanded on this, stating that timeliness would be a "principal factor" through which cooperation is evaluated and that DOJ, in practice, would expect "cooperating companies to produce hot documents or evidence in real time."

With regard to documents, DOJ already expects cooperating companies in FCPA cases to address data privacy laws and other restrictions in foreign jurisdictions that may inhibit a corporation from producing relevant documents.2 The Monaco Memo formally expands that obligation to cooperating companies outside the FCPA space. In such cases, DOJ expects the company to establish the existence of such restrictions and identify reasonable alternatives to provide the requested documents, including by identifying all available legal bases to preserve, collect, and produce evidence expeditiously. Companies that fail to do so, or inappropriately use foreign law as a shield, may be denied some cooperation credit. As addressing foreign data protection requirements can take a significant amount of time, cooperating companies will need to consider carefully any delays arising from addressing such laws in the sequence of document collection and review in internal investigations. Transparency with DOJ on the status of efforts to address foreign data protection requirements, especially when there are delays, could help companies mitigate the risk of losing cooperation credit.

Investigations involving conduct abroad also increasingly involve dealings with foreign regulators. The Monaco Memo addresses parallel investigations by U.S. and foreign authorities in the context of DOJ's prioritization of individual prosecutions. Where a foreign government intends to prosecute an individual for the same or related conduct being investigated by DOJ, prosecutors may decide to forego a U.S. prosecution, based on a case-specific determination as to whether an individual will be subject to effective prosecution in another jurisdiction by considering the strength of the foreign jurisdiction's interest to prosecute the individual; the foreign jurisdiction's ability and willingness to prosecute effectively; and the likely consequences of a conviction in the foreign jurisdiction. The Monaco Memo also notes that "prosecutors should not be deterred from pursuing appropriate charges just because an individual liable for corporate crime is located outside the United States."

The potential involvement of foreign regulators also adds to the burden on cooperating companies, especially given DAG Monaco's clear message that corporate counsel should be "on the clock" to expedite investigations. In prioritizing the production of evidence relating to individuals located abroad, cooperating companies will also need to consider if and when they notify local regulators, and how doing so could impact their investigative efforts in particular jurisdictions.

When the Yates Memo was issued in 2015, we pointed out that there were significant legal and evidentiary differences between corporate resolutions and individual prosecutions. As a result, the prioritization of the latter could complicate the planning and conduct of corporate internal investigations, including by increasing the hesitancy of employees to cooperate.3 These concerns are no less relevant in 2022, given the Monaco Memo's emphasis on timeliness, the proliferation of data protection laws, and increased coordination with regulators from foreign jurisdictions.

Prior Misconduct

In 2021, when DAG Monaco first stated that prosecutors should consider "all prior misconduct," we criticized the lack of guidance on how to weigh past misconduct when dealing with sprawling global corporations.4 The Monaco Memo offers prosecutors that additional guidance. While prosecutors need to consider all prior corporate misconduct (criminal, civil, and regulatory), not just similar conduct, the DAG clarified that not all prior misconduct should receive the same weight.

"Dated conduct," for example, will receive less weight. DOJ defines "dated conduct" as conduct addressed by prior criminal resolutions more than ten years before the present conduct or civil or regulatory resolutions more than five years before. DOJ warns, however, that even if the misconduct falls outside of these time periods, repeated misconduct may be indicative of a weak compliance culture. Criminal misconduct in the United States and prior misconduct involving "the same personnel or management" or stemming from "the same root causes" will receive the greatest weight.

Importantly, however, DOJ recognized that corporations in highly regulated industries and that are likely to have more contact with regulatory authorities are more likely to have prior regulatory action. Such companies therefore should be compared with similarly situated corporations in determining the weight to be given prior actions.

Given DOJ's focus on past misconduct, DAG Monaco was clear that DOJ generally will disfavor NPAs and DPAs for repeat offenders, particularly for similar types of misconduct. Significantly, though, the Monaco Memo instructs that prior misconduct committed by an acquired entity should receive less weight if the acquiring corporation fully and timely remediated the misconduct and integrated the acquired entity into "an effective, well-designed compliance program" at the acquiring corporation. Principal Associate DAG Miller was more explicit, stating that "we will not treat as a recidivist any company with a proven track record of compliance that acquires a company with a history of compliance problems, so long as those problems are promptly and properly addressed in the context of an acquisition." DOJ's goal, Miller said, is to "reward[] rather than penalize" companies that engage in careful pre-acquisition diligence and post-acquisition integration.

While this underscores the importance of compliance due diligence and integration, it is unclear why DOJ would count an acquired entity's historic misconduct as a strike against an acquirer that took all the pre- and post-acquisition steps DOJ is seeking.

It also is unclear whether the "declination with disgorgement," a particular remedy available under the DOJ's 2016 Corporate Enforcement Program for FCPA matters, remains a viable option. We have seen DOJ enter into a "declination with disgorgement" only once since President Biden's inauguration in January 2021, and neither DAG Monaco's speech nor the Monaco Memo provides any insight into whether a declination with disgorgement remains an alternative to prosecution.

Voluntary Self-Disclosure

Voluntary self-disclosure continues to be a key driver for DOJ. In her speech, DAG Monaco noted the success of the DOJ's FCPA Corporate Enforcement Policy and the Antitrust Division's Leniency Policy and Procedures, and called for a Departmentwide expansion of these programs. The Monaco Memo instructs each DOJ division to draft and publicly share a policy on corporate voluntary self-disclosure that explains what constitutes a voluntary self-disclosure under the component's policy and what benefits corporations can expect from self-disclosing.

DAG Monaco stated that absent aggravating factors, DOJ will not seek a guilty plea from companies that have voluntarily self-disclosed, fully cooperated, and timely and appropriately remediated their misconduct. DAG Monaco provided two examples of aggravating factors: wrongdoing that presents a threat to national security or is "deeply pervasive." AAG Polite underscored that involvement of executive management, significant profit to the company, and pervasiveness also will be considered aggravating factors. It bears noting that the prospect of a declination with disgorgement provides a greater incentive to self-report than avoiding a guilty plea.

Corporate Compliance Programs and Employee Compensation

One reason to credit voluntary self-disclosure, according to both DAG Monaco and Principal Associate DAG Miller, is that it is often only possible when a company has a well-developed compliance program that is able to detect wrongdoing. In addition to factors that DOJ previously has focused on, including how companies "measure and identify compliance risk," whether companies use data analytics to monitor suspicious transactions, how discipline is carried out, and how companies ensure an appropriate tone from the top, the Monaco Memo and the recent DOJ speeches focused on two metrics to be considered in judging a corporate compliance program: compensation systems and methods of policing the use of personal devices and communications apps.

Under DOJ's new approach, prosecutors should consider whether a company's compensation system not only rewards compliant behavior, but also penalizes "current or former employees, executives, or directors whose direct or supervisory actions or omissions contributed to criminal conduct." The Monaco Memo cites clawback measures and partial escrowing of compensation as examples of compensation systems that can help deter criminal activity. As noted by Principal Associate DAG Miller, a focus on compensation is part of a trend going back to the Sarbanes-Oxley Act clawback provisions in the context of financial restatements and more recent language in the Dodd-Frank Act. Relatedly, SEC officials at the "SEC Speaks" conference on September 8, 2022 alluded to relying more aggressively on Section 304 of the Sarbanes-Oxley Act to claw back compensation bonuses and stock sale profits from CEOs and CFOs whose companies have been involved in misconduct.5 To further this trend, DAG Monaco instructed DOJ's Criminal Division to develop further guidance on how prosecutors should assess compensation structure. AAG Polite noted that in doing so, the Criminal Division will be meeting with "our agency partners and experts of executive compensation."

At the end of the discussion of executive compensation, the Monaco Memo instructs prosecutors consider whether "a corporation uses or has used nondisclosure or non-disparagement provisions in compensation agreements, severance agreements, or other financial arrangements so as to inhibit the public disclosure of criminal misconduct by a corporation or its employees." Corporations cannot and generally do not prohibit employees from reporting potential criminal behavior to DOJ or other regulatory authorities. That said, corporations often limit what may be disclosed to competitors, suppliers, the press, or the public at large. Like recent SEC enforcement actions, the Monaco Memo's reference to non-disclosure agreements might be intended as a reminder to employers that non-disclosure obligations should not be so broad that an employee could believe mistakenly that they prohibit reports to regulators.6 Alternatively, that reference could represent something broader that would require further guidance.

Messaging Apps

For a number of years, DOJ has warned companies that they need to take measures to either prohibit their employees from using text messaging apps or find a way to police their use. It is clear from both DAG Monaco's speech and the subsequent statements of Principal Associate DAG Miller that DOJ is turning up the pressure on this front.

The Monaco Memo provides "a general rule" that robust compliance programs should feature effective and enforced policies governing the use of personal devices and messaging platforms, as well as clear employee training on such policies. Principal Associate DAG Miller provided a more results-oriented metric for the how a corporation's compliance program should be assessed regarding communications technology: however a company decides to police the use of personal devices and messaging technology, "the end result must be the same: companies need to prevent circumvention of compliance protocols through off-system activity, preserve all key data and communications and have the capability to promptly produce that information to the government."

Unfortunately, that is easier said than done, especially for companies operating in foreign jurisdictions where apps like WeChat and WhatsApp - rather than email - are a common medium for business communication and data protection laws limit a company's access to personal devices. To address that challenge, the Monaco Memo instructs the Criminal Division to "study best corporate practices" in this area and incorporate them into future guidance. We will watch with interest to see what practices DOJ identifies.

Corporate Monitors

In her October 2021 memo, DAG Monaco reversed the Trump Administration's position disfavoring corporate monitors, saying instead that DOJ will neither favor nor disfavor the requirement of an independent compliance monitor as part of a corporate criminal resolution. However, that memo did not address many of the concerns regarding the reasoning behind the selection of a monitor in certain cases, the transparency of the process, or the burden a monitor could impose.

The Monaco Memo addresses many of those issues, including by providing a non-exclusive list of factors that prosecutors should consider when deciding whether to require a monitor. These include whether the company voluntarily self-disclosed and whether the underlying conduct revealed weaknesses in the compliance program, among others. The Monaco Memo also makes clear that prosecutors should assess the quality of a compliance program both at the time of misconduct and at the time of resolution, reflecting that implementing compliance enhancements in parallel with an investigation can yield benefits. However, the practical availability of these benefits may be reduced by DOJ's focus on speed. Will there be enough time to both improve and test a compliance program before a resolution?

On this score, one may find some reassurance in Principal Associate DAG Miller's recent speech. According to Miller, the purpose of the policies in the Monaco Memo is to "replace the bludgeon with the scalpel." Thus, if a monitorship is needed, it should be "carefully tailored to the particular misconduct and compliance program deficiencies identified" and should be "narrowly drawn."

Under DOJ policy, once a decision to impose a monitor has been made, the selection of the monitor must follow transparent procedures. To encourage consistency and transparency across DOJ components in the monitor selection process, DOJ is also requiring every component of DOJ without a public monitor selection process to publish its own.

Once a monitor is selected, prosecutors are to ensure that "the monitor's responsibilities and scope of authority are well-defined and recorded in writing, and that a clear workplan is agreed upon between the monitor and the corporation." Prosecutors will also expect to receive regulator updates about the status of the monitorship. This will allow prosecutors to evaluate a corporation's progress and provide for the possibility of an early termination of the monitorship or its extension.

Conclusion

There is a long history of DOJ memoranda detailing factors to be considered in the decision to prosecute or not prosecute corporations. The Monaco Memo is the most recent entry onto this long list and DAG Monaco's second in as many years. The additional transparency provided in these memoranda, and in the Monaco Memo in particular, is valuable for counsel and compliance professionals.

That said, with each iteration of DOJ guidance, cooperation requirements become more burdensome and the list of factors to consider in assessing a compliance program becomes both more complex and more aspirational. Whether the recent interventions of DAG Monaco and her colleagues will materially change the manner in which corporate criminal investigations are conducted or the calculus by which corporations respond to such investigations remains to be seen. The promised additional guidance concerning compensation arrangements and messaging platforms will be particularly important. In the meantime, companies and their counsel should study carefully the implications of the 2022 Speech and the Monaco Memo while awaiting the next installment, including by reviewing protocols relating to the storage and transfer of data from data protection jurisdictions as well as how their compliance programs deal with executive compensation and communications apps.

Click here to continue reading . . .

Footnotes

1. U.S. Dep't of Justice, "Deputy Attorney General Lisa O. Monaco Delivers Remarks on Corporate Criminal Enforcement" (Sept. 15, 2022), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-remarks-corporate-criminal-enforcement ("2022 Speech"); Memo from the Deputy Attorney General (Lisa O. Monaco), "Further Revisions to Corporate Criminal Enforcement Policies Follow Discussions with Corporate Crime Advisory Group" (Sept. 15, 2022), https://www.justice.gov/dag/page/file/1535286/download ("Monaco Memo"); U.S. Dep't of Justice, "Principal Associate Deputy Attorney General Marshall Miller Delivers Live Keynote Address at Global Investigations Review" (Sept. 20, 2022), https://www.justice.gov/opa/speech/principal-associate-deputy-attorney-general-marshall-miller-delivers-live-keynote-address; U.S. Dep't of Justice, "Assistant Attorney General Kenneth A. Polite Delivers Remarks at the University of Texas Law School" (Sept. 16, 2022), https://www.justice.gov/opa/speech/assistant-attorney-general-kenneth-polite-delivers-remarks-university-texas-law-school.

2. U.S. Dep't of Justice, Justice Manual § 9-47.120.

3. See Debevoise Client Update, "The 'Yates Memorandum': Has DOJ Really Changed its Approach to White Collar Criminal Investigations and Prosecutions?" (Sept. 15, 2015), https://www.debevoise.com/insights/publications/2015/09/the-yates-memorandum-has-doj-really-changed

4. See Debevoise In Depth, "DOJ Revises Corporate Criminal Enforcement Policies" (Nov. 1, 2021), https://www.debevoise.com/insights/publications/2021/11/doj-revises-corporate-criminal-enforcement.

5. See, e.g., U.S. Sec. & Exch. Comm'n, "Remarks at SEC Speaks - Sanjay Wadhwa, Deputy Director of Enforcement" (Sept. 9, 2022), https://www.sec.gov/news/speech/wadwah-remarks-sec-speaks-090922.

6. Recent enforcement activity reflects how the SEC may enforce Rule 21F-17(a), which prohibits actions to impede communications with SEC staff about possible securities law violations. This includes when companies require employees to sign confidentiality agreements prohibiting disclosure of financial or business information to third parties, if there is no written exemption for disclosure to the SEC. But, in contrast to what the Monaco Memo may intend, the SEC's focus appears more clearly to be on disclosure to the Commission itself, not the general public. See In re The Brink's Company, Securities Exchange Act Release No. 95138 (June 22, 2022), https://www.sec.gov/litigation/admin/2022/34-95138.pdf.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.