The prosecution of corporations has become a mainstay of federal white-collar criminal enforcement. Why is that? Corporations cannot be sent to prison, and they act only through individuals. The Department of Justice (DOJ) routinely emphasizes that the key to deterring corporate misconduct is the prosecution of individuals.
The theory seems to be that a company should be prosecuted chiefly as a means of improving corporate conduct—notably, by strengthening compliance programs and, more broadly, reforming company culture. Consistent with this objective, DOJ ordinarily gives credit for robust compliance programs (together with voluntary reporting and remediation of misconduct). Likewise, DOJ commonly makes specific compliance enhancements a part of plea and deferred and non-prosecution agreements (DPAs and NPAs).
In this article we discuss a recent development that reflects, and extends, DOJ's use of criminal prosecution as a means of achieving corporate reform. In May 2022 plea agreements with energy and commodities trading firm Glencore International A.G. and its affiliate Glencore Ltd. (collectively, Glencore), DOJ included a requirement that the Chief Executive Officer (CEO) and Chief Compliance Officer (CCO) certify, at the close of a three-year monitorship, that Glencore has fulfilled its compliance-related obligations under the plea agreements. This appears to be the first time DOJ has imposed such a requirement to resolve a criminal investigation.
After describing the relevant provisions of the Glencore agreements, we discuss the rationale for the new policy, as expressed in recent remarks by DOJ officials, and situate the policy in the context of settlement agreements with other government enforcement authorities. We conclude by briefly considering the practical implications of DOJ's new certification requirement.
The Glencore Plea Agreements
On May 24, 2022, Glencore pled guilty in separate cases to violations of the Foreign Corrupt Practices Act (FCPA) and a conspiracy to manipulate the price of commodities. The FCPA charges centered on payments of about $100 million to foreign officials through intermediaries in seven countries. The commodities charges centered on the manipulation of two benchmark price assessments for fuel products.
Glencore agreed to pay fines and monetary penalties of more than $1.1 billion and submit to a three-year monitorship concerning internal controls and compliance programs. Glencore also agreed to strengthen its compliance policies and procedures as set forth in an appendix to the agreements (the Corporate Compliance Program).
In language similar to that found in other DOJ plea agreements and DPAs, Glencore agreed to (1) develop and promulgate a clear corporate policy against violations of the relevant laws; (2) engage in periodic risk-based review; (3) entrust one or more senior executives with responsibility to implement and oversee compliance policies;
(4) implement effective compliance training for all relevant persons within the company; (5) establish and maintain an effective internal reporting mechanism; (6) implement effective enforcement and discipline policies and practices; (7) institute compliance requirements pertaining to third parties with whom the corporation might deal; (8) develop policies to ensure that mergers and acquisitions are compatible with the corporation's compliance obligations; and (9) conduct periodic reviews and testing of compliance policies to ensure they remain fresh. These requirements generally track the elements of a robust corporate compliance program as set forth in DOJ guidelines. See U.S. DOJ, Evaluation of Corporate Compliance Programs (updated June 2020)
The Glencore plea agreements broke new ground by including a requirement that the CCO and CEO certify that (1) they are familiar with the company's compliance obligations under the Corporate Compliance Program; (2) the company's compliance program meets the nine requirements described above; and (3) the company's compliance programs are "reasonably designed to detect and prevent violations" of the relevant law "throughout the company's operations." Included as an appendix to each plea agreement, the certification makes clear that a knowing and willful misstatement as to these matters constitutes a violation of 18 U.S.C. §1001.
DOJ Policy Background
The Glencore compliance certifications did not come out of the blue. In March 2022, Kenneth A. Polite Jr., Assistant Attorney General for the Criminal Division, discussed the merits of such a certification. See Assistant Attorney General Kenneth A. Polite Jr. Delivers Remarks at NYU Law's Program on Corporate Compliance and Enforcement (PCCE), March 25, 2022. Polite reiterated well-established DOJ guidance regarding compliance programs, noting that DOJ expected companies to implement programs that are well-designed, adequately resourced and empowered to function effectively, and work in practice. Illustrating the importance of corporate compliance officials, Polite emphasized that DOJ wants to see CCOs and senior company leadership—not outside counsel—leading compliance presentations to the DOJ and demonstrating knowledge and ownership of the compliance program.
Regarding compliance certifications, Polite said that DOJ would consider requiring CCOs and CEOs to certify that all reports submitted during the term of a settlement are true, accurate, and complete. He added that when a monitor is imposed, DOJ would not also require companies to provide annual self-reports, as these would be duplicative of the monitor's work, but that "in instances where a monitor is not imposed," DOJ would "consider requiring that the CEO and the CCO ... also ... certify ... all compliance reports submitted." Certification would not be "punitive in nature," but rather would be "a new tool in the arsenal" of compliance professionals. A former corporate CCO himself, Polite characterized the measure as a way to ensure that compliance professionals had the stature in the corporate structure and received the resources and compliance-related information needed for their organization to meet its compliance obligations.
Certifications in the context of a plea agreement raise an obvious concern—that a CEO or CCO might be held responsible, and found to have lied, for a compliance deficiency with which they were unfamiliar or over which they had little or no control. Exposure of CCOs to potential liability has been a source of concern for some time, as reflected in a February 2020 report calling for clearer limits around liability for corporate compliance officials. See Compliance Committee of the New York City Bar Association, Report on Chief Compliance Officer Liability in the Financial Sector, February 2020.
Polite sought to downplay the risk to corporate officers, saying that it was limited to cases of knowing misstatements as to compliance efforts: "[i]f there is a knowing misrepresentation on the part of the CEO or CCO[,] that could certainly result in some form of personal liability; we might also, depending on the circumstances, consider a misrepresentation in one of those certifications, or a failure to provide such a certification, a breach of the corporation's obligation under the agreement." Interestingly, the Glencore certification requirement is in tension with an important aspect of Polite's March 2022 remarks. He indicated that certifications would be required when a monitorship was not deemed necessary. Yet in the case of Glencore, the government required both a monitorship and CEO/CCO certifications. DOJ did not publicly explain why both were required.
On May 26, 2022, at an anti-money laundering conference shortly after the Glencore agreements became public, Deputy Attorney General Lisa Monaco reiterated that the purpose of the certification requirement is to empower compliance officers. According to news reports (a written version of the speech is not yet available), Monaco said that the CCO/ CEO certification would help ensure that CCOs were reporting directly to the board about what the company was doing to meet its compliance obligations. Requiring both the CEO and CCO to certify compliance efforts would incentivize a focus on compliance needs and efforts.
In June 2022 remarks, Lauren Kootman, Assistant Chief in DOJ's Corporate Enforcement, Compliance, and Policy Unit, likewise emphasized that compliance certifications are intended to empower, not punish, CCOs, and indicated that "[t]he certifications are going to be incorporated into every— most likely—into every resolution," according to news reports.
Agreements With Other Enforcement Authorities
In addition to the stated goal of empowering compliance officials, the new certification requirement may be driven by additional considerations, as suggested by the inclusion of a CEO as well as COO certification in the Glencore plea agreements. Notably, compliance certifications may be intended to conform DOJ practice with that of civil enforcement authorities.
For example, the SEC often requires knowledgeable company officials to certify compliance with remedial provisions of settlement agreements. On June 21, 2022, for example, the SEC, in an order instituting cease and desist proceedings against Egan-Jones Ratings Company (EJR) and CEO Sean Egan, In the Matter of Egan-Jones Ratings Company and Sean Egan, File No. 3-20902, required EJR to engage an independent consultant to assess EJR's policies and procedures, and the CEO and designated compliance officer to certify in writing, under penalty of perjury, that EJR had complied with the undertakings imposed by the SEC.
Similarly, in corporate integrity agreements, the Department of Health and Human Services (HHS) often includes certifications by senior executives. In a recent corporate integrity agreement with SNAP Diagnostics, HHS imposed compliance program improvements as well as a detailed description of a management certification to be signed by, among other senior officials, the CEO and CCO. The certifications provided that the undersigned had been trained on their compliance responsibilities and taken steps to ensure that the corporation was compliant; and "[t]o the best of my knowledge, the [relevant department] ... is in compliance with all applicable Federal health care program requirements and the requirements of the Corporate Integrity Agreement."
Interestingly, HHS guidance suggests that the agency ordinarily pursues either a monitorship or a corporate integrity agreement, but not both. See Criteria for Implementing Section 1128(b)(7) Exclusion Authority, April 18, 2016. In a seeming departure from that approach, the Glencore plea agreements, as noted, require both a monitor and officer certifications of compliance program changes.
DOJ's new certification requirement might also be influenced by a separate policy goal articulated by Deputy Attorney General Monaco: deterring corporate recidivism. See Deputy Attorney General Lisa O. Monaco Gives Keynote Address at ABA's 36th National Institute on White-Collar Crime (Oct. 28, 2021). Of concern is the perceived frequency with which companies find themselves under government investigation not long after a guilty plea, DPA, or NPA for other misconduct. Enforcement authorities may conclude that companies did not fulfill earlier promises to enhance compliance programs and reform corporate culture. The new certification requirement may be intended to help solidify compliance changes and thereby reduce recidivism.
The DOJ's certification requirement amounts to a hybrid of corporate and individual responsibility. A company admits wrongdoing for past misconduct, and senior officers become responsible for confirming the reforms designed to deter and prevent future misconduct. Over time we will see whether the new requirement achieves the goal of compliance improvements or merely imposes a new legal burden on corporate officers.
Whatever its policy merits, this new requirement increases risks for senior company officials. To reduce the danger of personal liability, senior officers are likely to look more and more to outside experts to confirm the adequacy of compliance programs and may require certifications of lower-level employees as back-up for their own higher-level certifications. Other adaptations are likely to emerge. In all events, DOJ's certification requirement is an important development in the government's continuing effort to promote corporate compliance with the law.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.