The basic components of an effective corporate compliance program have not changed significantly in recent years.1 But U.S. enforcement officials are trying to reinvigorate corporate attention to these programs.
U.S. Justice Department officials have expressed particular concern this year about whether companies are properly integrating their compliance departments. In March 2022, former Corporate Chief Compliance Officer and Assistant Attorney General for the U.S. Department of Justice’s Criminal Division said of the compliance professional environment: Challenges in accessing data. Relationships are challenging. It’s a silo of functionality. ’” He warned companies:2
The U.S. Deputy Attorney General reiterated these concerns in September 2022, explaining: It must also be supported and integrated in a corporate culture that rejects wrongdoing for profit. “3 The remarks accompanied her release of a memorandum that federal prosecutors must follow when evaluating the strength of a company’s compliance program when deciding how to resolve an investigation.Four The memorandum calls on companies to ensure that their compliance programs receive the highest level of corporate attention, are appropriately resourced, and do not operate in silos.Five
In 2023, the focus will be on consolidating compliance programs, so great care should be taken. Summarized below are four actions companies should consider in order to optimize their compliance programs and effectively position them for government scrutiny, as well as the business functions they typically need to participate in. Of course, this is not an exhaustive list of all aspects of your compliance program that need attention, but suggestions for elements that may benefit from review.
Action: Review compensation agreements and incentives with senior management, business team leaders, sales representatives, third-party agencies, etc. to ensure a structure that promotes compliance and defines the consequences of misconduct.
Functions involved: Compliance, Legal, Human Resources, Business Team Leader, Compensation Committee
The U.S. Deputy Attorney General’s Memorandum provides the Department of Justice’s first formal guidance on evaluating corporate compensation plans and contracts related to the resolution of criminal investigations. The most critical plans and contracts for compliance can involve senior management responsible for key functions and company top positions. Sales team leaders and sales professionals, including third-party agents whose compensation may be affected by sales volume. Professionals who routinely communicate with government officials, including employees of state-owned enterprises.
The U.S. Deputy Attorney General says that when evaluating a company’s compliance program, prosecutors should consider whether the company’s compensation arrangements, plans, and contracts provide for penalties, including in the form of clawback rights. I recommend that there be Acts or omissions that contribute to criminal activity. In particular, such clawback rights would exceed the requirements of the newly established clawback rules under the Dodd-Frank Wall Street Reform and Consumer Protection Act. While the law mandates a clawback policy for publicly traded companies in the event of financial corrections, it does not mention criminal activity. Perhaps the existence and application of more traditional notions of compensatory penalties in cases of termination of employment for “causes” defined to include violations of criminal law would be viewed favorably by prosecutors. Additional guidance is coming soon from the U.S. Department of Justice’s Criminal Division on how to reward companies for enforcing and enforcing compensatory clawback policies.
The U.S. Deputy Attorney General’s Memorandum also encourages the promotion of an ethical corporate culture by rewarding compliance within organizations through financial incentives. Examples provided include the use of compliance metrics and benchmarks in setting incentive goals, and performance reviews that consider behaviors that promote compliance.
Businesses should evaluate their current compensation arrangements to understand what avenues are available for an individual’s past or future compensation in the event of criminal conduct. Modifications or additions to existing arrangements may require employee consent and/or adjustments to reward program design. Any revisions should take into account the impact or limitations of applicable local laws and regulations, including applicable non-U.S. laws and regulations. When companies are considering whether to revise their compensation programs, they may find it useful to integrate the compliance function into their compensation design workstream. Finally, the Compensation Committee, tasked with designing and implementing compensation plans for senior management, should assess whether and how well the program is performing by creating additional incentives for compliance behavior. should consider whether to
Actions: Evaluate legal and compliance capabilities to quickly collect company documents, such as emails and text messages, created or maintained where the company operates.
Relevant functions: Compliance, Legal, Information Security, Field Office Leadership, Finance
Corporate information systems and how employees communicate internally and externally are constantly evolving. To meet the expectations of enforcement authorities, businesses need to know in advance how best to access corporate communications and other data that is essential to thoroughly investigate allegations of wrongdoing. The compliance department should work with other departments to identify potential technical barriers to collection, such as employees using their own devices or communication apps with end-to-end encryption.
The laws that affect a company’s ability to collect and transmit communications and other data that are essential to understanding whether fraudulent activity has occurred can vary widely depending on where the company operates.6 Firms should know in advance to what extent it is logistically and legally feasible to collect materials from various offices immediately following a subpoena, including allegations of misconduct or a subpoena from a U.S. enforcement authority. must be This may require an approach tailored not only to corporate information systems, but also to specific laws such as the European Union’s General Data Protection Regulation (GDPR) or China’s Personal Information Protection Law (PIPL).7
Companies cannot guarantee full access to all written communications related to an investigation, but after identifying potential gaps and establishing policies and procedures to minimize those gaps would work much better.
action: Summarize compliance success stories.
Relevant functions: Compliance, Legal, Human Resources, Internal Audit
A memorandum from the U.S. Deputy Attorney General states that companies “must be prepared to prepare a list and summary of all criminal resolutions over the past 10 years and all civil or regulatory resolutions over the past five years.” , and pending known government investigations. .8 For most companies, that information is readily available and not extensive. However, authorities are not limited to considering only criminal, civil, or regulatory solutions, or pending government investigations, when dealing with new problems.
Companies have no doubt successfully addressed compliance concerns over the past few years that have not resulted in formal resolutions or government investigations. Sharing these best practices with enforcement authorities during the course of an investigation can help companies demonstrate their commitment to compliance. disclosed). Basic examples include decisions to terminate a vendor or to terminate a planned acquisition when the company fails to obtain sufficient assurances that its compliance policies will be strictly followed. This list can be updated on a regular basis and can be “shelfed” until needed rather than edited during research.
Action: Review your due diligence process to ensure it includes an assessment of the prospects for successfully integrating the new business into your existing compliance program.
Related Capabilities: Compliance, Legal, Finance, Business Team Leadership, Information Security
Fear of succession liability based on the target company’s past misconduct can ruin an acquisition. Unfortunately, this robs companies of compliance challenges of the opportunity to consolidate into companies with robust compliance programs, potentially undermining efforts to reduce global corruption. The U.S. Deputy Attorney General’s memorandum underscores that federal prosecutors will continue to take a tough stance on past misconduct that occurred at acquired entities. If “integrated into a designed compliance program,” wrongdoing at the acquired company should simply be “downplayed” in the prosecutor’s assessment of potential solutions to the current investigation of the acquired company. It is said that The acquirer had “addressed the root cause” of the wrongdoing at the acquired company prior to the current investigation, and “complete and timely remediation was undertaken within the acquired company” prior to the investigation.9
Given this high hurdle, companies should not only assess whether an acquisition target is involved in illegal activities, but also how effectively the target’s employees will adapt to a new and robust compliance program. must continue. Obstacles to that integration could significantly reduce or eliminate the benefits of the acquisition. Compliance functions play a key role in identifying risks and defining expectations, but other functions of the acquiring company are better positioned to assess the likelihood of successful integration into the compliance program. There is a possibility.
1 For example see., U.S. Submission Guidelines Manual § 8B2.1; U.S. Department of Justice, Criminal Division, Evaluating Corporate Compliance Programs (updated June 2020).
2 Kenneth A. Polite Jr. Assistant Attorney General, speaking at New York University Law School’s Program on Corporate Compliance and Enforcement, March 25, 2022.
3 U.S. Deputy Attorney General Lisa O. Monaco, Remarks on Corporate Enforcement, September 15, 2022.
4 Memorandum of Deputy Attorney General Lisa Monaco, September 15, 2022.
5 See Client Alert, October 6, 2022, “DOJ Revised Corporate Enforcement Policy Requires Companies to Reassess Their Compliance Systems.”
6 See client alert “Recent Trends in China-Related Cross-Border Enforcement” dated 21 September 2022.
7 See client alert of November 3, 2021, “China’s New Data Security and Personal Information Protection Law: Implications for Multinational Enterprises.”
8 Memorandum of Deputy Attorney General Lisa Monaco, p. 5, fn. 5 (September 15, 2022).
9 U.S. Deputy Attorney General Lisa Monaco Memorandum, pp. 5-6 (September 15, 2022).