Last week, Deputy Attorney General Lisa Monaco announced several policy changes intended to clarify how the agency prioritizes and prosecutes corporate crime. At a high level, the policy changes address four key areas: individual accountability and what information or documents companies must produce to show individual culpability; corporate recidivism; the benefits of voluntary self-disclosure and cooperation; and what considerations prosecutors will give in deciding whether a compliance monitor is required.
In follow-up remarks made at the University of Texas Law School on Sept. 16, Assistant Attorney General Kenneth Polite shared two new issues the Criminal Division is currently reconsidering in its prosecution of corporate wrongdoing, and what impact those changes are expected to have on companies moving forward. Those two isses are:
Personal devices and third-party messaging apps: The first area of enforcement focus is on the use of personal devices and third-party messaging applications by executives. Specifically, Polite said the Criminal Division will examine whether additional guidance is necessary regarding best practices for companies on the use of personal devices and third-party messaging apps, including ephemeral messaging, such as Snapchat.
“We have seen a rise in companies and individuals using these types of messaging systems, and companies must ensure that they can monitor and retain these communications as appropriate,” he warned. Until the agency issues additional guidance, however, the use of personal devices and third-party apps remains a heightened enforcement risk.
Compensation clawback policies: A second focus area for the Criminal Division, Polite said, will be to examine “whether, in some cases, we may be able to shift the burden of corporate financial penalties away from shareholders—who in many cases do not have a role in misconduct—onto those more directly responsible.” One potential option still being weighed, he said, is “how prosecutors will consider and reward corporations that develop and apply compensation clawback policies.” This is another area where more guidance may be forthcoming.
Voluntary self-disclosure
In addition to the two areas being examined by the Criminal Division, Polite provided further details about some of the major policy changes announced by Monaco, including relating to voluntary self-disclosure. In this regard, DoJ officials have noted that, even companies with a long history of prior misconduct may still benefit from voluntarily self-disclosing known misconduct.
“A history of misconduct will not necessarily mean an automatic guilty plea, unless aggravating factors—such as misconduct posing a national security threat, or deeply pervasive conduct—are present,” Polite said. How much comfort that actually brings to companies, however, remains to be seen.
Polite further shared what aggravating factors the Criminal Division will consider going forward that all companies should be aware of. These include, but are not limited to, “involvement by executive management of the company in the misconduct, significant profit to the company from the misconduct, or pervasive or egregious misconduct,” he said.
“Unless these factors are present, even a company with a history of misconduct has a powerful incentive to make a timely self-disclosure,” Polite added. “Why? Because it could make all the difference between a deferred prosecution agreement and a guilty plea resolution, assuming that the company has also cooperated, and timely and appropriately remediated the criminal conduct.”
CCO certifications
In March, Polite announced for the first time that, for all Criminal Division corporate resolutions—including guilty pleas, DPAs, and non-prosecution agreements—the agency would consider requiring both the chief executive officer and chief compliance officer (CCO) to sign a certification at the end of the term of the agreement certifying that the company’s compliance program is “reasonably designed, implemented to detect and prevent violations of the law, and is functioning effectively.”
In his Sept. 16 remarks, Polite restressed that the certifications are “designed to give compliance officers an additional tool that enables them to raise and address compliance issues within a company or directly with the Department early and clearly” and is “meant to guarantee a seat at the table that all compliance officers should have in an organization with a functioning compliance program.”
There have now been two cases in which the agency has used CCO certifications: the DoJ’s resolution with Glencore, and for the first time in a DPA reached with Brazil-based GOL Airlines related to violations of the Foreign Corrupt Practices Act.
“We did not impose a monitor in [GOL’s] case,” Polite explained, “because at the time of the resolution, the company had redesigned its entire anti-corruption compliance program, demonstrated through testing that the program was functioning effectively, and committed to continuing to enhance its compliance program and internal controls.”
The agency did, however, require that the CEO and CCO certify at the end of the DPA term that the “compliance program is reasonably designed to detect and prevent violations of the [FCPA] and other applicable anti-corruption laws throughout the company’s operations.”
“We will continue to use similar certifications in our corporate resolutions as appropriate for each case,” Polite stated.
As in his previous remarks, Polite, once again, tried to ease concerns within the compliance community about the certification process creating personal liability risk. “A corporate leader who ignores the emphasis we are placing on compliance does so at his or her own risk—but [compliance personnel] cannot shy away from this role,” he said. “You cannot run away from the responsibility. My call is that you embrace it, knowing full well that stronger, more empowered voices are exactly what we need.” 
Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.