DOJ Raises Stakes on Corporate Compliance Programs – Accountability and Certifications
The Biden Administration’s Department of Justice has promised aggressive white collar enforcement. On the flip side, the DOJ has recognized the importance of effective ethics and compliance programs. In an interesting speech, the Assistant Attorney General of the Criminal Division, Kenneth Polite, delivered an important speech on ethics and compliance programs.
AAG Polite’s speech reiterated the importance of the Justice Department’s 2020 Evaluation of Corporate Compliance Programs (DOJ Guidance). However, AAG polite emphasized several important aspects of the DOJ Guidance and introduced some new initiatives to increase accountability.
AAG Polite has served as a chief compliance officer and is well familiar woith the challenges of the job – he specifically referenced some common issues, including resource challenges, access to data, relationships with business representatives, and the silo-ing of the function. In an apt description, AAG Polite noted that CCOs serve as a resource for information, an enforcer of law and policy, and the primary party responsible for a company’s ethical culture.
AAG Polite lists the important elements of an effective compliance program that is: (1) well designed; (2) adequately resourced and empowered; and (3) effective in practice.
AAG Polite addressed each of these elements. As part of the design, AAG Polite cited the importance of policies and procedures tailored to the key risk areas identified in its risk assessments. The policies and procedures have to be easily accessible and understandable to the company’s employees and business partners. Further, DOJ examines how the company is training employees, management and third parties on the risk areas relevant to those individuals. AAG Polite noted the importance of maintaining a process for reporting violations of law or company policy that encourage a speak up culture and protect against retaliation.
Second, AAG Polite explained that DOJ’s evaluation of corporate compliance programs focuses not only on actual resources dedicated to the compliance function but includes assessment of the qualifications and expertise of key compliance personnel. Under the empowerment inquiry, DOJ examines its relationship to and interactions with the business, management and the board of directors.
When examining the actual operation of the compliance program, DOJ weighs whether the company is continuously testing the effectiveness of its compliance program and evolving in response to changing risks. As part of this evolution process, companies have to address instances of misconduct by examining root causes and remediation of gaps to prevent recurrence.
In a major statement, AAG Polite underscored the importance of evaluating how a company measures and tests its culture – at all levels – and how it uses this information to improve its culture.
Further, AAG Polite reiterated prior DOJ statements that DOJ intends to appoint independent compliance monitors in appropriate cases. There is no question that the Biden Administration DOJ will increase the appointment of independent compliance monitors as an important means to improve corporate compliance program performance.
In another major policy modification, AAG Polite noted the creation of a new Corporate Enforcement, Compliance and Policy Unit (CECP) to play a leading role in evaluating corporate compliance programs and providing training to federal prosecutors. CECP attorneys review corporate work plans and self-reports as part of enforcement settlements to ensure that compliance program is effective and sustainable.
AAG Polite noted that companies have to face consequences for violating settlement agreements, which can result from breaches and lead to extension of settlement agreements and possibly monitorships. DOJ tailors its sanctions to the nature of any breach to address specific facts and circumstances.
To underscore the importance of the role of a CCO and to ensure that CCOs maintain independence and authority in a company, AAG Polite noted that for all corporate resolutions (guilty pleas, deferred prosecution agreements and non-prosecution agreements), DOJ will require a CEO and a CCO to certify at the end of the term of an agreement that the company’s compliance program is reasonably designed and implemented to detect and prevent violations of the law and is functioning effectively.
The addition of this certification requirement creates significant issues for both CEOs and CCOs. In the event that the certification turns out to be inaccurate or possibly misleading, CEOs and CCOs could face potential liability. Of course, such liability depends on specific facts and circumstances, and it is hard to imagine a CEO and CCO executing such certifications without appropriate regard for accuracy. On the other hand, a CCO-certification requirement would elevate the importance of the CCO in the company, enhance its authority and hopefully its independence. This is a fascinating proposal that requires additional evaluation and design prior to implementation.