Blog
Recent DOJ Remarks Regarding Compliance Program Expectations Provide Valuable Insights and Stern Warnings
Blog
April 13, 2022
This blog was originally written as a client alert on April 13, 2022.
In a speech on March 25, 2022, Assistant Attorney General Kenneth Polite, Jr. provided significant details regarding Department of Justice (“DOJ”) expectations for corporate compliance programs and how those programs will be assessed and considered in determining appropriate resolutions of investigations of corporate misconduct. His remarks provide valuable guidance for organizations seeking to ensure that their compliance programs will meet DOJ expectations and that they will be in the best position to not only prevent wrongdoing in the first place but also secure leniency from the government when faced with allegations of misconduct and avoid the imposition of a monitorship. AAG Polite’s remarks also included some stern warnings to organizations of the serious consequences of failing to invest in and implement a well-designed, effective compliance program and failing to support compliance personnel.
AAG Polite began his speech by highlighting the significant challenges faced by compliance officers and noting that he views the compliance role as “perhaps the most impactful,” since as a compliance officer “you are trying to prevent [crime] in the first place.”[1] It is for that reason that DOJ will be devoting greater resources to conducting extensive evaluations of compliance programs during investigations and resolutions, giving “significant credit to companies that build strong controls to detect and prevent misconduct.”
Reiterating DOJ’s primary expectations as set forth in the Evaluation of Corporate Compliance Programs guidance published in June 2020, AAG Polite stated that companies are expected “to implement compliance programs that: “(1) are well designed, (2) are adequately resourced and empowered to function effectively, and (3) work in practice.”[2] He expanded on each of these points, and the key takeaways are as follows:
- A well-designed program should be based on a thorough assessment of the company’s risk factors and tailored to manage the organization’s “specific risk profile.”[3] The program and its procedures should be easily accessible and understandable by employees, management, and relevant third parties and business partners, and include extensive training on risk areas and responsibilities. Compliance processes must be designed to promote reporting without fear of retaliation. They must also include robust investigations of alleged wrongdoing; and appropriate remediation when reports of wrongdoing are substantiated.
- An adequately-resourced program empowered to function effectively is about more than the dollars and headcounts of the compliance program. DOJ will look to the “qualifications and expertise of the key compliance personnel and other gatekeeper roles.”[4] DOJ will evaluate whether the compliance officers have “adequate access to and engagement with the business, management, and the board of directors,” genuine independence and stature.[5] An organization should be able to demonstrate a commitment to compliance and ethical values from the top down, at every level. Further, companies should consider using data analytic tools to monitor compliance and ferret out wrongdoing.
- A program that works in practice is demonstrated by showing that when compliance gaps or violations are discovered, the “root causes” are addressed and controls are improved to prevent recurrence. Companies should continuously test their programs for effectiveness. DOJ will assess the measures used by the organization to test its ethical culture and how it utilizes those results to make improvements. Companies should be able to show that they are updating and improving their compliance programs on a regular basis to ensure that the programs are “sustainable and adapting to changing risks.”[6] Being able to recount “compliance success stories” will go a long way in demonstrating that the program works in practice. DOJ will evaluate whether employees feel empowered to report misconduct and whether ethical advice is being provided “to salespeople even though such advice may mean loss of business.”[7]
AAG Polite also announced DOJ preferences and expected new practices aimed at empowering Chief Compliance Officers and promoting organizational commitment to compliance. First, DOJ “likes to see the Chief Compliance Officer leading the compliance presentation [to DOJ] and demonstrating knowledge and ownership of the compliance program.” Second, for all corporate resolutions, DOJ will consider requiring both the Chief Executive Officer and Chief Compliance Officer to certify at the end of the term of settlement agreements that the company’s compliance program is “reasonably designed and implemented to detect and prevent violations of the law…and is functioning effectively.”[8]
In addition, DOJ is dedicating resources to ensure that its attorneys have the training and expertise necessary for thorough and consistent evaluations of compliance programs. DOJ is appointing new management of the Fraud Section’s Corporate Enforcement, Compliance, and Policy (CECP) Unit (formerly the Strategy, Policy, and Training Unit). Specifically, the new management will include prosecutors and former compliance and defense attorneys with “deep experience in compliance, monitorship and corporate enforcement matters.”[9] In addition to assessing compliance programs before and after resolutions, the CECP unit will train government attorneys in and out of the Fraud Section on compliance and monitorship matters to help promote consistency in evaluating compliance programs and enable them to ask the difficult and probing questions when determining whether a monitorship is needed.
Finally, AAG Polite noted that monitorships will be imposed whenever appropriate consistent with Deputy Attorney General Lisa Monaco’s announcement last October, but highlighted that monitorships may not be required when the organization’s compliance program meets the detailed expectations discussed based on the exacting assessment to be undertaken by DOJ in determining an appropriate resolution. In short, the overall message was clear: “companies that make a serious investment in improving their compliance programs and internal controls will be viewed in a better light by the Department. The warning was equally clear: “Support your compliance team now or pay later.”[10]
If you have additional questions or need further assistance, please reach out to Suzanne Jaffe Bloom (Co-chair, White Collar, Regulatory Defense, and Investigations) or your Winston & Strawn relationship attorney.
[1] Kenneth A. Polite, Jr., Assistant Attorney General Kenneth A. Polite Jr. Delivers Remarks at NYU Law’s Program on Corporate Compliance and Enforcement, (Mar. 25, 2022), https://www.justice.gov/opa/speech/assistant-attorney-general-kenneth-polite-jr-delivers-remarks-nyu-law-s-program-corporate.
[2] Id.
[3] Id.
[4] Id.
[5] Id.
[6] Id.
[7] Id.
[8] Id.
[9] Id.
[10] Id.
This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.