DOJ Sharpens Focus on Corporate Compliance in Deciding Whether to Prosecute Companies
One of the factors that the U.S. Department of Justice (DOJ) considers in deciding whether to bring charges against a corporation is the existence and effectiveness of the corporation’s pre-existing compliance program. On November 2, 2015, Leslie R. Caldwell, the head of DOJ’s Criminal Division, outlined the focus of a new position at DOJ, “Compliance Counsel,” within its Fraud Section. As of November 3, 2015, this position is held by Hui Chen, a former DOJ prosecutor and Standard Chartered Bank’s former global head of Anti-Bribery and Corruption. Ms. Chen previously worked in London and also had stints in Moscow, Kiev, Munich, Beijing, and New York. Fluent in four languages, she has global compliance experience in the financial-services, pharmaceutical, and technology industries from her prior in-house employment with Standard Chartered, Pfizer, and Microsoft, respectively. This appointment illustrates that DOJ will get more deeply involved in conducting close reviews of compliance at companies in determining whether those companies are charged with criminal activity and fashioning remedial compliance programs in the event violations are discovered.
In its “Principles of Federal Prosecution of Business Organizations” (the “Principles”), DOJ outlines its view of the law that imposes broad liability against corporations for criminal wrongdoing by any of its employees, regardless of that employee’s level or scope of responsibilities within the company. As DOJ puts it:
Under the doctrine of respondeat superior, a corporation may be held criminally liable for the illegal acts of its directors, officers, employees, and agents. To hold a corporation liable for these actions, the government must establish that the corporate agent’s actions (i) were within the scope of his duties and (ii) were intended, at least in part, to benefit the corporation.… Moreover, the corporation need not even necessarily profit from its agent’s actions for it to be held liable.
Thus, whether DOJ prosecutes a company for an employee’s criminal wrongdoing is an exercise of prosecutorial discretion — a decision based on DOJ’s own assessment of a number of factors  outlined in the Principles. These factors seek to separate those companies for which prosecution would be unfair from those where DOJ believes it is warranted. For instance, DOJ may elect not to prosecute a company where the criminal activity at issue is conducted by a truly “rogue employee,” whose actions are plainly inimical to those of the corporation and contrary to the company’s best efforts to combat wrongdoing. As Caldwell put it, “[w]e’re not interested in prosecuting mistakes or accidents, or bad business judgments.”
One of the factors DOJ considers in its analysis is the existence and operation of the company’s compliance program before the wrongdoing took place. Simply having a compliance program on paper is not enough. DOJ demands that a compliance program be “adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees” and that “corporate management … enforce[s] the program” and does not “tacitly encourage[e] or pressur[e] employees to engage in misconduct to achieve business objectives.… The fundamental questions any prosecutor should ask are: Is the corporation’s compliance program well designed? Is the program being applied earnestly and in good faith? Does the corporation’s compliance program work?”
In detailing the role of DOJ’s new Compliance Counsel, DOJ is signaling that it will take a harder look at evaluating these programs — and not take the company’s word for it. As Caldwell put it, DOJ lawyers “are prosecutors, not compliance professionals.” The new Compliance Counsel thus is to provide DOJ with a “reality check” in:
- Assessing the adequacy of compliance programs and “test[ing] the validity” of a company’s claims that it is well designed and adequately resourced rather than “essentially window dressing.”
- Developing remedial programs in resolving cases with companies where wrongdoing has been found.
Caldwell said the new Compliance Counsel — who has already started at DOJ — brings high-level experience from across many industries and, thus, has the “expertise to examine a compliance program on a more global and a more granular level.”
To conduct the adequacy testing Caldwell describes, the Compliance Counsel will ask several questions:
- Does the institution ensure that its directors and senior managers provide strong, explicit, and visible support for its corporate compliance policies?
- Do the people who are responsible for compliance have stature within the company?
- Do compliance teams get adequate funding and access to necessary resources?
- Are the institution’s compliance policies clear and in writing? Are they easily understood by employees? Are the policies translated into languages spoken by the company’s employees?
- Does the institution ensure that its compliance policies are effectively communicated to all employees? Are its written policies easy for employees to find?
- Do employees have repeated training, which should include direction regarding what to do or with whom to consult when issues arise?
- Does the institution review its policies and practices to keep them up to date with evolving risks and circumstances?
- Caldwell noted that this was “especially important if a U.S.-based entity acquires or merges with another business, especially a foreign one.”
- Are there mechanisms to enforce compliance policies — incentivizing good compliance and disciplining violations? Is discipline even-handed?
- Caldwell warned that DOJ looks unfavorably on situations where low-level employees who may have engaged in misconduct are punished, but more-senior people who either directed or deliberately turned a blind eye to the misconduct are not.
- Does the institution sensitize third parties, like vendors, agents, or consultants, to the company’s compliance expectations?
- Caldwell said that this item meant taking action, such as terminating a business relationship, if a partner anywhere in the world is a compliance problem.
- Is the company or financial institution candid and forthcoming with regulators?
- In the anti-money laundering and sanctions contexts:
- What does the institution’s “know your customer” policy look like?
- Is it tailored to identify and mitigate the risks posed by its unique portfolio of customers and ensure that those customers are providing complete and accurate information?
- Are financial institutions operating in the U.S. complying with U.S. law?
- In this regard, DOJ expects suspicious activities observed overseas by a customer who also maintains an account in the U.S. to be shared with U.S. compliance personnel, and that financial institutions with a U.S. presence should give U.S. senior management a material role in implementing and maintaining a bank’s overall compliance framework.
Compliance has always been a key to preventing criminal activity or fending off a prosecution where, despite best efforts, criminal activity occurs. Companies now have an even greater incentive to ensure their compliance programs are effective and can withstand testing by a doubting DOJ. Corporations would be well- advised to review their compliance polices and procedures now to ensure they can withstand this scrutiny. If a company does not have an existing compliance program, it should take immediate steps to enact with the above principles in mind.
 These factors include the (1) nature of the offense, (2) pervasiveness of wrongdoing in the company, (3) company’s history of misconduct, (4) timely/voluntary disclosure and cooperation efforts, (5) existence/effectiveness of the company’s pre-existing compliance program, (6) company’s remedial efforts/discipline/restitution and compliance improvements, (7) effect of collateral consequences, (8) adequacy of prosecuting individuals, and (9) adequacy of civil/administrative remedies. “The factors … are not an exhaustive list of potentially relevant considerations.”
This publication/newsletter is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer. Any views expressed herein are those of the author(s) and not necessarily those of the law firm's clients.