In a series of key policy announcements between November 2017 and May 2018, the Department of Justice has demonstrated an increasingly coherent perspective on how it will handle key aspects of white collar criminal enforcement. The policies largely reiterate a message federal prosecutors have delivered for years regarding what they want to see from companies that discover misconduct in their ranks: prompt voluntary self-disclosure of violations; full cooperation with DOJ investigations; swift, meaningful remediation; and implementation and maintenance of effective compliance programs. What is different is the increasing certainty DOJ is willing to provide in return, including concrete benefits such as a presumption of declination or significant reduction of penalties. DOJ is also seeking to deliver more rational resolutions to complex cases to prevent “piling on” by multiple enforcement agencies in the U.S. or abroad — a policy that reflects the increasing reality and inequity many companies face when seeking to resolve large-scale white collar matters across an often balkanized and disjointed enforcement landscape.

We are early in the assessment of this still-developing evolution of DOJ policy, but on initial review these seem to be positive steps of which companies of all sizes should take heed.

DOJ Announcements

In November 2017, Deputy Attorney General Rod Rosenstein announced the implementation of a revised Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy, which followed and supplanted a multi-year FCPA Pilot Program that had been initiated under the Obama Administration. Rosenstein noted in announcing the new policy that it “enables the Department to efficiently identify and punish criminal conduct, and it provides guidance and greater certainty for companies struggling with the question of whether to make voluntary disclosures of wrongdoing.” Justifying this new policy, he stated that “[t]he government should provide incentives for companies to engage in ethical corporate behavior. That means fully cooperating with government investigations, and doing what is necessary to remediate misconduct — including implementing a robust compliance program. Good corporate behavior also means notifying law enforcement about wrongdoing.”

The new policy’s primary thrust is that if a company “satisfies the standards of voluntary self-disclosure, full cooperation, and timely and appropriate remediation, there will be a presumption that the Department will resolve the company’s case through a declination.” That presumption can be overcome if there are aggravating circumstances, or if the offender is a recidivist. Importantly, this new policy has been incorporated into the U.S. Attorneys’ Manual, a step Rosenstein has made clear over the past few months should and will be DOJ practice going forward whenever new polices are put in place.

On March 1, 2018, John Cronan, acting assistant attorney general for the Criminal Division, took this new policy a significant step forward by publicly announcing that the principles of the FCPA Corporate Enforcement Policy would not stay confined to FCPA actions, but would also be applied to all of the Criminal Division’s corporate criminal investigations as non-binding guidance.

The next day, Rosenstein explained this shift during remarks at an event in San Diego, stating that corporate America “is often the first line of defense for detecting and deterring fraud” and that real compliance measures “help the department preserve its finite resources.” Further, he made clear that DOJ wants to “reward companies that invest in strong compliance measures.” Rosenstein assured the audience that DOJ will not “employ the hammer of criminal enforcement to extract unfair settlements” but is “committed to finding effective ways to ensure that individual wrongdoers are held accountable for corporate criminal behavior.” And while he reaffirmed that of course corporate misconduct can be “serious or pervasive enough” to warrant action against an entity, the DOJ will “think carefully about accountability and fairness.”

Two weeks ago, Rosenstein announced yet another policy shift to encourage “coordination” among law enforcement when “imposing multiple penalties for the same conduct” and to “enhance relationships with … law enforcement partners in the United States and abroad, while avoiding unfair duplicative penalties.” Through its third major policy announcement in six months, DOJ is seeking to “discourage disproportionate enforcement of laws by multiple authorities” – “piling on,” so to speak. Rosenstein made clear in his remarks that such piling on can deprive companies of certainty and finality, and harm “innocent employees, customers, and investors who seek to resolve problems and move on.”

This so-called “piling on” policy has four essential features. First, it affirms that “criminal enforcement authority” shouldn’t be used “for purposes unrelated to the investigation and prosecution of a possible crime” (i.e., DOJ shouldn’t threaten prosecution simply to induce a larger settlement). Second, it encourages coordination among law enforcers to achieve an “overall equitable result.” Third, DOJ attorneys are encouraged to “coordinate with other federal, state, local, and foreign enforcement authorities seeking to resolve a case with a company for the same misconduct.” Fourth, several factors are established to evaluate whether multiple penalties are justified in a particular case, such as egregiousness, statutory mandates, risk of delay in finalizing a resolution, and the quality of a company’s disclosures and cooperation.

Policy Evolution

The DOJ has historically moved at a very deliberate pace from an enforcement policy perspective, and has been loath to cede discretion or flexibility in how it resolves high-stakes investigations. That makes this relative flurry of policy announcements potentially significant. Although DOJ has certainly retained a significant amount of prosecutorial discretion, it has anchored these policies on far more concrete benefits to cooperating corporations. For many companies navigating the discovery of potentially significant corporate misconduct, these policies could make the decision whether to self-disclose easier. At least, that is the clear hope for DOJ.

These policies also appear calibrated to address a few other key DOJ principles:

  • Compliance Programs Are Critical: The importance for corporations to implement and operate robust and effective compliance programs is nothing new. This concept has for years been enshrined in the standards of the U.S. Sentencing Guidelines, the Principles of Prosecution of Business Organizations and countless other sources of federal judicial, law enforcement and regulatory guidance. However, the focus on compliance programs has shifted over time from being one of many important factors to increasingly being a threshold necessary to qualify for credit. The FCPA Corporate Enforcement Policy drives that point home. It requires implementation of an effective compliance and ethics program as part of the timely and appropriate remediation required to qualify for full credit under the policy, including:
    • Ensuring there is a culture of compliance;
    • Dedicating appropriate resources to compliance;
    • Staffing the compliance function with personnel of adequate quality and experience;
    • Providing the compliance function adequate authority and independence;
    • Performing effective risk assessments;
    • Compensating and promoting compliance personnel appropriately;
    • Auditing to ensure effectiveness; and
    • Implementing an appropriate reporting structure.
  • Individuals Remain in the Crosshairs: If anyone needed a reminder that the principles of the Yates Memo are alive and well within DOJ, the recent policy announcements should suffice. In reiterating what DOJ means by “full cooperation,” the FCPA Corporate Enforcement Policy provides, among other things, that corporations must:
    • Disclose all relevant facts and attribute them to specific sources (where it would not violate attorney-client privilege) (i.e., no general narratives);
    • Disclose all facts related to involvement in the misconduct by the company’s officers, employees or agents;
    • Disclose all facts regarding potential misconduct by third-parties; and
    • Do all of the above on a proactive basis.
  • Full Cooperation and Appropriate Remediation Means Full Cooperation and Appropriate Remediation: The FCPA Corporate Enforcement Policy makes explicit the extent to which companies will need to be detailed, fulsome and proactive in cooperating with DOJ in its investigations, and will need to take extensive and demonstrable steps — on a prompt basis — to remediate identified misconduct. The underlying concepts of what is outlined in the policy are familiar, but there is every reason to expect that DOJ will hold companies to a high standard in measuring satisfaction of these standards given the significant benefits being offered in the form of declination or significant penalty reductions.
  • DOJ Is Looking to Streamline ; In the announcements of these policies, Rosenstein and the other DOJ representatives have made repeated reference to efficiency and to effective allocation of DOJ resources. Although the proof will be in the pudding, DOJ seems to be signaling through the comments and the structure of these policies a desire to streamline enforcement matters, shorten the often extended multi-year timelines that have become a structural reality for complex white collar matters and thereby free prosecutorial resources for other enforcement priorities.

What This Means for Companies

Corporations that discover misconduct in their ranks never face easy decisions in the wake of that discovery, and these recent policy announcements will not alleviate that sting. However, for many they will offer a level of comfort and confidence by providing an increasingly clear and certain roadmap they can follow in investigating, remediating and disclosing the misconduct. Those companies best suited to take advantage of these policies will be the ones that study these policies now, and both internalize and operationalize the messages being sent. This is particularly true with respect to investment in and continuous improvement of compliance and ethics programs. This is the one area where corporations not currently under investigation have the most agency to control their fate in anticipation of (and in an effort to foreshorten, if not avoid) future investigations.

This article originally appeared in The FCPA Blog.