Post By: Susan Frank Divers, Director, Thought Leadership and Best Practices, LRN
“[R]esourcing a compliance department is not enough; it must also be backed by, and integrated into, a corporate culture that rejects wrongdoing for the sake of profit. “—Deputy Attorney General Lisa Monaco, September 15, 2023.
On September 15, the Department of Justice (DOJ) revised its corporate criminal enforcement policies, making significant changes regarding personal accountability for misconduct, appointment of monitors, voluntary disclosures, repeated misconduct and, most importantly for ethics and compliance (E&C) teams, how companies reward or penalize individual ethical conduct. According to Deputy Attorney General Monaco, DOJ’s number one priority in criminal enforcement is individual accountability.
In focusing on individual culpability and responsibility for misconduct, the policy gets granular on how director, executive, and employee compensation will affect DOJ’s evaluation of corporate compliance programs. In announcing the policy changes, Monaco states:
“Going forward, when prosecutors evaluate the strength of a company’s compliance program, they will consider whether its compensation systems reward compliance and impose financial sanctions on employees, executives, or directors whose direct or supervisory actions or omissions contributed to criminal conduct. They will evaluate what companies say and what they do, including whether, after learning of misconduct, a company actually claws back compensation or otherwise imposes financial penalties.”
Why is this important?
When an organization is under investigation for possible misconduct, prosecutors evaluate the strength of its corporate compliance programs as part of investigating and resolving misconduct investigations. DOJ statistics indicate that more than 95% of its white-collar crime investigations do not go to trial, so a strong compliance program is an essential defense to severe penalties if a DOJ investigation takes place.
Over the last 10 years, the DOJ Fraud Section has increasingly focused on what makes an E&C program strong and effective. As Assistant Attorney General Ken Polite—a former chief compliance officer himself—said on September 16, 2022, about the policy changes, “A strong compliance program can ward off misconduct and empower ethical employees.” Thus, positive and negative incentives are an important part of a strong program.
How Do We Know if Our E&C Program Is Effective?
Since 2012, the DOJ Fraud Section and other regulators have published guidance on what they need to see in an E&C program to resolve misconduct investigations on favorable terms. The guidance has become more comprehensive over the years and is a must read for E&C professionals. LRN’s annual Program Effectiveness Report surveys E&C professionals around the world and incorporates best practices that organizations are using to implement DOJ guidance and improve program impact.
One of the questions asked in last year’s survey was about organizations’ use of ethical behavior as a significant factor in compensation, bonuses, hiring and promotion. Top-rated E&C programs were much more likely to incorporate such criteria in their processes:
Thus, DOJ’s emphasis on positive and negative incentives reflects what many of the best organizations are doing already in their programs.
Do We Need to Review Our E&C Program Now and Make Changes?
Yes. The revised DOJ policy makes clear that an organization’s compensation and benefits program must be aligned to its values and ethical culture. That means that positive behavior, such as turning down a tainted business opportunity should be an essential factor in evaluation criteria as well as financial penalties for misconduct.
It also means that misconduct should result in real financial consequences, including claw back of bonuses or incentives. The sight of CEOs, directors or other individuals who wreck their organizations’ culture and harm its business as a result of their misconduct walking away with a slap on the wrist and fat compensation packages undermines compliance, a fact that DOJ is prepared to change.
According to an SEC analysis in June, about half of publicly traded companies have claw back policies to reclaim incentive pay in some circumstances. But it’s not enough to have a claw back policy. To protect an organization from misconduct, organizations will have to use them or potentially explain to skeptical regulators why they did not if someone commits misconduct.
What Else is Important in the Revised Policy?
The policy’s emphasis on individual accountability also includes a shift by DOJ away from deferred prosecution agreements and other more favorable settlements unless companies self-disclose and “swiftly and without delay” provide all relevant information about the role of individual misconduct. And, in another shift to increase accountability, DOJ can require Chief Compliance Officers as well as CEOs to sign a certification at the end of the term of a non-prosecution agreement that their program is well designed and effective in detecting and preventing future violations.
Lastly, DOJ strongly signaled its unease with employee use of personal devices and third-party messaging apps to conduct business. Using apps such as WhatsApp and others can impede DOJ efforts to review business communications and obtain data. Companies are expected to have effective policies in place to prevent this and DOJ intends to address the topic in its next edition of Evaluation of Corporate Compliance Programs guidance.