In early March, Deputy Attorney General (DAG) Lisa Monaco and Assistant Attorney General (AAG) Kenneth A. Polite Jr. spoke in Miami to the American Bar Association National Institute on White Collar Crime. In their remarks, DAG Monaco and AAG Polite emphasized the Department of Justice’s continued focus on corporate accountability and its connection to national security and the extent of Interagency cooperation. We covered these announcements, as well as the creation of a Disruptive Technology Strike Force and issuance of a Joint Compliance Note, in a client alert last week.
DAG Monaco and AAG Polite also announced significant updates to the DOJ’s Evaluation of Corporate Compliance Programs (“Evaluation Guidance”) and the launch of a Pilot Program Regarding Compensation Incentives and Clawbacks (“Pilot Program”). They also announced important updates to the Memorandum on Selection of Monitors in Criminal Division Matters (“Monitor Memorandum”). These announcements follow up on prior speeches by DAG Monaco and AAG Police on these topics last year (covered in our September 21, 2022 client alert). In this client alert, we focus on the updated Evaluation Guidance, Pilot Program, and Monitor Memorandum, and provide some important compliance considerations for companies.
Compensation Incentives and Clawbacks
To ensure that wrongdoers, not shareholders, are held responsible for misconduct, both DAG Monaco and AAG Polite announced that a company that otherwise cooperates with investigations and remediates misconduct can receive a reduced fine should it have a program to recoup compensation from wrongdoers. Recognizing the challenges companies face, DOJ will still enable companies to receive a reduced fine if they make a good faith but unsuccessful clawback attempt. Having completed the agency consultation outlined last fall, DOJ has issued a Pilot Program On Compensation Incentives and Clawbacks (“Program”). In effect for three (3) years, this program has two major elements:
- Every corporate resolution involving the Criminal Division will include a requirement that the company develop compliance criteria within its compensation and bonus system; and,
- The Criminal Division will provide fine reductions to companies that seek to claw back compensation from wrongdoers.
The DOJ also announced an updated version of its Evaluation of Corporate Compliance Programs (“Evaluation Guidance”) which provides guidance on clawbacks but also the intersection of compensation structures and compliance programs more broadly. Last updated in June 2020, the new version contains a significant focus on both compliance deterrents as well as incentives – and strongly indicates the extent to which DOJ expects compliance to be a critical factor in human resources management, particularly compensation. To align current policies with the updated Evaluation Guidance, companies should review their current processes for the following elements:
- Transparency and Consistency
- Develop transparent disciplinary processes
- Review metrics to assess the consistency of disciplinary measures (across geographies, operating units, and levels)
- Identify types of disciplinary actions to enforce compliance policies
- Develop policies or procedures to recoup compensation attributable directly or indirectly to misconduct
- Provide transparency with employees when an executive leaves on account of a violation
- Communicate the actual reasons for discipline to employees in all cases
- Ensure adequate basis for restriction of disclosure or access to information about the disciplinary process
- Put employees on notice that they will not benefit from misconduct
- Financial Incentives
- Evaluate whether commercial targets are achievable if the business operates in an ethical and compliant manner
- Include compliance function in the design and award of financial incentives at the senior level
- Structure executive compensation to encourage enduring ethical business objectives
- Include cancellation or recoupment provisions (if allowed under applicable law) in bonus or deferred compensation in the event of identification of non-compliant or unethical behavior
- Recoup compensation paid when misconduct is identified
- Be able to identify specific examples of disciplinary actions taken to demonstrate the application of these measures
- Review hotline data to assess both compliance culture and management of reports received
- Assess substantiation rates for similar reports of wrongdoing across the company or compared to similarly-situated companies
- Conduct a root cause analysis where certain conduct is over or under-reported
- Track average time to complete investigations of hotline reports
- Monitor the percentage of executive compensation canceled or recouped for ethical violations
- Assess how the organization has responded to breaches of compliance or ethical lapses
While the updated Evaluation Guidance contains new incentives, for example, indicating that compliance roles should be a means of career advancement and compliance a metric for performance, the changes largely indicate an expectation that companies communicate a deterrent message that misconduct will have serious adverse financial and career implications. A review of these changes, which are included in Section 2 (compliance program resourcing and empowerment), highlights DOJ’s view that these measures are a compliance as much as a human resources function. Legal and compliance leaders must work closely with their human resources counterparts to update relevant corporate policies and procedures to reflect these USG expectations. Specific measures that should be taken include:
Investigations and Electronic Communications
The second major revision to the Evaluation Guidance, which is contained in the third section (“Whether a Compliance Program Works in Practice”), provides several updates about investigations. Specifically, the Evaluation Guidance requires companies to structure compensation for employees responsible for investigations to empower them to enforce policies and ethical values. Additionally, it expects companies to outline responsibility for the determination of compensation (including bonuses), discipline, and promotion for both compliance employees and those with a role in the disciplinary process. The Evaluation Guidance includes an extended focus on the use of electronic communications, including the use of personal devices and messaging applications in particular. To align current policies with the updated Evaluation Guidance, companies should review their current processes for the following elements:
- Identify electronic communication mechanisms that companies authorize for business communications
- Assess any variance by jurisdiction and business function, and require a defined and recorded rationale
- Identify a rationale for the selection of communication channels and associated settings (including preservation and deletion)
- Implement mechanisms to manage and preserve information contained in electronic communications channels
- Identify preservation or deletion settings available to each employee, and prescribe corresponding company requirements
- Provide governance on the preservation of communications and other data from replaced devices
- Identify code of conduct, privacy, security, and employment laws or policies governing the ability to ensure security or to monitor/access business-related communications
- Personal Devices and Messaging Applications
- Implement policies governing preservation of and access to corporate data and communications, including data contained within messaging platforms
- Apply and enforce data retention and business conduct policies with respect to personal devices and messaging applications
- Incorporate the ability to review business communications by the company on personal devices and messaging applications; articulate any exceptions or limitations to these policies
- Assess whether the company should have a policy to require the transfer of messages, data, and information from personal phones or messaging applications onto company recordkeeping systems for preservation and retention
- Ensure effective implementation and enforcement of any such preservation and retention procedures
- Identify consequences for employees who refuse requested access to business communications on personal devices/messaging applications
- Implement disciplinary procedures for employees who fail to comply with policy or who refuse to provide requested access
- Assess any impairment of compliance program effectiveness, ability to conduct investigations, or response to regulator requests due to the use of personal devices or messaging applications
- Institute management of security and exercise of control over communication channels used to conduct business
- Review the approach to permitting and managing communication channels in the context of specific business needs and risk profile
The changes to the Evaluation Guidance re-enforce the need for legal and compliance leaders to work closely with information technology counterparts to ensure that all corporate policies and procedures reflect these USG expectations. Specific measures that should be taken include:
Finally, AAG Polite announced that the DOJ was releasing an update to its Monitor Memorandum. The update contains four important elements that companies should understand in the event they need to nominate monitor candidates for DOJ review.
First, and as stated before, the DOJ will not apply presumptions for or against monitors and will apply ten enumerated but non-exhaustive factors when assessing the need for, and potential benefits of, a monitor. We explored these factors, which can be divided into four general areas - (1) engagement with regulators, (2) nature of the criminal conduct, (3) effectiveness of remediation, and (4) future risk, in a client alert in September 2022. Companies should continue to incorporate these considerations in their voluntary self-disclosures and overall investigation programs.
Second, the DOJ will apply the same ethical expectations to individually named monitors and their teams. This update suggests that monitor candidates should ensure that all members of the monitor team can meet the highest ethical standards, including that the monitor, the monitor’s firm, and any of the personnel or entities assisting are not “current or former employees, agents, or representatives of the [c]ompany and hold no interest in, and have no relationship with, the [c]ompany, its subsidiaries, affiliates, or related entities, or its employees, officers, or directors[.]”
Third, monitor selections will be made consistent with DOJ’s commitment to diversity, equity, and inclusion. In his remarks, AAG Polite noted that this consideration has already been an explicit requirement for some time, and applies to both the nominations of the company as well as the review by the Criminal Division.
Fourth, monitorship “cooling off periods” are now not less than three years (rather than the two years previously in effect) from the date of the termination of the monitorship. This cooling-off period precludes discussions of any “employment, consultant, agency, attorney-client, auditing, or other professional relationship with the [company], or any of its subsidiaries, present or former affiliates, successors, directors, officers, or agents acting in their capacity[.]” A company must certify that it will neither employ nor be affiliated with the monitor, monitor firm, or any of the personnel or entities assisting in the monitorship for the stated time period.
Collectively, these updated elements in the Monitor Memorandum suggest that the DOJ will continue to expect monitors and monitor teams to be fully independent of any competing interests, and indicate that DOJ will carefully vet all nominated candidates for their ability to provide robust oversight.
© Copyright 2023. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.