8 November 2021
In one of the first substantive speeches on corporate criminal enforcement under the Biden administration, Deputy Attorney General Lisa Monaco announced on October 28, 2021, several immediate changes to Department of Justice (DOJ) policies that could significantly impact pending and future corporate enforcement matters. In this alert, we identify the changes and suggest some steps that institutions should consider in response.
Key Changes to Policies Concerning Cooperation and Relevant Conduct
Information About Individuals
Deputy Attorney General (DAG) Monaco announced that in connection with the DOJ’s focus on individual prosecutions, “to be eligible for any cooperation credit, companies must provide the department with all non-privileged information” about “all individuals involved in the misconduct, regardless of their position, status or seniority.” DAG Monaco underscored that “[i]t will no longer be sufficient for companies to limit disclosures to those they assess to be ‘substantially involved’ in the misconduct.”
Prior Unrelated Misconduct
Under preexisting DOJ guidance, prosecutors considered a company’s history of prior “similar misconduct” in assessing corporate prosecution factors. Thus, each DOJ division or section focused on prior misconduct in its area: for example, the Fraud Section considered prior fraud or Foreign Corrupt Practices Act (FCPA) matters; the Tax Division considered prior tax matters; and the Antitrust Division considered prior price fixing, collusion or similar behavior. DAG Monaco announced that “[g]oing forward, prosecutors will be directed to consider the full criminal, civil and regulatory record of any company when deciding what resolution is appropriate for a company that is the subject or target of a criminal investigation.” A prosecutor in the Fraud Section, for example, will now need to consider prior civil or criminal tax, environmental and antitrust settlements in assessing a company’s history of misconduct. In evaluating a company’s current compliance program, the DOJ will consider whether the program “adequately monitor[s] for and remediate[s] misconduct.”
Use of Monitors
DAG Monaco noted that in recent years, “some have suggested that monitors would be the exception and not the rule.” She “rescinded” any guidance suggesting that “monitorships are disfavored or are the exception” and clarified that “there is no default presumption against corporate monitors. That decision about a monitor will be made by the facts and circumstances of each case.”
Nonprosecution and Deferred Prosecution Agreements
Although DAG Monaco did not announce a specific policy change in relation to pretrial diversion, she signaled that in the future a company or institution may have difficulty negotiating repeated nonprosecution agreements (NPAs) or deferred prosecution agreements (DPAs): “One immediate area for consideration is whether pretrial diversion — NPAs and DPAs — is appropriate for certain recidivist companies. Corporate recidivism undermines the purpose of pretrial diversion, which is after all to give a break to corporations in exchange for their promise to fix what ails them, as well as to recognize a company’s cooperation,” she stated. When paired with the directive to focus on all prior misconduct, this suggests the DOJ may not entertain an NPA or DPA if a company has a prior criminal resolution, even in a different subject area.
In addition, the DOJ has indicated it will renew focus on compliance with the terms of NPAs and DPAs. In a speech on October 5, 2021, John Carlin, the principal associate deputy attorney general, said that the DOJ will “make sure that those who get the benefit of such an arrangement comply with their responsibility. … [I]f you violate the terms of an NPA or DPA or plea agreement, we are going to enforce.” In recent filings, telecommunications firm Ericsson disclosed that the DOJ believes it breached a December 2019 DPA by failing to provide certain documents and factual information, and a financial institution disclosed that prosecutors believe it has breached a 2017 NPA.
Potential Steps To Address These Policy Changes
Internal Investigations
The requirement to provide information about all individuals potentially involved in misconduct will increase the demands of the early stages of an internal investigation as well as the tension between providing corporate cooperation and protecting the rights of individual employees. Companies should revisit internal investigation procedures to ensure that that those follow best practices for appointing investigation teams and conducting internal investigations. Factors to consider include:
- the process for initiating internal investigations and standards for ensuring that investigations are independent and credible;
- document and information collection practices, to ensure a clear chain of custody to track sources of information and evaluate responsibility of all relevant individuals;
- policies and practices requiring cooperation of employees in internal and external investigations, including analysis of relevant data privacy and labor laws and agreements in non-U.S. jurisdictions; and
- policies and procedures for employee discipline following investigation findings.
Prior Settlements and Ongoing Investigations
Many companies and financial institutions maintain subject matter specialization to address complex legal and compliance risks, including antitrust, anti-corruption, anti-money laundering, environmental, tax and labor and employment matters; economic sanctions; and internal controls over financial reporting, as well as a company’s specific regulatory environment. For future risk assessment and negotiations with DOJ functions, companies and financial institutions will need to centralize information on recent settlements, the root cause of prior conduct, remedial actions taken and the obligations under settlement agreements. Companies and financial institutions should assess their case management or docketing systems to ensure meaningful analysis of the potential intersection of matters that previously may not have been viewed as related.
Comprehensive Risk Assessments and Compliance Enhancements
The DOJ expects that companies maintain, understand and use internal and external data to identify areas of vulnerability and possible misconduct. Given that the DOJ will treat misconduct across all areas as reflective of an overall compliance program, companies should make sure that their risk assessments identify structural risks and interplay between corporate functions and departments. Companies will need to use all available internal and external data from across their operations to ensure that their risk assessments and corresponding updates to compliance policies and procedures identify and address emerging risks.
For further information, please contact:
Steve Kwok, Partner, Litigation, Skadden
steve.kwok@skadden.com