DOJ Corporate Compliance Certifications Appear to Be Here to Stay | BakerHostetler

Key Takeaways
  • As part of its renewed focus on corporate crime, the Department of Justice (DOJ or the Department) is requiring chief compliance officers (CCOs) and CEOs to certify the effectiveness of their company’s compliance program in all corporate criminal resolutions, including guilty pleas, non-prosecution agreements (NPAs) and deferred prosecution agreements (DPAs), at the end of the term of the agreement.
  • This policy has been met with unease by some compliance professionals over concerns that the certifications may leave CCOs open to criminal prosecution.
  • But the policy has been repeatedly emphasized by DOJ officials and appears to be here to stay. The DOJ has used compliance certifications in two corporate criminal resolutions thus far, most recently on Sept. 15, 2022, in a DPA with GOL Linhas Aéreas Inteligente (GOL). On Sept. 22, speaking at the New York City Bar Association’s (NYCBA) 2022 Compliance Institute, Alixandra Smith, Deputy Chief of the Criminal Division at the U.S. Attorney’s Office for the Eastern District of New York, emphasized that compliance certifications serve as a tool for the DOJ to hold individuals accountable for corporate wrongdoing and would continue to be used.
Compliance Certification Policy Background

The compliance certification policy was first announced by Assistant Attorney General (Assistant AG) Kenneth Polite in March 2022, when he stated that for all criminal division “corporate resolutions (including guilty pleas, DPAs and NPAs),” the Department would consider requiring CCOs and CEOs to certify at the end of the term of the agreement that their company’s compliance program is “reasonably designed and implemented to detect and prevent violations of the law … and is functioning effectively.” Assistant AG Polite continued that in certain resolutions that require annual self-reports on the state of the company’s compliance program, the Department would consider requiring the CEO and CCO to certify the truthfulness and accuracy of those reports as well. Assistant AG Polite stated that his announcement was “not punitive in nature.” Rather, “it is intended to empower our compliance professionals to have the data, access, and voice within the organization to ensure you, and us, that your company has a[n] ethical and compliance focused environment.”

Nevertheless, since Assistant AG Polite’s announcement, some within the compliance industry have expressed concern that these certifications may expose CCOs to future criminal prosecutions. In response to questions about the Department’s approach to individual liability under the certification policy, Assistant AG Polite told Law360 that while the aim of the new requirements is not to go after CCOs or CEOs, “if there is a knowing misrepresentation on the part of the CEO or CCO, that could certainly result in some form of personal liability,” and he advised that the Department may also “consider a misrepresentation in one of these certifications, or a failure to provide such a certification, a breach of the corporation’s obligations under the agreement.”

Assistant AG Polite recently reiterated the Department’s compliance certification policy in prepared remarks delivered at the University of Texas Law School on Sept. 16. In those remarks, Assistant AG Polite acknowledged the concerns raised about the compliance certification process and emphasized the Department’s stance that these certifications will give CCOs a greater voice in corporate decision-making. He further stated that the certifications “underscore our message to corporations: investing in and supporting effective compliance programs and internal controls systems is smart business and the department will take notice.”

Speaking to compliance professionals at the NYCBA 2022 Compliance Institute, Deputy Chief Smith echoed Assistant AG Polite’s comments and stated that compliance certifications “serve as [tools] for the Justice Department as it tries to hold individuals accountable for their role in corporate wrongdoing” and that “you’re going to see more of” them. Deputy Chief Smith also noted that if a business trying to settle does have a relatively unempowered compliance leader, the Department may consider urging such companies to give the compliance role more power within the organization.  

Compliance Certifications in Practice: Glencore and GOL

Since the certification policy was first announced in March 2022, the Department has required compliance certifications in both a plea agreement and a DPA.

1. Glencore Group Plea Agreement

On May 24, Glencore International A.G. and Glencore Ltd. pleaded guilty and entered into a $1.1 billion settlement agreement with the Department in connection with charges arising from alleged commodity price manipulation and violations of the Foreign Corrupt Practices Act (FCPA).

The plea agreement was the first to include the compliance certification. Attachment H to the plea agreement requires that 30 days prior to expiration of Glencore’s obligations under the plea agreement, both the CEO and the CCO certify under penalty of perjury that (1) they are aware of the company’s compliance obligations under the plea agreement, (2) the company has implemented a compliance program that meets those requirements, and (3) the compliance program is “reasonably designed to detect and prevent violations of the Foreign Corrupt Practices Act and other applicable anti-corruption laws throughout the company’s operations.”

In addition to the compliance certification, the Glencore settlement requires the company to implement two independent monitors, one in the U.S. and one abroad, to prevent the reoccurrence of crimes.

2. GOL Linhas Aéreas Inteligente DPA

GOL entered into a DPA and $41 million settlement with the Department on Sept. 15, in connection with charges arising out of alleged violations of the anti-bribery and books and records provisions of the FCPA.

While the GOL agreement did not impose a monitor as was the case in Glencore, it included a nearly identical compliance certification. Like the certification in the Glencore agreement, the DPA requires that 30 days prior to expiration of the agreement, GOL’s CEO and CCO certify that they are aware of the company’s compliance obligations and that the company has implemented a compliance program that is “reasonably designed to detect and prevent” violations. Assistant AG Polite referenced the use of the compliance certification in the GOL resolution in his remarks on Sept. 16 and said that the DOJ “will continue to use similar certifications in our corporate resolutions as appropriate for each case.”


In his remarks at the University of Texas Law School on Sept. 16, Assistant AG Polite warned that “a corporate leader who ignores the emphasis we are placing on compliance does so at his or her own risk.” Clearly, the DOJ’s focus on corporate compliance programs and its intent to use compliance certifications as a tool both to hold individuals accountable and to encourage companies to empower CCOs are here to stay. In light of this, companies would be well advised to ensure that their CCOs have sufficient authority within the organization, and that their compliance programs are adequately resourced and otherwise “reasonably designed” to detect and prevent misconduct.

[View source.]