On September 15, 2022, Department of Justice (DOJ) Deputy Attorney General (Deputy AG) Lisa Monaco announced new guidance for the DOJ’s corporate enforcement policies,1 which is memorialized in the Memorandum on Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group (Memorandum).2 As outlined in Deputy AG Monaco’s speech, the Memorandum expounds upon the three changes she announced in her October 2021 speech, as well as two additional areas:3 (1) cooperation credit and individual accountability, (2) repeat offenders, (3) corporate compliance monitors, (4) voluntary self-disclosure, and (5) the evaluation of corporate compliance programs. The new guidance has significant implications for corporations that have uncovered misconduct or are trying to implement an effective corporate compliance program to mitigate future risk.
- Cooperation Credit and Individual Accountability
The Memorandum expressly reinstates the standard set forth in the September 2015 Yates Memorandum: corporations must identify and provide all relevant facts regarding “all individuals involved in or responsible for the misconduct at issue, regardless of their position, status or seniority” to qualify for cooperation credit.4
The DOJ is now going even further, requiring corporations to “produce on a timely basis all relevant, non-privileged facts and evidence about individual misconduct” to be eligible for full cooperation credit. Corporations bear the burden of demonstrating that they timely produced documents—and failure to do so will jeopardize corporations’ ability to avail themselves of cooperation credit. Prosecutors will need to specifically assess the timeliness of the corporation’s cooperation, and reduce or eliminate cooperation credit if there is undue or intentional delay—“particularly with respect to documents that impact the government’s ability to assess individual culpability.”
What does this mean? This isn’t the first time the DOJ has emphasized its focus on individual accountability. For example, in last year’s and her latest speech, Deputy AG Monaco reiterated that the DOJ’s first priority in corporate criminal matters is individual accountability. Corporations need to match the DOJ’s focus on this area when conducting investigations, and considering whether and what to self-disclose. They must also prioritize the production of evidence to the DOJ that is most relevant for assessing individual culpability. Failure to do so could jeopardize their ability to obtain a declination—or at the very least some cooperation credit in a resolution.
- Repeat Offenders
Last year, Deputy AG Monaco expressed concern that the opportunity to receive multiple non-prosecution agreements (NPAs) and deferred prosecution agreements (DPAs) does not effectively deter repeat offenders, as corporations saw fines for corporate crime as the “cost of doing business.” To that end, she directed prosecutors to consider the corporation’s record of past misconduct, including prior criminal, civil, and regulatory resolutions, both domestically and internationally, when deciding the appropriate resolution.
The DOJ has now provided clarification on that broad mandate, acknowledging that not all prior misconduct is equally relevant or probative. In considering an appropriate resolution, prosecutors will assess, among other factors: (1) the seriousness of any prior misconduct, (2) its similarity to the instant conduct under investigation (even if prosecuted under different statutes), (3) whether the misconduct was repeated, and (4) remediation taken to address the root causes of the prior misconduct. Prosecutors will examine both the form and timing of prior resolutions, weighing more heavily recent US criminal resolutions, and prior misconduct involving the same personnel or management. Prior criminal resolutions more than ten years, and civil or regulatory resolutions more than five years, before the conduct under investigation should be given less weight. Deputy AG Monaco reiterated that the DOJ will continue to disfavor NPAs and DPAs for repeat offenders—particularly where prior misconduct involved similar behavior, persons, or entities.
What does this mean? While this guidance will be helpful to corporations negotiating resolutions with the DOJ, companies should also be mindful of the tension between the DOJ’s policy on repeat offenders and its focus on self-disclosure (further discussed below). During her speech, Deputy AG Monaco reaffirmed existing guidance that, absent aggravating factors, corporations would qualify for a declination if they voluntarily self-disclosed, fully cooperated, and timely and appropriately remediated. On September 20, the Principal Associate Deputy Attorney General Marshall Miller reiterated the incentive: “Unless aggravating factors are present, even a company with a significant history of misconduct has a powerful incentive to make a timely self-disclosure: it is likely to make all the difference between a DPA and a guilty plea resolution.”5
The Memorandum notably does not elucidate what constitutes an aggravating factor, leaving it to each DOJ component to decide. However, the FCPA Corporate Enforcement Policy6 expressly lists criminal recidivism as one of four enumerated aggravating circumstances. It is therefore unclear, for example, how a corporation with a recent criminal settlement would be treated by the DOJ if it voluntarily self-discloses new misconduct. Theoretically, the corporation should still qualify for a declination, assuming it also fully cooperates and timely and appropriately remediates. However, the DOJ may have concerns about declining to pursue an enforcement action against a repeat offender that continually self-discloses recurring misconduct. Repeat offenders who self-disclose should be prepared for the DOJ to raise these concerns.
- Corporate Compliance Monitors
Last year, Deputy AG Monaco announced that prosecutors would no longer adhere to the October 2018 guidance suggesting monitorships are disfavored or are the exception. Instead, Deputy AG Monaco made clear that the DOJ was “free to require the imposition of independent monitors whenever it is appropriate to do so in order to satisfy our prosecutors that a company is living up to its compliance and disclosure obligations” under a resolution. Responding to the industry’s request for “more transparency to reduce suspicion and confusion about monitors,” the Memorandum provides additional guidance regarding how prosecutors should (i) determine whether a monitor is appropriate, (ii) select a monitor, and (iii) oversee the monitor’s work.
First, in evaluating whether a monitor is appropriate, prosecutors will consider a non-exhaustive list of 10 factors, some of which echo the FCPA Corporate Enforcement Policy’s position that a monitor will not be required if the corporation has “at the time of resolution, implemented an effective compliance program.” For example, the enumerated factors include whether the corporation had implemented and tested its compliance program and internal controls to ensure they can effectively detect and prevent future misconduct, and remediated the underlying issues. Notably, the first factor on the list directs prosecutors to consider whether the corporation voluntarily self-disclosed the misconduct. It is unclear how a corporation self-disclosing the misconduct is relevant to whether a monitor is necessary to ensure a corporation meets its compliance and disclosure obligations under a resolution. This factor could simply be a nod to the DOJ’s general emphasis on voluntary self-disclosure.
Second, the Memorandum instructs prosecutors to take additional, concrete steps to increase transparency. In line with Deputy AG Monaco’s commitment in 2021 to study the monitor selection process, every component of the DOJ that does not currently have a publicly available monitor selection process will need to create one, or adopt an existing DOJ process, before December 21, 2022. Deputy AG Monaco emphasized that the selection process must occur “in a fashion that eliminates even the perception of favoritism.” Going forward every monitorship committee must include an ethics official or professional responsibility officer to ensure other members can select a monitor without bias.
Finally, prosecutors will “monitor the monitors.” Prosecutors must define the monitor’s scope and responsibilities in writing, establish a clear work plan, “remain apprised” of the work conducted by the monitor, and review the work for reasonableness.
The Memorandum expressly contemplates prosecutors reducing the term or scope of the monitorship. Prosecutors can shorten a monitorship if the corporation improves it compliance program quicker than anticipated. As noted by Mr. Miller, the April 2022 DPA with Stericycle, Inc. resolving violations of the Foreign Corrupt Practices Act is an example of a resolution that allows for early termination if, as stated in the DPA, “there exists a change in circumstances sufficient to eliminate the need for the monitorship.”7
What does this mean? Monitors can be extremely costly, intrusive and disruptive to a corporation’s business. The list of factors that prosecutors will consider when determining whether a monitor is appropriate—albeit non-exhaustive—provides valuable insight to corporations seeking to avoid a monitor. Corporations should carefully consider how these factors could impact the DOJ’s decision to impose a monitor early in the process (i.e., shortly after identifying misconduct) to best position themselves for negotiating a corporate resolution.
In addition, the Memorandum mentions, in passing, that a new section on “independent corporate monitors” will be added to the Justice Manual. Corporations should stay apprised of this and other updates to the Justice Manual based on the Memorandum and the Deputy AG Monaco’s speech.
- Voluntary Self-Disclosure
In addition to building on the three changes announced last year, Deputy AG Monaco emphasized the importance of voluntary self-disclosure. In an effort to increase transparency, all DOJ components will need to review or, for those without a formal written policy on self-disclosure, to draft and publish a policy on voluntary self-disclosure. Any such policy should set forth the component’s expectations of what constitutes a voluntary self-disclosure, including with regard to the timing of the disclosure, the need for the disclosure to be accompanied by timely preservation, collection, and production of relevant documents and/or information, and a description of the types of information and facts that should be provided as part of the disclosure process. The policies should also lay out the benefits that corporations can expect to receive if they meet the standards for voluntary self-disclosure under that component’s policy.
What does this mean? Right now, it is not always clear what a corporation must do to receive full voluntary self-disclosure credit, particularly for cases being investigated by DOJ components that lack formal voluntary self-disclosure policies. The DOJ is attempting to change that and to provide additional incentives for companies to come forward voluntarily. The DOJ is also endeavoring, again, to stress the value proposition of making a voluntary disclosure. In her speech, Deputy AG Monaco stated that voluntary self-disclosure cases have resulted in declinations and non-prosecution agreements with no significant criminal penalties, while recent cases that did not involve self-disclosure have resulted in guilty pleas and billions of dollars in criminal penalties. Corporations should monitor upcoming DOJ resolutions, as Deputy AG Monaco hinted that “resolutions over the next few months will reaffirm how much better corporations fare when they come forward and self-disclose.”
- Evaluation of Corporate Compliance Programs
The Memorandum states that although an effective compliance program does not itself constitute a defense to misconduct, it can impact the terms of a corporation’s potential resolution with the DOJ.8 After briefly referencing the factors laid out in the Criminal Division’s earlier Evaluation of Corporate Compliance Programs9—such as whether the compliance program is well designed and working in practice—the Memorandum lists additional factors relevant to a prosecutor’s evaluation: (i) financial incentives; and (ii) policies and controls on the use of personal devices and third-party applications.
- In evaluating a compliance program, prosecutors will consider whether corporations use financial incentives to reward compliance and penalize misconduct. Examples of such incentives include clawing back compensation previously paid to individuals involved in misconduct and using compliance metrics in determining compensation packages. According to Mr. Miller, this is a “key consideration” in evaluating a compliance program because it shifts “the burden of corporate financial penalties away from shareholders – who frequently play no role in misconduct – onto those who bear responsibility.” The DOJ now expects companies to have “robust and regularly deployed clawback programs.”
What does this mean? Corporations should take this opportunity to review their use of compensation to incentivize compliance and discipline misconduct. While the Evaluation of Corporate Compliance Programs only mentions incentives in passing, resolutions imposing corporate compliance monitors have emphasized the need for corporations to implement these types of incentives. Prosecutors will certainly be concentrating on these factors when considering whether a certain type of resolution is appropriate going forward.
- Whether a corporation has policies and controls in place to effectively monitor the use of personal devices and third-party applications, such as ephemeral messaging applications, will factor into a corporation’s eligibility for cooperation credit. While the Evaluation of Corporate Compliance Programs previously tied such controls to remediation credit, the Memorandum instead focuses on the potential negative ramifications for an investigation. Corporations may be unable to avail themselves of cooperation credit if they fail to provide all non-privileged communications on personal devices and third-party applications relating to the investigation to the DOJ.
What does this mean? The DOJ and other regulators have been focused on compliance risks associated with personal and ephemeral messaging for some time. For example, last year a financial institution agreed to pay $200 million to the SEC and CFTC for allowing employees to discuss business on their personal devices without implementing controls to retain and preserve those communications. Other corporations have also reported that the SEC and CFTC are inquiring about this issue.
Given the high level of interest in this area, corporations should:
- closely monitor the results of a study that the Criminal Division is conducting regarding best corporate practices for the use of personal devices and third-party messaging platforms, which the Memorandum indicates will be incorporated into the next edition of the Evaluation of Corporate Compliance Programs; and
- consider taking the actions that the Memorandum helpfully prescribes: (i) implement policies governing business communications via personal devices and third-party messaging platforms; (ii) provide training on those policies; and (iii) enforce policies when violations are identified. Corporations can also take other proactive measures to mitigate risk in this area, such as implementing enterprise versions of messaging platforms.
* * *
The Memorandum and Deputy AG Monaco’s speech articulate significant changes in several areas affecting corporations. These changes are relevant to companies that identify misconduct, are the subject of an enforcement action, or just wish to implement an effective compliance program sufficient to mitigate future risk. In addition to considering the recommendations discussed herein, corporations should track upcoming corporate resolutions, which may provide useful insight into how the changes set forth in the Memorandum apply in practice.
 Deputy Attorney General Lisa O. Monaco, “Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group” US Dept. of Justice (Sept. 15, 2022).
 9-47.120 – FCPA Corporate Enforcement Policy, Justice Manual, US Dept. of Justice (updated Mar. 2019).
 The Memorandum’s assertion that an effective compliance program is not a defense for misconduct differs from the UK Bribery Act, which provides a statutory defense for commercial organizations that can prove they had “adequate procedures designed to prevent persons associated with [them] from undertaking such conduct.”
 “Evaluation of Corporate Compliance Programs,” US Dept. of Justice, Criminal Division (updated June 2020).