The U.S. Department of Justice (“DOJ”) remains busy updating its policies relating to corporate prosecutions, evaluations of compliance programs, and voluntary disclosures. In a pair of speeches at March’s ABA White Collar Conference in Miami, Deputy Attorney General Lisa Monaco and Assistant Attorney General Kenneth Polite, Jr. returned to the Department’s revision of its Evaluation of Corporate Compliance Program (“ECCP”) by unveiling several significant policies, including those relating to a corporation’s access to and retention of employee electronic communications as well as a company’s compensation structure for executives and employees.
Make Sure that Your Company Can Access Employee Devices and Data When Needed
The message from DOJ is clear: companies need to be able to obtain business-related data and communications from their employees, from whatever device or platform their employees utilize. Companies also should be vigilant in ensuring that they have the ability to turn off auto-delete functionality or entirely prohibit auto-delete applications from being utilized by their employees.
Given that “[i]n today’s day and age, the use of these services is ubiquitous,” as acknowledged by AAG Polite, a corporation’s legal team and corporate compliance officers must ensure that their companies have clear policies and procedures setting forth not only how employees can utilize their personal devices for work-related purposes but also how those employees communicate on various third-party messaging platforms, including those offering ephemeral messaging, such as Signal, WhatsApp, etc.
Under the newly revised ECCP, when determining an appropriate resolution of an investigation, DOJ prosecutors will consider:
- how business-related electronic data and communications are preserved and accessed by a company, including those from third-party messaging applications, from any devices utilized through a company’s “bring your own device” (“BYOD”) program as well as from those devices that are replaced when the employee upgrades or obtains a new device, for either BYOD devices or those that are company-owned;
- how policies governing these messaging applications are tailored to a company’s risk profile and specific business needs, including any BYOD programs, and associated preservation policies;
- if a company’s policies permit the company to review business communications on BYOD and/or third-party messaging applications utilized by its employees;
- how a corporation communicates their policies to employees; and
- if a company consistently enforces those policies, including those relating to BYOD and/or third-party messaging applications.
DOJ Continues to Expand Its Focus on Executive Compensation and Ability to Clawback From Those Who Commit Misconduct
Additionally, DAG Monaco announced a new Pilot Program on Compensation and Incentives and Clawbacks that furthers DOJ’s repeated attempts to have companies “step up and own up when they discover misconduct.” The goal of this program is to encourage “companies who do not already factor compliance into compensation to retool their programs and get ahead of the curve.”
Under the pilot program, every corporate resolution involving DOJ’s Criminal Division will now require the company to develop compliance-promoting criteria within its compensation and bonus system. As AAG Polite explained, DOJ expects companies that use clawback programs “to address not only employees who engaged in wrongdoing in connection with the conduct under investigation, but those who had supervisory authority over such employees who …[were] engaged in the misconduct, and knew of or were willfully blind to, the misconduct.”
Additionally, DOJ’s Criminal Division will now provide reductions in fines assessed pursuant to a corporate resolution to companies who seek to clawback compensation from corporate wrongdoers. The DOJ policy sets up a system whereby “the resolving company will pay the applicable fine, minus a reserved credit equaling the amount of compensation the company is attempting to clawback from culpable executives and employees.” If the company is successful in clawing back compensation from a responsible executive or employee, DOJ will permit the company to keep the amount it recovered. Furthermore, even if a company is unsuccessful in recovering compensation from an executive or employee, DOJ will now “ensure that those who pursue clawbacks in good faith but are unsuccessful are still eligible to receive a fine reduction.”
Implementation of U.S. Attorneys’ Office’s Voluntary Disclosure Program To Standardize and Encourage Companies to Report Misconduct
This blog has previously reported on the DOJ Criminal Division’s new Voluntary Disclosure Program, which was announced on January 17, 2023. On March 2, 2023, the Office of the Deputy Attorney General announced a new Voluntary Self-Disclosure (“VSD”) policy that applies to all United States Attorney’s Offices (“USAOs”). As discussed below, the “goal of the policy is to standardize how VSDs are defined and credited by USAOs nationwide, and to incentivize companies to maintain effective compliance programs capable of identifying misconduct, expeditiously and voluntarily disclose and remediate misconduct, and cooperate fully with the government in corporate criminal investigations.” In announcing the policy, the U.S. Attorneys for the Southern and Eastern Districts of New York stated, “The policy provides transparency and predictability to companies and the defense bar concerning the concrete benefits and potential outcomes in cases where companies voluntarily self-disclose misconduct, fully cooperate, and timely and appropriately remediate.” This is the first time that U.S. Attorney’s Offices have had such a VSD policy.
Requirements of a VSD for USAOs:
The new VSD policy requires that a VSD be:
- Voluntary: A disclosure will not be considered voluntary if there is any pre-existing obligation to disclosure of such conduct.
- Timely: A disclosure will be deemed timely if it is made to the USAO prior to any imminent threat of disclosure or government investigation; prior to misconduct being publicly disclosed or otherwise known to the government; and within a reasonably prompt time after the company discovers the misconduct. It is the Company’s burden to demonstrate timeliness.
- Substantive: The VSD must include all relevant facts concerning the misconduct that are known to the company. The USAO recognizes that the Company may not be in a position to know all the relevant facts, but the Company should make clear that the disclosure is based on a preliminary investigation or assessment.
Why Submit a Voluntary Self Disclosure?
To resolve an investigation with DOJ, unless the company has an “aggravating factor,” the USAO will not seek a guilty plea where the Company has submitted a VSD; fully cooperated with the USAO; and timely and appropriately remediated the criminal conduct. To meet this standard, a Company must agree to pay all disgorgement, forfeiture and restitution resulting from the criminal conduct.
However, if a Company fully meets the VSD, the USAO may choose not to impose a criminal penalty and if the USAO chooses to impose a criminal penalty it must not be greater than 50% below the low end of the U.S. Sentencing Guidelines fine range.
How to Deal with an “Aggravating Factor”
The USAO provides a few examples of possible “aggravating factors” that include (but are not limited to) conduct that poses a grave threat to national security, public health, or the environment; is deeply pervasive throughout the company; or the conduct involves current executive management of the company.
An aggravating factor does not mean that the USAO will require a guilty plea to resolve the matter. This will be a fact specific analysis to determine the appropriate resolution. Ensuring that there was an effective compliance program in place, which encompasses the new policies we discussed above, will be imperative.
Considerations of an Effective Compliance Program:
The VSD policy allows for the imposition of an independent compliance monitor if the Company has not implemented and tested an effective compliance program. The need for a monitor will be made on a case by case basis.
If policies relating to BYOD, preservation of messages, including ephemeral messages, and executive compensation are missing from your current compliance program, it is now time to re-evaluate those programs. Additionally, if you are considering a VSD, you should always consult counsel to assist you with meeting the necessary requirements.
- Member of the Firm