The Governance Implications of the DOJ’s New Corporate Enforcement Policy

Corporate compliance and individual accountability are never going to be the most popular items on the board’s education agenda, but they are quickly becoming two of the most significant.

With the US Department of Justice’s (DOJ) renewed focus on corporate fraud enforcement and new fiduciary duty interpretations from the Delaware courts, corporate responsibility is back in vogue on boardroom agendas. Directors, especially those serving on audit and compliance committees, are now incentivized to recognize this movement and its potential implications for the company.

This is particularly important given the government’s emphasis on expanding the scope of corporate compliance programs and the significant, highly time-pressured decisions companies will be required to consider should they become aware of potential wrongdoing within their ranks. Those will most definitely be board-level decisions, not management’s.

The foundation for the renewed emphasis on corporate responsibility dates back to September 2022 and a series of policy speeches by senior DOJ officials. The fundamental message was three-fold: that the DOJ remains committed to corporate criminal enforcement, to supporting corporate responsibility, and to encouraging investment in compliance and culture.

That message surely caught the attention of most corporate counsel and, in many companies, that of the board’s audit and compliance committees. But for others in leadership, it may have seemed more like government saber-rattling than a serious initiative that deserved full-board attention. To a certain extent, that’s understandable.

But the government’s corporate responsibility messaging became much tougher for leadership to ignore with the DOJ’s Jan.17, 2023, release of its revised Corporate Enforcement Policy (revised CEP). This revised policy document generally serves to underscore the government’s focus on prosecuting corporate fraud.

More particularly, though, it introduces a series of “new, significant, and concrete incentives” (including declination of prosecution) for companies to self-disclose identified corporate misconduct to the government. And for companies that choose not to self-disclose, the revised CEP provides incentives for companies that “go far above and beyond the bare minimum” when cooperating with DOJ investigators.

The revised CEP has been supplemented by the Feb. 22, 2023, release of the US Attorneys’ Offices Voluntary Self-Disclosure Policy (VSD) which provides additional details on the requirements for voluntary self-disclosure, as well as on the benefits that the DOJ believes self-disclosure offers.

In essence, the revised CEP and the VSD combine to serve notice on boards to take internal investigations of potential fraud even more seriously than they already do. These important new policies are something of a flashing light, alerting boards to the possibility that they may be called upon to make serious, “bet the ranch” decisions on whether, and if so, how, to engage with the DOJ should an investigation identify problematic behavior—including that of executives. And with that alert, it encourages boards and their audit committees to prepare for the potential that they may be called upon to make those kinds of decisions.

On top of this comes a revision to the DOJ’s Evaluation of Corporate Compliance Programs (ECCP) guidelines, announced on March 3 by Deputy Attorney General Lisa O. Monaco and Assistant Attorney General for the Criminal Division Kenneth A. Polite, Jr. The revised ECCP contains two important enhancements to the DOJ’s expectations for effective corporate compliance programs.

The first enhancement is intended to incentivize compliance-promoting behavior through innovative approaches to executive compensation and the use of clawbacks. The DOJ’s primary compliance goal is to use compensation-based incentives and disincentives to shift the burden of corporate malfeasance away from uninvolved shareholders to those more directly responsible.

The second enhancement reflects the DOJ’s increased compliance focus on how corporations monitor the use of personal devices as well as various communications platforms and messaging applications, including those offering ephemeral messaging. The DOJ’s revised ECCP promotes the need for corporate policies governing these messaging applications to be tailored to the corporation’s risk profile and specific business needs and support. Corporations are also expected to consider, as appropriate, the preservation and accessibility of business-related electronic data and communications. In addition, the new guidelines address how prosecutors will evaluate how corporations both communicate the policies to employees and enforce them on a regular basis.

Taken collectively, the enforcement and compliance themes of the revised CEP, the VSD, and the revised ECCP implicate corporate governance in two notable areas, which may most effectively be addressed by the audit and compliance committees, acting at the direction of the board:

1. Key Board Decision-Making. Organizational governance is likely to face a series of critically important decisions regarding corporate cooperation and voluntary self-disclosure should an internal investigation identify likely criminal wrongdoing by the corporation or its employees, including executives. These decisions relate to confirming that the results of the internal investigation accurately and reasonably identify possible criminal wrongdoing, and processing the chain of related decision-making.

The latter includes deciding whether to make a voluntary self-disclosure; whether to meaningfully cooperate with the DOJ investigation or otherwise remediate; and whether to not disclose or otherwise to not cooperate.

These are in most circumstances board-level decisions and should not be made without the input of qualified white-collar defense counsel. They are decisions which must weigh the potential advantages of cooperation and self-disclosure (e.g., declination of prosecution), with the potential disadvantages of proactively engaging with the DOJ on matters of corporate conduct, especially when the evidence of wrongdoing is not clear-cut.

The issuance of both the revised CEP and the VSD gives members of audit and compliance committees the opportunity to familiarize themselves with these possible decisions, so as to be positioned to advise the board should wrongdoing be identified. Telling oneself, “It couldn’t happen here” is not a recommended governance best practice.

2. The Compliance Program. The comments of Monaco and Polite, as well as the ECCP revisions, speak directly to the board’s obligation to exercise oversight of corporate compliance and to assure the effectiveness of the compliance program. The board, perhaps acting through its audit and compliance committees, will be expected to evaluate the new compliance initiatives and determine what changes should be made to maintain the effectiveness of its compliance program.

In considering possible upgrades, the board should recognize that the DOJ “won’t accept business as usual” with respect to corporate compliance programs. Indeed, compliance program effectiveness is one of the key factors the DOJ will consider in determining whether a company will receive full credit for the “timely and appropriate remediation” element of the revised CEP.

Key Takeaways
Neither the revised CEP, the VSD, nor the revised ECCP represent the end of the corporate responsibility messaging from the DOJ. Collectively, they are intended to send a powerful message that the DOJ is heavily invested in corporate responsibility and preventing corporate fraud. Boards should expect further updates from their corporate counsel on these points and should be prepared to work with management on necessary responses.

From a board awareness angle, there are several key takeaways from the revised CEP, the VSD, and the revised ECCP.

1. It is clear that the DOJ and its Criminal Division are committed to incentivizing self-disclosure, corporate cooperation, and remediation. The DOJ is offering corporations what it believes to be meaningful benefits to encourage early and proactive engagement with government prosecutors when indications of material misconduct arise.

2. These self-disclosure incentives notwithstanding, the DOJ makes it clear what it perceives to be the risks of failing to self-disclose: “The bottom line: call us before we call you.”

3. Decisions on whether to engage with the DOJ on possible misconduct are among the most consequential and time-sensitive that a governing board may be called upon to make—and it should take some meaningful steps in the near term to be prepared to do so if circumstances arise. The board and its counsel will need to heavily weigh these decisions, which the DOJ says it appreciates.

4. When it comes to cooperating with the government, timing is everything. As DOJ leadership has made clear, companies seeking cooperation credit need to come forward and disclose important evidence to the DOJ quickly. Both companies and prosecutors evaluating those companies will now be “on the clock.” An undue or intentional delay in providing information and documents will result in a reduction or outright denial of cooperation credit.

5. Companies should be highly motivated to assure the effectiveness of their corporate compliance plans in general, and to manage risks and incentivize ethical employee behavior in particular, as a means of demonstrating their good faith efforts to address corporate fraud.

6. The specific compliance initiatives on executive compensation and ephemeral messaging require close attention from the board, notwithstanding the potential they create for conflict or tension with executive leadership. The company’s chief legal officer and chief corporate compliance officer should be authorized to develop an appropriate organizational response.

Planning for what leaders never want to happen (e.g., indications of material corporate misconduct) is not going to be a popular board education choice. But in the current enhanced corporate responsibility environment, it may be the smart play from a board perspective. The trio of new DOJ initiatives give the board, and its audit and compliance committees, much to consider in that regard.

The author's do not necessarily represent the views of McDermott Will & Emery or its clients. He thanks his partner, Sarah Walters, for her assistance in preparing this post.