The DOJ's New Parameters for Evaluating Corporate Compliance Programs
The parameters set forth in the DOJ's memorandum have implications not only for the government's evaluation of compliance programs in the context of criminal…
July 14, 2017 at 07:40 AM
9 minute read
The original version of this story was published on Law.com
The parameters set forth in the DOJ's memorandum have implications not only for the government's evaluation of compliance programs in the context of criminal charging decisions, but also for how defense counsel structure their conference-room advocacy seeking declinations or lesser sanctions in both criminal and civil investigations.
An effective compliance program is essential for any business, allowing the organization to identify potential vulnerabilities and to minimize risk. It is also relevant in defending against government investigations and prosecutions, criminal or civil. In fiscal year 2016, 132 organizations were sentenced (129 pleaded guilty; only three went to trial); however, according to the U.S. Sentencing Commission, only 2.1% of organizations seeking acceptance of responsibility credit under U.S. Sentencing Guideline § 8C2.5 had an “effective” compliance program. See U.S. Sentencing Commission Sourcebook at Tables 53, 54 (2016).
The effectiveness of an organization's compliance program is important to the government, too. It often assesses this factor in determining whether a business will be prosecuted; if so, whether the prosecution will be civil or criminal or both; and if found liable or guilty, the severity of sanctions to seek. The government's assessment of compliance program effectiveness has evolved. The more generalized criteria for a “good” compliance program once extrapolated from the Sentencing Guidelines, the U.S. Attorney's Manual or guidance documents from the DOJ, Securities and Exchange Commission (SEC) or Health & Human Services (HHS), now must give way to the DOJ's recently issued memorandum titled “Evaluation of Corporate Compliance Programs,” a seven-page, single-spaced inventory of “sample topics and questions.” DOJ Criminal Division, Fraud Section, “Evaluation of Corporate Compliance Programs” (Feb. 8, 2017).
The parameters set forth in the DOJ's memorandum have implications not only for the government's evaluation of compliance programs in the context of criminal charging decisions, but also for how defense counsel structure their conference-room advocacy seeking declinations or lesser sanctions in both criminal and civil investigations. Moreover, given the DOJ's “ Yates memo” reset on the prosecution of individuals within the corporation, defense counsel should be alert to the potential that these parameters may also provide a template for investigating a manager's or board member's reckless disregard or willful blindness for purposes of civil or criminal prosecutions, or an employee's ability to detect or remediate misconduct under the criminal “responsible corporate officer doctrine” (RCOD).
The DOJ's New Compliance Program Evaluation Parameters
The DOJ's corporate compliance evaluation memorandum systematically breaks out over 100 “sample” questions under 11 broad headings. These reflect a no-stones-left-unturned agenda apparently meant to generate a comprehensive overview of compliance program methodologies, structure and implementation, as well as how the program is empowered, resourced, and monitored in practice at different organizational levels.
To provide a sense of the memorandum's scope, these are just a few of the many probing questions the DOJ intends to ask:
- whether a root cause analysis of the suspect conduct has been performed;
- what specific actions senior management and stakeholders have taken to demonstrate their compliance commitment and what compliance expertise has been available to the Board;
- the resources, autonomy and stature devoted to the compliance function;
- whether a funding or resource request from the compliance or control function ever was denied and how the denial decision was made;
- the process for designing, implementing and assessing effectiveness of new policies and procedures;
- who is responsible for integrating policies and procedures;
- the methodology for risk assessment;
- whether training is tailored for high-risk and control function employees;
- if there is an incentive program for good compliance and ethical behavior;
- if there were internal investigations properly scoped, independent, and documented;
- if disciplinary actions have been consistently applied across the business; and
- if the relevant controls have been tested and risk assessments updated.
What is interesting about these interrogatories is just how granular the DOJ intends to be in reviewing compliance programs and how far it has come from the early caricature of accepting at face value the compliance program binder “on the shelf.” (This kind of detail is also found in recent guidance from the HHS Office of Inspector General (OIG). See “Measuring Compliance Program Effectiveness: A Resource Guide” (March 27, 2017).)
These DOJ questions look not only at the organization's existing compliance policies, but also probe: 1) the assumptions, methodology, design and judgments embedded in those policies; and 2) the proactive character and predictive accuracy of those policies. Such inquiries may call into question the compliance advice received from in-house auditors and legal, and compliance vendors and outside counsel, with attendant privilege and work product issues.
Conference-Room Advocacy
Of course, the DOJ notes that its evaluations necessarily are case-specific and that differences in organizations (including, presumably, differences in organizational size and resources) require “individualized determination[s].” No doubt it will take some time for the import of this memorandum to seep into the practice of Assistant U.S. Attorneys and agents. Nonetheless, when defense counsel embarks on conference room advocacy with the government and makes its “good corporate citizen” pitch seeking to avoid or ameliorate a government criminal prosecution, or minimize a civil resolution, woe to the lawyer who is not prepared either to provide this type of information proactively, or to respond to this level of inquiry from the prosecutors and agents across the table. Gathering this detailed information from the client also may add another layer to the scope of counsel's internal investigation into alleged misconduct.
Increased Risk for Executives and Board Members?
The DOJ compliance program evaluation memorandum also has the potential to reshape how government prosecutors view the action (or inaction) of executives and board members. Consider the following data points.
First, recall the basic framework of a board member's affirmative obligations — namely, to assure the existence of corporate information gathering and reporting systems to provide management and the board with material information, including compliance with applicable statutes and regulations. See, e.g., In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del Ch.1996).
Second, the Yates Memo renews the DOJ's emphasis on the criminal and civil investigation and prosecution of individuals by, among other things, requiring written justifications for not prosecuting individuals. See DOJ, “Individual Accountability for Corporate Wrongdoing” (Sept. 9, 2015).
Third, willful blindness for purposes of a criminal prosecution requires proof that the defendant: 1) subjectively believed that there is a high probability that the misconduct is taking place; and 2) took deliberate actions to avoid learning about those facts. Global-Tech Appliances, Inc. v. SEB S.A., 131 S. Ct. 2060 (2011). And under the responsible corporate officer doctrine (RCOD), the government may attribute culpability to the employee who has, by reason of her corporate position, “responsibility and authority either to prevent in the first instance, or promptly to correct,” the alleged violations of law, irrespective of any actual knowledge of misconduct. United States v. Park, 421 U.S. 658, 673-74 (1975).
Fourth, reckless disregard, or deliberate ignorance, of the truth or falsity of information for purposes of a civil False Claims action requires proof that the defendant either: 1) intentionally avoided learning whether a particular piece of information is true or false; or 2) had serious doubts about the truth or falsity of the information, but failed to make simple inquiries to verify truth or falsity. See 31 U.S.C. § 3729(b). In practice, this obligates the individual to make such inquiry as a reasonable and prudent person would conduct under the circumstances in order to ascertain the true and accurate basis of the claim on pain of being liable for the “aggravated form of gross negligence” required to impute knowledge of a false claim. See, e.g., United States v. Quicken Loans, Inc., No. 16-cv-14050, 2017 U.S. Dist. LEXIS 33559, *13-14 (E.D.Mich. March 9, 2017); S. Rep. No. 99-345, at 20 (1986).
Fifth, the parameters set out in the DOJ compliance program evaluation memorandum are published, disseminated and available to organizations, management and boards. Especially in large, sophisticated and publicly traded organizations, executives (including compliance officers) and board members may be found to be on notice of them. The government may well expect: 1) boards to be asking management these same types of questions under their Caremark obligations; 2) management to be retrofitting compliance program upgrades so that the answers to those questions are “correct”; and 3) compliance officers or audit managers to include these parameters in their annual internal program audits.
In this context, the DOJ's compliance program evaluation memorandum may move the goalposts on what constitutes deliberately blinding oneself to the facts, failing to make reasonable inquiry into the truth or falsity of a claim, or Responsible Corporate Officer Doctrine (RCOD) authority to detect or remediate misconduct. That is, in addition to seeking direct evidence of knowledge and intent, the government may issue CID, HIPAA or grand-jury subpoenas for documents and testimony concerning DOJ's compliance program parameters as they relate to the conduct under investigation.
The results may vindicate the organization or reveal compliance program deficiencies in analysis, methodology and process tied to that alleged misconduct. To the extent a Board has not asked the questions set out in the DOJ's memorandum, or management has not acted on these inquiries, the government could take the position that such inaction contributes to evidence of the reckless disregard required for civil False Claims Act (FCA) liability. In extreme instances, such inaction might contribute to proving RCOD liability or the willful blindness necessary to bring a criminal fraud charge.
Conclusion
Compliance officers, in-house counsel, corporate management and board audit and compliance committees should review the DOJ's recent compliance program evaluation memorandum. It may help to build more robust compliance programs; guide defense counsel's conference room advocacy; and provide insight into potential management and the Board exposures under reckless disregard, RCOD or willful blindness standards.
Ronald H. Levine ([email protected]), a member of the Editorial Board of Business Crimes Bulletin, is a principal at Post & Schell, P.C., heading its Internal Investigations and White Collar Defense Group. Levine was previously Chief of the Criminal Division of the U.S. Attorney's Office for the Eastern District of Pennsylvania. Carolyn H. Kendall ([email protected]) is an Attorney in the Group working in the areas of tax, money laundering and compliance programs.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllBallooning Workloads, Dearth of Advancement Opportunities Prime In-House Attorneys to Pull Exit Hatch
The Reason a GC Abruptly Departs May Not Be What You Think
Trending Stories
- 1Gibson Dunn Sued By Crypto Client After Lateral Hire Causes Conflict of Interest
- 2Trump's Solicitor General Expected to 'Flip' Prelogar's Positions at Supreme Court
- 3Pharmacy Lawyers See Promise in NY Regulator's Curbs on PBM Industry
- 4Outgoing USPTO Director Kathi Vidal: ‘We All Want the Country to Be in a Better Place’
- 5Supreme Court Will Review Constitutionality Of FCC's Universal Service Fund
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250