The Department of Justice (DOJ) wants us to believe its new policy to have chief compliance officers at penalized companies certify their programs are reasonably designed at the end of any corporate resolution is for their benefit. There’s no reason not to believe that.
And yet, the reaction from the compliance community has largely been one of concern. Rightly so.
The fact is no matter how much assurance DOJ officials give across their industry event speeches, fears of CCO liability will persist. To sign your name to something not fully in your control is enough to make anyone uneasy, never mind someone in as high stakes a position as a compliance officer at a company under a monitorship. That added layer of stress cannot be minimized.
Which is why, in large part, the DOJ’s rollout of this policy change has been such a disappointment. There has been no public press release acknowledging the new requirement; instead, announcements have been made via speeches that have been inconsistently transcribed on the agency’s website for all to read. If not for media outlets covering these events, how much would we know?
The latest example came last week, when Lauren Kootman, assistant chief in the Corporate Enforcement, Compliance, and Policy Unit of the DOJ’s Fraud Section, announced at a legal industry conference the new certifications would “most likely” be a part of every corporate resolution (including guilty pleas, deferred prosecution agreements, and non-prosecution agreements) moving forward. A significant development reserved for those in the room or with a specific news service subscription, apparently.
Deputy Attorney General Lisa Monaco also discussed the requirements in remarks made in May that were never publicly transcribed. And at Compliance Week’s National Conference earlier that month, Assistant Attorney General Kenneth Polite Jr., head of the Criminal Division, mentioned the policy in a keynote address that went unacknowledged by the DOJ. (Compliance Week has made its full transcript of the speech available here.)
“This announcement related to this additional certification is not intended to be punitive,” Polite said. “… It’s the type of resource compliance officials, including myself (Polite served as CCO at electric power company Entergy from 2017-18), have wanted for some time because it makes clear you should have and must have appropriate stature in corporate decision-making. It is intended to empower our compliance professionals to have the data, access, and voice within those organizations to ensure them and the department that company has an ethical and compliance-focused program.”
Not since Polite first announced the policy was under consideration at a pair of events the same week in March has the DOJ gone out of its way to draw public attention to the change. Even last month, when Glencore pleaded guilty and agreed to pay more than $1 billion as part of a Foreign Corrupt Practices Act (FCPA) resolution, the press release did not note the agreement was the first to include the new CCO certification requirement. Instead, that detail was left to Page 9 of the 97-page plea agreement.
The DOJ has long been a champion of empowering compliance. Its Evaluation of Corporate Compliance Programs guidance is a must-read for CCOs and explicitly states compliance departments must be “adequately resourced and empowered to function effectively” by company leadership—something that has long been a pain point for practitioners. But the agency should also know how crucial knowledge and transparency is for a compliance officer to do their job.
Time will tell whether the CCO certification requirement is truly a win for the profession. But what we do know now is that we don’t know enough to feel that way.