Deputy Attorney General Rod Rosenstein kicked off Compliance Week 2018 in Washington D.C. today, speaking candidly about compliance program effectiveness, the FCPA Corporate Enforcement Policy, the newly announced Justice Department coordination policy, and much more.

Rosenstein began his remarks by stressing the value and business advantage that a corporate compliance program can bring to an organization. “Compliance is an investment in a company’s future,” he said. “Ethical, law-abiding companies better attract investors and partners. People want to do business with companies that they perceive as honest and reliable.”

He also stressed that compliance should be an “integrated process, not an afterthought.” This is to say that “compliance should not be treated as separate and distinct from other business goals,” Rosenstein said. “In a company with adequate and effective compliance programs, the legal, compliance, and audit departments are not the only repositories of professionals monitoring and evaluating what the business side does. Everyone is engaged in the effort to ensure compliance.”

Rosenstein also provided details on what considerations the Department of Justice weighs when a company comes under investigation. “We ask two principle questions about the company’s compliance function: What was the state of the compliance program at the time of the improper conduct? Second, what is the current state of the compliance function? What sort of remediation efforts has the company made after learning about the conduct to ensure that similar conduct will not happen again?”

In this way, the Department looks not only at a company’s past conduct, but “we are also focused on the business’s health going forward,” Rosenstein said. That concept is reflected in the agency’s Foreign Corrupt Practices Act Corporate Enforcement Policy, which is designed to incentivize companies to promptly report misconduct, fully cooperate, as well as to enact effective remedial measures.

If a company discovers misconduct that occurred despite having in place an effective compliance program, the FCPA Corporate Enforcement Policy directs prosecutors “to consider whether the company subsequently analyzed the underlying cause of the problem,” Rosenstein said. “A company that properly manages its risk through a robust and appropriate compliance function—one that grows along with the company—will stay ahead of the curve.”

One of the key provisions in the FCPA Corporate Enforcement Policy is the “presumption” that the Department of Justice will resolve a company’s case through a declination where the company satisfies the standards of voluntary self-disclosure, full cooperation, and timely and appropriate remediation, absent aggravating circumstances. Some critics of this provision have argued, however, that a “presumption in favor of a declination” for eligible companies is not the same as a full declination. In response to this criticism, Rosenstein said, “it is true that a ‘presumption’ is not a guarantee or a promise. The reason for that is that we recognize that every case needs to be evaluated based upon its individual merit.”

“What we’ve done in this policy is not provide a guarantee, but provide guidelines and to be transparent about it,” Rosenstein added. Where things get tricky is that these are not legally enforceable guidelines. The Department has discretion in whether to prosecute or not to prosecute, “but what we want to do is provide some clear rules that govern our prosecutors and that also provide guidance to private bar and defense attorneys who are interacting with us,” he said.

New coordination policy

In his remarks, Rosenstein also spoke about a new Department policy announced on May 9 that encourages coordination internally and with other enforcement agencies when imposing multiple penalties for the same conduct. This policy is “designed to ensure fairness and promote consistency in our resolutions of corporate cases,” Rosenstein said.

“We seek to avoid what businesses often refer to as ‘piling on.’ We should discourage disproportionate and duplicative penalties imposed by multiple authorities,” Rosenstein said. “Our new policy discourages ‘piling on’ by instructing Department components to appropriately coordinate with one another, and with enforcement agencies throughout the United States and overseas, to attempt to seek an equitable outcome in joining parallel investigations of the same misconduct. We incorporated that policy into our U.S. Attorneys’ Manual, so that all federal prosecutors will be governed by it.”

Other policy changes could be on the horizon. “One of my goals for the Department is to improve upon the policies we have now and to eliminate policies that are not working,” Rosenstein said.

In his final remarks, when asked what companies can be doing better concerning compliance program effectiveness, Rosenstein said, “One of the most significant issues is the ongoing, continuing reminders. Often, companies will put into place a compliance program … but what kind of follow-up is there?” Companies have constant turnover, and so it’s critical that the compliance programs are regularly updated and that both new and current employees are properly and frequently trained.

Compliance and risk officers, when looking around the company, can probably figure out where there are vulnerabilities, Rosenstein said. “The best advice I can give is, stay vigilant,” he said. “Take that on as a proactive responsibility.”