The Department of Justice (DOJ) announced changes to its evaluation procedures for corporate compliance programs in criminal investigations, including monitoring off-channel and cursory messaging by employees, executive compensation programs, and how the agency selects compliance monitors.
On Friday, the DOJ unveiled its revised Evaluation of Corporate Compliance Programs (ECCP) policy, which Assistant Attorney General Kenneth Polite Jr. said in a speech will consider for the first time in its evaluation “a corporation’s approach to the use of personal devices as well as various communications platforms and messaging applications, including those offering ephemeral messaging.”
“[W]e will consider how policies governing these messaging applications should be tailored to the corporation’s risk profile and specific business needs and ensure that, as appropriate, business-related electronic data and communications can be preserved and accessed,” Polite said. “Our prosecutors will also consider how companies communicate the policies to employees and whether they enforce them on a consistent basis.”
The ECCP said prosecutors will consider three factors when evaluating how a company monitors the use of messaging applications by its employees. First, prosecutors will want to understand what electronic communication channels employees are allowed to use to conduct business and how the firm manages and preserves those communications.
Then, prosecutors will want to understand the policies and procedures the company has in place to preserve relevant business communications by employees, whether on company devices or on employees’ personal devices on which they conduct company business.
Lastly, prosecutors will want to understand what the consequences are for an employee who fails to use the proper electronic communication tools or refuses to allow the company to access their device to review relevant communications.
“How does the organization manage security and exercise control over the communication channels used to conduct the organization’s affairs?” the ECCP asked.
Polite said during an investigation, if a company has not produced employee communications from third-party messaging applications, prosecutors will “ask about the company’s ability to access such communications, whether they are stored on corporate devices or servers, as well as applicable privacy and local laws, among other things.”
“A company’s answers—or lack of answers—may very well affect the offer it receives to resolve criminal liability. So, when crisis hits, let this be top of mind,” he added.
On Friday, the DOJ also unveiled its pilot program regarding compensation incentives and clawbacks, which will last for three years. On Thursday, Deputy Attorney General Lisa Monaco announced the DOJ’s new compensation and clawback policies for corporate settlements.
The DOJ’s compensation and clawback pilot program will require a company entering into a criminal settlement “implement criteria related to compliance in its compensation and bonus system” that should include:
- A “prohibition on bonuses for employees who do not satisfy compliance performance requirements”;
- “Disciplinary measures for employees who violate applicable law and others who both (a) had supervisory authority over the employee(s) or business area engaged in the misconduct and (b) knew of, or were willfully blind to, the misconduct”; and
- Incentives for employees who “demonstrate full commitment to compliance processes.”
The pilot program will allow companies to reduce fines by the full amount of the compensation they can successfully claw back from employees who participated in the misconduct under investigation. Even if unsuccessful in clawing back all the compensation demanded, companies can still receive a fine reduction of up to 25 percent of the total compensation it attempted to claw back.
The DOJ also unveiled a revised policy on the selection of compliance monitors in criminal matters.
The revised policy clarifies four areas.
- Prosecutors should consider nonexhaustive factors when assessing the need for, and potential benefits of, a monitor, including whether the company implemented an effective compliance program, tested that program’s effectiveness, improved inadequate internal controls exploited to facilitate criminal conduct, and whether the risk of similar misconduct continues to exist;
- Many of the conflict-of-interest obligations required to be met by monitors will also apply to monitor teams, in addition to the titular monitors;
- Monitor selections are and will be made in keeping with the department’s commitment to diversity, equity, and inclusion; and
- The cooling off period for monitors is now not less than three years, rather than two years, from the date of the termination of the monitorship.
“In requiring new compliance-related criteria, our prosecutors will use their discretion to craft appropriate requirements based on the particular facts and circumstances, including applicable law,” Polite said. “Our goal is to ensure that the company uses compliance-related criteria to reward ethical behavior and punish and deter misconduct.”