by Brian R. Michael, Christine Y. Wong, Brian K. Kidd, and Nathaniel R. Mendell
Speaking at a Compliance Week event on May 17, 2022, Assistant Attorney General (“AAG”) Kenneth Polite reaffirmed that companies that “take compliance seriously” can expect a reduced likelihood that investigators will impose a compliance monitorship. Notably, Polite—himself a former Chief Compliance Officer (“CCO”)—told the audience that CCOs should have a “prominent role” in meetings with investigators, and that CCOs should have “true independence, authority, and stature,” with significant access and resources within the company. Polite cited several examples of actions companies can take to effectively demonstrate a commitment to compliance:
- Develop and maintain a strong compliance program.
- Compile a demonstrated track record of compliance program effectiveness.
- Choose a knowledgeable and impressive CCO.
- Give the CCO access and stature within the business.
- Put compliance officers front and center in presentations to DOJ
Polite’s remarks were his latest in a series of public statements emphasizing that the Department of Justice (“DOJ” or “Department”) scrutinizes not just the structure of compliance programs, but also leadership, resources, and performance when deciding whether to impose a monitor.
Key Takeaways
- Experienced CCOs who demonstrate knowledge and ownership of a company’s compliance program will play a pivotal role in DOJ’s decision whether or not to impose a monitorship.
- Compliance programs should be structured, supported, and promoted in a way that meaningfully influences company culture.
- DOJ will give significant credit where a company has documented when and how its compliance program effectively detected and prevented violations.
- Outside counsel with relevant compliance and enforcement experience can provide valuable assistance to companies in crafting and enhancing successful compliance programs and preparing CCOs for a more prominent role in meetings with investigators.
Background
Since taking office, Polite has repeatedly stressed the importance of compliance programs in addressing and preventing crime. Drawing on his own experience as a CCO, he has explained that the Criminal Division will “closely evaluate corporate compliance programs during [its] corporate investigations” and “give significant credit to companies that build strong controls to detect and prevent misconduct.”[1]
In practical terms, Polite’s comments expand the three-pronged analysis typically applied by DOJ in evaluating compliance:
First, DOJ has traditionally looked at whether a company’s compliance program is well designed. Prosecutors determine whether the program addresses key risk areas that match the company’s specific risk profile; whether compliance policies and procedures are well understood within the company; and whether the company’s training, investigations, and confidential reporting practices are suited to meet those challenges.[2]
Second, DOJ evaluates whether a compliance program is sufficiently supported by its organization. Prosecutors review the qualifications and expertise of key compliance personnel, determine the level of access compliance officers have to relevant data within the business, and the extent to which compliance is promoted as a resource and given sufficient stature within the company.[3]
Third, DOJ reviews how the compliance program functions in the business. As Polite explained, DOJ wants to “see evidence that the compliance program is working in practice.” To be effective “in practice,” a compliance program should include continuous testing of its effectiveness, periodic updates and improvements based on test results and business activity, and evidence that the program allows the company to identify compliance gaps or violations and address root problems. A compliance program with these characteristics will provide what Polite said DOJ expects: “to see examples of compliance success stories.”[4]
AAG Polite’s Comments at Compliance Week
During his May 17, 2022, speech, Polite reiterated the oft-stated message of the Department that companies have a choice: support compliance programs now or pay later.[5]
Polite noted that too often compliance functions “are labeled as cost centers not contributing to the bottom line” and are frequently not given the tools and resources they need for the job. His message was that companies should turn this view on its head because organizations that do not invest in compliance proactively face a significantly greater risk of prosecution, while companies that do invest in compliance “will be viewed in a better light by the Department of Justice and by my Criminal Division.”[6]
A key component to making serious investments in compliance, Polite noted, is that “Chief Compliance Officers should have true independence, authority, and stature within their organizations.” To make his point, Polite recounted a recent meeting between a company and federal investigators who were trying to decide whether to charge the corporation with criminal offenses (often referred to as a “Filip Factors” presentation). During the presentation, an investigator posed a question directly to the company CCO, but a general counsel answered instead. Polite said, “[t]hat single act gave me all the information that I needed,” because it “demonstrated that—literally and figuratively—that chief compliance officer had no voice in that organization.”[7]
Polite said he would “like to see the Chief Compliance Officer taking a prominent role” in presentations to DOJ, adding that when a CCO leads the compliance portion of the presentation, he or she thereby demonstrates knowledge and ownership of the compliance program, and that this would be viewed favorably by his Department.[8]
Polite also said that he wants to learn about compliance wins: “I want to hear your compliance success stories: the transactions that were rejected due to the compliance risk, positive trends in your whistleblower reporting, and the partnerships that have developed between compliance officers and your business functions.” In other words, the Criminal Division is “interested in how a company measures and tests its culture and how it uses the data from that testing to embed and continuously improve its ethical culture.”[9]
As part of his push for increased CCO input, Polite called attention to the Department’s new consideration that CCOs be required to certify that the company’s compliance program is reasonably designed and implemented to help detect and prevent violations of the law at the end of the term of an agreement. But “this additional certification is not intended to be punitive; it is a new tool in your arsenal to help combat those challenges,” he said. “It’s the type of resource compliance officials, including myself, have wanted for some time because it makes clear you should have and must have appropriate stature in corporate decision-making. It is intended to empower our compliance professionals to have the data, access, and voice within those organizations to ensure them and the Department that the company has an ethical and compliance-focused program.”[10]
A company’s investments in compliance, Polite said, would also pay dividends in reducing the chances of a compliance monitorship being imposed,[11] where a company’s efforts to eliminate misconduct and establish effective ethics and compliance programs are kept under close watch.
The Bottom Line
The AAG’s remarks provide several clear signals, drawing on his own experience as a CCO to reaffirm the importance of strong and effective compliance leadership:
- The Department’s decision to impose a monitorship on a company depends heavily on the role of the CCO, and Polite has provided his ideal CCO profile: impressive and informed, empowered with resources and access, and active in meetings with DOJ
investigators. A CCO who fits this profile has the ability to positively influence investigators. - Compliance programs must meet a long and diverse list of goals. They not only need to be specifically tailored to company-specific risks, they also need to provide training to employees, management, and third parties on those company-specific risks. They need to create, test, and improve internal processes for reporting and investigating violations. And they should be staffed with qualified and experienced personnel who have adequate lines of communication to company leadership and who are promoted internally.
- Finally, DOJ expects a company’s compliance program to generate a proven track record of rejected transactions, rewards for positive behavior, and productive partnerships between compliance officers and business leaders.
The bottom line: Compliance programs must satisfy a wider range of company-specific needs, and the role and significance of the CCO has continued to grow, to now include serving not only as a representative, but also the primary spokesperson for the company’s compliance program. As a result, proactive success in compliance is as important as ever, and advice from outside counsel with broad experience in compliance and enforcement can be critical to achieving it.
Footnotes:
[1] https://www.justice.gov/opa/speech/assistant-attorney-general-kenneth-polite-jr-delivers-remarks-nyu-law-s-program-corporate
[2] https://www.justice.gov/opa/speech/assistant-attorney-general-kenneth-polite-jr-delivers-remarks-nyu-law-s-program-corporate
[3] https://www.justice.gov/opa/speech/assistant-attorney-general-kenneth-polite-jr-delivers-remarks-nyu-law-s-program-corporate
[4] https://www.justice.gov/opa/speech/assistant-attorney-general-kenneth-polite-jr-delivers-remarks-nyu-law-s-program-corporate
[5] https://www.justice.gov/opa/speech/assistant-attorney-general-kenneth-polite-jr-delivers-remarks-nyu-law-s-program-corporate; https://www.justice.gov/opa/speech/assistant-attorney-general-kenneth-polite-jr-delivers-remarks-acams-2022-hollywood
[6] DOJ’s Kenneth Polite to CCOs: Tell me your compliance success stories | Article | Compliance Week
[7] https://news.bloomberglaw.com/us-law-week/doj-wants-companies-to-let-compliance-chiefs-do-the-talking
[8] DOJ’s Kenneth Polite to CCOs: Tell me your compliance success stories | Article | Compliance Week
[9] DOJ’s Kenneth Polite to CCOs: Tell me your compliance success stories | Article | Compliance Week
[10] DOJ’s Kenneth Polite to CCOs: Tell me your compliance success stories | Article | Compliance Week
[11] DOJ’s Kenneth Polite to CCOs: Tell me your compliance success stories | Article | Compliance Week
Brian R. Michael, Christine Y. Wong, Brian K. Kidd, and Nathaniel R. Mendell are partners at Morrison & Foerster LLP.
The views, opinions and positions expressed within all posts are those of the authors alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the authors and any liability with regards to infringement of intellectual property rights remains with them.