In October, Deputy Attorney General (“DAG”) Lisa Monaco assured an audience of white collar defense counsel,“[C]ompanies serve their shareholders when they proactively put in place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, [the Department of Justice] will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.”[1]
This aspect of DAG Monaco’s speech drew little attention, as the Department of Justice (“DOJ”) has for decades sought to encourage four compliant behaviors in corporate actors: maintenance of an effective compliance program before the onset of government scrutiny (pre-existing compliance program), post-enforcement adoption of an effective compliance program, cooperation with a government investigation, and self-disclosure of misconduct. While DOJ’s public statements reflect a claimed commitment to all four, analysis of DOJ policy and resolved cases makes clear that as DOJ has increasingly prioritized and incentivized the latter three behaviors, the first—an effective pre-existing compliance program, the only one aimed towards stopping fraud before it occurs—has been cast aside in one of DOJ’s highest-profile enforcement areas: health care fraud.
DOJ Criminal Policy Rewards Pre-Existing Compliance Programs
In criminal prosecutions, both DOJ policy and the United States Sentencing Guidelines (“Sentencing Guidelines”) consider pre-existing compliance programs in determining whether a business entity should be prosecuted and the amount of a fine if a prosecution does occur. DOJ’s Criminal Division has hired compliance experts and enthusiastically publicized internal training aimed at improving prosecutors’ ability to evaluate corporate compliance programs. Even with those policies in place, practitioners and some scholars have argued that the existence of an effective compliance program should serve as an affirmative defense to charges of misconduct. For the health care industry, however, the civil False Claims Act (“FCA”) is DOJ’s primary enforcement tool, such that neither the foregoing DOJ Criminal Division policy nor the USSG apply. Instead, analysis suggests DOJ is failing to reward pre-existing compliance programs in FCA cases.
In a new article forthcoming in the Wisconsin Law Review, I analyze more than 300 DOJ FCA resolutions (Civil Settlement Agreements, or “CSAs”) with corporate health care defendants between early 2018 and August 2021, finding that none of the CSAs nor associated DOJ press releases made positive reference to a defendant’s pre-existing compliance program or noted that the defendant had been allowed to pay a reduced settlement amount based on its pre-existing compliance program. The absence is particularly notable as recent press releases have increasingly identified instances in which the other three compliant behaviors purportedly led to reduced settlement multipliers—something which DOJ had largely failed to do until recently, as detailed in my earlier work (on this blog and in the Utah Law Review), which analyzed FCA resolution data and raised substantial questions about the quantum of credit given for cooperation, among other things.
DOJ’s FCA Guidance Does Not Include Rewards for Pre-Existing Compliance Programs
The apparent failure to reward pre-existing compliance programs in FCA cases is not entirely surprising, however, when examining DOJ’s civil policies as compared to the criminal policies which explicitly call for potentially reduced sanctions based on an entity’s pre-existing compliance program.
In criminal cases, the Sentencing Guidelines include a potential reduction for maintenance of an effective pre-existing compliance program, and DOJ’s Justice Manual, through the Principles of Federal Prosecution of Business Organizations (“Corporate Prosecution Principles”), requires criminal prosecutors to consider “the adequacy and effectiveness of the corporation’s compliance program at the time of the offense, as well as at the time of the charging decision.”[2] (emphasis added). The Justice Manual goes on to provide further details about the compliance program factor, making clear that the existence of an effective pre-existing compliance program does not automatically create a defense to criminal liability, but that it “may result in a decision to charge only the corporation’s employees and agents or to mitigate charges or sanctions against the corporation.”[3]
There is no civil equivalent to the Sentencing Guidelines, however, and DOJ’s Corporate Prosecution Principles apply only to criminal cases. There had thus been no guidance about the impact of compliant behaviors in civil cases until May 2019, when DOJ issued “Guidelines for Taking Disclosure, Cooperation, and Remediation into account in False Claims Act Matters” (“2019 FCA Guidance”). While the 2019 FCA Guidance largely mirrors the Corporate Prosecution Principles, there are a few notable exceptions. Of the four compliance behaviors, all four have long been listed in the Corporate Prosecution Principles as “Factors to be Considered” in “reaching a decision as to the proper treatment of a corporate target.” As detailed in Chart 1, however, only three appear in the 2019 FCA Guidance as a basis for reduction in the FCA multiplier, with pre-existing compliance programs notably absent.
Chart 1
| Compliant Behavior | Corporate Prosecution Principles (Criminal)[4] | 2019 FCA Guidance (Civil)[5] |
| Effective pre-existing compliance program | “5. the adequacy and effectiveness of the corporation’s compliance program at the time of the offense…”[6] | [No multiplier benefit listed.] |
| Post-enforcement adoption of an effective compliance program | “7. the corporation’s remedial actions, including but not limited to, any efforts to implement an adequate and effective corporate compliance program or to improve an existing one…”[7] | “Department attorneys will [] consider whether an entity has taken appropriate remedial actions in response to the FCA violation. Such remedial actions may include … implementing or improving an effective compliance program designed to ensure the misconduct or similar problem does not occur again.”[8] |
| Cooperation with a government investigation | “4. the corporation’s willingness to cooperate, including as to potential wrongdoing by its agents”[9] | “an [] entity can earn credit by taking steps to cooperate with an ongoing government investigation”[10] |
| Self-disclosure of misconduct | “6. the corporation’s timely and voluntary disclosure of wrongdoing”[11] | “Entities [] that make proactive, timely, and voluntary self-disclosure to the Department about misconduct will receive credit during the resolution of a FCA case.”[12] |
The 2019 FCA Guidance treats effective pre-existing compliance programs differently from the other three compliant behaviors. It is not listed as a basis for obtaining a reduced multiplier or even included in the body of the guidance. Instead, a footnote attached to the section announcing a benefit for post-enforcement adoption of an effective compliance program notes, “[T]he Department may take into account the prior existence of a compliance program in evaluating a defendant’s liability under the False Claims Act. For example, the Department may consider the nature and effectiveness of such a compliance program in evaluating whether any violation of law was committed knowingly.”[13] More significant than its placement in a footnote is the form of the potential benefit. Unlike the other three compliant behaviors, under the 2019 FCA Guidance a pre-existing compliance program is not listed as a basis for a reduced multiplier.
Lack of Internal Expertise May Explain DOJ’s Failure to Reward Compliance
DOJ has not offered a rationale for the difference. The difference is, however, consistent with my analysis of FCA settlements which appears to show that DOJ is not rewarding pre-existing compliance programs with reduced multipliers. There are a few possible explanations for DOJ’s failure to call out and reward any pre-existing compliance programs in the more than 300 CSAs reviewed for purposes of the analysis. First, it is possible that DOJ actually is rewarding pre-existing compliance programs, and the issue is solely one of transparency. Given DOJ’s willingness to identify other compliant behaviors and note their impact, however, there is reason to be skeptical of this possibility. Second, it may be that DOJ has taken the position that none of the more than 300 organizations had in place effective compliance programs—essentially, that the organizations must not have had effective compliance programs in place or the misconduct would not have occurred. Such a position would represent a failure to understand the realities of compliance within large organizations, despite DOJ statements recognizing that even an ideal compliance program will not necessarily stop all misconduct. The Corporate Prosecution Principles acknowledge that fact explicitly, stating, “[T]he Department recognizes that no compliance program can ever prevent all criminal activity by a corporation’s employees.”[14]
The most likely explanation may be that DOJ currently lacks the internal expertise necessary to confidently pass judgment on complex corporate compliance programs. Even the most experienced health care prosecutors are not compliance experts by virtue of that work, and many corporate health care cases are not handled by DOJ attorneys who specialize in corporate health care matters. And testing compliance is a significant challenge even for experts, as noted by Brandon Garrett and Greg Mitchell.
In his recent post on this blog, Garrett suggests the new DOJ Administration “may provide an opportunity to rethink matters” in terms of measuring compliance. When it comes to health care enforcement specifically, there is even more rethinking to be done. With the 2019 FCA Guidance still fresh, DOJ can make clear its desire to bring civil enforcement in line with criminal enforcement and reward pre-existing compliance programs in FCA cases through reduced sanctions. Given the large numbers of health care FCA resolutions, DOJ will also likely need to bring on additional resources to conduct the necessary analyses. In the context of DOJ’s multi-billion dollar annual FCA recoveries, however, such resource investments would be minimal, and would pay substantial dividends through incentivizing compliance and improving the health care industry’s views of the legitimacy of DOJ’s enforcement regime.
Footnotes
[1] Lisa O. Monaco, Deputy Att’y Gen, Dep’t of Just., Remarks to American Bar Association’s 36th National Institute on White Collar Crime (Oct. 28, 2021).
[2] Justice Manual § 9-28.500.
[3] Justice Manual § 9-28.800(B).
[4] All of the numbered sections in this column are listed among “Factors to be Considered” in “reaching a decision as to the proper treatment of a corporate target.” Justice Manual, § 9-28.300.
[5] All of the references in this column are listed among bases for earning credit, most often in the form of “reducing the penalties or damages multiple sought by the Department.” Justice Manual § 4-4.112 (2019).
[6] Justice Manual §§ 9-28.300, 9-28.800.
[7] Justice Manual §§ 9-28.300, 9-28.1000.
[8] Justice Manual § 4-4.112 (2019).
[9] Justice Manual §§ 9-28.300, 9-28.700.
[10] Justice Manual § 4-4.112 (2019).
[11] Justice Manual §§ 9-28.300, 9-28.900.
[12] Justice Manual § 4-4.112 (2019).
[13] Justice Manual § 4-4.112, FN 1 (2019).
[14] Justice Manual § 9-28.800 (2019).
Jacob T. Elberg is an Associate Professor of Law and the Associate Director of the Center for Health and Pharmaceutical Law and Policy at Seton Hall Law School. Before joining the faculty of Seton Hall, he served for 11 years with the Department of Justice, leading one of the largest and most impactful health care fraud units in the country. This post is based on his recent article, “Neither Carrots nor Sticks: DOJ’s Unfulfilled Commitment to Corporate Health Care Compliance,” forthcoming in the Wisconsin Law Review.
Disclaimer
The views, opinions and positions expressed within all posts are those of the authors alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the authors and any liability with regards to infringement of intellectual property rights remains with them.