Rules Navigator

DOJ clarifies its CEP with a focus on self-reporting and compliance monitors

Image of the Department of Justice Headquarters.
Photo: J. David Ake/Getty Images

Julie DiMauro

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

A company can expect a declination when it voluntarily discloses corporate misconduct, cooperates, and remediates violations.

Earlier this week, Matthew Galeotti, head of the US Justice Department’s (DOJ’s) criminal division, said that a company can expect to receive a declination to prosecute when it voluntarily discloses potential corporate misconduct to prosecutors, cooperates with a probe and remediates violations.

And he went into further detail about how this works given such things as imperfect self-reporting and aggravating circumstances, and offered more detail on the limited instances in which a compliance monitor would be imposed as part of the company’s resolution of a case with the DOJ.

White-collar crime focus

Reiterating previous statements made by the DOJ, Galeotti stressed the types of crimes that his agency is focused on: the activities of cartels and transnational criminal organizations (TCOs) that enable international money laundering activity and other illicit financial flows. These activities have been specifically targeted, he said, because they undermine US national security by facilitating sanctions evasion by hostile jurisdictions and terror regimes.

The Trump DOJ’s revised Corporate Enforcement Policy (CEP) reflects this focus and has been adjusted to reflect an agency concerned for businesses and the cost to them when it comes to long-running investigations and the uncertainty around the decision of whether it’s more costly or beneficial for them to self-report misconduct.

“In short, if companies continue to assume that the Department will be quick and heavy-handed with the stick, and stingy with the carrot, the system will continue to generate lengthy drawn-out investigations that are ultimately detrimental to companies and the Department,” he said. He stressed that companies hold the key information the government needs for its investigation work and that the agency is there to prosecute criminals, and not law-abiding businesses.

Self-disclosure yields the biggest benefits

Self-disclosure is key to receiving the most generous benefits the Criminal Division can offer, Galeotti said.

Under the new CEP – which comes with an easy-to-follow flow chart – companies that voluntarily self-disclose and meet other criteria will receive a declination, not just a presumption of a declination. More precisely, those companies that meet the DOJ’s core requirements (voluntarily self-disclose to the Criminal Division, fully cooperate, timely and appropriately remediate, with no aggravating circumstances present) will not be required to enter into a criminal resolution process.

Imperfect self-reporting

The changes aim to provide enhanced clarity and benefits for companies who self-disclose in good faith, but either not quickly enough or after (unbeknownst to them) the DOJ has already become aware of the misconduct. The CEP revisions put an end to the guessing game companies previously faced, he said, by making it clear that those companies are still eligible to receive significant benefits.

Specifically, they can get an NPA with a term of fewer than three years, 75% reduction of the criminal fine, and no monitor.

Aggravating factors

Businesses that are facing misconduct that involves aggravating circumstances may still be eligible for a CEP declination based on the weighing of the severity of those aggravating circumstances and the company’s cooperation and remediation.

The Criminal Division will ensure that monitor’s costs are proportionate with the underlying criminal conduct, the company’s profits, and the company’s size and risk profile.

But the key here is self-disclosure. Where a company does not self-disclose, it will not receive these benefits, Galeotti stressed. But even in the absence of self-reporting, Criminal Division prosecutors will still have discretion to recommend a resolution of any form, with a three-year term, monitor and up to a 50% reduction in the fine, where the other two mitigating factors are present.

Revisions to monitor selection policy

Galeotti said that, in short, “the value monitors add is often outweighed by the costs they impose, so you can expect to see fewer of them going forward.”

For pre-existing monitorships, DOJ is reviewing each one in an effort to narrow their scope or, where appropriate, terminate a monitorship altogether, based on a review of all the circumstances of the case.

In certain situations, Galeotti said, a monitor is appropriate, but businesses deserve to have more direction on the factors prosecutors will consider in deciding to impose one and that these should showcase the DOJ’s commitment to keeping the monitor’s scope narrow.

The factors prosecutors will consider are:

  • The nature and seriousness of the conduct and the risk that it will happen again. In analyzing the nature and seriousness of the conduct, the Department will focus chiefly on harms to Americans and American business.
  • The availability of other effective independent government oversight, i.e., regulatory oversight.
  • The efficacy of the company’s compliance program and culture of compliance at the time of resolution.
  • The maturity of the company’s controls and ability of the company to test and update its compliance program.

Galeotti added that the Criminal Division will ensure that monitor’s costs are proportionate to the underlying criminal conduct, the company’s profits, and the company’s size and risk profile.

Implications for compliance teams

As Galeotti says in his concluding remarks, the benefits of self-reporting and cooperating have never been clearer.

This updated approach signals a heightened need for businesses to have in place risk management processes for legal risk, corporate compliance programs, along with their related controls and testing procedures.

DOJ is encouraging companies to voluntarily disclose misconduct, but firms can only do this if they have set up effective compliance control monitoring and mechanisms that provide for its early detection.

And this in turn requires effective technology solutions, trained employees who know how to use them to adequately supervise their direct reports, as well as risk and audit functions that can better ascertain risk levels that require more robust monitoring or intervention as circumstances change.

And, of course, robust monitoring is not enough if the ultimate objective is self-reporting. Expectations for escalating incidents of non-compliance to supervisors that are adhered to by staff are criticla as is ensuring that people tasked with supervisory functions appreciate their oversight and prompt reporting responsibilities when such escalation takes place.

And finally, it is imperative for compliance teams to prioritize testing the effectiveness of their controls and also to ensure that employees understand their obligations with respect to business conduct. Having a speak-up culture of course never hurts either. 

, , , , , ,

You may also like