DOJ Prioritizes Compliance; Boards of Directors Should Heed Warnings

In the early months of a new presidential administration, the nation and the world scramble to predict where the White House and federal agencies will focus their energy and attention. Thanks to recent talks given by two top U.S. Department of Justice (DOJ) officials, the business world, in-house counsel and white collar defense attorneys can confidently react and ensure that the officials' forewarning is addressed and remedial actions are taken.

Deputy Attorney General Lisa Monaco and Assistant Attorney General for the Criminal Division Kenneth Polite want companies to prioritize compliance. Their remarks¹ make clear that companies that do so will be rewarded (or at least escape harsh punishment). But those that don't could potentially face close scrutiny in the months and years ahead.

Robust compliance, ethics and training programs are key to preventing criminal conduct and to mitigating penalties and fines if bad behavior does occur. While it is axiomatic that a focus on compliance is paramount for the general counsel, the chief compliance officer and senior management, a company's board of directors should not pass the buck and expect management to do all the heavy lifting. In fact, company boards have received significant scrutiny — and sometimes punishment — when they fail to prioritize strong compliance.

A Look at Preventive Measures

Below are some positive, necessary steps company boards should take to ensure they are doing their duty in the compliance arena and avoiding pitfalls that have ensnared others.

• The board of directors must be involved in compliance efforts. One effective strategy is for the board to request information about the corporation's risk assessment processes, obtain a list of known risks and examine how the corporation's compliance plan addresses those risks. DOJ looks for a top-down approach. If the board and senior management don't take compliance seriously, it is less likely that a culture of compliance will flourish within an organization.
• Create a board committee to address compliance. A board compliance committee that regularly meets and monitors a corporation's compliance program demonstrates that the board and senior management care about compliance and dedicate necessary resources to the company's compliance efforts.
• Have compliance personnel report to the board of directors in an executive session without management's participation. There can be frankness concerns if compliance officers must give troubling news in front of their bosses. Work to ensure that the input and information the board receives is unvarnished and forthright.
• Establish protocols that require management to keep the board informed of compliance practices, risks and reports. Compliance information needs to flow up the chain of command so the board and senior management are aware of issues and take appropriate remedial action when compliance concerns arise.
• Document regular discussions of compliance at board meetings. If DOJ investigates your company, having minutes of compliance discussions at board meetings demonstrates that the board and senior management prioritize compliance.
• Conduct a "gap analysis" at regularly scheduled intervals. A gap analysis (also known as a compliance program audit) measures a corporation's existing compliance, ethics and training program against best practices and applicable local, state and federal regulations. The analysis uncovers gaps in the program and determines if remedial measures are needed.
• Implement and maintain whistleblower reporting options. Things such as anonymous reporting options, a company hotline and emphasizing that no retaliation over truthful whistleblowing will happen are important. Companies want truthful whistleblowers to report problems internally. This is far preferable to the whistleblower contacting the government, the media or filing a whistleblower lawsuit. As they say, knowledge is power. Companies are far more powerful when they learn of problems before the outside world does.
• Compile a list of third parties that your company refused to work with because they didn't meet your compliance requirements. This is a great way to show DOJ you have an effective compliance program. If DOJ analyzes your program because of alleged misconduct, it is important to prove that your program successfully spots red or yellow flags. Document how many business opportunities your corporation rejected because third parties did not meet your requirements.
• Monitor third parties who work with your company. Corporations are not off the hook because a third party with whom they contract engaged in misconduct. In fact, in the foreign corruption sphere, the majority of cases arise from misconduct by third parties. Keeping a close watch on third parties you work with is vital.

Conclusion

Polite highlighted in his remarks that "if you are proactive now, and you properly resource these [compliance] programs, and you give them the power to actually be independent, there will be significant rewards for your organization." The time is now for companies to heed his advice.

For specific questions about your organization's compliance program, please contact authors Michael Hantman or Gary Klubok.

Notes

¹ Deputy Attorney General Lisa Monaco, Corporate Crime Advisory Group and Initial Revisions to Corporate Criminal Enforcement Policies, U.S. Department of Justice Office of the Deputy Attorney General (Oct. 28, 2021); Jack Queen, "New DOJ Crime Chief Talks 'Carrot And Stick' Enforcement," Law360, Dec. 8, 2021.

Information contained in this alert is for the general education and knowledge of our readers. It is not designed to be, and should not be used as, the sole source of information when analyzing and resolving a legal problem, and it should not be substituted for legal advice, which relies on a specific factual analysis. Moreover, the laws of each jurisdiction are different and are constantly changing. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. If you have specific questions regarding a particular fact situation, we urge you to consult the authors of this publication, your Holland & Knight representative or other competent legal counsel.