Deputy Attorney General Lisa Monaco Releases New Guidance on Corporate Criminal Enforcement

On September 15, 2022, Deputy Attorney General Lisa Monaco (DAG Monaco) released a memorandum (the “Monaco Memo”), accompanied by a speech at NYU’s Program on Corporate Compliance and Enforcement. The memorandum and accompanying speech provide important new details based on the work of the Department’s newly formed Corporate Crime Advisory Group regarding matters of individual accountability in corporate criminal enforcement, various corporate enforcement factors (consideration of historical corporate misconduct, the role of voluntary self-disclosure, how corporate cooperation is evaluated, the significance of compensation and electronic device policies when assessing a company’s compliance program), and the use of independent compliance monitors.

This Alert summarizes the key policy changes announced in the recently released memorandum and highlights several areas where DOJ promises more developments.

Key Takeaways

• The Monaco Memo sets an expectation that companies will timely identify to prosecutors those individuals (and their related information) connected with corporate misconduct to receive cooperation credit and that prosecutors should try to resolve individual investigations prior to entering a corporate resolution. This essentially reverts DOJ back to the policy of the Yates Memo, which requires companies to identify all individuals, regardless of the significance of their conduct, who were potentially connected to the alleged criminal conduct. This new policy could require companies to produce information before internal investigations have been completed. Decisions about what to produce and when often are complex, and this emphasis on “moving faster” will likely accelerate the pace of investigations involving individuals and could force companies to make decisions about connections to criminal conduct without the benefit of a fully developed factual record.
• Corporations now have some guidance on how prosecutors will potentially assess historical misconduct when making investigation and resolution decisions, including a rule of thumb that civil and regulatory issues older than five years and criminal issues older than 10 years “should generally be accorded less weight ….” The memo also sets out a possible path for companies to acquire companies with histories of misconduct without being saddled with that history. Provided certain conditions are met, the acquired company’s historical misconduct “should receive less weight ….”
• Voluntary self-disclosure of misconduct is stated to be “the clearest path for a company to avoid a guilty plea or an indictment,” and all components of the Department are directed to develop policies around voluntary self-disclosure, including guidance on how to allow companies that voluntarily self-disclose to help avoid the imposition of a monitor.
• The Monaco Memo instructs prosecutors to consider whether a company has structured its compensation to provide financial penalties (like clawbacks for misconduct) and incentives (compensation for pro-compliance conduct) in assessing the quality of the company’s compliance program, which evaluation can affect the terms of resolution, including the imposition of a compliance monitor. This is the most formal articulation by DOJ of such a principle to date and presents thorny labor and employment-related issues. Depending on how DOJ applies this policy, it will also create novel potential conflict issues for executives at corporations trying to resolve the terms of investigations and resolutions.
• Compliance monitors received substantial attention in DAG Monaco’s remarks and memorandum. The memorandum includes a set of multi-factor criteria to aid prosecutors in determining whether a monitor is required. As well, all components of the Department have been instructed to develop policies on the selection of monitors, and prosecutors have been instructed to ensure that they maintain proper oversight of monitors after they are imposed, including for issues like cost and focus.

New Guidance on Individual Accountability

In an October 2021 memorandum (the “October 2021 Memo”) and accompanying remarks, the Deputy Attorney General rescinded DOJ guidance issued by then-DAG Rosenstein allowing companies to receive full cooperation credit in exchange for providing non-privileged information only on individuals “substantially involved” in the misconduct at issue. The October 2021 Memo restored the so-called Yates guidance requiring the disclosure of non-privileged information pertaining to all individuals potentially connected with the misconduct, regardless of whether their involvement was substantial or not.

The new guidance also emphasizes the need for corporations to produce information related to all involved individuals on a timely basis to receive cooperation credit. In her accompanying remarks, the Deputy Attorney General stressed the Department’s observation that companies and counsel sometimes will strategically delay the release of information pertaining to certain individuals and that such conduct was inconsistent with Department prioritization of individual accountability — “[i]f a cooperating company discovers hot documents or evidence, its first reaction should be to notify the prosecutors.”

DAG Monaco’s memorandum also seeks to align the timing of enforcement against involved individuals and corporations by instructing prosecutors to seek to complete investigations of individuals by or before their entry into a resolution with the corporation. And, in instances where that timing is infeasible, prosecutors are instructed to accompany the corporate resolution with a written statement describing the status of the individual investigations, what work remains, and what the “investigative plan” is to bring the individual investigations to resolution.

New Guidance on Corporate Accountability

DAG Monaco also offers important guidance on several topics related to corporate accountability. First, in her October 2021 Memo, the DAG enacted a change to Justice Manual 9-28.600 such that prosecutors were instructed to consider a company’s complete history of prior misconduct — criminal, civil and regulatory — when evaluating whether to bring a case or resolve an investigation. This change elicited loud feedback from various constituencies, including the corporate defense bar, due to the lack of specificity around how that history should be evaluated, which in turn caused Department officials to promise that further details would be provided in the coming months;¹ those details have now arrived.

The new guidance recognizes that “[n]ot all instances of prior misconduct, however, are equally relevant or probative.” It generally instructs prosecutors to consider the complete context around the company’s misconduct history. Among the factors to be considered are whether the historical misconduct is related to the current misconduct, the span of time between the historical misconduct and the current misconduct, whether the same management or executive team was in place in both instances, and whether the misconduct took place in a highly regulated industry (in which case benchmarking against peers is important).

Considering this, the memorandum offers, as a rule of thumb, that criminal conduct more than 10 years old and civil or regulatory misconduct more than five years old should generally hold less weight. At the same time, it also emphasizes that “[m]ultiple non-prosecution or deferred prosecution agreements are generally disfavored, especially where the matters at issue involve similar types of misconduct; the same personnel, officers or executives; or the same entities” and notes procedural requirements that must be met (written approval from the responsible U.S. Attorney or Assistant Attorney General and written notice to the Office of the Deputy Attorney General) before a prosecutor may offer a resolution that would result in multiple non-prosecution or deferred prosecution agreements for a corporation (including its affiliated entities).

In an interesting additional point, perhaps responsive to industry feedback gathered by the Corporate Crime Advisory Group, the Monaco Memo also clarifies that an acquiring company will not be significantly impaired by the historical misconduct of an acquired company so long as the acquired company was integrated into the acquirer’s “well-designed compliance program” and the root cause of the acquired company’s misconduct was addressed and remediated before the conduct under current investigation occurred. These principles of course will foster debate in application in future cases, and the resolution of those debates will be of substantial interest to market actors involved in acquisitions and divestitures. How these rules will apply to other situations — for example, joint ventures — remains to be seen.

Second, DAG Monaco offers additional guidance concerning voluntary self-disclosure. In her remarks, Deputy Attorney General Monaco stated that: “the clearest path for a company to avoid a guilty plea or an indictment is voluntary self-disclosure.” However, while many components of the Department already have policies regarding the treatment of corporations that voluntarily disclose their misconduct, others do not. To that end, the memorandum requires all components of the Department to establish corporate voluntary self-disclosure policies. Among the key principles to which these policies must adhere are: (1) voluntary self-disclosure will generally allow the company to avoid a guilty plea absent a severe aggravating factor;² and (2) voluntary self-disclosure plus a demonstration of an implemented and tested “effective compliance program” will generally allow the company to avoid the imposition of a compliance monitor.

Third, DAG Monaco’s memorandum spends time developing two key factors that prosecutors are instructed to consider in evaluating the effectiveness of a company’s compliance program (which will in turn influence the terms of the resolution that is imposed, including whether a compliance monitor is required). It first emphasizes that companies must use financial penalties and incentives to effect compliance. With respect to penalties, the memorandum encourages the use of compensation clawback provisions and escrowing of compensation in employment agreements to address instances of putative officer and employee misconduct. To properly incentivize individuals to engage in pro-compliance conduct, the memo suggests the use of compliance metrics and benchmarks in compensation calculations and the use of performance reviews that measure and reward pro-compliance behavior. Importantly, such programs must not exist merely on paper: the Monaco Memo instructs prosecutors to assess whether, in fact, clawback measures were effected in the wake of the identified misconduct, not merely whether the policies exist. By both having such policies and acting on them, “the interests of the C-suite [are aligned] with the interests of the compliance department [which] can greatly amplify a corporation’s overall level of compliance.”

The Monaco Memo also notes that personal devices and third-party messaging apps, many of which feature transient / non-permanent communication features, are proliferating within corporations. To that end, prosecutors are instructed to assess compliance programs to determine their handling of such technology and their ability to preserve information on them for purposes of production during investigation. While the topic is currently under study by the Criminal Division, the memorandum offers preliminary guidance for specific features to look for, including: (1) clear policies; (2) enforcement of those policies; and (3) training.

Fourth, the Monaco Memo discusses a specific scenario related to determining whether a company under investigation may receive cooperation credit. The memorandum notes that “[c]ompanies seeking credit for cooperation must timely preserve, collect, and disclose relevant documents located both within the United States and overseas.” The memorandum acknowledges that foreign data privacy laws may serve as an impediment to the timely provision of information relevant to an investigation. But, “[i]n such cases, the cooperating corporation bears the burden” of both explaining the impediment and demonstrating its reasonable alternative efforts to produce the evidence on a timely basis. And it cautions that, while demonstration of such efforts may be a basis for receiving cooperation credit, inappropriate use of foreign data privacy laws as a “shield” against disclosure may support an adverse inference. The guidance does not explain what factors will distinguish appropriate and inappropriate adherence by market actors to foreign data privacy laws.

Corporate Compliance Monitors

With her October 2021 Memo and accompanying remarks, DAG Monaco sought to rescind or modify any Department guidance that could be construed as suggesting that corporate monitors might be a disfavored tool for use in resolutions. And she promised that, through the work of the Corporate Crime Advisory Group, additional guidance would be forthcoming concerning monitors, including how to effectively select them. The newly released Monaco Memo offers guidance to prosecutors concerning three key aspects of corporate compliance monitors: (1) when to impose them; (2) how to select them; and (3) how to oversee them.

Regarding the decision for when to impose a monitor, the Monaco Memo provides a “non-exhaustive” 10-factor set of criteria for prosecutors to consider. These factors are wide-ranging and cover things like whether the corporation’s “risk profile has substantially changed” at the time of resolution (to decrease the likelihood of recurrence), whether the corporation’s compliance program and internal controls have been adequately tested by the time of resolution, and whether compliance personnel were implicated, directly or through inaction, in the underlying misconduct.

Regarding the monitor selection process, Deputy Attorney General Monaco emphasizes the need for “consistent and transparent procedures[,]” which, to the extent any Department components currently lacks, she has instructed them to develop or adopt from an existing set by the end of the year. Among the general principles she expects to be enshrined in these procedures are: (1) selection of monitor by committee (ad hoc or standing) within the office where the case originated, with the committee containing at least one ethics or professional responsibility member to ensure no conflicts of interest are present and to document the same; (2) upholding the Department’s commitment to diversity and inclusion; (3) notification to relevant Department authorities concerning the decision to impose or not impose a monitor and, where a monitor is imposed, memorialization in the resolution agreement of the reasoning for using a monitor.

Finally, regarding oversight of monitors, the Deputy Attorney General in her remarks acknowledged that “[w]e at the Department of Justice are not regulators, nor do we aspire to be. But where we impose a monitor, we recognize our obligations to stay involved and monitor the monitor.” To that end, the DOJ will now ask prosecutors to engage in various ongoing oversight activities, including ensuring the monitor has developed an effective workplan, remaining apprised of monitor activities through regular communications and updates, and reviewing the monitor’s work to ensure it is reasonable (including related to cost and focus). The Monaco Memo also emphasizes prosecutorial flexibility both to extend or terminate early monitorships depending on the progress of the monitorship over time and the compliance evolution within the corporation.

Future Guidance from the Department

One theme throughout both DAG Monaco’s remarks and her memorandum is “more is coming.” Department components have been instructed to review their policies on corporate voluntary self-disclosure and to draft and publicly share policies; the Criminal Division is in the process of developing guidance concerning how to reward corporations that enact individual compensation incentive / disincentive structures that encourage compliance (and how to better shift the financial burden of corporate financial penalties from shareholders onto corporate leaders and insiders); the Criminal Division is also said to be studying the topics of personal device use and third-party messaging services with plans to incorporate its findings in an upcoming revision to the Evaluation of Corporate Compliance Programs (last updated June 2020); the Department plans to update the Justice Manual to ensure greater consistency across components regarding the steps that a corporation must take to receive maximum credit for full cooperation; and components of the Department lacking a written monitor selection policy have been instructed to either develop or adopt one before the end of the year. These are all important guidance developments on the horizon that should be closely monitored given their potential to meaningfully affect the corporate enforcement landscape.

^{1. See, e.g., https://news.bloomberglaw.com/us-law-week/justice-officials-promise-clarity-in-upcoming-corporate-guidance ↩}

^{2. Two examples given of aggravating factors are a national security threat or systemic misconduct throughout the country. ↩}