1. Home
  2. |Insights
  3. |Updated DOJ Guidance Keeps Compliance in the Spotlight

Updated DOJ Guidance Keeps Compliance in the Spotlight

Client Alert | 4 min read | 03.08.23

On Friday, the Department of Justice released an updated version of its Evaluation of Corporate Compliance Programs (“ECCP”) guidance—the latest in a series of updates to the administration’s approach to corporate criminal resolutions, and the first substantive update to the ECCP guidance since June 2020. The update marks the latest pronouncement in the Department’s ongoing focus on corporate compliance programs, highlights a continued emphasis on individual accountability, and in particular, fleshes out its expectations in two key areas—compliance related compensation and consequences, and management of messaging apps—providing corporate leaders and compliance teams with additional detail to guide programmatic and policy decisions.

The updated guidance follows the September 2022 memorandum issued by Deputy Attorney General Lisa Monaco (“Monaco Memo”), which instructed DOJ prosecutors to include in their assessments of corporate compliance programs a determination of whether the company’s compensation structure is designed to encourage a culture of ethical and compliant behavior, and disincentivize criminal misconduct. The Monaco Memo also directed prosecutors to consider whether a company implemented effective policies and procedures regarding the use of personal devices and third-party messaging platforms to ensure preservation of all business-related data and communications relevant to any potential investigation. Both of these elements are now reflected in the updated ECCP guidance.

Compensation Structures and Consequence Management

The ECCP revisions are not the first time that DOJ—or federal law enforcement more broadly—has emphasized compensation structures as essential to both the “carrot” and “stick” elements of corporate compliance programs. However, they spell out specifically how prosecutors should assess whether a company’s compensation plan sufficiently incentivizes compliance. As an example, the updated guidance explains that “prosecutors may consider whether a company has incentivized compliance by designing compensation systems that defer or escrow certain compensation tied to conduct consistent with company values and policies,” and prompts prosecutors to probe whether companies have enforced contract provisions that allow the company to claw back previous compensation if the recipient engaged in corporate misconduct. Additional considerations include whether a company: ties meeting certain compliance performance metrics to the reward of management bonuses; offers opportunities for managers and employees to serve as a compliance champion; and/or makes working on compliance “a means of career advancement.”

This “clawback” provision dovetails with the DOJ pilot program introduced concurrently, which (1) requires companies to include compensation-related criteria in their corporate compliance programs as part of corporate criminal resolutions; and (2) offers commensurate fine reductions for the amounts companies recoup through clawback provisions when appropriate, with the possibility of even receiving up to a 25% fine reduction for good faith—but unsuccessful—efforts to do so. This pilot program will run for three years, and may be a mainstay after that.

Third-Party Messaging Applications

The Department’s continued focus on third-party messaging applications, including ephemeral messaging, is not a surprise to anyone who has faced DOJ prosecutors in recent years. The recent updates to the ECCP are additional proof that this focus is not receding. The new language on messaging applications contains three new subsections:

  • Communication Channels—Probing which electronic communication channels employees are permitted to use, related management and preservation mechanisms, required deletion or preservation settings, and the corresponding rationale
  • Policy Environment—Evaluating policies and procedures ranging from data preservation for replaced devices, access to personal devices and messaging applications, requirements to transfer messages, data, and information from private phones or messaging applications onto company systems, and related information about enforcement and exceptions granted
  • Risk Management—Understanding how a company handles employee refusals to access company communications on personal devices or within third-party messaging platforms, including disciplinary consequences, and assessing whether the use of personal devices or third-party messaging applications has impaired the company’s ability to investigate issues or respond to government requests

Takeaways for Business Stakeholders and Compliance Professionals

There is no mistaking that DOJ continues to keenly focus on compliance and individual accountability. As Assistant Attorney General for the Criminal Division Kenneth Polite said in announcing the ECCP updates last week, “Failure to live up to your obligations will be met with severe consequences.”  In light of DOJ’s updated guidance, companies should actively review their compliance and internal controls environment to ensure that those programs and policies are calibrated towards DOJ’s newly articulated expectations.  While the flurry of recent DOJ guidance may be a cause of concern for some, compliance officers and in-house counsel should take heart that they now have further insight into the government’s evolving expectations for certain aspects of corporate compliance programs. There will be much additional discussion and parsing of the ECCP revisions in the coming days, as the questions it poses are the very same questions that every compliance officer should be asking about their program.

Insights

Client Alert | 3 min read | 12.10.24

Fast Lane to the Future: FCC Greenlights Smarter, Safer Cars

The Federal Communications Commission (FCC) has recently issued a second report and order to modernize vehicle communication technology by transitioning to Cellular-Vehicle-to-Everything (C-V2X) systems within the 5.9 GHz spectrum band. This initiative is part of a broader effort to advance Intelligent Transportation Systems (ITS) in the U.S., enhancing road safety and traffic efficiency. While we previously reported on the frustrations with the long time it took to finalize rules concerning C-V2X technology, this almost-final version of the rule has stirred excitement in the industry as companies can start to accelerate development, now that they know the rules they must comply with. ...