DOJ Updates Its Guidance on Corporate Compliance Programs

March 14, 2023

The U.S. Department of Justice (DOJ) recently announced a series of updates to its guidance related to corporate compliance programs, including revisions to the Evaluation of Corporate Compliance Programs (the 2023 Evaluation Guidance), the Revised Memorandum on Selection of Monitors in Criminal Division Matters (the Monitor Memo), and The Criminal Division’s Pilot Program Regarding Compensation Incentives and Clawbacks (the Pilot Program). The updated guidance, in many ways, expands on or mirrors the messages in the September 15, 2022 Memorandum from Deputy Attorney General (DAG) Lisa Monaco (Monaco Memo). Two key takeaways from the latest suite of updates are DOJ’s continued emphasis on: (1) clawback or recoupment of compensation from employees in appropriate cases; and (2) appropriate compliance policies and procedures related to the use of personal devices and communication platforms, including ephemeral messaging applications.

The 2023 Evaluation Guidance: Setting DOJ’s Standards for Assessing Program Effectiveness

The 2023 Evaluation Guidance provides DOJ Criminal Division prosecutors a set of factors they should consider while evaluating the compliance programs of corporations facing a criminal resolution, such as a non-prosecution agreement (NPA), deferred prosecution agreement (DPA), or a plea agreement. As in the past, companies are not required to adopt the program elements described in the 2023 Evaluation Guidance. But the document serves as a valuable resource for companies as they design, implement, and test their corporate compliance programs. As with prior guidance, companies can benchmark their existing compliance programs against the 2023 Evaluation Guidance and the other recently issued guidance.

The 2023 Evaluation Guidance echoes the Monaco Memorandum in emphasizing the importance of adequate discipline for misconduct (and the necessity of appropriate internal processes related to disciplinary actions), as well as leveraging corporate compensation structures and clawbacks to promote a culture of compliance.

Application, Communication, and Monitoring of Disciplinary Actions. The 2023 Evaluation Guidance’s most significant changes are in the section titled “Compensation Structures and Consequence Management,” which underscores that corporations should develop and maintain a positive compliance culture by establishing incentives for compliance and disincentives for compliance failures. Under the 2023 Evaluation Guidance, federal prosecutors handling corporate criminal matters will consider whether a company’s compliance program appropriately “identif[ies], investigate[s], discipline[s], and remediate[s] violations of law, regulation, or policy.” Factors for consideration include:

- Transparent communication regarding disciplinary processes and actions; and
- Tracking data on disciplinary actions to monitor the effectiveness of the compliance program.
Compensation Structure and Clawbacks. The 2023 Evaluation Guidance reflects DOJ’s view that the design and implementation of compensation schemes can foster a positive compliance culture and reduce the financial burden on shareholders and investors when misconduct results in monetary consequences for the corporation. The 2023 Evaluation Guidance instructs prosecutors to consider, for example, whether a company has:
- Incentivized compliance by designing compensation systems that defer or escrow certain compensation tied to conduct standards;
- Attempted to recoup compensation previously awarded to individuals who are responsible for corporate wrongdoing; or
- Made working in compliance a means of career advancement by, for example, offering opportunities in compliance-related roles or setting compliance as a significant metric for management bonuses.

The Pilot Program: Promoting Compliance through Compensation Clawbacks

In connection with the 2023 Evaluation Guidance, DOJ launched the Pilot Program, effective on March 15, 2023, a three-year initiative applicable to all corporate Criminal Division matters. Under the Program, the Criminal Division will require that every corporate resolution require the defendant company to implement compliance-promoting criteria in its compensation and bonus systems. In addition, a company entering into a criminal resolution may receive a reduction in fines if it has in good faith initiated the process to recoup compensation from individual wrongdoers before the resolution.

Mandatory Compliance-Related Compensation Criteria for Corporate Criminal Matters. During the Pilot Program’s duration, companies entering into criminal resolutions must now implement compliance-related criteria in their compensation and bonus systems. In addition, companies must report to the Criminal Division annually about their implementation of this requirement during the term of their criminal resolutions. The compliance-related compensation criteria may include provisions such as:

- A prohibition on bonuses for employees who do not satisfy compliance performance requirements;
- Disciplinary measures for employees who violate applicable law and others who both (a) had supervisory authority over the employee(s) or business area engaged in the misconduct, and (b) knew of, or were willfully blind to, the misconduct; and
- Incentives for employees who demonstrate full commitment to compliance processes.

Deferred Reduction of Criminal Fines. Under the Pilot Program, a company may be eligible for a deferred reduction of fines if it fully cooperates, timely and appropriately remediates, and demonstrates that it has implemented a program to recoup compensation from employees who engaged in or were otherwise meaningfully implicated in misconduct related to the investigation. A company eligible for a reduced fine must pay the full amount of the applicable fine, less the amount of compensation the company is attempting to recoup or claw back. If the company has not recouped that amount by the end of its resolution’s term, the company must pay back any amount it has not recouped. If the company has in good faith tried to recoup compensation from employees but failed, the prosecutors may, in their discretion, nevertheless reduce the amount the company must pay back to DOJ by 25% of the amount of compensation that the company attempted to claw back.

Unfortunately, neither the 2023 Evaluation Guidance nor the Pilot Program includes a carve-out for circumstances where other applicable laws, such as local labor and employment laws, conflict with DOJ policies. It is unclear how DOJ would handle matters where the employees subject to the clawback requirement are from jurisdictions that bar recouping incentives such as bonuses or limit the circumstances under which employers may recoup such compensation (e.g., China, France, or Singapore). Even in jurisdictions where clawback provisions are enforceable, enforcing them may expose companies to employment disputes and litigation. The latest guidance on compensation clawbacks and the Pilot Program will leave companies to sort through these additional layers of legal complications. In doing so, companies also will need to factor in prior regulatory efforts to mandate clawback policies. For example, as covered in our previous update, in October 2022, the U.S. Securities and Exchange Commission directed U.S. stock exchanges and securities associations to promulgate listing standards that will (in the future) require their listed companies to adopt, implement, and adhere to a written clawback policy. The final rule implementing this requirement sets forth several granular requirements for the clawback policy that should inform companies’ consideration of how to address the 2023 Evaluation Guidance.

The Use of Personal Devices, Communications Platforms, and Messaging Applications

The 2023 Evaluation Guidance adds extensive direction regarding communication platforms and channels, tracking the Monaco Memo and the DAG’s speech at the 39th American Conference Institute International Conference on the FCPA, in which DAG Monaco admonished that “all corporations with robust compliance programs should have effective policies governing the use of personal devices and third-party messaging platforms.” Assistant Attorney General (AAG) Kenneth Polite likewise stated at a March 3, 2023 American Bar Association (ABA) conference that DOJ is “looking to reward companies who are being already thoughtful” about these communications. AAG Polite warned companies that Criminal Division prosecutors “aren’t going to accept a company’s explanation at face value” if companies do not produce these communications to the government upon request, and that such failures to produce communications may result in an unfavorable resolution.

Consistent with DOJ’s core theme that compliance programs should be company-specific, the 2023 Evaluation Guidance states that policies governing the use of communication applications should also be tailored to the company’s risk profile and specific business needs. The 2023 Evaluation Guidance instructs Criminal Division prosecutors to consider how a company has informed its employees of its communication-platform-related policies and procedures, and whether the company has enforced the policies and procedures regularly and consistently in practice. In evaluating the communication-platform policies, prosecutors must assess:

The types of communication channels company personnel use;
The policies and procedures governing the use of communication platforms and channels; and
The company’s risk management measures, such as the consequences for employees who refuse the company access to company communications, the impact of the use of ephemeral messaging applications on the company’s evaluation of employees’ compliance with company policies and procedures, and related disciplinary actions.

Notably, DOJ’s admonishments on communication policies do not delve into the complexities of various local data privacy laws that may apply, particularly when employees use their own mobile devices. AAG Polite noted in his ABA speech that, in the event companies decline to provide data from ephemeral messaging applications or other communication platforms, DOJ prosecutors will “ask about the company’s ability to access such communications, whether they are stored on corporate devices or servers, as well as applicable privacy and local laws,” and that such responses (or lack of responses) “may very well affect the offer it receives to resolve criminal liability.”

The reality is that the execution of a consistent policy across multiple jurisdictions in this respect may be difficult, and companies will confront many complications as they try to implement the 2023 Evaluation Guidance. To satisfy DOJ’s expectations, multinational corporations will now have to navigate applicable local data privacy laws, blocking statutes, and legal or securities-related requirements that may be at odds with DOJ’s position regarding messaging applications and communication platforms. In light of AAG Polite’s remarks, companies should review existing data privacy and communication policies to see whether they need to be, and can be, updated to reflect DOJ’s guidance, as well as identify potential conflicts between local data privacy laws and DOJ guidance and take mitigating steps as appropriate.

Updated Guidance on Corporate Monitorships

On March 1, 2023, AAG Polite issued the Monitor Memo, which codifies the policies announced in the Monaco Memo. Under the Monitor Memo, when determining whether to impose a monitorship, prosecutors should consider ten non-exhaustive factors to assess the need for, and potential benefits of, a monitor. As a general matter, prosecutors should consider a monitorship where a corporation’s compliance program and controls are “untested, ineffective, inadequately resourced, or not fully implemented at the time of a resolution.” On the other hand, where a corporation’s compliance program and controls are “demonstrated to be tested, effective, adequately resourced, and fully implemented at the time of a resolution,” a monitor may not be necessary. The Monitor Memo also clarifies that (1) consistent with the Criminal Division’s practice since at least 2018, many of the requirements for monitors apply to monitor teams, in addition to the named monitor; (2) monitor selections are and will be made in keeping with DOJ’s commitment to diversity, equity, and inclusion; and (3) the cooling-off period for monitors is now not less than three years, rather than two years, from the date of the termination of the monitorship.

Conclusion

The recent announcements and guidance signal DOJ’s focus on incentivizing corporations with strong compliance programs that are tested, effective, adequately resourced, and fully implemented. Companies should assess their existing compliance policies and procedures to see what, if any, changes should be made (and what changes can be made under applicable laws), particularly with respect to the policies related to communication channels and platforms, employee evaluation and disciplinary actions, and compensation clawback in light of the new DOJ guidance.

Gibson Dunn has more than 250 white collar lawyers around the globe who are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn attorney with whom you usually work, or any of the following:

White Collar Defense and Investigations Group:

Washington, D.C.
Stephanie Brooker – Co-Chair (+1 202-887-3502, sbrooker@gibsondunn.com)
Courtney M. Brown (+1 202-955-8685, cmbrown@gibsondunn.com)
David P. Burns (+1 202-887-3786, dburns@gibsondunn.com)
John W.F. Chesley (+1 202-887-3788, jchesley@gibsondunn.com)
Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com)
M. Kendall Day (+1 202-955-8220, kday@gibsondunn.com)
David Debold (+1 202-955-8551, ddebold@gibsondunn.com)
Michael S. Diamant (+1 202-887-3604, mdiamant@gibsondunn.com)
Richard W. Grime (+1 202-955-8219, rgrime@gibsondunn.com)
Scott D. Hammond (+1 202-887-3684, shammond@gibsondunn.com)
George J. Hazel (+1 202-887-3674, ghazel@gibsondunn.com)
Judith A. Lee (+1 202-887-3591, jalee@gibsondunn.com)
Adam M. Smith (+1 202-887-3547, asmith@gibsondunn.com)
Patrick F. Stokes (+1 202-955-8504, pstokes@gibsondunn.com)
Oleh Vretsona (+1 202-887-3779, ovretsona@gibsondunn.com)
F. Joseph Warin – Co-Chair (+1 202-887-3609, fwarin@gibsondunn.com)
Amy Feagles (+1 202-887-3699, afeagles@gibsondunn.com)
David C. Ware (+1 202-887-3652, dware@gibsondunn.com)
Ella Alves Capone (+1 202-887-3511, ecapone@gibsondunn.com)
Nicholas U. Murphy (+1 202-777-9504, nmurphy@gibsondunn.com)
Melissa Farrar (+1 202-887-3579, mfarrar@gibsondunn.com)
Nicole Lee (+1 202-887-3717, nlee@gibsondunn.com)
Jason H. Smith (+1 202-887-3576, jsmith@gibsondunn.com)
Pedro G. Soto (+1 202-955-8661, psoto@gibsondunn.com)

New York
Zainab N. Ahmad (+1 212-351-2609, zahmad@gibsondunn.com)
Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com)
Mylan L. Denerstein (+1 212-351-3850, mdenerstein@gibsondunn.com)
Barry R. Goldsmith (+1 212-351-2440, bgoldsmith@gibsondunn.com)
Karin Portlock (+1 212-351-2666, kportlock@gibsondunn.com)
Mark K. Schonfeld (+1 212-351-2433, mschonfeld@gibsondunn.com)
Orin Snyder (+1 212-351-2400, osnyder@gibsondunn.com)
Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com)
Brendan Stewart (+1 212-351-6393, bstewart@gibsondunn.com)

Denver
Ryan T. Bergsieker (+1 303-298-5774, rbergsieker@gibsondunn.com)
Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com)
John D.W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com)
Laura M. Sturges (+1 303-298-5929, lsturges@gibsondunn.com)

Houston
Gregg J. Costa (+1 346-718-6649, gcosta@gibsondunn.com)

Los Angeles
Michael H. Dore – Los Angeles (+1 213-229-7652, mdore@gibsondunn.com)
Michael M. Farhang (+1 213-229-7005, mfarhang@gibsondunn.com)
Diana M. Feinstein (+1 213-229-7351, dfeinstein@gibsondunn.com)
Douglas Fuchs (+1 213-229-7605, dfuchs@gibsondunn.com)
Nicola T. Hanna – Co-Chair (+1 213-229-7269, nhanna@gibsondunn.com)
Poonam G. Kumar (+1 213-229-7554, pkumar@gibsondunn.com)
Marcellus McRae (+1 213-229-7675, mmcrae@gibsondunn.com)
Eric D. Vandevelde (+1 213-229-7186, evandevelde@gibsondunn.com)
Debra Wong Yang (+1 213-229-7472, dwongyang@gibsondunn.com)

San Francisco
Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com)
Charles J. Stevens – Co-Chair (+1 415-393-8391, cstevens@gibsondunn.com)
Michael Li-Ming Wong (+1 415-393-8333, mwong@gibsondunn.com)

Palo Alto
Benjamin Wagner (+1 650-849-5395, bwagner@gibsondunn.com)

London
Patrick Doris (+44 20 7071 4276, pdoris@gibsondunn.com)
Sacha Harber-Kelly (+44 20 7071 4205, sharber-kelly@gibsondunn.com)
Michelle Kirschner (+44 20 7071 4212, mkirschner@gibsondunn.com)
Matthew Nunan (+44 20 7071 4201, mnunan@gibsondunn.com)
Philip Rocher (+44 20 7071 4202, procher@gibsondunn.com)

Paris
Benoît Fleury (+33 1 56 43 13 00, bfleury@gibsondunn.com)
Bernard Grinspan (+33 1 56 43 13 00, bgrinspan@gibsondunn.com)

Frankfurt
Finn Zeidler (+49 69 247 411 530, fzeidler@gibsondunn.com)

Munich
Katharina Humphrey (+49 89 189 33 155, khumphrey@gibsondunn.com)
Benno Schwarz – Co-Chair (+49 89 189 33 110, bschwarz@gibsondunn.com)
Mark Zimmer (+49 89 189 33 115, mzimmer@gibsondunn.com)

Hong Kong
Kelly Austin – Co-Chair (+852 2214 3788/+1 303-298-5980, kaustin@gibsondunn.com)
Oliver D. Welch (+852 2214 3716, owelch@gibsondunn.com)

Singapore
Joerg Biswas-Bartz (+65 6507 3635, jbiswas-bartz@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice. Please note, prior results do not guarantee a similar outcome.