It is mid-September.
Thus, consistent with historical practices, DOJ officials are out giving speeches about DOJ policy. Previous posts here and here have focused on the recent release of the so-called Monaco Memo and this post highlights a recent speech by Assistant Attorney General Kenneth Polite.
In addition to discussing the recent Monaco Memo, Polite touched upon the following topics: deterrence and compliance certifications.
“[W]e cannot rely exclusively on prosecutions to ensure public safety or good corporate governance. Indeed, as with any area of criminality, our ultimate goal is to prevent corporate crime in the first instance. Preventing the victimization of innocent investors, the loss of faith in the integrity of our markets, the corrosive effects of corruption, the fleecing of taxpayers—has been and remains my highest priority in these cases.
Deterrence plays a key role in accomplishing that objective. We deter corporate crime both by holding individual wrongdoers accountable and by creating an enforcement regime that incentivizes responsible corporate citizenship.
I have been fortunate in my career to have previously worked as a chief compliance officer in addition to serving as a line prosecutor, a U.S. Attorney, and defense counsel. I know the incredible challenges that compliance personnel face. But I have also seen how a strong compliance program can ward off misconduct and empower ethical employees. That is why I have made this issue—giving companies strong incentives to deter misconduct through effective compliance programs—a top focus of the Criminal Division.
Our commitment to elevating prevention is reflected in our policies, our practices, and our personnel, the same methods in which our companies reflect their commitment to building a strong compliance program.”
If holding individual wrongdoers accountable and creating an enforcement regime that incentivizes responsible corporate citizenship can best deter corporate crime – why does the DOJ do such a poor job in both categories?
For instance, in the FCPA context, over the past approximate 15 years, approximately 75% of DOJ corporate FCPA enforcement actions have not resulted in any related FCPA charges against company employees.
As to best incentivizing corporate compliance, numerous former DOJ officials – indeed even the DOJ’s recent compliance hire – are in favor of an FCPA compliance defense – yet the DOJ has consistently argued against it. (See here).
“… I want to address our use of Chief Compliance Officer (CCO) certifications. To ensure that compliance officials are empowered to create and maintain effective compliance programs, in March 2022, I announced that, for all Criminal Division corporate resolutions (including guilty pleas, deferred prosecution agreements, and non-prosecution agreements), we would consider requiring both the Chief Executive Officer and the Chief Compliance Officer (CCO) to sign a certification at the end of the term of the agreement. This document certifies that the company’s compliance program is reasonably designed, implemented to detect and prevent violations of the law, and is functioning effectively. These certifications are designed to give compliance officers an additional tool that enables them to raise and address compliance issues within a company or directly with the department early and clearly.
These certifications underscore our message to corporations: investing in and supporting effective compliance programs and internal controls systems is smart business and the department will take notice.
These certifications take into account, as appropriate, the nature and circumstances of the criminal violation that gave rise to the resolution. For example, we used this new CCO certification in our recent resolutions with Glencore. Even the world’s largest companies are not above the law. When—at the time of resolution—a company’s compliance program is inadequate, remediation is not complete, and the criminal conduct was serious and pervasive, the consequences are serious. Both Glencore International AG, a multi-national commodity trading and mining firm headquartered in Switzerland, and Glencore Limited, the U.S.-based subsidiary, pleaded guilty to criminal offenses.
Glencore Limited pleaded guilty to engaging in a scheme to manipulate fuel oil prices at two of the busiest commercial shipping ports in the U.S. Motivated by a desire to augment corporate profits, Glencore Ltd. placed trades to artificially move the benchmark for oil, increasing the company’s profits and reducing its costs on contracts to buy and sell physical fuel oil, and affecting prices market-wide. This scheme lasted for eight years. Glencore Limited’s compliance program was ineffective both during the time of the misconduct and at the time of the resolution and thus, as a term of the plea agreement, we imposed a monitorship. And, because the facts of the case involved a scheme to commit commodities fraud by manipulating fuel oil prices, the CCO certification was tailored to that misconduct: Both the CEO and Head of Compliance will be required to certify at the end of the term that Glencore Limited’s “compliance program is reasonably designed to detect and prevent violations of the Commodities Laws . . . throughout the Company’s operations.”
This certification is meant to guarantee a seat at the table that all compliance officers should have in an organization with a functioning compliance program.
We similarly used this certification in the Glencore International AG FCPA guilty plea announced the same day, tailoring the language to foreign corruption. Separate and apart from the price manipulation scheme at Glencore Ltd., Glencore International engaged in a massive, decade-long scheme to make and conceal corrupt payments and bribes for the benefit of foreign officials, in order to obtain and retain business. Despite some investments in compliance, Glencore’s program was not fully implemented or tested to demonstrate that its new enhancements would prevent and detect similar misconduct in the future, necessitating the imposition of an independent compliance monitor.
We have now also used the CCO certification in a DPA. [Recently], we announced an FCPA DPA with Brazil-based GOL Airlines, which related to the company’s participation in a scheme to pay millions in bribes to Brazilian officials and politicians to influence two pieces of legislation favorable to the company. We did not impose a monitor in that case because at the time of the resolution, the company had redesigned its entire anti-corruption compliance program, demonstrated through testing that the program was functioning effectively, and committed to continuing to enhance its compliance program and internal controls. However, to ensure follow-through on this commitment, and because the GOL case involved bribery of foreign officials, we will require the CEO and CCO to certify at the end of the DPA term that the “compliance program is reasonably designed to detect and prevent violations of the [FCPA] and other applicable anti-corruption laws throughout the Company’s operations.”
We will continue to use similar certifications in our corporate resolutions as appropriate for each case.
Let me add that there has been some concern raised about this certification process. I know and trust compliance personnel. I appreciate the challenges they often face. For too long, they have complained that compliance doesn’t have the same voice in corporate decision-making. These certifications and other resources are empowering you to demand that voice. A corporate leader who ignores the emphasis we are placing on compliance does so at his or her own risk. But you cannot shy away from this role. You cannot run away from the responsibility. My call is that you embrace it, knowing full well that stronger, more empowered compliance voices are exactly what we need.”
As discussed in this post, the DOJ’s new compliance certification requirements set up corporate executives to fail because they contain: (i) legal standards that simply do not exist; (ii) internally inconsistent standards; and/or (iii) vague or ambiguous terms.
If reading DOJ enforcement official speeches is your thing, here is another recent speech from Principal Associate Deputy Attorney General Marshall Miller. The speech is full of lingo such as “pressure-testing,” “doubling down and scaling up” “move the needle” and “replace the bludgeon with the scalpel.”
Moreover, given that the average length of FCPA scrutiny is approximately four years (and in last week’s FCPA enforcement action the company was under scrutiny for approximately six years), the following statement from Miller is simply laughable:
“Where misconduct has occurred, everyone involved — from prosecutors to outside counsel to corporate leadership — should be ‘on the clock,’ operating with a true sense of urgency.”