Monitor or no Monitor? – And What Makes Compliance Programs Effectively Working in Practice
U.S. Assistant Attorney General Kenneth A. Polite Jr., who worked as a prosecutor, defence attorney and Chief Compliance Officer, knows the challenges about serving as a resource for information, enforcing law and policies and creating the company’s ethical culture. In a speech he gave on March 25, 2022, at the NYU Law’s Program on Corporate Compliance and Enforcement, he described in detail what the Department of Justice (DoJ) expects and evaluates in terms of effective corporate compliance programs. Further, he spoke about the criteria the DoJ uses to determine whether an independent monitor should be imposed.
DoJ’s Three Expectations for an Effective Compliance Program
In line with the DoJ’s 2020 Guidance on the Evaluation of Corporate Compliance Programs (see our blog post: https://www.pohlmann-company.com/en/the-dojs-new-guidance-on-corporate-compliance-programs/), Polite began his speech by stating that the DoJ expects compliance programs to
- be well designed,
- be adequately resourced and empowered to function in an effective manner, and furthermore
- work in practice.
For all three categories, Polite provided more details: To verify the adequate design of a company’s compliance program (1), the DoJ will look at the company’s processes for assessing its risks and building a program that is tailored to manage its specific risk profile. Policies and procedures must be designed to address the key risks identified, and must be easily accessible and understandable to all stakeholders. Companies are expected to train all employees, managers and third parties on the relevant risk areas and resulting responsibilities. Further, well designed compliance programs should provide for reliable reporting processes that encourage employees to speak up in case of potential violations of law or policies without fearing retaliation. Reports must be taken seriously, investigated, documented, and, if necessary, remediated.
Regarding the adequacy of resources and their empowerment to function effectively (2), Polite emphasized that it would not be about “dollars, headcount, and reporting lines” but much more about qualifications and expertise of the key compliance contributors and gatekeepers. As he explained, Compliance Officers need to have adequate access to and actual engagement with the business and company management. The compliance function is expected to have an appropriate stature within the company and should be promoted as a significant resource to ensure the Compliance Officer’s impact on corporate decision-making. The commitment to promoting compliance and ethical values “from top to bottom” is considered of crucial importance.
Ultimately, the DoJ wants to see solid evidence that the compliance program works in practice (3), by, in particular, checking whether the company is continuously testing the effectiveness of its compliance program in order to develop and improve it in light of changing risks and identified gaps or violations. Polite emphasized the need for companies to also address the root causes of these gaps or violations and identify and implement manners and controls that prevent recurrence. Calling for real-life “success stories”, Polite refers to the implementation of disciplinary measures, the reward of compliance role modelling, the rejection of business opportunities or transactions due to compliance risks, positive trends in whistleblower reporting, and the partnership that has developed between Compliance Officer and the company.
The Importance of Ethical Culture and how to Demonstrate in Practice
Reiterating the speech of Deputy Attorney General Lisa Monaco from October 2021 (see our blog post: https://www.pohlmann-company.com/en/u-s-department-of-justice-announces-more-rigorous-enforcement/), Polite explicitly referred also to companies’ compliance culture and the need to continuously test, measure and improve it.
He emphasized how important it is for the DoJ to see companies demonstrating a compliance and ethical culture in practice. In this context they would, e.g., look at whether employees feel empowered to speak up, whether Compliance Officers provide advice even if this results in the termination of current negotiations or business relationships, and to what extent companies respond to prior misconduct. Ideally, companies would conduct independent testing, e.g., of the effectiveness of their trainings, communications and culture, and make improvements to it, whenever deemed necessary. A company’s own compliance culture is demonstrated by its own internal Compliance Officers and senior managers – rather than by external consultants.
DoJ’s Approach as to Impose or not Impose Independent Monitors
With a view to imposing independent compliance monitorships as part of their settlements, Polite signalized a clear reversal from the previous administration and its approach towards monitorships: Monitorships would be an effective tool for strengthening compliance programs within companies, specifically in cases in which such companies’ compliance weaknesses have resulted in criminal conduct and systematic wrongdoing.
Delinquent companies should expect the DoJ to make use of monitorships. It would decide not to impose a monitor under specific circumstances only, e.g., if, following its relevant misconduct, a company had already invested in implementing a strong compliance program, it tested the effectiveness of its compliance controls already, it made risk-adequate updates to its compliance program, and it had created a strong compliance culture meanwhile.
Polite explained that, in case the DoJ would determine the imposition of an independent monitor unnecessary, companies would still be required to comply with their settlement obligations to implement and maintain an effective compliance program, to cooperate and to report to DoJ credible allegations of misconduct. A special DoJ unit would take responsibility to review related work plans and self-reports by these companies and to evaluate their progress in self-reviewing and self-testing their compliance programs and internal controls. Companies would still face severe consequences if they fail to comply with these settlement obligations.
Outlook and Conclusion
Polite’s speech gives a helpful insight into the DoJ’s expectations of an effective compliance program and the basis for their decisions, particularly with respect to the imposition of a monitor.
Summarizing himself, Polite underlined that the DoJ’s general interest is to know whether everything has been done to ensure that an employee, facing ethical challenges, has been adequately informed, trained and empowered to choose right over wrong, and, whether in case of a wrong decision being made, there is an effective system in place which immediately detects, remediates, disciplines, and prevents future recurrence.
The DoJ’s decision to impose or not impose an independent compliance monitor consequently follows this logic: A monitor will not be imposed to those companies that are able to demonstrate that they have the necessary robust ethical culture, the requisite organizational set-up, adequate practical means and the overall maturity to quasi-monitor themselves and further develop their compliance programs on a continuous basis. In this case, the DoJ will consider requiring both the Chief Executive officer and the Chief Compliance Officer of the company to certify that the company’s compliance program is reasonably designed, implemented and is functioning effectively. Additionally, the CEO and CCO are required to certify that all self-reports submitted to the DoJ are true, accurate and complete.
Companies are well advised to constantly review, test, and update their compliance programs in line with the expectations which the DoJ is explaining with increasing frequency and detail these days. Particular attention should be paid to the question whether a compliance program actually works in practice, including in the event of the always possible misconduct of individuals. Once a governmental investigation is initiated and the company is working towards a DoJ settlement, it should make every effort to build or expand the desired effectiveness and maturity of its compliance program and internal controls. Here, companies should always consider obtaining the necessary critical review and experienced, tailored support by way of a “voluntary monitorship”.
Do not hesitate to get in contact with us if you should have any questions about U.S. corporate enforcement matters, monitorships or about the development of your corporation’s compliance program. We have a notable track record as (voluntary or mandatory) corporate compliance monitors and are happy to share our thoughts and experiences on what DoJ and other enforcement agencies, in the U.S. and elsewhere, expect from you.
- Prepared Remarks by U.S. Assistant Attorney General Kenneth A. Polite (March 25, 2022): https://wp.nyu.edu/compliance_enforcement/2022/03/29/prepared-remarks-by-u-s-assistant-attorney-general-polite-at-the-nyu-law-program-on-corporate-compliance-and-enforcement/
- Keynote by Deputy Attorney General Lisa O. Monaco (October 28, 2021): https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-gives-keynote-address-abas-36th-national-institute
- S. Department of Justice’s Evaluation of Corporate Compliance Programs (updated June 2020): https://www.justice.gov/criminal-fraud/page/file/937501/download