In light of U.S. Department of Justice guidance from the past two years revealing increased prosecutorial scrutiny of compliance regimes, high-stakes M&A transactions and tightening budgets call for strategic thinking to avoid corporate criminal fines and penalties, say Brian Benczkowski and Jesse Reising in this article for Law360.
There is every reason to believe that President-elect Joe Biden's U.S. Department of Justice will continue the previous administration's trend of robust white collar enforcement, particularly by the Criminal and Antitrust Divisions.
In the last four years, the DOJ reached historic highs in the number of individual white collar prosecutions, as well as in the imposition certain corporate criminal fines and penalties. Given that this trend is likely to continue, now is a good time for companies to take stock of their compliance programs.
Recent department guidance requires prosecutors in both divisions to increase their scrutiny of compliance regimes when deciding how to resolve cases.
The DOJ's Criminal Division published updated guidance in April 2019, which explicates and clarifies the analysis prosecutors must undertake when evaluating corporate compliance programs. The Criminal Division provided even more granular detail regarding the factors prosecutors will consider in June 2020 revisions to that earlier guidance.
In July 2019, the Antitrust Division also issued its own corporate compliance guidance that is substantially similar to the Criminal Division's. Although the Antitrust Division previously did not consider the effectiveness of compliance programs when making charging decisions, as of its July 2019 guidance, it now does.
Even before the Antitrust Division issued its July 2019 guidance, its leniency program created strong incentives for a company to maintain a robust compliance program. Only the first company to self-report its participation in an antitrust crime can avoid criminal prosecution via the leniency program. An effective compliance regime that provides mechanisms for quickly discovering and reporting potential antitrust crimes allows a company to win the race to leniency. The Antitrust Division's new compliance guidance adds to those already strong incentives.
The DOJ has also recently begun publicly disclosing the factors that it considers when reaching corporate resolutions. One can view the press releases on the Fraud Section's website, for example, to see what cooperation and remediation steps a company took to receive a declination or to avoid the appointment of a monitor. These disclosures, along with the updated compliance guidance, are part of a trend toward providing companies and the broader public with greater transparency regarding how the DOJ resolves corporate criminal cases.
In recognition of the important role effective compliance programs play in preventing and rooting out criminal conduct, the DOJ has made clear that it will reward those companies that implement effective compliance programs. The compliance guidance issued by the Criminal and Antitrust Divisions helps clarify the ways a company can take advantage of an effective program, even when something goes wrong. The other side of the coin, of course, is that given such transparency, prosecutors will look unfavorably on companies that ignore the guidance.
The Compliance Guidance
The compliance guidance issued over the previous two years provides greater predictability and transparency in corporate prosecutions, allowing companies to make informed and cost-effective decisions about how to structure and develop their compliance programs.
While recognizing that the risk profile for each company is different, the guidance spells out the fundamental questions prosecutors will ask when evaluating the effectiveness of a corporate compliance program. Chief compliance officers and general counsel would be wise to consider these questions as well.
There are three basic questions at the core of the guidance issued by the Criminal and Antitrust Divisions. First, is the compliance program well-designed; second, is the program applied earnestly and in good faith; and third, does it work in practice?
A company that can successfully convince prosecutors that the answer to these three questions is "yes" will likely be able to obtain a more favorable resolution in any subsequent criminal investigation. In other words, answering these three questions "yes" may mean the difference between criminal prosecution, large fines, and the imposition of an expensive and invasive corporate monitor on the one hand, and a less painful resolution — including a declination or avoiding a monitor — on the other.
Implementing the Guidance
The guidance provides a road map for how a company can increase the likelihood that it will answer those three questions in the affirmative. There is no such thing as a perfect compliance program; fallible but industrious humans will sometimes find ways to circumvent the best-designed controls.
Even if compliance controls failed in the instance leading to the encounter with the Justice Department, prosecutors will evaluate whether adequate resources were dedicated to high-risk areas of the business and give credit where credit is due for an effective compliance program.
The guidance is designed, in part, to help prosecutors determine whether the compliance program is adequately funded, staffed and supported, or whether it is a mere paper program. A compliance program is likely to be viewed as merely a paper program if those having operational responsibility for compliance do not have meaningful authority at the company.
And it will generally be difficult for a company to show that its compliance program is empowered to function effectively without demonstrating significant involvement and commitment by middle and senior management.
A company's compliance program should also be dynamic, with built-in mechanisms that allow the company to learn about changes needed to make the program work better in practice. Prosecutors will likely ask whether the company is collecting data from its compliance program and how the company is using that data to make continuous improvements.
Senior leadership and the board of directors should periodically review the data collected and ideally authorize independent reviews to evaluate the effectiveness of the program. To be sure, not every compliance problem is amenable to detection and resolution by data analytics, and the department's analysis will need to acknowledge as appropriate that big data is not a once-size-fits-all tool.
But the department has made it clear that modern compliance programs will need to at least consider how to collect and use data to identify, avoid and resolve problems in the appropriate contexts.
The DOJ also will consider whether a compliance program is tailored to the areas where the company faces the most compliance risk. For example, where a company's employees have opportunities to engage in anti-competitive conduct such as price-fixing, bid-rigging or market allocation, one hallmark of an effective antitrust compliance program is a strategy for educating those employees on these subjects and then auditing or periodically tracking those employees' contacts with competitors.
This includes the contacts of human resources professionals responsible for hiring and setting wages and benefits. The Antitrust Division has alerted the public and the corporate community that it will bring actions — potentially criminally — against those companies that agree with competitors to fix wages or not to poach each other's employees.
An effective compliance program must ensure that the relevant human resources professionals and others at the company are aware of the potentially severe consequences of engaging in so-called wage-fixing and no-poach agreements so that they can avoid those pitfalls.
Although compliance programs vary significantly by company and by industry, another typical component of an effective compliance program is a mechanism for recording complaints, categorizing them by issue, and promptly investigating the underlying conduct.
If the company operates a compliance hotline, for example, questions prosecutors are likely to ask with respect to that hotline include: Does the company track whether employees feel comfortable using the hotline? How did the company respond to those complaints? What does the company do with information collected from the hotline? Did the company work to continuously improve its compliance program based on that data?
Budget Constraints and COVID-19
In the age of COVID-19, it is understandable that companies might want or need to tighten their belts, including by making cuts to their compliance programs. But companies should be sure that any such cuts are reasonable in light of reductions made elsewhere in the company.
If a company reduces headcount by 10% within a given department, for example, prosecutors might not view a commensurate cut to the compliance function overseeing that department as reasonable, unless a company can demonstrate that its risk profile also has decreased, that the volume of overall compliance work has lessened, or that existing compliance resources have been properly realigned to address current needs.
Companies must also remember that its decisions regarding allocation of compliance resources will almost always be reviewed by prosecutors in hindsight. If, two years from now, the DOJ is considering whether and how to resolve a criminal matter, the company will be asked then to justify decisions it is making now. Categorically blaming compliance deficiencies on COVID-19 is unlikely to be a satisfactory response. Instead, companies should carefully document the rationale for structuring and allocating resources within its compliance program as they did.
Mergers and Acquisitions
Companies should undertake a particularly close review of compliance programs when conducting M&A due diligence and during post-M&A integration. The DOJ has made it clear that an acquiring company may be rewarded for identifying and shoring up compliance deficiencies, or faulted for failing to remediate compliance shortfalls of which it is aware or failed to exercise appropriate diligence to discover.
Pre-M&A due diligence provides the opportunity for transacting parties to evaluate compliance risks, determine whether to go forward with the transaction despite those risks, and lay the groundwork for improving upon and integrating their compliance efforts immediately after completing the transaction. The government will expect an acquiring company to make reasonable efforts to uncover potential misconduct at the acquired company and evaluate possible compliance gaps, and then work to close those gaps.
Even if the predecessor company had compliance problems before the acquisition, the government will likely look favorably upon those successor companies that use the transaction as an opportunity to remedy those problems. The DOJ's Foreign Corrupt Practices Act Enforcement policy explains, for example, that a company will enjoy the benefits of a presumption of a declination where the:
company undertakes a merger or acquisition, uncovers misconduct by the merged or acquired entity through thorough and timely due diligence or, in appropriate instances, through post-acquisition audits or compliance integration efforts, and voluntarily self-discloses the misconduct and otherwise takes action consistent with this Policy (including, among other requirements, the timely implementation of an effective compliance program at the merged or acquired entity).
Shoring up Compliance Programs
The compliance guidance that the Criminal and Antitrust Divisions have issued over the past two years illustrates that prosecutors are placing significant weight on whether a company has a functioning, effective and well-resourced compliance program.
The guidance also provides a road map for efficiently allocating resources to develop and continuously improve the program. Companies should constantly work to improve upon their compliance programs, but high-stakes M&A transactions and tightening budgets in particular call for smart thinking about how to best allocate limited compliance resources.
The Criminal and Antitrust Divisions' recent guidance is part and parcel of trends at the DOJ toward providing greater transparency in corporate resolutions and highlighting the important role of corporate compliance programs in preventing and rooting out criminal conduct. These trends — along with the robust white collar criminal enforcement of recent years — will likely continue with the incoming political administration.
Companies can position themselves to avoid harsh criminal penalties by conforming their compliance programs to the new guidance before it is too late.
Brian Benczkowski is a partner at Kirkland & Ellis LLP. He was previously assistant attorney general for the Criminal Division of the U.S. Department of Justice.
Jesse Reising is an associate at Kirkland. He was previously a federal prosecutor for the DOJ Antitrust Division.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.