2014 Trends: #10 Expanding Use of DPAs and NPAs

by NAVEX Global
Contact

The day has arrived. Today we’ll cover our last trend to watch in 2014: DPA and NPA use expanding.  Since they were first used in 2000, the U.S. DOJ has disclosed 257 Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs). These agreements allow prosecutors to require corporate reforms and penalties in exchange for delaying the filing of charges with the opportunity to avoid charges altogether with satisfactory completion of agreed upon requirements.

In 2012, the DOJ entered into a record 37 agreements. While the pace of such agreements by the DOJ has slowed a bit in 2013, other enforcement bodies have now begun using them. The DOJ’s Antitrust Division entered into its first DPA in February, settling with the Royal Bank of Scotland. The U.S. Attorney’s Office for the District of Puerto Rico also signed its first DPA with LLC Wholesale Supply. In April, the SEC used an NPA for the first time in its settlement with Ralph Lauren in an anti-bribery case centered on illicit payments in Argentina. Also in April, DPAs were created for the first time in the United Kingdom, under the U.K. Crime and Courts Act 2013. The British version will be applicable only to economic offenses, such as fraud, money laundering and bribery and the government still must finalize guidance on the process before they go into effect, probably in 2014.

And in healthcare, the Corporate Integrity Agreement (CIA) has been a similar enforcement tool used by the Office of the Inspector General of the U.S. Department of Health and Human Services since the late 1990s.

The use of such agreements has had its critics over the years, with some arguing that they are applied inconsistently, that key details included in the agreements have not always been readily available – thus limiting their potential positive impact as “teachable moments” for other organizations – and that they may be sending the wrong message by letting some wrongdoers off the hook.

On the other side, these agreements are typically quite costly to implement, often requiring the use of expensive third party monitors that can be disruptive to the organization and are viewed as difficult to challenge. Further, these agreements have very tight timelines for actions such as implementing extensive training and ongoing reporting to government agencies, which diverts significant high-level resources into management of the agreement.

But in spite of the criticisms and implementation challenges, the expansion of the use of DPAs and NPAs in 2013 is a clear signal that they are here to stay.

Co-directors of enforcement for the SEC agree: “We recognize that insisting upon admissions in certain cases could delay the resolution of cases, and that many cases will not fit the criteria for admissions,” Andrew Ceresney and George Canellos outlined in a letter to SEC staff. “For these reasons, no-admit-no-deny settlements will continue to serve an important role in our mission and most cases will continue to be resolved on that basis.”

While the chances of being the target of a government investigation and agreement are still relatively low, the fear of it – even as a distant possibility – has focused the attention of many organizations who are preparing for the worst case scenario. Interestingly enough, it turns out that preparing for the worst may be the wisest course to ensure that the worst will never happen.

Additionally, we have seen from recent DOJ and SEC announcements around DPAs and NPAs that a paper program is no longer acceptable. More components and robustness are expected around specific ethics and compliance program requirements in order to qualify for the benefits that DPAs and/or NPAs allow. In many ways, these agreements provide a blueprint of regulators’ expectations when it comes to effective ethics and compliance programs.

One approach to prepare for the worst is to conduct a “stress test” or an assessment to determine how the program would survive a government or third-party review. Such a test will help to develop a prioritized list of opportunities for improvement and result in a plan to engage leadership and other corporate functions to proactively address gaps.

At a minimum, the stress test should include a review of:

  • The existing – or a new – ethics and compliance risk assessment
  • Standards, policies and procedures
  • Oversight, structure and leadership
  • Alignment with HR practices
  • Communications and training
  • Reporting and response
  • Monitoring and assessment
  • Culture

As a bonus, a stress test will also help organizations identify and collect program documentation, which is often scattered throughout the company – not only in the ethics and compliance office but also in HR, audit, security, legal and elsewhere. Without clear and complete documentation it may be difficult to prove what program elements you have in place and what steps you’ve taken. But, if the worst happens, that is precisely what you’ll need to do – so always best to be prepared.

Thanks for sticking with us through the coverage of all ten trends we feel are critical for ethics and compliance professionals to be aware of this year. Join us for Thursday’s webinar where we’ll cover all 10 Trends from a slightly different perspective.

- See more at: http://www.navexglobal.com/blog/2014/02/11/2014-trends-10-expanding-use-dpas-and-npas#sthash.TMMrwo81.dpuf

The day has arrived. Today we’ll cover our last trend to watch in 2014: DPA and NPA use expanding.  Since they were first used in 2000, the U.S. DOJ has disclosed 257 Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs). These agreements allow prosecutors to require corporate reforms and penalties in exchange for delaying the filing of charges with the opportunity to avoid charges altogether with satisfactory completion of agreed upon requirements.

In 2012, the DOJ entered into a record 37 agreements. While the pace of such agreements by the DOJ has slowed a bit in 2013, other enforcement bodies have now begun using them. The DOJ’s Antitrust Division entered into its first DPA in February, settling with the Royal Bank of Scotland. The U.S. Attorney’s Office for the District of Puerto Rico also signed its first DPA with LLC Wholesale Supply. In April, the SEC used an NPA for the first time in its settlement with Ralph Lauren in an anti-bribery case centered on illicit payments in Argentina. Also in April, DPAs were created for the first time in the United Kingdom, under the U.K. Crime and Courts Act 2013. The British version will be applicable only to economic offenses, such as fraud, money laundering and bribery and the government still must finalize guidance on the process before they go into effect, probably in 2014.

And in healthcare, the Corporate Integrity Agreement (CIA) has been a similar enforcement tool used by the Office of the Inspector General of the U.S. Department of Health and Human Services since the late 1990s.

The use of such agreements has had its critics over the years, with some arguing that they are applied inconsistently, that key details included in the agreements have not always been readily available – thus limiting their potential positive impact as “teachable moments” for other organizations – and that they may be sending the wrong message by letting some wrongdoers off the hook.

On the other side, these agreements are typically quite costly to implement, often requiring the use of expensive third party monitors that can be disruptive to the organization and are viewed as difficult to challenge. Further, these agreements have very tight timelines for actions such as implementing extensive training and ongoing reporting to government agencies, which diverts significant high-level resources into management of the agreement.

But in spite of the criticisms and implementation challenges, the expansion of the use of DPAs and NPAs in 2013 is a clear signal that they are here to stay.

Co-directors of enforcement for the SEC agree: “We recognize that insisting upon admissions in certain cases could delay the resolution of cases, and that many cases will not fit the criteria for admissions,” Andrew Ceresney and George Canellos outlined in a letter to SEC staff. “For these reasons, no-admit-no-deny settlements will continue to serve an important role in our mission and most cases will continue to be resolved on that basis.”

While the chances of being the target of a government investigation and agreement are still relatively low, the fear of it – even as a distant possibility – has focused the attention of many organizations who are preparing for the worst case scenario. Interestingly enough, it turns out that preparing for the worst may be the wisest course to ensure that the worst will never happen.

Additionally, we have seen from recent DOJ and SEC announcements around DPAs and NPAs that a paper program is no longer acceptable. More components and robustness are expected around specific ethics and compliance program requirements in order to qualify for the benefits that DPAs and/or NPAs allow. In many ways, these agreements provide a blueprint of regulators’ expectations when it comes to effective ethics and compliance programs.

One approach to prepare for the worst is to conduct a “stress test” or an assessment to determine how the program would survive a government or third-party review. Such a test will help to develop a prioritized list of opportunities for improvement and result in a plan to engage leadership and other corporate functions to proactively address gaps.

At a minimum, the stress test should include a review of:

  • The existing – or a new – ethics and compliance risk assessment
  • Standards, policies and procedures
  • Oversight, structure and leadership
  • Alignment with HR practices
  • Communications and training
  • Reporting and response
  • Monitoring and assessment
  • Culture

As a bonus, a stress test will also help organizations identify and collect program documentation, which is often scattered throughout the company – not only in the ethics and compliance office but also in HR, audit, security, legal and elsewhere. Without clear and complete documentation it may be difficult to prove what program elements you have in place and what steps you’ve taken. But, if the worst happens, that is precisely what you’ll need to do – so always best to be prepared.

Thanks for sticking with us through the coverage of all ten trends we feel are critical for ethics and compliance professionals to be aware of this year. Join us for Thursday’s webinar where we’ll cover all 10 Trends from a slightly different perspective.

 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© NAVEX Global | Attorney Advertising

Written by:

NAVEX Global
Contact
more
less

NAVEX Global on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
Feedback? Tell us what you think of the new jdsupra.com!