Key Takeaways

• Corporate enforcement and individual accountability are high priorities for new DOJ Criminal Division head Kenneth Polite.
• Companies should be proactive in implementing, monitoring, and improving their compliance programs as non-compliance may result in the imposition of costly sanctions.
• FCPA and cybercrime enforcement are continuing priorities and the DOJ’s impending introduction of the National Cryptocurrency Enforcement Team will crackdown on cryptocurrency-related cybercrime.

New head of the Department of Justice’s (“DOJ”) Criminal Division, Kenneth Polite, had a very clear message for companies this month: the best defense is a good offense. The former New Orleans U.S. Attorney and Entergy Corp. compliance chief is responsible for enforcing the DOJ’s new corporate criminal enforcement policy announced by Deputy Attorney General Lisa Monaco this past October. The policy emphasizes increased analysis of a company’s full prior history of misconduct, disclosure of all relevant facts related to all individuals potentially involved in malfeasance (a return to the Yates Memo), and renewed focus on monitorships to correct and deter future wrongdoing.[1] In a three-part interview with Law360, Polite shed further light on the Criminal Division’s enforcement priorities and considerations when assessing a company’s compliance program. Polite ultimately advised that corporate proactivity and individual accountability are crucial in staving off government enforcement and qualifying for significant credit if an enforcement proceeding is brought. [2]

Polite detailed certain factors that the government will consider when evaluating a company’s past misconduct, including whether the same individuals are involved, the pervasiveness across the organization, the recency of the past misconduct, and its similarity to the current conduct in question.[3] David Last, Chief of the DOJ Fraud Section’s FCPA unit, echoed Polite at an FCPA panel hosted by the American Bar Association, adding that whether the company conducted a root cause analysis of the prior misconduct at the time and whether the company improved its compliance in light of the lessons learned are also important. If the root cause of prior misconduct “perfect[ly] overlaps” with the current misconduct, it is cause for higher scrutiny.[4]

Polite continued that the DOJ will also evaluate the overall compliance program’s maturity, types and extent of compliance testing, and degree of independence of the program. Polite emphasized that proactivity is key, and companies that empower compliance officers to be independent and properly resource their programs will reap “significant rewards.”[5] Companies that do not actively take steps to advance their program will virtually be subject to guaranteed oversight and scrutiny from an individual and corporate perspective.

Under the enforcement regime, government trial attorneys have full discretion to consider the full breadth of misconduct in evaluating a proper resolution, including whether to impose a costly monitorship. Polite ultimately justified that cost as the price of non-compliance which can be combatted with proactivity. Additionally, Polite highlighted that “there is no greater deterrent than the exposure of an individual to jail time” and therefore individual involvement will always be part of a potential resolution, even if it means the government must expend more resources in the investigation to identify potential cooperators. [6]

Consistent with the DOJ’s renewed emphasis on corporate enforcement, Polite also emphasized that the pipeline of FCPA cases remains strong under new leadership.[7] Former head of the Market Integrity and Major Frauds unit, Lisa Miller, was promoted to Deputy Assistant Attorney General overseeing the Fraud and Appellate Sections to complement Joe Beemsterboer, the head of the Fraud Section, and two very experienced prosecutors serving as principal deputies.[8] Polite also noted that strategic relationships with law enforcement agencies within and outside the U.S. are critical in accomplishing the DOJ’s goals.[9] Cooperation amongst government agencies is particularly important with the impending rollout of the National Cryptocurrency Enforcement Team, which will be designed to combat misuse of digital assets and report directly to Polite.[10]

Polite’s promise that government scrutiny of compliance programs will be “very rigorous,” coupled with the DOJ’s renewed emphasis on corporate enforcement and individual accountability, make corporate compliance programs ripe for review. Companies can be proactive by:

• Reviewing the compliance program’s structure and assessing the resources supporting the program, the compliance officer’s access to information, and the degree of independence of the program;
• Conducting an enterprise-wide risk assessment to identify, evaluate, analyze, and prioritize the risks facing the company, including FCPA and IT concerns and the impact of cryptocurrency on the business, and evaluating whether the compliance program is designed to address those risks;
• Testing the effectiveness of the compliance program’s testing, monitoring, and improvement functions; and
• Auditing the company’s past misconduct, if any, identifying the root causes of the misconduct and the actors, testing controls in the areas previously at risk, and reviewing improvements to the compliance program as a result.