“Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group”

Compliance programs play a critical role for healthcare organizations, ensuring both individuals and the organization conduct business in a manner conforming to applicable laws and regulations. An effective compliance program will be tailored to the organization and will rarely appear identical from one organization to another. Those familiar with the enforcement landscape know guidance provided by enforcement agencies plays an integral role when guiding the focus of time and efforts of a compliance program and can aid in defining the compliance department’s value to an organization.

In a speech on September 15, 2022, Deputy Attorney General Lisa Monaco announced policy changes to the Department of Justice’s (DOJ) corporate enforcement approach in tandem with a memorandum released the same day which detailed the changes (Monaco Memo). The Monaco Memo builds on past announcements of policy developments, most notably the 2015 Deputy Attorney General Sally Yates’ memorandum (Yates Memo) which was intended to increase accountability of individuals who perpetrated wrongdoing within a corporate setting. Building on concepts in the Yates Memo and other DOJ guidance, the Monaco Memo provides additional context and direction for DOJ investigators when prosecuting or resolving cases of wrongdoing.

While both memos do not change the ultimate objectives of an organization’s compliance program, they highlight some areas where compliance programs could (and should) invest more effort. The guidance also provides additional incentives for corporate leaders and executives to invest in a robust compliance program to reduce the likelihood of wrongdoing while also demonstrating they were not asleep at the wheel if a bad actor creates an issue for the organization.

Cooperation

The first matter discussed in the Monaco Memo is the timely disclosure of relevant information. Parties may receive credit for cooperating in the investigation and “the level of a corporation's cooperation can affect the form of the resolution, the applicable fine range, and the undertakings involved in the resolution.” In the memo, the DOJ emphasizes that for corporations to receive credit for cooperation, they need to “produce on a timely basis all relevant, non-privileged facts and evidence about individual misconduct such that prosecutors have the opportunity to effectively investigate and seek criminal charges against culpable individuals.” The DOJ considers this a priority because prosecutors are instructed to complete investigations into individuals “prior to or simultaneously with the entry of a resolution against the corporation.” Delaying the production of information or documents to the DOJ will reduce or eliminate any cooperation credit that may be available.

Self-Disclosure

Self-disclosure of intentional and unintentional violations has always played a particularly important role in healthcare compliance. The new memo cements this in the DOJ’s procedures by requiring that all government components that investigate and prosecute corporate criminal misconduct must adopt a voluntary self-disclosure policy which aligns with two core principles:

1. Absent aggravating factors, the DOJ will not seek a guilty plea when the organization has “voluntarily self-disclosed, fully cooperated, and timely and appropriately remediated the criminal conduct.”
2. An independent compliance monitor will not be mandatory for an organization that can demonstrate that at the time of the resolution, has “implemented and tested an effective compliance program.”

When a culture of compliance and an effective compliance program exists in an organization, it is much more likely self-disclosure will be a part of any internal discussions regarding potential or discovered misconduct. A compliance department can educate leaders, executives, and governing bodies on the benefits of self-disclosure.

Evaluation of the Compliance Program

A fundamental reason for maintaining an effective compliance program is that it “can have a direct and significant impact on the terms of a corporation's potential resolution with the Department.” (emphasis added). In addition to past guidance documents (e.g., Evaluation of Corporate Compliance Programs (updated June 2020)) which identify the factors used to evaluate the effectiveness of a compliance program, the Monaco Memo highlights “additional metrics relevant to prosecutors' evaluation of a corporation's compliance program and culture.”

Prosecutors will include in their evaluation whether the organization uses compensation structures that promote compliance. This includes punitive measures for instances of non-compliance while also incentivizing and rewarding individuals who promote compliance within the organization. The DOJ will evaluate if the organization has these types of processes in place and whether they have occurred in practice. For example, if an executive or director has a clawback provision in their compensation agreement and misconduct has been identified, what steps has the organization taken to exercise the clawback? Additional guidance is expected to be released, detailing how the DOJ expects organizations to implement these policies and how the DOJ will reward organizations for using them effectively.

In addition, the DOJ has identified the risks that personal devices (phones, laptops, tablets) create for organizations when attempting to properly monitor and record business communications and data. If personal devices and third-party applications are used by individuals for business purposes, preservation of those data and communications may be difficult to manage. Additional guidance is expected to be released related to best practices in this matter and how to incorporate them into the Evaluation of Corporate Compliance Programs guidance. Compliance departments should ensure that they, or a related department such as Information Technology/Security, have policies and procedures in place which address the use of personal devices and third-party messaging platforms and that training and education on these policies are provided to employees.

Take Aways

• Cooperation with government investigations will make a practical difference in the way prosecutors proceed with investigations and subsequent resolutions of matters.
• Organizations can protect themselves by relying on an effective compliance department to identify matters early and assist in government investigations as appropriate.
• Effective internal reporting lines can lead to early discovery of misconduct and earlier self-disclosures.
• Educating senior leaders, executives, and board members on the importance of an effective compliance program, including how the program can reduce penalties to the organization, and to those individuals if they were negligent in their oversight responsibilities.
• Incorporate within an organization’s compensation structure compliance-based financial incentives and penalties.
• Review your organization’s policies and procedures related to personal devices and third-party applications to ensure they address the risk appropriately.