Reprinted with permission from the August 27, 2015 edition of Daily Business Review© 2016 ALM Media Properties, LLC. All rights reserved. Further duplication without permission is prohibited. ALMReprints.com – 877-257-3382 - firstname.lastname@example.org.
In late July, the U.S. Department of Justice announced it is creating a new compliance counsel position in its criminal division to assess the effectiveness of compliance programs and help prosecutors decide whether and how to charge businesses under criminal investigation.
Andrew Weismann, chief of the criminal division's fraud section, announced that the purpose of the new position is to help prosecutors distinguish between effective and "paper" compliance programs and provide companies with greater clarity with respect to DOJ's expectations. A former prosecutor with private sector in-house experience is reportedly being vetted for the new counsel position.
Businesses already know that as part of any effectiveness analysis, the government will be looking for all of the elements of an effective compliance program as defined by the U.S. sentencing guidelines. For that reason, for most private businesses, additional written guidance on the difference between effective and "paper" programs is not what is needed.
Among the fundamental questions that businesses will want the DOJ counsel to answer is: When will U.S. enforcement authorities consider a compliance issue as evidence of a compliance program's effectiveness rather than its failure, will enforcement authorities credit good faith cooperation or default to Monday morning quarterback "investigations of the investigation and how much internal investigation short of "boiling the ocean" is reasonable?
Despite great attention to compliance issues and programs, it is not currently clear whether a business' view of reasonable and appropriate compliance resources aligns with that of the government.
The DOJ and the Securities and Exchange Commission claim to take a "common-sense and pragmatic approach to evaluating compliance programs," evaluating three basic questions: Is the company's compliance program well designed? Is it being applied in good faith? Does it work? (A Resource Guide to the FCPA, at 56.)
However, it sometimes seems as if the agencies take the position that the mere existence of compliance issues renders the answers to those questions, "No," even in the face of substantial compliance resources and activities.
A significant issue faced by companies under investigation is that such investigations can take years. New compliance issues inevitably arise after the commencement of a government investigation, even for companies with best-in-class compliance programs.
Simply put, if you work for a company that operates globally or in the health care or another highly regulated industry, the probability is high that you may identify an issue related to a corrupt government official, a rogue sales representative or a small-but-ever-present percentage of employees "who just don't get it."
The question then becomes what does the new compliance issue mean? Does it mean that your program is effective — or that your business should be prosecuted or subjected to enhanced monitoring or self-reporting? The government's expectation of effectiveness cannot be a zero incidence rate, and we will look for the new DOJ compliance counsel to set standards — through guidance and through more transparent considerations in charging — as to the effectiveness of how the company responds when it detects issues that inevitably arise.
In the eyes of defense counsel and those with experience in the private sector, a compliance issue that is elevated through a company's reporting system or that otherwise comes to the attention of senior leadership because of the business's compliance program likely reflects a level of compliance awareness. That should count toward a finding that the program is effective.
The reality of doing business is that compliance issues do arise — despite a strong culture, policy prohibitions and training — and so long as they are appropriately identified and remediated, they should not be taken as evidence of a flawed compliance function.
If the government wants to incentivize businesses to implement strong programs, it should judge businesses by how they respond to the issues that arise, and not based upon the mere existence of such issues.
Yet many defense counsel have sat across the table from U.S. enforcement authorities and have seen them take the position that the existence of new issues is evidence of flaws in the company's compliance function or, rather than focusing on the underlying conduct, defaulting to an immediate critique with all the benefit of 20-20 hindsight of how the company reacted to compliance allegations.
Far too often, the identification of new compliance issues extends already lengthy investigations and results in DOJ imposing significant self-reporting or burdensome monitorships.
That is not to say that the DOJ and U.S. regulators should ignore new compliance issues in resolving a matter. Rather, we need a more principled approach as to how the identification of new issues affects the government's assessment of a program's effectiveness and whether, when, and how to resolve the matter already before the government.
Defense counsel are optimistic that the new compliance counsel's experience in the private sector will bring this needed perspective on the challenges faced by business. Ultimately, it's our hope that the new counsel will usher in a new era of transparency, collaboration and partnership between law enforcement and industry.