The Justice Department’s Criminal Division leader had a warning for companies negotiating resolutions with federal prosecutors: If your compliance chiefs don’t speak up, it might reflect poorly.
Companies under investigation that bring in their lawyers to advocate for a particular settlement should let the chief compliance officer take “a prominent role in those presentations” and lead the “portion related to the compliance program,” said Criminal Division Assistant Attorney General Kenneth Polite Tuesday. “And that’s not just for show, but I want to know that that is a leader that is empowered by that organization.”
Polite, who was previously a federal prosecutor and an energy company’s chief compliance officer, shared a telling example of a recent DOJ sitdown with a company’s outside counsel, general counsel, and compliance leader.
During the presentation, often held in hopes of influencing prosecutors’ decision about charging a company, a DOJ representative directed a question at the CCO, Polite said, but the general counsel answered instead.
“That single act gave me all the information that I needed,” he said in a speech to a Washington compliance conference. “That one act demonstrated that—literally and figuratively—that chief compliance officer had no voice in that organization.”
Addressing a conference room filled with compliance professionals, Polite advanced his previously-stated priority of giving compliance executives greater authority to voice concerns internally about their company’s process for preventing misconduct. He repeated his commitment Tuesday to instruct prosecutors to consider requiring CCOs to certify at the end of a settlement term that their company’s compliance program is reasonably designed and implemented.
While there’s no “one-size-fits-all” guidance on how his department will evaluate corporate compliance programs to determine whether to bring charges or in reaching deferred prosecution agreements, Polite did provide detail on the criteria DOJ lawyers consider—both when the misconduct occurred and at the point of a resolution.
“What we expect is that the company’s programs are well designed, that they are are adequately resourced and empowered to function effectively, and last but not least, that they work in practice,” he said.
For instance, a well-designed compliance program must be readily accessible and understandable to employees and business partners, and be tailored to “high-risk” areas, “such as third-party relationships or even mergers and acquisitions,” Polite said. Further, the compliance system needs to encourage employees to report violations without fear of reprisal.
Determinations that a program is adequately resourced extend beyond dollars and headcounts. They’ll be driven by the actual expertise and stature of the compliance personnel, Polite said.
To prove a compliance program is functioning, Polite wants companies to not only show how the company responds to employee misconduct, but to bring him success stories, including “the transactions that were rejected due to a compliance risk,” he said.