DOJ’s Framework for Company Prosecutions Needs a UK Approach

President Donald Trump’s leadership team has for months promised major changes at the Department of Justice. It’s also prioritizing thinner bureaucracies across all agencies, along with business-friendly policies.

UK law offers some lessons. There is one simple yet radical change the department can make that would advance all these goals: apply a common-sense approach to prosecuting companies by focusing resources on organizations that are pervaded by fraud, steered by wrongdoers, or have otherwise made conscious decisions to not follow the law. But law-abiding businesses that have robust compliance programs shouldn’t continue to be exposed to enforcement actions based solely on the conduct of low-level employees who violate company policies and commit crimes.

For decades, the department extracted millions of dollars from businesses in fines and penalties—to say nothing of corporate monitors and legal fees—when, in many of these actions, rogue employees skirt company policies and commit crimes. Just in 2024, settlements and judgments in False Claims Act actions alone exceeded $2.9 billion.

The department’s view, captured in its Justice Manual and applied around the country, is that a company is strictly liable for offenses, no matter the employee’s role, or the company’s culture or policies, and even if the employee acted for reasons that included “direct or indirect” “self-aggrandizement” or if the corporation didn’t profit from the actions. All these factors may be relevant, but they aren’t dispositive.

Companies with well-developed policies must navigate costly investigations to obtain the most lenient possible corporate resolutions—which could still amount to seven or eight figures. Why? Who benefits from these investigations? Not the public, not the shareholders, not law-abiding employees, not the customers, and certainly not the justice system.

It’s time to change the department’s policy: low-level employees who violate companies policies that are implemented in good faith shouldn’t expose the entire organization to enforcement actions.

Most lay people would be surprised to know that a company can have a well-resourced compliance program, but could still face the prospect of severe punishment for the isolated and aberrational conduct of a single, low-level employee. A low-level salesperson could, for instance, violate company policy (and federal law) by bribing an employee of a foreign state-owned company.

The company could detect this, report it to the authorities, and still face exposure, even if it did everything right—in catching the conduct and reporting it. To be sure, at least in the context of foreign bribery cases, there is a presumption of a declination when a company makes the risky decision to self-report, but there is no guarantee.

It all stems from the concept of respondeat superior—a legal doctrine that, in appropriate circumstances, holds the principal accountable for the actions of its agent.

In the department’s view, if an employee commits a crime when acting within the scope of their employment with at least the intent to partly benefit the company, then their company is also criminally liable, even if it didn’t do anything wrong or intend to do anything wrong, and didn’t benefit from this wrongful conduct. The employee’s primary motivation could’ve been their own personal gain, and the employer would still be criminally exposed.

This idea, of vicarious liability, is anathema to criminal law, which is built on the premise, familiar to the public, that prosecutors must prove, beyond a reasonable doubt, mens rea—a guilty mind—and actual conduct by the accused before convicting anyone of a crime.

In the corporate context, prosecutors try to simply impute employees’ mens rea onto their companies. The common argument in favor of this approach is that companies don’t go to jail, and they should be incentivized to make sure they have law-abiding employees. But there is a better way to do it.

UK Approach

Consider systems based on UK law, a person’s conduct is attributed to corporations if they were controlling the mind and will of the company, the “corporate criminal attribution” test recently updated in the UK to include senior managers. “Failure to prevent fraud offenses” have a lowered threshold for employees who can expose their organizations, but reasonable fraud-prevention procedures act as a defense to criminal liability—not just one relevant factor as it’s in the US.

A 2022 UK Law Commission survey of other countries’ systems reveals a similar focus on policies and procedures to determine if the company invited or tolerated certain criminal behavior. Any of these approaches—or their combination—makes more sense than dragging a company through the rigors of a disruptive and costly criminal action because an isolated bad actor decided to violate company policy and commit a crime.

The DOJ policy leaves much too much to the discretion of individual prosecutors. The so-called “Filip Factors”—a list of circumstances prosecutors consider to determine if a business should be charged with a crime—point prosecutors to 11 factors they can consider, which include the assessment of a company’s compliance program at the time of offense.

That assessment, in turn, is a dense document—the Evaluation of Corporate Compliance Programs—that, like the Filip factors, is updated regularly, especially when new administrations take charge. Together, the hodgepodge of factors and questions allow a prosecutor to reach virtually any result they want, from insisting on a full conviction with eye-popping penalties, all the way down to a declination with no imposed monetary component.

Yes, companies aren’t normally convicted if they report a crime and fully remediate, and yes, the efficacy of a compliance program is an important factor. But businesses still expose themselves to harsh punishments in the form of cumbersome ongoing obligations, steep fines, and disgorgement that doesn’t fully account for costs, even if they ace these factors.

The department tried to enhance incentives to self-report, but even assuming organizations can catch every bad actor, the incentives will never be enough for companies to consistently come forward when prosecutors continue to hold the hammer of potential criminal liability.

The Trump administration has promised many changes. Why tinker around the edges through speeches or memos, like it did last time, to pull back on unfair corporate resolutions? Why not simply add to the Justice Manual a new policy that the department will no longer pursue criminal actions against companies for the conduct of low-level employee—if the companies had serious, well-implemented compliance programs, which can be demonstrated by catching and timely reporting the wrongdoer?

Organizations, knowing their exposure will rise or fall based on what they do to catch and discourage criminal conduct, will be incentivized to improve their compliance programs.

Such a program must carry a policy of self-disclosure of any employee caught committing a crime, which is a policy companies are more likely to strictly follow if their immunity is guaranteed (absent leadership involvement in the crime), without the need for a costly government-facing investigation.

There is no reason that US companies or foreign ones operating in the US should be disadvantaged by the department’s desire to impose higher penalties on even the most well-meaning businesses.

It’s the equivalent of an added corporate tax. It makes the US less attractive to businesses; it empowers unelected government officials; and it diverts resources away from focusing on more worthwhile prosecutions. It’s time to reimagine corporate enforcement.

This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.

Author Information

Andrey Spektor is partner at Norton Rose Fulbright and a former federal prosecutor.

Write for Us: Author Guidelines