Perhaps the most visible accomplishment during my tenure as the compliance counsel expert at the Fraud Section in the Criminal Division of the Department of Justice (DOJ) was the “Evaluation of Corporate Compliance Program” document released in early 2017.
On April 30, this document was updated in three significant ways:
- its status was upgraded to an official “Guidance Document”;
- its coverage was extended from the Fraud Section to the entire Criminal Division; and
- it adopted references to other Criminal Division documents.
The questions that formed the scaffolding of the original evaluation document have been fully incorporated and remain the heart of the Guidance.
Practitioners in the compliance industry immediately responded with obsessive parsing of the updated Guidance, as it did when the original version was released. Back then, I was deeply amused—and often troubled—by the obsession: Many “interpretations” were nothing more than ill-guided attempts by vendors to sell their products and services.
Few of the interpretations today vary from those of the original. Here are some reasons why you should not obsess over the Guidance.
It Is NOT a Best Practice Guide
The purpose of the Guidance is clearly stated: to help prosecutors determine “the appropriate (1) form of any resolution or prosecution, (2) monetary penalty … and (3) compliance obligations contained in any corporate criminal resolution (e.g. monitorship or reporting obligations).”
In other words, it is used to determine criminal culpability, size of penalty, and need for supervision. But these determinations are predicated on there having been a corporate crime committed. The Guidance is written for a defendant in the dock, not good citizens on the street. It is a best-among-worst practices guide.
In the editing process for the original set of questions, many edits were made in recognition of the fact that most companies appearing before the Fraud Section could not hope to meet what we believed to be “best practice” standards. It was about aiming slightly higher than the lowest common denominators. If you simply meet the expectations of the Guidance, congratulations, you got a C. Those who got As didn’t have to answer those questions to the DOJ, or they got the prosecutors to ditch the Guidance question in favor of asking about the innovative work they were doing.
It Is Written for Prosecutors
In addition to determining culpability, penalty, and supervision, the Guidance is written to encourage compliance programs that help produce evidence for prosecution. Take, for example, certification. Prosecutors know that certification does not change behaviors, but they want companies to require it because it provides useful evidence of intent against individual defendants.
Furthermore, any certification submitted over interstate communications networks (online, by mail) may provide a basis for the additional charge of mail or wire fraud. Certification is useful for prosecution, not compliance. The prosecutors know and understand this difference; often, companies don’t.
It Is Written for the Criminal Division
Not only is the Guidance written for prosecutors, its audience is prosecutors in the DOJ’s Criminal Division specifically. The Money Laundering and Asset Recovery Section is a component of the Criminal Division just like the Fraud Section, yet know-your-customer due diligence was not included in the third-party management section of the Guidance, and money laundering appeared only in a footnote.
The Public Integrity Section, another Criminal Division component, prosecutes domestic corruption, yet only foreign officials are mentioned in the Guidance.
These seemingly curious omissions make sense when you understand that most money laundering and domestic prosecutions are led not by the Criminal Division but by U.S. attorneys offices and other enforcement bodies. The Criminal Division has a unique authority in Foreign Corrupt Practices Act cases, which involves foreign officials and non-customer third parties, so it is no surprise that a Criminal Division Guidance emphasizes FCPA-related compliance; but FCPA cases constitute only a very small percentage of corporate enforcement.
Over-obsession with this Guidance that leads to neglect of non-Criminal Division risk areas will impede your compliance program. If a U.S. attorney, state attorney general, DOJ’s Antitrust Division, or the SEC is pursuing your company for money laundering, domestic bribery, price-fixing, or financial statement fraud, your failure to focus on those risks because they were not emphasized in the Guidance would not help you.
Does this mean the Guidance is not useful? Not at all.
The core questions can be used to think through compliance programs strategically and generically. Boards and senior management should use them as a resource to evaluate all risk areas, and do so by going beyond the bare minimum represented in the Guidance. If you aim higher and broaden your sight, you’d reduce the risk of ever having to sit in front of the DOJ to answer the Guidance questions; even if you did have to answer these questions, you’d be the one to surprise prosecutors with your higher standards and thereby likely improve the outcome for your case.
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
Hui Chen is an independent ethics and compliance consultant and was the Justice Department’s first-ever compliance counsel expert. She has served in global senior compliance lead positions at Microsoft, Pfizer, and Standard Chartered Bank.