DOJ Déjà Vu: Five Key Takeaways for Chief Ethics & Compliance Officers from the Monaco Memo

Last week, on October 28th 2021, at the ABA's 36th National Institute on White Collar Crime, Deputy Attorney General Lisa Monaco announced some changes - with a promise of more on the way - regarding how the Department of Justice (DOJ) will prosecute corporations.

 The Monaco Memo, as it’s already come to be known, raises the stakes, especially for corporations that are frequent flyers when it comes to enforcement actions and settlement agreements.

Hidden within the Memo are some key takeaways worthy of the attention of Chief Ethics and Compliance Officers, and anyone who cares about Ethics and Compliance Programs. 

Flashback to the Past: Resurrecting the Yates Memo.

The DOJ has resurrected the “Yates Memo,” with a call for corporations to name all individuals regardless of their level that may be involved or have knowledge of the corporate crimes.

To receive any consideration for cooperation, a corporation is going to have to “name the names,” as well as turn over all non-privileged information. If this feels more like a push than a nudge for corporations to take their Ethics and Compliance Programs seriously, it is.

As the Memo states, the purpose of this change is to “incentivize changes in corporate behavior.”

Reviving Monitorships: No longer an Exception to the Rule.

Modifying only part A of the Benczkowski Memo, a monitor should be in place if a corporation’s compliance program and controls are “ … untested, ineffective, inadequately resourced, or not fully implemented at the time of resolution.”

It can indeed be a high bar to meet to have all compliance program elements and controls fully implemented at the time of resolution even if adequately resourced. This raises the question for all Chief Ethics and Compliance Officers who strive for continuous improvement of their programs of whether these standards can be met.

What’s New?

Corporate Rap Sheets: The Past Counts Against You.

Companies that attempt to narrow the DOJ’s focus to the specific misconduct under investigation will no longer be successful. In the Memo, the DOJ cuts a wide swath to consider not only any enforcement action -  whether domestic or foreign, criminal or civil - but also for the entire corporate family. This includes the parent, all divisions, subsidiaries, and affiliates.

There is an underlying presumption that if the corporation were truly serious about its Ethics and Compliance Program, a single appearance before the DOJ should be more than enough. That is, there are no bonus miles or perks for frequent flyers.

More importantly, if the corporation hasn’t learned its lesson after one enforcement action, why is it likely that any “ …  proposed remediation or compliance programs, if implemented, will succeed?” 

The Memo seems to suggest that for repeat offenders, credit is not granted on the determination of the effectiveness of the current Ethics and Compliance Program but whether the corporation is capable of ever implementing an effective Ethics and Compliance Program. This turns the table from consideration of what is required to make a corporation reform to whether a corporation that is a repeat offender is capable of any reform.   

Have NPAs and DPAs Become a Free Pass?

The DOJ has crunched some numbers, and 10-20% of corporations that have Non-Prosecution Agreements (NPAs) or Deferred Prosecution Agreements (DPA), have made a second trip to be before the DOJ.

It seems that some corporations are not be holding up their end of the bargain, and the DOJ has put some corporations on notice of non-compliance with these agreements. In her speech to the ABA, Deputy Attorney General Monaco asks “ … have NPAs and DPAs become a free pass for corporations and just considered the cost of doing business?”

If so, the DOJ is not amused and as a result, these settlement agreements may be harder for corporations to obtain. 

Advisory Group

Having ditched the concept of Compliance Counsel to help advise prosecutors with assessing the effectiveness of a corporation’s Ethics and Compliance Program, it appears that the Corporate Crime Advisory Group is the replacement.

Established within the DOJ, its objectives are to consider  “… cooperation credit, corporate recidivism, and the factors bearing on the determination of whether a corporate case should be resolved through a deferred prosecution agreement ("DPA"), non-prosecution agreement ("NPA"), or plea agreement.”

Added to this list is how the DOJ should utilize artificial intelligence to process “vast amounts of data.” While not members, the Advisor Group is to get input from the business community, academia, and the defense bar.

Stay tuned as more details about the Advisory Group are forthcoming.

Five Key Takeaways for Chief Ethics & Compliance Officers

Use the Memo as an educational opportunity for the Board and C-Suite.

What matters most to the  Board and C-Suite?

What they might be liable for, which in this case is the fact that the liability stakes just got higher for them.

Traditionally, Board members and the C-Suite were sheltered from being named let alone interviewed or questioned about misconduct. Now, unless a defense can be made that sufficient resources (including not only the budget but also support and qualified staff) were allocated to the Ethics & Compliance Program so that it could be effective, there is culpability.

If there are troubled and under-resourced areas of the compliance program, now is the time, and the Monaco Memo is the justification, to ask for the needed resources. To drive the point home to the Board, include a discussion of the evolving Caremark standard regarding the Board’s duty of oversight for compliance programs as held in the recent Boeing decision.

To reserve some agenda time for future meetings, let the Board and C-Suite know that the DOJ has promised more changes to come. 

Use the Memo to get all the information you need about ALL misconduct.

In June of 2020, when the DOJ revised its guidance on the Evaluation of Corporate Compliance Programs, it made it clear that the Compliance Department and the Chief Ethics and Compliance Officer should have access to data - all data. This includes all instances of misconduct.

The Ethics and Compliance program cannot be well designed if it is not based on fact and focused on reducing the risk of misconduct.

The DOJ does not make the distinction that some corporations do about what acts of misconduct may “belong” to which departments within a corporation and the Monaco Memo makes it clear that past acts, all past acts, will be held against the corporation.

Thus, the Chief Ethics and Compliance Officer needs to know about all misconduct and this includes areas traditionally thought of as solely in the realm of Human Resources and other departments, such as harassment, discrimination, safety, and environmental.

Further, per the recent Boeing ruling, how can the Chief Ethics and Compliance Officer report to the Board and C-Suite regarding “red flag” risks, if he or she is not made aware of all misconduct?

Hello hotline, do we have a problem? 

Long gone are the days of letting concerns and hotline reports languish.

If reports come in and nothing is done, that’s a problem.

If it takes months for anything to be done, that’s a problem.

If you fail to communicate with those that raised that concern and those interviewed about status, that’s a problem.

If you only punish the rank and file but give executives and superstars a pass, that’s a problem.

If you have no idea how concerns get resolved and don’t know if corrective action was taken, that’s a problem.

Worst yet if there is a common practice of demasking, discrediting, bullying, and retaliating against those that speak up, that’s a problem.

The DOJ is unlikely to care about how much you have spent on a Speak Up campaign if you haven’t established the controls to ensure that concerns are timely resolved. Now is the time to think like a prosecutor and review and revise the investigation protocols.

If there are no investigation protocols, now is the time to create them.   

Culture, culture, culture.

The Memo doesn’t seem to focus on culture, as the word “culture” appears only once in the Monaco Memo. Nonetheless, initiatives that foster and support an ethical culture should continue, as we know that they are core to the effectiveness of an Ethics and Compliance Program. 

Coupled with the creation or review of investigation protocols should be training for managers on how to handle concerns and more robust reporting within the corporation about what types of concerns are raised, how long it takes for them to be resolved, and what corrective actions have been implemented. 

All in the family.

The DOJ’s inclusion of all past enforcement actions includes every entity in the corporate family.

This means that it’s time to take a fresh look at how the Ethics and Compliance Program has been implemented across all entities and to make sure that the Ethics and Compliance team has a seat at the table to perform due diligence and develop robust implementation plans for any merger and acquisition targets as well as partnerships or affiliations. 

This is a guest post by Ellen Hunt, Principal Consultant at Spark Compliance.