Understanding the US Corporate Compliance Review

Posted by

Ian Hare

on 03 Nov 2022


The US Department of Justice recently announced several new compliance policies. We examine the changes, how they relate to UK compliance and what they mean for businesses.

Understanding the US Corporate Compliance Review

Lisa Monaco, Deputy Attorney General at the US Department of Justice (DOJ), recently introduced new corporate crime policies which will shake up the DOJ's approach to corporate crime.

A 2020 survey of US corporations by the law firm Miller & Chevalier suggested the USA's then-market maturity "reflected a trend of companies expanding their compliance programmes beyond 'basic policies' and making meaningful investments to erect robust, sustainable programmes."

This conclusion follows years of work carried out by the United States DOJ and the Securities and Exchange Commission (SEC). As the two principal enforcement agencies with jurisdiction over financial and other white-collar crimes, the organisations teamed up in 2012 to issue 'A Resource Guide to the US Foreign Corrupt Practices Act'.

The Resource Guide gathered years of 'unofficial' compliance guidance and introduced several now well-established principles designed to help companies create and implement effective compliance programmes.

Compliance Challenges 2024

How effective are US compliance guidelines?

The DOJ and SEC's guide covered ten principal hallmarks, including among others, 'oversight, autonomy and resources', 'incentives and disciplinary measures', and 'confidential reporting and internal investigation'.

While the guidelines are not legally binding, they set out the US government's expectations and the standards the DOJ and SEC use when considering business' compliance programmes during criminal, civil and regulatory enforcement actions.

However, despite the aim of the Biden presidency to tackle corporate crime more aggressively, DAG Monaco acknowledged that the DOJ's current enforcement record falls short of expectations.

In fact, the figures are alarming. According to stats gathered by career experts, Zippia, white-collar prosecutions make up just 3% of federal prosecutions and are down by over 50% compared to 2011. Estimates also suggest that 90% of white-collar crimes go unreported.

Compliance Fines & Settlements

What are the changes to US corporate compliance?

Unsurprisingly, when set against this backdrop, Monaco's September speech highlighted the DOJ's intent to no longer accept "business as usual" when investigating corporations and corporate officials.

Calling the policies "a combination of carrots and sticks," the DOJ's changes are designed to give organisations' Compliance Officers the tools to do the right thing regarding responsible corporate behaviour and empowers prosecutors to hold non-compliant businesses accountable.

Given this tougher stance, it's more critical than ever that US organisations thoroughly review their compliance procedures to ensure they don't fall foul of the DOJ's new priorities. The five key takeaways businesses need to be fully aware of are:

  • Individual accountability
  • History of misconduct
  • Voluntary self-disclosure
  • Independent compliance monitors
  • Company culture and compensation incentives

How to be an Effective CCO

1. Individual accountability

Announced as their number one priority, the DOJ aims to act fast and do more to prosecute individuals who commit corporate crime, regardless of position, status, or seniority.

Currently, US businesses can receive cooperation credit – intended as an incentive to disclose misconduct and cooperate with investigations voluntarily. This may include a reduction of damages, civil penalties or other benefits.

To combat any reluctance to reveal wrongdoing, companies can now potentially maximise credit by quickly and transparently self-disclosing individual misconduct.

On the flip side, any unwarranted or intentional delays will result in cooperation credit being reduced or denied – particularly regarding individual accountability. This reflects the DOJ's changed focus on charging individuals at the same time they resolve matters with the company.

Individual accountability in the UK

Individual accountability in the UK can be difficult to nail down. The UK's 'identification principle' requires prosecutors to find the business' 'directing mind or will' behind the criminal act.

However, the size of some companies and their diverse decision-making enables culpable people to often hide behind ambiguity and the defence of knowing nothing.

Free MLRO Responsibilities Checklist

2. History of misconduct

Previously, the DOJ considered a company's entire criminal history when deciding if and how to prosecute. Following a backlash, 'dated conduct' (10 years old for criminal resolutions and five for civil and regulatory resolutions) will now carry less weight than recent conduct.

Prosecutors must also focus on whether the current misconduct stems from the same root cause or individual employee as before. However, if the previous offence occurred in a more heavily-regulated industry – such as financial – the DOJ will take it into consideration.

History of misconduct in the UK

Prosecutors will take any previous relevant convictions or whether the business is subject to previous relevant civil or regulatory enforcement action into account as part of a 'harm figure'. The overall 'harm figure' could mean up to a 4x increase in the severity of the financial punishment.

Free Conduct Rules Training Aid

3. Voluntary self-disclosure

Any DOJ department that prosecutes corporate criminal behaviour must now create a formal, written policy that incentivises businesses to voluntarily self-disclose. Each policy must also clarify that the company can avoid a guilty plea and a potentially expensive compliance monitor if they cooperate with the investigation, rectify the misconduct and have an effective compliance programme in place.

Voluntary self-disclosure in the UK

Self-disclosure in the UK and cooperation with the authorities may help to mitigate prosecution or reduce a fine. However, the UK's Serious Fraud Office warns that a self-report must form part of a "genuinely proactive approach' by the company once alerted to the offence, but is no guarantee that a prosecution won't follow.

Key Compliance Officer Skills

4. Independent compliance monitors

The DOJ is empowered to appoint an independent compliance monitor if appropriate. However, the recent speech added ten factors to consider before doing so. In addition to the above, these factors boil down to firms identifying if they need an independent compliance monitor, how to choose one, and how to oversee them.

This aims to ensure that monitoring is explicitly tailored to the misconduct and the effectiveness (or not) of the company's compliance programme and response.

Independent compliance monitors in the UK

Though not as prevalent as in the US, using independent compliance monitors following a criminal or regulatory breach is gaining ground in the UK. However, they are typically used in a more targeted way.

Free Compliance Culture eBook

5. Company culture & compensation incentives

While the DOJ has always taken a company's compliance programme into account when deciding on charges, evaluations must now assess the compliance programme in place at the time of the offence and when it is resolved.

Prosecutors will also examine the organisation's compensation culture to determine if it discourages disclosure via contact clauses or severance agreements or instead includes appropriate deterrents and encourages pro-compliance. Companies that reward employees for reporting misconduct will also receive increased cooperation credit.

Company culture & compensation incentives in the UK

Prosecutors must assess the effectiveness of an organisation's compliance programme at the time of the offence, its current state, and how it might change. All these factors can be taken into account.

Whistleblowers may receive uncapped financial compensation for damage to their career, loss of job, or mental ill-health after raising their concerns. However, rewarding whistleblowing is currently uncommon in the UK, and only South Korea and the US have advanced rewards systems in place.

Whistleblowing Policy Tips

Implementing corporate compliance programmes

With the DOJ looking to clamp down on criminal behaviour and a greater emphasis on prosecuting both companies and individuals, US businesses must ensure they have robust compliance programmes in place aligned with a culture of honesty, integrity and transparency.

In DAG Monaco's words: "Companies should feel empowered to do the right thing—to invest in compliance and culture, and to step up and own up when misconduct occurs. Companies that do will welcome the announcements. For those who don't, our prosecutors will also be empowered – to hold accountable those who don't follow the law."

Click me

Looking for more compliance insights?

We have created a series of comprehensive roadmaps to help you plan and execute compliance in your organisation.

Our best-selling Compliance Essentials Library and award-winning LMS provide a one-stop compliance training solution, including compliance refresher courses.

And our searchable compliance glossaries explain key terms and regularly report on learnings from the largest compliance fines resulting from regulatory breaches.

We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!

If you'd like to stay up to date with compliance learning best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.

Last but not least, you can interact in person with thought leaders and your peers at one of our popular live webinars and face-to-face events.

If you've any questions or concerns about compliance or e-learning, please get in touch.

We're happy to help!

Compliance Audit Checklist

Compliance audits systematically examine organisations' activities to determine whether they meet all applicable legal requirements and corporate policies.

Here, we explain the key steps to completing a compliance audit to identify any gaps in compliance and suggest corrective actions.

Download your free audit checklist