Remarks of Principal Deputy Associate Attorney General Claire McCusker Murray at the Compliance Week Annual Conference

Remarks as Prepared for Delivery

Thank you for that kind introduction, and thank you so much for having me.  This is the start of my third week as the Principal Deputy Associate Attorney General, and as the head of the Office of the Associate Attorney General.  I feel tremendously honored to join a leadership team that includes our new Attorney General, Bill Barr, and our even newer Deputy Attorney General, Jeff Rosen, who will be sworn in tomorrow.  Our philosophy is that an agency can never be led by too many lawyers from Kirkland & Ellis.

You may be asking yourself: “What is the Office of the Associate Attorney General?”  You would not be the first.  The Associate Attorney General is the third-ranking official in the Justice Department.  The office was created by statute in the 1970s to oversee the civil side of the Department of Justice.  In that capacity, my office oversees multiple litigating components, including the Civil Division, the Environmental and Natural Resources Division, the Antitrust Division, the Civil Rights Division, and the Tax Division, as well as a number of grant making components and several smaller offices.  As a rough heuristic, you might say that I oversee the components in the Department of Justice that are least likely to be featured on Law & Order.

We have historically had a number of priorities in my office.  For the last two and a half years, under the leadership of Rachel Brand and my predecessor Jesse Panuccio, the Associate Attorney General’s office has worked to promote and defend the rule of law, from championing free speech on campus and protecting religious liberties in government programs, to ending improper third-party payments in settlements and speaking up when class action settlements are inconsistent with the Class Action Fairness Act. 

The office has been advancing the Administration’s agenda on regulatory reform by reining in regulation by guidance and rulemaking, enforcement and by ensuring that our regulatory actions are supported by sound cost-benefit analysis. 

The office has also focused on good-government practices by exercising more control over qui tam litigation under the False Claims Act and setting proper limitations on the use of consent decrees in enforcement actions against state and local governments.

But today I want to talk about our emphasis on corporate enforcement policy and in particular what we and the rest of the Department are doing to promote and incentivize corporate compliance. 

Although the litigating components I oversee spend much of their time on defensive litigation, each of them has affirmative enforcement obligations—both civil and criminal—and a significant part of their work involves corporate enforcement.  And as I’ll discuss in a little while, a corporate defendant’s approach to compliance is highly relevant to enforcement.

But first let me just say that it is a privilege to be addressing this group of lawyers and compliance officers because you serve as gatekeepers, who endeavor every day to make sure that businesses operate legally and ethically.  You are the first line of defense, and every day you work to prevent corporate misconduct from happening in the first place. 

And even when your compliance teams aren’t able to prevent wrongdoing from occurring, you and your compliance programs make it possible to detect misconduct early, take prompt remedial action, determine whether a voluntary disclosure to the government is appropriate, and ultimately move forward with the benefit of lessons learned. 

This Department of Justice appreciates the challenges you face.  Our Attorney General has been a General Counsel and a Director at multiple companies—you might say that corporate compliance was his day job.  Our new Deputy Attorney General spent nearly thirty years advising corporations about the complicated regulatory regimes within which they operated.   And a significant portion of my practice at Kirkland involved internal investigations and white collar defense in the FCPA space.

So, when we say that the Department’s leadership understands the difficulty of advising executives and boards in navigating complex transactions, fiduciary obligations, ethical quandaries, and legal minefields, we really mean it. 

We know compliance is a major investment.  But we also think it pays important dividends.  In some sense, this is a very classical notion: for the ancients, “virtus”—what we call “virtue”—meant not just obeying a list of ethical precepts, but also achieving excellence.  The writings of Plato and Aristotle are, in large part, an exploration of the thesis that living virtuously results in human flourishing.  In a regime like ours, grounded in the rule of law, companies—like people—flourish when they behave virtuously.  Companies with smart compliance programs are more investible and less risky, they make better partners for commercial ventures, and they last longer, creating more jobs along the way.  American business is at its best when there is a level playing field, and a culture of compliance and fair dealing is a key component of that.

We also recognize, as our former Deputy Attorney General Rod Rosenstein put it last year at this conference, that upholding the law and respecting fiduciary and ethical boundaries is “a two way street.”  “We ask companies to act in accordance with laws and regulations, even when doing so may be difficult or burdensome… [and w]e in law enforcement reciprocate by defending the rule of law and protecting the integrity of the marketplace.”  That’s the deal that we have with you, and it is one that we will always strive to fulfill. 

Now let me turn to why the Department is in the business of promoting compliance programs and what we are doing to get better at that task. 

When the Department takes enforcement actions against corporations, our prosecutors and affirmative civil enforcement attorneys will often take a deep dive into the company’s compliance programs.  Why?  Because we generally apply the same prosecutorial principles in charging corporations that we would with respect to an individual.  Just as an individual’s efforts to avoid engaging in criminal behavior are probative of his state of mind, so are a company’s compliance efforts relevant to its culpability.  For that reason, a fair resolution frequently requires an understanding of the compliance function at the time of the conduct at issue and any subsequent remedial steps that have been taken by the company.  This part of our enforcement strategy was made particularly clear in 2008 when my former law partner, then-Deputy Attorney General Mark Filip, incorporated the “Principles of Federal Prosecution of Business Organizations” into what was then called the U.S. Attorney’s Manual—now the Justice Manual.    

Since the announcement of the Filip Factors, as these principles have come to be known, the Department’s attorneys—especially those in the Criminal Division—have gained a much stronger understanding of what constitutes an effective approach to compliance, and we are taking significant steps to develop our expertise all the more.

Before I get into what my side of the Department is doing on this front, let me go over some of what the Office of the Deputy Attorney General and the Criminal Division have recently done in this area.

I’ll start with the Department’s Corporate Enforcement Policy.   As many of you know, former Deputy Attorney General Rod Rosenstein announced this policy in November 2017, after having analyzed the results of the 2016 FCPA Pilot, which sought to reward companies for self-policing and self-disclosing violations of the Foreign Corrupt Practices Act.  The FCPA Pilot brought about almost twice as many voluntary disclosures from companies over an 18-month period, and as a result, the Department codified—and improved—the policy within the Justice Manual. 

The Corporate Enforcement Policy provides significant advantages to FCPA defendants who voluntarily disclose misconduct, cooperate with the Department’s investigation, and take remedial measures.  The policy makes clear that the implementation of an effective ethics and compliance program is necessary to receive the maximum benefit.  The leadership of the Criminal Division went even further last year and announced that this same Corporate Enforcement Policy can be applied in any of their criminal enforcement actions—not just FCPA cases.

When the Department published the Corporate Enforcement Policy, the Department also announced the formation of a Working Group on Corporate Enforcement and Accountability, chaired by the Deputy Attorney General’s office and vice-chaired by my office.  This working group has been a driving force for many of the Department’s policy developments around white collar crime, fraud on the government, corporate compliance, and related issues.

Last year, when Assistant Attorney General Brian Benczkowski arrived at the Criminal Division, he announced a hiring initiative to recruit not only prosecutors with experience in the courtroom but also those who bring in-house compliance experience to the table.  He rightly believes that pairing seasoned corporate-enforcement prosecutors with attorneys who have successfully developed, tested, and administered corporate compliance programs will result in more fair and just resolutions. 

I plan to take a page from Brian:  As I meet with our litigating divisions in the coming weeks, I plan to ask what first-hand experience their corporate-enforcement attorneys have not only with prosecution, but also with in-house compliance.  And I will ask them to evaluate whether their staffs would be more effective if they worked to recruit at least some prosecutors with in-house compliance experience.

Brian also announced last year that the Criminal Division would begin developing a robust training program that not only addresses compliance programs generally, but also industry-specific compliance issues, so that healthcare prosecutors can develop expertise in healthcare industry compliance, financial-crime prosecutors can develop expertise in banking industry compliance, and so on. 

The Criminal Division hosted the first training symposium just two weeks ago, and my office was invited to participate.  The civil side of the house also sent about a dozen False Claims Act attorneys from the Civil Fraud Section to attend the training, and in a moment, I’ll explain why that was significant. 

It was a full day of thoughtful discussion, centering in part around how the Criminal Division evaluates corporate compliance programs in its resolutions.  One important takeaway was that the Department does not see compliance as one-size-fits-all.  We don’t have a rigid formula for assessing the nature and effectiveness of a compliance program. 

A small startup or family-owned business may have an entirely different risk profile from that of a large, complex business.   Of course, as companies expand, risk profiles can change.  What we find commendable is when we see a company that has properly managed its risks through an appropriately tailored compliance function, especially one that has grown along with the company.

I understand the Criminal Division will be hosting more targeted training over the course of this year, and we are hoping that more of our components and their attorneys will be able to attend and participate.

The reason I am excited to work with Brian on these recruiting and training initiatives is that we both agree that having expertise in compliance at the Department not only helps our attorneys, it also benefits the parties who are negotiating a resolution with us.   After all, when you’re presenting your corporate compliance policies, you want the government’s lawyers to be well versed in what’s effective, what’s practical, and what’s not.  Having expertise in compliance on both sides of the table advances the Department’s mission of pursuing justice.    

Now I’d like to talk about some initiatives underway on my side of the Department.  For example, two weeks ago, the Civil Division announced a False Claims Act reform that takes a page from the Corporate Enforcement Policy, and thus is very significant to the compliance profession.  Before I get into the details, let me give you some background on our False Claims Act work.

As many of you may know, the False Claims Act serves as the government’s primary civil remedy to redress fraudulent claims for federal funds and property involving a multitude of government programs and contracts. 

We use the False Claims Act to fight healthcare fraud, procurement fraud, grant fraud, financial fraud, and many other types of fraud.  Enforcing the False Claims Act is a top priority for the Department—not just for our office.

Our work in the False Claims Act space not only protects the taxpayer, but it serves other important goals.  Fraudulent conduct can drive up consumer costs, undermine competition, and in some cases, even put people’s lives at risk.  By effectively enforcing the False Claims Act, we protect the taxpayer, we deter bad actors, we protect victims, and we level the playing field in the markets.

The Department brings its own enforcement actions under the False Claims Act, but a significant percentage of these cases come to our attention because of the statute’s qui tam provision, which allows whistleblowers to file lawsuits alleging false claims on behalf of the United States. 

The False Claims Act is of great significance to certain regulated industries where compliance plays a critical role.  But to be clear, the False Claims Act is not supposed to be “a vehicle for punishing garden-variety breaches of contract or regulatory violations,” as the Supreme Court said a few years ago in the Escobar case.  

Suffice it to say, companies in highly-regulated industries can face significant False Claims Act exposure for material violations of law anytime federal money is involved, which means that compliance personnel like you are critical to mitigating that risk.

We have announced a number of policies concerning the False Claims Act, but I thought I would highlight a couple that pertain to your roles as compliance officers.  First, let me address the Department’s reforms on subregulatory guidance, and then I’ll turn to this month’s announcement on cooperation.

About a year into the Administration, the Department took steps to rein in the overuse and enforcement of agency guidance documents.  These documents are agency rules that come in the form of “Dear Colleague” letters, “Frequently Asked Questions,” bulletins, and other informal guidance that exist on websites, manuals, and everywhere in between.  I’ve heard of one scholar who called it “the 10,000 commandments.”  Critics have called it “regulatory dark matter.”

Here’s the problem.   In our system of separation of powers, Congress makes the laws—not the President, and certainly not administrative agencies within the Executive Branch.  In the modern era, of course, Congress has sometimes delegated to Executive Branch agencies the power to enact regulations that have the force of law.  But, the proper way for a regulatory agency to impose obligations that are binding on the public is governed by the Administrative Procedure Act—and generally (for your purposes) requires notice-and-comment rulemaking.  Of course, rulemaking can be cumbersome and slow.  For that reason, agencies can be tempted to use subregulatory guidance as a short-cut when they should be undertaking notice-and-comment rulemaking instead. 

Subregulatory guidance isn’t law—it’s just paper.  Nevertheless, there is sometimes an (understandable) sense within industry that deviation from a regulator’s guidance can carry the risk of an enforcement action or qui tam litigation.  When you add deference doctrines like Auer into the mix, there’s a real risk that guidance can, practically speaking, end up having the same effect as regulation.

In a pair of memos now codified in the Justice Manual, the Department recently curbed its own issuance of subregulatory guidance and limited the ways in which other agencies’ guidance can be used to prove violations of law both in the Department’s civil enforcement actions (such as False Claims Act cases) and in criminal prosecutions.  This is a huge advance in administrative transparency and accountability vis-a-vis the regulatory community.  In the wake of the new amendments to the Justice Manual, guidance documents may be used in certain evidentiary contexts—as evidence of scienter, for example, or of professional or industry standards—but the Department’s litigators may not “treat a party’s noncompliance with a guidance document as itself a violation of applicable statutes or regulations” because “guidance documents cannot by themselves create binding requirements that do not already exist by statute or regulation.”  

Much has been written about these policies, but let me lay out some practical thoughts for the compliance personnel in the room.  Agency guidance can obviously be helpful in educating the industry about an agency’s views—especially when the statutes and regulations are vague or ambiguous—and we all know that compliance personnel are always looking for the practical thing to do in light of new agency guidance. 

When faced with new guidance, the best first step is to determine the extent to which a new guidance document mirrors the requirements of the underlying statutes and/or regulations, particularly in light of binding judicial precedent.

The key is to distinguish between two categories of guidance, the part that mirrors what the law requires and everything else.  The rest might include, for example, language suggesting obligations that go beyond what the law requires, language that represents the agency’s interpretation of an ambiguity in a statute or regulation, or language where the agency is recommending “best practices.”  For the first category, the response is simple:  you’ll want to ensure that your business practices are consistent with the portion of the guidance that mirrors binding law.  For everything else, that’s where you make a good faith risk calculation—really, a business decision, informed by a legal assessment—about whether to follow an agency’s subregulatory guidance, which may be persuasive, or whether to take another lawful approach that differs from the guidance.  Unless and until the Supreme Court charts a new course with respect to Auer deference in Kisor v. Wilkie this Term, an important part of that good faith risk calculation will be informed by your legal team’s analysis of whether the guidance at issue is likely to be accorded deference.    

Now let me turn to an announcement made a couple weeks ago by our Assistant Attorney General for the Civil Division, Jody Hunt:  the False Claims Act cooperation policy.

As Jody recently announced, “the Department of Justice has taken important steps to incentivize companies to voluntarily disclose misconduct and cooperate with our investigations, [and] enforcement of the False Claims Act is no exception.”  Corporations facing False Claims Act actions “may merit a more favorable resolution by providing meaningful assistance to the Department of Justice.”  

Under the new policy, cooperation credit in False Claims Act cases may be earned by voluntarily disclosing misconduct, cooperating in an ongoing investigation, or undertaking remedial measures such as implementing or improving compliance programs.  

Corporate compliance personnel are at the forefront of all of these things.  Your work allows the company to detect misconduct early, to conduct the internal investigation, to take corrective action, to determine if a disclosure to the government is appropriate, and if so, to cooperate with the government’s investigation.  We want to provide the incentive for you to do this important work.

Let’s talk about what the Department is willing to credit.  Obviously, the disclosure of misconduct previously unknown to the government is the most valuable form of cooperation.  But even if the government has already initiated an investigation, for example, a company may receive credit for making a voluntary self-disclosure of other misconduct outside the scope of the government’s existing investigation that is unknown to the government. 

Similarly, a company may earn credit by preserving relevant documents and information beyond existing business practices or legal requirements, identifying individuals who are aware of relevant information or conduct, and facilitating review and evaluation of data or information that requires access to special or proprietary technologies.

The Department will also take into account corrective action that a company has taken in response to a False Claims Act violation. Such remedial measures may include undertaking a thorough analysis of the root cause of the misconduct, implementing or improving compliance programs to prevent a recurrence, appropriately disciplining or replacing those responsible for the misconduct, and accepting responsibility for the violation.

Again, your role as compliance lawyers and officers is central to what this policy is designed to encourage.

Although the policy is new as of this month, the Department has rewarded cooperating defendants in some recent False Claims Act settlements that might be illustrative.  For example, at the end of last year, a Part C provider settled various allegations related to its Part C business for $270 million. The provider cooperated with the government’s investigation by disclosing additional violations outside the scope of the government’s original inquiry, and by assisting the government in calculating damages.  In exchange for this assistance, the government agreed to accept some of the reasonable, albeit conservative, damages assumptions proposed by the provider, and to publicly acknowledge the company’s cooperation.   

Similarly, a couple months ago, a Durable Medical Equipment manufacturer received credit for cooperating in connection with a $17.4 million settlement of kickback allegations.  During the settlement process, the manufacturer shared the results of its extensive internal investigation and also helped the government assess its losses by developing a damages model.  As a result of its cooperation, the manufacturer received a discounted damages multiple of 1.7 times the government’s single damages.

Not only do our False Claims Act litigators have the discretion to award this kind of credit, our new policy provides them with significant flexibility in doing so.  Depending on the facts and circumstances, in a case where a company voluntarily discloses violations of the False Claims Act, including identifying all individuals substantially involved in or responsible for the misconduct, takes appropriate remedial action, and provides maximum cooperation, the guidance permits the Department to provide a substantial discount down to the government’s single damages, plus lost interest, costs of investigation, and, in a qui tam case, the share going to the whistleblower.  Again, the nature and the amount of the credit will depend on the facts and circumstances of each case, but our intent is to provide sufficient incentive for companies to self-police, remediate, come forward or otherwise cooperate.

In addition to reducing the damages multiplier and amount of civil penalties, the Department may also be willing to notify the relevant regulatory agency so that it may consider the defendant’s cooperation when evaluating its administrative options.  The Department may in some cases also publicly acknowledge the entity’s cooperation or assist in resolving qui tam litigation with the relator.

Again, these are meant to be valuable incentives for companies to self-police and self-disclose misconduct.

Let me make one final point about the new False Claims Act policy.  We included an important note in the policy about the compliance program that exists at the time of the violation.  The Department will take into account the nature and effectiveness of the company’s compliance program in evaluating whether the violation of law was committed knowingly and therefore whether the False Claims Act is the appropriate remedy in the first instance. 

To be clear, the False Claims Act does not contain a “compliance defense.”  And, the mere existence of a fig-leaf compliance program will not garner a company any benefit.  Indeed, over the years we unfortunately have encountered companies that knowingly and intentionally circumvented their very own compliance programs.  In one case, for example, a company ignored fraud complaints conveyed through its own compliance program, fired its compliance officer, and went so far as to go after the individuals who, in good faith and under the promise of confidentiality, conveyed their concerns about potential fraud in the company.  These are not best practices.  In situations like that, a compliance system that the company circumvents or does not adhere to could be highly relevant evidence that the company recklessly disregarded the law in violation of the False Claims Act.  On the other hand, a robust compliance program that the company does follow and that identifies potential problems that are timely addressed by the company could demonstrate good faith and lack of scienter or otherwise be a strong mitigating factor in the government’s assessment of liability.

For all these reasons, we are pleased that some of our False Claims Act litigators attended the Criminal Division’s training symposium on evaluating compliance programs.  It will be a tremendous benefit for our Civil Fraud section and Criminal Division attorneys to share their experiences as we continue to evaluate the relevance of corporate compliance programs in False Claims Act cases.

Before I close, let me also include a teaser on what else may be coming down the pike on compliance within the Antitrust Division.

As our Assistant Attorney General Makan Delrahim recently said, “the Antitrust Division long has been home to the ultimate credit for an effective compliance program that detects and allows prompt self-reporting—leniency.”  

Under the Corporate Leniency Policy, the company that first reports its involvement in an illegal cartel can qualify for a complete pass from criminal prosecution in exchange for cooperation in the Antitrust Division’s investigation.

Again, corporate compliance personnel are at the forefront of leniency.  Their work allows for prompt detection, which not only mitigates harm to the market, but also gives a head start in the race for leniency.  

However, the Antitrust Division is moving away from its previous refrain that leniency is the only potential reward for companies with an effective and robust compliance program.  In line with other Department components, Antitrust is looking to do more to reward and incentivize good corporate citizenship. 

And on this front, we are not simply talking about crediting “extraordinary prospective compliance measures,” as the Division has done in the past.  There is more that we could do to incentivize companies that aren’t doing the extraordinary, but are still investing in proactive compliance programs.  

As Makan stated a couple weeks ago, the Antitrust Division is at an inflection point, and they may soon formally recognize that “even a good corporate citizen with a comprehensive compliance program may nevertheless find itself implicated in a cartel investigation.”  And instead of just crediting “extraordinary prospective commitment to corporate compliance,” we may soon be in a position to “credit robust compliance programs at the charging stage, even when efforts to deter and detect misconduct were not fully successful in this particular instance.”

So, stay tuned on this front.  There is more to come.  

It’s been a privilege to be able to share with you what the Department of Justice has been doing to promote corporate compliance.  I hope you have a better sense of the developments within the Criminal Division, the Civil Division, and the Antitrust Division, and I hope that next year you will hear about more efforts from other components as well. 

Once again, thank you all for what you’re doing to foster a culture of compliance within your companies and firms.  The Department of Justice supports your efforts.  Thank you.