Good afternoon and thank you for that gracious introduction.
Thank you to the Ethics and Compliance Initiative for inviting me to speak today.
It is an honor to be here in Dallas representing the Department of Justice. I commend you for your dedication to empowering organizations to build and sustain high quality ethics and compliance programs.
Before you invited me to speak today, I must admit that I didn’t know that much about ECI.
But any time I get a call from Paul McNulty, it causes me to sit up and take notice.
As you know, Paul was a United States Attorney and Deputy Attorney General in the Bush 43 Administration, and it was a pleasure to work with him during my last tours of duty at DOJ.
Paul also is one of the most gracious gentlemen you will ever meet.
After hearing from Paul, I took a look at your board and noticed that it also is populated by two other people for whom I also have almost unlimited respect and reverence: Larry Thompson and David Ogden.
Larry is a legend at DOJ and someone who is revered by everyone for his long and successful career of public service, as well as his work in the C-suite of one of America’s most well-run companies.
Lawyer, advisor, teacher, mentor, leader -- there aren’t enough words to describe Larry and the impact he’s had during his career.
And David Ogden and I worked together on a bi-partisan basis during the 2008-09 DOJ transition between the Bush and Obama Administrations, and to this day I still refer to that experience as one of the most rewarding periods of public service in my career.
David made the peaceful transition of power at one of the most important institutions of our government almost seamless.
He is a total professional and it was a real honor and privilege to work with him at that time.
And now I have the honor to be back at DOJ, on my sixth tour of duty.
As the Assistant Attorney General for the Criminal Division, I oversee more than 600 dedicated criminal prosecutors who work day and night, many times on weekends, protecting the public and upholding the rule of law across the country.
Quite a few of these attorneys investigate and prosecute corporate crime, including in our Fraud Section, Money Laundering and Asset Recovery Section, and Computer Crime and Intellectual Property Section.
The importance of corporate compliance cannot be overstated. My deputies and I spend a lot of time talking about what companies can do to achieve the best result once the company or the Department learns of misconduct.
But a company’s compliance program is the first line of defense that prevents the misconduct from happening in the first place. And if done right, it has the ability to keep the company off our radar screen entirely.
In fact, of all of the Principles of Prosecution of Business Organizations that prosecutors are instructed to consider by the Justice Manual in determining an appropriate resolution of a corporate case, an effective compliance program is the only principle that has the ability to prevent the crime from occurring in the first place.
But beyond the prevention of misconduct, a compliance program factors into the Department’s investigation and resolution of corporate cases in several critical ways.
As an initial matter, the company’s compliance program can play a significant role in the Department’s investigation of criminal wrongdoing.
Even where a compliance program does not prevent the misconduct, an effective compliance program is much more likely to detect the misconduct at an early stage.
And when the company makes a decision to voluntarily disclose misconduct after detecting it, the Department is able to take steps to preserve and gather evidence that likely would not be available at a later stage.
This promotes more effective enforcement against individual wrongdoers.
We saw this recently in the case involving Cognizant Technology Solutions Corporation.
Although the former President and former Chief Legal Officer of the company are alleged to have engaged in a bribery scheme in India, the company detected the misconduct and the board made the choice to voluntarily disclose the misconduct within a matter of weeks.
As a result of the voluntary self-disclosure, full cooperation and remediation undertaken by Cognizant, the Department declined to prosecute the company under the FCPA Corporate Enforcement Policy.
Based on the Department’s independent investigation, we charged the former President and former Chief Legal Officer.
Likewise, when a company maintains an effective compliance program, it makes it that much more difficult for company employees and agents to engage in unlawful conduct.
As a result, it is more likely that evidence will be generated when those employees and agents circumvent the program to carry out their illegal scheme.
The better the compliance program, the clearer the footprints that are left from the crime, and the easier for the Department to follow the tracks to the culpable individuals.
It is for these reasons – the ability of a compliance program to prevent misconduct, and to detect it early and allow the government to more effectively investigate and prosecute the wrongdoers – that the Department has strived to incentivize and reward companies that implement effective compliance programs.
At the end of a corporate investigation, prosecutors weigh heavily the company’s compliance program when determining whether and how to resolve the case. This takes three primary forms:
First, pursuant to the Justice Manual, prosecutors assess the adequacy and effectiveness of the corporation’s compliance program at the time of the offense, as well as at the time of a charging decision.
This helps guide the prosecutors in determining whether they should decline to bring a case, or, if a resolution is appropriate, what that resolution should be.
In fact, under the Department’s FCPA Corporate Enforcement Policy, a company is not eligible for the full range of benefits – including a declination – if it has not implemented an effective ethics and compliance program.
One year ago, my Principal Deputy John Cronan announced that the FCPA Corporate Enforcement Policy would be applied beyond FCPA cases as non-binding guidance in the Criminal Division.
So there can be no question about the seriousness with which we take the effectiveness of a company’s compliance program when determining whether and how to bring a corporate case.
Second, prosecutors assess a company’s compliance program at the time of the misconduct to determine the company’s culpability score under the U.S. Sentencing Guidelines, which determines the company’s ultimate fine range.
If the company maintained an effective ethics and compliance program at the time of the misconduct, the company would also be eligible for a significant reduction in its overall fine.
The fine would be further reduced based on the FCPA Corporate Enforcement Policy, which provides for 50% off the low end of the Sentencing Guidelines in cases where the company has voluntarily self-disclosed, fully cooperated, and fully remediated, including putting in place an effective ethics and compliance program.
Third, prosecutors look at the company’s compliance program at the time of the resolution to determine whether an independent compliance monitor is necessary to prevent the reoccurrence of misconduct, or whether the compliance program is sufficiently effective to permit the company to self-monitor.
In October of last year, I announced guidance on how the Criminal Division would determine whether a monitor is appropriate in a given case.
The guidance recognizes that “the imposition of a monitor will not be necessary in many corporate criminal resolutions, and the scope of any monitorship should be appropriately tailored to address the specific issues and concerns that created the need for the monitor.”
In determining whether a monitor is appropriate, we will look to several key factors, most notably, the investments and improvements a company has made to its corporate compliance program and internal controls, and whether remedial measures have been tested for the ability to prevent or detect similar misconduct in the future.
We also examine whether the misconduct took place in an inadequate compliance environment that no longer exists.
When I first announced this new policy, many speculated that this would spell the death of monitorships. By now you should all realize that this is not true.
Put simply, this guidance was not meant to do away with monitors – it was meant to focus our prosecutors’ determination on the appropriate factors so that monitors are imposed only where necessary and under the terms and scope that is appropriate for that given case.
In fact, over the past two months, we announced two FCPA corporate resolutions that both included an independent compliance monitor.
In the resolution of Mobile Telesystems, or MTS, the company had not yet fully implemented or tested a compliance program at the time of the resolution, and we imposed a three-year monitorship.
In the resolution of Fresenius Medical Care, the company had made a number of improvements to its compliance program but had not yet fully tested that program, so we imposed a two-year monitorship focused on the factors that gave rise to the underlying misconduct.
We recognize the significance of a corporate resolution for a company, and the impact that a compliance monitor can have on that company.
Because the company’s compliance program is such a critical factor in our analysis, we have taken significant steps to educate our prosecutors about compliance and provide transparent and comprehensible standards to the public so that companies can understand how we evaluate compliance programs.
In October of last year, I announced that we would be implementing training programs across the Criminal Division to enhance our prosecutors’ understanding of compliance.
All of our prosecutors may not have come to the Department as compliance experts.
But we can leverage the expertise of those within the Department who do have that knowledge, as well as resources outside the Department to ensure that, when our prosecutors are making decisions that have profound impacts on companies, they will have the necessary tools to undertake a rigorous and informed analysis.
I am proud to report that as I speak here today, the first such training is taking place in Washington.
I was able to take part in some of the training this morning and it was great to see such a thoughtful discussion of these important topics.
In addition to ensuring that our prosecutors are equipped to appropriately scrutinize a company’s compliance program, we have also taken steps to better explain what we examine when evaluating a company’s compliance program and culture.
I already mentioned the FCPA Corporate Enforcement Policy, which provides a detailed list of factors we consider in making such a determination, as well as the new guidance on the use and selection of monitors, which speaks to the factors we analyze in connection with the decision to impose a monitor.
Today I am also announcing the release of an updated version of the Criminal Division’s Evaluation of Corporate Compliance Programs to better harmonize the prior Fraud Section publication with other Department guidance and legal standards.
Because a corporate compliance program must be evaluated in the specific context of a criminal investigation, the Department does not use any rigid formula to assess the effectiveness of corporate compliance programs.
We recognize that each company’s risk profile and solutions to reduce its risks warrant particularized evaluation. Accordingly, we make an individualized determination in each case.
In drafting the updated version of the document, we have sought to provide additional transparency in how we will analyze a company’s compliance program.
As the Justice Manual provides, there are three fundamental questions a prosecutor should ask in evaluating a company’s compliance program:
First, is the program well-designed?
Second, is the program effectively implemented? And, third, does the compliance program actually work in practice?
The updated version uses these three questions as a framework to categorize the topics that the Department has frequently found relevant in evaluating a corporate compliance program, and also provides guidance from other Department and enforcement documents.
As before, the topics and questions are neither a checklist nor a formula.
We hope this updated version provides additional insight to both prosecutors and companies with respect to the evaluation of compliance programs.
As all of you well know, compliance is a fast-moving field, and one in which evolving technologies and globalization of economies and enforcement can provide both challenges and solutions.
The Department believes that most companies truly want to be fully compliant with both the spirit and the letter of the law, and will take every step necessary to make sure they are developing and implementing compliance programs that are highly effective and sustainable.
At the end of the day, the interests of the Department and private industry to root out corporate crime are very much aligned, and I hope and know that our collective efforts are having a positive, lasting impact on corporate behavior.
Thank you very much, and I hope you enjoy the remainder of the conference.