Deputy Attorney General Rod Rosenstein Delivers Remarks at Compliance Week’s 2018 Annual Conference for Compliance and Risk Professionals

Remarks as prepared for delivery

Good morning. Thank you, Dave, for that gracious introduction.

I want to thank Compliance Week for organizing this event and for inviting me to take part in it. 

The Mayflower Hotel has a storied history. Many famous public figures have frequented this hotel. J. Edgar Hoover was known for lunching regularly here while he served as FBI Director.

Sometimes onlookers recognized Hoover and gathered to watch him, so hotel staff would usher him through the kitchen and out the back door.     

When I got this job, I remember being grateful that I would never need to experience that. Almost nobody knows the lawyers who serve as Deputy Attorney General. If they are remembered, it is usually for the memos they wrote – about corporate fraud.

Earlier this month, I attended two conferences in New York to speak about white collar crime, corporate compliance, and the rule of law. On Wednesday, I return to New York for another speech of the same sort.

And, I am here with you today at a major event for compliance and risk professionals.

These issues are very important to the Department of Justice. Improving the business environment is a top priority of the Trump Administration.

I am honored to be here, but I wish there were more Senate-confirmed officials in the Department of Justice to give these speeches and carry out our important work.

A few months ago, I received invitations to several conferences this spring and summer that focused on the Department’s efforts regarding corporate enforcement.

I expected to delegate some of these events to the highly-qualified Assistant Attorney General nominees who are awaiting confirmation in the United States Senate. Drawing on their highly qualified backgrounds and experiences, they would help implement and spread our message about deterring corporate fraud and promoting the rule of law.

Unfortunately, only two of the seven litigating components in Main Justice have Senate-confirmed nominees.  Four nominees await a final confirmation vote, including Brian Benczkowski, for the Criminal Division; Jeffrey Clark, for the Environment and Natural Resources Division; Eric Dreiband, for the Civil Rights Division; and Jody Hunt, for the Civil Division.

Most of them have been waiting an entire year to get a vote for an executive branch job that most people hold for just a few years. It is an odd way to run a government.

Fortunately, we assembled a superb team to serve as acting leaders of the Justice Department’s key components, and we will keep moving forward.

Lawyers, compliance officers, and other risk professionals are at the forefront of advising companies to ensure that businesses operate legally and honestly.

When I look out at this room filled with successful private-sector leaders, I am reminded of a book by Dr. Seuss. The book is called Oh, the Places You’ll Go.

It includes this advice:

You'll look up and down streets.
Look 'em over with care.
About some you will say, "I don't choose to go there."
With your head full of brains and your shoes full of feet,
You're too smart to go down any not-so-good street.

Many of you advise companies and business leaders through difficult corporate decisions. You probably convey the same basic advice, perhaps without the rhyming couplets. Events like this one gives you an opportunity to learn not only from the presenters, but also from one another.

You discuss what works and what doesn’t. You identify new compliance risks and best practices.

Of course, the best practice is to comply with the law.

J. Edgar Hoover is not the only famous Department of Justice official who visited the Mayflower Hotel. Attorney General Robert Jackson spoke here shortly after he was sworn in as Attorney General in January 1940.

In that speech, Jackson described Washington as – and I quote – a “weird city, where so many are making speeches and so few are listening to them.”

More importantly for our purposes, Jackson spoke about the fiduciary duties of lawyers. He said that “most of the mistakes and major faults of our time are to be ascribed to a failure to observe the fiduciary principle, old in equity and recognized by law – the principle of trusteeship, without which our kind of society cannot permanently endure.”

The Department of Justice recognizes that respecting fiduciary duties and upholding the law is a two-way street. We ask companies to act in accordance with laws and regulations, even when doing so may be difficult or burdensome. Strong compliance programs and risk assessments are critical tools in that effort.  

We in law enforcement reciprocate by defending the rule of law and protecting the integrity of the marketplace.

Thomas Jefferson said that “[t]he most sacred of the duties of government [is] to do equal and impartial justice to all its citizens.” 

We must endeavor to enforce the law fairly and consistently.

When a company creates and fosters a culture of compliance, it creates value. Compliance is an investment.

Ethical, law-abiding companies can better attract investors and partners. People want to do business with companies that they perceive as honest and reliable. 

Compliance mitigates risk, making companies more valuable and less likely to encounter unanticipated costs that may result from protracted investigations and penalties.

Compliance should not be treated as separate and distinct from other business goals. A culture of compliance must be fully integrated into corporate culture. Employees should be trained and encouraged to think about compliance issues in making business decisions.

In a company with an adequate and effective compliance program, the legal, compliance, and audit departments are not the only repositories of professionals monitoring and evaluating what the business side does. 

Some of you deal with managers who are skeptical of the lawyer’s role in helping them succeed.

Lawyers sometimes elicit ill will because we tend to nitpick.  People generally do not like nitpickers.  But the law demands precision and requires close reading.  We are the dotters of I’s and the crossers of T’s. Small details like commas and semicolons matter to us.  In discussing the attributes of a lawyer, the great Supreme Court Justice Antonin Scalia explained that “[o]ne of the distinctive skills of our profession is to discern ambiguities, inaccuracies, and insufficiencies that would not occur to the ordinary” person.

To non-lawyers, it sometimes appears as if our job is to find loopholes, argue about technicalities, and elevate form over substance.  Compliance officers, accountants, auditors, and other important advisers may evoke the same response.

But we know that the future of a business may turn on a seemingly minor detail. Obsessing over details is part of our job.

In Shakespeare’s play about Henry VI, a character named Dick the Butcher proclaims: “The first thing we do, let’s kill all the lawyers.” 

That quotation is widely misunderstood. Shakespeare was not poking fun at lawyers. Dick the butcher is not a businessman upset about overregulation. He is a villain scheming to take over the government.

Shakespeare’s point is that without lawyers, nobody would need to follow the law.

That would be good for criminals. But it would be very bad for business!

Capital markets operate best when reasonable rules are promulgated and enforced by lawyers and government officials.

The Department of Justice faces some of the same issues encountered by companies. We work to instill a culture of compliance from the first day a new attorney takes the oath as a federal employee – an oath to support and defend the Constitution, and to bear true faith and allegiance, and to well and faithfully execute the duties of the office.

We stress the need to act ethically and do justice. We expect prosecutors, enforcement attorneys, agents, and other personnel to be thinking about their ethical obligations with every decision they make. 

Newly hired attorneys undergo significant training, including training about professionalism and ethics.  We impose other mandatory professional responsibility and ethics training programs that require annual compliance. 

We have a Professional Responsibility Advisory Office (PRAO), which provides guidance to Department attorneys about their ethical responsibilities.

We also have an Office of Professional Responsibility (OPR) and an Office of the Inspector General (OIG), which serve as internal affairs watchdogs.

Like the compliance departments sprouting up across corporate America, the Department’s internal watchdogs have not always existed within our organization.

The Office of the Attorney General was created in 1789 as a one-person, part-time position.  In 1870, Congress established the Department of Justice with the Attorney General as its head. Thereafter, as the country grew, so did the Department, along with its United States Attorneys and law enforcement agencies. Today, we have more than 115,000 employees.

It took more than 100 years after the founding of the Department for the Department to create the Office of Professional Responsibility, in 1975.

That office was created in the wake of the Watergate scandal. Today, OPR is staffed by a Deputy Counsel, three Associate Counsels, and more than 20 Assistant Counsels.

In 1989, our compliance function expanded again with the establishment of the Office of the Inspector General. The Inspector General’s mission is to detect and deter waste, fraud, abuse, and misconduct involving Department programs and personnel, and to promote efficiency.

The Inspector General has both criminal and administrative authority. It investigates violations by Department employees and crimes perpetrated against the Department. It also conducts audits and inspects Department programs.

The Department established the Professional Responsibility Officer program in 1994 and formally created the Professional Responsibility Advisory Office in 1999, to provide expert ethical advice for our attorneys.

The role of Deputy Attorney General involves helping to manage all components of our $30 billion Department. It is similar in many respects to the role of a Chief Operating Officer.

In an organization the size of the Department, we rely on professionals to ensure compliance with the myriad ethical rules, court rules, regulations and statutes that affect our employees.

When any one of our 115,000 employees makes a mistake, it can affect the entire organization. So, I can empathize with many of you.

When companies come under investigation, we ask two principal questions about the company’s compliance function: 

First, what was the state of the compliance program at the time of the improper conduct? 

Second, what is the current state of the compliance function, after remediation to address any lessons learned?

The first question focuses on whether there was an adequate compliance function. 

The 2008 revisions to the Principles of Federal Prosecution of Business Organizations are known as the “Filip Factors” – after a former Deputy Attorney General. The Department directed prosecutors to determine “whether a corporation’s compliance program is merely a ‘paper program’ or whether it was designed, implemented, reviewed, and revised, as appropriate, in an effective manner.” 

That same year, the Department resolved a Foreign Corrupt Practices Act investigation of a German conglomerate with combined civil and criminal penalties of $800 million. The Department pointed out the inadequacies of what it described as a “paper program” in place at the time of the misconduct.  Failure to act has consequences.

At the same time, we recognize that even the best compliance program may not stop individual bad actors.

Corporate compliance programs are sometimes compared to preventative medicine. It’s a good analogy. 

Getting an annual physical doesn’t mean you won’t get sick. But those screenings – just like a robust compliance program – help to ensure that issues will be detected and addressed at an early stage.

We do not only look at a company’s past conduct and compliance lapses. We are also focused on the business’s health going forward.

That concept is reflected in the FCPA Corporate Enforcement Policy that we announced in November 2017. The Policy incentivizes companies to promptly report misconduct and fully cooperate, as well as to enact effective remedial measures.

Companies that lack adequate compliance measures are less likely to uncover a problem at an early stage.

They are less likely to be able to make a voluntary disclosure that qualifies them for the most significant benefits under the Corporate Enforcement Policy.

And they are less likely to stop the conduct before it becomes pervasive.

Companies without adequate compliance programs need to undertake more dramatic efforts to remediate damage and change their culture.

Compliance is not a one-size-fits-all proposition.  If a small private business consists of a founder, a general counsel, and a handful of employees, the risk profile of the company may be different from that of a large complex business.    

But as companies grow, risk profiles change.

For example, a company that decides to raise funds by going public faces an entirely new set of risks. It needs to concern itself with all the laws that govern public companies, including making appropriate securities disclosures.

Companies that venture into foreign markets face risks under the Foreign Corrupt Practices Act.

Even blue-chip, multinational corporations with strong preexisting programs must continuously evaluate their risk profiles and adapt to new circumstances.

If a company uncovers misconduct that occurred despite an otherwise effective compliance program, the FCPA Policy tells prosecutors to consider whether the company subsequently analyzed the underlying cause of the problem.

A company that properly manages its risks through a robust and appropriate compliance function – one that grows along with the rest of the company – will remain ahead of the curve.

Our Department does not use a rigid formula to assess the effectiveness of corporate compliance. Each company’s risk profile and solutions to reduce its risks warrant consideration. We make an individualized determination in each case.

Two weeks ago, we announced another corporate enforcement policy designed to ensure fairness and consistency in our corporate resolutions.

The policy addresses the coordination of corporate resolution penalties across multiple enforcement authorities. It seeks to avoid what the business and legal communities refer to as “piling on.”

In football, the term “piling on” refers to a player jumping on a pile of other players after the opponent is already tackled.

It is important for law enforcement to be aggressive in pursuing corporate wrongdoers. But we should discourage disproportionate and duplicative penalties imposed by multiple authorities.

Our new policy discourages “piling on” by instructing Department components to appropriately coordinate with one another and with other enforcement agencies to attempt to seek an equitable outcome in joint and parallel investigations of the same misconduct.

We incorporated this policy, like the FCPA Corporate Enforcement Policy, directly into the United States Attorneys’ Manual.  

We hope that your companies and your clients will never have to confront our policies and enforcement actions. I know most business executives, most employees, and most companies try to do the right thing. 

A company with a robust compliance program can prevent misconduct.  

That frees our investigators and attorneys to focus on corporate criminals who post the most dangerous and imminent threats to the American people – terrorists, drug traffickers, transnational cyber criminals. Those groups do not have compliance programs. They do not make voluntary disclosures. They are not our partners in keeping the American economy healthy and prosperous.

We want you to work with us as we face today’s challenges. 

We need you to help us uphold the rule of law.

We are eager to hear from you and other stakeholders. If there are ways you think we can improve, let us know. 

One of my goals for the Department is to improve upon the policies we have now and eliminate policies that are not working.

I hope you will use opportunities such as this event to interact with Department officials and with law-abiding corporate leaders who share our goals.

It is your Department of Justice, and I am honored to serve in it.

Thank you very much.