Top CCO Resolution for 2023: Use DOJ’s Guidance to Chart a Path Around Danger

As we reflect on 2022 and plan for 2023, one of the most important lessons for chief compliance officers comes from the expanded DOJ framework for cracking down on corporate crime. While the 2022 updates to the agency’s guidance certainly signal a new, more aggressive approach to enforcement, they also give CCOs a useful blueprint for reducing the risk of misconduct before it occurs. 

Here are four practical, effective (and low-cost) steps you can take in 2023 to avoid sitting across from the DOJ because of criminal activity in your shop. 

• Evaluate your ethics and compliance program against the DOJ criteria.
• Educate your C-suite about the DOJ’s focus on individual accountability and compensation clawbacks.
• Develop a remediation framework before misconduct occurs.
• Roll out tailored training to your employees and measure the outcomes. 

Evaluate your ethics and compliance program against the DOJ criteria

In 2020, the DOJ provided federal prosecutors with clear criteria to use when evaluating corporate compliance programs during investigations. The criteria include various topics and questions the agency found relevant in evaluating compliance programs. Although neither a checklist nor a formula for prosecutors, the topics and questions are an uncomplicated and inexpensive tool which compliance professionals can use when evaluating their own programs. 

The 2020 guidance specifically acknowledges that when evaluating compliance programs, one size does not fit all. As you evaluate your program, ensure that all aspects of it (e.g., code of conduct, related compliance policies/procedures and your training program) are appropriately tailored to reflect your company size, industry, geographic footprint, regulatory landscape and any other unique company factors. 

Conducting an evaluation of your program before misconduct occurs allows you to identify gaps and deficiencies and develop a more thoughtful and meaningful corrective action plan. The self-assessment and corrective actions also make a compelling case for a culture of compliance if you do find yourself sitting across from the DOJ. 

Once you have identified areas for improvement, you can then develop a corrective action plan which might include:

• Simplifying your risk assessments.
• Mining/analyzing data as part of your efforts to detect and prevent misconduct.
• Developing a standard remediation process, and.
• Enhancing your approach to compliance testing.

Educate your C-suite about the DOJ focus on individual accountability and compensation clawbacks

In October 2021, the DOJ issued revisions to its corporate criminal enforcement policies, which were further updated in September 2022. These revisions make it clear that the DOJ’s top priority is going after individuals who commit and profit from corporate crime, “whether they are in the C-suite or the trading floor,” as Deputy Attorney General Lisa Monaco remarked during a speech at the NYU School of Law this past fall.

With this in mind, you should discuss your disciplinary policies with company leadership and consider whether, in practice, application of these policies is consistent. Make sure that individuals are not shielded from the investigation and disciplinary process due to their seniority and/or role within the organization. In other words, they must be blind to rank or revenue generation.

The DOJ also emphasizes compensation structures that “reward compliant behavior and penalize individuals who engage in misconduct.” Prosecutors will now consider whether clawback measures are part of a corporation’s compensation plans. Such measures impose financial penalties in the event of corporate wrongdoing by an individual. Prosecutors will also consider whether affirmative incentives for promoting compliant behavior are included in compensation plans. 

Your action plan might include:

• Reviewing company compensation policies and executive contracts to make sure this “carrot and stick” approach Monaco has described is incorporated into your process. 

• Auditing a few historical instances of misconduct to see whether affirmative steps were taken to enforce any applicable clawback provisions. 
• Going forward, review compensation agreements for those executives whose actions or omissions resulted in or contributed to misconduct and take steps to enforce any clawback provisions. 

Develop a remediation framework before misconduct occurs

The DOJ’s corporate criminal enforcement policies place a high value on remediation. Companies that do not identify root causes and implement appropriate remediation plans are likely to face a government-imposed monitor, criminal prosecution and higher fines and penalties. 

Instead of trying to create a remediation plan during the middle of a legal crisis, develop a playbook before you have a problem. You may want to address circumstances requiring remediation, governance, team composition (from across functions), root cause analysis and audit issues. Having a remediation framework in place saves time, money and resources, helps ensure consistency and effectiveness and demonstrates a strong compliance culture that may convince prosecutors that credit is warranted. 

Roll out tailored training to your employees and measure the outcomes 

When assessing the effectiveness of compliance programs, one of the hallmarks the DOJ will look for is “appropriately tailored training and communications.” Prosecutors will ask if the training program is risk-based, whether the form and content are relevant to the organization and whether the company measures the effectiveness of its training curriculum. With respect to effectiveness, prosecutors will want to know if employees have been tested on what they have learned and how the company has addressed employees who fail all or a portion of the test. 

As you evaluate your compliance training program, make sure to:

• Review hotline reports and trends to decide which topics are important enough to your organization to train on.
• Develop an appropriate training and communications plan.
• Obtain buy-in from relevant stakeholders.
• Coordinate with other functions, such as HR and IT to avoid training fatigue for your employees.
• Measure employee awareness of the topic – both before and after the training – through training data available in your LMS and live group discussions of scenarios based on the topic
• Report training-related metrics to senior management and the board.

2023 looks to be a year when CCOs can expect new challenges and expectations from both the DOJ and the C-suite and board. To successfully tackle these challenges, CCOs need a seat and a voice at the table, with the budget, resources and executive buy-in to help prevent costly misconduct and meet short- and long-term business goals. While it won’t be easy, CCOs are a resilient group, with a strong network of colleagues who are always open to exchanging ideas, commiserating and sharing a few laughs.