Cybersecurity and Data Privacy
March 28, 2023
Maria D’Avanzo, Traliant Chief Evangelist Officer, addresses what the flurry of DOJ enforcement announcements in March mean for organizations, their leadership and compliance programs.
A series of new Department of Justice announcements in March is evidence of its increasingly tough approach to corporate crime and emphasis on rewarding companies that have effective compliance programs and penalizing those that do not.
Traliant helped listeners sort through the recent changes to DOJ policies and guidance during a free webinar on March 16, entitled: “Unpacking DOJ Changes to Corporate Enforcement Policy: What Every Compliance Professional Should Know and Do.” During the 45-minute webinar, Maria D’Avanzo, Chief Evangelist Officer at Traliant, attorney and a former Chief Ethics and Compliance Officer addressed:
- The “Monico Memo” from Deputy Attorney General, Lisa Monaco (Sept 15, 2022)
- US Attorney’s Offices Voluntary Self Disclosure Policy (March 2, 2023)
- The Criminal Division’s Pilot Program Regarding Compensation Incentives and Clawbacks (March 3, 2023)
- US Department of Justice, Criminal Division, Evaluation of Corporate Compliance Programs (March 2023)
- Memorandum from Assistant Attorney General, Kenneth A. Polite, Jr (March 1, 2023)
Below are some of the questions covered during the 45-minute webinar.
What’s the relationship between the September 2022 “Monico Memo” and the recent flurry of DOJ announcements?
The new DOJ announcements build on the “Monico Memo,” which significantly revised the DOJ’s corporate criminal enforcement policies and procedures, including putting a renewed focus on individual accountability and placing stricter requirements on corporate cooperation credit for prompt self-disclosure.
The memo announced the first-ever Department-wide guidance on evaluating a corporation’s compensation plans and instructed the Criminal Division “to develop further guidance by the end of the year on how to reward corporations that develop and apply compensation clawback policies.”
It also noted that “prosecutors should consider whether the corporation has implemented effective policies and procedures governing the use of personal devices and third-party messaging platforms to ensure that business-related electronic data and communications are preserved.”
How do you assess whether your current ethics and compliance program satisfies new DOJ policies?
When evaluating the effectiveness of your compliance program, ask these 3 fundamental questions:
- Is the compliance program well designed?
- Is the program adequately resourced and empowered to function effectively?
- Does the compliance program work in practice?
Use the DOJ’s 2023 Evaluation of Corporation Compliance Programs document to compare your program against its hallmarks. Are you measuring effectiveness? Are you giving employees an opportunity to ask questions? Are you training them regularly? Are you providing employees who pose a particular type of risk with special training? These are some of the specific questions in the document that a prosecutor would ask. If you can’t adequately answer a question, you’ve identified a gap in your program that you need to address. Document how you mitigate the gap so that if you ever find yourself in front of the DOJ, you can say you went through a good faith effort to assess your program and used its guidance to do it.
What are the primary takeaways of the DOJ policy changes for company leadership?
Changes to DOJ enforcement policy are designed to make companies focus on avoiding misconduct before it happens. Steps your C-Suite can take to do this include:
- Evaluating your ethics and compliance program: Comparing the new DOJ criteria against your existing program and updating it accordingly.
- Raising awareness about individual accountability under DOJ enforcement: This includes compensation clawbacks, structures and consequence management.
- Reviewing and revising communication policies and procedures: Governing the use of personal devices, communications platforms and messaging applications.
- Examining retention requirements: Ensuring your company is appropriately addressing the DOJ’s expectations to preserve business communications and records, particularly with respect to “Bring Your Own Device” programs.
- Training employees: Providing ongoing awareness of best practices related to ethics, data usage and records retention.
- Incentivizing compliance through compensation: Working with HR and Legal departments and counsel to consider adding compliance related metrics to compensation formulas or performance reviews, such as forfeiture of compensation for failure to follow compliance procedures or engaging in misconduct.
- Fostering an ethical culture: Regularly providing top-down education and communication on compliance policies and procedures to strengthen the relationship between compliance, evaluations and compensation.
Traliant On-Demand Webinar
Click here to listen to an on-demand replay of Traliant’s webinar “Unpacking DOJ Changes to Corporate Enforcement Policy: What Every Compliance Professional Should Know and Do.”