The Justice Department is reconsidering how it imposes monetary penalties for corporate misconduct, so that parallel investigations happening with other regulators don’t pile on the pain unnecessarily, the deputy attorney general said Wednesday.
Deputy AG Rod Rosenstein made those remarks during a wide-ranging speech in New York. He also said he hopes to avoid putting policy changes into a “Rosenstein Memo,” and still stressed the importance of companies cooperating with the Justice Department when misconduct is under scrutiny.
“The department is mindful of ‘piling on’ concerns when it pursues parallel enforcement actions with domestic enforcement agencies … as well as when multiple Department components are investigating the same conduct,” he said. “We are considering proposals to improve coordination in those situations and to help avoid duplicative and unwarranted payments.”
Rosenstein also said the same applies for Justice Department investigations done in conjunction with law enforcement overseas: “The department is committed to making a concerted effort to apportion penalties among both international and domestic agencies, where appropriate.”
One detail Rosenstein did not disclose: when compliance and legal officers might actually see the results of his review. He’s been hinting for months that one is underway. My guess is we won’t see any significant change until at least sometime early next year, possibly not until the Justice Department has a confirmed assistant attorney general for the Criminal Division.
Rosenstein cited the Odebrecht and Braskem settlements last December as one example of what he wants to see. In that case, where the companies first agreed to pay a total of $3.5 billion to settle sweeping FCPA charges, the United States credited both companies for the amounts they paid to foreign law enforcement and regulatory agencies. The Justice Department then trimmed the final amount based on Odebrecht’s inability to pay more.
That said, Rosenstein also cautioned that prosecutors would still push for stiff U.S. penalties when they believe foreign regulators aren’t sufficiently stern with corporate offenders, or where foreign penalties don’t make harmed U.S. interests whole.
Still, “We do not want to encourage companies to ‘forum-shop’ in a way that allows them to avoid the full consequences of their misconduct,” he continued. “Nor do we want to incentivize companies to hide their conduct from U.S regulators, and instead self-disclose to more lenient foreign officials.”
Rosenstein then talked about the importance of compliance programs, including a company’s culture of integrity. He hit all the expected notes: “There is no substitute for a culture of compliance,” and “Financial institutions should take compliance risk as seriously as they do other types of business risk, such as liquidity risk or credit risk.” (Rosenstein was speaking at a conference for the financial services sector, but his words apply across the board.)
Rosenstein also applauded all the hard work corporate compliance officers have done in the last 1o to 15 years: “The sophistication of compliance measures and tools that we see today regularly exceeds the measures that were in place ten years ago.” Be sure to mention that pat on the back at your next budget meeting with the CFO.
Then Rosenstein shifted to talk about embracing the spirit of strong compliance— about embedding the principles of good conduct into an organization’s culture. Straight from his speech:
Culture is about more than written rules and annual training sessions. Culture involves the way people think and speak about their responsibilities. In an organization with an ethical culture, the leaders consistently model corporate values, employees incorporate those values into their conduct, and violations are promptly addressed.
When the Department of Justice evaluates a company’s compliance policy, we not only look at what the policy says. We look at how it works in practice. In other words, we evaluate whether the institution inculcated an ethical culture of compliance with employees at all levels.
That’s interesting, because those points are very much in step with the Justice Department’s guidelines for evaluating the effectiveness of compliance programs, published earlier this year. As I mentioned just this week, regardless of what happens to that specific document as part of Rosenstein’s policy review, I believe its principles are sound advice that every corporate compliance officer should embrace.
That evaluation guidance talks extensively about how you get compliance to really work within your organization. I’m told that the original author, Hui Chen, was a stickler for asking companies to supply data about their compliance program’s effectiveness. She wanted to evidence of how the printed words in the compliance policy manual translated into better conduct. The vehicle for that is corporate culture—and here we have Rosenstein saying that culture is the whole ballgame.
My biggest question is how these two themes of Rosenstein’s speech fit together. On one side, he talks about the importance of a strong culture of compliance, and that the Justice Department wants to see more of that. On the other, he’s talking about whittling down the clubs that the Justice Department might use to, ahem, “encourage” good behavior: smaller penalties.
How do you get companies to keep taking compliance seriously, if the penalties for misconduct are smaller?
I know, I know: Rosenstein said his department wouldn’t hesitate to impose large penalties for egregious misconduct. And we did see that recently, in the FCPA settlement with Telia, where the company paid a total of $965 million. I don’t doubt he means his words.
But in that case, you don’t need a formal policy to reduce possible penalties. After all, the department already did reduce penalties in the Odebrecht-Braskem case, and it had no specific policy then. So why now? Is this truly a process problem that needs a policy to solve it? Or just a political problem that needs to be placated with a few feel-good promises?
When you work in the upper echelons of the Trump Administration, with a president who tramples over every institution, policy, and good idea, it is, regrettably, a fair question to ask.
The ultimate question for compliance officers is how the Justice Department will continue to demonstrate that strong compliance programs matter. Threatening companies with large fines for poor compliance is one approach. Tempting companies with offers of little or no penalties for strong compliance is another.
Exactly what Rosenstein’s approach is, we’ll discover eventually.