Corporate compliance officers, drop everything. We have a second speech from the Justice Department about corporate misconduct and compliance programs that needs your immediate attention.
Assistant attorney general Kenneth Polite gave the speech in Texas on Friday. It follows the speech that his boss, deputy attorney general Lisa Monaco, gave one day earlier in New York. Monaco announced several major policy shifts in how the Justice Department will prosecute corporate crime — but Polite’s speech goes into more detail about what the department’s Criminal Division will now want to see for culture of compliance, plus the new policy that chief compliance officers must certify the strength of their compliance programs as part of a corporate settlement.
Perhaps most notably, Polite said the Criminal Division is exploring ways to “shift the burden of corporate financial penalties away from shareholders — who in many cases do not have a role in misconduct — onto those more directly responsible.” He then continued:
In the coming months, our team will be meeting with, among others, our agency partners and experts on executive compensation, and gathering relevant data points. Based on these inputs, the Criminal Division will then provide further guidance on how prosecutors will consider and reward corporations that develop and apply compensation claw back policies.
Read between the lines, people. Polite is telling us he somehow wants to reduce corporate financial penalties for companies that claw back compensation from the offending executives.
In fairness, Polite doesn’t expressly say that’s what he wants to do; but I’m hard-pressed to see any other inference that one could draw from his words.
If such a policy comes to pass, that would be a remarkable shift in enforcement — and it could lead to an equally remarkable shift in how senior executives think about corporate compliance. The board would have a strong incentive to implement and exercise clawbacks for corporate misconduct, because the board represents shareholders and this would save them money. Consequently, management teams would then have a strong interest in enforcing a culture of compliance, because it would be their piles of cash on the line rather than the company’s.
Politically, it’s a shrewd move. What executive would want to come out publicly against a policy like that? Who would be so shameless as to say, “Nope, if I commit misconduct I want to keep every bit of compensation I earned while doing so”? What D&O insurance company would underwrite that executive’s policy?
Moreover, Republicans have long complained that corporate financial penalties do nothing more than harm innocent shareholders. A policy like this would outflank those critics since it gives them what they want: reduced corporate penalties.
I understand that right now this is an elegant idea without specifics, and those specifics might be hard to develop. For example, how could the Justice Department assure that the wrongdoers’ money is actually clawed back? That could take years of litigation. Still, there are profound implications to consider here.
CCO Certifications: ‘Cannot Shy Away’
Polite also spoke at length about his new policy that as part of corporate settlements, chief compliance officers (and CEOs) will need to certify that their programs are “reasonably designed and implemented” to detect and prevent violations of law. This policy has generated plenty of controversy from compliance officers who fear they might end up personally responsible for program failures. Nor do we have any clear statutory or policy language for what “reasonably designed” means in practice.
Well, Polite did not give those criticisms much airspace. He essentially said that if compliance officers want to sit at the big kids’ table, this is the price. His words are worth quoting at length:
For too long, [compliance officers] have complained that compliance doesn’t have the same voice in corporate decision-making. These certifications and other resources are empowering you to demand that voice. A corporate leader who ignores the emphasis we are placing on compliance does so at his or her own risk. But you cannot shy away from this role. You cannot run away from the responsibility. My call is that you embrace it, knowing full well that stronger, more empowered compliance voices are exactly what we need.
Just… wow. Polite is trying to pursue a noble goal, that compliance officers should be strong, independent voices in a corporate organization. I still wonder whether he really understands the myriad ways that this noble goal could short-circuit in practice.
For example, the Justice Department also announced last week that one of the largest airlines in Brazil, GOL Airlines, will pay $41 million to settle FCPA charges. GOL did not get an independent compliance monitor because the company had overhauled its ethics and compliance program. But the CEO and the chief compliance officer will need to certify at the end of a three-year deferred-prosecution agreement that the program is reasonably designed and implemented to detect and prevent violations. This, Polite said, will become standard fare for FCPA settlements.
So what happens if the CCO leaves mid-way through that three-year DPA? Will the next compliance officer need to certify a program he or she didn’t design? What if the successor CCO wants to make changes the CEO doesn’t like? And so on and so forth.
That’s already quite a lot from Polite’s speech. Now let’s get to those profound implications I mentioned earlier.
Tie These Two Efforts Together
We have two looming policy shifts from the Justice Department. First, stronger incentives for senior management teams to get the culture of compliance right, because otherwise they risk their own compensation being clawed back if they’re implicated in misconduct. Second, when emerging from a misconduct scandal, chief compliance officers will need to certify that the company’s program is reasonably designed and implemented to be effective.
How will corporations respond to those two policy shifts in the fullness of time? Above all, will they start imposing clawback clauses on CCOs if the company experiences a subsequent violation?
I can certainly see the incentive for companies to do so. If the CEO, CFO, and board directors have potentially millions of dollars at stake in equity compensation that might vanish in the wake of a violation, they’re going to rely on CCOs more than ever to prevent those violations. But if the CCO is also certifying to the government that the program is effective — would senior executives rely on that assurance? Would they say, essentially, “You told us the program prevented violations! You certified it! If I’m going to lose all my money now, you will too!”
I suspect this result is not what the Justice Department would want to see, and I don’t know how likely this scenario is — but unintended consequences have a funny habit of cropping up in corporate regulation. I’d welcome (confidential) thoughts and feedback at [email protected]. I did raise this scenario with one compliance professional yesterday, who simply replied, “F—k. I can’t unsee this now.” Neither can I.
So let’s end this post where it began: by saying that Polite’s speech strikes me as enormously important for compliance officers to read. We may be unleashing forces that seem great on paper, but could take us in some very surprising directions.