All you compliance professionals who like to hang on every word the Justice Department utters, pull up a chair! One of the department’s senior officials delivered a speech in Washington today that recapped all the messages we’ve heard this year.
Nicole Argentieri, acting principal deputy assistant attorney general (the APDAAG? Have the acronyms in our line of work really come to this?), gave her remarks at ACI’s annual Foreign Corrupt Practices Act conference. She covered everything from voluntary self-disclosure, to compliance officers certifying the effectiveness of their programs, to greater international cooperation among law enforcement agencies — but Argentieri mostly colored in the details those enforcement priorities, rather than unveil something substantively new.
Most interesting was what Argentieri said about the Justice Department’s new policy to have chief compliance officers and CEOs certify the effectiveness of their compliance programs as part of corporate misconduct settlements. Specifically, Argentieri said this:
In addition… we will consider requiring certifications by chief executive officers and chief compliance officers. If the certification requirement is imposed, these individuals must affirm at the conclusion of a resolution period that the company’s compliance program is reasonably designed to detect, and prevent, the type of criminal violation that gave rise to the resolution in the first place.
Note the phrases “we will consider requiring” and “if the certification requirement is imposed.” Am I imagining things, or is Argentieri framing certification as a bit less inevitable than the compliance community had been led to believe?
I’d been under the impression that compliance program certifications would now be standard fare as part of corporate misconduct settlements; that they would be the rule, rather than the exception. In fact, certifications have been the rule since the Justice Department first announced them in March 2022. We’ve had two corporate settlements since then (GOL Airlines and Glencore), and both included a certification requirement. Rumor has it that technology giant ABB is about to settle its own FCPA case any day now; that will be ABB’s third violation of the law, so one assumes that ABB will get a certification requirement too.
The official behind program certifications is assistant attorney general Kenneth Polite — and to be clear, Polite has couched his words carefully when talking about them. For example, when Polite first floated the idea in March, he said: “For all of our corporate resolutions (including guilty pleas, deferred prosecution agreements, and non-prosecution agreements), I have asked my team to consider requiring both the chief executive officer and the chief compliance officer to certify…”
I personally have not heard Polite say that certifications will be standard fare as part of corporate settlements. Some compliance officers tell me they have heard him say that; others tell me he’s delivered the message both ways. At least among the half-dozen compliance officers I quizzed this afternoon, five said their understanding was that certifications would now be required for all settlements.
Now Argentieri comes along saying that certifications might be much more discretionary than compliance officers had believed. So, um, what’s going on?
Cynical people might suspect the Justice Department has received an earful from the compliance community about how difficult implementing a certification requirement would be in practice, and decided to refine its messaging on the subject.
To my thinking, the ambiguity and confusion here just underline, yet again, that the Justice Department needs to adopt a clear, thorough, written policy about when compliance program certifications will be required.
Other Enforcement Efforts
Aside from the hair-splitting and hand-wringing over program certifications, Argentieri touched on a few other issues that compliance officers might want to keep on your radar screen too.
Disappearing message apps. The department has previously said that it wants companies to stop employees from communicating on “ephemeral messaging” apps such as Snapchat, since failure to preserve those communications complicates regulatory investigations and could qualify as improper destruction of business records.
Well, Argentieri said, the Criminal Division is “examining whether additional guidance is necessary about the use of personal devices and third-party messaging applications,” because the law and modern technology are a conflicted mess on this point:
Under the current rubric, the department considers whether companies that permit employees to use these ephemeral messaging platforms are continually assessing and revising their policies in compliance with their legal obligations, including those related to retention. The challenges in this area are myriad — the rapidly changing technology, diversity of retention requirements between industries, privacy implications in jurisdictions — all of which we are considering as we decide how best to move forward.
From an internal control perspective, controlling how employees use messaging apps is exceedingly difficult; it raises a host of technical, cybersecurity, and privacy issues. On the other hand, Wall Street banks collectively paid more than $1 billion in penalties for their sloppy oversight of employee messaging habits, so clearly the Justice Department is unhappy with the current state of affairs. So whatever new guidance might be forthcoming, compliance officers need it.
Clawback policies. Argentieri also said the Justice Department is conferring with other powers-that-be to develop more complete guidance about how regulators will evaluate compensation clawback policies.
Deputy attorney general Lisa Monaco said in September that the department wants to see companies use clawback policies to rescind compensation awarded to executives based on their misconduct. One day later, Polite gave a speech saying the department wants to develop some formula where corporate penalties will be lower for companies that claw back compensation from wrongdoing executives. The Securities and Exchange Commission subsequently adopted a policy requiring public companies to disclose their clawback policies.
Again, however: clawbacks sound great in theory, but the details are thicket of difficult questions. Guidance is much needed, and can’t arrive too soon.
Voluntary self-disclosure. That’s still a thing. The more quickly you do it, Argentieri said, the more likely you are to avoid a monitor, a guilty plea, and all sorts of other icky resolution steps. She also referred to voluntary self-disclosure as “VSD.”
See what I mean about the acronyms getting out of control in this business?