Compliance Program Priorities That Endure

’Tis the season for speeches from Justice Department officials, as they reflect on the year’s enforcement activity — and these days, try to establish some sense of continuity even as the incoming Trump Administration portends a very different approach to corporate compliance and regulatory enforcement. Which brings us to a Justice Department speech delivered late last week.

Said speech came from Marshall Miller, principal deputy assistant attorney general, who spoke last Friday at the Practising Law Institute’s annual white-collar crime conference. In many ways Miller’s speech was routine stuff. He mostly recapped the department’s work to fight white-collar crime and talked about how companies trying to resolve misconduct issues should work with prosecutors, but he announced no new policies or priorities or anything like that. 

Miller

Then again, why would he? Miller (and many of his colleagues) will soon move on as the Trump Administration moves in; the time to announce new policies and priorities is done. Instead, Miller was trying to affirm old policies and priorities, with the hope that those things will endure even as a new, very different administration takes office.

“Over the past four years, we’ve done a lot, but we haven’t reinvented the wheel,” Miller said. “We’ve just made it spin faster and straighter, all with the goal of creating a cumulative effect, and a set of desired outcomes that I think we can all agree are critically important.”

I’m not as sanguine as Miller about that “we can all agree” part, but he does raise a good question: What enforcement policies and priorities are likely to endure into the Trump 2.0 Administration? That’s worth pondering, because the answers are likely to be good guideposts for the capabilities your compliance program will need as we enter the new year. 

Two Principles That Seem Firm

The goal here is to identify those enforcement objectives that (a) make sense in the Biden Administration today; (b) will continue to make sense in the Trump Administration tomorrow; and (c) serve the interests of the corporation with a misconduct issue, too. An objective that meets all three criteria is probably going to last, and your compliance program should be designed so that you can achieve that objective somehow. 

An elegant but abstract bit of theory, I know. Let’s consider some concrete examples. 

An emphasis on holding individual offenders accountable when corporate misconduct occurs

This is a point the Justice Department has emphasized since the Obama Administration, and I’m hard-pressed to imagine the Trump Administration will reverse course now. If anything, the new Administration will focus even more on holding individual offenders accountable; the more prosecutors can boast, “See, we’re putting bad corporate executives in jail!” the better they can distract the public from noticing that they’re not imposing penalties on the corporations that employed those bad actors in the first place.

Well, remember that corporations have a strong incentive to hold individual wrongdoers accountable too; the better you are at that, the more easily you can shift blame — and lawsuits, and regulatory investigations, and other unpleasant consequences — away from the business. So regardless of the sound and fury from the incoming Trump Administration, what policies, controls, and internal oversight do you need so that you can find individual wrongdoers? Because those things are still going to be important no matter what Trump does to the Justice Department.

An emphasis on voluntary self-disclosure of corporate misconduct

This is another theme we hear time and again from the Justice Department: if you self-disclose misconduct prosecutors don’t already know, you’ll receive more lenient treatment. The Antitrust Division has encouraged voluntary self-disclosure for years; the Criminal Division embraced “VSD” for FCPA violations starting in 2016; and all other parts of the department adopted their own voluntary self-disclosure policies in 2023. 

analyticsMoreover, the Criminal Division keeps offering even more sweeteners for companies that voluntarily self-disclose. For example, the Criminal Division originally said companies that self-disclose would only receive a declination to prosecute if their cases didn’t include “aggravating circumstances.” In 2023, they relaxed that policy to allow for at least some declinations even with aggravating circumstances

Why stop there? Voluntary self-disclosure is a huge help to prosecutors, since it spares them the work of sifting through tips or investigations they need to run themselves. I wouldn’t be surprised if the Trump Administration takes the idea even further, declaring that if you voluntarily self-disclose misconduct you’ll avoid criminal penalties entirely, or something like that. 

Again, however, remember that corporations have a strong incentive… well, perhaps not to make a voluntary self-disclosure; but at least to have the option to self-disclose. The company wants to keep that choice under its control. 

Sure, llegal or senior management will likely make that choice rather than you the compliance officer, but your compliance program will still need a robust ability to detect or hear about potential misconduct. You’ll never have the option to voluntarily self-disclose if you don’t know that misconduct is happening in the first place.

As a practical matter, then, you’ll still need internal reporting channels, internal investigation capabilities, audits, and data analytics. Even if management decides never to self-disclose any misconduct (dumb, but let’s play along), those same senior executives will still want to know what’s happening within their enterprise.

Where Do Whistleblower Programs Fit?

You would think — hope, really — that the Justice Department will still keep its whistleblower awards program alive and kicking in the Trump Administration. From a strategic point of view, doing so makes a ton of sense; prosecutors can use the threat of whistleblowers to drive corporate offenders toward voluntary self-disclosure. “Remember, if you don’t disclose misconduct to us, an unhappy employee or business partner might disclose it to us without you” — that sort of thing.

Also, what harm is it to keep the whistleblower program alive? Prosecutors can always ignore the tips they receive, after all. Even President-elect Trump could turn whistleblowing programs to his advantage, using it to persecute people who disagree with him.

So if whistleblower award programs endure, what will your compliance program need to be able to do to exist in that environment? You’d need strong anti-retaliation protocols, and a strong investigations program so internal whistleblowers will feel heard rather than wander off to external channels like the Justice Department or the SEC. 

In other words, a lot of the compliance fundamentals we’ve heard for the last decade seem like they’ll still hold their value, regardless of whatever other chaos Hurricane Trump might deliver starting Jan. 20. As Miller put it last week, “Investing in compliance and practicing good corporate citizenship should be basic arithmetic — not some complex calculus problem with too many unknown variables to solve.”

I don’t know that the equation really is as simple as he says. Then again, I don’t know that it’s not, either. 

Leave a Comment

You must be logged in to post a comment.