Complying with New Justice Dept Guidance

Photo: iStock

In April, the Department of Justice Criminal Division updated its guidance document, “Evaluation of Corporate Compliance Programs,” to help prosecutors evaluate a company’s program at the time of an offense, and at the time of resolution, for the purpose of making charging and settlement decisions, as well as determining whether post-resolution compliance obligations are necessary. There is new substance and nuance that deserves specific attention from contractors and action in the near term.

The document is closely watched because it informs proactive operations of company ethics and compliance organizations, as well as reactive remediation efforts after problems arise.

There are several key action items for contractors arising out of the updated guidance.

Off-the-shelf compliance training is unlikely to satisfy prosecutors. Training needs to be well thought out, customized and specifically tailored to a company’s risks. The Justice Department will analyze whether information is conveyed in a manner tailored to the audience’s size, sophistication, or subject matter expertise.

Prosecutors will also question whether training provides practical advice or case studies to address real-life scenarios and how to obtain ethics advice on a case-by-case basis as needs arise. They will review whether training covers prior compliance incidents, and whether training is risk-based and tailored for specific job functions and roles. For example, higher risk jobs may need more training, and supervisors may need different training.

Contractors should review compliance training and consider whether it is specifically tailored to the company’s risks and training needs. Make changes now, before problems arise, for prophylactic impact.

New categories of due diligence and new tracking schedules may be required for mergers and acquisitions. The guidance document announces that “[t]he extent to which a company subjects its acquisition targets to appropriate scrutiny is indicative of whether its compliance program is, as implemented, able to effectively enforce its internal controls and remediate misconduct at all levels of the organization.” Justice lawyers will examine the due diligence process, asking who did the review, how it occurred, and whether and how misconduct was found.

Post-merger or acquisition integration will also be the subject of department review. Prosecutors will examine how the compliance function has been integrated into the new business entity. For example, they will review the process connecting due diligence to implementation and ask how the company tracked and remediated misconduct or risks of misconduct identified through the due diligence process.

Contractors should review their due diligence processes and checklists. Consider engaging subject matter expertise as part of compliance diligence for transactions involving regulated industries, such as government contracts.

Middle managers are critical. The “tone at the top” as set by boards and C-suite executives is important, but companies also need to be able to show prosecutors how middle managers have reinforced ethical standards and compliant practices and encouraged employees to abide by them. Demonstrating “tone in the middle” is often done anecdotally, but that is likely insufficient. Tracking, measuring and recording this adoption is an increasing imperative.

Contractors should query how the company measures “tone in the middle,” and whether the metrics will be sufficient to satisfy the Justice Department. Consider whether a change in approach is needed.

Missteps in the past — and how they were dealt with — are part of a permanent compliance record. A company’s “compliance report card” of how it detected, investigated, remediated and punished misconduct in the past takes on added importance under the guidance document. Consistent application of a well-run program is essential to influencing prosecutorial decisions. Influence with prosecutors is likely to be earned by companies driving investigations through to logical conclusions, meting out swift consequences regardless of seniority of wrongdoers, conducting root cause analyses, and making process changes over time.

Contractors should look into whether their company maintains a compliance report card. What does the report card say? Is a more consistent approach to investigation and discipline needed? If the company doesn’t have a compliance report card, think about creating one.

Prosecutors are instructed to review corporate investigations to determine whether they were properly scoped and conducted by qualified personnel. In addition to heavily scrutinizing processes and findings, prosecutors will examine the results and whether they were used to improve the compliance program as a whole. Among the questions prosecutors are likely to ask: Did the company conduct an effective root cause analysis? Were prior weaknesses corrected? If the company missed prior indications of problems that could have prevented the misconduct, why did that happen and what has been done to address those gaps? What discipline was meted out as a result of the misconduct?

Were the wrongdoers’ managers disciplined as well?

The scope of this review and inquiry may be broad enough to strain a company’s limited internal resources. Contractors should review company policy for engaging outside counsel to support investigations and scope of engagement. Is it appropriate to meet the guidelines? Is it consistently applied? Consider whether adjustments are needed.

David Robbins and Peter Eyre are partners in the government contracts group at Crowell & Moring LLP. They can be reached at drobbins@crowell.com and peyre@crowell.com, respectively.

Topics: Defense Contracting