The Department of Justice (DOJ) wants us to believe that its new policy, which requires chief compliance officers at sanctioned companies to certify that their programs are reasonable in design at the conclusion of any corporate resolution, is for their benefit. No reason exists for not accepting that.
However, the compliance community's response has largely been one of worry. Correctly so.
No matter how much assurance DOJ officials provide during their speeches at industry events, concerns about CCO liability will persist. Even someone in a position with such high stakes as a compliance officer at a company under a monitorship might feel uneasy about signing their name to something that is not entirely under their control. You cannot minimize the stress that has been added.
This is the main reason why the DOJ's implementation of this policy change has been so disappointing. The new requirement has not been announced in a public press release; instead, announcements have been made during speeches that have been inconsistently transcribed online for everyone to read. How much would we know if these events were not covered by the media?
The most recent illustration was given last week when Lauren Kootman, assistant chief in the Corporate Enforcement, Compliance, and Policy Unit of the DOJ's Fraud Section, declared at a legal industry conference that the new certifications would "most likely" be a part of every corporate resolution moving forward (including guilty pleas, deferred prosecution agreements, and non-prosecution agreements). A significant development that was only revealed to those present or who subscribed to a particular news service, apparently.
Also speaking about the requirements in May remarks that were never made public was Deputy Attorney General Lisa Monaco. And earlier in the month, at Compliance Week's National Conference, the Criminal Division's head, Assistant Attorney General Kenneth Polite Jr., mentioned the policy in a keynote speech that went unrecognized by the DOJ. (The complete speech transcript from Compliance Week is available here.)
According to Polite, "this announcement related to this additional certification is not intended to be punitive… It’s the type of resource compliance officials, including myself (Polite served as CCO at electric power company Entergy from 2017-18), have wanted for some time because it makes clear you should have and must have appropriate stature in corporate decision-making. It is intended to empower our compliance professionals to have the data, access, and voice within those organizations to ensure them and the department that company has an ethical and compliance-focused program."
The DOJ has not made a special effort to alert the public to the change since Polite first revealed it was being thought about at two events the same week in March. Even when Glencore entered a guilty plea and made a $1 billion payment as part of an FCPA resolution last month, the press release failed to mention that the agreement was the first to contain the new CCO certification requirement. That information was instead relegated to Page 9 of the 97-page plea agreement.
Long a supporter of empowering compliance, the DOJ. It explicitly states compliance departments must be "adequately resourced and empowered to function effectively" by company leadership—something that has long been a pain point for practitioners—in its Evaluation of Corporate Compliance Programs guidance, which is a must-read for CCOs. However, the agency should be aware of how important transparency and knowledge are to a compliance officer's ability to perform their duties.
If the CCO certification requirement is really a boon for the industry, only time will tell. We do, however, know that we do not know enough to feel that way at this point.
By fLEXI tEAM