DOJ has laid out its compliance priorities, but what does that mean for businesses?

Citing a “crisis of confidence” in the ability of the government to effectively monitor corporations and a promise to “redouble” efforts to combat white-collar crime, an official from the U.S. Department of Justice (DOJ) all but explicitly stated that corporate misconduct has become the DOJ’s highest priority.

Speaking at a virtual event hosted in early October by Global Investigations Review, John Carlin, Principal Associate Deputy Attorney General, provided insight into the Biden administration’s priorities as they relate to white-collar crime and enforcement. Carlin outlined a number of initiatives that the Department would be executing to increase its ability to police businesses, including:

• • • The creation of a unit of Federal Bureau of Investigation (FBI) agents that will be embedded within DOJ’s Fraud Section with a focus on white-collar crime, such as bribery under the Foreign Corrupt Practices Act (FCPA), export controls and sanctions violations, and healthcare fraud matters.
    • The implementation of new technologies to assist the DOJ with identifying corporate malfeasance, including the use of investigative tools such as data analytics and machine learning.
    • An ongoing review of DOJ’s policies and procedures as they relate to communicating compliance expectations to corporations and their leadership. This could mean enhancements to the department’s Evaluation of Corporate Compliance Programs (updated in June 2020) or potentially the development of additional guidelines with more specific suggestions for improving fraud detection capabilities within corporations, such as the implementations of new tools, technologies, or methodologies.
    • A return to utilizing deferred- and non-prosecution agreements to resolve criminal charges brought against corporations. This also could lead to an increase in the use of corporate monitors to oversee these settlement agreements, as alluded to in Carlin’s comment: “We need to make sure that those who get the benefit of such an arrangement comply with their responsibility.”

While none of these activities alone are a remarkable departure from the tactics of past administrations, collectively they represent a commitment by the Biden Justice Department to encourage corporations to proactively identify and remediate compliance deficiencies before they become a regulatory matter.

Making a proactive review of compliance programs

In light of the DOJ’s change in focus, companies should consider reviewing their compliance policies and taking the following actions to avoid potential enforcement actions:

• • • Examine all facets of company anti-corruption and fraud programs to assess whether expectations from the C-suite are clear and all the relevant components of each program are present and well documented.
    • Develop risk assessments that enable the organization to not only understand its fraud risks and controls but also identify where residual fraud risks exist so that proper resources are allocated to monitor for and detect fraudulent activity.
    • Determine the effectiveness of corporate hotlines by analyzing available data, including the nature and frequency of calls to the hotline, whether the calls resulted in investigations, and the outcomes of those investigations. As needed, organizations should also explore how to strengthen their corporate hotlines’ efficiency and efficacy, if weaknesses are detected.
    • Assess the efficacy of internal audit programs, ensuring audit plans are aligned with risk assessments. The technology that supports the audits should also be evaluated by testing targeted areas where residual fraud risk is greatest and new or untested controls exist.
    • Evaluate the effectiveness of fraud-monitoring and data analytics tools and technologies, ensuring that there is sufficient staff to effectively operate proactive fraud detection.
    • Develop a response and investigations playbook that identifies global resources (such as e-discovery and cyber resources) and staff (such as forensic accountants and other investigative assets) equipped to undertake or support investigations into allegations of ethics and compliance failures.
    • Ensure that investigations undertaken in response to whistleblowers, hotline calls, or via the identification of red flags are thorough and well documented, and that any bad actors identified during the investigation are dealt with appropriately, including, as relevant, termination from employment or referrals made to law enforcement.

As corporate organizations contemplate compliance priorities in 2022 and beyond, the ability to detect, investigate, and remediate compliance failures and frauds should be top of mind — particularly as next year’s budgets are established and resources allocated

By implementing the above practices, corporations can help identify and address compliance risks early in the process, thereby minimizing the risk of a DOJ enforcement action, both in the immediate and distant future.