The Government Sharpens Its Focus On Corporate Malfeasance: What’s Coming — and How to Be Prepared

ACC Tampa Bay Newsletter

Authored Article


Earlier this month, Deputy Attorney General (DAG) Lisa Monaco delivered a shot across the bow to individuals responsible for corporate malfeasance, and the companies that protect them. On September 15, 2022, in a memorandum and in public remarks, she issued marching orders to federal prosecutors and a warning to corporate America. She made clear that the Department of Justice (DOJ) would seek and allocate significant resources to “prioritize and prosecute corporate crime.” Her announcement accompanied the issuance of “first-ever Department-wide policies” in some areas of corporate enforcement, and clarified existing DOJ policies and procedures in others. Together, her remarks and memorandum outline the likely next steps in DOJ’s enforcement efforts, provide a roadmap for best corporate compliance practices, and offer practical tips to minimize enforcement risk.

Next Steps in Enforcement

DAG Monaco addressed three key themes in her September 15th guidance. First, she made clear that DOJ’s “first priority” in prosecuting corporate crime will be to hold accountable the individuals who commit and profit from it. Second, DAG Monaco revealed the analysis prosecutors will use in evaluating a corporation’s culpability—and, correspondingly, whether the corporation will be eligible for certain enforcement resolutions, such as a non-prosecution or deferred-prosecution agreement. Third, DAG Monaco announced a shift in DOJ’s approach to using monitors to enforce corporate compliance. Each of these key themes—individual accountability, measurement of corporate culpability, and the role of corporate monitors—warrants further exploration.

Individual Accountability

First, with respect to DOJ’s “top priority”—holding individuals accountable— DAG Monaco was clear that DOJ needed “to do more and move faster.” This portends a potentially significant escalation in the number of individual prosecutions that may flow from instances of corporate malfeasance. She highlighted that “Department prosecutors will work to complete investigations and seek warranted criminal charges against individuals prior to or at the same time as entering a resolution against a corporation.” Given the new metrics prosecutors will use to evaluate corporate culpability, discussed further below, the prioritization of individual prosecutions will likely incentivize, and in some cases effectively pressure, corporations to help the government prosecute current or former employees, so as to avoid or mitigate the corporation’s own exposure. It may also decrease the number of

corporate pleas that have historically substituted for the individual prosecutions of employees and officers.

Evaluating Corporate Culpability

Second, DAG Monaco revealed the criteria that prosecutors will use to analyze corporate culpability and the types of resolution that reflect it. These factors include a corporation's compliance history, the extensiveness and timing of its cooperation with the government, and the strength of its compliance program.

Regarding a corporation’s compliance history, DAG Monaco noted that “between 10% and 20% of large corporate criminal resolutions have involved repeat offenders.” Going forward, DOJ will pursue recidivist corporations more aggressively. In her words, “[i]f any corporation still thinks criminal resolutions can be priced in as the cost of doing business, we have a message—times have changed.” The degree to which prior misconduct will warrant harsher resolution of a later investigation will depend on multiple factors, including the facts underlying the prior misconduct; whether the prior misconduct resulted in a regulatory, civil, or criminal resolution; whether prior sanctions were partly reflective of the degree of regulation within the relevant industry; the similarity of the prior conduct to the current misconduct; and the temporal proximity of the prior conduct.

DAG Monaco acknowledged that the evaluation of a corporation’s history of misconduct is nuanced, particularly in cases in which the prior misconduct was committed by an acquired entity. She indicated that DOJ did not wish to punish compliant corporations that acquired entities with problematic behavior, if the acquiring corporation identified the root cause of, and remediated, the behavior after acquisition but before the later-investigated misconduct began. This guidance may encourage acquiring companies to pursue robust audits—and act on those audits—not only before, but after, acquiring new entities.

DAG Monaco emphasized another consideration in determining corporate culpability: whether a corporation proactively discovered and voluntarily disclosed its own misconduct, and reported the individuals responsible for it. She called on companies to “step up and own up to misconduct.” DAG Monaco criticized corporations that disclosed misconduct only after it was discovered, or strategically delayed production of relevant materials. She explained it was “imperative” that corporations provide “all relevant, nonprivileged facts about individual misconduct swiftly and without delay.” Going forward, prior to resolution, a prosecutor must analyze the speed and comprehensiveness of a corporation’s disclosures to the government.

DAG Monaco offered not just praise for self-disclosers, but a benefit as well. She announced that, absent aggravating factors, DOJ would not seek a guilty plea from any company that voluntarily self-disclosed, cooperated, and remediated misconduct. DAG Monaco correctly acknowledged that companies would not voluntarily self- disclose unless the consequences of such disclosure were “sufficiently transparent such that the benefits of voluntary self-disclosure are clear and predictable.” She, therefore, instructed every DOJ component without a formal, written policy on self-disclosure to draft and publicize a policy making clear “the benefits that corporations can expect to receive if they meet the standards for voluntary self-disclosure under that component's policy.” Corporate counsel would do well to look for such policies, as well as their practical application to corporate self-disclosers going forward.

The last significant factor in assessing a corporation’s culpability is the effectiveness of its compliance program. DAG Monaco suggested that prosecutors would evaluate the strength of a company’s compliance program at both the time of the misconduct and the time of the disclosure. The strength of a compliance program would be evaluated, in part, by its ability to detect and hold accountable non- compliance. Accordinly, DAG Monaco indicated that good programs should govern the use and retention of business communications conducted on personal devices and third-party applications. Additionally, effective programs should incorporate financial incentives for compliance, and disincentives—including discipline, compensation claw backs, and/or restitution provisions—for non-compliance. Moreover, prosecutors should search for evidence that such provisions exist in practice, not just on paper. For example, effective compliance programs should reflect the historical discipline and/or removal of bad actors. Effective compliance programs will mitigate corporate culpability and may eliminate some remedial penalties, as discussed below.

Shift in Monitorships

Third, DAG Monaco highlighted new practices with respect to corporate monitors. She announced measures to ensure that corporate monitorships were “tailored to the misconduct and related compliance deficiencies of the resolving company.” She also noted that there would be no presumption in favor of implementing corporate monitors. In fact, she announced that DOJ would not require an independent compliance monitor for a corporation if, at the time of resolution, the corporation had implemented and tested an effective compliance program. This appears to embrace the idea that companies with robust compliance programs should be rewarded, and likely do not require this invasive instrument of remediation.

Overall, DAG Monaco’s September 15th guidance indicates that DOJ is reframing its relationship to corporations. DOJ expects that corporations will police—

and report—themselves, and will assist DOJ in in its corporate and individual prosecutions. DOJ suggests that corporations that meet these expectations will be rewarded, and those that do not may lose the opportunity for preferred resolutions. In addition, it appears that DOJ will be increasingly more focused on holding individuals accountable for their corporations’ bad deeds. These statements are clarion calls to corporations—here in Tampa and elsewhere.

Best Corporate Practices

As DAG Monaco cautioned, resourcing a compliance department is not enough; it must also be backed by, and integrated into, a corporate culture that rejects wrongdoing for the sake of profit.

We outline a few best practices that all corporations can undertake to commit to compliance.

  • All companies, regardless of size, would be well-served by imbedding compliance in their core values. Not only does this require setting the tone at the top, but it also now means creating and enforcing financial incentives for compliance, and penalties, whether financial or disciplinary, for non- compliance. Individual employees and officers should know that they will face personal consequences for bad behavior.
  • Companies have long known the importance of integrating hotlines within the workplace, to allow employees to report concerns anonymously. Exit interviews are also helpful tools in seeking information about any potential bad actors. Now, given DOJ’s emphasis on the timeliness of disclosures, companies should also implement programs to ensure that their investigative responses to complaints are timely and comprehensive, and that revelations of acute compliance concerns are timely elevated and considered for disclosure.
  • A company’s compliance program is only effective if employees know about it. Therefore, training employees on compliance policies and resources— such as incentives, disincentives, compliance officers, and reporting avenues—is This training must be constant, and updated.
  • Companies must create and enforce retention policies relating to business conducted using personal devices and third-party applications. Corporate counsel should look for DOJ’s promised forthcoming guidance on At a minimum, though, as more companies explore remote work opportunities,

there must be a corresponding exploration of methods for effectively capturing data and records.

  • Finally, companies should adopt risk-based approaches to compliance— focusing on those areas or sectors that have the highest risk of possible non- compliance. DOJ’s recent evaluation guide on corporate compliance requires companies to use risk-based modeling to drill down on those business areas that have the highest risk of fraud, waste or abuse.

Minimizing Risks During Government Investigations

Apart from the above, we offer some practical advice for corporations who find themselves targeted by government investigation. Upon receiving notice of investigation:

  • Corporations should ensure that a thoughtful retention and litigation hold policy—which addresses business devices and locations, and, if applicable, personal devices and locations, and third-party applications— is circulated to all relevant document and information And, once a litigation hold is implemented, they should take care to avoid inadvertent deletion of records through automatic deleting protocols.
  • If the nature of the investigation suggests involvement of a whistleblower, corporations should take clear steps to ensure that no response to the investigation is, or could be viewed, as a negative employment action designed to retaliate against the whistleblower. Even non-retaliatory actions may be construed as improper if not well-supported and
  • Corporations should learn whether their compliance programs identified, prior to the inception of any government investigation, any of the practices of concern. If a program did detect the practice, a corporation should investigate what, if anything, was done to address the If not, a corporation should consider how its compliance program could be improved. And corporations should ensure that these root-cause analyses and remedial efforts are documented, as this is a foundational aspect of the government’s new corporate enforcement policy.
  • Hire competent counsel skilled in interfacing with the government. Experienced counsel can help identify the government’s theories of liability, as well as facts that may eliminate or mitigate Skilled counsel

may also assist in developing and advancing litigation strategies that preserve favorable resolution opportunities.

Concluding Thoughts

DAG Monaco has articulated the criteria by which DOJ will evaluate corporate compliance programs. Corporations should adopt these criteria internally, to proactively measure and improve their own programs in advance of—and hopefully in place of—government scrutiny.

Moreover, DAG Monaco has detailed the behavior that DOJ expects from target corporations in advance of, and during, investigations. Corporate counsel should monitor DOJ components’ forthcoming policies describing the benefits of such cooperation, as well as the practical outcomes for corporations that follow such policies, and consider developing policies and procedures that will facilitate proactive, voluntary disclosures.

Author Notes

Natalie Adams and Jason Mehta are former federal prosecutors. Natalie was an Assistant United States Attorney (AUSA) in Tampa for nearly a decade, in which she focused on asset forfeiture litigation and building complex criminal cases. She now advises companies on best practices and defends them in government investigations. Jason served as an AUSA in Jacksonville where he focused on False Claims Act and white-collar criminal matters. Natalie may be reached at or 813-559-5540 and Jason may be reached at or 813-559-5532.