Skip to main content

On-demand webinar coming soon...

Blog

‘Culture of compliance’ behind DOJ’s voluntary self-disclosure updates

Is your compliance program ready to do the right thing and step up and own up to misconduct?

Jisha Dymond
Chief Ethics and Compliance Officer, OneTrust
May 12, 2023


Summary

With all the news coming out of the Department of Justice, are the updates to its guidance on voluntary self-disclosures just noise or are they worth an in-depth examination?

  • The DOJ’s message is clear: No matter who you are, they will “zealously pursue corporate crime in any industry.”  
  • From the top down, is your compliance culture strong enough to demonstrate your company’s commitment to building trust? 
  • Start strong, create incentives to follow the rules, and bake-in accountability at every step. 

Learn why these updates matter and how to reinforce your corporate compliance program with expert guidance. 

Focusing their attention on individual accountability for corporate crime, the United States Department of Justice (DOJ) has updated its guidance on voluntary self-disclosures across each division of the DOJ tasked with prosecuting corporate crime. Signaling their united front, the Criminal Division, the United States Attorneys’ Offices, the Tax Division, the Environmental Crimes Section, and the Environment and Natural Resources Division have all released updated guidance, tailor-made to their unique mission and jurisdictions.  

 

Background on the DOJ’s updates to corporate compliance guidance

In June of 2020, the Criminal Division of the DOJ updated its guidance on the Evaluation of Corporate Compliance Programs (ECCP). The updated ECCP guidance focused on three fundamental questions:  

  1. Is the corporation’s compliance program well designed? 
  2. Is the program adequately resourced and empowered to function effectively?  
  3. Does the corporation’s compliance program work in practice? 

The 2020 Update underscored the necessity for companies to develop “dynamic” compliance programs, empowered and adequately resourced to grow, able to respond to risks, and support a “culture of compliance.” This acts as the foundation for all subsequent updates, detailed below.

 

Value of a strong culture of compliance

So how does a company avoid having to weigh self-disclosure? Over my years working in ethics and compliance, I’ve learned the same lesson, over and over again: Culture eats compliance. If corporate culture isn’t deeply rooted in trust and ethical behavior, it doesn’t matter how “world class” your ethics and compliance program is. The DOJ is leaning into this as well. Building culture is an all-hands on deck effort. This means that everyone at a company has clarity on the mission of the company and the values to guide everyday decision-making in accomplishing that mission. In other words, how a company accomplishes its mission is a critical aspect of culture. You create engaging incentives to follow the rules. You bake-in accountability when those rules aren’t followed. Start strong and give clarity and new meaning to the hackneyed phrase, “this is the way we do it around here.”  

 

Setting the tone from the top

When discussing individual accountability, DAG Monaco explained how that focus has paid off, “Recent charges – like those against Sam Bankman-Fried and Carlos Watson – and convictions – like those of Elizabeth Holmes and Sunny Balwani – demonstrate the Department’s resolve to take on the most challenging cases.” The DOJ message is clear, no matter your status, they will “zealously pursue corporate crime in any industry,” and “will hold wrongdoers accountable, no matter how prominent or powerful they are.” In other words, “that’s the way we do it around here” does not happen unless it is coming from the top.  

Setting the tone from the top and cultivating a culture of trust means making every interaction, both at the micro and macro level, an opportunity for executives to demonstrate the company’s commitment to building trust. Just like representation matters, seeing ethical behavior in action can make it feel more accessible and even aspirational. When senior leadership demonstrates a strong commitment to ethical behavior and accountability, employees are more likely to act in the same way and are more likely to speak up if they observe misconduct or potential violations of the law.  

In her watershed 2021 memo, Corporate Crime Advisory Group and Initial Revisions to Corporate Criminal Enforcement Policies (commonly referred to as the “Monaco Memo”), Deputy Attorney General Lisa Monaco (DAG Monaco) announced the creation of the new Corporate Crime Advisory Group (CCAG). The new group, included multiple perspectives from the business community, academia, and the defense bar, was tasked with considering and recommending additional guidance related to the revisions announced in the memo. This group’s “broad mandate” included the following topics: 

 

  • The DOJ’s approach to prosecuting criminal conduct by both corporations and individuals 
  • How the DOJ can internally support prosecutors and civil attorneys fighting corporate crime 
  • DOJ investment in new technologies, such as artificial intelligence, to aid in processing large amounts of data 
  • How to best resource DOJ investigations and prosecutions of corporate crime 

In September of 2022, DAG Monaco released another memo, “Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group” (often referred to as the “Monaco Memo 2.0”). This memo provided additional revisions to existing DOJ corporate criminal enforcement policies and practices, based on the input from the CCAG. Doubling down on their commitment to individual accountability for corporate crimes, they announced five department-wide policy revisions

 

  1. How delays will impact resolution agreements  
  2. How a corporation’s unique history of misconduct must be considered when determining appropriate corporate case resolution  
  3. The benefits of voluntary corporate self-disclosure of misconduct  
  4. The use of independent compliance monitors, including their selection criteria, scope of work, and appropriate monitor oversight  
  5. The importance of a strong corporate culture and how prosecutors will evaluate components of a corporate compliance program 

The Monaco Memo 2.0 directed each division of the DOJ tasked with prosecuting corporate crime to review, develop, and publish a voluntary self-disclosure policy. When drafting their new policies, the DOJ divisions without a voluntary self-disclosure policy needed to adhere to two core principles, which DAG Monaco detailed in a related September 2022 speech on Corporate Criminal Enforcement:  

 

  1. “Absent aggravating factors, the Department will not seek a guilty plea when a company has voluntarily self-disclosed, cooperated, and remediated misconduct.”  
  2. “In addition, the Department will not require an independent compliance monitor for such a corporation if, at the time of resolution, it also has implemented and tested an effective compliance program.” 

Voluntary self-disclosure requirements: Why?

In that same speech, DAG Monaco stated, “…we won’t accept business as usual. With a combination of carrots and sticks – with a mix of incentives and deterrence – we’re giving general counsels and chief compliance officers the tools they need to make a business case for responsible corporate behavior.” In January of 2023, Assistant Attorney General Kenneth Polite (AAG Polite) delivered a speech on Revisions to the Criminal Division’s Corporate Enforcement Policy (CEP), under the Foreign Corrupt Practices Act (FCPA). His remarks demonstrated the Criminal Division’s continued commitment to both individual and corporate accountability, announcing the first significant changes to the Criminal Division’s CEP since 2017.   

Although they already had an existing policy in place, the Criminal Division answered DAG Monaco’s call to clarify “the benefits of promptly coming forward to self-report, so that chief compliance officers, general counsels, and others can make the case in the boardroom that voluntary self-disclosure is a good business decision.” Since the start of 2023, three other divisions of the DOJ announced their voluntary self-disclosure policies:  

For the first time, every DOJ division that prosecutes corporate crime has a predictable and transparent self-disclosure program. The adoption of a single policy for all U.S. Attorneys’ Offices (USAO) eliminates any geographic discrepancies. DAG Monaco certainly doesn’t lack the courage of her convictions, calling out to every boardroom, corner office, and courtroom, “...where your company discovers criminal misconduct, the pathway to the best resolution will involve prompt voluntary self-disclosure to the Department of Justice.” 

Carrots (incentives)

The clearest path for a company to avoid a guilty plea or an indictment, should they uncover misconduct, is voluntary self-disclosure. AAG Polite stated, “It is also the clearest path to the greatest incentives that we offer, such as a declination with disgorgement of profits.” Prosecutors can now give cooperation credit to a company, leading to a declination, even if there are aggravating circumstances.  

The potential benefits to voluntary self-disclosure include the DOJ:  

  • Not seeking a guilty plea for the misconduct; 
  • Not imposing a criminal penalty; 
  • Not imposing a penalty greater than 50 percent below the low end of federal sentencing guidelines for the misconduct at issue; and/or 
  • Not imposing a compliance monitor as part of the settlement. 

But that declination comes with conditions; according to the USAO policy, a company needs to go above and beyond the bare minimum when cooperating and demonstrate all three of these factors: 

  • The voluntary self-disclosure was made immediately upon the company becoming aware of the allegation of misconduct;  
  • At the time of the misconduct and disclosure, the company had an effective compliance program and system of internal accounting controls, which enabled the identification of the misconduct and led to the company’s voluntary self-disclosure; and  
  • The company provided extraordinary cooperation with the Department’s investigation and undertook extraordinary remediation that exceeds the respective factors listed herein. 

Sticks (deterrents) 

Voluntary self-disclosure is not a panacea for all corporate wrongdoing. In fact, the DOJ’s transparency into the potential incentives underscores how, according to AAG Polite, “...a corporation that falls short of our expectations does so at its own risk. Make no mistake - failing to self-report, failing to fully cooperate, failing to remediate, can lead to dire consequences.” The bar has, indeed, been set intentionally high. 

According to the USAO policy, aggravating factors that may warrant the seeking of a guilty plea include misconduct that: 

  • Poses a grave threat to national security, public health or the environment 
  • Is deeply pervasive throughout the company 
  • Involved current executive management of the company 

Over my years working in ethics and compliance, I’ve learned the same lesson, over and over again: Culture eats compliance.
Jisha Dymond, Chief Ethics and Compliance Officer, OneTrust

Tooling supercharges data and preparation for voluntary self-reporting

DOJ prosecutors consider both the timeliness of voluntary self-disclosures and the inclusion of all material facts known to the company. Siloed tools will be insufficient to enable the kind of disclosure prosecutors are looking for. If you've ever experienced regulatory inquiries, you know that pulling together the right information is hard enough. How do you detect misconduct in the first place and pull together the kind of disclosures the updated policies seek? Digitizing your program to enable good data analysis is the place to start. 

An analog compliance program will present difficulties in gathering the right data with consistency and accuracy. A digital compliance program starts with examining your program from top to bottom to identify areas where tooling and technology can be incorporated. Examples include an interactive code of conduct where your employees can access policies through a web-based portal, a hotline using secure mobile app, automated risk assessments, and investigations and case management software with real-time analytics. 

But even an expertly designed and digitized compliance program will be deemed insufficient if it is left to languish unimplemented on a shelf. The effectiveness of a compliance program will be judged by how it responds to incidents, identifies risk and red flags, and how it progresses and advances over time. 

The new updates to the voluntary self-disclosure policies across the DOJ are an unambiguous reminder to reinforce your corporate compliance program, develop a strong culture and ensure that your tools and data can help detect and report on any suspected wrongdoing.    

 

The DOJ has articulated what both the business and compliance communities have been learning – that compliance is a business process, and as a process, it can be measured, managed, and most importantly, improved. Learn how to fortify your compliance program to comply with the DOJ’s 2020 Update to the Evaluation of Corporate Compliance Programs. Download our whitepaper today.


You may also like

Webinar

Ethics Program Management

From reactive to proactive: Transforming your ethics & compliance program

Join this webinar to hear experts explore actionable strategies employed by Ethics & Compliance programs to drive a more ethical culture.

September 12, 2024

Learn more

Infographic

Speak-Up Program Management

Modern slavery: Identifying the signs of forced labor in your supply chain

Looking up and down your organization's supply chain for key indicators is critical to preventing, identifying, and stamping out forced labor.

June 25, 2024

Learn more

Webinar

Speak-Up Program Management

EthicsConnect: Speak Up - Balancing Regulation with a Genuine 'Safe Space' for Employees

Network with fellow ethics professionals, collaborate in break out rooms, and learn how to over the challenges of meeting EU Whistleblower Directive compliance from experts.

June 13, 2024

Learn more

Webinar

Ethics Program Management

Drive employee engagement with Ethics Program Management

In this tech talk, we will walk you through the customer's employee journey utilizing our Ethics Program Management suite of tools.

May 21, 2024

Learn more

Webinar

Ethics Program Management

EthicsConnect: Risk - It’s not just for breakfast anymore

Join us for a deep dive into embedding privacy by design into the fabric of your business to promote the responsible use of data.

April 25, 2024

Learn more

eBook

Ethics Program Management

Business messaging apps: A guide to corporate compliance

How can your business use third-party messaging apps while staying compliant? Dive into key usage considerations based on the DOJ’s 2023 guidance.

February 13, 2024

Learn more

Infographic

Third-Party Risk

4 top-of-mind challenges for CISOs

What key challenges do CISOs face going into the new year? Download this infographic to hear what experts from industries across the board have to say.

January 30, 2024

Learn more

Webinar

Third-Party Due Diligence

Best practices for conducting third-party due diligence for ethics & compliance​

Join this webinar for best practices for conducting third-party due diligence for ethics and compliance.

January 11, 2024

Learn more

Webinar

Ethics Program Management

Ethics Exchange: Third-party applications and ephemeral apps

Learn practical advice on how to navigate the risks of ephemeral apps and employee privacy in BYOD world.

December 05, 2023

Learn more

Webinar

Speak-Up Program Management

Navigating the EU Whistleblower Protection Directive: New rules, new risks

Join our expert-led webinar where we explore the EU Whistleblower Protection Directive and practical steps towards compliance. 

November 02, 2023

Learn more

Webinar

Ethics Program Management

Ethics Exchange: Risk assessments

Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.

October 25, 2023

Learn more

Webinar

Ethics Program Management

Ethics Exchange: Investigations

Join our live webinar and learn how to conduct comprehensive ethics investigations that are trustworthy and efficient.

September 07, 2023

Learn more

Webinar

Third-Party Due Diligence

Driving excellence in third-party risk management: An in-depth look at different due diligence approaches

Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.

July 20, 2023

Learn more

Webinar

Third-Party Due Diligence

A shortcut to third party due diligence fundamentals

In this webinar, we examine the scope of third-party due dilligence, best practices, and industry trends driving greater scrutiny on third parties.

July 13, 2023

Learn more

Webinar

Third-Party Due Diligence

Sanctions and export controls: Ensuring compliance

Watch our live expert webinar on understanding global sanctions and export controls and how to reduce your organiztion's risk exposure and ensure compliance.

June 29, 2023

Learn more

Video

Third-Party Risk

Third-party management demo

See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.

June 27, 2023

Learn more

eBook

Ethics & Compliance

Creating an effective code of conduct

In this eBook, learn how to create an effective code of conduct with six key steps. 

June 01, 2023

Learn more

Webinar

Third-Party Risk

Unpacking the third-party risk regulatory landscape in the Nordic region and beyond

In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.

May 30, 2023

Learn more

eBook

Third-Party Due Diligence

The global regulations driving third-party due diligence

Download our eBook learn how to start building a robust third-party due dilligence (TPDD) strategy that protects your brand and minimizes risk.

May 30, 2023

Learn more

Webinar

Third-Party Due Diligence

Ethics live Demo: Third Party Due Diligence webinar

Learn how OneTrust's Third-Party Due Dilligence, backed by Dow Jones, can help provide your business the data it needs to find trustworthy third parties and mitigate risk.

May 18, 2023

Learn more

In-Person Event

Ethics & Compliance

Ethics Exchange: Practical deep dive for third-party due diligence

Organizations are accountable for third-party actions, so they need robust due diligence to protect their reputation. Learn more at our ethics exchange event.

May 11, 2023

Learn more

Checklist

Ethics Program Management

Policy on development and administration of policies template

Get a head start on your ethics program and create a policy on development and administration of policies with our customizable template.

May 10, 2023

Learn more

Webinar

Third-Party Due Diligence

Maturing your third-party due diligence program: Process, data & technology

Experts at OneTrust and Dow Jones discuss third-party due diligence, covering industry trends, challenges, and how to streamline the process with technology.

April 27, 2023 1 min read

Learn more

Webinar

Ethics & Compliance

Unpacking the global third-party due diligence regulatory landscape

Learn how a strategic plan for compliance can help companies eliminate human rights and environmental violations and avoid costly consequences.

March 06, 2023

Learn more

Webinar

Ethics & Compliance

Third party due diligence – A practical deep dive

In this session, we'll look into the scope of third-party due diligence and a deep dive into practical implementation aspects and best practices for organizations.

December 13, 2022

Learn more

Report

Trust Intelligence

Trending toward trust

The "Trending toward trust" report from OneTrust highlights seven key trends that organizations need to know.

December 12, 2022

Learn more

Webinar

Ethics & Compliance

The number one metric for effective compliance programs: Continuous improvement

Join our webinar to learn how to develop and/or maintain a High-Quality E&C Program and what role data analytics play in improving your compliance program.

November 27, 2022

Learn more

Webinar

Ethics & Compliance

Best practices for conducting third-party due diligence for ethics & compliance

In this session, we'll explore the scope of third-party due diligence and best practices, such as industry trends driving greater scrutiny on third parties.

November 16, 2022

Learn more

Webinar

Ethics Program Management

Live demo: Conflicts of interest management webinar

Learn how to develop a holistic disclosure program, how to make it part of your risk assessment, and how to use it to meet regulatory obligations.

November 01, 2022

Learn more

Checklist

Ethics & Compliance

The CECO’s third party checklist

Use this checklist to ensure that your ethics and compliance program is effectively managing third parties across the entire relationship lifecycle.

October 28, 2022

Learn more

eBook

ESG & Sustainability

The CECO’s guide to managing third parties eBook

Download this eBook to learn the six steps in the lifecycle of risk-based third-party due diligence, compliance terms, and conditions, payment terms, etc.

October 27, 2022

Learn more

White Paper

Ethics & Compliance

Central vs. local intake and case management under the EU Whistleblowing Directive white paper

Download this white paper to learn the specific intake and case management requirements for local subsidiaries and offices across Europe.

October 25, 2022

Learn more

Webinar

Ethics & Compliance

The role of disclosures in risk assessment and management

In this webinar, we’ll discuss developing a holistic disclosure program, making it part of your risk assessment, and using it to meet regulatory obligations.

October 04, 2022

Learn more

White Paper

Ethics & Compliance

What CCOs need to know about the DOJ compliance certification requirement white paper

Download our white paper to learn how the DOJ’s new policy will empower CCOs, and discover what opportunities this new policy presents for your program.

September 01, 2022

Learn more

Webinar

Ethics & Compliance

How to transform your ethics management program through effective employee engagement

In this webinar, we’ll discuss how to develop a successful ethics management program and how to promote trust by developing awareness.

July 28, 2022

Learn more

White Paper

Ethics & Compliance

DOJ’s 2020 update to the evaluation of corporate compliance programs

This white paper explores the 2020 DOJ Compliance Guidance Update and where it takes corporate compliance programs this year and beyond.

July 15, 2022

Learn more

Checklist

Ethics & Compliance

DOJ self-assessment checklist

This enhanced DOJ guidance sets out a baseline, or the minimum standards, to demonstrate an effective ethics & compliance (E&C) program.

July 08, 2022

Learn more

Webinar

Ethics & Compliance

Conflicts of interest and disclosures

Join this roundtable with your peers and experts in ethics and compliance to discuss how to build a successful conflict of interest management program.

July 08, 2022

Learn more

Webinar

Ethics & Compliance

Effective policy governance and distribution

Join this roundtable to discuss how to create effective policies, run effective campaigns and report on each policy’s performance and influence. 

July 08, 2022

Learn more

Webinar

Ethics & Compliance

GDPR and the EU Whistleblower Protection Directive webinar

Join this webinar to learn how to review your whistleblowing processes to comply with the EU Whistleblower Protection Directive, the GDPR and others.

July 06, 2022

Learn more

Webinar

Ethics & Compliance

Hotline reporting under the EU Whistleblower Protection Directive: Unseen consequences, issues & practicalities

While there have been many articles and discussions around the EU Whistleblower Protection Directive, several significant issues have largely gone unnoticed. 

July 06, 2022

Learn more

Webinar

Ethics & Compliance

A hotline innovation masterclass: communications, awareness & confidentiality

Learn how to effectively train and raise awareness on your hotline and how to share information on the Directive so that your company remains compliant.

July 06, 2022

Learn more

Webinar

Ethics & Compliance

Evaluating hotline vendor compliance with the EU Whistleblower Protection Directive

Join us to learn how to choose a hotline vendor, and we also cover the onboarding and implementation process so that you can meet the Directive's deadline.

July 06, 2022

Learn more

Interactive Tool

Ethics & Compliance

Compliance KPIs worksheet interactive tool

Use this worksheet to understand what data you currently have, what you're lacking that may be important, and what certain data points may indicate.

July 05, 2022

Learn more

Webinar

Ethics & Compliance

Whistleblower retaliation under the EU Whistleblower Protection Directive: the reverse burden of proof

Learn how to implement anti-retaliation measures, and how to detect retaliation throughout the whistleblowing process using some new and novel techniques.

July 05, 2022

Learn more

eBook

Ethics & Compliance

14 key requirements to effective conflicts of interest management

Read this eBook to learn the key requirements that are fundamental to building a successful conflict of interest management program.

June 30, 2022

Learn more

Checklist

Ethics & Compliance

Annual compliance program checklist

Download our annual review compliance checklist to evaluate your E&C compliance program, identify key gaps, and prepare for the future.

June 30, 2022

Learn more

Checklist

Ethics & Compliance

Anti-retaliation checklist for compliance programs

Use these 19 questions to take a holistic look at how your program can improve training, investigations, policies, & more to prevent retaliation before it occurs.

June 17, 2022

Learn more

Checklist

Ethics & Compliance

EU Whistleblower Directive checklist

Assess your company's EU Whistleblower Directive compliance with this interactive checklist. 

June 16, 2022

Learn more

eBook

Ethics & Compliance

Ultimate guide to the EU Whistleblower Protection Directive

Download our free eBook on the EU Whistleblower Protection Directive learn its key requirements, who's protected, and answers to common questions. 

June 07, 2022

Learn more

eBook

Ethics & Compliance

The secret to effective policy management

Download this eBook and discover how a centralized policy management system helps drive compliance and ethics policy effectiveness. 

May 11, 2022

Learn more

eBook

Ethics & Compliance

How to build a speak-up culture

Download this step-by-step guide on building a speak-up culture and improve reporting rates. 

April 25, 2022

Learn more

eBook

Ethics & Compliance

Quick guide to the EU Whistleblower Directive

Use this guide to learn how the new EU Whistleblower Directive will be enforced, who is subject to it, and how to comply with it.

April 20, 2022

Learn more

Infographic

Ethics & Compliance

Infographic: The impact of an effective helpline on speak-up culture

Download this infographic and learn how an effective helpline is key to building a speak-up culture. 

April 08, 2022

Learn more

Interactive Tool

Ethics & Compliance

A simple conflict of interest disclosure form template

Download and customize this conflict of interest disclosure template to begin collecting voluntary disclosures at your organization.

April 05, 2022

Learn more

Webinar

Third-Party Due Diligence

7 best practices for conducting third-party due diligence for ethics & compliance

Watch this webinar and learn the seven best practices for third-party due diligence. 

January 03, 2022

Learn more

Webinar

Privacy & Data Governance

Data breach vs. ethics breach: How to prepare for both

In this webinar, we review case studies and tips from recent breaches and analyze which situations qualify as an "ethics breach."

July 07, 2021

Learn more