During a speech last week to a group of white collar defense attorneys, John Carlin, a senior official at the Department of Justice (DOJ) confirmed what many in the white collar and corporate compliance space have been preparing for since January: the DOJ is devoting a “surge” of resources to ramp up its white collar enforcement efforts. According to a report by The Wall Street Journal*, Carlin listed several agency actions that are either in the works or already underway:
- Embedding Federal Bureau of Investigation agents within the DOJ, including a new “squad” of dedicated agents in the agency’s fraud section, to focus on investigations into foreign bribery, market manipulation, and healthcare fraud cases;
- Enhancing efforts to incentivize companies to develop compliance programs to preemptively prevent legal violations by employees;
- Developing new tools, including the use of data analytics, to identify corporate wrongdoing (and encouraging corporations to do the same); and
- More strictly enforcing the terms of deferred- and non-prosecution agreements.
Although the increased focus on enforcement should not come as a surprise to careful (or even casual) observers, the DOJ’s emphasis on preemptive compliance suggests the agency will be receptive to organizations who are proactively improving their compliance practices.
Companies should consider reviewing their compliance policies and implementing certain best practices to minimize the risk of being swept up in any future enforcement pushes:
- Ensure the “tone from the top” encourages a culture of compliance among all levels of employees, from senior executives to entry-level workers. Companies with an ingrained message of compliance at all levels of the organization are more likely to catch compliance issues early or avoid them altogether. When employees hear their supervisors and company management encouraging a culture of compliance, ethical action, reporting, and anti-retaliation, they are more likely to raise “minor” issues they might otherwise keep to themselves, allowing the organization to address and remediate compliance concerns before they become major problems.
- Enable employees to raise concerns through confidential and accessible reporting channels. Companies should create avenues for reporting compliance concerns outside of an employee’s usual reporting chain (e.g., from employees to their direct supervisor). In addition to ensuring that legal and/or compliance representatives are accessible to all employees, organizations should implement a reporting hotline where employees can raise compliance issues anonymously.
- Explore new technology and data analytics to identify and monitor compliance risks. In light of rapid changes in technology and a renewed focus on a digital workplace in the wake of COVID-19, now is the perfect time for companies to explore data analytics tools that can help identify and track compliance risks within their business.
- Identify high-risk areas within the organization. Depending on the nature of the business, certain processes or groups may entail an inherently higher risk of corporate misconduct than others. Companies can identify and prioritize those areas by conducting a risk assessment so they can manage and monitor specific compliance concerns.
- Thoroughly investigate and consider self-reporting any compliance issues. Even as the DOJ ramps up enforcement of all white-collar crime and corporate misconduct, the agency will still need to prioritize its prosecution efforts. As companies identify high-risk areas within the organization, they should take note of any potential issues and investigate those early in the process. Early identification provides the organization with an opportunity to remediate compliance gaps and consider whether additional action, including self-disclosure to regulatory authorities, should be undertaken.
As a matter of course, organizations should be continually evaluating their compliance systems and looking for areas of improvement. Implementing the above practices can help identify and address compliance risks early in the process, thereby minimizing the risk of a DOJ enforcement action in an environment where such actions are likely to become increasingly common.