Eric R. Feldman, CFE, CIG
Senior Vice President and Managing Director, Corporate Ethics and Compliance Programs
Affiliated Monitors, Inc.
For several decades, the continually evolving and increasingly more sophisticated anti-fraud profession has lamented the absence of significant, sustained and meaningful white-collar prosecutions of individual executives as a key limiting factor in creating the kind of deterrent necessary to strike a dagger through the heart of corporate fraud. Sure, we have the notorious stories of CEOs who have either stolen millions from their companies (Tyco’s Dennis Kozlowski, Adelphia’s Jonathan Rigas), or engaged in such unscrupulous and devastating accounting practices that federal prosecutors could not avoid taking significant public action (Enron’s Kenneth Lay and Jeff Skilling, WorldCom’s Bernie Ebbers, HealthSouth’s Richard Scrushy). But these cases have been the exception rather than the rule. Individual accountability has often been blurred by well-intentioned prosecutions that resulted in a multitude of deferred or non-prosecution agreements offset by relatively unimpressive fines and penalties. There have been few prosecutions of the individual executives, board members or other corporate bad actors who either committed or “recklessly disregarded” the frauds that were occurring in the company.
Clearly, the efforts of corporate ethics and compliance officers to create and sustain a strong ethical culture have been hampered, to some extent, by the absence of any real threat that those responsible for corporate wrongdoing will end up doing the “Perp Walk.” On the contrary, the cost of companies getting caught engaging in ethical misconduct (fines, penalties and even litigation costs) is often seen as a “cost of doing business” in a highly regulated environment.
Until recently, that is. Last September, the U.S. Department of Justice (DOJ) issued a memorandum to federal prosecutors on Individual Accountability for Corporate Wrongdoing. Referred to as “the Yates Memo,” after its author, Deputy Attorney General Sally Yates, the Yates Memo is widely regarded as the DOJ’s response to criticism that they tend to prosecute companies rather than individuals. This criticism reached a crescendo in the aftermath of the 2008 economic crisis amidst cries that no one went to jail (the fact that no one may have actually broken existing laws at the time notwithstanding).
The Yates Memo sets out six key steps to strengthen the DOJ’s pursuit of individual corporate wrongdoing, although critics have said it’s nothing more than a restatement of the DOJ’s existing approach. The main points of the memo are:
- In order to get credit for cooperation with an investigation or prosecution, companies must provide the DOJ with all relevant facts relating to the individuals responsible for misconduct.
- The DOJ’s criminal and civil corporate investigations should focus on individuals from inception.
- The government’s criminal and civil attorneys handling corporate investigations (e.g., DOJ prosecutors and civil attorneys from various agencies) should be in routine communication with one another.
- In most cases, culpable individuals will not be released from civil or criminal liability when resolving a matter with a company.
- DOJ lawyers should not resolve matters with a corporation without a clear plan to resolve individual cases, and should formally record the reasons for any decision not to proceed against the individuals.
- The DOJ’s civil attorneys should consistently focus on individuals as well as the company and evaluate whether to bring suit against an individual based on considerations beyond that individual's ability to pay.
The subtext of the memo is that only companies that meet the cooperation requirements can qualify for a Deferred Prosecution Agreement (DPA).
So, what does this memo mean for companies whose behaviors, and corporate ethics and compliance programs, have been driven by the tenets of the Organizational Sentencing Guidelines? Actually, it means a lot. First, let’s address what this policy pronouncement does not mean.
- It does not mean that companies no longer need to demonstrate that they have an effective and meaningful ethics and compliance program. This is still of paramount importance to the DOJ, SEC and most regulatory agencies as they determine whether or not to prosecute companies for the ethical misconduct perpetrated by “bad actors.”
- It does not mean the government has diminished its concern about the strength of corporate ethical cultures in preventing and detecting fraud or other misconduct. The government will continue to look at the effectiveness of ethics training, alignment of the right corporate incentives, anonymous reporting hotlines, and employees’ comfort level in reporting issues when determining whether to give companies credit, or even prosecute at all, under the Organizational Sentencing Guidelines.
- It does not diminish the need for companies to self-report fraud or ethical misconduct to the government. In fact, the self-reporting requirement is more important than ever in the cooperation calculus.
What the Yates Memo does mean is that the quality, sufficiency and professionalism of a company’s internal investigations will be factored into civil and criminal investigations more consistently. At a conference hosted by Global Investigations Review September 22, 2015, Assistant U.S. Attorney General Leslie Caldwell
clarified the purpose of the Yates Memo, stating that it has created a new policy focus for all prosecutors in the DOJ. Specifically, Caldwell said the memo was aimed at correcting situations where some U.S. Attorneys’ Offices “were quick to resolve cases with corporations without really even investigating individuals,” or attempting to identify who was responsible.
Caldwell also said the memo was intended to press companies under investigation to do more than just “comply with a subpoena,” that is, to give the DOJ the facts, especially about what happened, who did it, who knew, who participated and who said what. By directing companies to provide all relevant facts in order to qualify for any cooperation credit, the DOJ is pushing companies to conduct thorough, proactive and timely investigations into the individuals involved. As a result, the memo sends the message that if a company expects leniency, even if it has created a strong ethics and compliance program in accordance with the Organizational Sentencing Guidelines, it will have to expose the individuals involved in wrongdoing. Deputy Attorney General Yates summarized the essence of her memo when she said, “We mean it when we say, ‘You have got to cough up the individuals.’”
Based on Yates’ Memo and Caldwell’s public statements, companies should consider the following points about their internal investigative capabilities:
- Companies must develop a thorough process to triage all serious employee complaints and allegations at the corporate level, rather than permit lower level managers to address misconduct as they see fit.
- Companies should conduct thorough, proactive and timely investigations into potential, substantial violations of the law.
- Corporate ethics and compliance offices will need to be able to demonstrate that they follow appropriate investigative processes. Appropriate processes may involve use of outside counsel; professionally trained, Certified Fraud Examiners or investigators (internal or external); and other measures indicative of integrity and independence.
Developing and maintaining a substantial and robust ethics and compliance program that prevents and detects employee wrongdoing will help lighten the burden created by this new DOJ focus on individuals. This program should be subject to regular independent third-party assessments to ensure its effectiveness and credibility with government agencies.
*The author previously posted this material in Compliance and Ethics Professional.
For more information, contact Sarah Hofmann, Public Relations Specialist, at (512) 478-9000 ext. 324 or