Fall cleaning: Is your compliance program up to date?

Typically, the start of the new year or beginning of spring is the traditional time for taking stock and ensuring that everything is shipshape. But this fall has seen a host of important developments that warrant compliance teams’ attention now, rather than later. In particular, the Department of Justice Criminal Division has made its enforcement priorities clear in a September 15, 2022, policy announcement and set specific expectations for corporate E&C programs that should be met now, rather than later. 

What are the latest compliance developments from regulators? 

In announcing the policy changes, Deputy Attorney General Lisa Monaco made clear that personal accountability—by employees, executives and board members—was the Department’s number one priority. As part of that focus, the policy addressed the importance of incorporating ethical considerations into an organization’s performance and incentive management system and restricting and controlling the use of personal devices or apps to conduct business. Keeping risky transactions off company email or messaging can not only evade scrutiny internally, but also frustrate companies’ ability to cooperate fully with a DOJ investigation. 

In addition, the SEC recently dusted off a little-used section of the antitrust laws. Late last month, the regulator announced that seven directors at five companies resigned after the DOJ raised concerns about antitrust violations. The directors in question were in potential violation of Section 8 of the Clayton Act, an obscure, century-old law that bans executives and board members from serving on the boards of competing companies.

In announcing the action, Jonathan Kanter, assistant attorney general of the Justice Department’s Antitrust Division said:

“[c]ompetitors sharing officers or directors further concentrates power and creates the opportunity to exchange competitively sensitive information and facilitate coordination….”   

To take action under Section 8, prosecutors don’t have to show that any confidential or sensitive information was actually passed or divulged; merely that there is overlap in the competing companies’ boards. Section 8 also applies to representatives of venture capital firms or investors who have investments in competing companies. 

What E&C updates should I make in light of regulators’ actions? 

Compliance teams can take steps now to ensure their programs meet these regulatory developments. Here are three action items to add to your “fall cleaning” list. 

1) Review your performance management, incentive system, promotion process, and claw-back rules. 

In announcing the new DOJ policy, DAG Monaco stated:  

“Going forward, when prosecutors evaluate the strength of a company’s compliance program, they will consider whether its compensation systems reward compliance and impose financial sanctions on employees, executives, or directors whose direct or supervisory actions or omissions contributed to criminal conduct. They will evaluate what companies say and what they do, including whether, after learning of misconduct, a company actually claws back compensation or otherwise imposes financial penalties.”  

LRN’s research over the years indicates that many companies now use ethical behavior as a significant factor in compensation, bonuses, hiring, and promotion. Our 2022 E&C Program Effectiveness Report indicated that 88% of the top-rated E&C programs employed such criteria.   

But just adding a few questions and asking supervisors to check the box on an employee’s ethical performance is unlikely to pass muster. A recent episode of LRN’s Principled Podcast focused on how SOFEC, an international oil and gas company, ensured that ethics and compliance behavior ranked on a par with other company functions in terms of how much weight it carried in performance review metrics and what KPIs can be considered. 

It's important to work with Human Resources to ensure that not only performance reviews and incentives truly reflect the importance of an employee’s ethical behavior, but also the promotion process. Promoting high performers who flout the rules will attract negative attention from prosecutors if they engage in misconduct—no matter how good your E&C program looks on paper. 

Claw-back rules are another area to review and update. On October 26, 2022, the SEC issued a final rule that all securities exchanges must require issuers to recover amounts of incentive compensation from current and former executives that were based on erroneously reported financial information, regardless of whether the executive was at fault.   

In addition, most publicly traded companies have claw-back policies to recover compensation in circumstances in which misconduct occurred. For the DOJ, what’s important is that organizations have such policies and use them to demonstrate a commitment to personal accountability if misconduct takes place. 

2) Review your personal device policy 

Reviewing your current policies on the use of personal devices in light of the new DOJ policy is important. A highlight in the September 15 DOJ policy announcement was the explosive growth of personal devices to conduct company business and third-party messaging apps, which can be encrypted and feature ephemeral messaging. The DOJ takes the view that these phenomena pose significant corporate compliance risks to monitoring misconduct and disclosing data during a misconduct investigation. 

DOJ will take into account in assessing company credit for its E&C program and its level of cooperation in a misconduct investigation whether it took sufficient steps to “ensure” it can timely preserve, collect and disclose all data contained on phones, tablets, and other devices used by employees for business purposes. 

3) Update your board’s conflict of interest disclosures 

Board members routinely disclose and update potential conflicts of interest in the process of being selected, onboarded, and as part of yearly disclosures. But five companies—all from the tech sector—and seven directors were cited by the SEC under Section 8 of the Clayton Act, as noted above, for serving with competing entities. All of them resigned voluntarily rather than trigger fines for the companies. 

Thus, it’s time to review your board of directors’ conflict of interest disclosure form and sharpen its focus on work for competing organizations. Not every association with a competitor will be disqualified but knowing what relationships board members have and with what entities is part of good compliance. It would also be prudent to include Section 8 requirements in annual board ethics and compliance training, another good practice. 

The key takeaway 

As the DOJ stated in its 2020 Evaluation of Corporate Compliance Programs Guidance, it’s important to not to let your E&C program become a static snapshot of last year’s risks or go on cruise control. The policy shifts discussed above are important and responding to them will demonstrate the strength of your program and help protect the organization from the consequences of misconduct. 

To learn more about the impact of DOJ policies on compliance, download a copy of LRN’s 2022 E&C Program Effectiveness Report and subscribe to the Principled Podcast. 

This article originally ran on The Compliance & Ethics Blog.