The 2022 Monaco Memo: Key Takeaways for Compliance Teams

Banner artwork by PaeGAG / Shutterstock.com

Last fall, US Deputy Attorney General Lisa Monaco issued a follow-up to her October 2021 memorandum on the Department of Justice's existing corporate criminal enforcement policies and practices. This iteration is designed and written as guidance to prosecutors on a defendant’s accountability and instructs an evaluation of the defendant’s:  

• History of misconduct 
• Self-disclosure and cooperation 
• Existing compliance program  

These memos provide a wealth of insight into the DOJ’s thinking and how they expect compliance programs to function. We also know these documents are somewhat difficult to navigate. There is a plethora of commentary to read and examine about this memo (and its predecessor), and I highly encourage you to avail yourselves of it. For my part, I break the memo into three high-level parts — accountability, assessment, and application of corrective action — and offer suggestions for compliance practitioners to enhance their programs and themselves.  

Accountability 

The DOJ focuses on both personal and corporate accountability, and moves swiftly into describing how to prove it. The time frame is not just what occurred in the past, but also what is happening now (for example, timeliness in notification to prosecutors: “once discovered” vs. “delay inhibited investigation”). Being prepared to produce documentation from the time period of the misconduct will be critical. To achieve this, records thoroughly describing current compliance program activity at your organization need to be created and actively maintained. If current documentation practices do not demonstrate accountability for a given set of actions, enhancement of those recordkeeping efforts should be a primary focus going forward.  

Additionally, demonstration of accountability extends to an organization’s response to the Department’s requests. What the DOJ seems to be suggesting is that a response should consider the spirit of the request, not the specificity. This is antithetical to how many of us were trained, but now seems to be the expectation.   

Prosecutors will also actively consider past misconduct — criminal, civil, and regulatory actions — in all jurisdictions, and it is likely prosecutors will expect the organization to describe and demonstrate this history. Being prepared to produce a list and summary of all prior criminal resolutions in the last 10 years, civil/regulatory resolutions in the last five years, and any known pending investigations by any jurisdictional authority will be important, which again speaks to the need to ensure excellent documentation practices. The data elements include:  

• Form of resolution  
• Associated sanctions or penalties 
• Elapsed time 
• Facts and circumstances 
• Factual admissions  
• Similarity in nature, even if under a different statute 
• Probationary status  

Prosecutors are also expected to weigh each of these factors, with more weight applied to recent criminal resolutions, an appearance of the same personnel or management in the current misconduct, or the same root cause. 

Prosecutors will strive to seek individual criminal charges prior to or simultaneously with a corporate resolution. In particular, an organization's leadership team, which likely includes leaders in the compliance and ethics functions, needs to be on notice. Therefore, individuals within the organization should be clear on defense and protection policies. Organizations should also be prepared to defend on multiple jurisdictional fronts. It will be interesting to see over time to which jurisdictions the DOJ defers as they make specific determinations as to whether an effective prosecution can or will occur in another jurisdiction. 

All this being said, voluntary disclosures are still highly encouraged, even if an organization has a history of misconduct. The carrot is that guilty pleas will not be sought, and independent monitors will not be required. The catch is that everything must be done correctly during the process to take advantage of those benefits.  

High-level takeaways from this section: 

• Assess, confirm, and enhance document retention, and when asked to produce documentation, being too literal about the request may be detrimental. 
• Pro tip: The memo’s footnote describes the records they expect. If you do not already have those, find and organize them into your retention systems. 
• Be prompt, even if your organization is uncomfortable with the documentation being produced. 
• Multiple facets of the prosecution are likely happening simultaneously. 
• Ensure the individual responding to a request knows the organization’s history, including outcomes and actions taken (or possibly not taken) to address issues. 
• Recent misconduct, the same people, and the same root causes are the Department’s focus. If resources are limited, an organization’s focus should be on the recent past before working backward chronologically.  
• Be prepared to take responsibility for new mistakes, even if the organization is still addressing prior issues. 

Assessment 

The DOJ has now made it clear that having an effective compliance program does not provide a defense for misconduct. Despite that, compliance programs will also be assessed at two points in time: at the time of misconduct, as well as at the time of charging. So, while having one is not a defense, not having one will be difficult to explain.  

This multipoint assessment requires that organizations have a thorough understanding of their compliance program history, improvements, current status, and ability to address risks. Timelines need to be connected, and therefore solid documentation and records detailing program actions will be critical to mapping a program’s history to the timing of the misconduct being investigated.

 Once again, this memo does an excellent job outlining relevant compliance program factors.  

Some new factors described in this memo include data on compensation structures, policies on clawback provisions or retroactive discipline, incentivizing of compliance-promoting behaviors, and use of non-disclosure or non-disparagement provisions. Additionally, the DOJ notes a policy on personal devices and third-party applications. They describe what should be in such a policy (preserve business-related electronic data and communications), and will make an assessment as to whether an organization issued clear training and can demonstrate enforcement. All of this is very in the weeds, so that alone should underscore its importance.  

High-level takeaways from this section: 

• While having an effective program is not a defense, it does not mean that having a program is unimportant.  
• Despite past misconduct being a factor, the “moments in time” are more critical and organizations should be able to demonstrate continuous program improvement, particularly after a misstep.  
• Compliance program factors are explicitly outlined, again, and have remained consistent for years.  
• Some new factors are compensation-focused, and therefore organizational leaders’ compensation plans should be tied to compliance outcomes.  
• If an organization does not already have a policy on personal devices and third-party apps, one needs to be adopted soon and afforded the appropriate level of training.  

Application of Corrective Action 

The memo instructs organizations to be accountable, and in this section, they tell us that they intend to do the same.  

Insight is provided on how and when monitorships will be applied. “Fact-specific” is the term used, which will likely tie directly back to what is discovered during the accountability and assessment portions of these investigations. If an organization is being open and transparent (e.g., following the “spirit” of the request, not just the letter), it may be fair to request cooperation credit if prosecutors seem to be considering a monitorship as part of the resolution.  

The DOJ also states that the process of determining a monitorship will be transparent and free of any conflicts (on the prosecutor side — which is concerning if it was not previously). Additionally, prosecutors will regularly communicate with the monitor, and continuously review the status of the resolution. This may feel a bit strong, but does seem to align with the direction to consider past bad behavior.  

Also, all agreements will include facts describing the misconduct, the Department's considerations for entering into the agreement, and the reasoning for a monitor. This data will be tremendously helpful going forward in providing additional insight and potential guidance on the direction the DOJ is heading with prosecutions and resolutions.  

High-level takeaway from this section: 

• This section is for the DOJ’s units, but it will be interesting to watch this information flow over time as it should provide even more direct guidance.  

Finally, I would be remiss in failing to thank the DOJ, DAG Monaco, and her entire team for putting this information together and making it available to the regulated community. It is easy for those of us on the practitioner side to forget that these types of guidance memoranda are not mandatory, and it is not every day that we get to glimpse behind the curtain. Cynically, this could be seen as a warning. I prefer to view it as a head’s up. Therefore, my final recommendation: Take advantage of it. 

Thank you for taking time to read and consider my thoughts on this memo. Send me your feedback and let’s talk about enhancing compliance programs. Connect with me at jennifer@thebroadcat.com, or via LinkedIn at linkedin.com/in/mutigerjennifer.