The Governance Implications of DOJ’s New Corporate Fraud Enforcement Guidance
- March 15, 2024
- Michael W. Peregrine , McDermott Will & Emery
- Ashley C. Hoff , McDermott Will & Emery LLP
In a series of presentations to the American Bar Association’s 39th National Institute on White Collar Crime in early March, senior Department of Justice (DOJ) leaders provided updates on existing initiatives under its ongoing corporate enforcement program and introduced important new initiatives of that program. Both carry great significance for board oversight of the corporate compliance risks of health care organizations.
Notably, this significance also extends across key board committees, from Audit & Compliance to those with responsibility for oversight of executive compensation and emerging technology, particularly artificial intelligence (AI). Projecting forward, it will likely prompt additional horizontal coordination between these committees and their related executive team representatives. These DOJ initiatives project increased expectations of corporate officers for compliance engagement.
As to the updates on ongoing initiatives of DOJ’s corporate enforcement program, the key governance-related takeaways include:
- Individual Accountability: From a board oversight of management perspective, both the Attorney General and the Deputy Attorney General made it very clear that DOJ’s top priority in corporate criminal cases is to prosecute the individual “bad actors” who commit and profit from corporate malfeasance, including those “in the corner office.” DOJ views individual accountability for wrongdoing as essential to building public trust. At the same time, DOJ believes that accountability encourages investments in building a culture of compliance. These are both messages that the legal and compliance teams should communicate to executive and board leadership; the priority attached by DOJ to individual accountability should not be underestimated.
- Voluntary Disclosure: DOJ is pleased with the response to its year-old corporate enforcement policy revisions encouraging companies to take responsibility, through voluntary self-disclosure, for misconduct within their organizations. The benefits of self-disclosure remain conditioned on a first-in-the-door strategy; i.e., the advantages to the company when it reports the violation rather than waiting for DOJ to discover it. Even in the absence of voluntary self-disclosure, a vital benefit remains available as DOJ will carefully consider companies’ cooperation and remediation efforts in crafting resolutions. If DOJ becomes aware of the misconduct first, companies should consider opportunities for cooperation with the government and immediately address issues surrounding the misconduct through changes in policy and procedures. Recidivism is an important factor for DOJ consideration, as well, so companies should be ready to address any misconduct history in negotiations. Decisions regarding voluntary disclosure and corporate cooperation should ultimately be made at the governing board level, so board/Audit Committee awareness of these policies (and their underlying goals) is important.
- Financial Based Compliance Incentives/Disincentives: The Audit & Compliance and Executive Compensation Committees should be aware that DOJ continues to encourage corporations to establish compliance-based financial incentives and disincentives within executive compensation arrangements. While compensation clawbacks are unpopular with many executives, DOJ applies a dollar-for-dollar credit to companies that claw back or withhold compensation from culpable employees. Per the Deputy Attorney General, “Nothing focuses the mind like the prospect of a pay cut.” DOJ’s continued reference to compliance-grounded financial incentives and disincentives merits renewed consideration of these methods by the board, no matter their unpopularity and the possible lack of broad-based health industry acceptance to this point.
- Cooperation Credit: The ability of a corporation to receive credit for its cooperation with DOJ in the context of an investigation remains subject to the corporation providing DOJ with all non-privileged information about individuals involved in or responsible for the misconduct at issue, a requirement that can create significant internal management level conflict. In the face of potential enforcement action, corporate executives should expeditiously weigh the benefits of cooperation in making decisions about next steps. Yet, from DOJ’s perspective, “no matter how good a company’s cooperation, a resolution will always be more favorable with voluntary self-disclosure.
- M&A Whistleblowing: DOJ continues to emphasize availability of its 2023 safe harbor program intended to incentivize companies engaged in acquisitions to surface misconduct about the acquiree identified in the context of their due diligence and report it to DOJ in a timely manner. DOJ believes companies have a greater opportunity to mitigate any inherited legal risks in acquisitions through participating in the safe harbor program.
As to the important new initiatives of DOJ’s corporate enforcement program, the key governance-related takeaways include:
- New Whistleblower Program: DOJ is initiating a new corporate fraud/misconduct-grounded whistleblower rewards program that will be focused on corporate and financial misconduct that is not otherwise covered by the existing “patchwork quilt” of whistleblower incentives generally only available for fraud against the government, such as that covered by the False Claims Act (FCA). Notably, in addition to concerns about FCA qui tams, health care companies and their compliance programs will now need to look out for whistleblower reports on wrongdoing in areas such as financial arrangements, laboratory research, employment actions, bribes/ inducements not covered by the Anti-Kickback Statute or Stark Law, and fraud against private insurance companies. Audit & Compliance committees must assume now that wherever there is daylight between health care industry business activity and the FCA, DOJ’s new whistleblower program will fill in the gap by attracting “bounty hunters” to identify and report misconduct for a share in the resulting forfeiture. DOJ will take the next three months to flesh out the program with a formal start date later this year. It will be important for the Audit Committee, working with the chief legal officer and the chief compliance officer, to use this time to develop internal programs and policies in response to this new whistleblower threat.
- Compliance and AI Risks: DOJ prosecutors will henceforth consider the extent to which a company assesses disruptive technology risks when evaluating the effectiveness of its corporate compliance program. Indeed, DOJ will be amending its Evaluation of Corporate Compliance Programs guidance (ECCP), which is considered closely by many organizations in the development of their own programs, to reflect that new focus. Whether a company includes AI risks within its corporate compliance program, directly or through some connection with the Enterprise Risk Management function, may thus be an important future consideration for the board and its Audit & Compliance Committee—perhaps in connection with the Technology Committee. Specific leadership education may be needed, however, to achieve the necessary “buy in” from the company’s technology officers if the compliance program is to be expanded to cover AI risks, in the manner envisioned by DOJ.
Summary
The core governance message is that DOJ continues to emphasize its commitment to corporate enforcement in ways that will require more engaged board oversight—not only through the Audit & Compliance Committee but through or in conjunction with other committees (e.g., executive committee, executive compensation, and technology) as well.
This is particularly the case with respect to the new whistleblower program, and the equally new emphasis on including assessment of AI misuse risk within the context of compliance program effectiveness—both of which carry great significance and should be brought to leadership’s attention.
DOJ’s new whistleblower program will be in a development stage for the next 90 days with formal implementation to come later this year. While waiting for the formal rollout of this new program, companies should review their antifraud strategies and carefully examine compliance hygiene. Additionally, a best practice is to shore up internal mechanisms for employees to alert their employers about misconduct, such as company hotlines. The company’s chief legal officer, perhaps teaming with its chief compliance officer, may wish to brief key board committees and senior executive leadership on these important developments.
About the Authors
Michael W. Peregrine is a partner, and Ashley C. Hoff is Counsel, with McDermott Will & Emery. Mr. Peregrine is an AHLA Fellow, and Ms. Hoff is formerly the U.S. Attorney for the Western District of Texas.
Bibliography
Attorney General Merrick B. Garland Delivers Remarks to the ABA Institute on White Collar Crime, March 3, 2022, https://www.justice.gov/opa/speech/attorney-general-merrick-b-garland-delivers-remarks-aba-institute-white-collar-crime.
Deputy Attorney General Lisa Monaco Delivers Keynote Remarks at the American Bar Association’s 39th National Institute on White Collar Crime, March 7, 2024, https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-keynote-remarks-american-bar-associations.
*This article was shared with AHLA's Hospitals and Health Systems Practice Group.