Department of Justice: 2022 updates to corporate compliance guidance

What the recent updates to DOJ guidance mean for corporate compliance teams

Kelly Maxwell
Content Marketing Specialist, OneTrust
November 8, 2022

View of a city street with government buildings on either side

Corporate compliance officers already have their work cut out for them – but after this year’s updates from the Department of Justice (DOJ), they’ll need to update their executive teams and boards of directors on the new, more aggressive approach to enforcement. In a September 15, 2022, speech at NYU’s Program on Corporate Compliance and Enforcement, US Deputy Attorney General (DAG) Lisa O Monaco stated, “…we won’t accept business as usual. With a combination of carrots and sticks – with a mix of incentives and deterrence – we’re giving general counsels and chief compliance officers the tools they need to make a business case for responsible corporate behavior.”

Following her watershed 2021 memo, this speech and the accompanying memorandum, now commonly called the “Monaco memo 2.0” or version 2 of the Monaco memo, expands the framework for cracking down on corporate crime and announced policy changes focused on individual accountability and speedy case resolution. DAG Monaco, affirming the top priority for the DOJ’s newly-formed Corporate Crime Advisory Group, provided new details regarding individual accountability, corporate enforcement factors, and the usage of independent compliance monitors.

Doubling down on these priorities and allowing for no ambiguity on the DOJ’s fortified focus, Assistant Attorney General (AAG) Kenneth Polite made a speech at the University of Texas the next day, outlining how the DOJ’s Criminal Division will “combat corruption and fraud in our corporate sector” and reduce corporate financial penalties for companies that claw back compensation from offending executives.

The DOJ’s new policy is designed to empower CCOs and their teams, but what does this guidance mean for you? We’re joined by OneTrust Senior Compliance Counsel, Gbemi Yusuff for some expert analysis. Stick with us as we unpack what this DOJ compliance guidance is and what it means for CCOs and CEOs.

Still looking for more expert analysis? Check out this essential whitepaper, What CCOs Need to Know About the DOJ Compliance Certification Requirement, and discover what opportunities and challenges these new policies presents for your program.

Download Whitepaper: What CCOs Need to Know About the DOJ Compliance Certification Requirement

DOJ policy announcements

DAG Monaco announced several Department-wide policy revisions, providing updated guidance on the following 5 policies:

  1. How delays will impact resolution agreements
  2. How a corporation’s unique history of misconduct must be considered when determining appropriate corporate case resolution
  3. The benefits of voluntary corporate self-disclosure of misconduct
  4. The use of independent compliance monitors, including their selection criteria, scope of work, and appropriate monitor oversight
  5. The importance of a strong corporate culture and how prosecutors will evaluate components of a corporate compliance program

The importance of timely cooperation

Acknowledging their need to “do more and move faster,” DAG Monaco outlined the need for speed from companies and individuals. Any intentional delay in disclosures, from both corporations and implicated individuals, “particularly those that show individual culpability,” will result in reduction or flat-out denial of cooperation credit. Further turbocharging their efforts to expedite investigations, DOJ prosecutors will seek criminal charges against individuals prior to or concurrent to entering a resolution against a corporation.

Corporate history of misconduct

According to DAG Monaco, “between 10% – 20% of large corporate criminal resolutions have involved repeat defenders.” Previously, the DOJ announced that prosecutors must consider the entirety of a company’s prior misconduct when determining appropriate resolution, but the Monaco memo outlines more detailed evaluation guidance for corporate recidivism. Placing a greater emphasis on prior misconduct and corporate culture, the DOJ acknowledges that “not all instances of prior misconduct are created equal.” The root cause of the misconduct will be considered.

This holistic view will examine broader issues in a weakened compliance culture, examining shared management teams or executive leadership in recidivist companies. Allowing for zero ambiguity, DAG Monaco stated, “If any corporation still thinks criminal resolutions can be priced in as the cost of doing business, we have a message – times have changed.”

Voluntary self-disclosure and corporate cooperation

The DOJ now expects voluntary self-disclosure from companies, demanding that they “step up and own up to misconduct.” Voluntarily coming forward to self-report is seen as a good indicator of a well-designed compliance program and a healthy corporate culture and is the “clearest path for a company to avoid a guilty plea or an indictment.” The DOJ’s simple goal is “to reward those companies whose historical investments in compliance enable voluntary self-disclosure and to incentivize other companies to make the same investments going forward.”

Most importantly, the DOJ announced a new common principle: “Absent aggravating factors, the Department will not seek a guilty plea when a company has voluntarily self-disclosed, cooperated, and remediated misconduct. In addition, the Department will not require an independent compliance monitor for such a corporation if, at the time of resolution, it also has implemented and tested an effective compliance program.”

For a company to demonstrate their commitment to compliance program enablement, they must concurrently invest in other strategic areas within their organization. According to Yuseff, “How you organize your sales team or other core business operators, outside the compliance function, says more about your values and corporate culture of compliance. Incentivizing and investing in your people shows exactly what you’re prioritizing.”

Screening and monitoring independent compliance monitors

Addressing the call for more transparency, DAG Monaco released “new guidance for prosecutors about how to identify the need for a monitor, how to select a monitor, and how to oversee the monitor’s work to increase the likelihood of success.” To lead with consistency and transparency, DOJ prosecutors will select monitors using a documented process. They will also endeavor to monitor the monitors to “to ensure they remain on the job, on task, and on budget.”

DAG Monaco knows that simply having a compliance department is not enough; “… it must also be backed by, and integrated into, a corporate culture that rejects wrongdoing for the sake of profit. And companies can foster that culture through their leadership and the choices they make.”

Building a culture of compliance has previously been emphasized in DOJ guidance for corporate compliance programs. Now, the DOJ is looking for “compensation systems that use affirmative metrics and benchmarks to reward compliance-promoting behavior.” On the deterrence side, the DOJ is also looking for companies to have and enforce clawback policies that punish misconduct and fraud.

For Yuseff, this is where the DOJ’s guidance clearly demonstrates how to practically empower the corporate compliance function, “How are employees compensated? How is compliance or ethical behavior featured? How do you incentivize people to behave ethically? The DOJ is really highlighting how compensation can help incentivize compliant behavior.”

Criminal Division emphasis on personal liability

AAG Polite took these policy recommendations from DAG Monaco and offered further clarification. Most notable is emphasis on personal liability, described by Polite as the need to “shift the burden of corporate financial penalties away from shareholders – who in many cases do not have a role in misconduct – onto those more directly responsible.” Building off the new guidance from DAG Monaco, AAG Polite spelled out the specific “aggravating factors” the Criminal Division will consider. These “will include, but are not limited to, involvement by executive management of the company in the misconduct, significant profit to the company from the misconduct, or pervasive or egregious misconduct.”

CCO Certifications

In March of 2022, AAG Polite announced a new Criminal Division policy where corporate settlements would require both the Chief Executive Officer (CEO) and the Chief Compliance Officers (CCO) to certify their programs as being “functionally effective” and “reasonably designed and implemented” to detect and prevent violations of the law.

AAG Polite, a former CCO himself, acknowledged the weight of the responsibilities placed on the shoulders of CCOs. According to Yuseff, this fortification and resourcing will ensure that CCOs are “considered members of the executive team and will be empowered to make decisions no one else has the ability to make. CCOs are not the first line of defense, they oversee the first line of defense in the business.”

Carrots and sticks, a vision for the future

The 2022 updates from the DOJ, from both DAG Monaco and AAG Polite, make clear that the DOJ wants to “make the business case for responsible corporate behavior” and emphasize the importance of “individual accountability and corporate responsibility.” DAG Monaco summarizes herself, “In short, we’re empowering companies to do the right thing – and empowering our prosecutors to hold accountable those that don’t.”

AAG Polite also offered his full-throated support, “Taken together, these policies, practices, and personnel decisions demonstrate our unwavering commitment to both individual and corporate accountability, while incentivizing those same actors to invest in strong compliance and internal control measures that consistently, quickly, and effectively prevent, detect, report, and remediate wrongdoing.”

But empowerment is not one-size-fits-all, Yuseff concludes: “Consider your compliance program holistically and examine the gaps you have. Where one company may have the right technology in place, they might suffer from terrible communication or supporting training. By understanding your program’s unique weaknesses, based on this DOJ compliance guidance, you can figure out what is actually most important for you and your resources and then you can prioritize accordingly.”

Ready to demonstrate your commitment to individual and corporate accountability? Download our free whitepaper, What CCOs Need to Know About the DOJ Compliance Certification Requirement.

Download Whitepaper: What CCOs Need to Know About the DOJ Compliance Certification Requirement

You may also like


Ethics Program Management

Ethics Exchange: Third-party applications and ephemeral apps

Learn practical advice on how to navigate the risks of ephemeral apps and employee privacy in BYOD world.

November 09, 2023

Learn more


Speak-Up Program Management

Navigating the EU Whistleblower Protection Directive: New rules, new risks

Join our expert-led webinar where we explore the EU Whistleblower Protection Directive and practical steps towards compliance. 

November 02, 2023

Learn more


Ethics Program Management

Ethics Exchange: Risk assessments

Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.

October 25, 2023

Learn more