Compliance Technology, DOJ Investigations & the Yates Memo

By Cindy Cook DeRuyter | Published May 5, 2016

Note: This is a guest post by Cindy Cook DeRuyter who spent more than 19 years in financial compliance and operations roles for firms including RSM Wealth Management, Nuveen Investments and US Bancorp Asset Management

It has been almost eight months since U.S. Deputy Attorney General, Sally Quillian Yates, issued a memo titled "Individual Accountability for Corporate Wrongdoing." The guidance provided in the memo (the "Yates memo"), discussed more fully below, was intended to outline steps government attorneys should take in any investigation into corporate misconduct, and to ensure consistency across the U.S. Department of Justice (DOJ.)

At its core, the Yates memo is about holding individuals accountable for violating laws and regulations in corporate criminal and civil matters, helping to deter future misconduct. Corporations under investigation may receive credit for cooperating with the government if they can, and do, turn over all relevant information about individual wrongdoers.

An analysis of the memo and subsequent clarifications provides some guidance to compliance officers and other senior leaders in any organization, in any industry, and serves as another reminder about the importance of solid corporate governance.

Overview of the Yates Memo

Essentially, the principles outlined in the Yates memo provide a framework for federal prosecutors to follow in determining whether to bring charges against corporations in criminal and civil matters. The six key steps identified in the memo are summarized as follows:

To qualify for "cooperation credit", a corporation must provide the DOJ with all relevant facts about all individuals involved in the misconduct, regardless of their seniority level in the organization. As the threshold hurdle, this step essentially says that if a company fails to investigate and identify responsible parties or fails to provide non-privileged evidence, the company will not receive any credit for cooperating with the DOJ in other aspects of the case.

  1. Both criminal and civil investigations should focus on individuals from the start of the investigation.
  2. Attorneys handling criminal and civil investigations of corporations should be in "routine communication" with one another.
  3. When the DOJ is resolving a corporate investigation, it will not provide immunity to culpable individuals, "absent extraordinary circumstances or approved departmental policy".
  4. When resolving corporate matters, DOJ attorneys should also have a clear plan to resolve related individual matters.
  5. Civil attorneys should also focus on individuals as well as the company and, in making determinations about whether or not to bring suit against individuals, they should consider additional factors such as accountability, deterrence and the ability to pay.

Automate Compliance DemoSince it was published, the Yates memo has been incorporated into DOJ manuals and policies, and has been further clarified. The DOJ has reassured companies that it does not expect them to waive privilege with respect to information collected during an internal investigation, however companies must be prepared to turn over all relevant non-privileged information.

Actions Companies Should Take

The Yates memo ultimately reminds companies that their best defense against corporate actions is being proactive. As the Yates memo's first principle outlines, in order to receive cooperation credit, a company must provide the DOJ with all relevant facts.

Although the Yates memo was written for government officials and attorneys, there are certain actions companies' compliance officers and other senior leaders should take now, in order to be prepared to provide the government with all relevant facts:

  • Lead from the top. These compliance and ethics policies need to be supported at the highest levels of the organization, both in terms of conduct and resource allocation.
  • Implement robust compliance and ethics programs designed to prevent, detect, and correct violation of laws and regulations.
  • Implement ongoing training, and communicate compliance and ethics policies and expectations regularly.
  • Have mechanisms in place for employees to report issues, and make sure employees know how those mechanisms work.
  • Respond swiftly when issues are raised. If warranted after an internal investigation, appropriate action must be taken. In a November 16, 2015 speech, Deputy Attorney General Yates clarified that there is not an expectation that companies will embark on a "years-long multimillion dollar investigation" into corporate misconduct; the expectation is that the investigation be tailored to the wrongdoing and that companies use best efforts to determine facts and identify responsible parties.
  • Keep full and accurate documentation showing the company's intention to operate ethically and within the letter of the law.
  • Put corporate executives on notice that wrongdoing on their part will be both investigated and reported. Smaller companies may want to review and consider revising corporate documents that promise to pay attorneys' fees for executives, and D&O policies' coverage levels should be reviewed to determine adequacy in light of the Yates memo.

Using Technology Solutions can Help Companies be Prepared

When it comes to memorializing policies and procedures, and documenting individuals' receipt of (and understanding of) policy manuals and training programs, companies may want to consider implementing automated workflow solutions.

In addition to providing for streamlined recording of policy acknowledgments, automated workflows can also provide a needed reporting mechanism for employees at any level to raise concerns about potential misconduct or code of ethics violations by someone within the organization. With workflows, those concerns can be routed directly and immediately to the individual or department responsible for internal investigations.

Meeting the burden of having to disclose relevant information and documentation during a DOJ investigation using paper or manual processes would be onerous at best; with automated workflow solutions, that burden is lessened because documentation is in one secure location and can be retrieved and analyzed with the click of a mouse.

Conclusion

Let's face it: no company ever wants to be the target of a DOJ investigation, and no corporate executive ever wants to be in the DOJ's cross-hairs individually. However, if an investigation occurs despite a company's best efforts to demonstrate its integrity and ethics, being prepared to disclose all relevant information about individual wrongdoers may mean the difference between receiving credit for cooperating with the investigation or facing harsher penalties.

Companies can bolster their existing corporate governance programs and be in a better position to request cooperation credit in the event of a DOJ investigation by taking a hard look at policies and procedures, and by implementing tools that will help them streamline and enhance their documentation and reporting functionality.

 

Sources:


Tags
BPM   compliance   regulatory  

Categories
Department Focus   News  

Cindy Cook DeRuyter

Cindy Cook DeRuyter is an attorney in private practice and a freelance writer in St. Paul, MN. Prior to taking her practice full-time in 2015, Cindy spent more than 19 years in Investment Adviser and Broker-Dealer compliance and operations roles for firms including RSM Wealth Management, Nuveen Investments, US Bancorp Asset Management and Thrivent Financial.