What do corporate counsel need to know about how self-reporting criminal or civil misconduct before a government discovers the violation?
Most importantly, it can result in significant reductions in prosecutions and penalties.
In a new webinar, Earning Cooperation Credit and the Personal Accountability of Executives — What You Need to Know, Thomson Reuters regulatory experts Julie DiMauro and Joe Rindone provided valuable insights for corporate counsel on how such self-reporting — and gaining “cooperation credit” — can be a real advantage during a regulatory investigation. The webinar was moderated by Gina Jurva from Thomson Reuters Legal Executive Institute.
The U.S. Department of Justice (DOJ) has said that “seeking accountability from the individuals who perpetuated the wrongdoing” is one of its most effective weapons to “combat corporate wrongdoing.”
All or Nothing Approach
Until recently, the DOJ has taken an “all or nothing” approach to cooperation credit, according to DiMauro’s discussion of the policy’s history. Under the so-called Yates memo issued in 2015 by then-Deputy Attorney General Sally Yates, for a company to be considered for any cooperation credit, it had to provide “all relevant facts relating to the individuals responsible for the misconduct.”
This approach meant entities and individuals were less likely to self-report misconduct to the DOJ because even the inadvertent omission of any relevant fact or the name of a low-level employee could negate the cooperation credit while exposing the company to prosecution.
Recognizing this approach discouraged self-reporting, then-Deputy Attorney General Rod Rosenstein announced a change in the cooperation credit policy in 2018. Under the revised policy, those companies seeking credit were required to make ample disclosure and undertake a good faith effort to identify individuals who were “substantially involved in or responsible for wrongdoing” in criminal cases.
In situations involving civil misconduct, companies had to offer “meaningful assistance” with the government investigation but did not have to identify every individual involved in order to be considered for cooperation credit. However, the corporation could not conceal wrongdoing by an individual.
DOJ Guidance on Self-Reporting
The webinar panel also discussed the latest DOJ guidance on self-reporting and how best a company can take advantage of this policy to reduce their liability.
In order to take receive cooperation credit, explained Rindone, a company must self-report misconduct before the government begins or is about to begin an investigation. The company must also self-report as soon as it becomes aware of the issues. Companies can even report suspicions to the government before they have been able to confirm wrongdoing, he added.
The webinar also addressed several critical questions, such as how best a company should communicate to employs and the public about any regulatory or legal violations it has discovered.
First, a business should consult with legal counsel about its plans for communicating with employees and the public about any investigation or charges being brought by regulatory or other authorities, said DiMauro. “These professionals can advise you about the federal and state (or even city) laws that might be implicated, and how to explain the source and scope of the infraction,” she explained.
Sometimes an appreciation for the full scale of the problem also requires outside experts (such as with data privacy incidents) and input from the company’s board of directors, considering their experience in these areas, DiMauro added.
The company should also verify the accuracy of the information communicated by witnesses to the extent possible, but in a prompt and timely fashion, she said. “Contact the appropriate authorities as you continue to probe the reasons for and extent of the problem.”
Further, the company’s internal messaging to staff should be articulated before authorities show up, and likely needs to proceed in stages, subject to the expert team’s judgment. External stakeholders, such as customers, business partners and vendors, must be alerted, and any actions the company needs them to take to further protect themselves, its business, and its clients should be clearly spelled out, she noted.
Finally, the public should be alerted using qualified public relations and communications experts. “Pithy statements can discuss the problem and the efforts to contain it, avoiding conjecture or statements outside of the main facts — that this problem is being investigated and remedied,” DiMauro said, adding that it would also be smart to appoint a point person for messaging and try to deliver one coordinated response about the events at hand.
To Report or Not
While normally the decision whether or not to report should only be reached after the company has conducted a thorough internal investigation of the suspected misconduct, sometimes a company may decide not to report what it found.
The webinar panel discussed the steps that a company should take if a minor violation is found and corrected and then the organization decides not to self-report. Rindone explained that in this case, there are several steps a corporate counsel should take.
First, a company that decides not to self-report a minor violation should document that the company had:
- investigated fully and identified the extent of any misconduct;
- remediated any misconduct;
- disciplined any employee or terminated any relationships with a third party, If applicable;
- made changes to its compliance program to ensure it prevents or detects similar conduct in the future; and
- formulated a reasonable basis for its decision not to self-report.
If the conduct is exposed later, the company may decide to show this memorandum to a regulator or private plaintiff to demonstrate the actions the organization took and the reasons for its decision, Rindone added.
You can view the full webinar, Earning Cooperation Credit and the Personal Accountability of Executives — What You Need to Know, here.