Matthew R. Galeotti, Head of the Criminal Division at the U.S. Department of Justice (DOJ), recently delivered a speech at SIFMA’s Anti-Money Laundering and Financial Crimes Conference. Contemporaneously, the DOJ issued a Memo (the Galeotti Memo) entitled Focus, Fairness, and Efficiency in the Fight Against White-Collar Crime. I have explored both in previous blog posts. Today, I want to review the Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP) updates. It provides a roadmap for how companies can earn leniency when they self-report wrongdoing. And in an increasingly unforgiving regulatory landscape, that roadmap is worth its weight in gold.
Under the CEP, a company that voluntarily self-discloses, fully cooperates, and timely remediates can qualify for a declination of prosecution, provided there are no aggravating circumstances. This is the reaffirmation of a multi-year DOJ effort to garner more self-disclosures. It gives compliance professionals something real to bring to the C-suite: if we invest in robust compliance and proactively address issues, we can avoid criminal prosecution altogether.
What if aggravating factors exist, such as senior-level involvement or prior misconduct? If the company cooperates and remediates in good faith, the policy still provides for reduced penalties, non-prosecution agreements, and shorter resolution terms. In other words, the DOJ offers a “near miss” safety net for companies that fall short of full eligibility but act responsibly.
The takeaway is clear: Compliance is not just a cost center but a value driver. The CEP recognizes that companies should be rewarded for coming forward, cooperating, and fixing problems. That means compliance professionals must build systems that detect misconduct early, encourage internal reporting, and enable swift action. When a crisis hits, your response will not just shape your company’s future; it may be the difference between a decline and a prosecution.
Voluntary Self-Disclosure
The DOJ’s Criminal Division strongly encourages companies to voluntarily self-disclose potential misconduct as early as possible, even before completing an internal investigation. To qualify under the CEP, a disclosure must meet several key criteria: it must be made to the Criminal Division (or in good faith to another DOJ component involved in the resolution), concern previously unknown misconduct, not be required by any existing legal obligation, and occur before any imminent threat of disclosure or government investigation arises. Additionally, the disclosure must be made within a “reasonably prompt” timeframe, with the company bearing the burden of proving timeliness.
The DOJ proposes a limited exception for the new Corporate Whistleblower Awards Pilot Program. Suppose a whistleblower reports misconduct internally and to the DOJ. In that case, a company may still qualify for the presumption of declination, but only if it self-discloses to the DOJ within 120 days of the internal report and meets all other voluntary disclosure conditions.
This guidance underscores the urgency and importance of real-time reporting mechanisms, strong internal controls, and rapid compliance response protocols. Timely self-disclosure is not just encouraged; it is now a strategic imperative in mitigating enforcement risk.
What is Full Cooperation?
To earn full cooperation credit under the CEP, a company must go beyond the general requirements of the Principles of Federal Prosecution of Business Organizations (Justice Manual 9-28.000) and meet six key obligations:
- Disclosure of All Relevant Facts: A company must share all non-privileged, relevant facts it knows, including facts about individuals responsible for the misconduct, regardless of their rank, whether internal or external to the company.
- Timely and Specific Information Sharing: This includes facts obtained through any internal investigation, updates during that investigation, and specific attributions of facts to sources. The company must also clearly identify all involved parties.
- Proactive Cooperation: Companies must voluntarily disclose relevant facts, even if prosecutors do not specifically request them. They are also expected to alert the DOJ to any avenues of obtaining evidence not in the company’s possession but known to them.
- Preservation and Disclosure of Documents: Relevant documents, including overseas ones, must be preserved, collected, and produced. Companies must detail such documents’ origin, custodians, and locations; facilitate third-party productions; and provide necessary translations. The company must prove the restriction if foreign law prevents disclosure and suggest viable alternatives.
- De-confliction: Companies must avoid actions that might interfere with DOJ investigations. If requested, they must delay certain investigative steps, such as employee interviews, for a narrowly tailored period to protect DOJ priorities.
- Availability of Individuals for Interviews: Subject to constitutional protections, companies must make current and former employees (including those overseas) available for DOJ interviews and facilitate third-party interviews where possible.
These standards ensure that cooperation is meaningful, timely, and valuable to the DOJ’s efforts, rewarding companies that truly support investigations with favorable outcomes under the CEP.
Timely and Appropriate Remediation
Under the CEP, timely and appropriate remediation is a non-negotiable component of earning cooperation credit and potentially avoiding prosecution. And for compliance professionals, it is a clarion call to action. First, the company must conduct a root cause analysis, a genuine examination of what went wrong, why, and how to prevent it from happening again. It’s not about blaming a few bad apples but addressing systemic issues that allowed the misconduct to take root. Did a cultural blind spot develop in a high-risk market? Was there a breakdown in oversight or a failure to escalate red flags? The DOJ expects thoughtful answers and corrective action.
Second, the company must demonstrate an effective compliance and ethics program tailored to its risk profile, business model, and resources. That means more than having policies on the books. DOJ evaluators are looking at leadership’s commitment, compliance’s access to the board, compensation tied to ethical performance, and real-time testing of program effectiveness. Box-checking won’t cut it.
Third, accountability is key. Companies must appropriately discipline wrongdoers, including those who failed in their supervisory duties, and ensure they retain and safeguard business records, including communications on personal devices and ephemeral apps.
Finally, remediation includes showing that the company understands the seriousness of the misconduct and is proactively reducing future risk. This is about culture, not cosmetics.
In short, remediation is proof of your values in action. It is the difference between performative compliance and real commitment. Suppose you’re building a credible compliance program in today’s enforcement environment. In that case, remediation must be embedded in your DNA because the DOJ is watching, and your organization’s future may depend on how you respond.
Providing Cooperation Credit
Finally, there is the cooperation credit. Hopefully, we have finally moved past the Kenneth Polite formulation of super, double-secret, undefined “we know it when we see it” cooperation. Cooperation credit here will be earned through demonstrable, high-quality, timely actions. Cooperation is assessed on a sliding scale based on how extensively and effectively a company supports the government’s investigation. Once a company meets the minimum threshold for cooperation, prosecutors evaluate factors such as scope, quantity, quality, timing, and the overall impact of the cooperation provided.
Importantly, cooperation credit starts at zero and increases only with meaningful contributions, and there is no presumption of full credit. The DOJ now distinguishes between cooperation levels by varying the starting point within the U.S. Sentencing Guidelines fine range, and the percentage of fine reduction awarded. Companies that delay cooperation may significantly reduce their potential credit.
Waiver of attorney-client privilege or work product protections is not required to receive cooperation credit. If a company claims its financial condition limits its ability to cooperate, it must provide supporting documentation. The DOJ will carefully evaluate any such claims. Ultimately, the message is clear: to earn meaningful credit, cooperation must be real, proactive, and sustained. But at least it is now defined and not “We know it when we see it.”
Resources:
CRM White Collar Enforcement Plan
Revised CEP
CRM Monitor Memo
