In a move that should surprise no corporate compliance professional, the DOJ’s Criminal Division issued a new Memo on May 12, 2025, updating and clarifying its policies on the selection, imposition, and oversight of compliance monitors in corporate resolutions. (Herein the ‘Monitor Memo.’) This new guidance refreshes prior directives (including the foundational Morford Memo) and lays out how monitorships should be assessed, tailored, and executed in granular detail. I want to end my short series on the DOJ’s announcement of changes in white-collar enforcement by reviewing the changes to monitor selection and monitorships going forward and then considering what this means for compliance professionals. As Grace Slick said when Jefferson Airplane hit the stage at Woodstock on the morning of Day 2, “It’s a new dawn.”

I. Monitors: Precision Tools

First, the DOJ clarifies that monitorship should not be used for punitive purposes. Instead, they aim to ensure that a company meaningfully implements compliance reforms and reduces the risk of future misconduct. However, the DOJ also recognizes that monitors can be costly and intrusive. Hence, their use must be carefully calibrated. The core principle of the Monitor Memo is that monitors should be imposed only when necessary, and their scope should be tailored to the misconduct and the company’s risk profile.

The Criminal Division lays out four key factors for when a monitor may be appropriate:

1. Risk of Recurrence. If the underlying misconduct is serious—think sanctions violations, FCPA infractions, healthcare fraud, or cartel facilitation—and has national or international implications, the risk of recurrence will weigh heavily in favor of a monitorship.
2. Other Oversight. If another regulator (domestic or foreign) is already effectively overseeing compliance, the DOJ might hold back on appointing a monitor. But if your company committed crimes despite existing oversight, that fact will support the need for one.
3. Compliance Program & Culture. If your company has revamped its program, replaced bad actors, and created a credible culture of compliance, that cuts against the need for a monitor. But if your program is underdeveloped, window dressing won’t suffice.
4. Control Maturity & Self-Monitoring Capacity. Have you tested your controls? Have they been in place long enough to prove they work? Can you test, update, and scale your compliance framework internally? If yes, you may avoid a monitor. If not, start preparing now.

The DOJ’s memo drives home one central theme: fit matters. The DOJ wants focused, cost-conscious, collaborative monitorships, from budget caps to biannual meetings.

Here’s what that looks like (at this point):

• Budget Caps: Monitors must submit a detailed budget, subject to DOJ approval, at the outset of their work. Rate caps and cost estimates must be justified, updated before each review phase, and strictly adhered to.
• Tri-Partite Meetings: At least twice a year, the monitor, the company, and the DOJ must meet to align goals, address concerns, and ensure transparency. These are not performative check-ins; they are designed to keep all parties rowing in the same direction.
• Collaboration over Confrontation: The DOJ is encouraging a cultural shift. Monitorships should be approached as mutual partnerships, not hostile audits. Companies have a voice; explaining operational constraints or challenging unnecessary actions is not a red flag.

The selection of a monitor should not be a backroom deal. As a monitorship is a multilayered and often multiyear process, the selection process should be designed to ensure integrity, independence, and credibility. The Monitor Memo sets out a new and transparent process.

1. Company Nominates: The company proposes 3–5 candidates with no recent ties to the organization and compliance and independence certifications.
2. DOJ Interviews and Evaluations: Prosecutors and section supervisors interview each candidate, assessing their qualifications, objectivity, cost-efficiency, and experience.
3. Standing Committee Review: A special committee, including ethics officials, reviews the DOJ’s recommended candidate and must approve before the pick moves to the Assistant Attorney General (AAG).
4. Final Approval: The AAG reviews the recommendation and sends it to the Office of the Deputy Attorney General (ODAG), which gives the final stamp of approval.

In short, this is a deliberate, transparent process. If the DOJ rejects a candidate or the entire slate, the company must resubmit promptly.

The DOJ’s 2025 memorandum reflects an evolution in how federal prosecutors see compliance monitors: not just as watchdogs but as facilitators of lasting cultural change. For the corporate compliance community, this is a clarifying moment. The DOJ isn’t out to punish companies for punishment’s sake. It offers your compliance regime a chance to prove that your organization’s compliance house is in order and that your company can keep it that way without someone watching over your shoulder.

II. Lessons for the Compliance Professional

Taken in conjunction with the Galotti Memo, revised CEP, and Galeotti Speech, what should compliance leaders be doing today?

• Bolster Your Program Now

The most effective way to avoid the imposition of a monitor and indeed receive a full Declination is to have a robust, tested, and risk-aligned compliance program already in place when misconduct is discovered, or better yet, before it occurs. If your program is reactive, overly general, or untested, it signals to the DOJ that you may need outside help. But suppose you can demonstrate that your program has been implemented thoughtfully, customized to your company’s risk profile, and embedded into business operations. In that case, you are far more likely to avoid a monitor. That means (1) documenting not only your policies and procedures; (2) showing how they are communicated, enforced, and regularly improved; (3) that your internal controls are more than words on paper; they are working in practice; and (4) continuous improvement through regular testing, third-party evaluations, and board-level oversight.

• Document Everything

In compliance, if it is not documented, it did not happen. This mantra has never been more important than in the post-resolution environment. The DOJ’s refocused CEP and changes to monitorship decisions underscore the need for companies to contemporaneously and comprehensively document all remediation efforts, disciplinary actions, training rollouts, and policy changes. If your company responds to misconduct with serious reforms, but you do not have the paper trail to back it up, prosecutors may assume those reforms are temporary, superficial, or nonexistent. That is a recipe for a monitor.

• Engage Experts

One of the clearest signals a company can send to the DOJ about its seriousness in addressing misconduct is proactively engaging third-party experts before the government forces its hand. The revised CEP and Monitor Memo recognizes that a company’s voluntary use of outside compliance consultants, forensic auditors, or legal advisors can reduce or even eliminate the need for a monitor. These experts provide an independent lens, help benchmark your program against industry standards, and identify gaps before they become systemic failures. The bottom line is not to wait for the government to tell you to bring in expertise. Be proactive. Be smart. Be credible.

• Prove Your Culture Has Changed

Culture is the bedrock of compliance, and the DOJ knows it. The revised CEP and Monitor Memo encourage prosecutors to consider whether a company’s leadership and culture differ meaningfully from those that allowed the misconduct to occur. This creates a critical opportunity for compliance professionals to prove that their house has been cleaned and remodeled. It means demonstrable metrics, employee survey data, speak-up culture indicators, training completion rates, or reduction in hotline-related retaliation claims that show your culture is becoming one of integrity and accountability. Suppose you can show that employees now report misconduct earlier, that internal investigations are handled more fairly, and that ethical conduct is rewarded. In that case, your company is more likely to argue that external supervision is no longer necessary, even if a full Declination is not warranted. Cultural change takes time, but in the eyes of the DOJ, it is one of the most persuasive indicators of whether your organization has truly moved on from its past.

• Prepare for Monitoring Anyway

If your company believes it will avoid a monitorship, prepare as if one is coming. Pressure tests your program and creates a remediation roadmap aligning with DOJ expectations. Be ready to show how your company has made significant progress. Preparing for a monitor also forces your team to adopt a monitor’s mindset: testing controls, tracking effectiveness, documenting improvements, and coordinating with business units. It’s a rigorous, forward-leaning exercise that will strengthen your compliance program, even if the monitor never arrives. Remember, the DOJ is not just interested in what you say your organization will do; it is watching what you have already done. Preparation shows maturity. And if the monitor is ultimately imposed, you can hit the ground running with a partner who views you as ready, willing, and able, not reluctant or reactive.

The bottom line from these new DOJ pronouncements is that compliance can be cleaned up, and then full walking papers for FCPA or other white-collar crime incidents that your organization may have sustained can be obtained. Now is the time to take advantage of the DOJ’s incredibly pro-business approach. If your senior management harks back to the Executive Order suspending FCPA investigation and enforcement, tell them that the DOJ has lifted the suspension.

Resources:

CRM White Collar Enforcement Plan

Revised CEP

CRM Monitor Memo