Tag: DOJ

Categories
FCPA Compliance Report

Jon May On Defending Individuals in FCPA Cases

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox interview well-known curmudgeon and iconoclast Jon May. May, who is not a compliance officer, talks about his approach to the topic, which has caught Tom’s attention. The conversation traverses May’s professional background, discussing Miami’s wild west environment in the 1980s and corruption within the police department. The podcast takes a deep dive into corporate strategy, DOJ’s enforcement policies, and the changes in whistleblower laws. The author provides an exclusive hotline number for listeners to call him and wraps up by describing where to purchase his book! Take advantage of this engaging podcast with the brilliant Jon May, hosted by Tom Fox.

Key Highlights:

· Negotiating with Government in Corporate Criminal Conduct

· Navigating US Sentencing Guidelines for Defense Lawyers

· Pleading Guilty and Self-Disclosure for White-Collar Crimes

· Changing view of whistleblowers and self-disclosure regulations

· Balancing Crime Fighting and Civil Liberties

 Notable Quotes

“It is the company’s recommendation that they obtain counsel before they are interviewed by the company or the company’s outside counsel.”

“I have, as you know, always been very critical of the government’s care and stick approach to convincing companies to self-disclose.”

“But showing the prosecutor that there’s a very different side requires a great deal of work.”

“You might not get 3 points. You might only get 2 points. But the amount of time you can save by litigating various aspects of sentencing could be years and years.”

Resources

Jon May

On Creative Criminal Defense Consultants

Who Says You Can’t: Strategy and Tactics for Becoming a More Creative Criminal Defense Lawyer

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties-DOJ Metrics on Third Parties

In a 2015 speech before the SIFMA Compliance and Legal Society New York Regional Seminar, former Assistant Attorney General Leslie Caldwell for the first time, laid out metrics the DOJ would consider in evaluating a corporate compliance program around third parties. Caldwell began with the following question, “Does the institution sensitize third parties like vendors, agents or consultants to the company’s expectation that its partners are also serious about compliance?” This inquiry was brought forward into the DOJ’s 2017 Evaluation and all subsequent updates, including the most recent.

 Three key takeaways:

1. It all starts with a Relationship Manager.

2. Have company oversight of all third parties.

3. Audit, monitor, and remediate on an ongoing basis.

Categories
Blog

2022-The Year in FCPA

2022 saw a relatively slow year in Foreign Corrupt Practices Act (FCPA) enforcement actions. Yet, as usual, the cases themselves were packed with much for the compliance professional to digest. Moreover, 2022 was a very significant year for every compliance practitioner and compliance program. My latest book, 2022 – The Year in FCPA – FCPA Enforcement Actions, DOJ Commentary and Key Lessons for Compliance from 2022 reviews the corporate FCPA enforcement actions from the past year and mine them for lessons which can be garnered by the compliance practitioner.

The cases themselves ranged in fine and penalty values from $1.1 billion (Glencore International A.G.) down to $6.3 million (KT Corporation). The Department of Justice (DOJ) FCPA prosecutions involved the following entities: Stericycle Inc. (Stericycle), with an overall fine of $84 million; Glencore, with an overall fine of $1.1 Billion; GOL Linhas Aéreas Inteligentes S.A. (GOL), with an overall fine of $41 million; ABB Ltd. (ABB) with an overall fine of $315 million and, concluding the year, Honeywell UOP, with an overall fine of $160 million. From the Securities and Exchange Commission (SEC) we saw enforcement actions involving the following entities: KT Corp, with a penalty of $6.3 million; Tenaris S.A., with a penalty of $78 million; Oracle Corporation (Oracle), with a penalty of $23 million, and Stericycle, GOL, ABB and Honeywell, with the fine amounts noted above. Finally, Glencore was also fined by the Commodity Futures Trading Commission (CFTC).

The total fines and penalties were $1.396 billion. Under the new monitorship policy, announced in October 2021 and put into practice through the Monaco Memo, there were two cases which  included appointments of Corporate Monitors (Glencore and Stericycle). From the DOJ there were two Declinations. The first involved the French entity Safran S.A. and included a $17 million disgorgement. The second involved the UK entity Jardine Lloyd Thompson Group Holdings Ltd. (JLT) and included a $29 million disgorgement. 2022 saw one individual FCPA trial involving former Goldman Sachs Group Inc. Managing Director Roger Ng, who was convicted for criminally circumventing the firm’s internal controls. The Swedish telecom company Telefonaktiebolaget LM Ericsson (Ericsson) had its monitorship extended for 1 year amidst ongoing investigation they breached the Deferred Prosecution Agreement (DPA) and, finally, the Russian entity Mobile TeleSystems PJSC (MTS) also had its monitorship extended for 1 year.

In the realm of individuals prosecuted there were 24 individual criminal prosecutions and it appeared that individual criminal prosecutions continued at aggressive pace. With the formalization of the Monaco Memo, the DOJ will be targeting more individuals for prosecutions in 2023 so the pace of individual prosecutions will continue and probably increase. In 2022, the majority of the individual prosecution stemmed from prior FCPA actions involving a small number of companies; most notably Petróleos de Venezuela S.A. (PDVSA), Vitol Inc., Odebrecht S.A. and Sargeant Marine Inc. It is significant that the DOJ has continued its use of anti-money laundering (AML) charges, which have a 20-year maximum sentence together with FCPA charges, which have a five-year maximum sentence.

However, 2022 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate FCPA enforcement actions, three actions were significant, with multiple lessons for the compliance professional. In ABB, we learned about the costs of a corrupt culture and recidivism. In Glencore, we saw what happens to a company that engages in worldwide systemic bribery and corruption. Finally, in Stericycle, the company had a culture of corruption burned into the DNA of the LATAM business unit, which was so thorough that it was documented via bribery spreadsheets and analysis of revenue based on payments of bribes in LATAM. Yet even with this corrupt culture, the Stericycle enforcement action demonstrated how a company could take advantage of the discounts available under the FCPA Corporate Enforcement Policy by extensive cooperation and remediation during the pendency of the FCPA investigation, as the company obtained a 25% reduction off the bottom of the applicable US Sentencing Guidelines fine range.

September saw the announcement of a significant refinement of DOJ enforcement policies on the FCPA enforcement and corporate compliance programs. It was encapsulated in the Monaco Memo and a speech by Deputy Attorney General Lisa Monaco announcing the Monaco Doctrine. There was additional commentary by Principal Associate Deputy Attorney General Marshall Miller in a speech and by Assistant Attorney General Kenneth A. Polite. Every compliance professional should know them in detail as they significantly turn the heat up on corporate compliance programs. The Monaco Memo is further clarification and guidance for line prosecutors when considering whether to put a monitor in place. While we have seen these factors in a disparate manner, in disparate places, here they are in writing. Perhaps the greatest significance is that the Memo sets down all these matters in writing, which leads to a blueprint for DOJ thinking and a roadmap for anyone who finds themselves in an FCPA investigation or enforcement action. Finally, the Monaco Memo cemented the new DOJ requirement for CCO certification of compliance programs at the end of a resolution.

The final key event for compliance in 2022 was very much under the radar. The DOJ hired Matt Galvan to help develop data analytics expertise and capability for the FCPA Unit and the Fraud Section. Galvan was most recently the CCO at AB InBev and perhaps the top compliance professional in data analytics for a corporate compliance program. It will be most interesting to see where Galvan and the DOJ take this initiative, but it does portend the increasing use of data analytics in FCPA enforcement and compliance.

What did the year 2022 in FCPA mean for you. Check out 2022-The Year in FCPA now available on Amazon.com.

Categories
FCPA Compliance Report

Maria D’Avanzo on the 2023 ECCP

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this special edition, sponsored by Traliant, I visit with Maria D’Avanzo Chief Evangelist Officer at Traliant to discuss the 2023 Evaluation of Corporate Compliance Programs. We discuss the DOJ’s guidance on financial incentive programs and highlight the importance of cross-functional collaboration in establishing effective compliance programs. What are some of the challenges of implementing clawbacks for employees who engage in misconduct? We consider some of the risks involved when a company decides to file a lawsuit against an executive for clawback. Finally, they touch on the need for proper communication of the compliance message beyond legal and compliance departments. Join Tom Fox and Maria D’Avanzo as they dive deep into the future of corporate compliance programs. Don’t miss this informative and eye-opening episode.

 Key Highlights

·      Evaluating Corporate Compliance Incentive Programs

·      Establishing Compliance Programs in Companies Facing DOJ Allegations

·      Incorporating Compliance Ethics and Clawbacks in Business

·      Lawsuit Consequences for Companies & Executives

·      DOJ Elevating Corporate Compliance Programs

·      Effective Communication for CCOs

 Notable Quotes

“Certainly the timing of any type of any attempt to claw back the compensation, the board needs to be concerned about what’s the right time? What’s the right process? And are we going to open ourselves up?”

“There’s also language about non-financial incentives. And here, once again, nothing really new that companies are supposed to take doing business ethically.”

“I’m not quite sure why a company without resolving the loss, the investigation, either internally or especially with the DOJ, would file a lawsuit against an executive in order to claw back the compensation.”

“Is your investigation completed? Or is it ongoing. I’m not sure how you would win in a litigation if you have not established the basis for the breach of contract.

Resources

Maria D’Avanzo on LinkedIn

Traliant

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – 3rd Party Risk Management Process

As every compliance practitioner knows, third parties still present the highest risk under the FCPA. The 2020 Update devotes an entire prong to third-party management. It begins with the following:
 Prosecutors should also assess whether the company knows the business rationale for needing the third party in the transaction and the risks posed by third-party partners, including the third-party partners’ reputations and relationships, if any, with foreign officials. For example, a prosecutor should analyze whether the company has ensured that contract terms with third parties specifically describe the services to be performed, that the third party is performing the work, and that its compensation is commensurate with the work provided in that industry and geographical region.   Prosecutors should further assess whether the company engaged in ongoing monitoring of the third-party relationships through updated due diligence, training, audits, and/or annual compliance certifications by the third party.

This specifies that the DOJ expects an integrated approach operationalized throughout the company. This means you must have a process for the full third-party risk management life cycle. Five steps in the life cycle of third-party risk management will fulfill the DOJ requirements in the 2020 FCPA Resource Guide and the Hallmarks of an Effective Compliance Program. The five steps in the lifecycle of third-party management are:

  1. Business Justification by the Business Sponsor;
  2. Questionnaire to Third-party;
  3. Due Diligence on Third-party, including triage of results;
  4. Compliance Terms and Conditions, including payment terms; and
  5. Management and Oversight of Third Parties After Contract Signing.

Three key takeaways:

  1. Use the entire 5-step process for third-party management.
  2. Make sure you have business development involvement and buy-in.
  3. Operationalize all steps going forward by including business unit representatives.
Categories
From the Editor's Desk

March and April 2023 in Compliance Week

Welcome to From the Editor’s Desk, a podcast where co-hosts Tom Fox and Kyle Brasseur, EIC at Compliance Week, unpack some of the top stories which have appeared in Compliance Week over the past month, look at top compliance stories upcoming for the next month, talk some sports and generally try to solve the world’s problems.

 From the Editor’s Desk, hosted by Tom Fox and Kyle Brasseur, is the perfect podcast to stay informed on the dynamic events of March 2023. They discuss the Department of Justice’s changes in the ECCP and the CCO compliance officer as well as look into the SEC and banking regulator’s roles during the SVP Bank failure. Kyle previews the upcoming long-form Compliance Week case study, which will take a deep dive into ESG in one company and conclude with a look into sports by reviewing the madness of 2023 March Madness, the issues surrounding Ja Morant, and Kyle’s deep appreciation for the World Baseball Classic, noting its ability to add diversity to the game and its positive impact on the baseball community as a whole.

 Highlights Include:

·      The Role of the Chief Compliance Officer in 2021: Navigating Changing Regulations and Increased Pressure.

·      Financial Regulatory Oversight In the Wake of the Dodd-Frank Act

·      The Role of the Chief Risk Officer in Risk Management

·      The Practical Uses of ESG Disclosures in Real Life

·      The Ups and Downs of March Madness: Unprecedented Success for Small Schools.

·      Reporting on Personal Hardships in Sports: The Case of Ja Morant and Josh Hamilton

·      The Power of Unity in Baseball: A Discussion on the Global Impact of the World Baseball Classic

·      The Appeal of the World Baseball Classic

 Kyle relates some of the upcoming Compliance Week 2023 Conference highlights from May 15-17 in Washington, DC. Listeners of this podcast will receive a discount of $200 by using code TF200 on the link below.

Resources

Compliance Week 2023 information and registration here

Kyle Brasseur on LinkedIn

Compliance Week

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 2

What happens when two top compliance commentators get together? They talk compliance of course. Join Kristy Grant-Hart and Tom Fox for their new podcast, 2 Gurus Talk Compliance! But it is not simply Kristy and Tom talking compliance. In this podcast series Kristy and Tom review  other top commentators in compliance as well. In this podcast, we will consider all things compliance, corporate ethics, ESG, governance, and whatever else is on our minds and the minds of other experts in the field. Kristy and Tom explore all of these topics with expertise and wit.

2 Gurus Talk Compliance will include a deep dive into the latest headlines, as well as ask hard hitting questions and provide valuable insights on the current happenings of the world. Don’t miss out this week, as Tom and Kristy look at how the new DOJ pilot program and update to the evaluation of corporate compliance program guidance will affect dailiness operations.

 Highlights Include

·      Moral hazard for DOJ/Compliance

·      Global Corporate Governance Trends for 2023

·      Assessment of Monaco/Polite Speeches and new ECCP

·      Compliance in the Metaverse

·      Five hard leadership bills to swallow.

·      Former Blue Bell CEO Pleads Guilty

·      $9 Million Cow Manure Ponzi Scheme

·      Lessons Learned from Ericsson’s DPA Breach

·      Serious Fraud Office Abandons Prosecution

·      2023 Evaluation of Corporate Compliance Programs

 Notable Quotes

1.      “The effect on the economy is much more severe than I would have ever thought. The market tanked, basically, for 3 days. And of course, the market runs on perceptions. Pretty much like bank runs run on per perceptions.”

2.     “We had some assets disappear over the weekend. We’ve had the federal government come in at backstop that amount, full amount, not just limited to the 250000 per person or entity that the FDIC ensures I think banking regulations will probably change forever because of this event.”

3.      “A couple of weeks ago, we had 2 major speeches by deputy attorney general Lisa Monaco and Kenneth Polite, at the ABA white collar conference that were followed by the release of an updated 2023 version of the Evaluation of Corporate Compliance Programs, a new policy regarding monitors as well, and the announcement of a pilot program.”

Resources 

  1. Moral hazard for DOJ/Compliance 
  2. Global Corporate Governance Trends for 2023 
  3. Assessment of Monaco/Polite Speeches and new ECCP
  4. Compliance in the Metaverse
  5. Five hard leadership bills to swallow
  6. Former Blue Bell CEO Pleads Guilty to Misdemeanor Over Listeria Outbreak
  7. Central Valley Man Pleads Guilty to Nearly $9 Million Cow Manure Ponzi Scheme
  8. Lessons Learned from Ericsson’s DPA Breach: An Internal Investigation Nightmare
  9. U.K. Serious Fraud Office Abandons Prosecution of Former G4S Executives
  10. DOJ Announces Major Changes To Corporate Compliance Program Evaluation

Connect with Kristy Grant-Hart on LinkedIn

Spark Consulting

Connect with Tom Fox on Linkedin

Categories
Blog

Reprioritizing Your Third-Party Risk Management Program – Key 2022 FCPA Enforcement Actions

From the Foreign Corruption Practices Act (FCPA) enforcement actions in 2022, one clear theme emerges; that is, organizations must reprioritize their third-party risk management programs. Many companies are becoming complacent in this arena, not realizing the potential consequences of not properly assessing their third-party risk management practices. I recently had the opportunity to visit with Alexander Cotoia of the Volkov Law Group to discuss importance of reprioritizing third-party risk management and how organizations can assess the effectiveness of their current practices. We review three 2022 FCPA enforcement actions to explore the importance of proper third-party risk management and how to avoid the potential consequences of not properly assessing these risks. Join us as we explore the details and implications of these enforcement actions and how organizations can reprioritize their compliance programs for the ever-changing dynamics of third-party risk management.

Here are the steps you need to follow to reprioritize your third-party risk management program.:

  1. Understand that third-party risk, especially as it pertains to anti bribery and corruption concerns, is a universal constant and still the highest risk.
  2. Reassess the framework by which third parties are evaluated and objectively evaluate the totality of risks posed by a potential business partner to the organization.
  3. Implement a risk-based approach to third party risk management.
  1. Understanding third-party risk

Understanding that third party risk, especially as it pertains to anti-bribery and corruption, is a universal constant is an important step in the risk management process. As evidenced by three key enforcement actions, ABB Limited, Oracle and GOL Airlines, organizations must evaluate the risks posed by potential business partners and ensure that the information collected is adequate to objectively assess the totality of the risks. Organizations should be aware that the DOJ requires companies to adopt a risk-based approach to third party risk management. To ensure that the organization is compliant with these regulations, they should review their existing practices and be prepared to supplement them if necessary. Additionally, organizations should be aware that they may be given credit for voluntary disclosure and cooperation efforts when faced with potential violations. This may be beneficial when determining penalties and is an important factor to consider when dealing with third party risk.

  1. Reassess your third-party framework

Reassessing the framework by which third parties are evaluated and objectively evaluating the totality of risks posed by a potential business partner to the organization is a critical step in reprioritizing your third-party risk management strategy. This should be approached holistically, focusing on the information being collected and its adequacy in objectively evaluating risks. Organizations should adopt a risk-based approach, as recommended by the DOJ, and not simply have a one size fits all approach. This approach should include due diligence, assessing the potential partner’s reputation and business practices, verifying their legitimacy and background, and understanding their country of origin and its laws. Additionally, organizations should consider the potential partner’s relationship with government officials and whether it could violate any anti-bribery or corruption laws. If any of these issues are identified, organizations should look into it further to ensure that their partner is compliant. By doing this, organizations can ensure that they are not engaging in any activities that could be deemed illegal or unethical. 

  1. Implement a risk-based approach

Implementing a risk-based approach to third party risk management is essential to any organization’s compliance program. This involves assessing the external parties on which an organization relies operationally, and identifying any risks associated with those external parties. This assessment should include evaluating their qualifications and experience to ensure they are able to meet the organization’s expectations. Additionally, organizations should consider conducting background checks on potential external parties, and assessing any potential conflicts of interest that may arise. Once potential external parties have been identified, organizations should consider conducting due diligence to ensure that the external party has not been involved in any fraud, bribery, or other criminal activities. Organizations should also consider developing contracts and compliance policies for external parties and monitoring their activities to ensure compliance. Finally, organizations should consider developing a training program for their external parties to ensure they understand the organization’s expectations and policies. By implementing a risk-based approach to third party risk management, organizations can reduce the risk of an FCPA violation and ensure their organization remains compliant.

Third-party risk management one of the most critical components of any organization’s compliance program. Organizations should take the initiative to reprioritize third-party risk management and assess the effectiveness of their current practices. Through the exploration of three enforcement actions and the introduction of the joint compliance note, this article has highlighted the importance of properly assessing third-party risk and how to best prepare for the ever-changing dynamics of third-party risk management. By implementing a risk-based approach to third party risk management, organizations can protect themselves from potential violations of the FCPA and ensure their organization remains compliant. With the right tools, processes, and dedication you can achieve the same results and protect your organization from costly fines and penalties.

For more information, on Diligent’s Third-party Risk Management solution, click here.

Listen to Alexander Cotoia on the podcast series, sponsored by Diligent here.

Check out the Volkov Law Group here.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Tying it all Together for Joint Ventures

I want to emphasize again the risks JVs pose under the FCPA. Mike Volkov has stated, “A joint venture requires the integration of disparate company cultures. It can be successful and is usually one of the significant reason for the joint venture itself.” Both parties should assess each other and decide that the JV is a good fit, meaning that each side will benefit. Too much time is spent on looking at the JV partner’s compliance toolbox (i.e., policies, procedures, and controls), and not enough time is spent on identifying compliance strengths and weaknesses. You must bring it all together with one format.

Indeed the 2020 Update to the Evaluation of Corporate Compliance Programs posed the following questions under the category, “Process Connecting Due Diligence to Implementation” What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures, and conducting post- acquisition audits, at newly acquired entities? Remember a “newly acquired entity” can be a joint venture.
Three key takeaways: 

  1. It all starts with a Relationship Manager.
  2. Have company oversight of all JVs. Couple this with a COC for a second set of eyes.
  3. Audit, monitor, and remediate (as appropriate) your JVs on an ongoing basis.
Categories
Blog

The Week That Was in Compliance – The ECCP: Part 4 – Final Thoughts

In addition to the speeches presented at the ABA’s 38th Annual National Institute on White Collar Crime, by Deputy Attorney General Lisa Monaco (2023 Monaco Speech) and Assistant Attorney General Kenneth A. Polite (Polite Speech); there was the release of the 2023 U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs (ECCP). Today we will conclude our multi-part review of this document by some of the other key changes and additions to the document and what it all means for the compliance professional going forward.

 Use of Monitors

In the introduction its states, “Moreover, Criminal Division policies on monitor selection instruct prosecutors to consider, at the time of the resolution, whether the corporation has made significant investments in, and improvements to, its corporate compliance program and internal controls systems and whether remedial improvements to the compliance program and internal controls have been tested to demonstrate that they would prevent or detect similar misconduct in the future to determine whether a monitor is appropriate.” This language is a firm reject of the Benzkowski Memo and the prior administration’s reticence to employ monitorships as a tool to ensure compliance with not only the settlement documents but also the creation and implementation of a compliance program.

Internal Compliance Controls

Under Section II, entitled “Is the Corporation’s Compliance Program Adequately Resourced and Empowered to Function Effectively?”, is the new language, “In this regard, prosecutors should evaluate a corporation’s method for assessing and addressing applicable risks and designing appropriate controls to manage these risks.” This simple sentence packs quite a wallop as it mandates a risk assessment, design and implementation of appropriate internal compliance controls and then monitoring of those controls to see if they are managing the risks identified in the risk assessment. Many of these concepts are fleshed out in the ECCP but it is clear this is a minimum expectation from the Department of Justice (DOJ).

Adequate Compensation and Salary/Bonus Review for Compliance

Under Section III, “Does Your Compliance Program Work in Practice”, is the following new language: “Independence and Empowerment – Is compensation for employees who are responsible for investigating and adjudicating misconduct structured in a way that ensures the compliance team is empowered to enforce the policies and ethical values of the company? Who determines the compensation, including bonuses, as well as discipline and promotion of compliance personnel or others within the organization that have a role in the disciplinary process generally?”

This is a significant new addition to the ECCP. It forces a company to adequately compensate those employees who investigate and pass judgment on misconduct. But it is more than simply adequate compensation as it also requires a company not to retaliate via low salaries or limited raises or other compensation for doing their jobs as compliance officers. In other words, if the Chief Executive Officer (CEO) is being investigated by compliance; that same CEO should not be setting or reviewing the salary of the Chief Compliance Officer (CCO) or those doing the investigation. This mandates that the DOJ will review the entire corporate organization on these issues.

Final Thoughts

This brings us to the end of a series of momentous announcements by the DOJ. While we have not discussed the changes in monitor selection announced by Polite as it largely deals with internal DOJ process, we would note that it will require a more lengthy and rigorous request process for those prosecutors’ seeking monitors, as well as a review process up to perhaps even the DAG. This alone could lengthen out an entire Foreign Corrupt Practices Act (FCPA) enforcement action.

The incentives language, both financial and non-financial, will require a much deeper analysis by a corporate compliance program in the areas of compensation, as well as promotion, than has even been mandated. The first thing I would do as a CCO is go down the hall to speak with the head of Human Resources (HR) to get an understanding of how compensation is based and what factors of doing business ethically and in compliance are reviewed for both salary and discretionary bonus amounts. The same would hold true for promotion into both middle and senior management. All of these will need to have metrics or other auditable frameworks around them so they can be reviewed, tested and data presented to the regulators if they come knocking.

The language around messaging apps needs to be taken to heart by not simply the compliance function but all senior level executives. While the Securities and Exchange Commission (SEC) has garnered the most publicity for its fines levied on regulated industries, the new language of the ECCP makes clear the DOJ is equally concerned about this issue. Woe be it to any company which finds itself in a FCPA investigation or enforcement action where said company does not meet these DOJ requirements. The DOJ will most probably assume a willful failure to meet the strictures of the 2023 ECCP.

Obviously, the Biden Administration DOJ is stepping away from some of the initiatives of the Trump Administration DOJ. However, in other areas this DOJ is building on some of the steps of the prior administration. It is clear the DOJ is continuing to evolve in its thinking about what constitutes a best practices compliance program and will continue to do so. Compliance professionals will need to study these new initiatives and implement their requirements.