Tag: Galeotti Speech

Categories
Everything Compliance

Everything Compliance: Episode 154, The Law Firms in Trouble Edition

Welcome to this edition of the award-winning Everything Compliance. In this episode, the quartet of Matt Kelly, Jonathan Marks, Karen Moore, and Karen Woody is hosted by Tom Fox, the Compliance Evangelist.

  1. Karen Moore reviews changes to the UK Modern Slavery Act. She shouts out to her nephew, who graduates from Georgetown Law School this week, and to the NFL superfan for allegedly causing Shedeur Sanders to drop to the 5th round before being drafted in the recent NFL Draft.
  2. Matt Kelly, the Matt Galeotti speech updates the DOJ Corporate Enforcement Policy for white-collar actions. He rants about the GOP’s attempt to ban states from regulating AI.
  3. Jonathan Marks considers the role of internal audit in tariff compliance and why tariffs should be considered a strategic risk. He rants about MLB caving to President Trump and allowing those who bet on baseball back into the fold.
  4. Karen Woody considers the impact, fallout, and congressional investigations of the law firm’s dealings with President Trump. She shouts out to the Washington & Lee Law School graduating class 2025.
  5. Tom Fox shouts out to the Disney TV series Andor.

The members of Everything Compliance are:

Tom Fox, the Voice of Compliance, is the host, producer, and sometimes panelist of Everything Compliance. He can be reached at tfox@tfoxlaw.com. The award-winning Everything Compliance is part of the Compliance Podcast Network.

Categories
Blog

It’s a New Dawn – Compliance Monitors in 2025

In a move that should surprise no corporate compliance professional, the DOJ’s Criminal Division issued a new Memo on May 12, 2025, updating and clarifying its policies on the selection, imposition, and oversight of compliance monitors in corporate resolutions. (Herein the ‘Monitor Memo.’) This new guidance refreshes prior directives (including the foundational Morford Memo) and lays out how monitorships should be assessed, tailored, and executed in granular detail. I want to end my short series on the DOJ’s announcement of changes in white-collar enforcement by reviewing the changes to monitor selection and monitorships going forward and then considering what this means for compliance professionals. As Grace Slick said when Jefferson Airplane hit the stage at Woodstock on the morning of Day 2, “It’s a new dawn.”

I. Monitors: Precision Tools

First, the DOJ clarifies that monitorship should not be used for punitive purposes. Instead, they aim to ensure that a company meaningfully implements compliance reforms and reduces the risk of future misconduct. However, the DOJ also recognizes that monitors can be costly and intrusive. Hence, their use must be carefully calibrated. The core principle of the Monitor Memo is that monitors should be imposed only when necessary, and their scope should be tailored to the misconduct and the company’s risk profile.

The Criminal Division lays out four key factors for when a monitor may be appropriate:

  1. Risk of Recurrence. If the underlying misconduct is serious—think sanctions violations, FCPA infractions, healthcare fraud, or cartel facilitation—and has national or international implications, the risk of recurrence will weigh heavily in favor of a monitorship.
  2. Other Oversight. If another regulator (domestic or foreign) is already effectively overseeing compliance, the DOJ might hold back on appointing a monitor. But if your company committed crimes despite existing oversight, that fact will support the need for one.
  3. Compliance Program & Culture. If your company has revamped its program, replaced bad actors, and created a credible culture of compliance, that cuts against the need for a monitor. But if your program is underdeveloped, window dressing won’t suffice.
  4. Control Maturity & Self-Monitoring Capacity. Have you tested your controls? Have they been in place long enough to prove they work? Can you test, update, and scale your compliance framework internally? If yes, you may avoid a monitor. If not, start preparing now.

The DOJ’s memo drives home one central theme: fit matters. The DOJ wants focused, cost-conscious, collaborative monitorships, from budget caps to biannual meetings.

Here’s what that looks like (at this point):

  • Budget Caps: Monitors must submit a detailed budget, subject to DOJ approval, at the outset of their work. Rate caps and cost estimates must be justified, updated before each review phase, and strictly adhered to.
  • Tri-Partite Meetings: At least twice a year, the monitor, the company, and the DOJ must meet to align goals, address concerns, and ensure transparency. These are not performative check-ins; they are designed to keep all parties rowing in the same direction.
  • Collaboration over Confrontation: The DOJ is encouraging a cultural shift. Monitorships should be approached as mutual partnerships, not hostile audits. Companies have a voice; explaining operational constraints or challenging unnecessary actions is not a red flag.

The selection of a monitor should not be a backroom deal. As a monitorship is a multilayered and often multiyear process, the selection process should be designed to ensure integrity, independence, and credibility. The Monitor Memo sets out a new and transparent process.

  1. Company Nominates: The company proposes 3–5 candidates with no recent ties to the organization and compliance and independence certifications.
  2. DOJ Interviews and Evaluations: Prosecutors and section supervisors interview each candidate, assessing their qualifications, objectivity, cost-efficiency, and experience.
  3. Standing Committee Review: A special committee, including ethics officials, reviews the DOJ’s recommended candidate and must approve before the pick moves to the Assistant Attorney General (AAG).
  4. Final Approval: The AAG reviews the recommendation and sends it to the Office of the Deputy Attorney General (ODAG), which gives the final stamp of approval.

In short, this is a deliberate, transparent process. If the DOJ rejects a candidate or the entire slate, the company must resubmit promptly.

The DOJ’s 2025 memorandum reflects an evolution in how federal prosecutors see compliance monitors: not just as watchdogs but as facilitators of lasting cultural change. For the corporate compliance community, this is a clarifying moment. The DOJ isn’t out to punish companies for punishment’s sake. It offers your compliance regime a chance to prove that your organization’s compliance house is in order and that your company can keep it that way without someone watching over your shoulder.

II. Lessons for the Compliance Professional

Taken in conjunction with the Galotti Memo, revised CEP, and Galeotti Speech, what should compliance leaders be doing today?

  • Bolster Your Program Now

The most effective way to avoid the imposition of a monitor and indeed receive a full Declination is to have a robust, tested, and risk-aligned compliance program already in place when misconduct is discovered, or better yet, before it occurs. If your program is reactive, overly general, or untested, it signals to the DOJ that you may need outside help. But suppose you can demonstrate that your program has been implemented thoughtfully, customized to your company’s risk profile, and embedded into business operations. In that case, you are far more likely to avoid a monitor. That means (1) documenting not only your policies and procedures; (2) showing how they are communicated, enforced, and regularly improved; (3) that your internal controls are more than words on paper; they are working in practice; and (4) continuous improvement through regular testing, third-party evaluations, and board-level oversight.

  • Document Everything

In compliance, if it is not documented, it did not happen. This mantra has never been more important than in the post-resolution environment. The DOJ’s refocused CEP and changes to monitorship decisions underscore the need for companies to contemporaneously and comprehensively document all remediation efforts, disciplinary actions, training rollouts, and policy changes. If your company responds to misconduct with serious reforms, but you do not have the paper trail to back it up, prosecutors may assume those reforms are temporary, superficial, or nonexistent. That is a recipe for a monitor.

  • Engage Experts

One of the clearest signals a company can send to the DOJ about its seriousness in addressing misconduct is proactively engaging third-party experts before the government forces its hand. The revised CEP and Monitor Memo recognizes that a company’s voluntary use of outside compliance consultants, forensic auditors, or legal advisors can reduce or even eliminate the need for a monitor. These experts provide an independent lens, help benchmark your program against industry standards, and identify gaps before they become systemic failures. The bottom line is not to wait for the government to tell you to bring in expertise. Be proactive. Be smart. Be credible.

  • Prove Your Culture Has Changed

Culture is the bedrock of compliance, and the DOJ knows it. The revised CEP and Monitor Memo encourage prosecutors to consider whether a company’s leadership and culture differ meaningfully from those that allowed the misconduct to occur. This creates a critical opportunity for compliance professionals to prove that their house has been cleaned and remodeled. It means demonstrable metrics, employee survey data, speak-up culture indicators, training completion rates, or reduction in hotline-related retaliation claims that show your culture is becoming one of integrity and accountability. Suppose you can show that employees now report misconduct earlier, that internal investigations are handled more fairly, and that ethical conduct is rewarded. In that case, your company is more likely to argue that external supervision is no longer necessary, even if a full Declination is not warranted. Cultural change takes time, but in the eyes of the DOJ, it is one of the most persuasive indicators of whether your organization has truly moved on from its past.

  • Prepare for Monitoring Anyway

If your company believes it will avoid a monitorship, prepare as if one is coming. Pressure tests your program and creates a remediation roadmap aligning with DOJ expectations. Be ready to show how your company has made significant progress. Preparing for a monitor also forces your team to adopt a monitor’s mindset: testing controls, tracking effectiveness, documenting improvements, and coordinating with business units. It’s a rigorous, forward-leaning exercise that will strengthen your compliance program, even if the monitor never arrives. Remember, the DOJ is not just interested in what you say your organization will do; it is watching what you have already done. Preparation shows maturity. And if the monitor is ultimately imposed, you can hit the ground running with a partner who views you as ready, willing, and able, not reluctant or reactive.

The bottom line from these new DOJ pronouncements is that compliance can be cleaned up, and then full walking papers for FCPA or other white-collar crime incidents that your organization may have sustained can be obtained. Now is the time to take advantage of the DOJ’s incredibly pro-business approach. If your senior management harks back to the Executive Order suspending FCPA investigation and enforcement, tell them that the DOJ has lifted the suspension.

Resources:

CRM White Collar Enforcement Plan

Revised CEP

CRM Monitor Memo

Categories
Blog

A New Era of White-Collar Enforcement

Matthew R. Galeotti, Head of the Criminal Division at the U.S. Department of Justice (DOJ), recently delivered a speech at SIFMA’s Anti-Money Laundering and Financial Crimes Conference. Galeotti outlined crucial changes in the DOJ’s approach to corporate enforcement. For compliance professionals, it was the first major speech by a DOJ representative touching on issues important to the corporate compliance community. It represents a paradigm shift that requires immediate attention, reflection, and strategic recalibration.

As compliance professionals, our mission goes beyond merely ensuring adherence to rules and regulations; it is about aligning ethical conduct with business excellence. Galeotti’s remarks clearly state that the DOJ recognizes compliance teams as indispensable allies in maintaining integrity and national security. Today, I want to explore the key insights and crucial lessons learned from Galeotti’s landmark address for compliance professionals.

Proactivity in Self-Disclosure is Paramount

The Criminal Division’s revised Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP) underscores a clear incentive structure. Companies that voluntarily self-disclose, fully cooperate, timely remediate, and demonstrate no aggravating circumstances will not merely be presumed eligible but will definitively qualify for a declination. As Galeotti emphasized, “Self-disclosure is key to receiving the most generous benefits the Criminal Division can offer.”

The days of companies hesitating to self-disclose due to uncertainty about consequences are (hopefully) numbered. Compliance programs must prioritize internal monitoring and foster a culture where issues surface rapidly, are transparently addressed, and are communicated proactively to authorities. The DOJ now promises more certainty, with the carrot being a declination, not ambiguity. For compliance teams, the action is clear: establish robust internal reporting mechanisms and ensure swift escalation processes.

DOJ Clarifies Incentives for Partial or Late Disclosures

The revised policy also addresses a longstanding area of anxiety. What happens when a company comes forward after the DOJ has initiated an inquiry or self-discloses late? Galeotti clarified that even companies that disclose “not quickly enough” are eligible for significant benefits, including a Non-Prosecution Agreement (NPA) of fewer than three years, up to a 75% fine reduction, and no monitor requirement.

Compliance professionals should seize this clarity to advocate internally for transparency, even if belated. Organizations must understand that delayed disclosure still carries significant benefits compared to complete silence. This new clarity enhances the compliance professional’s ability to negotiate internally, ensuring corporate leaders understand the tangible benefits of transparency, even under challenging circumstances.

Expect a Narrower and More Focused DOJ Enforcement

Galeotti explicitly intended to shift the Criminal Division’s focus to the priorities of administrative enforcement. These schemes harm individual Americans, defraud government programs, and exploit financial systems to facilitate international crime. The DOJ now pledges to target resources precisely rather than spreading them thin through overly broad or protracted investigations. Galeotti succinctly encapsulated the rationale: “Excessive enforcement and unfocused corporate investigations stymie innovation, limit prosperity, and reduce efficiency.”

This presents an opportunity for compliance programs to fine-tune their internal risk assessments and investigative frameworks. Compliance professionals must ensure internal investigative resources are equally precise and strategic, aligning clearly with the DOJ’s focus areas. In short, avoid distraction; concentrate your vigilance on risks that matter most to regulators.

Reconsideration of Corporate Monitorships

One of the most consequential announcements is the reconsideration of the DOJ’s policy on corporate monitorships. Galeotti recognized that monitors can sometimes impose excessive financial and operational costs. Going forward, monitorships will be narrower in scope, tightly tailored, and deployed selectively only when benefits outweigh costs.

This is welcome news for compliance professionals, as corporate monitorship can be an unpleasant experience for a corporation and a compliance function. This change empowers compliance teams to advocate for internal investment in compliance improvements over external oversight. Compliance leaders should proactively develop internally led remediation and monitoring plans to demonstrate to regulators that the company has comprehensive capabilities to ensure compliance without burdensome external monitoring.

However, when a monitor is necessary, compliance professionals now have clear factors to prepare for DOJ review, including the severity of the underlying conduct, existing regulatory oversight, efficacy and maturity of compliance programs, and a demonstrated culture of compliance. Companies must document continuous improvement efforts clearly and transparently, making a strong case that external monitoring is redundant.

Corporate Whistleblower Programs Elevated in Importance

Lastly, Galeotti underscored the DOJ’s expanded whistleblower program, adding specific priority areas for whistleblower tips, including procurement fraud, trade and tariff violations, immigration violations, and sanction violations supporting terrorist groups or transnational criminal organizations.

The clear lesson here is the criticality of robust internal whistleblower programs. Compliance professionals must champion strong, accessible, secure, and confidential internal whistleblower policies to encourage employees to report concerns internally first. Organizations that fail to nurture internal reporting channels may receive external regulator attention first. Whistleblower programs should no longer be viewed solely as legal necessities; they must be strategic initiatives central to corporate integrity and national security.

A Call to Action for Compliance Professionals

Galeotti’s address represents a clear change in the DOJ’s approach. Compliance professionals have long desired a regulatory environment that rewards proactive transparency and practical self-governance, and the DOJ now offers this.

However, clarity and pragmatism from the DOJ require reciprocal clarity and pragmatism within corporate compliance programs. Compliance leaders must leverage these new DOJ policies to advocate internally for stronger compliance investments, clearer internal communication channels, and faster reporting protocols.

The DOJ’s message to compliance professionals is clear: You are our frontline partners in protecting integrity and national security. Self-reporting, effective remediation, and robust internal compliance structures will not merely shield your company from punitive enforcement; they represent pathways to tangible benefits and increased corporate resilience.

As compliance evangelists, we must seize this moment. Strengthen your internal mechanisms, streamline your reporting protocols, and reaffirm to your organizations that compliance excellence is not merely defensive but strategically beneficial.

Matthew Galeotti’s remarks provide the road map; it is incumbent on the compliance community to lead the way forward.

We will explore the attendant policy releases announced with the publication of Galeotti’s speech. Over the remainder of the week, we will consider the following:

CRM White Collar Enforcement Plan

Revised CEP

CRM Monitor Memo