If DOJ, OCR, CMS, FTC and SEC fines, penalties and settlement agreements against organizations aren’t doing enough to deter corporate misconduct, the U.S. Department of Justice (DOJ) is broadening its enforcement scope and going straight for the C-suite.
In a 7-page memo sent to Assistant AGs and U.S. attorneys, entitled “Individual Accountability for Corporate Wrongdoing,” Sally Quillian Yates, deputy AG, outlines the steps to “identify culpable individuals at all levels in corporate cases.”
Admitting that such identification can be tough, especially when determining the onus of high-level executives given scattered responsibilities and decision-making in large corporations, Ms Yates adamantly advises that these challenges make it all the more important to do… “in order to deter future illegal activity, incentivize changes in corporate behavior, ensure that the proper parties are held responsible for their actions, and promote the public’s confidence in our justice system.”
The memo describes six steps to be taken in any investigation of corporate misconduct including civil corporate matters in order to strength the pursuit of illegal corporate conduct and to hold the individuals responsible.
Step 1: Disqualify, for any cooperation credit, corporations that do not provide all relevant facts relating to the individuals responsible for the misconduct. To be eligible, all individuals involved in or responsible for the misconduct at issue must be identified, “regardless of their position, status or seniority” in addition to “all facts relating to that misconduct.”
Step 2: Focus on and proactively investigate individuals from the inception of the investigation, since it is individuals who make the decisions. Also, workforce members with knowledge of misconduct will likely be willing to cooperate and provide information about their senior and executive leaders. And finally, chances of both civil and criminal charges are “maximized” for both the company and the responsible individuals.
Step 3: Be in routine communication with other criminal and civil attorneys handling corporate investigations (including among other things notification of potential individual civil liability) in order to effectively pursue individuals “even if it is not certain that a civil or criminal disposition will be the end result;”
Step 4: Do not release culpable individuals from civil or criminal liability when resolving a matter with a corporation, absent extraordinary circumstances which must be approved in writing by the relevant Assistant Attorney General or U.S. Attorney;
Step 5: Do not resolve matters with a corporation without a clear plan to resolve related individual cases including documentation of potentially liable individuals, a description of their conduct and a plan for resolving the matter before the end of any limitations period. “Delays in the corporate investigation should not affect the Department’s ability to pursue potentially culpable individuals.”
Step 6: Focus on individuals as well as the company and evaluate whether to bring civil suit against an individual based on considerations beyond that individual’s ability to pay¹. Factors to be considered include the seriousness of the misconduct, the sufficiency of admissible evidence, and the level of importance to federal and/or community interests, priorities and resources.
The guidance will apply to all pending and future investigations of corporate wrongdoing.
Ms Yates concludes the memo with the observation that the monetary returns from cases against individuals will not initially be robust, but the return on such investments of time and money in deterring fraud will be the longer term reward.
1. See U.S.S.G. USSG § 8C2.5(g), Application Note 13 (“A prime test of whether the organization has disclosed all pertinent information” necessary to receive a cooperation-related reduction in its offense level calculation “is whether the information is sufficient … to identify … the individual(s) responsible for the criminal conduct
What are your thoughts on this memo? Let us know in the comments area below!
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.