C-Suite Beware: The “Yates Memo” Strikes at the Top of the Org Chart

C-Suite Beware: The “Yates Memo” Strikes at the Top of the Org Chart

If DOJ, OCR, CMS, FTC and SEC fines, penalties and settlement agreements against organizations aren’t doing enough to deter corporate misconduct, the U.S. Department of Justice (DOJ) is broadening its enforcement scope and going straight for the C-suite.

In a 7-page memo sent to Assistant AGs and U.S. attorneys, entitled “Individual Accountability for Corporate Wrongdoing,” Sally Quillian Yates, deputy AG, outlines the steps to “identify culpable individuals at all levels in corporate cases.”

Admitting that such identification can be tough, especially when determining the onus of high-level executives given scattered responsibilities and decision-making in large corporations, Ms Yates adamantly advises that these challenges make it all the more important to do… “in order to deter future illegal activity, incentivize changes in corporate behavior, ensure that the proper parties are held responsible for their actions, and promote the public’s confidence in our justice system.”

The memo describes six steps to be taken in any investigation of corporate misconduct including civil corporate matters in order to strength the pursuit of illegal corporate conduct and to hold the individuals responsible.

Step 1: Disqualify, for any cooperation credit, corporations that do not provide all relevant facts relating to the individuals responsible for the misconduct. To be eligible, all individuals involved in or responsible for the misconduct at issue must be identified, “regardless of their position, status or seniority” in addition to “all facts relating to that misconduct.”

Step 2: Focus on and proactively investigate individuals from the inception of the investigation, since it is individuals who make the decisions. Also, workforce members with knowledge of misconduct will likely be willing to cooperate and provide information about their senior and executive leaders. And finally, chances of both civil and criminal charges are “maximized” for both the company and the responsible individuals.

Step 3: Be in routine communication with other criminal and civil attorneys handling corporate investigations (including among other things notification of potential individual civil liability) in order to effectively pursue individuals “even if it is not certain that a civil or criminal disposition will be the end result;”

Step 4: Do not release culpable individuals from civil or criminal liability when resolving a matter with a corporation, absent extraordinary circumstances which must be approved in writing by the relevant Assistant Attorney General or U.S. Attorney;

Step 5: Do not resolve matters with a corporation without a clear plan to resolve related individual cases including documentation of potentially liable individuals, a description of their conduct and a plan for resolving the matter before the end of any limitations period. “Delays in the corporate investigation should not affect the Department’s ability to pursue potentially culpable individuals.”

Step 6: Focus on individuals as well as the company and evaluate whether to bring civil suit against an individual based on considerations beyond that individual’s ability to pay¹. Factors to be considered include the seriousness of the misconduct, the sufficiency of admissible evidence, and the level of importance to federal and/or community interests, priorities and resources.

The guidance will apply to all pending and future investigations of corporate wrongdoing.

Ms Yates concludes the memo with the observation that the monetary returns from cases against individuals will not initially be robust, but the return on such investments of time and money in deterring fraud will be the longer term reward.

1. See U.S.S.G. USSG § 8C2.5(g), Application Note 13 (“A prime test of whether the organization has disclosed all pertinent information” necessary to receive a cooperation-related reduction in its offense level calculation “is whether the information is sufficient … to identify … the individual(s) responsible for the criminal conduct

What are your thoughts on this memo? Let us know in the comments area below!

Clearwater

Clearwater helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI).

We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.

Latest posts by Clearwater (see all)

Posted in
Clearwater
Clearwater helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI). We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.
Subscribe to our newsletter

Our monthly eNewsletter which includes industry articles and white papers that we’ve gathered for you. We’re confident you’ll find a nugget or two among them!

AHA_Seal_4C_Primary_4x4_300dpi-140x125

Health Care Information Privacy, Security, Compliance and Risk Management Solutions from Clearwater Compliance LLC have earned the exclusive endorsement of the American Hospital Association.

About Clearwater

Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017 and 2018 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by the American Hospital Association as well as numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. More information about Clearwater is at clearwatercompliance.com.

Show Buttons
Hide Buttons