This blog was originally featured on Radical Compliance.
Corporate compliance officers should roll up their sleeves and prepare to do some spring cleaning. The U.S. Justice Department has updated its guidance on effective corporate compliance programs, with several new issues that will need your attention.
The department unveiled its updated guidance in early March. Most notable: the department now wants to see how companies use compensation clawback policies as part of their efforts to cultivate a culture of ethics and compliance; and how companies govern employees’ use of messaging apps so that companies can fulfill recordkeeping obligations.
Even better: companies that successfully claw back compensation from executives implicated in corporate misconduct will be able to deduct those amounts from any monetary penalties the company has agreed to pay.
Those are reasonable enough ideas in the abstract. So how will they work in practice? Assistant attorney general Kenneth Polite gave a speech at the time the new guidelines were posted, coloring in the details.
First, to be eligible for “clawback credits” at all, a company must fully cooperate with any Justice Department investigation and timely and appropriately remediate the misconduct.
Second, when pursuing clawbacks, the Justice Department expects companies to pursue not only employees who engaged in the misconduct in question, but also those who had supervisory authority over the employees or business area engaged in the misconduct, “and knew of, or were willfully blind to, the misconduct,” Polite said.
If a company meets all those factors and has launched clawback proceedings at the time of resolution to recover the compensation, then prosecutors will accord an additional fine reduction equal to however much compensation you recoup within the resolution term.
That last part is important, because most resolution terms with the Justice Department are three years. So you’d have three years to get that money back, or presumably your credit against other monetary penalties disappears. Considering that some employees might challenge clawback efforts in court (especially if they’re senior executives with equity awards worth tens of millions), that does raise the specter of some clawback credits dying when the clock runs out.
What happens then? In that case, Polite said, “if a company’s good-faith effort is unsuccessful by the time the resolution term ends, our prosecutors will have discretion to accord a fine reduction of up to 25 percent of the amount of compensation that has been sought.”
One immediate question: could circumstances ever arise where pursuing clawbacks might not be worth the effort?
That is, could the expense of a court fight, over what might be a relatively small amount of money, which could drag out for years and leave you with only a 25 percent reduction rather than a full dollar-for-dollar credit, lead some companies to conclude it’s not worth the bother? After all, when we talk about “shareholder money,” it’s shareholder money paying for all those litigation costs too.
Polite seemed to acknowledge that possible outcome:
We are not trying to incentivize waste. To the contrary, companies should make an assessment about the potential cost to shareholders and prospect of success of clawback litigation, given any applicable laws, and weigh it against the value of recoupment – and proceed in accordance with their stated corporate policies on executive compensation.
All of this, however, depends on companies having strong compensation clawback policies in the first place, along with the executive commitment to exercise those policies after misconduct is discovered.
The good news is that many companies already do have clawback policies of some sort. The questions for compliance officers are (1) whether those existing policies conform to what the Justice Department says about clawbacks in its newly updated guidance; and (2) whether senior management is committed to exercising those clawbacks when the time comes.
Employee use of messaging apps
The updated guidance also includes new policies about how companies govern employees’ use of messaging apps — and especially the use of so-called “ephemeral messaging” apps that let users erase the history of their conversations.
Such apps (SnapChat, WhatsApp, and others) have been a sore point with the Justice Department for some time. They are a huge threat to successful investigations, and a violation of companies’ record-keeping obligations to boot. Regulators sanctioned 16 Wall Street banks last year to emphasize that point, fining them a total of more than $1 billion.
Under the revised guidelines, Polite said, “we will consider how policies governing these messaging applications should be tailored to the corporation’s risk profile and specific business needs and ensure that, as appropriate, business-related electronic data and communications can be preserved and accessed.” Prosecutors will also consider how companies communicate such policies to employees, and whether companies enforce those policies on a consistent basis.
This will require some policy-management work on the company’s part. The Justice Department doesn’t expect companies to eradicate the risk of employees using unauthorized messaging apps; that’s impossible. Rather, the department wants to see a thoughtful approach to how your company manages the risk of improper messaging apps, guided by policies and enforced consistently.
Compliance officers will need to sift through several broad questions and competing interests to figure out the best solution for your own business. For example:
- What is technically possible? That is, what messaging apps would make sense for your business to use, and how would you control their settings to meet your recordkeeping obligations?
- What is practically possible, given your employees and business model? Some policies might seem like brilliant ways to reduce compliance risk, but they won’t fit how your employees work.
- How much do you want to trust your employees? The better your overall control environment and ethical culture, the less invasive and draconian your policies and monitoring need to be.
The challenge here is really about winning over employees to the ethical cause of using company-approved messaging channels, so you can meet your recordkeeping obligations. It’s about persuasion and reasonableness as much as it’s about enforcement.
It’s also going to be a lot of work. Then again, isn’t any time a good time for spring cleaning?