Loyola University Chicago School of Law, JD 2024
In March 2022, the U.S. Department of Justice (DOJ) introduced a new policy idea that requires a Chief Compliance Officer (CCO) undergo certification. This certification requires CCOs to attest at the end of company resolutions that their compliance program is reasonably designed to detect and promptly remedy behavior suspected or known to be in violation of applicable laws. The new policy is part of an effort to take more proactive measures against criminal behavior and activities such as fraud, bribery, corruption, etc. The certification is also aimed at empowering the CCOs as they speak on behalf of their company’s obligations to the compliance program.
Application of the CCO certification
The CCO certification was applied for the first time when Glencore, an Anglo-Swiss commodities company, reached a settlement on bribery and corruption charges in July of this year. Glencore was charged after the company tried to make illicit profits from its attempt to obtain oil as part of its operations in various countries. Now, the company is facing investigations in several countries including the U.S.
As part of its settlement agreement with the U.S., Glencore plead guilty to the criminal charges and will have to undergo compliance monitoring for a few years. The company will have to make improvements to any weaknesses detected in its compliance program while it is being monitored. At the end of this monitoring period, the company’s CCO and CEO will both have to certify that the company’s compliance program is reasonably designed to recognize and prevent future criminal acts. The DOJ has not explained what it means by “reasonably designed”, but the standard is less strict than certifying that the program is definitely effective.
How will the certification affect CCOs?
While the new policy intends to take proactive measures against white-collar crime, the detriments that CCOs may face pose risks to the DOJ’s intended goal. The certification is being introduced as a way to empower CCOs but many have reservations about the new policy and are viewing it as a punitive measure. A major concern that CCOs and CEOs have is that the policy includes federal statutes, and they could face criminal liability if the certification includes false statements or misrepresentations. In fact, the Glencore certifications include criminal liability for perjury if they find evidence of false statements. CCOs fear this type of individual criminal liability because the DOJ has not provided a definition of “reasonably designed”, making the certification language highly subjective and unclear. Lack of clarity opens the door to different interpretations; a compliance program that seems reasonably designed to one person may not seem reasonably designed to another. This raises the question as to how flexibly the DOJ should interpret the certifications once they have already been signed. It also raises concerns about how much due diligence is required before CCOs sign the certifications.
The certification places more responsibility on the CCOs to ensure their company is following its compliance program, but at the same time, CCOs face constraints from other officers and departments within the company. CCOs may face lack of funding or support for any ideas they have to improve the compliance program. Disagreements about the compliance program could lead to friction between CCOs and other executives. Due to rising concerns over the new policy, the DOJ released a statement in June to assure companies that the certifications are not meant to be traps for prosecuting CCOs and CEOs. Nevertheless, executives continue to face pressures and fear personal liability.
The new policy from a compliance expert’s perspective
Recently, Hui Chen, the DOJ’s first compliance counsel expert, shared her perspective on this new requirement. Chen explained that the key concern is the lack of an objective standard. Unlike science, which is driven by evidence and data collection, the CCO certification requirement has no standard for determining whether the compliance program is reasonably designed. Chen also explained that there may be an issue with the difference in opinion between the company’s monitor and prosecutors. Even if a prosecutor is concerned about a monitor’s report, if the monitor is willing to certify the compliance program, then a court may have trouble determining what standard to use. Despite the lack of an objective standard, Chen suggests that CCOs should try to collect baseline measures on each aspect of their compliance program and compare it with data collected every few months. If after collecting information, the CCO thinks it is not working, then they will have a better idea of whether to certify the program along with data to support their decision. CCOs looking to integrate Chen’s guidance should follow this method of data collection, which dovetails with the DOJ’s intent in developing the certification program.
While the new policy intends to take proactive measures against white-collar crime, the detriments that CCOs may face pose risks that may take away from the DOJ’s intended goal. Despite Chen’s guidance, the lack of clarity will continue to be a primary concern that CCOs will have to approach carefully in order to avoid personal liability.