DOJ’s Latest Corporate Enforcement Policy Targets Compensation and Third-Party Messaging

March 13, 2023

In speeches at this year’s annual American Bar Association’s National Institute on White Collar Crime, Deputy Attorney General Lisa Monaco and Assistant Attorney General Kenneth A. Polite outlined the latest revisions to the Department of Justice’s (DOJ) corporate criminal enforcement policies. The targets for these latest updates — compensation practices and third-party messaging. AAG Polite discussed significant revisions to the Evaluation of Corporate Compliance Programs (ECCP) that (1) convey DOJ’s increased scrutiny on corporate compensation programs and (2) provide new guidance on how companies should structure policies governing personal devices and third-party messaging platforms. Additionally, DAG Monaco announced — and AAG Polite later expanded upon — DOJ’s “first-ever” Pilot Program on Compensation Incentives and Clawbacks (Pilot Program). This three-year Pilot Program has two parts. First, every corporate criminal resolution must mandate that the company develop compliance-promoting criteria within its compensation and bonus systems. Second, the Criminal Division will provide companies with fine reductions if they try (even unsuccessfully) to claw back corporate compensation from wrongdoers. Both announcements are the latest from DOJ designed to emphasize individual accountability and incentivize companies to enhance their compliance programs — a critical aspect of DOJ’s overarching push for companies to self-disclose, cooperate, and remediate criminal conduct.

Revised ECCP

As revised, the 2023 edition of the ECCP clarifies how DOJ will assess companies’ compensation structures and their approach to personal device, communication platform, and messaging application use when evaluating potential resolutions. The ECCP continues DOJ’s struggle with the use of personal devices and communications made on third-party messaging applications and builds on 2020 and 2017 changes. For both compensation and communications policies, DOJ emphasizes tracking metrics related to how a company’s policies operate in practice as one of the hallmarks of a good compliance program.

Personal Devices and Third-Party Messaging

The revisions now make clear that entities are expected to ensure that business-related electronic data and communications are accessible and amenable to preservation by the company. Prosecutors will now consider various factors in determining the sufficiency of a company’s policies, including how those policies were communicated to employees, the existence of deterrents and disciplinary procedures for employees in violation of the policy, and evidence of consistent enforcement. The policies need to be “tailored to the corporation’s risk profile and specific business needs.” The revised ECCP specifically calls out the need to properly assess BYOD (bring your own device) policies and how a company will deal with ephemeral messaging apps.

Notably, AAG Polite said that during an investigation, DOJ will not accept at face value a company’s representations that it cannot access or produce communications from third-party messaging applications. Instead, prosecutors will question the company’s preservation and deletion policies and ability to access personal devices and third-party messages. When answers are insufficient or unsatisfactory, the company’s prospects for a favorable resolution may diminish.

Compensation Structures and Consequences Management

The revised ECCP is also designed to encourage companies to structure their executive compensation programs to reward good compliance culture and punish a failure to foster such a culture. The establishment of incentives for compliance and disincentives for non-compliance has long been considered a hallmark of an effectively implemented compliance program. Now the ECCP makes it clear that, when assessing whether a company has appropriately incentivized compliance, DOJ will consider whether the company designed its compensation system to “defer or escrow certain compensation tied to conduct consistent with company values and policies.” Similarly, prosecutors are encouraged to consider whether a company’s policies include “provisions for recoupment or reduction in compensation due to compliance violations or misconduct,” as well as if such provisions are actively enforced. To go with those sticks, the revised ECCP also looks at carrots — does a company enshrine the importance of positive incentives for compliance, “such as promotions, rewards, and bonuses for improving and developing a compliance program or demonstrating ethical leadership” and encourages prosecutors to “examine whether a company has made working on compliance a means of career advancement, offered opportunities for managers and employees to serve as a compliance ‘champion,’ or made compliance a significant metric for management bonuses.”

Compensation Pilot Program

While separate from the ECCP, the Pilot Program also focuses on leveraging executive compensation to both deter and counteract wrongdoing, and represents an important step towards DOJ’s claimed goal of shifting the burden of criminal fines from shareholders to culpable executives.  

The Pilot Program’s first component requires every company entering a corporate resolution with the DOJ Criminal Division to develop compliance-related criteria within its compensation system “to reward ethical behavior and punish and deter misconduct.” Prosecutors will have broad discretion to fashion appropriate requirements based on the particular facts and circumstances of the case and the company’s existing compensation program. DAG Monaco pointed to the recent Danske Bank Plea Agreement as evidence that prosecutors are already requiring companies to implement compensation changes. There, DOJ required Danske to implement a revised executive review and bonus system “so that each Bank executive is evaluated on what the executive has done to ensure that the executive’s business or department” conforms to relevant compliance policies. If the executive receives a failing score, they are ineligible for a bonus that year.

The second component of the Pilot Program seeks to incentivize companies to claw back compensation from wrongdoers and those who knew of, or were willfully blind to, misconduct and had supervisory authority over culpable individuals or business areas. Now, companies that seek to claw back compensation will receive a “fine reduction equal to the amount of any compensation that is recouped within the resolution terms.” As an additional incentive, whatever compensation the company successfully recovers, it gets to keep — recovered money does not have to be paid to DOJ as part of the resolution. For companies that pursue clawbacks in good faith, but cannot recoup any money, DOJ may still offer a fine reduction of up to 25% of the compensation sought.

Taken alongside the ECCP revisions addressing compensation structures and compliance management, DOJ’s new Pilot Program makes good on DAG Monaco’s promise to revise Department policy to better reflect principles of individual accountability and corporate transparency. As she noted in her speech last week, “[n]othing grabs attention or demands personal investment like having skin in the game, through direct and tangible financial incentives.”


The Monaco and Polite speeches, the Pilot Program, and the ECCP revisions, as well as the recently announced U.S. Attorneys Voluntary Self-Disclosure Policy and Corporate Enforcement Policy (CEP), are just the latest drumbeats in what has become DOJ’s constant refrain: it is committed to aggressively prosecuting corporate crime and responsible individuals, but companies may escape criminal penalties if they come forward, cooperate, and remediate. Having an effective compliance program is critical not only for preventing criminal conduct, but ensuring a company is well-positioned to detect, remediate, and achieve the best available disposition when bad things do happen. Accordingly, companies should continue to monitor revised DOJ guidance and consider incorporating updated recommendations in their compliance programs. Companies in the process of revisiting their compliance programs should now pay particular attention to policies related to personal devices and third-party messaging platforms. Companies should also consider auditing their existing executive review and compensation systems to ensure leaders are incentivized to foster a culture of compliance. And those companies without formal policies on compensation clawbacks should consider implementing changes that put the company in the best position possible to recoup compensation from individual wrongdoers.

Read Time: 6 min
Jump to top of page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.