HSE University Anti-Corruption Portal
A New Leap in the Law Enforcement Policy of the US DOJ: Increased Personal Responsibility of Compliance Officers
Natalia Gorbacheva

The US Department of Justice (DOJ) is implementing a mandatory mechanism of certification of the quality of compliance programmes of organisations that have committed an offence by the head of compliance.


The use of the new approach that provides for the inclusion of this obligation in the settlements that the companies held liable for a violation of the Foreign Corrupt Practices Act (FCPA) conclude with the DOJ* prosecutors was announced for the first time in late March by Kenneth A. Polite, Assistant Attorney General. Mr. Polite said that the department he represented considered it possible to include in such agreements the obligation of the Chief Executive Officer (CEO) and the Chief Compliance Officer (CCO) of organisations:

1) to certify at the term of the agreement that the company’s compliance programme “is reasonably designed and implemented to detect and prevent violations of the law, and is functioning effectively”;

2) to certify that all reports submitted to the authority during the term of the resolution are “true, accurate and complete”, when a company is required to provide self-reports on the state of their compliance programmes.

He stressed, in particular, that the step was aimed at strengthening the position of the officers responsible for fulfilling compliance functions in companies, assist them in getting the necessary information to implement and abide by the requirements of the corporate compliance programme and express any concerns about the weaknesses of such programme before they can certify its quality before the prosecutors rather than considered as an additional penalty for the corporate offenders.

The expert community, however, had immediate and reasonable doubts about the usefulness of these measures for compliance officers. After the relevant provision regarding the need to certify the compliance programme was included in the settlement between the DOJ and Glencore**, the initiative was widely criticised in the media and raised considerable concerns among practitioners.

In particular, the settlement with Glencore stipulates that the certification will be a “material statement” of the signatories before the US authorities as provided for by 18 U.S.C. §1001, and “as per 18 U.S.C. §1519. This, in fact, means that by certifying the quality of the corporate compliance programme the CCO and the CEO assume personal responsibility and become potentially subject to rather serious penalties provided for by the indicated articles: up to five years of imprisonment under the article on “false statements”, and up to 20 under the article on the obstruction of justice.

In this context, experts cite some contentious situations where the risk of personal responsibility can turn out to be unreasonably high. In particular, it is unclear how realistic the requirement of certification for the CCO and how expedient their personal responsibility are if the case concerns a transnational corporation having branches and subsidiaries in dozens of countries. Such potential situations as the leave of the CCO before the term of the settlement or a new violation (i.e. the inability of the existing compliance programme to prevent violations) throughout the period of implementation of the agreement with law enforcement authorities, which will be detected later when the CCO who assumed the responsibility to certify the compliance programme and reported to the DOJ has already left the company, raise questions too. For instance, can this former CCO be held criminally liable and if yes, to what extent is this position justified and legitimate?

Furthermore, compliance officers can have difficulties in less complex situations which do not regard transnational companies or liability of former CCOs. Mike Koehler, a leading expert in FCPA enforcement, stresses that the requirements concerning the improvement of the compliance programme included in the agreement between a company and the DOJ and the obligation of the CCO to certify their fulfillment have no legal grounds and are contradictory and vague almost in all cases. Therefore, if there is the need to certify the compliance programme in line with the requirements outlined in the agreement with the DOJ, CCOs can encounter objective difficulties. What is more, the obligation to certify the quality of a compliance programme can shift attention from the adoption of real measures for its improvement to the need for CCOs and CEOs to spend most of their time and resources on leaving a documented trial confirming the presence and functioning of a compliance programme and establishing the framework for certification.

However, despite the reasonable concerns of the expert community, it is highly likely that, from now on, the new requirement will be included in every settlement concluded by the DOJ with the companies violating the FCPA provisions. This is proved, in particular, by the recent remarks made by Lauren Kootman, assistant chief of corporate enforcement, compliance, and policy at the DOJ’s fraud section, at an event organised by the Women’s White Collar Defense Association. She stated that “such a certification will most likely be required in all settlements going forward”.

*In the cases concerning violations of the FCPA provisions, companies normally prefer to conclude a settlement (a non-prosecution agreement or a deferred prosecution agreement) with the DOJ or to sign a plea agreement rather than to go to trial. These agreements contain a number of conditions that companies are obliged to meet within the term of the agreement, including the obligation to implement/improve a compliance programme and the requirement to self-report to the DOJ on the progress and/or hire an external expert to monitor the process of improvement of the corporate compliance programme.

**Glencore International AG, held liable for bribing foreign officials in Brazil, Venezuela, the Democratic Republic of Congo, Cameroon, Côte d’Ivoire, Nigeria and Equatorial Guinea, concluded a plea agreement with the US DOJ in late May 2022. The agreement includes, among other things, the requirement for the Chief Compliance Officer to certify that “the company has implemented the compliance programme in line with the requirements provided for in the Attachment C” and that the programme is “objectively designed to detect and prevent violations of the FCPA and other anti-corruption laws”.

Foreign bribery
Criminal prosecution

We use cookies in order to improve the quality and usability of the HSE website. More information about the use of cookies is available here, and the regulations on processing personal data can be found here. By continuing to use the site, you hereby confirm that you have been informed of the use of cookies by the HSE website and agree with our rules for processing personal data. You may disable cookies in your browser settings.