The ‘Compliance-Oriented Corporate Culture’ Solution: A Response to the DOJ’s Enforcement Policies

By: Lauren Getman, Class of 2025

Introduction

On September 15, 2022, Deputy Attorney General Lisa Monaco (DAG Monaco) released a memorandum providing important new details regarding policy changes by the US Department of Justice’s (DOJ or Department) newly formed Corporate Crime Advisory Group.[1] In a separate speech, DAG Monaco clarified the Department’s ‘tougher-on-corporate-crime’ message: companies should come forward as soon as misconduct occurs, turn over information and documents that show individual culpability, and invest in compliance-oriented corporate culture.[2] This post calls attention to the memorandum’s final point, on ‘corporate culture’, and discusses its importance and challenges with respect to realizing compliance goals.

Discussion

While discussing DAG Monaco’s directives on corporate culture, this post also advances the argument that compliance measures are less effective without a compliance-oriented corporate culture. The discussion goes beyond the Department’s guidance by also recognizing additional methods addressing internal social and corporate norms that facilitate compliant behavior. DAG Monaco’s claim that companies must do more than merely finance and resource their compliance departments may be taken one step further; companies must also focus on developing a compliance-oriented corporate culture “through their leadership and the choices they make.”[3]

Compliance requires both formal deterrent policies, as well as informal company norms. On its face, a company may adopt policies, procedures, or codes of conduct to evidence their commitment to a compliance-oriented corporate culture. However, it is difficult to solve the significant incongruity that commonly exists between these controls and the desired impact on corporate culture. For example, if corporate culture is hostile to compliance, employees may view rules as punitive or as signals that the company does not trust them, which may unintentionally increase rule breaking.[4] In turn, identifying companies that actually “walk the walk” and effectively cultivate a healthy and respectful culture of compliance is challenging.[5] While informal norms in corporate culture are not directly addressed in the DOJ memorandum, they are nonetheless critical to meeting the goals outlined by the Department.

The below subsections discuss considerations for companies to better align with the DOJ’s goals going forward.

A. Empower Compliance Personnel

A company may adequately resource and fund a compliance department, but without respected authority within the business to carry out its mission, the compliance function is mute. A healthy compliance-oriented corporate culture could empower compliance personnel and synergize the relationship between the control-side and the business. For example, situations may arise where a business wishes to rush a lucrative deal that may pose several risks. Amidst this pressure, compliance must follow up and ensure adherence to written policies and controls, and the business must respect these decisions. If not, it is clear that there is a weak compliance-oriented corporate culture. A company may also promote compliance personnel into visible leadership positions within the company to play an important role as a business partner and to demonstrate its commitment to a strong compliance-oriented corporate culture.

B. Emphasize the Importance of Corporate Reputation

In an era that growingly requires corporate transparency and accountability, more companies are recognizing that their reputation and press coverage highly impact their profitability, client satisfaction, and internal talent retention. By reframing the importance of its reputation, a company may begin the cultural shift to prioritize a strong compliance-oriented corporate culture to preserve its legacy amongst its peers, clients, and general public opinion. Compliance and other control functions exist, in some ways, to proactively protect a company’s reputation. A company may also stress the collective responsibility for every employee, not merely the compliance department, to escalate potential regulatory and ethical breaches. If a company emphasizes the importance of its reputation to its employees, and in turn, its reliance on compliance to preserve that reputation, it will automatically better align with the Department’s mission.

C. Engage Mid-Level Management

Industry leading compliance controls and initiatives may still prove deficient if business management does not ensure employees respect and value compliance functions. Because C-suite executives are not in touch with the majority of employees in the day-to-day, companies should utilize and engage mid-level management to promote and uphold a healthy relationship between the business and compliance. These managers are in a position to effectively influence their teams to respect compliance policies and controls. Additionally, managers should advocate for compliant activity within their teams because the repercussions are severe, for both the individual, the manager, and the company. Compliance credibility is imperative and mid-level management plays a critical role in promoting and upholding a strong compliance-oriented corporate culture by embodying a respect for control functions.

Conclusion

In response to DAG Monaco’s ‘tougher-on-corporate-crime’ message, a company with adequate resources is incentivized to prioritize and elevate their compliance functions through empowerment within the business so that they may credibly exercise appropriate authority. By emphasizing the importance of its reputation and engaging its mid-level management, a company may proactively comply with the DOJ’s mission to further avoid bad conduct and resulting penalties.

[1] Lisa Monaco, Dept. of Just., Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group (2022).

[2] Lisa Monaco, Deputy Attorney General, Dept. of Just., Remarks on Corporate Criminal Enforcement (Sept. 15, 2022).

[3] Id.

[4] Erin Brown Jones, Christopher D. Frey, and Katherine A. Sawyer, Empowering Corporate Compliance Functions in a Post-Pandemic Environment, Harvard Law School Forum on Corporate Governance (Sept. 27, 2022), https://corpgov.law.harvard.edu/2022/09/27/empowering-corporate-compliance-functions-in-a-post-pandemic-environment/.

[5] Hui Chen and Eugene Soltes, Why Compliance Programs Fail—and How to Fix Them, Harvard Business Review (Mar. 2018), https://hbr.org/2018/03/why-compliance-programs-fail.