DOJ to Increase Leniency Toward Companies Using Data-Led Compliance Programs

Michael Nyhuis

The benefits of corporate compliance programs based on data analytics are well-documented. But if you needed an additional incentive for the adoption of data-led compliance, one recently emerged: Regulatory authorities may be more lenient toward companies that use data analytics or monitoring for their compliance programs.

This is not an entirely new approach; since July 2019, companies under investigation by the U.S. Department of Justice Antitrust Division have had the opportunity to be treated more leniently if they can demonstrate that they have adopted and run a robust corporate compliance program.

But the question of leniency has been brought into the spotlight again via a recent Wall Street Journal article which explored the issue.

What is the Department of Justice's Leniency Program?

The DOJ's Antitrust Division oversees compliance with antitrust policies. The five years to July 2019 saw it collect more than $5.5 billion in criminal fines from corporations convicted of violations including price-fixing, bid rigging and customer allocation.

Prior to July 2019, there was no direct correlation between companies' antitrust compliance policies and the approach taken by the DOJ; instead, it relied on a 'self-reporting' approach, which, according to law firm Morgan Lewis, it saw as 'sufficient incentive for companies to invest in robust antitrust compliance policies.'

Under the new leniency policy, however, the Antitrust Division will take into account an organization's compliance program when charging and sentencing for criminal antitrust cases.

In June 2020, the U.S. Department of Justice Criminal Division updated its Evaluation of Corporate Compliance Programs. The WSJ article reports that the Department has asked its prosecutors to enquire, as part of their work with companies under investigation for compliance breaches, 'whether their compliance teams have access to data, if it is being used to monitor for risks, and test policies and procedures.'

Potentially even more interesting to organizations is the fact that 'Authorities also have shown in recent settlements a willingness to cut penalties for companies that have implemented data analytics or monitoring tools into their compliance programs.'

What Does This Mean for Compliance Teams?

It's certainly driving a renewed interest in data-driven compliance. The WSJ article notes that while data-led decision-making is nothing new for corporates, compliance has often been the poor relation in this regard, with financial constraints, cultural reluctance and an historic lack of potential solutions leaving compliance functions behind the curve on data-based intelligence. Instead, too many compliance teams remain reliant on manual processes that limit their ability to respond swiftly and effectively to the risks they face.

Our recent blog on the ideal compliance program summarized updated guidance from the U.S. Department of Justice on the way it evaluates corporate compliance programs and outlines the steps the DOJ expects firms to take. It is by evidencing that they have followed these steps that firms may be able to seek leniency from the DOJ.

The Leniency Program in Action: How Are Organizations Responding?

When a Hungarian subsidiary of Microsoft came under the spotlight in July 2019 for breaching the Foreign Corrupt Practices Act, it was fined a total of $25.3 million. However, the remedial actions the organization implemented counted for them when it came to their penalty, with the WSJ noting that:

"During the course of the investigations, the software company began building a cutting-edge compliance analytics system that allows Microsoft to flag risky partners and deals. Authorities acknowledged the company's expanded use of data analytics and transaction monitoring helped the subsidiary secure a lower fine and a more lenient settlement agreement."

While not all companies have Microsoft's ability to respond as swiftly or comprehensively in this situation, it does demonstrate that for organizations already in hot water due to failings, one of their best strategies when it comes to fines may be to negotiate into the leniency program.

But of course, this is only possible if they can demonstrate robust compliance processes and data-led programs. And obviously it's better still to be ahead of curve and avoid breaches and investigations in the first place.

Putting in Place Data-Driven Compliance Programs

Measurement and monitoring is recognised as one of the 5 stages of an effective compliance program. Reliable data underpins every successful compliance policy; monitoring your own approach against best practice is essential ' and with compliance goalposts continuously shifting, an ongoing and continually refined program of data-gathering and analysis is needed.

The larger your organization, the bigger a challenge this is. If you are running a business with numerous subsidiaries and legal entities, you need to ensure you have a firm grasp of their operations and their compliance with global and local regulations to ensure you minimize your compliance risk.

As noted above, companies that can evidence this data-led approach, and a robust process of circling back to test and improve compliance policies, will be viewed with more sympathy by the DOJ. In addition, the rigor created by such an approach is likely to reduce your chances of falling foul of regulations in the first place.

Putting in place a comprehensive compliance program, then, has a clear benefit ' and not just in terms of negotiating clemency. As we also noted above, though, compliance can often lag other business teams when it comes to implementing data-driven processes, and this manual approach can bring increased risk.

Having a central system that both gathers compliance data and mandates correct procedures brings significant benefits. Leading-edge compliance software enables organizations to store corporate documents, policies and entity information, with compliance calendars, workflows and reminders minimising the chances of breaches. Should the worst happen they also, importantly, create an audit-ready trail of evidence around the compliance processes you have in place.

Contact us to find out how Diligent's Compliance software can help your organization develop a more robust, data-led approach.

Related Insights
Michael Nyhuis
Michael Nyhuis is the former Director of Audit & Compliance at Diligent and a modern governance expert with over 25 years of experience.