U.S. DOJ’s Compliance Certifications Put Chief Compliance Officers in Criminal Crosshairs

The certification requirement continues DOJ’s focus on holding individuals — in addition to corporations — accountable for white-collar crimes. It also reflects the Department’s increasing interest in corporate gatekeepers, including CCOs. DOJ leadership has suggested that including this requirement in corporate resolutions is beneficial for CCOs. Deputy Attorney General Lisa Monaco, for example, noted that the certification requirement was not intended “as a punitive measure” and should be seen as the DOJ’s “effort to empower the gatekeepers, to empower the compliance officers and those who report to him or her in the different business lines.” Assistant Attorney General Kenneth Polite also framed the certification requirement in terms of empowerment, noting that “[i]t is the type of resource that compliance officials, including myself, have wanted for some time, because it makes it clear that you should and must have appropriate stature in corporate decision-making.”

The certification, however, has faced criticism for posing the threat of individual criminal liability for CCOs and CEOs, while requiring a highly subjective certification. The certification’s language contains numerous terms (e.g., “reasonably designed,” “prevent and detect,” and “effective”) open to interpretation, giving minimal substantive guidance to CCOs and CEOs about how to avoid potential criminal missteps. DOJ could interpret these terms broadly in hindsight should it learn about a compliance violation after a CCO and a CEO have already submitted a certification. It is also unclear what level of due diligence CCOs and CEOs should perform to gain comfort before signing such a certification. The certifications therefore put CCOs on a path toward potential individual liability without clearly indicating how they can ensure compliance with DOJ’s standards.

The compliance certification requirement reflects the government’s aggressive stance toward white-collar crime, and CCOs and CEOs could now face individual criminal risk as a result. This requirement also underscores the importance of prioritizing enhancements to compliance programs and the devotion of adequate resources to those programs in order to avoid a government enforcement action — and the corresponding certification requirements — altogether.