Audit, Compliance and Risk Blog

Jon Elliott

Recent Posts

Department of Justice Targets Individuals While Investigating Organizations

Posted by Jon Elliott on Tue, Oct 27, 2015

Gavel-1.jpgWhen an organization breaks the law, the actual actions must be taken by individuals associated with the organization–whether it’s a rogue individual or a vast internal conspiracy. So who’s culpable and for what? Laws often provide civil liability for most violations and criminal liability for the most severe, and many include parallel provisions addressed both to organizations and individuals. Most enforcement agencies produce enforcement and prosecutorial guidelines for agency personnel to provide criteria that channel their “prosecutorial discretion.” Variations in such guidelines may tend to keep organizations and their personnel aligned – as when they’re all going to be prosecuted together anyway–or may encourage fissures between them – as when one can reduce its own liability by incriminating another.

The U.S. Department of Justice (DOJ) conducts most criminal prosecutions brought against violators of U.S. federal laws. DOJ’s U.S. Attorneys also provide legal support to many federal agencies in civil cases brought by the agencies for regulatory violations. To regularize these wide-ranging responsibilities, DOJ promulgates enforcement policies and priorities, which are compiled in the “U.S. Attorneys’ Manual.”

How Has DOJ Approached Individual Prosecutions For Organizational Wrongdoing?

DOJ has repeatedly adjusted its policies for prosecuting individuals in organizational wrongdoing cases. In 2003, DOJ issued an enforcement policy seeking to separate organizations from their agents – telling organizational defendants that indemnification of their officers (i.e., paying their defense costs under employment contracts and bylaws) would be interpreted as support for the individuals’ malfeasance, precluding DOJ from applying lenience to the organization for having “cooperate[d] in the investigation of its agents” (the “Thompson memorandum”). This policy was intended to prevent organizations from shielding their personnel, and so to encourage more individual prosecutions. However, this policy was rescinded after a 2006 court decision excoriated DOJ, holding that the policy violated individual defendants’ Constitutional rights by exerting undue pressure on organizations (U.S. v. Stein).

In 2006, DOJ softened the offending policy by reemphasizing that many criteria may apply to charging and prosecutorial decisions, and stating explicitly that an organization’s decision to follow state laws and establish indemnification provisions would not be considered a failure to cooperate sometime later with federal prosecutors (“the McNulty memorandum”; later enshrine in the U.S. Attorneys’ Manual section 9.28). Thus, DOJ policy for nearly a decade has not explicitly attempted to pit organizational defendants against their individual human agents – but also has not provided clear guidance to prosecutors in determining whether to proceed against organizational defendants, individual defendants, or both. During these years, the trend has been toward fewer prosecutions of individuals, even where it seems likely that top managers were integral participants in financial or regulatory violations. This lack of headline-grabbing prosecutions has produced a political backlash and pressure to re-balance prosecutorial policies.

How Does DOJ’s Newest Policy Favor Individual Prosecutions?

In September, Deputy Attorney General Yates issued DOJ’s latest enforcement policy memorandum, addressing “Individual Accountability for Corporate Wrongdoing.” DOJ will apply this latest revision to all criminal prosecutions, and to civil enforcement as appropriate. The memo sets forth 6 basic criteria for U.S. Attorneys to apply and follow:

  1. “To be eligible for anv cooperation credit, corporations must provide [DOJ] all relevant facts about the individuals involved in corporate misconduct.
  2. Both criminal and civil corporate investigations should focus on individuals from the inception of the investigation.
  3. Criminal and civil attorneys handling corporate investigations should be in routine communication with one another.
  4. Absent extraordinary circumstances, no corporate resolution will provide protection from criminal or civil liability for any individuals.
  5. Corporate cases should not be resolved without a clear plan to resolve related individual cases before the statute of limitations expires and declinations as to individuals in such cases must be memorialized.
  6. Civil attorneys should consistently focus on individuals as well as the company and evaluate whether to bring suit against an individual based on considerations beyond that individual's ability to pay.”

If organizations respond to these incentives by providing incriminating facts about individuals, the new policy will tend to create wedges between organizations and their personnel, which DOJ is now pledging to prosecute more vigorously. It remains to be seen how these incentives will actually be applied by prosecutors, followed by defendants, and reviewed by courts.

Self-Assessment Checklist

  • Has the organization established compliance and/or ethics programs to prevent and detect violations of applicable laws?
    • Do formal organizational policies define standards and procedures for agents and employees?
    • Are specific high-level personnel assigned responsibility and authority to ensure these standards and procedures are followed?
    • Does the organization provide training and/or other means to communicate standards and procedures effectively to its agents and employees?
    • Is there an effective program for enforcing these standards (e.g., monitoring and audits)?
    • Are there internal reporting mechanisms (including protections against possible retaliation)?
    • Does the program include clear and effective disciplinary mechanisms?
    • Does the program provide for immediate and appropriate steps to correct the condition giving rise to any detected offense or violation (e.g., program changes and individual disciplinary actions)?
    • Does the program include provisions for self-reporting to appropriate authorities?
Read More

Tags: Corporate Governance, Employer Best Practices, Employee Rights

EPA Proposes To Revise Hazardous Waste Import-Export Requirements

Posted by Jon Elliott on Wed, Oct 14, 2015

The U.S. Environmental Protection Agency (EPA) administers rules governing the import and export of hazardous waste regulated by the Resource Conservation and Recovery Act (RCRA). These rules implement requirements established by RCRA, and also ensure that the U.S. meets its international responsibilities as a member of the Organization for Economic Cooperation and Development (OECD) by creating national rules that meet agreed-upon OECD standards. The proposal should appear in the Federal Register soon, opening a 60 day comment period after which EPA will decide whether to finalize the changes.

Read More

Tags: Health & Safety, Environmental risks, Environmental, EPA, Hazcom, RCRA, Canadian

EPA Catches Volkswagen Cheating On Emission Tests

Posted by Jon Elliott on Thu, Oct 01, 2015

In recent years, VW officials have sometimes been quoted touting their “clean diesel” vehicles by paraphrasing one of their competitors—“this isn’t your grandfather’s diesel.” This month VW finally admitted to the U.S. Environmental Protection Agency (EPA) and customers worldwide that it “isn’t your regulator’s diesel” either. The company had programmed the electronics in millions of vehicles to provide false data during required emissions tests.

Read More

Tags: Health & Safety, Environmental risks, Environmental, EHS, EPA, Hazcom, CAA, Transportation

Meeting OSHA Requirements On Employee Exposure And Medical Records

Posted by Jon Elliott on Tue, Sep 22, 2015

A wide variety of Occupational Safety and Health Administration (OSHA) standards require employers to acquire or create documentation of employees’ exposures to potentially hazardous materials and contaminants in their workplaces, and to inform employees of the presence of these hazards. For example, the Hazard Communication Standard (Hazcom) requires most employers to acquire Safety Data Sheets (SDSs) and provide workplace labeling and employee training. Other standards require employers to monitor their workplaces for airborne exposures to contaminants, and to compare such exposures to permissible exposure limits (PELs) or action levels. Some standards require employers to conduct medical monitoring of employees who are subject to such exposures. These records can be vitally important to provide information on long-term (chronic) health effects of exposures.

Read More

Tags: Employer Best Practices, Health & Safety, OSHA, Employee Rights, EHS, Hazcom

SEC Ponders Responsibilities For Board of Directors’ Audit Committees

Posted by Jon Elliott on Tue, Sep 15, 2015

Boards of directors are responsible for governing their corporations. Many boards divide their work among committees. Committees often include an “audit committee,” with responsibilities that may include:

Read More

Tags: Business & Legal, SEC, Accounting & Tax, Audit Standards

New York Targets Legionella

Posted by Jon Elliott on Thu, Sep 10, 2015

Although Environmental Health and Safety (EH&S) requirements target hundreds of micro-organisms (primarily viruses and bacteria), regulation of important hazards remain on the drawing boards, awaiting appropriate testing and control methodologies, sufficient resources … and high enough political priorities. Until recently, one of these unregulated pathogens has been the legionella bacterium, first identified in 1976 as the cause of “Legionnaire’s disease” – named after an outbreak at an American Legion convention in Philadelphia traced to the hotel’s air conditioning system. This summer, however, an outbreak in New York has led state and local health agencies to adopt extremely ambitious testing and disinfection programs.

Read More

Tags: Employer Best Practices, Health & Safety, Employee Rights, Environmental risks, Environmental, EHS, EPA

EEOC’s Latest Word On “Sex” Discrimination

Posted by Jon Elliott on Tue, Aug 25, 2015

Federal laws prohibit employers from basing employment decisions on a variety of factors, including “sex.” This term is not defined, leaving its interpretation to change and expand with social changes and court decisions. The central entity creating and applying these interpretations is the Equal Employment Opportunity Commission (EEOC), which administers and enforces Title VII of the Civil Rights Act of 1964 and a variety of subsequent laws. On July 15, EEOC reaffirmed its present interpretation, in an enforcement decision in which the plaintiff claimed he was denied access to a promotion because he’s gay (Baldwin v. Foxx). The EEOC’s order includes a clear summary of the agency’s approach to sex discrimination cases:

Read More

Tags: Corporate Governance, Business & Legal, Employer Best Practices, Employee Rights, Workplace violence, EEOC, NLRB

OSHA Proposes To Expand Enforceability Of Injury And Illness Reporting Requirements

Posted by Jon Elliott on Tue, Aug 18, 2015

The Occupational Safety and Health Administration (OSHA) has just proposed to revise its requirement that employers prepare and maintain records of occupational injuries and illnesses as they occur – in “I&I Logs.” (I blogged about these requirements here). Employers must also post annual I&I Summaries in each workplace, and respond to survey questions if asked by OSHA or the Bureau of Labor Statistics.

Read More

Tags: Employer Best Practices, Health & Safety, OSHA, Employee Rights, Environmental risks, Environmental, EHS, Hazcom

OSHA Narrows Process Safety Management Exclusion For Retail Facilities

Posted by Jon Elliott on Tue, Aug 11, 2015

The Occupational Safety and Health Administration (OSHA) adopted its Standard for Process Safety Management of Highly Hazardous Chemicals (usually referred to as “PSM”) in 1992, to require extensive risk assessment and reduction efforts by facilities where a significant chemical incident might have catastrophic consequences. OSHA has made only minor technical revisions in the ensuing two decades. However, during that time OSHA has issued a series of regulatory interpretations and enforcement guidelines that affect how the Standard is implemented.

Read More

Tags: Health & Safety, Environmental risks, Environmental, Hazcom

Should You Pay Your Interns?

Posted by Jon Elliott on Tue, Aug 04, 2015

Since it’s the middle of summer, you may have interns working in your office. If so, are they being paid for their efforts, are they receiving academic credits, or are they working to build their resumes, portfolios and connections? Some employers always pay, some never do, and some are open to negotiations based on the intern and his or her activities.

Read More

Tags: Business & Legal, Employer Best Practices, Employee Rights