Audit, Compliance and Risk Blog

For more than 25 years, I’ve taught one of the core required courses in the Hazardous Materials Management Certificate program offered by University of California Santa Cruz Extension (UCSC-Ex). The program is intended to provide professionals with a solid foundation in the principles, regulations, and technologies required to manage hazardous materials and hazardous waste. In my course–the Regulatory Framework for Toxic and Hazardous Materials–I provide overviews of:

A manager reports to you that one of your workers, Joe, has admitted to a problem with alcohol. Or perhaps there’s an accident in the workplace and the ensuing investigation reveals that Jane is a regular drug user. Or John arrives at the office, once again unfit to do his job because he’s “under the influence.”

This information will be updated shortly

The collective experience of 54 environmental, health, and safety (EHS) audit directors and managers from some of the world’s leading multinational companies provides valuable insights for companies of all sizes and audit-maturity levels in guiding EHS auditing activities. With the goal of promoting continuous improvement in EHS auditing effectiveness and practices, AECOM’s International Audit Practicef Consortium (IAPC) has published its Seventh Biennial Environmental, Health, and Safety Audit Practices Survey Report--a 123-page report presenting the results, analysis, and lessons learned from its membership in critical EHS areas of: Audit Scope versus Depth; Auditor Independence, Competency, and Training; Compliance Point versus Control Failures; Audit Program Metrics and Evaluations; and Stakeholder Value.

When an organization breaks the law, the actual actions must be taken by individuals associated with the organization–whether it’s a rogue individual or a vast internal conspiracy. So who’s culpable and for what? Laws often provide civil liability for most violations and criminal liability for the most severe, and many include parallel provisions addressed both to organizations and individuals. Most enforcement agencies produce enforcement and prosecutorial guidelines for agency personnel to provide criteria that channel their “prosecutorial discretion.” Variations in such guidelines may tend to keep organizations and their personnel aligned – as when they’re all going to be prosecuted together anyway–or may encourage fissures between them – as when one can reduce its own liability by incriminating another.

The U.S. Department of Justice (DOJ) conducts most criminal prosecutions brought against violators of U.S. federal laws. DOJ’s U.S. Attorneys also provide legal support to many federal agencies in civil cases brought by the agencies for regulatory violations. To regularize these wide-ranging responsibilities, DOJ promulgates enforcement policies and priorities, which are compiled in the “U.S. Attorneys’ Manual.”

How Has DOJ Approached Individual Prosecutions For Organizational Wrongdoing?

DOJ has repeatedly adjusted its policies for prosecuting individuals in organizational wrongdoing cases. In 2003, DOJ issued an enforcement policy seeking to separate organizations from their agents – telling organizational defendants that indemnification of their officers (i.e., paying their defense costs under employment contracts and bylaws) would be interpreted as support for the individuals’ malfeasance, precluding DOJ from applying lenience to the organization for having “cooperate[d] in the investigation of its agents” (the “Thompson memorandum”). This policy was intended to prevent organizations from shielding their personnel, and so to encourage more individual prosecutions. However, this policy was rescinded after a 2006 court decision excoriated DOJ, holding that the policy violated individual defendants’ Constitutional rights by exerting undue pressure on organizations (U.S. v. Stein).

In 2006, DOJ softened the offending policy by reemphasizing that many criteria may apply to charging and prosecutorial decisions, and stating explicitly that an organization’s decision to follow state laws and establish indemnification provisions would not be considered a failure to cooperate sometime later with federal prosecutors (“the McNulty memorandum”; later enshrine in the U.S. Attorneys’ Manual section 9.28). Thus, DOJ policy for nearly a decade has not explicitly attempted to pit organizational defendants against their individual human agents – but also has not provided clear guidance to prosecutors in determining whether to proceed against organizational defendants, individual defendants, or both. During these years, the trend has been toward fewer prosecutions of individuals, even where it seems likely that top managers were integral participants in financial or regulatory violations. This lack of headline-grabbing prosecutions has produced a political backlash and pressure to re-balance prosecutorial policies.

How Does DOJ’s Newest Policy Favor Individual Prosecutions?

In September, Deputy Attorney General Yates issued DOJ’s latest enforcement policy memorandum, addressing “Individual Accountability for Corporate Wrongdoing.” DOJ will apply this latest revision to all criminal prosecutions, and to civil enforcement as appropriate. The memo sets forth 6 basic criteria for U.S. Attorneys to apply and follow:

1. “To be eligible for anv cooperation credit, corporations must provide [DOJ] all relevant facts about the individuals involved in corporate misconduct.
2. Both criminal and civil corporate investigations should focus on individuals from the inception of the investigation.
3. Criminal and civil attorneys handling corporate investigations should be in routine communication with one another.
4. Absent extraordinary circumstances, no corporate resolution will provide protection from criminal or civil liability for any individuals.
5. Corporate cases should not be resolved without a clear plan to resolve related individual cases before the statute of limitations expires and declinations as to individuals in such cases must be memorialized.
6. Civil attorneys should consistently focus on individuals as well as the company and evaluate whether to bring suit against an individual based on considerations beyond that individual's ability to pay.”

If organizations respond to these incentives by providing incriminating facts about individuals, the new policy will tend to create wedges between organizations and their personnel, which DOJ is now pledging to prosecute more vigorously. It remains to be seen how these incentives will actually be applied by prosecutors, followed by defendants, and reviewed by courts.

Self-Assessment Checklist

• Has the organization established compliance and/or ethics programs to prevent and detect violations of applicable laws?
  • Do formal organizational policies define standards and procedures for agents and employees?
  • Are specific high-level personnel assigned responsibility and authority to ensure these standards and procedures are followed?
  • Does the organization provide training and/or other means to communicate standards and procedures effectively to its agents and employees?
  • Is there an effective program for enforcing these standards (e.g., monitoring and audits)?
  • Are there internal reporting mechanisms (including protections against possible retaliation)?
  • Does the program include clear and effective disciplinary mechanisms?
  • Does the program provide for immediate and appropriate steps to correct the condition giving rise to any detected offense or violation (e.g., program changes and individual disciplinary actions)?
  • Does the program include provisions for self-reporting to appropriate authorities?