No Longer Just a Matter of Paying the Fine and Moving On.
Corporate settlement agreements used to be straightforward—pay the penalty and move on. Now, these resolutions rival complex business transactions, including months of negotiations and multi-year post-resolution obligations. Satisfying post-settlement commitments is a business imperative, not just a legal obligation. Meeting, if not exceeding obligations, helps restore brand value and improves employee and investor stakeholder confidence.
Post-Settlement Guide
StoneTurn developed this Post-Settlement Guide to help companies and their external counsel prepare for and manage post-resolution obligations. Our suggestions draw from StoneTurn’s cross-disciplinary and industry expertise; past experience as regulators, auditors and prosecutors; our team’s many risks and controls engagements; and years of experience serving as government-imposed and voluntary compliance monitors and consultants.
The Post-Settlement Guide includes four sections organized around requirements for DOJ non-prosecution agreements (NPA), deferred prosecution agreements (DPA), and plea agreements. The SEC and other agencies impose similar obligations (e.g., HHS Corporate Integrity Agreements).
1. Commitments & Breaches.
The Guide begins with basic steps companies should take to meet obligations and avoid breaches. These steps include starting early; conducting a root cause analysis to identify compliance program elements; requiring remediation; creating a governance structure, developing assessment criteria, expected evidence and validation procedures; performing a “check and challenge” of the executability of corrective action plans; conducting “real-time” testing to keep the project on track; identifying and mitigating breach risks and scenarios; and keeping a “good deeds” scrapbook to evidence the company’s good faith efforts in the event of a breach.
2. Certifying Compliance Program Effectiveness.
We follow with steps to meet DOJ and SEC requirements for senior management to certify compliance programs and controls effectiveness and how public companies can leverage their Sarbanes-Oxley processes to avoid duplication of efforts. Key steps include selecting a framework and criteria; identifying and assessing significant ethics and compliance risks and scenarios; evaluating the design and operating effectiveness of the risk response; executing a corrective action plan to cure deficiencies; implementing an evidence-based sub-certification waterfall; and arranging for an independent third party or internal audit validate that the program meets the framework and criteria.
3. Duty to Report Misconduct Allegations.
The Post-Settlement Guide next considers DOJ’s requirement for CEOs and CFOs to certify personally that the company reported to DOJ evidence or allegations of violations of the criminal laws that gave rise to the settlement. We suggest ensuring that all employees understand the obligation; developing an inventory of potential sources, recipients, reporters, and escalation systems; identifying reasonably likely breach scenarios and evaluating the effectiveness of the company’s risk response; establishing a process to escalate misconduct allegations to the right decision-makers; and protecting the CEO and CFO with evidence-based sub-certifications and independent testing.
4. Making the Best of a Government Monitor.
The Post-Settlement Guide concludes with practical steps to prepare, liaise and maximize the value of a government-imposed monitor or independent consultant, starting with behaving like a client, not a criminal defendant and avoiding an adversarial relationship. We also suggest identifying the objectives and benefits of the monitorship; developing proposed assessment criteria; selecting candidates wisely; investing in an effective project management office; and collaborating on the Monitor’s work plans and recommendations.
Interested in digging deeper? Download a copy of the guide here, or follow along with our checklist.
