No Longer Just a Matter of Paying the Fine and Moving On.

Corporate settlement agreements used to be straightforward—pay the penalty and move on. Now, these resolutions rival complex business transactions, including months of negotiations and multi-year post-resolution obligations. Satisfying post-settlement commitments is a business imperative, not just a legal obligation. Meeting, if not exceeding obligations, helps restore brand value and improves employee and investor stakeholder confidence.

Post-Settlement Guide

StoneTurn developed this Post-Settlement Guide to help companies and their external counsel prepare for and manage post-resolution obligations. Our suggestions draw from StoneTurn’s cross-disciplinary and industry expertise; past experience as regulators, auditors and prosecutors; our team’s many risks and controls engagements; and years of experience serving as government-imposed and voluntary compliance monitors and consultants.

The Post-Settlement Guide includes four sections organized around requirements for DOJ non-prosecution agreements (NPA), deferred prosecution agreements (DPA), and plea agreements. The SEC and other agencies impose similar obligations (e.g., HHS Corporate Integrity Agreements).

1. Commitments & Breaches.

The Guide begins with basic steps companies should take to meet obligations and avoid breaches. These steps include starting early; conducting a root cause analysis to identify compliance program elements; requiring remediation; creating a governance structure, developing assessment criteria, expected evidence and validation procedures; performing a “check and challenge” of the executability of corrective action plans; conducting “real-time” testing to keep the project on track; identifying and mitigating breach risks and scenarios; and keeping a “good deeds” scrapbook to evidence the company’s good faith efforts in the event of a breach.

2. Certifying Compliance Program Effectiveness.

We follow with steps to meet DOJ and SEC requirements for senior management to certify compliance programs and controls effectiveness and how public companies can leverage their Sarbanes-Oxley processes to avoid duplication of efforts. Key steps include selecting a framework and criteria; identifying and assessing significant ethics and compliance risks and scenarios; evaluating the design and operating effectiveness of the risk response; executing a corrective action plan to cure deficiencies; implementing an evidence-based sub-certification waterfall; and arranging for an independent third party or internal audit validate that the program meets the framework and criteria.

3. Duty to Report Misconduct Allegations.

The Post-Settlement Guide next considers DOJ’s requirement for CEOs and CFOs to certify personally that the company reported to DOJ evidence or allegations of violations of the criminal laws that gave rise to the settlement. We suggest ensuring that all employees understand the obligation; developing an inventory of potential sources, recipients, reporters, and escalation systems; identifying reasonably likely breach scenarios and evaluating the effectiveness of the company’s risk response; establishing a process to escalate misconduct allegations to the right decision-makers; and protecting the CEO and CFO with evidence-based sub-certifications and independent testing.

4. Making the Best of a Government Monitor.

The Post-Settlement Guide concludes with practical steps to prepare, liaise and maximize the value of a government-imposed monitor or independent consultant, starting with behaving like a client, not a criminal defendant and avoiding an adversarial relationship. We also suggest identifying the objectives and benefits of the monitorship; developing proposed assessment criteria; selecting candidates wisely; investing in an effective project management office; and collaborating on the Monitor’s work plans and recommendations.

Interested in digging deeper? Download a copy of the guide here, or follow along with our checklist

About the Authors

Jonny Frank StoneTurn

Jonny Frank

Jonny Frank brings over 40 years of public and private sector and law and business school teaching experience in forensic investigations, compliance, and risk management. He helps organizations and counsel […]

Read Bio
Michele Edwards

Michele Edwards

Michele Edwards, a Partner with StoneTurn, has more than 25 years of combined experience in fraud and compliance risk management, compliance and monitoring and auditing. She specializes in assessing, implementing […]

Read Bio
Chris Hoyle

Christopher Hoyle

Chris Hoyle, a Partner with StoneTurn, has nearly 20 years of professional experience in fraud and compliance risk management and forensic accounting. Chris specializes in assessing and remediating compliance programs, […]

Read Bio
Laura Greenman

Laura Greenman

Laura Greenman, a Managing Director with StoneTurn, brings over ten years of public and forensic accounting, in-house and consulting financial services experience. Laura specializes in implementing and testing the internal […]

Read Bio
ksenia-ioffe-web

Ksenia Ioffe

Ksenia Ioffe, a Managing Director with StoneTurn, has expertise in compliance and monitoring, forensic accounting, and auditing. Ksenia’s experience includes assessing corporate compliance programs and internal controls, and advising companies […]

Read Bio