Whether a company seeks a declination, a non-prosecution agreement, or simply to avoid a costly monitor, DOJ policy continues to stress that remediation is the cornerstone of resolution eligibility. Read our full insight, summarized below, in Law360.
A New Era of Enforcement, A Familiar Expectation
DOJ’s guidance makes it clear: companies must earn leniency by acting swiftly and credibly to identify, address and prevent misconduct. The bar for remediation has not moved—it has only been clarified.
To qualify under the revised Corporate Enforcement Policy (CEP), organizations must show:
- A thorough root cause analysis addressing not just symptoms but systemic failures;
- An effective, tested ethics and compliance program, tailored to the company’s risk profile;
- Discipline for both direct and indirect wrongdoers;
- A robust framework for business record retention, especially personal messaging applications;
- Additional steps that demonstrate genuine cultural change and a commitment to integrity.
From Root Cause to Resolution
Remediation starts with a credible, independent root cause analysis (RCA). DOJ expects this process to go beyond surface-level explanations and probe into organizational culture, risk blind spots, and control breakdowns. Using frameworks such as the COSO model, Cressey’s Fraud Triangle, or the Five Whys, organizations must draw a direct line between the issue, its origins, and the corrective actions taken.
Testing What’s in Place
It’s not enough to stand up a new compliance program; it must be in place and independently tested by the time DOJ comes calling. Prosecutors are specifically instructed to look at whether the company’s own testing obviates the need for a monitor. As part of that effort, companies should develop clear testing criteria, collect objective evidence, and consider third-party validation. Leadership signoff—such as a CEO or CCO certification—further demonstrates accountability.
Accountability in Action
A consistent disciplinary framework, modeled on federal sentencing guidelines, signals that ethics violations carry real consequences—regardless of rank. Likewise, implementing controls over business communications, especially personal devices and chat apps, has become table stakes following recent SEC and DOJ enforcement sweeps. And finally, companies should be ready to show the DOJ how they’ve gone above and beyond: from board-level engagement to companywide messaging campaigns, these “good deeds” offer powerful evidence of cultural shift.
The Bottom Line
While the DOJ may have adjusted its tone, remediation remains the nonnegotiable entry point to favorable outcomes. Organizations must act early, act thoroughly, and act credibly. That means confronting the full scope of misconduct, implementing sustainable controls, and independently verifying results—before prosecutors ever knock on the door. StoneTurn helps companies navigate these moments with objectivity, rigor and urgency—read more in Law360.
If you have any questions or would like to discuss this topic please reach out to Jonny Frank, Michele Edwards, or Christopher Hoyle.
To receive StoneTurn Insights, sign up for our newsletter.
