DOJ’s Consumer Protection Branch Announces New Corporate Enforcement Policies

Client Alert  |  March 28, 2023


On March 3, 2023, the Consumer Protection Branch (CPB) of the U.S. Department of Justice (DOJ) issued two new policies: (1) a Voluntary Self-Disclosure Policy for Business Organizations,[1] and (2) a Monitor Selection Policy.[2]  CPB spearheads DOJ efforts to enforce federal laws protecting American consumers’ “health, safety, economic security, and identity integrity,”[3] including through criminal and civil enforcement of the Federal Food, Drug, and Cosmetic Act (FDCA), the Federal Trade Commission Act, the Consumer Product Safety Act, the Controlled Substances Act, and laws administered by the Department of Transportation, among others.  CPB’s new policies reflect key themes from a speech by Deputy Attorney General Lisa Monaco at the American Bar Association’s National Institute on White Collar Crime,[4] and the policies were released in coordination with that speech.

In addition to clarifying CPB’s protocols and expectations in key areas of criminal corporate enforcement, the policies signal a desire to incentivize self-disclosure directly to CPB and to impose independent monitors more frequently.  Below we provide a summary of the key policy changes and clarifications, along with our observations regarding their potential implications.

Voluntary Self-Disclosure Policy

The Voluntary Self-Disclosure Policy for Business Organizations (Self-Disclosure Policy) announced by CPB aligns with broader DOJ efforts to incentivize companies to voluntarily self-disclose potential criminal conduct, fully cooperate with DOJ investigations, and undertake remediation measures.  The Self-Disclosure Policy is similar to DOJ’s Criminal Division Corporate Enforcement Policy (covered in a previous alert here) and the Corporate Voluntary Self-Disclosure Policy for all U.S. Attorney’s Offices.[5]

The Self-Disclosure Policy applies across CPB’s criminal enforcement efforts to protect consumers’ health, safety, economic security, and identity integrity.  The Policy defines economic security and identity integrity matters as “involving data-privacy violations and fraud schemes affecting large numbers of older adults, immigrants, veterans and servicemembers, or other vulnerable victims.”  As for CPB’s health and safety work, the Policy describes enforcement efforts covering “unlawful conduct related to drugs (including prescription and counterfeit drugs), medical devices, food, dietary supplements, and consumer products and vehicles.”  In this category, the Policy emphasizes CPB’s role in the “prosecution and oversight of all criminal matters arising under the [FDCA],” noting that “U.S. Attorney’s Offices must notify and consult with CPB upon opening any criminal investigation involving a possible violation of the FDCA.”  This statement of CPB’s responsibilities in FDCA matters is consistent with recent revisions to the Justice Manual, see JM 4-8.200 and 9-99.000, and reflects continuing significant increases in CPB’s staff and coordination with U.S. Attorney’s Offices.  In the health and safety context, the Self-Disclosure Policy applies not only to potential criminal violations “involving the manufacture, distribution, sale, or marketing of products,” but also to “misconduct involving failures to report to, or misrepresentations to” regulators.

As Arun Rao, the Deputy Assistant Attorney General with oversight of CPB, recently explained, the Self-Disclosure Policy seeks to “encourage corporate self-disclosure by establishing consistent and transparent factors that, if met, will result in substantial rewards.”[6]  But companies will need to carefully consider applicability of the Policy alongside other wide-ranging compliance and reporting assessments required by regulators, with the Policy putting additional pressure on companies to move swiftly in investigating issues of potential regulatory non-compliance.

1. Requirements. To receive credit for voluntary self-disclosure of wrongdoing under the Self-Disclosure Policy, a company must:

  • Disclose the conduct “directly” to CPB “prior to an imminent threat of disclosure [in other forums]” or government investigation;
  • Make the disclosure within a reasonably prompt time after the company becomes aware of the conduct;
  • Have no pre-existing obligation to disclose the conduct pursuant to a prior resolution;
  • Preserve, collect, and produce relevant documents or information in a timely manner; and
  • Disclose all relevant facts then known to the company concerning the misconduct, including individuals and third parties involved in the misconduct.

The requirement to report “directly” to CPB is significant for companies that manufacture, distribute, or sell regulated products.  The Self-Disclosure Policy specifically makes clear that CPB will not deem it sufficient for a company to report only to a regulator, explaining that “if a company . . . chooses to self-report only to a regulatory agency and not to CPB, the company will not qualify for the benefits of a voluntary self-disclosure. . . .”  By emphasizing “direct” reporting to CPB, the Self-Disclosure Policy also suggests that CPB is seeking to disincentivize forum shopping across DOJ in matters falling within its purview.  That could be a meaningful consideration for companies considering where to report within DOJ.  The Policy also underscores that a company’s communications with regulators about an issue that potentially implicates DOJ enforcement authorities will not necessarily come to DOJ’s attention.  Companies should carefully evaluate whether a regulatory issue may rise to the level of criminal liability in considering whether self-disclosure is beneficial under the Policy.

2. Benefits. Consistent with Deputy Attorney General Monaco’s commitment that—absent aggravating factors—DOJ “will not seek a guilty plea when a company has voluntarily self-disclosed, cooperated, and remediated misconduct,”[7] the Self-Disclosure Policy provides that CPB will not seek a guilty plea from companies that fulfill the Policy’s requirements.  Under the Policy, CPB also will not require an independent compliance monitor for a complying company if, at the time of resolution, the company has implemented and tested an effective compliance program.

These benefits fall short of offering a rebuttable presumption of declination, as in the Criminal Division’s Corporate Enforcement Policy.  But they represent meaningful incentives nevertheless.  The promise not to pursue a guilty plea may be particularly important for life-sciences and consumer-product companies that could face exclusion from federal health care programs or debarment from government contracting if convicted of a crime—even a misdemeanor offense under the FDCA or other consumer-protection laws that do not require DOJ to prove criminal intent.  That promise is notable as well in light of recent political pressure on CPB to secure guilty pleas from companies; indeed, some politicians recently have criticized resolutions that spared companies from exclusion by avoiding guilty pleas.[8]

The Self-Disclosure Policy’s pathway to avoid an independent compliance monitor also is meaningful, especially for highly regulated corporations.  As discussed below, CPB’s establishment of a corporate compliance unit and promulgation of a policy on independent monitors is consistent with broader DOJ developments and suggests a likelihood that CPB will seek to impose monitors in more resolutions.  That development could add a heavy layer of oversight and reporting to corporations that may already be under strict regulatory scrutiny or even a separate monitor imposed by an agency settlement (e.g., a Department of Health and Human Services, Office of Inspector General corporate integrity agreement).  Thus, the opportunity to avoid a CPB-imposed monitor could prove a valuable benefit to corporations considering whether to self-disclose.

3. Exclusions. The Self-Disclosure Policy outlines a list of aggravating factors that may undermine certain benefits of self-disclosure under the Policy.  As explained by Deputy Assistant Attorney General Rao, CPB “considered its unique mission” in “carefully calibrat[ing]” these factors “to address [CPB’s] work in health, safety, and consumer fraud areas.”[9] The factors include consideration of whether:

  • The conduct at issue was deeply pervasive throughout the organization;
  • Upper management knowingly was involved in the conduct;
  • The conduct was intentional or willful and created significant risk of death or serious bodily injury; or
  • The conduct intentionally or willfully targeted vulnerable populations.

The Self-Disclosure Policy notes that CPB prosecutors will weigh the existence of any of these  aggravating factors in balancing the goal of encouraging disclosures against the goal of deterring serious offenses (particularly those that pose risks to health or safety).  However, more guidance and assurance to companies may be needed with respect to application of the factors, as they could swallow the policy’s benefits.  Misconduct involving regulated products, for instance, often is subject to criminal prosecution when it is associated with a significant risk of harm to consumers.  As a result, absent further guidance, prosecutors could assert that a wide variety of conduct in violation of the FDCA or other consumer-protection statutes falls outside of the Self-Disclosure Policy’s safe harbor.

CPB has indicated that further guidance might develop if necessary, with Deputy Assistant Attorney General Rao stating that CPB “is open to making adjustments as we move forward.”[10]  Indeed, further guidance would be welcome, as the recent Policy announcement suggests there may be a disincentive to reporting the most serious issues.  Further guidance also could account for the challenges inherent in conducting an early internal assessment of the potential causes and effects of a regulatory issue.  We will continue to monitor and report on developments in this space.  In the meantime, companies must very carefully consider whether the facts of an identified issue could trigger one of the Policy’s aggravating-factor exceptions in evaluating the benefits of self-disclosure.

Monitor Selection Policy

CPB’s new Monitor Selection Policy (“Monitor Policy”) is consistent with Deputy Attorney General Monaco’s September 2022 directive[11] for DOJ components to establish a clear process for monitor selection.[12]  The Monitor Policy generally tracks the Criminal Division’s recently issued Revised Memorandum on Selection of Monitors in Criminal Division Matters.[13]

The Monitor Policy’s issuance signals that CPB is likely to begin seeking monitors in more corporate criminal resolutions.  CPB generally has not required monitors in past resolutions: at most, it has required defendants to retain expert consultants to advise on the design and implementation of required compliance measures.  This practice has been consistent with what CPB typically requires in consent decrees resolving civil actions under the FDCA.  Unlike independent monitors, these experts have not been selected by CPB and they have not reported directly to CPB.  Thus, a potential shift to greater use of monitors in CPB criminal matters is significant, especially—as noted above—for corporations that already are highly regulated or that may face imposition of a monitor by other regulators.

The Monitor Policy also is noteworthy in the prominent role that it assigns to CPB’s Corporate Compliance and Policy Unit, which is a new unit as of last year.  Creation of that Unit—like the Monitor Policy—reflects an increased focus on imposing consistent and meaningful compliance terms in resolutions and then enforcing those terms.[14]

1. Applicability. The Monitor Policy applies to the use of independent compliance monitors in CPB criminal corporate resolutions including guilty pleas, deferred prosecution agreements (DPAs), and non-prosecution agreements (NPAs).  The policy does not apply to civil resolutions.

The Monitor Policy does not provide guidance on when a monitor should be imposed in a particular resolution, but CPB prosecutors are governed by Section 9-28.1700 of the Justice Manual, which outlines ten non-exclusive factors for prosecutors to consider in assessing the need to impose a monitor and identifies two “broad considerations [to] guide prosecutors”: “(1) the potential benefits that employing a monitor may have for the corporation and the public, and (2) whether the costs of a monitor and its impact on the operations of a corporation . . . substantially outweigh the potential benefits of a monitor.”[15]  Section 9-28.1700 of the Justice Manual also provides that, “[i]n general, the Department should favor the imposition of a monitor where there is a demonstrated need for, and clear benefit to be derived from, a monitorship.”  As CPB leadership previously has discussed in public remarks, its prosecutors also are guided by—and seek to remain consistent with—Criminal Division guidance on the need for a monitor.  Such commentary strongly suggests that companies should evaluate their compliance programs in the context of a CPB investigation even outside the self-disclosure process, as the state of their compliance program could well be relevant to an evaluation of the need for outside monitors under DOJ guidance.

2. Monitor Selection Process. The Monitor Policy outlines the process by which CPB will select a monitor when its prosecutors and leadership determine that one is appropriate in a particular case and a resolution provides for appointment of a monitor.

Nomination.  Under the first step in the Monitor Policy process, CPB will ask a corporate defendant to submit a written proposal identifying three candidates, outlining various information pertaining to the candidates’ credentials, and providing certifications that the candidates do not have potential conflicts of interest in performing the work.

Corporate defendants will benefit from crafting thoughtful proposals that address points of concern and interest for CPB, as doing so will more likely lead to selection of a preferred monitor candidate and a quicker selection process.

Evaluation.  Working from a corporation’s proposal of monitor candidates, the Monitor Policy provides that CPB’s Corporate Compliance and Policy Unit will interview each candidate to assess their candidacy based on their general background, education, and training; past experience as the relevant monitor type; degree of objectivity and independence from the company; adequacy and sufficiency of the candidate’s resources; and any other factors the Unit deems relevant.  In matters involving regulated products, corporations can expect that CPB will look for monitors who understand the applicable regulatory landscape and have knowledge of the relevant industry.

Recommendation.  The Monitor Policy next explains that CPB’s Corporate Compliance and Policy Unit will recommend a monitor candidate to a Standing Committee comprised of the Civil Division Deputy Assistant Attorney General with oversight of CPB, the Director of CPB, and the Civil Division’s designated Ethics Official.  Under the Monitor Policy, the Standing Committee will review the Corporate Compliance and Policy Unit’s recommendation and decide whether or not to accept it.  If the Committee accepts the candidate, it will forward the recommendation to the Assistant Attorney General for the Civil Division, who then will pass forward the recommendation to the Offices of the Associate Attorney General and the Deputy Attorney General.  The Office of the Deputy Attorney General has ultimate authority to approve a monitor candidate.

***

The new voluntary-disclosure and monitor-selection policies issued by CPB reflect that office’s continuing focus on corporate criminal enforcement and compliance.  The policies offer both new opportunities and challenges for engaging with CPB.  Gibson Dunn has deep familiarity with CPB and experience in navigating corporate enforcement and compliance policies.  We stand ready to assist clients engaging with the office or the ramifications of its policies.

_________________________

[1] United States Department of Justice, Civil Division – Consumer Protection Branch Voluntary Self Disclosure Policy for Business Organizations (Feb. 2023), available at https://www.justice.gov/file/1571106/download.

[2] United States Department of Justice, Civil Division – Consumer Protection Branch Monitor Selection Policy (Feb. 2023), available at https://www.justice.gov/file/1571111/download.

[3] United States Department of Justice, Civil Division – Consumer Protection Branch, About the Branch, available here.

[4] United States Department of Justice, “Deputy Attorney General Lisa Monaco Delivers Remarks at American Bar Association National Institute on White Collar Crime” (Mar. 2, 2023), available at https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-remarks-american-bar-association-national.

[5] United States Attorneys’ Offices Voluntary Self-Disclosure Policy, (Feb. 22, 2023), available at https://www.justice.gov/usao-sdny/press-release/file/1569411/download; United States Department of Justice, Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy, JUSTICE MANUAL § 9-28.900, available at https://www.justice.gov/jm/jm-9-28000-principles-federal-prosecution-business-organizations#9-28.900.

[6] Deputy Assistant Attorney General Arun G. Rao, Remarks, “What’s Coming Down the Hill” Symposium, Georgetown Law Center (Mar. 10, 2023).

[7] United States Department of Justice, “Deputy Attorney General Lisa O. Monaco Delivers Remarks on Corporate Criminal Enforcement” (Sep. 15 2022), available at https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-remarks-corporate-criminal-enforcement.

[8] Letter from Sen. Elizabeth Warren and Sen. Ben Ray Luján to Hon. Merrick Garland (Aug. 11, 2022), available here here.

[9] Deputy Assistant Attorney General Arun G. Rao, Remarks, “What’s Coming Down the Hill” Symposium, Georgetown Law Center (Mar. 10, 2023).

[10] Id.

[11] Memorandum, Dep’t of Justice, Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group (Sept. 15, 2022), available https://www.justice.gov/opa/speech/file/1535301/download.

[12] United States Department of Justice, Office of the Deputy Attorney General, “Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group” (Sep. 15, 2022), available at https://www.justice.gov/opa/speech/file/1535301/download; see also Gibson Dunn & Crutcher, “From the Broader Perspective: Deputy Attorney General Announces Additional Revisions to DOJ’s Corporate Criminal Enforcement Policies” (Oct. 3, 202), available at https://www.gibsondunn.com/from-the-broader-perspective-deputy-attorney-general-announces-additional-revisions-to-dojs-corporate-criminal-enforcement-policies/.

[13] United States Department of Justice, Civil Division – Consumer Protection Branch Revised Memorandum on Selection of Monitors in Criminal Division Matters (Feb. 2023), available at  https://www.justice.gov/opa/speech/file/1571916/download.

[14] United States Department of Justice, Civil Division – Consumer Protection, “Recent Highlights” (Apr. 2022), available at https://www.justice.gov/file/1490441/download.

[15] United States Department of Justice, Criminal Division “Use of Independent Compliance Monitors in Corporate Resolutions, JUSTICE MANUAL § 9-28.1700 (2023), available at https://www.justice.gov/jm/jm-9-28000-principles-federal-prosecution-business-organizations#9-28.1700.


The following Gibson Dunn lawyers prepared this client alert: Gus Eyler, Nick Hanna, Marian Lee, John Partridge, Jonathan Phillips, Justine Kentla, Wynne Leahy, and Laila Naraghi.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update.  Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s FDA and Health Care or White Collar Defense and Investigations practice groups:

FDA and Health Care Group:
Gustav W. Eyler – Washington, D.C. (+1 202-955-8610, [email protected])
Marian J. Lee – Washington, D.C. (+1 202-887-3732, [email protected])
John D. W. Partridge – Denver (+1 303-298-5931, [email protected])
Jonathan M. Phillips – Washington, D.C. (+1 202-887-3546, [email protected])

White Collar Defense and Investigations Group:
Stephanie Brooker – Washington, D.C. (+1 202-887-3502, [email protected])
Winston Y. Chan – San Francisco (+1 415-393-8362, [email protected])
Daniel P. Chung – Washington, D.C. (+1 202-887-3729, [email protected])
Nicola T. Hanna – Los Angeles (+1 213-229-7269, [email protected])
Charles J. Stevens – San Francisco (+1 415-393-8391, [email protected])
Patrick F. Stokes – Washington, D.C. (+1 202-955-8504, [email protected])
F. Joseph Warin – Washington, D.C. (+1 202-887-3609, [email protected])
Debra Wong Yang – Los Angeles (+1 213-229-7472, [email protected])

© 2023 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice. Please note, prior results do not guarantee a similar outcome.