The Justice Department’s new corporate enforcement policy turns prosecutorial leniency into business regulation.
One of the more important recent regulatory developments did not come from an agency rule, a U.S. Supreme Court decision, or a congressional hearing. It came from the U.S. Department of Justice.
On March 10, the Department announced a new Corporate Enforcement Policy, and although it has mostly been discussed as a Department-wide white-collar enforcement update, that framing is too narrow. What the Justice Department has really done is publish a government-wide framework for steering how corporations investigate themselves, when they disclose misconduct, how they cooperate, and what corporations’ institutional reform must look like if corporations want meaningful credit. That is not just enforcement policy. It is regulation by incentive.
That is what makes the announcement more significant than the usual “compliance chatter” suggests. Lawyers will naturally focus first on the immediate tactical question: What does a company get if it comes to the Justice Department early, cooperates aggressively, and remediates convincingly? But the larger development is structural. The Justice Department has now moved beyond offering cooperation credit in individual cases and has instead formalized, across the department, a set of ex ante incentives designed to shape private conduct before charges are filed and often before the facts are even fully known.
In other words, the Department is no longer simply deciding how to punish misconduct after the fact. It is using prosecutorial leverage to govern institutional behavior at the moment of crisis.
That is a regulatory story, and a particularly interesting one, because it complicates the usual line between prosecution and administration. Commentators often describe criminal enforcement as backward-looking and regulation as forward-looking. Criminal enforcement punishes completed violations; regulations structure future conduct. But that distinction has become harder to maintain in the corporate context, where the government increasingly influences behavior not only by threatening penalties but also by publishing detailed terms on which firms may earn leniency, avoid monitors, reduce fines, and sometimes escape prosecution altogether.
The Justice Department’s new policy is a particularly clear example of that shift. The Department describes the policy as the first ever Department-wide corporate enforcement framework for criminal matters outside antitrust, designed to promote “uniformity, predictability, and fairness” across the Justice Department’s Washington headquarters, its litigating divisions, and the U.S. Attorneys’ Offices.
Once the policy is read through that lens, its structure becomes more revealing. The Justice Department is not merely telling companies that cooperation will be rewarded. It is standardizing the conditions under which reward is available.
If a company voluntarily self-discloses, fully cooperates, and timely and appropriately remediates a violation, the Justice Department may decline to investigate further, absent limited aggravating circumstances. A company that comes forward in good faith but falls short of formal voluntary self-disclosure, or one that presents aggravating circumstances, is steered toward a non-prosecution agreement with a term under three years, no independent monitor placed on the company, and a 50 to 75 percent reduction from the low end of the Guidelines’ fine range, absent especially serious aggravating circumstances. In practical terms, if the low end of the applicable Guidelines fine range were $10 million, that reduction could mean a fine between $2.5 million and $5 million, rather than $10 million. And for companies that fail to gain the protection of either safe harbor, the Department preserves discretion over the form of resolution, the term, whether a monitor will be required, and whether any reduction in fines up to 50 percent will be available.
Read narrowly, this policy looks like a pricing structure for misconduct. Read more carefully, however, it looks like something broader: a government-authored framework for directing how firms behave once wrongdoing is suspected. The policy defines what counts as voluntary self-disclosure, requiring that the misconduct be reported before an imminent threat of disclosure or government investigation and within a “reasonably prompt” time after the company becomes aware of it, with the company bearing the burden of proving that its disclosure was timely. It specifies what “full cooperation” requires, including disclosure of all relevant, non-privileged facts, identification of responsible individuals regardless of seniority, rolling factual updates, preservation and production of overseas records, facilitation of third-party production of evidence, and coordination of internal witness interviews so that company interviews do not compromise the government’s ability to obtain first accounts from key witnesses. And it defines “timely and appropriate remediation” through the language of institutional design: root-cause analysis, effective compliance programs, adequate compliance resources, compliance independence, proper discipline, record preservation, and controls on personal communications and ephemeral messaging systems.
At this point, the regulatory character of the policy becomes hard to miss. The Justice Department is telling corporations, with considerable specificity, how quickly they are expected to move, what facts they are expected to gather, whom they are expected to identify, what records they are expected to preserve, and what internal reform should look like if they want credit.
That is not merely back-end charging discretion. It is front-end governance in the shadow of criminal law.
