AT: Thank you for taking the time to sit down and share your thoughts with us. You are, famously, the only chief compliance officer (CCO) to ever head the Criminal Division at the U.S. Department of Justice (DOJ). Before we get to that, though, I want to ask: what led you to compliance? Before joining Entergy as CCO, your career had been a mix of serving as a prosecutor and working in private practice. Many with similar backgrounds become in-house counsel, but few dive into compliance. What intrigued you about the opportunity?
KP: I was fortunate to inherit the compliance function from a strong CCO (indeed, the company’s first). The platform provided me with an opportunity to learn about the company and its personnel quickly, given its connectivity to all parts of the enterprise. In addition, I viewed the compliance function as closely tied to an important part of my work as the U.S. attorney, that is, investigating and remediating wrongdoing. But it also connected well to my general belief in prevention as an effective tool, whether the objective was addressing public safety or building an ethical corporate culture.
AT: You got a bit of a taste of compliance in the U.S. attorney’s office in New Orleans, where you came in as the new U.S. attorney and had to clean up an existing scandal involving inappropriate online postings about cases. Did that factor in?
KP: Becoming the U.S. attorney on the heels of that scandal was instructive in so many ways. Certainly, the experience highlighted how leadership and culture are critical to the success or failure of an organization’s compliance function.
AT: What surprised you about the role of CCO once you took it on?
KP: What surprised me most about the role was how “corporate” it was—that is, operating almost exclusively from headquarters. We immediately began utilizing our incredible staff to get out into the field, visiting our various operations and connecting with the personnel we were serving.
AT: How many of the skills you developed in private practice and as a prosecutor were translatable, and how much was new ground?
KP: Learning the business itself was completely new ground! But many other skills were translatable, particularly conducting investigations, considering appropriate sanctions, and building community trust (in this case, enterprise-wide trust) in the function (be it a U.S. attorney’s office or the compliance department).
AT: After that position, you returned to private practice, and in 2021, you were appointed assistant attorney general for the Criminal Division at DOJ. I can imagine it was a hard job offer to pass up. What attracted you to the role?
KP: Serving as the assistant attorney general was such an incredible opportunity to work across the entire spectrum of federal law enforcement, including all our U.S. attorney’s offices, our local, state, and federal law enforcement agencies, and our international partners. It also provided an incomparable “seat at the table” in developing and implementing DOJ policy regarding criminal enforcement.
AT: Can you give an overview of all that the Criminal Division oversees?
KP: As described on DOJ’s website, the Criminal Division “develops, enforces, and supervises the application of all federal criminal law except those specifically assigned to other divisions.” Except for tax, antitrust, and civil rights criminal prosecutions, the Criminal Division, together with the U.S. attorney’s offices, are at the center of all federal investigations and prosecutions. That includes, but is not limited to, child exploitation, computer and intellectual property crimes, human rights violations, violent and organized crime, and, of course, healthcare, Foreign Corrupt Practices Act, and securities fraud violations. The division also oversees essential international components, including extraditions, foreign requests for evidence, and training prosecutors and law enforcement for our international partners.
AT: I think all of us in compliance have an impression of DOJ and prosecutors, but what do you think compliance teams get right and wrong about them?
KP: Interesting question, as I imagine impressions vary among compliance professionals—particularly as more enter compliance after serving in DOJ. Sometimes, the monetary penalties associated with resolutions get an outsized amount of attention, resulting in an impression that prosecutors care most about the dollars and publicity. My general experience is that prosecutors want to achieve just outcomes above all. That occurs by using the entire spectrum of tools at their disposal, including enforcement, prevention, and rehabilitation/remediation.
AT: DOJ has invested a great deal of effort over the last several years in improving its understanding of compliance programs. Hui Chen was brought on, as you know, as a consultant and helped craft the first set of criteria for evaluating compliance programs, which were very well received. Since then, we have seen several updates. All of this suggests that DOJ values compliance programs and is growing increasingly sophisticated when it comes to knowing what is and isn’t a good program. Is that a fair assessment? And how much of a guide is truly the guidelines to prosecutors?
KP: By diversifying its personnel, including bringing in former compliance professionals, DOJ has invested in becoming increasingly sophisticated in evaluating compliance programs. The unit responsible for these evaluations brings real-world experience to bear in understanding the challenges facing a compliance program. At the same time, that real-world experience means that the unit’s examination is increasingly rigorous and exacting. The guidelines provide clarity to prosecutors and the public alike as to the most important considerations in evaluating a compliance program.
AT: In general, where has the Criminal Division found compliance programs are typically deficient? Are there common areas of failure?
KP: Many compliance programs remain under-resourced and siloed within their organizations.
AT: Let me go back to the evaluation guidelines for prosecutors. One of the more notable changes of late is an increased emphasis on data and data analytics. I think everyone agrees that having good data and analyzing it is ideal for adjusting and improving compliance efforts, as well as for detecting problems early. But how does DOJ assess the effectiveness of a company’s data analytics?
KP: Evaluation in this space often focuses on (1) whether the compliance function has appropriate access to necessary data from across the enterprise and (2) whether the compliance function simply collects data or, rather, utilizes data to determine appropriate changes/improvements in policy, training, remediation, or evaluation.
AT: How can companies present that data in a way that will be meaningful to prosecutors looking to assess the effectiveness of the program?
KP: The presentation should have the company’s compliance professionals at the heart of it. They would be in the best position to explain the who/what/when/where/why/how behind the data.
AT: There is a perception that the pace of prosecutions has slowed recently. It’s been quite a while since we have seen the big settlements that led to a fundamental rethinking of how companies conduct business and the needed compliance controls. Has the wave passed? Are we in a lull, or is there something going on that people are missing?
KP: 2024 has already been an active year. Stay tuned.
AT: One consequence of this perceived lull is that we hear anecdotally that compliance programs support is waning. Some are complaining that management is pulling back resources that businesspeople perceive has been “over compliance,” and it’s time for the pendulum to swing back. What can compliance teams point to push back on this belief?
KP: Again, 2024 has already been an active year for the department, both in terms of enforcement actions and policy pronouncements. They all—including some of the corporate declinations—continue to emphasize the fact that having a strong compliance function is a company’s best defense.
AT: Finally, what’s your sense of what’s next for compliance programs?
KP: The future includes diversification of compliance personnel. Instead of a compliance department made up entirely of attorneys, we now see the strongest compliance programs with dedicated forensic accountants and data analysts, for example.
AT: Thank you, Kenneth, for sharing your insights with our readers!