The Yates Memo is Here to Stay: Signs of Increasing Efforts to Hold Individuals Criminally Liable for Corporate Wrongdoing

Under this apparent escalating trend, executives and officers now face significant and increased risks of prosecution for the misdeeds of their companies, which often involve multiple players at many levels of the organization. This article discusses this emerging trend and offers insights for those facing such enforcement actions.

DOJ Focus on Individual Accountability

In the wake of the financial crisis that led to the Great Recession, there was public outcry for the government to hold individuals accountable through criminal prosecution. Partly in response, then-Deputy Attorney General Sally Yates issued the Yates Memo on Sept. 9, 2015. The Yates Memo directs federal prosecutors to take several steps designed to facilitate increased enforcement actions against individuals, reasoning that holding individuals accountable is the most effective way to combat corporate misconduct.

The Yates Memo instructs prosecutors to focus on individual culpability from the inception of all investigations, indicating that enforcement against individuals is equally important as action against the subject company. Perhaps most significantly, it required corporations to "provide the Department all relevant facts about individuals involved in corporate misconduct" in order to be eligible for any cooperation credit in criminal prosecutions. Memorandum from Sally Q. Yates, Deputy Attorney Gen., U.S. Dep't of Justice, Individual Accountability for Corporate Wrongdoing, p. 3, (Sept. 9, 2015). This expansive disclosure requirement applied to everyone involved in the alleged wrongdoing — including those who may have been only tangentially related or mere participants without culpable knowledge. Moreover, the disclosure requirement did not always end when the company entered into a settlement, plea agreement, or deferred or non-prosecution agreement, obligating it to continue to provide information to the government or risk imposition of steep stipulated penalties or loss of the agreement. This led to costly and extended internal investigations as companies tried to ensure that all information was handed over. Finally, absent extraordinary circumstances, the Yates Memo prohibited offering immunity to individuals facing criminal prosecution as part of a global corporate resolution, as had frequently been done prior, such as in the case of the $2.5 billion settlement by Citigroup and four other major banks for manipulating the price of the dollar and euro in the foreign currency exchange, without one executive facing criminal charges.

In Fall 2017, Deputy Attorney General Rod Rosenstein announced that the Yates Memo was under "active reconsideration." On Nov. 29, 2018, he introduced a new DOJ policy that modified the requirements for corporate cooperation credit outlined in the Yates Memo and made concomitant revisions to the Justice Manual (formerly U.S. Attorney's Manual). See, Rod Rosenstein, Deputy Attorney General, "Deputy Attorney General Rod J. Rosenstein Delivers Remarks at the American Conference Institute's 35th International Conference on the Foreign Corrupt Practices Act" (Nov. 29, 2018) (Rosenstein Remarks). The basis for this change was the recognition that the Yates Memo's expansive disclosure requirement had often been counterproductive in criminal investigations.

Private practitioners and government alike found that the original requirements for cooperation credit were not practical in the real world. Requiring companies to identify and report every person involved with the misconduct to the government frequently impeded resolutions because companies had to take extra time to ensure that their investigations identified and investigated every person involved before approaching the government to negotiate a resolution. To remedy this, under the new DOJ policy, a company now need only identify and provide information on those who are "substantially involved" in the company's criminal conduct. Companies thus are no longer required to expend time and resources identifying and collecting information about individuals whose involvement is peripheral or otherwise immaterial and are therefore unlikely to be prosecuted. Additionally, partial cooperation credit may be available for those companies who, despite good faith efforts to fully cooperate, cannot identify all relevant individuals or provide complete factual information. Id.

Although viewed by some as a relaxation of the culpable-individual disclosure requirement, the practical effect of these changes may be to increase prosecutions of culpable individuals as prosecutors are provided with more targeted information about those most likely to be subject to prosecution. This should serve to conserve prosecutorial resources by making it easier to identify and focus on key players. Also consistent with keeping prosecutors focused on criminal prosecution of individuals, the recent Justice Manual revisions also permit the government the discretion to negotiate civil releases for individuals who do not warrant additional investigation when entering into a civil resolution with the company. See, Rosenstein Remarks.

DOJ's Recent Prosecutions of Executives for Their Companies' Criminal Misconduct

The DOJ's commitment to pursing individuals criminally is reflected by a recent string of prosecutions against corporate executives. What is noteworthy is that all three criminal cases discussed below were brought after the companies reached civil settlements with the government for the same underlying conduct for which the corporate executives are charged. This shows that civil fines paid by companies are no longer seen as adequate to punish and deter corporate wrongdoing; the government will also be coming after responsible individuals.

In the midst of the opioid crisis, for example, the government has accelerated its efforts to pursue those who have contributed to the epidemic. The DOJ recently secured convictions against both high and mid-level executives of Insys Therapeutics Inc. (Insys) for their roles in a kickback scheme for opioid prescriptions. The government has also brought the first-ever indictment for drug trafficking against executives of pharmaceutical drug distributor, Rochester Drug Co-Operative, Inc. (RDC). And finally, in a different consumer harm context, the DOJ indicted two executives for failing to timely report required product defect information to the U.S. Consumer Product Safety Commission (CPSC).

Pharmaceutical Company Executives Convicted in RICO Scheme to Bribe Physicians

Delivering on its promise to seek out and prosecute those responsible for the opioid epidemic, on Dec. 8, 2016, the U.S. Attorney's Office for the District of Massachusetts charged six Insys executives, including former CEO John Kapoor, as well as Insys' VP of Sales, and National and Regional Directors of Sales. United States v. Babich et al., No. 1:16-cr-10343 (D. Mass.). These charges represent one of the few times the government has indicted corporate executives on RICO charges, which are more typically reserved for individuals involved in organized crime. This is also one of the few cases where the government has gone after mid-level individuals that were not in the C-suite. But most importantly, it is the first major win against pharmaceutical executives in an opioid-related case.

Between 2013 and October 2016, five different whistleblowers brought suit against Insys, alleging that the company ran a sham speaker program to funnel cash and gifts to physicians in return for prescribing Insys' fentanyl spray, Subsys. The allegations in the relators' suits formed the basis for the government's October 2016 indictment of the Insys executives for conspiracy to commit racketeering, mail and wire fraud, and conspiracy to violate the anti-kickback statute.

Although the company eventually settled the relators' intervened suits for $150 million, the government proceeded with the criminal action against the executives. Over the 10-week trial, the government introduced over 600 government exhibits, including a rap video urging providers to prescribe Subsys, and insider testimony that Insys added lovers and family members of the highest prescribing physicians to its company payroll. On May 2, 2019, after more than three weeks of deliberation, Mr. Kapoor and three Insys executives were convicted of RICO conspiracy; two other executives pleaded guilty before trial. They each face a maximum of twenty years in prison.

First-Ever Prosecution of Pharma Industry Executives for Unlawful Distribution of Controlled Substances

On April 23, 2019, the U.S. Attorney's Office for the Southern District of New York charged RDC's former CEO, Laurence F. Doud III, and its former Chief Compliance Officer, William Pietruszewski, with conspiracy to distribute controlled substances, in violation of 21 U.S.C. §841. Typically reserved for street drug crimes, the charged crime carries a minimum sentence of 10 years in prison and a maximum sentence of life imprisonment. This case, United States v. Doud et al., No. 19-cr-285 (S.D.N.Y), is the first use of this statute to combat the opioid crisis at the corporate executive level. The government alleges that Messrs. Doud and Pietruszewski intentionally directed subordinates to ignore red flags so that RDC would be, in Mr. Doud's alleged words, "the knight in shining armor for pharmacies that had been cut off by other distributors." Indictment at ¶30, United States v. Doud et al., No. 19-cr-285 (S.D.N.Y. Apr. 23, 2019). RDC is a distributor of wholesale pharmaceutical products, including controlled substances, to retail and hospital pharmacies. As a DEA registrant, and as required under 21 C.F.R. §1301.74(b) and 1301.823(b)(1), RDC is tasked with reporting suspicious orders to the DEA and having effective controls to prevent diversion. It is alleged that at the defendants' direction, RDC opened thousands of accounts for customers who had been terminated by other distributors for dispensing controlled substances to individuals with no legitimate medical need for them, including pharmacies known to be under investigation by law enforcement or on RDC's own internal watch list. Furthermore, it is alleged that at the defendants' direction, RDC failed to report thousands of suspicious orders.

The criminal indictment brought against RDC's executives came on the same day that RDC announced it had negotiated and executed a deferred prosecution agreement (DPA) with the federal government. Under the terms of the DPA, RDC accepted responsibility for its conduct and admitted that it routinely opened new customer accounts despite red flags, as well as failed to stop shipments and report orders suspected of diversion. The company also paid a $20 million penalty, reformed and enhanced its Controlled Substances Act compliance program, and submitted to supervision by an independent monitor. Should it satisfactorily complete the terms of the agreement, the government will dismiss the charge after five years.

It is likely that RDC provided information about the indicted executives, which will likely be used at any future trial, to be eligible to enter into the DPA. As evidence that the Yates Memo was at play, in RDC's DPA, it admitted that "from 2012 until 2017, RDC's senior management, including the company's chief executive officer, were involved in and directed such conduct [previously admitted], and concealed RDC's practices from the DEA …." Deferred Prosecution Agreement at Exhibit C, ¶6, United States v. Rochester Drug Co-Operative, Inc., No. 1:19-cr-00290-NRB (S.D.N.Y. April 23, 2019). And consistent with the Yates Memo's requirements, RDC agreed to continue to fully cooperate with the government by providing any information requested relating to the admitted conduct.

First-Ever Criminal Product Safety Act Prosecution

On March 29, 2019, the U.S. Attorney's Office for the Central District of California indicted the CEO and Chief Administrative Officer of two unnamed companies for their failure to timely report to the Consumer Product Safety Commission (CPSC) required disclosures regarding product defects that would likely cause injury or death to consumers. United States v. Chu and Loh, No. 19-cr-193-DSF (C.D.Cal.). This indictment is the first prosecution of executives under Section 15(b) of the Consumer Product Safety Act (CPSA), 15 U.S.C. §2051 et seq.

Section 15(b) of the CPSA requires manufacturers, importers, distributors or retailers of consumer products, as well as their directors, officers and agents, to immediately report information pertaining to product defects that could create substantial and unreasonable risks of injury or death to consumers. 15 U.S.C. §§2064 and 2068. Failure to comply with these reporting requirements may subject the company and its agents to civil penalties. 15 U.S.C. §2069. Knowing and willful violations carry criminal penalties of up to five years' imprisonment. 15 U.S.C.§2070.

The defendant executives' companies imported and distributed household humidifiers that were manufactured abroad. The indictment alleges that they knew as early as September of 2012 that the plastic used in the humidifiers caught on fire when they received multiple consumer complaints. The complaints were verified by the companies' own testing that showed the plastic did not meet safety standards.

Despite this knowledge, the executives allegedly withheld the information about the defect from the retail companies that bought the dehumidifiers; the customers who brought and used the dehumidifiers; the insurance companies that paid for damage caused by the fires resulting from the dehumidifiers; and the CPSC. The severity of the risk posed by these products and the executives' apparent decision to conceal that risk likely led the government to pursue criminal rather than civil enforcement.

Violations of the CPSA typically only result in civil fines, even when alleged reporting failures conceal serious harm. For example, in April 2018, CPSC settled with Polaris Industries, Inc., a manufacturer of recreational off-road vehicles, for $27.5 million for its failure to timely report that its vehicles' heat shields were coming loose and causing fires. In fact, the companies in the Chu and Loh case had settled with the CPSC in 2016, agreeing to pay a then-record $15.45 million civil penalty for failing to timely report the dehumidifiers' defect to CPSC. As with the two cases discussed above, this appears to be another instance of a criminal indictment of executives following a civil resolution with the company, likely based on information the government learned from the company's cooperation — as envisioned by the Yates Memo.

Corporate Executive Accountability Act Would Impose Felony Criminal Liability on Corporate Executives for Negligent Oversight of Companies

In an apparent effort to circumvent the practical difficulties of establishing the personal involvement and/or knowledge of high level executives in cases of corporate wrongdoing, on April 3, 2019, Senator Warren proposed the Corporate Executive Accountability Act (CEAA). The Act would make it a federal misdemeanor for an executive officer of a corporation that generates more than $1 billion in annual revenue to negligently permit or fail to prevent or remedy the company's violations of law. Violations are broadly defined and include: 1) any criminal violation of federal or state law that results in the company's conviction, deferred prosecution agreement or non-prosecution agreement; and 2) any civil violation of federal or state law that affects the health, safety, finances or personal data of 1% of the American population or 1% the population of any state. The company's first such violation would subject the executive to up to a year in jail; subsequent violations carry up to three years' imprisonment. This proposal poses numerous logistical and fairness concerns, such as how to accurately determine 1% of the population or how to treat companies that may make $1 billion in revenue one year, but not the next.

The CEAA is intentionally modeled after the long-recognized RCOD. The RCOD, also known as the Park Doctrine for the Supreme Court's decision upholding it in United States v. Park, 421 U.S. 658 (1975), holds corporate executives criminally liable for violations of the Food Drug & Cosmetics Act (FDCA) without regard to their involvement in, or even knowledge of, the alleged violation. According to the Supreme Court, the RCOD is applicable where corporate executives fail to prevent a prohibited harm from occurring because the FDCA "imposes not only a positive duty to seek out and remedy violations when they occur but also, and primarily, a duty to implement measures that will insure that violations will not occur." Park, 421 U.S. at 672. The doctrine applies whether or not the defendant knew, or even had reason to know, about the wrongdoing — as long as the defendant "had, by reason of his [or her] position in the corporation, responsibility and authority either to prevent in the first instance, or promptly to correct" the violation. Id. at 673-74.

The CEAA would apply a similar doctrine to any violation of any state and federal civil and criminal laws. This is complicated by the fact that the constitutionality of the RCOD has been increasingly questioned as the DOJ and FDA bring more enforcement actions against executives under the RCOD and the resultant punishments have become more severe. For example, in 2016, two executives received three-month prison sentences for violations of the FDCA after their company shipped salmonella-contaminated eggs. United States v. DeCoster, 828 F.3d 626, 629, 631 (8th Cir. 2016). The DeCoster executives sought review of the constitutionality of their convictions before the Supreme Court, arguing that the RCOD amounts to a violation of due process. That debate will remain open for now as the Supreme Court declined certiorari. Should the CEAA be enacted, it may well run afoul of constitutional issues in its own right: not only does it propose a broader application of an RCOD-like doctrine, it would also impose prison terms that exceed even the most substantial imposed under the RCOD to date — up to one year for the first offense and up to three years for repeat offenses.

Analysis

Even if the CEAA is never enacted, these recent prosecutions of corporate executives demonstrate the DOJ's continued strong commitment to holding individuals responsible for corporate misconduct. Moreover, it shows that the Yates Memo's policy of obtaining information about individuals from companies seeking to resolve its own liability has been successful. Finally, the DOJ is not only showing an increasing interest in prosecuting corporate executives, but also those outside the C-suite who played a significant role in corporate misconduct. It may no longer be safe for middle managers to hide behind the "just following orders" defense.

*****

Carolyn H. Kendall ([email protected]) is an Attorney in Post & Schell, P.C.'s Internal Investigations and White Collar Defense Group, where she defends individuals and corporations facing criminal and civil investigation in highly-regulated areas such as health care, pharmaceuticals, and finance. Yune D. Emeritz ([email protected]) is an Associate in the group.