The Second Monaco Memo and its implications for Indian companies

Tuesday 3 January 2023

Avik Biswas

IndusLaw, Bengaluru


Arunima Kumar

IndusLaw, Delhi


Ivana Chatterjee

IndusLaw, Bengaluru



On 15 September 2022, Lisa Monaco, Deputy Attorney General of the US Department of Justice announced significant revisions in the US Department of Justice’s (DoJ) policy to pursue corporate crimes – the memorandum titled ‘Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group’ (Second Memo).[1] The Second Memo was published 11 months after the release of the first memorandum (First Memo),[2] in which the establishment of the Corporate Crime Advisory Group at the DoJ was announced, among certain other critical announcements.

The Second Memo supplements, reinforces, and reiterates existing DoJ policies, while introducing new key initiatives and policies, thereby leaning towards a more aggressive approach in dealing with instances of corporate crimes. The practical impact and implications of these initiatives on Indian corporations are yet to be seen.

Key points of the Second Memo

Renewed focus on individual accountability

The Second Memo affirms the DoJ’s longstanding approach to holding individuals accountable for committing and profiting from corporate crimes. In line with the above principle, the DoJ has introduced the following initiatives:

Timely disclosure of evidence relevant to individual misconduct

The Second Memo re-emphasised the requirement for corporates to disclose to the DoJ all non-privileged information pertaining to individuals potentially connected with misconduct, regardless of whether or not their involvement was substantial. It also takes a step further by emphasising that corporates should disclose such information on a timely basis, failing which the DoJ will reduce or eliminate cooperation credit if they identify any ‘undue or intentional delay in the production of information or documents’. However, the Second Memo does not provide any specific timeline with respect to what qualifies as ‘timely’ disclosures, perhaps leaving room for ambiguity and interpretation.

Indian companies covered under the Foreign Corrupt Practices Act 1977 (Indian companies) would now need to ensure time-bound investigations concerning employees’ misconduct and subsequently disclose significant information regarding culpable individuals to the DoJ on a priority basis even if the internal investigation has not yet concluded.

Prioritisation of investigations against individuals

The Second Memo also provides clarity on the prosecutors’ roles and responsibilities with respect to such information. According to the Second Memo, a prosecutor is required to conclude investigations concerning individual misconduct prior to or at the time of entering into resolutions with a corporate (for resolving allegations of corporate wrongdoing). While this seems to be the fundamental norm, the Second Memo also carves out an exception for the prosecutor for resolving the issue with the corporate before concluding the investigation against the concerned individual subject to the prosecutor submitting a memorandum to the DoJ to this effect. The new policy change of delaying corporate resolutions until the DoJ’s investigation of individuals has been completed, essentially implies that DoJ will not enter into resolutions with Indian Companies while its investigation against the concerned employees is ongoing.

Guidance on corporate accountability

Evaluation of a company’s ‘prior misconduct’

The First Memo established the requirement for prosecutors to consider the full range of a corporate’s prior misconduct when evaluating corporate criminal resolutions. The Second Memo provides an important nuance to the principle by stating that ‘not all instances of prior misconduct are created equal’. It instructs prosecutors to accord more significance to certain factors while evaluating a corporate’s history of misconduct including criminal resolutions in the United States, prior misconduct with an overlap of the same management as the current misconduct, and accord less significance to dated conduct (ie, criminal resolutions more than ten years and civil or regulatory resolutions more than five years before the current investigation). It also clarifies that for corporates operating in highly regulated sectors, their history of compliance and shortcomings would be compared to that of similarly situated companies in the sector.

The delineation and narrowing of the scope of ‘prior misconduct’ may well be a relief to Indian companies as it may minimise the possibility of more harsh treatment by the DoJ. However, Indian companies should derive only limited comfort from these revisions because of the deliberate qualifications attached to these factors. For instance, DoJ officials have recognised that US resolutions would, in principle, be given greater weight than foreign ones, but also stressed that a non-US company faced with a record of similar past offences in countries outside the US could still face heavier penalties.[3]

Mergers and acquisitions in which the target entity has a history of misconduct

The Second Memo has made it abundantly clear that the DoJ does not want to deter corporates with a good track record of compliance to acquire/merge with entities with histories of misconduct. The Second Memo clarifies that the acquiring entity will not be treated as a recidivist provided that it appropriately integrates the target entity into its well-designed effective compliance programme. It has been enunciated that prior misconduct committed by the target entity will be accorded less weight if the acquiring entity has addressed the root cause of the prior misconduct and taken appropriate full and timely remediation steps in the context of the acquisition. In our view, while Indian companies can acquire entities with a history of misconduct, they need to exercise abundant caution and carry forward required due diligence and integration exercise to ensure that entity being acquired is aligned with its compliance programmes.

Additional metrics to evaluate compliance programmes

Compensation structures that promote compliance

While reiterating the importance of a ‘compliance culture’, the Second Memo indicates that companies should formulate an employee compensation structure not only to reward and incentivise employees who comply with internal policies and practices but also financially penalise employees who have been conclusively found to be guilty of misconduct. This can be implemented by having requisite clawback provisions in employment contracts/appointment letters. To this end, Indian companies would do well to explore options under local law on how best to incorporate such financial penalties into their operational structures.

Use of personal devices and third-party communication applications

The Second Memo recognises that the proliferating use of personal devices (including personal smartphones, tablets, laptops) and ephemeral messaging applications (EMA) (applications such as Snapchat, WhatsApp, Signal) within corporations to conduct business has been challenging for prosecutors to retrieve relevant communications during an investigation. To that end, prosecutors are directed to assess the adequacy of the corporate’s compliance programme to evaluate if it has implemented effective policies enabling them to collect and provide all non-privileged documents and work-related communications relevant to the ongoing investigation. It also indicates that the institution of such policies to preserve business-related electronic data will also affect the cooperation credit that the company may receive.

These policy revisions should perhaps have Indian companies re-examine their ‘bring your own device’ (BYOD) policies or information security policies. It becomes imperative for Indian companies operating within India’s jurisdiction to craft their policies carefully to align with the DoJ’s intent. However, Indian companies with multi-jurisdictional operations will have to navigate these issues in accordance with respective local laws which may restrict their access to personal devices even if used for professional purposes. Similarly, Indian companies need to tailor their data retention and e-Discovery protocols to allow them to collect and preserve corporate data from EMAs.

How should Indian companies view these changes?

The Second Memo sends an unambiguous message to Indian companies to step forward and render complete cooperation to the DoJ with respect to investigations and prioritise investing in robust compliance programmes. It provides an opportunity for the alignment of internal processes and protocols with updated requirements. In terms of ensuring compliance with the Second Memo, Indian companies could consider:

  • incorporating clear Upjohn warnings in employee investigation interviews and ensure that documentation is in place to prove that such warnings were provided to employees.
  • partnering with legal advisors to devise methods to implement compliance metrics into an employee’s key performance indicators (KPIs) and strengthen compliance through compensation initiatives.
  • implementing policies that clearly instruct employees with respect to – (1) the use of EMAs for work-related purposes subject to certain conditions; (2) rules applicable on the preservation of such communications concerning company’s data preservation policy; and (3) inserting explicit clauses in contracts with third parties defining the permissible extent of EMAs for conducting business with the organisation.



[1] US DoJ, Memorandum, ‘Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group’, 15 September 2022, https://www.justice.gov/opa/speech/file/1535301/download accessed 13 December 2022.

[2] US DoJ, Memorandum, ‘Corporate Crime Advisory Group and Initial Revisions to Corporate Criminal Enforcement Policies’, 28 October 2021, https://www.justice.gov/dag/page/file/1445106/download accessed 13 December 2022.

[3] Nicola Bonucci, Leo Tsao, Julie Bermond and Aïssatou Fall ‘Latest DOJ Guidance and Non-US Companies: What to Expect and How to Handle it’, Paul Hastings Client Alerts, 3 November 2022, https://www.paulhastings.com/insights/client-alerts/latest-doj-guidance-and-non-us-companies-what-to-expect-and-how-to-handle-it accessed 13 December 2022.