The DOJ has Spoken: Is Your Compliance Program Ready to be Trusted? 

The U.S. Department of Justice (DOJ) just made one thing clear: Trust isn’t given. It’s earned—through fast action, transparency, and accountability. And for companies operating in regulated industries, those signals now carry real weight. 

In May 2025, the DOJ unveiled a trilogy of updates to its corporate enforcement framework. On paper, it’s about reforming the rules around voluntary self-disclosure, limiting costly monitorships, and recalibrating whistleblower rewards. In practice, it’s a signal of deeper change. It’s a shift toward faster, more focused enforcement that rewards proactive governance—and sidelines firms that delay, obfuscate, or simply don’t know what’s going on in their own backyard. 

For compliance leaders, the message is direct: If you want to avoid the full force of prosecution, you need to be ready to act before the DOJ even knocks. 

DOJ Declinations Decoded: A New Roadmap for Corporate Compliance 

At the heart of the DOJ’s revised Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP) is a powerful incentive: declination. That’s not a fine, not a deferred prosecution, not a slap on the wrist but a decision not to prosecute at all. 

But it comes with conditions. Four of them, to be exact:  

1. Voluntary self-disclosure
2. Full cooperation
3. Timely and appropriate remediation
4. No aggravating circumstances  

Meet all four, and your firm is eligible for a full declination. Miss the mark slightly, say you disclosed late or had prior misconduct, and you’re still eligible for a non-prosecution agreement (NPA) with a 75% fine reduction and no monitor. Anything less, and you enter a discretionary zone where the DOJ decides your fate and the discount won’t exceed 50%. 

The DOJ has even committed to publicizing all CEP declinations. The goal? Market-wide clarity that doing the right thing, early, actually works. 

The 120-day Whistleblower Clause: What Compliance Teams Must Know 

Even if a whistleblower beats you to it, the DOJ offers a path to declination—if you disclose within 120 days of learning about the internal report. This clause is critical, it means internal escalation mechanisms can’t just exist. They need to work fast. 

For compliance teams, that means pressure to move quickly from signal to disclosure, with timestamped documentation to prove it. The DOJ is willing to reward swift, structured governance—but not sluggish bureaucracy. 

DOJ Monitorship Policy Changes: What it Means for your Firm 

In another strategic shift, the DOJ is walking back its reliance on corporate monitors. Going forward, monitorships will only be imposed if their benefits clearly outweigh the costs. 

This isn’t just a softening of enforcement, it’s a complete recalibration. The DOJ is saying: if your compliance program is mature, independently governed, and demonstrably effective, you shouldn’t need a monitor breathing down your neck. 

Where monitors are imposed, new rules ensure they’re narrowly scoped, capped in cost, and reviewed regularly through meetings. The DOJ is redefining the monitorship role and aligning it to operational reality. By ensuring scope is targeted solely on specific remediation themes, the guidance attempts to reduce costs.  

Enforcement Focus: High-Impact Financial Crimes, not Low-Yield Dragnets 

With finite prosecutorial resources, the DOJ is drawing a harder line between what gets pursued and what doesn’t. The updated priorities show a clear shift in focus away from operational or technical compliance issues, to high impact-areas of white-collar crime. This will be impacting US consumers, corporates, and broader US citizens including fraud, consumer/retail harm, and US national security interests. Some of these updates include: 

• National Security Threats including Sanctions evasion and Transnational Criminal Organizations (TCO) facilitation  
• Fraud against government programs
• Securities scams targeting investors
• Digital asset laundering and abuse
• Foreign corrupt practices and bribery

This is both a warning and a reprieve: If you’re operating ethically and transparently, the DOJ doesn’t want to spend years investigating you. But if your risk program can’t tell white-collar crime misconduct from normal business—or worse, buries the signs—you’re in trouble. 

What Smart Firms are Doing Right Now 

Firms who don’t have the appropriate internal whistleblowing, investigation, and reporting infrastructure in place, lack the opportunity to take advantage of the new DOJ voluntary disclosure regime.  

Here’s how your firm can meet the updated expectations:  

1. Tightening internal investigation timelines: With DOJ standards emphasizing “reasonable promptness,” delays can cost you a declination and weaken your firm’s compliance audit readiness.  Firms are updating internal governance and related processes to stipulate strict deadlines for preliminary fact gathering, escalation protocols, and pre-drafted disclosure templates. Every stage from the moment of discovery to DOJ engagement must be time stamped and logged. 
2. Aligning Legal and Compliance: Firms are updating decision trees to ascertain when an issue warrants immediate DOJ notification versus deeper internal inquiry, balancing privilege concerns against CEP benefits privilege guidelines while also creating joint playbooks to execute.  
3. Board-level engagement: Periodic readiness drills and self-disclosure protocols are moving out of the binder and into real governance. Firms are enhancing periodic “self-disclosure readiness” briefings, including red-flag dashboards and mock disclosure drills to provide insights to senior management and allow them to make decisions faster. 
4. Benchmarking against DOJ’s 8 compliance criteria for declination (Appendix B): Firms are benchmarking the updated DOJ declination compliance criteria with existing processes and controls. These include everything from budget and independence to incentives and ongoing testing. If you can’t map your program to them today, you have work to do. 

Reading Between the Lines, Before the DOJ Does 

At Shield, we believe enforcement readiness starts with data clarity—across teams, channels, and continents. The DOJ’s message only reinforces what we’ve long championed: proactive governance isn’t about seeing everything, it’s about seeing what matters—and being able to act fast when it does. 

That’s why Shield doesn’t just help you detect risk. We make it easy to document and export what you’ve found—clearly, completely, and on demand. Whether it’s time-stamped escalation logs, searchable communications, or audit-ready disclosure packages that support regulatory self-reporting requirements, our platform gives compliance teams full control over how they prove their intent, actions, and oversight.  

Because in this new era of enforcement, being able to detect misconduct is only half the battle. The other half is showing your receipts—on your terms. 

Bottom Line 

The DOJ isn’t lowering the bar. It’s raising the expectation for transparency—and rewarding firms that meet it head-on. This isn’t about fearing enforcement. It’s about preparing for it with the systems, workflows, and records that make your case, before anyone asks. 

If you’re in compliance, your job isn’t just to avoid risk. It’s to operationalize trust. With the right infrastructure, you won’t just respond quickly—you’ll respond decisively, with proof in hand. 

And when the DOJ comes calling? You won’t scramble. You’ll export. 

To see how precise detection and easy exports can prepare you to quickly self report, schedule a conversation with our team.