U.S. DOJ Issues First Department-Wide Corporate Enforcement Policy: Practical Implications for Latin American Companies and U.S. Subsidiaries in the Region

By Daniela Ortega, Mijares, Angoitia, Cortés y Fuentes, S.C., en México, y Liliana Calderón, Estudio Rubio Leguía Normand y Asociados S. Civil de R. L.,, Peru

On March 10, 2026, the U.S. Department of Justice (DOJ) released its first department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP) applicable across all DOJ criminal divisions.

This policy marks a significant evolution in the DOJ’s corporate enforcement framework. For the first time, the Department has established a unified and consistent set of expectations regarding voluntary self-disclosure, cooperation, remediation, and the effectiveness of compliance programs across all criminal divisions.

For companies operating internationally—including Latin American subsidiaries of U.S. corporations and regional companies with exposure to the United States—the policy provides greater clarity on the tangible benefits of proactive disclosure and robust compliance frameworks. At the same time, it raises the stakes considerably for organizations that fail to detect, escalate, or report misconduct in a timely manner.

The policy applies broadly to corporate criminal enforcement, with limited exceptions such as antitrust matters. This article focuses on its implications for companies with exposure to Foreign Corrupt Practices Act (FCPA) enforcement, where the DOJ has historically placed strong emphasis on voluntary disclosure and compliance remediation.

Key Elements of the New Policy

The policy establishes a structured framework describing how the DOJ will treat companies depending on their conduct after potential wrongdoing is identified.

1. Clear Incentives for Voluntary Self-Disclosure

Under the new framework, if a company:

·       Voluntarily self-discloses misconduct

·       Fully cooperates with the DOJ investigation

·       Timely and appropriately remediates

·       Has no aggravating circumstances

the DOJ states it will presumptively decline criminal prosecution.

In such cases, the company would typically still be required to pay disgorgement, forfeiture, and restitution, but it may avoid criminal charges entirely.

For multinational companies, this provision reinforces the importance of rapid internal detection and escalation of misconduct.

2. Significant Benefits Even When a Declination Is Not Available

The policy also addresses situations where companies do not qualify for a declination—for example, because of aggravating circumstances or technical issues with the timing of disclosure.

In those cases, if the company still demonstrates good faith cooperation and remediation, the DOJ indicates it will generally offer:

·       Non-Prosecution Agreements (NPAs) rather than criminal charges

·       Shorter resolution terms (generally under three years)

·       Substantial penalty reductions (50–75% off the lower end of the sentencing guidelines range)

·       No compliance monitor, where appropriate

This structure effectively creates a tiered enforcement system where the company’s post-discovery conduct becomes a central factor in determining enforcement outcomes.

3. Expanded Expectations for Corporate Cooperation

The policy confirms that the DOJ continues to expect robust cooperation from companies seeking credit.

This includes:

·       Disclosure of all relevant non-privileged facts

·       Identification of individuals involved in the misconduct

·       Proactive production of documents and evidence, including overseas materials

·       Regular updates regarding internal investigations

·       Coordination with DOJ regarding investigative steps where necessary

Importantly, the DOJ reiterates that cooperation credit is not conditioned on waiver of attorney-client privilege.

4. Stronger Emphasis on Effective Compliance Programs

Another notable element of the policy is the detailed emphasis on compliance program effectiveness when evaluating remediation.

The DOJ specifically references factors such as:

·       Adequate resources dedicated to compliance

·       Independence and authority of the compliance function

·       Access of compliance officers to senior leadership and governing bodies

·       Effective risk assessment processes

·       Proper discipline and accountability mechanisms

·       Controls over recordkeeping and communications platforms

These expectations align with the DOJ's Evaluation of Corporate Compliance Programs guidance (2024) but reinforce their importance within enforcement decision-making.

Why This Matters for Companies Operating in Latin America

While the policy originates from U.S. enforcement authorities, its implications extend well beyond the United States.

Companies operating in Latin America may fall within DOJ jurisdiction in several common scenarios:

·       Latin American subsidiaries of U.S. issuers

·       Latin American companies listed in the United States

·       Companies using U.S. financial systems or correspondent banking

·       Companies involved in transactions touching U.S. territory

In light of these factors, misconduct occurring in Latin America—whether involving interactions with public officials, sanctions-related issues, or other conduct falling within the DOJ’s enforcement priorities—can readily expose companies to U.S. criminal enforcement risk.

Given the widespread presence of U.S. issuers, the high volume of cross-border transactions, and the extensive use of correspondent banking relationships across the region, such exposure is not exceptional but increasingly routine. From Mexico and Central America to the Andean region, Brazil, and the Southern Cone, companies operating in Latin America must assume that potential DOJ jurisdiction is a tangible and ongoing risk.

Key Considerations for Latin American Subsidiaries of U.S. Companies

For U.S. multinational companies with operations in Latin America, the policy reinforces the need to ensure that local compliance structures are capable of detecting and escalating misconduct quickly.

Several practical issues frequently arise in this context:

·       Local escalation protocols: Companies should ensure that allegations identified at the subsidiary level are promptly escalated to headquarters, particularly where potential U.S. enforcement exposure exists.

·       Internal investigation readiness: Organizations should confirm that they can rapidly conduct internal investigations across jurisdictions, including document preservation and employee interviews.

·       Alignment with U.S. disclosure timelines: Delays in internal reporting or investigation may significantly affect the company's eligibility for declination or reduced penalties under the DOJ policy.

Implications for Latin American Companies with U.S. Exposure

Latin American companies with operations, listings, or transactions in the United States should also assess their exposure to DOJ enforcement.

For these companies, the new policy highlights the strategic importance of:

·       Maintaining robust compliance programs

·       Implementing effective whistleblower and reporting mechanisms

·       Conducting prompt internal investigations

·       Evaluating voluntary disclosure decisions when potential misconduct arises

In practice, the policy reinforces the reality that compliance functions must operate as early detection and escalation mechanisms, not merely as formal regulatory controls.

Strategic Takeaways

The DOJ’s new Corporate Enforcement Policy provides greater transparency regarding how enforcement decisions will be made.

For companies operating internationally, the key message is clear:

·       Speed of detection matters

·       Internal escalation matters

·       Effective compliance programs matter

·       Disclosure timing may determine enforcement outcomes

Organizations that identify misconduct early, investigate promptly, and engage constructively with enforcement authorities are significantly better positioned to manage enforcement risk.

Final Thoughts

Although the policy does not necessarily reflect a more lenient enforcement environment, it significantly enhances transparency and predictability regarding how the DOJ will assess corporate conduct—particularly in relation to voluntary disclosure, cooperation, and remediation efforts. In practice, this means that while enforcement may remain rigorous, companies now have a clearer framework to evaluate potential outcomes and make informed, strategic decisions when misconduct is identified.

For companies operating in Latin America with exposure to the United States, this development carries important implications. The policy underscores the need to move beyond formal or fragmented compliance structures and toward fully integrated frameworks capable of responding effectively under real-world conditions. In particular, organizations must ensure that local compliance programs are not only properly designed, but also operationally effective, meaning capable of detecting issues early, triggering timely escalation, and supporting rapid, well-coordinated internal investigations.

This requires close alignment between local operations and global headquarters, including clearly defined escalation protocols, consistent reporting standards, and shared criteria for assessing potential disclosure obligations. Delays or breakdowns in this alignment may directly affect a company’s ability to qualify for favorable treatment under the DOJ framework.

Moreover, companies should ensure that their investigative capabilities are sufficiently robust to operate across jurisdictions, considering data privacy constraints, document preservation requirements, and the need for coordinated fact-finding efforts. Equally important is the ability to make timely and well-informed decisions regarding voluntary disclosure, balancing legal exposure, regulatory expectations, and reputational considerations.

Ultimately, the policy reinforces a broader shift in enforcement expectations: compliance programs must function not only as preventive mechanisms, but as dynamic systems for early detection, rapid response, and strategic decision-making. Organizations that can operationalize these capabilities will be significantly better positioned to manage enforcement risk and engage constructively with authorities in an increasingly complex and interconnected regulatory environment.