The U.S. Department of Justice crack-down on corporate crime began in the summer of 2002 with the collapse of the energy giant Enron. In the six years that have followed, more than 1300 senior corporate officials have been prosecuted. Some observers now believe this surge of white-collar prosecutions has run its course, except for the work of tracking down bad apples in the sub-prime mortgage mess.

Missing from this view is the much bigger and more fundamental story about the transition in federal business crime enforcement that has occurred over the past six years. The record numbers of prosecutions for foreign bribery, health care fraud, illegal hiring and other business activities that have occurred in recent years is a clear sign that something has changed. Another key indicator of this transition is the way business organizations are adapting, either voluntarily or involuntarily, to this new emphasis on enforcement. Corporations have been forced to spend multimillions on beefed-up compliance programs and internal investigations. It has become standard practice to self-disclose misconduct to DOJ officials. And to make matters even more challenging, the expectations and standards for “best in class” compliance and investigation procedures are steadily rising as prosecutors become more familiar with what corporations are doing to adapt to this new enforcement environment.

The Expectations and Standards for “best in Class” Compliance and Investigation Procedures Are Steadily Rising.

Enforcement of the Foreign Corrupt Practices Act is probably the best example of this fast-changing situation. CPA enforcement is at an alltime high, and global companies are going to great lengths to expand due diligence procedures for oversees transactions. Training programs are being initiated or expanded, and now nearly every credible allegation gets an investigation of some sort. No one wants to be caught looking like they “don’t get it.” The amazing point is that all of this has happened in a relatively short period of time, and don’t look for the FCPA bubble to burst any time soon.

Where this transition matters most is when compliance trouble arises. The moment of truth in a federal investigation of corporate crime is when the govern-ment must decide whether to seek charges against the corporation and not just the employees who engaged in alleged wrong-doing. Given the disastrous consequences of a corporate indictment, the goal of the lawyers representing the corporation is to convince the prosecutors not to exercise their broad discretion in this manner. Quite frequently these high stakes discussions will come down to how well the company answers four key questions: (1) What did the company do to prevent the criminal behavior? (2) What did the company do after it learned of the wrongdoing? (3) What did the company do with the results of its internal investigation? and (4) Has the company cooperated with the government’s investigation?

These four questions are at the heart of the nine factors contained in my guid-ance to all federal prosecutors issued in December 2006, the so-called “McNulty Memorandum.” This guidance, like that provided by Deputy Attorneys General Thompson and Holder before me, provides prosecutors with a framework for exercising their charging discretion. While extensive attention has been focused on what is expected for corporations to get credit for cooperation (e.g., waiving attorney-client privilege), the future of corporate prosecutions may turn more on the details of what a business undertook to manage its risks. In other words, if a compliance program is viewed as inadequate, it will be increasingly more difficult to convince the government that the enterprise is truly a corporate good citizen.

As the business world adjusts to the growing activism of global enforcement authorities, effective corporate compliance will be more important than ever. Business leaders should expect prosecutors to scrutinize how serious, how genuine and how robust was the corporation’s effort to prevent wrongdoing. After record numbers of prosecutions, the government will assume that we all “get it.” Now is the time to review your compliance program and make sure it will be ready for the moment of truth and to show the government that “you get it.”

Paul J. McNulty was the U.S. Deputy Attorney General from 2005 to 2007 and was appointed U.S. Attorney in Eastern Virginia immediately after the terrorist attacks of 2001. After more than two decades of public service, he is now a partner in the Washington, DC, office of the law firm of Baker & McKenzie where he specializes in corporate compliance and white-collar investigations.