compliance internal investigation
TRANSCRIPT
What Is A Compliance Program?Prevent and detect violations of applicable laws,
regulations, rules & ethical standards–Process Oriented–Minimize Risks–Demonstrate commitment to Code of Conduct–Foster ethical and pro-compliance culture
Analogy to Insurance Policy• “You Get What You Pay For”
How Do You Establish a Compliance Program?
• Review legal requirements• Conduct a legal/regulatory risk assessment• Identify areas of focus• Ensure program meets Guidelines requirements • Upgrade program where necessary• Tailor-Fit Program to Unique Operations
Core Components of the ProgramLegal & Regulatory Risk Assessment
Tone at the topProcesses developed and owned by business
leaders– Woven into operations – not a “legal” programStandards come from the laws of the nations in which you
operate Training – consistent throughout business
Must measure, monitor and audit what is mandatedReporting and investigations
Continuous improvementAnnual audit and periodic monitoring by an audit function
3
Where and What What behaviors are likely to get company in trouble with
government agencies?
Weighing legal risks Probability of occurrence Impact to business Adequacy of Existing Controls
Priority with other projectsWhose role(s)?
4
Risk Assessment
• Legal & regulatory risk assessment is the cornerstone Identify each business’ legal/regulatory risks
– Magnitude– Frequency– Location– Existing controls to address
• Leaders’ expertise & input to identify & prioritize risks• Develop teams and plans to address each top risk • Ensure proper support for teams• Regularly report on progress of each plan• Risk Mitigation efforts must follow– Cost Benefit analysis is critical
Risk Assessment Basics
6
Detect & Cure Misconduct
Set up Procedures:–Internal Reporting of Misconduct or Violations;–Documenting Complaints;–Investigating Complaints;–Upper Management Reporting & Response–Enforcing Program–Improving Training (i.e. Self-Correcting)
“Principles of Federal Prosecution of Business Organizations” (Sec. 9-28.300)
General Factors To Consider in Charging:–Nature & Seriousness of Offense–Pervasiveness of Wrongdoing w/in Corporation–Corporation’s History of Wrongdoing
(Crim/Civ/Reg)–Corporation’s Timely & Voluntary Disclosure
“Principles of Federal Prosecution of Business Organizations” (Sec. 9-28.300)
General Factors To Consider in Charging:–Existence & Adequacy of Corp’s Compliance
Program–Corporation’s Remedial Actions–Collateral Consequences–Adequacy of Prosecution of Individuals or Civil
Actions
Goal: Understand & Influence Prosecutorial Discretion
What is Root Cause of Problem ?
– A “Bad Apple” (Employee)
– A “Bad Orchard” (Organization / Culture)
Focus on Compliance ProgramsFactors in Evaluating a Compliance Program
(among others):–Corporate governance mechanisms to detect and
prevent misconduct, such as director’s oversight of compliance
–Staff sufficient to audit, document, analyze and use the corporation’s compliance efforts
–Employee’s knowledge of – and “buy-in” regarding the compliance program
11
7 Criteria for “Effective”Corporate Compliance Plans (8B2.1)
1. Establishing compliance standards and procedures that are reasonably capable of reducing the prospect of criminal conduct (i.e. written company policy statements and policies approved by senior management or board);
2. Assigning overall oversight responsibility to specific individuals within high-level
positions (i.e. centralized compliance activities and a compliance officer with authority to monitor);
12
7 Criteria for “Effective”Corporate Compliance Plans (8B2.1)
3. Exercising due care not to delegate responsibility to individuals who are predisposed to illegal activities (accomplished with a careful and well-documented screening process for key employees);
4. Effectively communicating the program's standards and procedures to all employees (i.e. adequate employee training);
13
7 Criteria for “Effective”Corporate Compliance Plans (8B2.1)
5. Taking reasonable steps to achieve compliance with the standards (i.e. monitoring, auditing, establishing best practices benchmarks, etc.);
6. Consistently enforcing the standards through appropriate disciplinary mechanisms (i.e. disincentives policy, range of disciplinary measures );
7. Responding appropriately to an offense and taking all reasonable steps to prevent
similar offenses, including any necessary program modifications (i.e. authorizing or conducting internal investigations)
Federal Sentencing Guidelines -Criteria for Effective Programs
Size of the organization– Formal program for larger companies
Nature of the business– Highly regulated activities require greater effort
Prior compliance history– Previous problem areas should be addressed
Industry standards– Must meet or exceed industry standards
Lessons Learned from Convicted Corporations
• Most Adopt an Extremely Proactive & Pro-Compliance Approach (i.e. “Never Again” Mentality)
• Staggering Economic Losses• Massive Investment to Regain Reputation
(** Don’t Lose It In the First Place **)• Compliance = More Valuable Company
Traditional/Obvious Reasons for Setting Up A Compliance Program?
Influence Prosecutor’s Discretion–Argument for not bringing criminal charges (both
company & individuals)
Proof of “Good Corporate Citizenship” Merit Badge• “If the Prosecutor Won’t Listen . . .
Perhaps a Jury Will”
Reduce penalties or fines
Elusive Reasons for Setting Up A Compliance Program?
• Improve Overall Risk Management
• Improve corporate image with public, employees, and community
• Increase value of company
• Provide for efficient management of compliance costs
Why Does Compliance Really Matter?
Penalty Reductions?– (Only Part of the Story)•Much More Significant
•Broader Applications –– “Ethical Barometer” or “Surrogate”– Better Management
18
Measuring “Organizational Culture?”
What an Organization SAYS?–Written Materials?• Code of Conduct• Plan & Procedures
What an Organization actually DOES?–Measures/Monitors/Records–Invests–Incentives – Punishments & Rewards
Earning Your “Good Corporate Citizenship” Merit Badge
• Does your corporation have compliance plans / ethics policies?
• Demonstrated commitment from management?
• Who is in charge of compliance? Centralized? CCO?
• Do you do sufficient background checks?• Training?• Anonymous Hotline?
Earning Your “Good Corporate Citizenship” Merit Badge
• Implementation? Benchmarking? –(objective monitoring /audit/enforce)
• Documentation?
• Plans to Respond to Incidents?
• Continual Improvements?
Indicators of Effectiveness• Do employees support the company’s
compliance message?• Do they believe management is fully
supportive of these messages, even when business goals may seem to conflict?
• Do employees understand the procedures?• Does the training work?• Do employees fear reporting concerns through
the channels provided?
Establishing a Proactive Attitude About Compliance
• Vigorous and visible management support
• Compliance made a part of doing business
• Consistent communication and diligent implementation
• Targeted at high risk areas• Empowered employees supported
by standards and training
Recommended Prescription
Try to Prevent, Detect & Correct Problems = “Preventive Law”
Develop & Implement “Effective” Compliance Plans• Previously:
» Presence = “Good Faith”
• Currently:» Absence = “Bad Faith”
Deferred Prosecution Agreements
A Blessing or a Curse?
All the Punishment with no formal “guilt”
Prosecutorial Discretion Redux
Traditional Options for Corporate Targets– Prosecute/Indict– “Declination”
New Discretionary ToolDeferred Prosecution Agreement
Deferred Prosecution Agreement (“DPAs”)
What is a DPA?Why are they used?Common Elements?
Recent Trends
Definition of DPA
A deferred prosecution agreement is a voluntary alternative to adjudication in which a prosecutor agrees to grant amnesty (forego charges) in exchange
for the defendant agreeing to fulfill certain requirements.
Common Elements in DPAs• Publicly Filed• Parties (with full authority/resolutions)• Term (1-5 years)• Information Filed (with offenses) –
Waivers of S.O.L.• Admission of Wrong-doing (with
detailed factual basis)
Common Elements in DPAs• Monetary Penalty Amount (Quite Hefty)
– Paid Up Front?
• Continued Cooperation (Broadly Defined)
• Compliance “Booster” & Review
• Governance Reform
Common Elements in DPAs• Business Limitations/Restrictions• Breach Clause • “Non-Contradiction” Clause
Public Comments• Mandatory Self-Reporting of Violations• Dismissal of Formal Charges & Higher
Penalties
Addt’l Options in DPAs– Strong written policy against violations– Development of standards/procedures to
reduce violations– Development of internal controls based on
risk assessments– Annual reviews and updates of compliance
program
Addt’l Options in DPAs– Designation of single corporate executive to
oversee compliance– Implementation of financial/accounting
systems– Stronger communications/training– Clear channels for EE guidance and
confidential hotline reporting
Addt’l Options in DPAs– Implementation of disciplinary procedures to
address violations– Periodic review and testing of compliance to
improve effectiveness
Addt’l Options in DPAs
Appointment of Monitor– Paid by Company– Assessments and Report– Unique Challenges– Full Access– Reporting Authority to Gov’t– External Efforts to Transform Corporate
Culture
Deferred Prosecution Agreement
Good News:– No Criminal Prosecution (. . .unless)– No Automatic Corporate Death
Sentence (Loss of Jobs)– Less Harm to “Innocent Stakeholders”• (Remember Arthur Andersen ?)
– No costly or lengthy/distracting trial
Deferred Prosecution Agreement
Bad News:– Everything but Formal Indictment– Negative Stigma / Binding
Admissions / $$– External Probing / Monitoring
Conducting Cost-Effective Internal Investigations
Who & When to Call?What to do first?How to Protect?
38
Responding to “Trouble”
♦Make Preliminary Inquiry & Assess “Temperature”
♦Initiate Internal Investigation
♦Take Corrective Actions: Stop the Bleeding
♦If Conduct Internal Investigation, Assess Pros & Cons of:1) Disclosure of Issues; and2) Voluntary Cooperation
39
Fundamental Questions:
What is an Internal Investigation?Why Conduct One?
When to Start Internal Investigation?Who Should Conduct the Investigation?
Where Do You Start?How Much Will It Cost?
Who Needs to Approve & Who Needs to Be Involved?When Does It Need to Be Completed?
What is Result?Where Does Report Go?
What is An Internal Investigation?
As the name implies:– Any inquiry conducted internally
(in contrast to external governmental)
“One Size Does Not Fit All”:– 1-day / 1-witness– Multi-year; multi-witness; document-intensive;
expert-intensive.
Internal Investigations
Disclosure Obligations?• First . . . Is Disclosure Mandatory or Voluntary?• If Voluntary . . . Whether to Disclose?• If so . . . What to Disclose?–Nature of error/wrongdoing–Evidence of intent
• To Whom?• What Format?
Why Conduct An Internal Investigation?
What is Purpose?Information is Power
Better to Know About the Problems FirstFind it all - “Good, Bad, Neutral” Allows Full Investigation & CorroborationLimit ExposureGives Time to Contemplate Strategy Options
Reasons to Conduct Internal Investigation
•Fulfill duties of directors and managers;•Gather critical facts and prepare for possible legal defense;•Review & revise accounting procedures and internal controls;•Modify compliance program;•Influence prosecutorial discretion;•Mitigate penalties (civil & criminal)•Provide recommendations and legal advice
When To Start ?
Judgment Call– Accountable for Choice
Who is Making Accusations?How Serious are the Allegations?Any Corroboration or Support?
How Readily Refutable?In short – Start When Stakes Are “High Enough”
Before You Start:Plan to Control the “Spin”
Since Internal Investigation = “Rumors” Prepare Company Response to Employee Questions:
1) Preliminary Nature of Investigation2) Company’s Willingness to Cooperate
(if applicable)3) Company’s Own Efforts to Investigate and Gather
Reliable Facts; and4) Other Positive/Accurate Aspects of Company
Document Retention Advisory
Suspend Document Retention Policy– Stop Auto Deletion of Electronic Files– Stop any Auto Destruction of Archived Files in Long-
Term Storage
Give Contact Information– If Called by Investigators– For Follow-up Questions
Update the Document Advisory As Needed
Document Retention Advisory
Distribution List (who to send it to?)What types of docs (drafts, duplicates, etc.)Make Clear the Policy Applies to Work on
Personal Computers or PDAsTopics Covered (be over-inclusive)
Documents Outside WorkplaceConfidentiality of Investigation
Where Do You Start?(General Overview)
Determine Nature of Allegations, Issues & Potential Violations
Consult with Management re:Background Information re: Allegations/MisconductPotential Sources of Information
Develop an Investigative Strategic PlanAssemble the TeamAddress Means of Supervision
Where Do You Start?(General Overview)
Develop Facts Through Document Review & InterviewsPrepare Chronologies Prepare Witness ListsPrepare List of Disputed & Undisputed
FactsPrepare List of “Hot Docs” (Positive &
Negative)
Where Do You Start?(General Overview)
Develop Legal Issues/DefensesProtect Legal PrivilegesAssess Potential Conflicts of Interest
Between Company & Employees
In Short:
What Happened?Who Was Involved?Who Knew What?
Is it a Regulatory Violation?Is it Criminal?
What is the Potential Legal Exposure?Any Grounds for Defense?
Investigative Plan
Scope and Purpose of InvestigationSecure Relevant Documents
– Retention Memo – “Don’t Destroy Anything”– Electronic Files & Evidence– Archives, etc.
Identify Relevant Witnesses– Who? Why? When?– Remember “2 Witness Rule”
Experts & Consultants
Who is the Client?
Seems ObviousImportant to Identify Early
– Corporation– Board of Directors– Group of Executives– Individual Executive– Everyone . . . Initially ?
Who Should Conduct?
Various Options– In-house– Outside Counsel– Blended Legal Team
Factors to Assess– Familiarity with Issues/Regulations– Objectivity/”Fresh Eyes”
Assemble Team
Attorneys & InvestigatorsIn-house Personnel and/or Outside Counsel– Advantages & Disadvantages for each
Role of Non-Lawyers
Coordinated Victory:Be Efficient & Effective
Isolate Roles & Strengths– Company Client Role
– Lawyer’s role– Expert/consultant’s Role
Client’s Role
Teach You all About Their Business- You Must Know More Than Your Opponent
- Most Opponent’s Don’t Know Client’s Business (Use This Advantage)
- Case a Wide Net for Information ♦ You Never Know When you Will Use It.
- Teach You about Company Resources, Organizational Structure, Policies, Employees,
Record-Keeping, Etc.
Lawyer’s Role
Educate Client about Business Crimes or Civil Liability
– Severity & Consequences– Not About Being A “Bad Person”– Need for Complete Candor
Role of Investigator, Expert or Consultant
Case-Specific Inquiry:– Typical Issues• Positive Character Evidence• Customary Practices in Industry• Background on Informants
Typical Defenses
Legal- No Substantive Violation- Lack of Intent/Knowledge
Equitable- Good Faith/”Good Corporate Citizen”
♦ Don’t Just Claim it – “Show It”/Corroborate- Criminal Prosecution is Overkill
♦ Use Civil as Punishment
Government Perspective onInternal Investigations
Government Loves Disclosure– Saves Resources– Barometer of “Good Corp. Citizenship”– Company is in Best Position to Get Facts
Credibility is Key– Reputation of Lawyer Conducting Investigation– Independence of Lawyer
Another Goal: Accurately Characterize Conduct in Question
Government: “Assumes the Worst”
Defense:Provide Context &Proper Perspective
Key Analogy: Gathering Bad Applesin Orchard
Who Needs to Approve?Who Needs to Be Involved
(in Supervising & Reporting)
Board of Directors (if Public Company)– Or Committee
Management – Key Executives
Importance of Pre-Approval:– Genie Out of Bottle– Post-Hoc Finger-Pointing– Consequences of Probing
When Does It Need to Be Completed?
Depends upon:– Seriousness– Context– Resources– Externally Imposed Deadlines
What is Result?
Oral Findings & Oral Report
Written Summary
Formal Written Report
Keys to a Successful Document Review
•Get an Overview of Allegations•Develop a Plan
•Use Company Resources to Identify All Records
•Keep Track of Document Review Process / Inventory
The Paper Trail
Three Critical Steps:– Retain– Collect– Analyze
Unique Quality of Documents as Evidence– Fixed in Time (unlike witness memories)– Potential to Corroborate– “Tie Goes to the Version in the Docs”
Collecting Documents
Finding the Relevant Documents Can be an Adventure– Look in Logical Places– Get Advice from In-House• Send Out Document Collection Memo• Document Collection Interviews
– One-on-One – ID Types of Documents– Brainstorm (Where? Who else might know?)
Collecting Documents
File Rooms & Long-Term StorageElectronic Files– Searchable ?– Possible Outsource (if needed)
Track the Documents Collected– Keep a Record of Source of Each Document
• Tracking Sheet (Privileged & Confidential)– Employee– Location of Doc (hard copy, electronic, etc.)
– Consider Bates Labeling as Docs are Collected• But “Gaps” can be problematic with suspicious AUSA
Analyzing Documents
Traditional Approach:– Keep original documents in original order and
original files– Use copy sets for analysis and re-organization
Arrangement Options:– Chronological– By Witness– By Subject/Topic
Hi-Tech Options – Imaging/Coding
Protect Privileges
Counsel Must Direct Investigation– Attorney-Client Privilege– Attorney Work Product– Self-Evaluative Privilege
Engagement Terms & Upjohn Letter
Following the Paper Trail
Have the documents during the witness interview– Refresh witness recollection– Allows specificity – Prevents “Weaseling”
Be Wary of Reaching Any Conclusions without Analyzing Relevant Documents– Lose instant credibility with Gov’t if your initial
predictions/assessments are proven wrong by docs
Employee Interviews
•Review Ethical Checklist Before Conducting Employee Interviews (Corporate Miranda)
•Explain Purpose & Subject Matter of Interview •Develop Rapport & Level of Comfort
•Avoid Even the Appearance of Obstruction or Influencing Witness Testimony
Employee Interviews
Anticipate Government’s/Opponent’s Perspective- Ask the Hard Questions- Clarify Basis for Opinions & Information- Request Corroboration- Request Additional Leads
Inform Employees of Rights re: Gov’t. InvestigationPrepare Written Summaries
Obstruction of Justice
Don’t Do Anything That Even Has Appearance !!Types:– Witness Tampering– Document Destruction– False Entries