What Is A Compliance Program?Prevent and detect violations of applicable laws,

regulations, rules & ethical standards–Process Oriented–Minimize Risks–Demonstrate commitment to Code of Conduct–Foster ethical and pro-compliance culture

Analogy to Insurance Policy• “You Get What You Pay For”

How Do You Establish a Compliance Program?

• Review legal requirements• Conduct a legal/regulatory risk assessment• Identify areas of focus• Ensure program meets Guidelines requirements • Upgrade program where necessary• Tailor-Fit Program to Unique Operations

Core Components of the ProgramLegal & Regulatory Risk Assessment

Tone at the topProcesses developed and owned by business

leaders– Woven into operations – not a “legal” programStandards come from the laws of the nations in which you

operate Training – consistent throughout business

Must measure, monitor and audit what is mandatedReporting and investigations

Continuous improvementAnnual audit and periodic monitoring by an audit function

3

Where and What What behaviors are likely to get company in trouble with

government agencies?

Weighing legal risks Probability of occurrence Impact to business Adequacy of Existing Controls

Priority with other projectsWhose role(s)?

4

Risk Assessment

• Legal & regulatory risk assessment is the cornerstone Identify each business’ legal/regulatory risks

– Magnitude– Frequency– Location– Existing controls to address

• Leaders’ expertise & input to identify & prioritize risks• Develop teams and plans to address each top risk • Ensure proper support for teams• Regularly report on progress of each plan• Risk Mitigation efforts must follow– Cost Benefit analysis is critical

Risk Assessment Basics

6

Detect & Cure Misconduct

Set up Procedures:–Internal Reporting of Misconduct or Violations;–Documenting Complaints;–Investigating Complaints;–Upper Management Reporting & Response–Enforcing Program–Improving Training (i.e. Self-Correcting)

“Principles of Federal Prosecution of Business Organizations” (Sec. 9-28.300)

General Factors To Consider in Charging:–Nature & Seriousness of Offense–Pervasiveness of Wrongdoing w/in Corporation–Corporation’s History of Wrongdoing

(Crim/Civ/Reg)–Corporation’s Timely & Voluntary Disclosure

“Principles of Federal Prosecution of Business Organizations” (Sec. 9-28.300)

General Factors To Consider in Charging:–Existence & Adequacy of Corp’s Compliance

Program–Corporation’s Remedial Actions–Collateral Consequences–Adequacy of Prosecution of Individuals or Civil

Actions

Goal: Understand & Influence Prosecutorial Discretion

What is Root Cause of Problem ?

– A “Bad Apple” (Employee)

– A “Bad Orchard” (Organization / Culture)

Focus on Compliance ProgramsFactors in Evaluating a Compliance Program

(among others):–Corporate governance mechanisms to detect and

prevent misconduct, such as director’s oversight of compliance

–Staff sufficient to audit, document, analyze and use the corporation’s compliance efforts

–Employee’s knowledge of – and “buy-in” regarding the compliance program

11

7 Criteria for “Effective”Corporate Compliance Plans (8B2.1)

1. Establishing compliance standards and procedures that are reasonably capable of reducing the prospect of criminal conduct (i.e. written company policy statements and policies approved by senior management or board);

2. Assigning overall oversight responsibility to specific individuals within high-level

positions (i.e. centralized compliance activities and a compliance officer with authority to monitor);

12

7 Criteria for “Effective”Corporate Compliance Plans (8B2.1)

3. Exercising due care not to delegate responsibility to individuals who are predisposed to illegal activities (accomplished with a careful and well-documented screening process for key employees);

4. Effectively communicating the program's standards and procedures to all employees (i.e. adequate employee training);

13

7 Criteria for “Effective”Corporate Compliance Plans (8B2.1)

5. Taking reasonable steps to achieve compliance with the standards (i.e. monitoring, auditing, establishing best practices benchmarks, etc.);

6. Consistently enforcing the standards through appropriate disciplinary mechanisms (i.e. disincentives policy, range of disciplinary measures );

7. Responding appropriately to an offense and taking all reasonable steps to prevent

similar offenses, including any necessary program modifications (i.e. authorizing or conducting internal investigations)

Federal Sentencing Guidelines -Criteria for Effective Programs

Size of the organization– Formal program for larger companies

Nature of the business– Highly regulated activities require greater effort

Prior compliance history– Previous problem areas should be addressed

Industry standards– Must meet or exceed industry standards

Lessons Learned from Convicted Corporations

• Most Adopt an Extremely Proactive & Pro-Compliance Approach (i.e. “Never Again” Mentality)

• Staggering Economic Losses• Massive Investment to Regain Reputation

(** Don’t Lose It In the First Place **)• Compliance = More Valuable Company

Traditional/Obvious Reasons for Setting Up A Compliance Program?

Influence Prosecutor’s Discretion–Argument for not bringing criminal charges (both

company & individuals)

Proof of “Good Corporate Citizenship” Merit Badge• “If the Prosecutor Won’t Listen . . .

Perhaps a Jury Will”

Reduce penalties or fines

Elusive Reasons for Setting Up A Compliance Program?

• Improve Overall Risk Management

• Improve corporate image with public, employees, and community

• Increase value of company

• Provide for efficient management of compliance costs

Why Does Compliance Really Matter?

Penalty Reductions?– (Only Part of the Story)•Much More Significant

•Broader Applications –– “Ethical Barometer” or “Surrogate”– Better Management

18

Measuring “Organizational Culture?”

What an Organization SAYS?–Written Materials?• Code of Conduct• Plan & Procedures

What an Organization actually DOES?–Measures/Monitors/Records–Invests–Incentives – Punishments & Rewards

Earning Your “Good Corporate Citizenship” Merit Badge

• Does your corporation have compliance plans / ethics policies?

• Demonstrated commitment from management?

• Who is in charge of compliance? Centralized? CCO?

• Do you do sufficient background checks?• Training?• Anonymous Hotline?

Earning Your “Good Corporate Citizenship” Merit Badge

• Implementation? Benchmarking? –(objective monitoring /audit/enforce)

• Documentation?

• Plans to Respond to Incidents?

• Continual Improvements?

Indicators of Effectiveness• Do employees support the company’s

compliance message?• Do they believe management is fully

supportive of these messages, even when business goals may seem to conflict?

• Do employees understand the procedures?• Does the training work?• Do employees fear reporting concerns through

the channels provided?

Establishing a Proactive Attitude About Compliance

• Vigorous and visible management support

• Compliance made a part of doing business

• Consistent communication and diligent implementation

• Targeted at high risk areas• Empowered employees supported

by standards and training

Recommended Prescription

Try to Prevent, Detect & Correct Problems = “Preventive Law”

Develop & Implement “Effective” Compliance Plans• Previously:

» Presence = “Good Faith”

• Currently:» Absence = “Bad Faith”

Deferred Prosecution Agreements

A Blessing or a Curse?

All the Punishment with no formal “guilt”

Prosecutorial Discretion Redux

Traditional Options for Corporate Targets– Prosecute/Indict– “Declination”

New Discretionary ToolDeferred Prosecution Agreement

Deferred Prosecution Agreement (“DPAs”)

What is a DPA?Why are they used?Common Elements?

Recent Trends

Definition of DPA

A deferred prosecution agreement is a voluntary alternative to adjudication in which a prosecutor agrees to grant amnesty (forego charges) in exchange

for the defendant agreeing to fulfill certain requirements.

Common Elements in DPAs• Publicly Filed• Parties (with full authority/resolutions)• Term (1-5 years)• Information Filed (with offenses) –

Waivers of S.O.L.• Admission of Wrong-doing (with

detailed factual basis)

Common Elements in DPAs• Monetary Penalty Amount (Quite Hefty)

– Paid Up Front?

• Continued Cooperation (Broadly Defined)

• Compliance “Booster” & Review

• Governance Reform

Common Elements in DPAs• Business Limitations/Restrictions• Breach Clause • “Non-Contradiction” Clause

Public Comments• Mandatory Self-Reporting of Violations• Dismissal of Formal Charges & Higher

Penalties

Addt’l Options in DPAs– Strong written policy against violations– Development of standards/procedures to

reduce violations– Development of internal controls based on

risk assessments– Annual reviews and updates of compliance

program

Addt’l Options in DPAs– Designation of single corporate executive to

oversee compliance– Implementation of financial/accounting

systems– Stronger communications/training– Clear channels for EE guidance and

confidential hotline reporting

Addt’l Options in DPAs– Implementation of disciplinary procedures to

address violations– Periodic review and testing of compliance to

improve effectiveness

Addt’l Options in DPAs

Appointment of Monitor– Paid by Company– Assessments and Report– Unique Challenges– Full Access– Reporting Authority to Gov’t– External Efforts to Transform Corporate

Culture

Deferred Prosecution Agreement

Good News:– No Criminal Prosecution (. . .unless)– No Automatic Corporate Death

Sentence (Loss of Jobs)– Less Harm to “Innocent Stakeholders”• (Remember Arthur Andersen ?)

– No costly or lengthy/distracting trial

Deferred Prosecution Agreement

Bad News:– Everything but Formal Indictment– Negative Stigma / Binding

Admissions / $$– External Probing / Monitoring

Conducting Cost-Effective Internal Investigations

Who & When to Call?What to do first?How to Protect?

38

Responding to “Trouble”

♦Make Preliminary Inquiry & Assess “Temperature”

♦Initiate Internal Investigation

♦Take Corrective Actions: Stop the Bleeding

♦If Conduct Internal Investigation, Assess Pros & Cons of:1) Disclosure of Issues; and2) Voluntary Cooperation

39

Fundamental Questions:

What is an Internal Investigation?Why Conduct One?

When to Start Internal Investigation?Who Should Conduct the Investigation?

Where Do You Start?How Much Will It Cost?

Who Needs to Approve & Who Needs to Be Involved?When Does It Need to Be Completed?

What is Result?Where Does Report Go?

What is An Internal Investigation?

As the name implies:– Any inquiry conducted internally

(in contrast to external governmental)

“One Size Does Not Fit All”:– 1-day / 1-witness– Multi-year; multi-witness; document-intensive;

expert-intensive.

Internal Investigations

Disclosure Obligations?• First . . . Is Disclosure Mandatory or Voluntary?• If Voluntary . . . Whether to Disclose?• If so . . . What to Disclose?–Nature of error/wrongdoing–Evidence of intent

• To Whom?• What Format?

Why Conduct An Internal Investigation?

What is Purpose?Information is Power

Better to Know About the Problems FirstFind it all - “Good, Bad, Neutral” Allows Full Investigation & CorroborationLimit ExposureGives Time to Contemplate Strategy Options

Reasons to Conduct Internal Investigation

•Fulfill duties of directors and managers;•Gather critical facts and prepare for possible legal defense;•Review & revise accounting procedures and internal controls;•Modify compliance program;•Influence prosecutorial discretion;•Mitigate penalties (civil & criminal)•Provide recommendations and legal advice

When To Start ?

Judgment Call– Accountable for Choice

Who is Making Accusations?How Serious are the Allegations?Any Corroboration or Support?

How Readily Refutable?In short – Start When Stakes Are “High Enough”

Before You Start:Plan to Control the “Spin”

Since Internal Investigation = “Rumors” Prepare Company Response to Employee Questions:

1) Preliminary Nature of Investigation2) Company’s Willingness to Cooperate

(if applicable)3) Company’s Own Efforts to Investigate and Gather

Reliable Facts; and4) Other Positive/Accurate Aspects of Company

Document Retention Advisory

Suspend Document Retention Policy– Stop Auto Deletion of Electronic Files– Stop any Auto Destruction of Archived Files in Long-

Term Storage

Give Contact Information– If Called by Investigators– For Follow-up Questions

Update the Document Advisory As Needed

Document Retention Advisory

Distribution List (who to send it to?)What types of docs (drafts, duplicates, etc.)Make Clear the Policy Applies to Work on

Personal Computers or PDAsTopics Covered (be over-inclusive)

Documents Outside WorkplaceConfidentiality of Investigation

Where Do You Start?(General Overview)

Determine Nature of Allegations, Issues & Potential Violations

Consult with Management re:Background Information re: Allegations/MisconductPotential Sources of Information

Develop an Investigative Strategic PlanAssemble the TeamAddress Means of Supervision

Where Do You Start?(General Overview)

Develop Facts Through Document Review & InterviewsPrepare Chronologies Prepare Witness ListsPrepare List of Disputed & Undisputed

FactsPrepare List of “Hot Docs” (Positive &

Negative)

Where Do You Start?(General Overview)

Develop Legal Issues/DefensesProtect Legal PrivilegesAssess Potential Conflicts of Interest

Between Company & Employees

In Short:

What Happened?Who Was Involved?Who Knew What?

Is it a Regulatory Violation?Is it Criminal?

What is the Potential Legal Exposure?Any Grounds for Defense?

Investigative Plan

Scope and Purpose of InvestigationSecure Relevant Documents

– Retention Memo – “Don’t Destroy Anything”– Electronic Files & Evidence– Archives, etc.

Identify Relevant Witnesses– Who? Why? When?– Remember “2 Witness Rule”

Experts & Consultants

Who is the Client?

Seems ObviousImportant to Identify Early

– Corporation– Board of Directors– Group of Executives– Individual Executive– Everyone . . . Initially ?

Who Should Conduct?

Various Options– In-house– Outside Counsel– Blended Legal Team

Factors to Assess– Familiarity with Issues/Regulations– Objectivity/”Fresh Eyes”

Assemble Team

Attorneys & InvestigatorsIn-house Personnel and/or Outside Counsel– Advantages & Disadvantages for each

Role of Non-Lawyers

Coordinated Victory:Be Efficient & Effective

Isolate Roles & Strengths– Company Client Role

– Lawyer’s role– Expert/consultant’s Role

Client’s Role

Teach You all About Their Business- You Must Know More Than Your Opponent

- Most Opponent’s Don’t Know Client’s Business (Use This Advantage)

- Case a Wide Net for Information ♦ You Never Know When you Will Use It.

- Teach You about Company Resources, Organizational Structure, Policies, Employees,

Record-Keeping, Etc.

Lawyer’s Role

Educate Client about Business Crimes or Civil Liability

– Severity & Consequences– Not About Being A “Bad Person”– Need for Complete Candor

Role of Investigator, Expert or Consultant

Case-Specific Inquiry:– Typical Issues• Positive Character Evidence• Customary Practices in Industry• Background on Informants

Typical Defenses

Legal- No Substantive Violation- Lack of Intent/Knowledge

Equitable- Good Faith/”Good Corporate Citizen”

♦ Don’t Just Claim it – “Show It”/Corroborate- Criminal Prosecution is Overkill

♦ Use Civil as Punishment

Government Perspective onInternal Investigations

Government Loves Disclosure– Saves Resources– Barometer of “Good Corp. Citizenship”– Company is in Best Position to Get Facts

Credibility is Key– Reputation of Lawyer Conducting Investigation– Independence of Lawyer

Another Goal: Accurately Characterize Conduct in Question

Government: “Assumes the Worst”

Defense:Provide Context &Proper Perspective

Key Analogy: Gathering Bad Applesin Orchard

Who Needs to Approve?Who Needs to Be Involved

(in Supervising & Reporting)

Board of Directors (if Public Company)– Or Committee

Management – Key Executives

Importance of Pre-Approval:– Genie Out of Bottle– Post-Hoc Finger-Pointing– Consequences of Probing

When Does It Need to Be Completed?

Depends upon:– Seriousness– Context– Resources– Externally Imposed Deadlines

What is Result?

Oral Findings & Oral Report

Written Summary

Formal Written Report

Keys to a Successful Document Review

•Get an Overview of Allegations•Develop a Plan

•Use Company Resources to Identify All Records

•Keep Track of Document Review Process / Inventory

The Paper Trail

Three Critical Steps:– Retain– Collect– Analyze

Unique Quality of Documents as Evidence– Fixed in Time (unlike witness memories)– Potential to Corroborate– “Tie Goes to the Version in the Docs”

Collecting Documents

Finding the Relevant Documents Can be an Adventure– Look in Logical Places– Get Advice from In-House• Send Out Document Collection Memo• Document Collection Interviews

– One-on-One – ID Types of Documents– Brainstorm (Where? Who else might know?)

Collecting Documents

File Rooms & Long-Term StorageElectronic Files– Searchable ?– Possible Outsource (if needed)

Track the Documents Collected– Keep a Record of Source of Each Document

• Tracking Sheet (Privileged & Confidential)– Employee– Location of Doc (hard copy, electronic, etc.)

– Consider Bates Labeling as Docs are Collected• But “Gaps” can be problematic with suspicious AUSA

Analyzing Documents

Traditional Approach:– Keep original documents in original order and

original files– Use copy sets for analysis and re-organization

Arrangement Options:– Chronological– By Witness– By Subject/Topic

Hi-Tech Options – Imaging/Coding

Protect Privileges

Counsel Must Direct Investigation– Attorney-Client Privilege– Attorney Work Product– Self-Evaluative Privilege

Engagement Terms & Upjohn Letter

Following the Paper Trail

Have the documents during the witness interview– Refresh witness recollection– Allows specificity – Prevents “Weaseling”

Be Wary of Reaching Any Conclusions without Analyzing Relevant Documents– Lose instant credibility with Gov’t if your initial

predictions/assessments are proven wrong by docs

Employee Interviews

•Review Ethical Checklist Before Conducting Employee Interviews (Corporate Miranda)

•Explain Purpose & Subject Matter of Interview •Develop Rapport & Level of Comfort

•Avoid Even the Appearance of Obstruction or Influencing Witness Testimony

Employee Interviews

Anticipate Government’s/Opponent’s Perspective- Ask the Hard Questions- Clarify Basis for Opinions & Information- Request Corroboration- Request Additional Leads

Inform Employees of Rights re: Gov’t. InvestigationPrepare Written Summaries

Obstruction of Justice

Don’t Do Anything That Even Has Appearance !!Types:– Witness Tampering– Document Destruction– False Entries