Focusing on investigations under Prong 7 in the Evaluation it stated, Properly Scoped Investigation by Qualified Personnel – How has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented? Moreover, with the advent of the SEC Whistleblower Program, courtesy of Dodd-Frank, it is imperative that a company quickly and efficiently investigate all hotline reports. This means you need an investigation protocol in place so that the entire compliance function is on the same page and knows what to do.

Your company should have a detailed written procedure for handling any complaint or allegation of bribery or corruption, regardless of the means through which it is communicated. The mechanism could include the internal company hot-line, anonymous tips, or a report directly from the business unit involved. You can make the decision on whether or not to investigate with consultation with other groups such as the Audit Committee of the Board of Directors or the Legal Department. The head of the business unit in which the claim arose may also be notified that an allegation has been made and that the Compliance Department will be handling the matter on a go-forward basis. Through the use of such a detailed written procedure, you can work to ensure there is complete transparency on the rights and obligations of all parties, once an allegation is made. This allows the Compliance Department to have not only the flexibility but also the responsibility to deal with such matters, from which it can best assess and then decide on how to manage the matter.

Indeed, the SEC considers a variety of factors around giving credit to corporate investigations including: Did management, the board or committees consisting solely of outside directors oversee the review? Did company employees or outside persons perform the review? If outside persons, have they done other work for the company? If the review was conducted by outside counsel, had management previously engaged such counsel? How long ago was the firm’s last representation of the company? How often has the law firm represented the company? How much in legal fees has the company paid the firm?

In a presentation by Jay Martin, Vice President, Chief Compliance Officer (CCO) and the Senior Deputy Counsel for Baker Hughes Incorporated and Jacki Trevino, Senior Consultant, Advisory Services at SAI Global entitled, “FCPA Compliance Best Practices: Success Stories of Robust and Effective Anti-Corruption Compliance Programs in High Risk Markets” they discussed the specifics of an investigation protocol.

Step 1: Opening and Categorizing the Case. This first step, to categorize a compliance violation. You should notify the relevant individuals, including those on your investigation team and any senior management members under your notification protocols. Step 1 should be accomplished in one to three days after the allegation comes into compliance.

Step 2: Planning the Investigation. After assembling your investigation team, determine the required investigation tasks. These would include document review and interviews. If hard drives need to be copied or documents put on hold or sequestered in any way, this should also be planned out at this time. Step 2 should be accomplished with another one to three days.

Step 3: Executing the Investigation Plan. Under this step, the investigation should be completed. Step 3 should be accomplished in one to two weeks.

Step 4: Determining Appropriate Follow-Up. At this step, the preliminary investigation should be completed and you are ready to move into the final phases. This group would decide on the appropriate disciplinary steps or other actions to take. Step 4 should be completed in one day to one week.

Step 5: Closing the Case. Under this final step, communicate the investigation results to the stakeholders and complete the case report.   

Three Key Takeaways

1. A written protocol, created before an investigation is a key starting point.
2. Create specific steps to follow so there will be full transparency and documentation going forward.
3. Consistency in approach is critical.

As the leading provider of ethics and compliance cloud software, Convercent connects ethics to business performance by weaving ethics and values into everyday operations in more than 600 of the world’s largest companies. Its Ethics Cloud Platform, provides a suite of applications: Convercent Insights, Convercent Helpline, Convercent Campaigns, Convercent Disclosures and Convercent Third Party. For more information go to Convercent.com.