In this episode, Matt Kelly and I take a deep dive, literally into the weeds of the convergence of the compliance profession and the nascent cannabis industry. While several states have made pot for medical use legal and one state, Colorado has made it legal for personal consumption, it is still illegal under federal law. We consider such questions as:

• Lawyers and accountants are required to report large cash transactions to the federal government—but large cash transactions are common in the cannabis industry, since commercial operators don’t have easy access to the banking system. So if you report one of these transactions, are you turning over evidence of illegal activities of your client to authorities? Or do you not report, and risk sanctions against yourself?
• If the Justice Department does act against a commercial weed business, will prosecutors really seek to impanel a federal grand jury, with jurors drawn from a state where they voted to legalize? Could prosecutors ask a candidate juror whether he or she smokes weed? Could that juror invoke the Fifth Amendment?
• Should lawyers be allowed to own equity in a legally operating marijuana business? What about judges? Do the two groups need different standards? 
• Professional conduct rules for lawyers require competency in rendering legal advice. What does competency even look like in this branch of business conduct, when the laws are so new and in conflict with federal law?
• Will the nascence of the cannabis industry allow for innovations such as incorporation of blockchain to create fully auditable trails for all aspects of the business?
• Will any state which taxes cannabis sales be required to remit this money under a theory of profit disgorgement from funds generated by illegal activity.

For more from Matt Kelly:

See his blog post Compliance, Careers and Cannabis Industry;

Hear Matt Kelly’s interview with Amy McDougal (yes Matt has his own podcast as well-the Radical Compliance podcast) by clicking here.

Is your hotline working for you? In an article entitled, entitled “Promoting Effective Us of the Compliance Hotline” José Tabuena provided an excellent example of the power of a hotline. He provide a case study of a company which had not integrated its IT function into its regular compliance and ethics training programs. As such there were zero calls into the hotline by employees from the IT department. This dynamic was changed and IT was integrated into the company’s regular compliance and ethics training. Thereafter, the hotline received several calls from IT department employees indicating where there were two major areas of complaints. The first general area was that there were conflicts of interests between IT department managers, family members who were hired and perceptions of favoritism. The second generally revolved around allegations that certain company managers were manipulating data to maximize their bonuses.

The Favoritism Problem

The Human Resources (HR) department led an investigation that included questioning all IT managers about their direct reports and employees of their unit. The company determined that there was only one instance of a manger hiring a family member (a brother-in-law), but that person did not report to the manager and was in a different section of the IT organization. This finding made clear that there were misperceptions in the IT department, which affected the department morale. To remedy this all IT managers received training on appropriate employment practices, communications were also delivered to all IT employees explaining policies and practices regarding the hiring of family members. Most satisfyingly, during follow-up with callers to the helpline, the callers stated that the work environment in the IT department had noticeably improved. They also expressed gratitude that their questions were answered and that their issues were addressed. The callers felt their concerns were taken seriously when they saw the communications on hiring practices and upon having discussions with managers during staff meetings. Staff retention started improving in the department.

Manipulation of Data for Bonuses

The company used the hotline to obtain more information from the callers on “isolating the metrics and the managers in question. It was determined that the bonuses of a select few IT managers were indeed influenced by a questionable data source, which was controlled by a non-manager with minimal oversight and controls. Following interviews with key individuals and review of the data file (including forensic analysis), it was determined that one IT manager had misrepresented information provided to the staff person maintaining the data. Notably, this staff person also reported to this manager. As a result, the IT manager's bonus compensation was inflated. He was subsequently terminated.

Basic Tenets of an Effective Hotline

This case study provided three key tenets of an effective internal reporting system.

• First, a helpline is of no value if the workforce is not aware of it. Although a helpline was in place, it became apparent that a segment of the company had not been informed. It was hotline data that revealed this gap. By reviewing data segmented by region, department, incident classification, and other criteria, it became obvious in comparison to the rest of the organization that the IT department had not used the helpline.
• Second, the ethics and compliance office obtained support from the Chief Information Officer (CIO) for making IT part of the helpline community and for designating a liaison within the IT function. The support of department leadership likely influenced the success of the training and communications delivered by the ethics and compliance staff.
• Third, the awareness of the helpline is not sufficient to ensure success. The company made sure that issues and allegations were addressed and investigated. Employees who choose not to report wrongdoing indicate a belief that nothing will be done anyway, so why take the risk? Employees also cite fear of retaliation as a reason for not reporting.

This case study demonstrates the power of a hotline. The company’s Compliance Department “established the credibility of the helpline as a resource to raise issues and report misconduct. The concerns regarding nepotism and conflicts of interest were taken seriously, and although the   violations were not as widespread as the calls indicated, the review went a long way to clear the air.” Equally important, the helpline proved to be a successful management tool as well. The company was able to manage potential compliance issues and improve employee morale.

Three Key Takeaways

1. Hotlines can be powerful tools for the compliance professional.
2. Simply because you have no hotline complaints does not mean you do not have any compliance or ethics issues which need review and resolution.
3. Adequate follow up is a key part of overall hotline effectiveness.

In this episode, I visit with Steven Durham, a partner in the law firm of Labaton Sucharow. The firm is one of the leaders in the SEC Whistleblower practice. Durham describes his background and how he got to the firm. He relates the Whistleblower Practice at Labaton, what is your role and how Jordan Thomas worked to create the firm’s whistleblower practice after leaving the SEC. He then  relates what the SEC Whistleblower program is and how has it worked to pay out over $150MM in bounties through this spring. Durham then discusses how the SEC Whistleblower office facilitates the SEC’s mission to protect investors, why whistleblowing benefits society and corporate America and how firms like Labaton assist the SEC in its practice. We conclude with a discussion of where Durham sees SEC Whistleblower program going under the Trump Administration. 

For more information on Steven Durham, the law firm of Labaton Sucharow and its whistleblower practice, check out the firm’s website by clicking here.

Today I would like to review some best practices regarding a compliance hotline.

1.  The hotline should be developed and maintained externally. It seems axiomatic that em­ployees tend to trust hotlines maintained by third parties more than they do internally maintained systems. Through the submitting of reports via an external hotline there is a perceived extra layer of anonymity and impartiality compared to a sys­tem developed in-house. A third party provider is also more likely to bring specialist expertise that’s difficult to match within the organization.
2. The hotline supports the collection of detailed infor­mation. As with most everything else, information is power. If a CCO can gather and re­cord information throughout a complaint life cycle, the company will have greater insight into the situation and a company can protect itself more effectively from accusations of negligence or wrongdoing. A hotline reporting system should provide consolidated, real-time access to data across all departments and locations, plus analytic capabilities that allow you to un­cover trends and hot spots. All reported materials should be consolidated in one comprehensive, chronologi­cally organized file, so a CCO can monitor ongoing progress and make better, more informed decisions.
3. The hotline must meet your company’s data retention poli­cies. Retaining data in a manner consistent with your internal data retention policies is important. A hotline should offer a secure, accessible report retention database, or you may be faced with making your own complicated and costly arrangements for transmitting and storing older reports to a permanent storage location.
4. The hotline should be designed to inspire employee confidence. Retaliation or perceived unfairness to those making hotline complaints will destroy the effectiveness of the internal reporting process and poison the corporate culture. A hot­line must be seen to offer the highest levels of protection and anonymity. To encourage employee participation, the hotline should allow them to bring their concerns directly to some­one outside their immediate chain of command or workplace environment – especially when the complaint concerns an immediate superior. The hotline should also enable employees to submit a re­port from the privacy of an off-site computer or telephone. It may seem like a small convenience, but giving employees the freedom to enter a complaint from a location that is safe can make a huge difference to participation rates.
5. The hotline offers on-demand support from subject matter experts. Opening lines of communication can bring new issues to your compliance group. It is therefore important that once those reports are entered into the system, a person or function has the responsibility to follow up in a timely manner. One of the biggest mistakes you can make is to sit on a hotline complaint and let the employee reporting it fester. Additionally, with the short time frames set out in the Dodd-Frank Whistleblower timelines for resolution before an employee can go the SEC to seek a bounty, the clock is literally clicking.
6. The hotline provides inbuilt litigation support and avoidance tools. A company must make certain that its hotline is preconfigured to meet the legal requirements for document retention, at­torney work product protection procedures, and attorney-client privilege. Developing these tools in-house can add signifi­cantly to your costs, and maintaining a hotline without one exposes your organization to unacceptable risk.
7. The hotline supports direct communication. A hotline should open the lines of communication and give you a di­rect sight-line into the heart of your company. Look for a system that enables you to connect directly, privately, and anonymously with the person filing a complaint. Direct communication also signals to employees that their complaints are being heard at the highest levels.

Like other risk management issues, hotlines must also be managed effectively after implementation and roll-out. Here are some practical tips which will help you make your hotline an effective and useful tool.

Get the word out. If employees do not know about the hotline, they will not use it. Allocate a portion of your time and budget to promoting the corporate hotline through multiple channels. Put up posters and distribute cards that employees can keep in their wallets or desk drawers. Deliver in-person presentations where possible. And do not think of the promotional initiative as a one-time effort. It is important to remind employees regularly, through in-person communications, via e-mail, or through intranets, newsletters, and so on, that this resource is available to them. Some hotlines offer promotional materials to help make the job easier; make sure you ask what type of promotional support may be available.

Train all your employees. Getting employees to use the system is one half of the challenge; ensuring they use it properly is the other half. This is where training becomes essential. Make sure people understand what types of activities or observations are appropriate for reporting and which are not. HR and compliance staff will need training too, to help them understand how the hotline impacts their day-to-day activities. Company leaders also need to understand the role the hotline plays in the organizational culture, and the importance of their visible support for this compliance initiative.

Take a look at the data. Use the data derived from or through the hotline to identify unexpected trends or issues. Examples might be what percentage of employees use the hotline and what issues are they submitting? A healthy hotline reporting system will yield reports from .5 to 2 percent of your employee base. If your reporting patterns are higher or lower, it may indicate mistrust of the hotline, misuse, or a widespread compliance issue. Isolate the data by location and department to identify micro-trends that could indicate problems within a subset of your corporate culture. Analyzing the data can help you stay a step ahead of emerging issues.

Response is critical to fairness in the system. Seeing a hotline system in action in this way can go a long way toward dispelling employee fears of being ostracized or experiencing retaliation because if they see that their concerns are heard clearly and addressed fairly, they will learn to view the hotline as a valuable conduit. If your compliance group responds promptly and appropriately to hotline complaints, you can ensure robust participation and ongoing success. Even when a complaint proves to be unfounded, it can still provide an opportunity to open a dialogue with employees and clear up any misunderstandings. Responding to reported issues also gives compliance officers a chance to prove that issues can be resolved or addressed while protecting the privacy and anonymity of the whistleblower.

Three Key Takeaways

1. Get the word out to your employees about your company hotline through a variety of mediums and platforms.
2. Train your employees on the use of the hotline.
3. Use data from your hotline to continually update and improve your compliance program.

In this episode, I visit with James Gellert, CEO of RapidRatings, a company which uses a financial dialogue to determine third party supplier health and viability. Gellert explains what supply chain resilience is and how can examining financial health of your suppliers can lead to a more financially efficient supply chain. We then discuss the company’s third party risk management tools. We consider how a company might evaluate a potential purchaser, partner or someone buying a part of a business. Finally we have a lengthy discussion of how a corporate compliance function use the health of a third party as a tool to determine third party compliance risk? 

For more information on RapidRatings, check out their website by clicking here.

After last week’s guest announcers, Jay and I return for a wide-ranging discussion on some of the week’s top compliance related stories, including: 

1. The first Declination of the Session’s Justice Department, Linde gas. For a copy of the Declination click here. For Tom’s discussion of the lessons learned, click here. 
2. The son of Equatorial Guinea's president went on trial this week in France for embezzlement of funds from the country. See article by Dick Cassin in the FCPA Blog. See Day 1 of trial report in the Global Anti-Corruption Blog.
3. The UK SFO charges four former senior executives at Barclays Bank criminally around funding issues in the 2008 financial crisis. See Tom’s article by clicking here.  
4. Embattled Uber CEO Travis Kalanick resigns under pressure. Will there be a backlash, who will run the company? See articles in the New York Times and Wall Street Journal. 
5. Compliance in the 21stcentury, welcome to ComTech. See Tom’s article in Compliance Week. 
6. Hui Chen departs the Justice Department with a flurry of tweets. Matt Kelly reports on Radical Compliance.
7. Jay previews his weekend report.
8. Everything Compliance-Episode 13 is in production and will be released next Thursday. Topics include Matt Kelly on Uber and the need for policies and procedures, Jonathan Armstrong on fake news around GDPR, Mike Volkov on blockchain and how it may change compliance, and Jay Rosen, Linde notwithstanding, on the dearth of recent DOJ FCPA activity. For a sneak peak, listen to Matt Kelly’s rant at the end of this podcast.

Who to suspend during any Foreign Corrupt Practices Act (FCPA) investigation is always a delicate question to answer. Unfortunately there is never an easy answer. As the Volkswagen (VW) emission-testing scandal continues to reverberate, it continues to bring up some very knotty questions, which have bedeviled the Chief Compliance Officer (CCO) or compliance practitioner in many areas. Today there is an example around internal investigations.

In an article in the Wall Street Journal (WSJ) entitled “Scope of VW Suspensions Grows”, William Boston reported on the ongoing internal investigation by the company’s outside counsel Jones Day. Boston noted that VW had “suspended a larger number of engineers than previously acknowledged, following a recommendation from the law firm conducting” the investigation. The article went on to state, “Jones Day urged suspension of anyone who could have been involved in the scam - from high level decision makers to ordinary engineers – to prevent possible perpetrators from tampering with the evidence”. 

This final statement emphasizes a key consideration in a FCPA investigation, which is to tie down the evidence. Former Arnold & White partner Mara Senn has said that “probably from the government's perspective, the most important aspect of setting up an investigation in a way that makes them feel comfortable, is ensuring that all data is locked down.” However, if you are worried about evidence tampering you may have a bigger problem on your hands. 

Pointing up the difficulties in making such a blanket sweep an un-named source, who provided this information to Boston, was quoted in the WSJ piece as saying “We had to suspend everyone in this area to get them out of the way of this process. This is necessary for the investigation, but it’s really hard for us because we are now missing their professional knowledge and experience.” 

This issue brings up another point that Senn has discussed, around when to suspend or discipline an employee during an internal investigation. Senn related, “That is a very case-by-case difficult question to answer, but in general, I think it’s better to keep them around for as long as you may need them. Once they’ve been fired or otherwise disciplined, really, even if you keep them around, they’re going to be less cooperative with you and possibly, if you fire them, not cooperative at all. You can require them to be cooperative in the termination agreement, but obviously in practice, cooperation can mean a lot of different things.” 

In view of the Schrems decision by the European Court of Justice (ECJ), I also wonder how the investigation will fair with the German based employees? Obviously there will be data that in the US would be deemed company-owned but in Europe it may well be private to the employee being investigated. This problem became even greater with the recent decision by Privacy Regulators from 28 EU nations that backed the ECJ’s Schrems decision that invalidated the Safe Harbor regime. As reported by Jo Sherman in the FCPA Blog, “that closed the legal pipeline by which data has flowed freely from the EU to the U.S. for the last 15 years. The rationale for the court decision and the subsequent backing of the EU Data Protection Authorities is that the surveillance powers of the U.S. government are considered to be too excessive and disproportionate, and can override the data protections for EU citizens under the Safe Harbor framework.” 

Lanny Breuer, the former number two at the Department of Justice (DOJ) and now a partner at Covington and Burling LLP, raised an interesting concern in the context of the Justice Department’s FCPA Pilot Program. It is around what Breuer terms “de-confliction”. This involves the government asking a company to halt its own investigation for the government to be the first to interview witnesses. At the FCPA Blog Conference, Breuer said that if “de-confliction” is required as cooperation to gain the benefits of the pilot program, such a request from the DOJ would be “an extraordinary request, in my view” because it “could lead companies to be unable to disclose to other agencies or to shareholders, and it could keep a board in the dark about the alleged wrongdoing.” Breuer added, “In general, publicly traded companies can’t just stand down from doing an investigation when such an allegation comes in.” He also commented that “he’d been asked to do so a couple of times.”

Breuer raised four questions during his presentation which every investigator must consider in the area of de-confliction. (1) Would complying with the request be consistent with directors’ and corporate officers’ fiduciary duty of oversight?; (2) How can a company make decisions without speaking with its employees?; (3) How will a delay affect the company’s other regulatory obligations?; and (4) How can external counsel advise a company without knowing the facts? Companies hire external counsel to conduct thorough investigations, evaluate their clients’ conduct, and provide informed legal advice. These tasks can be difficult if not impossible to accomplish where external counsel have their hands tied behind their backs. 

Clearly the DOJ could have a broader remit or be involved with other ongoing investigations where they might make such requests. However, such ‘de-confliction’ could stop a company from engaging in a root cause analysis or even robust investigation. At the same conference, an earlier panelist, Gerald Kral, the Chief Ethics and & Compliance Officer (CECO) of Brown-Forman, said on his panel that his company did an extensive root cause analysis of every claim or incident so it can not only understand what happened but put sufficient risk management protections in place to try and make sure it does not happen again. 

Three Key Takeaways

1. The decision on whom to discipline and when are critical decisions during any investigation.
2. You should take a case-by-case approach.
3. The de-confliction question can be quite troubling during an internal investigation.

Prior to the Schrems decision by the European Court of Justice, US based law firms could rely on Safe Harbor to use and analyze information from investigations conducted in Europe. However the Schrems decision and subsequent EU privacy rulings and regulations have brought the entire issue around internal investigations into question.

In a podcast interview with UK solicitor and data privacy expert Jonathan Armstrong about the decision, Armstrong noted that the decision puts real roadblocks in the path of a US company that could be investigating potential anti-corruption allegations in the UK or EU member country. The biggest issue would be around personal privacy and information. Unlike the US, work emails are covered by the privacy rights afforded to individuals and are not the property of the company. The same is true of other information. Under the Schrems decision, the ability of a US corporation to access that information and then take it back to the US under the safe harbor provision is no longer available. 

I asked Armstrong how a company might be able to move forward and internally investigate potential FCPA violations. Armstrong suggested that that the only way at this point was to obtain the consent of the person being investigated. However the obtaining of such consent raises a host of other problems. He said, “Can I really get consent in an internal investigation? Can I go along, speak to my Austrian agent and say, “Peter, I just need you to sign this form to transfer your data to the US”? Now, for consent to be valid the European legislation it has to be fully explained, it has to be honest, it can't be deceptive. I’ve got to say to him, “I want you to sign this form because I want to investigate you. I want to run a full FCPA investigation; you’re the prime suspect. I want to take a look at your emails and I have to inform you that by the way, you have the right not to consent and if you don’t consent there’s no way I can investigate you. Could you sign the form, please?”” As Armstrong went on to note, “What answer is he likely to give in an internal investigation and how would the US authorities feel if I go and tip off the main suspect that he’s under investigation?” 

With these two key components of any best practices compliance program, hotlines and internal investigations, seemingly now unavailable to CCOs or compliance practitioners for EU sourced information; I believe there will be additional pressure put on the compliance function. Obviously any US company with EU based operations will have to take steps immediately to ring fence such data originating in Europe. It may also mean that any inquiries will need to be headed by locally based compliance practitioners.

Moreover, if you couple this ruling in the Schrems decision with the Yates Memo, you immediately see the issue involved for any company which is seeking cooperation credit because such company is required to turn over any and all information to the Department of Justice (DOJ) as soon as possible. But now, even if companies can still develop facts and data through internal investigations, in the manner suggested by Pirrotta in using local law firms, you might not be able to get the information back to the US to use.

Worse yet, is the option laid out by Armstrong to obtain consent from an investigation target? Not only do I find it very improbable that anyone, European or otherwise, would give such a consent but in the unlikely event such consent is given, you have told the target, they are the target and other data sources might well begin to disappear. Armstrong put it starkly when he said, “you’re going to get no sympathy from the bribery prosecutors, bribery regulators if you mess this up. The SFO [Serious Fraud Office] have already lost the case, allegedly, on the way in which the US firm involved conducted the investigation. They will have, rightly I think, no sympathy at all for people whose investigations are themselves conducted unlawfully. It’s going to need a lot of careful thought to structure data transfers, even to structure interviews. How do you move those interview notes about, how do you look at emails, all of this stuff is going to be absolutely critical not only so that you don’t break data privacy data protection laws, but also tipping off witness, you know, interfering with the scene of an investigation, et cetera, et cetera. All of these things are critical.” 

How does the Schrems decision contribute to compliance at the tipping point? If you can use two of the key components in a best practices compliance program; based upon the DOJ/Securities and Exchange Commission (SEC) Ten Hallmarks of an Effective Compliance Program or another standard; it will put significant pressure on other parts of the program. A compliance program will have to be structured more rigorously to prevent FCPA violations through the use of internal controls and transaction monitoring tools. CCOs and compliance practitioners will also have to be more involved and have more visibility into the entire lifecycle of transactions so they can determine how to begin to move from even prevention to proscription of any FCPA violations. 

Just as the compliance world changed with the announcement of the Yates Memo, the DOJ Compliance Counsel and the VW emissions-testing scandal; the Schrems decision will change the need for a more robust compliance program going forward to help protect a company. 

Three Key Takeaways

1. The Schrems decision significantly impacted US based internal investigations.
2. Study the privacy laws of the country where you are performing your investigation.
3. Informed consent is difficult to obtain but it may be critical for your investigation.

On June 16, 2017, the Department of Justice (DOJ) issued a Declination to Linde North American Inc. and Linde Gas North America LLC (collectively “Linde”). This is the first Declination issued by the DOJ in the era of the Trump Administration. For that reason alone, it was instructive and should be studied by the compliance profession. However, the case presented several interesting factors which merit consideration so we are discussing in depth to present lessons to be learned for the Chief Compliance Officer (CCO) or compliance practitioner. 

The Bribery Scheme 

Linde acquired Spectra Gases, Inc. (Spectra Gases) in October 2006. In November 2006, it purchased certain assets from the National High Technology Center (NHTC) of the Republic of Georgia. One of the keys to this purchase was a piece of equipment called the ““boron column,” which were used to produce boron gas.” Sales of boron gas after the acquisition helped fund the purchase price and payout to Spectra executives who stayed on after Linde purchased Spectra Gases. 

Unfortunately, the three Spectra executives who stayed on were in cahoots with corrupt offices from the NHTC who made the sales agreement with Linde. Part of the Earn-Out by the former Spectra (now Linde) officials was paid to these corrupt government officials, both directly and through certain third parties. But the funding scheme to pay the bribes was quite creative and demonstrates once again to the compliance practitioner the myriad ways in which funds can be generated to pay bribes. 

For reasons not made clear, Linde did not purchase the boron column outright but allowed the former Spectra executives and the corrupt NHTC officials to form two new entities to own and operate the boron column, Spectra Investors LLC (Spectra Investors) and Spectra Gases Georgia, which was wholly owned by Spectra Investors. Spectra Investors was owned 51% by the corrupt NHT officials and 49% by the Spectra Gases executives who now worked for Linde. Spectra Gases Georgia was formed as a separate management company, by the NHTC officials, which was claimed to provide services to Spectra Investors for which it would receive recompense. Of course, there was no evidence of services being delivered under this arrangement as it was simply a mechanism to funnel monies to the corrupt officials. 

As a result of the ownership structure of Spectra Investors, with 51% being owned by corrupt NHTC officials and the management services contract, the corrupt NHTC officials received “approximately 75% of the profits generated by the boron column” while Spectra Gases received 25% of the profits. Clearly even with bribery and corruption, it was a bad business deal. In January 2010, Linde dissolved Spectra Gases and became its successor-in-interest and at some point later discovered the illegal conduct. Prior to the time of the dissolution, Spectra Gases had “received approximately $6,390,000”. After Linde became the direct owner, it “received approximately $1,430,000 as a result of the corrupt” actions. 

The Declination 

While there is a dearth of fact about how the matter came to the attention of Linde and when it disclosed the matter to the DOJ, the decision to decline to prosecute was based on the following factors: (1) Linde’s timely self-disclosure; (2) a “thorough, comprehensive and proactive investigation” [emphasis supplied]; (3) Linde’s full cooperation and meeting the Yates Memo requirement for disclosing all known relevant facts about the “individuals involved in or responsible for the misconduct”; (4) full profit disgorgement; (5) Linde’s enhancement of its compliance program and internal controls; and (6) Linde’s full remediation, including termination or discipline of the three Spectra executives and lower-level employees involved in the misconduct; termination of the fraudulent management contract between the corrupt NHTC officials and Spectra Investors and termination of the Earn-Out payment due to the former Spectra executives who became Linde employees. The company also made the following payments. 

 Lessons Learned 

This was yet another Foreign Corrupt Practices Act (FCPA) action where a company performed insufficient due diligence in the acquisition phase. The timing of the Linde purchase of Spectra Gases and Spectra Gases’ purchase of the income producing assets is too close in time to be a coincidence. It would certainly appear that Linde purchased Spectra Gases to facilitate its acquisition of the boron column and other assets. If your company is going to make such a multi-step acquisition, you must perform due diligence on all the actors and the assets involved. 

The Byzantine corporate structure created for the ownership of the boron column, its operation and management contract are clear red flags that any CCO should sniff out immediately. While I am sure the internal corporate excuse for this clear ruse was the ubiquitous ‘tax considerations’; every such transaction should be reviewed by compliance as well. Anytime there is more than one entity to accomplish one task, there is the possibility of fraud present. Further, it is not clear how Linde could not have been aware of the ownership interests of a company which it ultimately controlled. It would seem that the company did not even make any inquiry. 

Even in 2006, the Republic of Georgia’s reputation for bribery and corruption was quite high. The 2006 Transparency International-Corrupt Perceptions Index (TI-CPI) listed Georgia at 99 out of 176 countries listed so that alone warranted red flag scrutiny. If you are purchasing an entity in a country with such well known affinity for corruption, extra care is warranted. Perhaps back in 2006, Linde did not view the FCPA as something which it would deal with in such a situation. 

Yet even with all the apparent miss-steps and non-steps of compliance, the company was able to secure a declination from the DOJ. While there may be some additional penalties or sanctions by the Securities and Exchange Commission (SEC) for the failures of internal controls, the result obtained by Linde was certainly a superior result. The company would seem to have met the four pillars under the FCPA Pilot Program through (a) self-disclosure, (b) extraordinary cooperation, (3) full remediation, and (d) profit disgorgement. Interestingly, the profit disgorgement in this case would appear to have been beyond the five year of limitations for profit disgorgement under the recent Supreme Court decision in Kokesh. If there is a FCPA enforcement action brought by the SEC perhaps additional facts will be recited in any resolution documents. 

Nevertheless, kudos are due to Linde and its counsel for obtaining this declination. Every CCO should study it for both the superior result received and underlying facts to see if you face anything similar in the Republic of Georgia or elsewhere.

For a full copy of the Linde Declination, click here. 

 The concept of privilege in an internal investigation is critical. Two important privileges are the attorney/client privilege and the work product privilege. Unfortunately both are often miss-understood, miss-applied and consequently lost. 

One such recent example of the miss-application of the attorney/client privilege was in the trial of former PetroTiger co-Chief Executive Officer (co-CEO) Joel Sigelman has brought the issue of the parameters of the attorney/client privilege yet again. As part of its undercover operation the FBI wired up the then PetroTiger General Counsel (GC), Gregory Weisman, and instructed him to go meet with Sigelman to discuss the payments by the company to the wife of an official of the Columbian state owned energy company Ecopetrol. 

Sigelman’s counsel sought to have the video and audio recordings of this meeting suppressed based upon the attorney-client privilege that generally protects open communications between lawyer’s and their clients, where legal advice is sought by the client. To determine whether Sigelman has a valid claim, it is encumbent to understand the parameters of the attorney/client privilege. In an article, entitled “The Evolving Attorney-Client Privilege: Business Entities”, David E. Keltner wrote that under US federal law, the attorney/client applies when the following are present: 

1. A client is seeking legal advice or a lawyer’s services;
2. The person to whom the communication is made is a lawyer or his or her representative;
3. The communication relates to a fact disclosed from a client (a representative) to a lawyer (a representative);
4. Strangers are not present;
5. A client requires confidentiality. 

The significance of meeting each of these five prongs is critical. If they are met, “Absent privilege, once the attorney-client privilege is properly invoked – the privilege is absolute.” However the failure to meet Prong 1 is what doomed former co-CEO Sigelman’s efforts; as he was not seeking legal advice. It was former GC Weisman who flew to Sigelman’s home to confront him over the fact that the FBI had come to his house asking questions about the payments made in Columbia. Finally, it is important to note that the attorney/client privilege belongs to the corporation and not to any one individual. 

The attorney/client privilege can be waived. While there is a general recognition that “only an authorized agent of a corporation may waive the privilege of the corporation” Keltner advises that the “most frequently encountered instances of losing the privilege through selective disclosure” are in responding to a government investigation; supplying information to a government agency; information disclosed in certain Securities and Exchange Commission (SEC) filings or other required financial disclosures; in certain circumstances disclosures to external corporate auditors or accounting responses; any disclosure made to a third party not affiliated with a lawyer; and insurance disclosures. 

How should we apply the above to the situation faced by former co-CEO Sigelman? Was he simply meeting with his lawyer or was he seeking legal advice? As reported by Joel Schectman in the Wall Street Journal (WSJ), in an article entitled “Secret Informant Recordings to be Allowed in PetroTiger Case”, the trial court distinguished between having an attorney/client relationship from the attorney/client privilege. Schectman reported, “a judge in U.S. District Court in Camden said last week that merely having an attorney-client relationship isn’t enough to make all conversations privileged–a client needs to be actively seeking legal advice. “I cannot find a shred of indication that Weisman is there with the intention of giving legal advice to Sigelman,” Judge Joseph Irenas said, “or the converse, that Sigelman was seeking legal advice from Weisman.”” 

Interestingly the trial court did not opine on the question on who was the client in this situation. My experience is that most CEO-types think of a GC as their personal lawyer. That view is also misplaced as a GC works for a company and the client is the corporation. While he did not have to reach the question of who was the client in the Sigelman/Weisman meeting, the trial court might well have allowed the current corporate owners of PetroTiger to waive any privilege asserted by a former co-CEO. Schectman quoted G. Derek Andreson, a lawyer specializing in the Foreign Corrupt Practices Act, that “Attorney client privilege is often misinterpreted as broader than it is.” 

Did the FBI take advantage of some special type of relationship between Sigelman and Weisman? As reported in the article, in his brief attempting to suppress the evidence, Sigelman’s counsel said, ““Messrs. Sigelman and Weisman had a “long standing attorney-client relationship, one that fostered candor and trust between them–as any good attorney-client relationship should. The government took advantage of this trust.”” Such would seem to be the nature of wiring up cooperating witnesses; if they cannot engender trust with those they are speaking to and surreptitiously taping; it would seem they are of little use to authorities. 

For the attorney/client privilege to be of use to you, certain hard work must be done to establish the attorney/client privilege in the corporate context. The five prongs listed by Keltner must be fulfilled for the privilege to apply. Simply having a chat with your lawyer or even the company’s lawyer will not invoke the privilege or protect you. 

In addition to the attorney/client privilege there is another privilege which can come into play around internal investigations. It is the attorney/work product privilege. Keltner noted, “The attorney-client privilege and the attorney work-product doctrine are often asserted interchangeably. While there is some overlap between the two, the attorney-client privilege is significantly different than the attorney work-product doctrine.” Moreover as “codified in Fed R.Civ. P. 26(b)(3), [the attorney/work product] provides a qualified protection to materials prepared by party’s counsel or other representative in the anticipation of litigation.” The doctrine exists “because it permits lawyers to “work with a certain degree of privacy, free from unnecessary intrusion by opposing parties . . .”

The key is that it be prepared in anticipation of litigation Unlike the attorney-client privilege which belongs to a client, work-product immunity may be asserted either by the lawyer or the client. While the attorney-client privilege is included in the Rules of Evidence, the work-product doctrine is included in the Rules of Civil Procedure in the series relating to discovery. This makes it problematic to assert in the context of a criminal investigation. 

For in-house lawyers in the UK or EU countries however, there is no such work product privilege. Two recent examples brought up this key difference in US and UK and EU legal systems. First was the raid by German prosecutors of Volkswagen’s outside counsel, Jones Day’s offices for information surrounding the law firm’s investigation relating to the company’s emissions-testing scandal. The raid was based on a court issued subpoena. 

The second is the recent judicial decision out of the UK, involving Eurasian Natural Resources Corp. (ENRC). The UK’s highest court held the company must produce to the UK's Serious Fraud Office (SFO) documents the company claimed were privileged, including attorneys' notes of employee interviews conducted during the company's internal investigation. The SFO sought the documents as part of its criminal investigation into allegations of fraud, bribery, and corruption. The court largely rejected ENRC's claims of the work product privilege, holding that it does not apply when a document is not prepared for the sole or dominant purpose of conducting adversarial litigation. ENRC was required to produce the bulk of the contested documents because the investigation was a fact-finding exercise. 

Three Key Takeaways

1. Note the differences in the attorney/client and work product privileges.
2. Both privileges can be waived intentionally or through inadvertent conduct.
3. Take care on attorney work product outside the US, where there may be no privilege at all.

In this episode, James Koukios, a partner at Morrison & Foerster returns to discuss the firm's newsletter Top Ten International Anti-Corruption Developments for April 2017. In this episode we highlight the three following matters for discussion and what lessons can be garnered from them.  

World Bank Veteran to Change Positions.The World Bank announced that Pascale Helene Dubois would become the new head of the World Bank Group’s Integrity Vice Presidency, known as INT. The INT is an independent unit within the World Bank Group that investigates and pursues sanctions related to allegations of fraud and corruption in World Bank Group‑financed projects. Dubois is well known in the anti-corruption community and has long been a thought leader in this space. In her current post, she has worked to increase transparency and due process at the World Bank generally and in the Office of Suspension and Debarment specifically. Koukios relates how Dubois’s work and that of INT has helped foster greater cooperation between the World Bank and law enforcement agencies around the world.

Engineering Firm and Its Executive Debarred by World Bank for Bribery in Southeast Asia.

In April the World Bank Group announced the debarment of Denmark-based Consia Consultants ApS and its managing director. According to the World Bank, INT’s investigation revealed evidence that the company made payments to officials to influence contract awards in connection with the World Bank-financed Strategic Road Infrastructure Project in Indonesia. The World Bank stated that the company further failed to disclose its agreement and commissions paid to its agent in connection with the project and misrepresented the availability of key staff it has claimed would be assisting with the execution of its technical assistance contract under the project. The World Bank also said it found evidence that the company made corrupt payments in Vietnam in connection with the Hanoi Urban Transport Development Project, in addition to fraudulent misconduct relating to the Second Northern Mountain Poverty Reduction Project. The World Bank debarred the company for 14 years and its managing director for 3.5 years.

Former Diplomat Pleads Guilty to FCPA Charges in United Nations Bribery Case, While Judge Denies Motion to Dismiss FCPA Charges against Another Defendant.

On April 28, 2017, Francis Lorenzo, a former deputy ambassador from the Dominican Republic, pleaded guilty in the Southern District of New York to conspiring to violate the FCPA and to pay and receive bribes and gratuities in a bribery scheme allegedly involving Ng Lap Seng, a Chinese national and real estate developer accused of bribing former U.N. General Assembly President John Ashe. Lorenzo pleaded guilty to related charges in 2016 and is expected to testify against Seng at trial, currently set to begin May 30, 2017. Two days before Lorenzo’s guilty plea, on April 26, 2017, Southern District of New York Judge Vernon S. Broderick denied Seng’s motion to dismiss FCPA and related charges against him, finding that the superseding indictment sufficiently presented the essential facts underlying the charges and that the prosecution had made sufficient disclosures concerning the nature of the charged offenses by other means, including through the various complaints filed in the case, extensive discovery, agent affidavits, and a written response to Seng’s letter request for a bill of particulars.

To read a full copy of the firm's newsletter, click here. 

In this episode, I visit with Roy Snell about his recent announcement that he is stepping down as head of the SCCE. We review the current state of the SCCE and how the Roy has seen the compliance evolve from its start after the 1992 US Sentencing Guidelines. We discuss where Roy sees compliance going in the next several years and where the SCCE may go to support the profession. 

This announcement comes when the SCCE has grown to 50 staff members and one of the has one of the strongest boards in the professional association world. the SCCE has a strong footprint in the US and is a material player internationally with 17,500 members in 95 countries. It has a great reputation and its success to date has been quite remarkable. 

The call for applications will close on August 20th 2017.  A detailed job description and position summary are available at http://www.corporatecompliance.org/CEO.  SCCE plans to complete the interview and selection process in the Fall of 2017 and onboard a Deputy CEO in early 2018. The Deputy CEO will likely assume the role of the CEO sometime in 2019. Roy will stay on with the organization for roughly one year to work on special projects. To be considered for the CEO of SCCE and HCCA, please fill out the questionnaire with return instructions available at: http://www.corporatecompliance.org/CEO.

Day 14-Miranda and Internal Investigations: What Rights Does an 

Must an investigator warn an employee that concealing information from company lawyers conducting an internal FCPA investigation could be a federal crime? Even if the company attorneys handling the investigation provided the now standard corporate attorney Upjohn warnings, does a company attorney asking questions morph into a de facto federal agent during an internal company investigation regarding alleged FCPA violations and is the attorney thereby required to provide a Miranda warning to employees during a FCPA investigation? 

In a recently released paper entitled “Navigating Potential Pitfalls in Conducting Internal Investigations: Upjohn Warnings, “Corporate Miranda,” and Beyond”[1] Craig Margolis and Lindsey Vaala, of the law firm Vinson & Elkins, explored the pitfalls faced by counsel, both in-house and outside investigative, and corporations when an employee admits to wrong doing during an internal investigation, where such conduct is reported to the US Government and the employee is thereafter prosecuted criminally under a law such as the FCPA. Margolis and Vaala also reviewed the case law regarding the Upjohn warnings which should be given to employees during an internal FCPA investigation.

Employees who are subject to being interviewed or otherwise required to cooperate in an internal investigation may find themselves on the sharp horns of a dilemma requiring either (1) cooperating with the internal investigation or (2) losing their jobs for failure to cooperate by providing documents, testimony or other evidence. Many US businesses mandate full employee cooperation with internal investigations or those handled by outside counsel on behalf of a corporation. These requirements can exert a coercive force, “often inducing employees to act contrary to their personal legal interests in favor of candidly disclosing wrongdoing to corporate counsel.”  Moreover, such a corporate policy may permit a company to claim to the US government a spirit of cooperation in the hopes of avoiding prosecution in “addition to increasing the chances of earning meaningful credit under the US Sentencing Guidelines or the FCPA Pilot Program. 

Where the US Government compels such testimony, through the mechanism of inducing a corporation to coerce its employees into cooperating with an internal investigation, by threatening job loss or other economic penalty, the in-house counsel’s actions may raise Fifth Amendment due process and voluntariness concerns because the underlying compulsion was brought on by a state actor, namely the US Government. Margolis and Vaala note that by utilizing corporate counsel and pressuring corporations to cooperate, the US Government is sometimes able to achieve indirectly what it would not be able to achieve on its own – inducing employees to waive their Fifth Amendment right against self-incrimination and minimizing the effectiveness of defense counsel’s assistance.

So what are the pitfalls if private counsel compels such testimony and it is used against an employee in a criminal proceeding under the FCPA? Margolis and Vaala point out that the investigative counsel, whether corporate or outside counsel, could face state bar disciplinary proceedings. A corporation could face disqualification of its counsel and the disqualified counsel’s investigative results. For all of these reasons, we feel that the FCPA Blog summed it up best when it noted, “the moment a company launches an internal investigation, its key employees -- whether they're scheduled for an interview or not -- should be warned about the "federal" consequences of destroying or hiding evidence. With up to 20 years in jail at stake, that seems like a small thing to do for the people in the company.” 

Let’s keep on skipping down the lane and see where we go. What if the company gets its investigation wrong and wrongfully identifies an employee? At least in a few states, a wronged employee can sue for defamation. Yet not in Texas and a recent Texas civil case demonstrates why companies and internal investigators need to be aware of local laws, regulations and requirements. 

The Texas Supreme Court in Shell Oil Co. v. Writt, held that an internal investigation report Shell provided to the U.S. Department of Justice about potential FCPA violations is “absolutely privileged” in a defamation proceeding and cannot be used to form the basis of a defamation claim. 

Writt had alleged that Shell defamed his character when the company "voluntarily” reported to the DOJ on the findings of an internal investigation the company conducted into its relationship with Panalpina -- an investigation that culminated in the company’s 2010 FCPA settlement with U.S. enforcement authorities. Writt claimed that Shell’s internal investigation report falsely implicated him in the payment of bribes and accused him of providing inconsistent statements during multiple interviews conducted in the course of the investigation. 

The trial court initially granted summary judgment in favor of Shell, dismissing Writt’s suit on the basis that Shell enjoyed an "absolute privilege" to make statements to the DOJ regarding its internal investigation. The Texas Court of Appeals overturned this decision, refusing to characterize a “voluntary” pre-prosecution internal FCPA investigation as a judicial proceeding. Instead, the Court of Appeals held that Shell was only entitled to qualified privilege, under which a speaker can still be liable for defamation if the speaker "knows the matter to be false or does not act for the purpose of protecting the interest for which the privilege exists." 

The Texas Supreme Court held “at all relevant times” Shell had been the target of a DOJ FCPA investigation and asserted that this investigation, which eventually resulted in a criminal settlement with Shell, satisfied the standard that “the possibility of a proceeding must have been a serious consideration at the time the communication was made.” 

The Supreme Court also highlighted “the DOJ’s leverage over Shell vis-à-vis the FCPA and its somewhat draconian penalties…,” which “compelled [Shell] to undertake its internal investigation and report its findings to the DOJ.” The court specifically pointed to the dramatic increase of FCPA enforcement actions before mid-2007 when the DOJ notified Shell of its investigation, noting that “businesses that chose not to cooperate were subject to substantially greater punishments….” 

At a time when the DOJ and SEC have become increasingly vocal in calling for companies under investigation to secure and provide evidence of individual culpability, a decision that did not provide Shell with absolute privilege could have had a far-reaching impact on how companies conduct internal investigations and cooperate with enforcement authorities. 

As it stands, the Texas Supreme Court’s decision in Shell Oil Co. v. Writt may incentivize cooperation by companies in the early stages of the enforcement process by providing certainty to potential corporate defendants, particularly those located in Texas, that good faith efforts to disclose the results of internal investigations and expose individual culpability will not leave them open to defamation claims. 

Three Key Takeaways

1. Make sure you provide an Upjohn warning.
2. If an employee demands counsel to represent them during an internal investigation, who bears the cost?
3. Always check state law requirements around internal investigations. 

When then Assistant Attorney General Sally Yates, announced the Memo that bears her name, she said the following, “we have revised our policy guidance to require that if a company wants any credit for cooperation, any credit at all, it must identify all individuals involved in the wrongdoing, regardless of their position, status or seniority in the company and provide all relevant facts about their misconduct. It’s all or nothing. No more picking and choosing what gets disclosed. No more partial credit for cooperation that doesn’t include information about individuals.” This statement ties directly into the first point of the Yates Memo, which stated, “To be eligible for any cooperation credit, corporations must provide to the Department all relevant facts about the individuals involved in corporate misconduct.” 

The Yates Memo and Yates’ remarks indicated a transition to a new era of FCPA enforcement. The Yates Memo required that the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) to investigate individuals immediately at the start of investigations. She stated, “the department instructed its attorneys that, going forward, they are to focus on individuals from the start of an investigation, regardless of whether the investigation begins civilly or criminally. Moreover, once a case is underway, the inquiry into individual misconduct can and should proceed in tandem with the broader corporate investigation. Delays in the corporate case will no longer suffice as a reason to delay pursuit of the individuals involved.” Even though these remarks were directed at government lawyers, corporations are now required to initially change the focus of their investigations from attempting to perform any type of root cause analysis to obtaining evidence against individuals and turning it over to the government as soon as possible. 

For the Chief Compliance Officer (CCO) or compliance practitioner, this means the entire focus of your investigative protocol has changed. Previously an investigation was to determine how conduct that might have violated the FCPA had occurred, then focus on how to remedy it. The first step a CCO or compliance practitioner would take when sufficient evidence was developed was to fix the problem so that it did not re-occur going forward. If there were compliance program or internal control weaknesses, they would be immediately fixed so that neither the original perpetrators could continue the conduct but also so others could not take advantage of any such structural weakness. 

After the Yates Memo, that is no longer the case. The DOJ now expects you to bring them information about potentially culpable individuals who can be prosecuted going forward. This means employees are going to immediately stop talking to you if they were inclined to do so in the first place. It will require performing an essential root cause analysis more difficult and the attendant remedy that is a part of any best practices compliance program. 

But Yates went further than simply saying the DOJ expects you to turn over your own employees. She made clear that both she and the DOJ want companies to give up senior executives involved in illegal conduct. She said “We’re not going to be accepting a company’s cooperation when they just offer up the vice president in charge of going to jail.” Here the difficulty is around the FCPA requirement for a criminal prosecution or intent. How do you determine intent in a manner where senior executives may never have been involved directly in a transaction? Does this mean insufficient tone at the top will somehow morph into intent for a FCPA prosecution? Whatever it may mean going forward, at the very least I think it means that high heads in an organization could very well start to roll. 

The Yates Memo, when read in conjunction with the Frederic Bourke conviction, make clear that senior management, as well as other individuals, are now directly in the DOJ’s sights to prosecute for FCPA violations. This means that even if lower level employees are engaging in conduct which senior management did not know about or even told them not to engage in; senior management may be deemed by the DOJ to have engaged in conscious indifference by not engaging in ongoing monitoring as a part of an overall best practices compliance program. Simply expecting that employees will not violate the FCPA is no longer enough. Companies must monitor transaction to detect and prevent violations. With the Yates Memo now the effective policy of the DOJ, senior management who do not actively monitor their organizations may subject themselves to personal FCPA criminal liability.

Given the scrutiny of the Standard Bank Deferred Prosecution Agreement (DPA) in the UK, I think it may well be the time where enforcement authorities begin to look at those responsible for an activity where a violation of anti-bribery/anti-corruption laws take place in addition to those committing the legal violation. Bourke was found guilty for conscious avoidance. How much of a stretch will it be for those senior managers who allow such behavior to be seen as either the norm or indeed expected? John Kay, writing in the Financial Times (FT) in an article entitled “Ignorance is no defence for financial misconduct”, wrote in the context of financial institution misconduct “If it is a criminal offence to be in charge of a den of thieves, the prosecution need only establish that you were in charge of it, not that you were yourself a thief. It is no defence that you thought the organisation was a monastery, which is broadly the argument employed by those made ‘physically ill’ by the discovery of what their subordinates had been doing.” After the Yates Memo, the same may hold true for senior management in companies which violate the FCPA.

The impact of the Yates Memo was magnified by Attorney General Jeff Sessions through his remarks at the Ethics and Compliance Initiative (ECI) in April 2017. He reiterated that the DOJ would focus on individual criminal misconduct in the context of enforcing the FCPA. This continued emphasis will mean that there is even more pressure on corporate compliance programs to get it right and get it right sooner rather than later. 

Three Key Takeaways

1. If companies want any credit, they must investigate potentially culpable individuals first and turn over the results to the DOJ.
2. This may require companies to more thoroughly investigate conscious indifference.
3. Never forget conscious avoidance is specifically prohibited under the FCPA.

In this episode, Mike Volkov and I discuss how blockchain has the potential to transformation compliance and may facilitate some truly revolutionary modifications in key businesses processes. I see some great value propositions for the compliance function. 

For further reading, see:

Blockchain and the Future of Compliance, by Mike Volkov. 

Will Blockchain Transform Compliance? by Tom Fox

How Blockchain Will Change Organizations, by Don Tapscott and Alex Tapscott in MIT Sloan Business Review. 

Blockchain Explained, by Zach Church in MIT Sloan Management Review. 

This week, as their tribute to their Dad, we are guest hosted by Jay’s daughters, Millie and Michela. They lead us through a wide-ranging discussion on some of the week’s top compliance related stories, including:

1. The Covington and Burling report on corporate culture at Uber. For what it means to the compliance practitioner, see Tom’s piece in the FCPA Compliance & Ethics Blog. For another view on the car crash of corporate governance at Uber, see Matt Kelly’s piece in Radical Compliance. Finally for an article the on investor who took on both Uber and Silicon Valley for similar issues, see this article on NPR.
2. Swiss banker, Jorge Luis Arzuaga pleads guilty to laundering money for FIFA officials. See article by Dick Cassin in the FCPA Blog.
3. DOJ files civil forfeiture complaints Thursday against an additional $540 million in assets allegedly bought with money looted from a Malaysian sovereign wealth fund, 1MDB. See article in the WSJ by clicking here.
4. Adnan Khashoggi, the Saudi arms dealer in the middle of the giant 1970s bribery scandal that led to enactment of the FCPA died this past week. See article by Dick Cassin in the FCPA Blog.
5. CCOs still struggle with outdated technology, siloed data. See article by Aarti Maharaja in the FCPA Blog. See Ethisphere-Convercent Report, by clicking here.
6. Brazilian prosecutor-turned-lawyer under ethics investigation following J&F settlement. See article by Michael Griffiths in GIR by clicking here (sub req’d)
7. Jay previews his weekend report.
8. Tom continues to talk about the release of his new book 2016 – The Year in Corporate FCPA Enforcement. For more information and to purchase, click here.
9. Happy Father’s Day to all you dads out there.

What are the characteristics of a good interview in the context of an internal investigation? Is there one technique you can use which will provide you the results you want to achieve? How should you think through your questions and document review prior to the investigation? In this episode, I explore these and other questions, in an interview with noted internal investigation expert Jonathan Marks, a partner at Marcum LLP for this piece. 

Marks began by making it clear there is no one right way to prepare for and conduct an interview. What is important is that you have a plan and execute on that plan. He said he begins by obtaining an understanding of what the various stakeholders want answers to. This could include the Board of Directors, C-Suite executives, the General Counsel and legal department, the Chief Compliance Officer and compliance function or up to government regulators such as the SEC or Justice Department.

Marks feels it is important to interview witnesses as soon as you can reasonably do so to prevent multiple witnesses from getting together and coordinating their stories. You should recognize you are never going to have perfect information so you should try and tie down the story. If the witness is not an English speaker, you should have a translator present. Marks suggests having a second person with you to take notes so you can watch the witness’s facial expressions and body language, noting, “There have been a lot of situations where I have found that being an effective listener is much more critical than being an effective note taker. Listening to what the interviewee is saying when you ask them the question is critical because it sets everything up. Having somebody there to take notes gives me the opportunity to really focus in on a couple of different things. It allows me to focus in on their verbal cues. It allows me to focus in on their body language. It allows me to focus in and listen to what they're saying, or a lot of times what they're not saying.” He cautioned that the note taker should be free from bias and subjectivity, simply taking down a detailed recitation of the witness’ testimony. 

Interestingly Marks does not view his interviews as putting the witness “in the box”. He attempts to establish a rapport with the witness so they will be more forthcoming in their responses. Marks said, “I don't view this as a contentious exercise. I never have and I never will. I view this, like I said before, as building rapport. If somebody feels like you're cross-examining them, or it's a very structured and not free-flowing conversation, allowing them to answer the questions in a comfortable and a secure environment.” It is all an effort to garner an understanding of what facts the witness has, what the witness may not be aware of and determining others, both inside the organization and outside, who might be potentially involved. 

Marks emphasized that an investigation should not be viewed as an interrogation. He avoids what he termed “loaded questions” such as “Why did you bribe the inspector?" Instead, he designs his questions to circle around such a point. He also notes the age old maxim to avoid compound questions. He concluded by noting you should try and develop facts during the interview, get to exactly what occurred, when did it happen, where did it happen, who, if anyone else, was present with you. He also added you can use other lines of inquiry such as “Who else may know well of an information? How did this happen, or do you know how it happened? Why did happen? Are there notes, documents, phone messages, emails or other evidence that you could provide to me that support what you're saying? A lot of times in an interview if somebody is willing to talk they usually have something that they could provide.” He concluded by intoning, “A lot of times if you don't ask you don't get.” 

Marks believes it is a best practice is you get everything down immediately so “as soon as the interview is over I spend time with my partner in the interview with me going over all our notes, making sure that we both understood exactly what was said and how it was said. If there's any observations they I had during a question that may have not been in the write-up, we add those things.” He believes this is important because “the longer you wait, the more inaccurate your account of what happened becomes. I've always made it a practice that after the interview we get right to it, we write up our notes. We agree what was said, how it was said and add any other observations that we had during the interview process.” 

Marks concluded by recalling another analogy he consistently refers to in any discussion of internal investigations, that it is a “chess match”. An interview is also a chess match as “When you're playing chess you have to think a couple of moves ahead if not three, four or five. We talked about in and out, out and in methods of conducting interviews when there's more than one individual or several people that might have information related to the allegations.” 

Marks also discussed some strategies around the interview process. The first is what he termed the “inside-out” strategy which he would advocated using if allegations extend beyond the enterprise. In this technique, you interview people inside the organization first, and then maybe go out to third parties. The converse is an “outside-in” strategy and you can do a combination of both. He also noted one other technique which is conducting concurrent interviews. Marks advocates using this strategy “If you think people are going to talk or you think there's potential collusion. Conducting simultaneous interviews sometimes prevents those individuals from coordinating and collaborating on their story and what they're going to tell you.”

Three Key Takeaways

1. There is no one right way to prepare and do an interview.
2. The interview should not be confrontational.
3. The interview, like the entire investigation process, is a chess match.

Today, I want to consider some of the challenges you may well face during an investigation.  Beyond the basics, a company must consider the intake process as a starting point, however Marks noted one of the biggest challenges is in the intake process. Rather surprisingly, he noted there are still companies without a hotline or anonymous reporting system, stating “we still see organizations whereby there is no formal ethics hotline except for the fact that they might send an email to some member of management or some member of the board.” 

The lack of an intake process immediately presents a challenge in beginning to work through an allegation of wrongdoing due to the inability to track when the allegation or information was received, who sent it, who received it, what did the company do when they received it? If a company has a formal ethics reporting system, with recordation of information “there’s some workflow, it’s a lot easier to kind of work through some of those things”, so there is an appropriate level of documentation to follow. 

Yet Marks has seen failures in even these basic steps “many times people do not read their emails on a timely basis, and getting to the root of the issue quickly could be the difference between somebody allowing the company to investigate this the right way, or incentivizing an individual to go outside the organization such as to SEC whistleblower program.” This makes the intake process critical because it assures that things are not only received, “but they’re looked at on a regular and timely basis and there is a process.” 

One area that still causes challenges is retaliation against whistleblowers. You might think that corporate America got the message that not only is retaliation incredibly idiotic and divisive but also illegal under both Sarbanes-Oxley (SOX) and Dodd-Frank but sadly that is not the case. Marks believes that avoiding retaliation is critical not only for an organization but also to foment a successful investigation. He stated, “Avoiding retaliation is very critical. I think there’s a real opportunity where human resources, if properly trained, can work with the rest of the team members and advise them on things that they should not be doing and things that they should be doing in order to avoid either the appearance of retaliation or the actual retaliation against the individual or individuals who reported or brought forth the potential of the alleged misconduct.” 

Equally important is that a company wants to encourage a stand-up culture. When individuals are trying to do the right thing, you certainly want to inspire other to do so as well. Marks related, “When somebody reports an ethical lapse, it generally means to me that they’re doing their job. And so, the indirect impact, or sometimes the direct impact of that is sometimes people are looked at as snitches or not towing the company line or they’re just generally out of bounds can negatively impact the organization.” 

An area where Marks has seen companies have difficulties in is what he termed threatened or pending litigation. Any investigation can morph into a much more serious situation and you must be ready to answer such questions as “(1) Does this gravitate itself into a class action lawsuit? Or (2) Does this gravitate to a regulatory review and subject to some punishment there?” The key is that as the investigation begins to uncover things and certain facts come to light, pending or threatened litigation is something that should always be discussed, but discussed very carefully and it should be discussed once those facts come to play. Sometimes you don’t have all those facts but sometimes it does make sense to kind of prognosticate and consider situations such as “This is what could happen. These are the issues that potentially could be uncovered.” Marks concluded, “I really do think that it’s important to think a couple of steps ahead and look at this as a chess match and never underestimate the fact that there could be pending or threatened litigation.” 

Not surprisingly, another area of challenge is when the regulators will not accept the investigation or are not satisfied with the results. While I would submit that if you follow the strictures laid out by Marks, that will satisfy regulators, he noted that there must be an appropriate level of skepticism brought by the investigation. He said there can be regulator issues when “there was not proper skepticism, there was not proper independence or simply things were not looked at under the right lens.” But once again the answer is to go through the steps that Marks laid out, or any other well defined protocol and have an independent team handling the investigation.

Interestingly,a similar situation can arise if a company’s own auditors refuse to accept the results of an investigation. Marks said this is usually related to some type of unexpected development arises in an investigation. Marks noted, “when auditors are involved the element of surprise is never good.” He believes it is important to keep internal audit aware of developments as “they might want to do a shadow investigation, they might want to understand the scope of your expanded investigation and most certainly they want to understand the financial impact.” The reason is that if the company auditors do not accept your investigative results, “they may send you back to the drawing board. When that happens, all types of problems could manifest themselves or come out.”           

Marks noted that at times the most difficult challenge is when the company itself is reluctant to accept the results of the investigation. This comes when a company is in denial, believing it has a robust compliance program and internal controls or, worse yet, it simply believes that it is an ethical company. One or more of these indicia usually manifest themselves as a company with paper compliance program, a Chief Compliance Officer (CCO) with a title but no authority and a weak compliance culture. Marks said, “When I say the company does not respect the investigation, it’s almost like they’re fighting with you because they believe that nothing could ever go wrong. That really does send a very, very clear message, not only internally, but should it get out externally as well. It’s an indication to us that there’s a problem with the culture, there’s a problem with the compliance program, there’s generally a problem with governance overall. There are probably bigger issues there other than the matter that’s generally on the table.” 

Planning your investigation, having the right team members involved and meeting the challenges which inevitably arise during an investigation can be difficult. However, beginning with the Department of Justice’s (DOJ’s) Yates Memo and the Foreign Corrupt Practices Act (FCPA) Pilot Program and the release of the DOJ’s Evaluation of Corporate Compliance Programs (Evaluation), the pressure on every CCO and company to get an investigation done quickly, efficiently and, most importantly, done right is even greater now. Jonathan Marks has laid out a concrete way for you to think through how to plan an investigation, staff it properly and meet the inevitable challenges.

Three Key Takeaway

1. The intake process may seem the most straight-forward but many companies drop the ball at this initial step.
2. You must never retaliate against employees who come foreward in good faith.
3. Always think several steps ahead.

In this episode, I visit with Lauren Briggerman, a member at the firm of Miller & Chevalier. She discusses the latest edition of the firm newsletter, Executives at Risk: Navigating Individual Exposure in Government Investigations-Spring 2017. We discuss several recent developments in significant government investigations which highlight the tactics prosecutors are deploying and the risks faced by corporate executives: 

• German authorities raided an outside law firm retained by Volkswagen's supervisory board in the emissions investigation, as well as the offices of the company's Audi division. 
• U.S. agents conducted a multi-agency raid of three Caterpillar Inc. offices in Illinois related to the company's effort to shift billions in profit from the U.S. to a Swiss affiliate to secure a favorable tax rate.  
• The founding partners of the law firm at the center of the Panama Papers scandal were arrested by Panamanian authorities on money laundering charges related to Brazil's ongoing "Operation Carwash" corruption investigation.
• The DOJ's Antitrust Division raided the domestic shipping container industry's trade association and issued subpoenas to numerous companies in the industry.  

In this episode I visit with Luciana Silveira, a PhD candidate who is studying the FCPA and how it is has affected international trade flows. Some of the questions she is considering include the following: Was US business abroad affected? Did US companies decide to change their foreign business strategy because of the FCPA? After so many years of the law, what is the private sector overall opinion about the FCPA?

Silveira believes the answers to these questions  are neither straightforward nor simple. To that end, the PhD research she is developing will hopefully provide us with some new and updated answers, as well shed more light to the impacts of the FCPA to US international trade. Equally importantly, she is using the FCPA as reference to my studies on potential impacts of the Clean Company Act, a similar anticorruption legislation that came into force in Brazil in January 2014. To complement a quantitative analysis regarding merchandise trade flows, she is using a 15-questions survey (available at https://ldosilveira.typeform.com/to/uhtKYZ). It is confidential, and there is no question that requires strategic corporate information. She hopes that you will participate as all input is welcome and encouraged.

Mara Senn and a colleague, Michelle Albert, published in the FCPA Report, Volume 3, Number 1, entitled “Internal Investigations, How to Conduct an Anti-Corruption Investigation: Developing and Implementing the Investigation Plan”. I interviewed Senn on her thoughts about handling a cross-border investigation. 

1. Offer Interview Translations           

While many people outside the US have various levels of capabilities in a non-native language, when you get into the very detailed questions in an interview, they may have enough English skills that you assume they understand everything, but in fact, they do not. You may ask a key question, for example, about expense reports, maybe they understand conversational English, but there's no reason for them to know expense reports. This makes it important to have someone present in the interview that speaks the witness’s native language, and just assume that there are going to be times where you’re going to need to call on that person. 

2. Avoid Cultural Pitfalls

Cultural pitfalls are really truly pitfalls and, unfortunately, they can be big deep holes that you do not know anything about, but you can fall into pretty easily. She provided the issue of personal privacy as an example, where most countries have a different concept of privacy, particularly about whether your work area is your own versus what really belongs to the company. You should seek local counsel guidance to understand what needs to be done and also explain to you the best way to do it without offending people.       

3. Observe Data Privacy Restrictions 

Most American lawyers are aware of different data privacy restrictions and requirements in countries governed by the European Union (EU) and the US. The point under this best practice is that your analysis and response must go much further to satisfy the US Department of Justice (DOJ) if you want to claim that you cannot get certain information out of a country because of data privacy restrictions. 

4. Comply with Labor Requirements 

Similar to the long-standing Weingarten right of unionized employees in the US to have a representative present for interviews, in many countries outside the US there are Works Council and similar analogs in other countries, where, basically, the Works Council is responsible for the interactions between the employers and the employees. Moreover, employees have certain statutory or labor code based rights as employees, regardless of whether they are members of a labor union or not. These rights can drill down into the types of questions that you can ask or even prevent you from meeting with or interviewing certain employees. 

5. Be Aware of Other Local Requirements 

Points three and four certainly lead into best practice No. 5. It is incumbent that you work with local counsel in the country you are performing the interviews to garner an understanding of the witnesses rights and your obligations during any investigation. She explained that many ways a US lawyer would think about doing an investigation could be problematic in other jurisdictions. She gave the examples of taking pictures or physically removing documents from a location, which could be issues that you might face. You certainly need advice and counsel on what is legal and what might not be going forward.

6. Put Forms in Native Translations           

There are times that the only way an investigation can collect an employee’s personal information is to obtain affirmative assent. Such information might include work documents, work emails, or similar information. However she cautioned that in this situation it is even more important to put the consent form in the native language. You do not want the employee to later claim they did not understand the consent form or thought they were executing something different. It can be critical that you have informed consent, because if you do not have informed consent, that consent could well turn out to be void. 

7. Preserve the Attorney Client Privilege 

The rules outside the US can be quite different and perhaps a little bewildering. In many European countries there is no privilege from an in-house counsel, so if a General Counsel (GC) of a company speaks to the President or Chief Executive Officer (CEO) there is absolutely no privilege under basically any circumstances in Europe. Senn then noted that other jurisdictions have other kinds of laws, each with a slightly different parameter, leading to different attorney-client expectations. 

8. Prepare for Local Enforcement Actions 

Many countries are becoming more aggressive in their enforcement actions for bribery and corruption, sometimes based upon local and domestic anti-bribery laws. This means the information which one government knows, whichever government that is, you should expect and assume that multiple governments are cooperating in some way. This then makes it more likely that there could well be some sort of local enforcement action against your client while you are investigating matters around a FCPA claim or potential FCPA claim.

9. Prepare for Security Risks 

This means personal security, physical and health safety. Simply consider the recent situation when Ebola was going around Western Africa or Central Africa. If you are conducting an investigation in such ravaged areas you should not send your employees to Liberia at that time to interview people. The same can be true in worn-turn areas like Syria or similar locales. 

The better plan would be to remove the people you are interviewing and bring them to you or to a local hub outside of the impacted areas. That avoids a whole host of issues, as you do not want to have to pay for extra security, for example you do not want your employees to have to walk around with loaded machine guns protecting them; you have to make a judgment call as to where and whether these potential threats need to be addressed in some way. 

10. Protect Whistleblowers 

Here Senn had some very practical advice, which while it might seem counter-intuitive on the surface due to certain legal decisions, it might actually provide more protections for companies in the long run. Senn began by noting the 2nd Circuit Court of Appeals ruling in the Liu case, which essentially found that the Dodd-Frank retaliation provisions that protect whistleblowers in the US do not apply abroad, so in other words, a foreign whistleblower brought a case saying, “I was retaliated against and I bring a case under the retaliation provisions of Dodd-Frank,” and they said, “No way, you can't bring it.”           

Senn believes that companies that use the Liu decision as a basis to retaliate against whistleblowers outside the US are wrong for several reasons. First, is that the Securities and Exchange Commission (SEC) has announced they will still pay whistleblower outside the US, who come forward and meet the requirements, the Dodd-Frank bounty of up to 30% of the penalty. This means that even if courts determine that the Dodd-Frank provisions do not apply for retaliation for foreign nationals, the SEC can still honor the communication and compensate the foreign whistleblower. 

The second reason is the US Sentencing Guidelines make clear that part of an effective compliance and ethics program includes having a publicized system for employees or agents to report potential or actual criminal conduct without fear of retaliation. These Sentencing Guidelines apply to all US companies, both domestic and internationally. If your company retaliates against foreign whistleblowers, the US government can take that into account, which could be viewed in a negative way, meaning that you don’t have an effective compliance and ethics program.

Three Key Takeaways

1. Use translators and translations of key documents in witness interviews.
2. Use local counsel to facilitate the investigation and to help navigate any local anti-corruption investigation issues.
3. Never, never, never retaliate. The SEC will pay whistleblower bounties for non-US citizens.

In this episode, Matt Kelly and I take a deep dive into the corporate governance fiasco which is Uber. We consider the revelations in the failures of corporate governance, culture and internal controls at the organization. The company provides a fascinating study of what happens when a tech start up raised in the fraternity culture is successful and how changes are required for it to act like a multi-billion organization. Both Matt and I have written on Uber. Our podcast comes out the same day the Holder Report to the Uber Board was released so we weave in the recommendations from Covington & Burling as well. 

For more on Uber see the following: 

Matt Kelly’s piece Car Crash Governance at Uber

Tom Fox’s pieces on Uber

 Will Culture Change at Uber Before its Too Late

CEOs and Win at All Costs-Where Does it Lead

Uber and Corporate Culture

For a copy of the Holder Report on corporate governance, cultural and internal controls failures at Uber and recommendations, click here.

Beginning with the Department of Justice’s (DOJ’s) Yates Memo, its Foreign Corrupt Practices Act (FCPA) Pilot Program and then the release of the Evaluation of Corporate Compliance Programs (Evaluation), I believe the DOJ has put even more pressure on every Chief Compliance Officer (CCO), and indeed every company, to get an investigation done quickly, efficiently and most importantly done right is even greater.   

Jonathan Marks, a partner at Marcum LLP and a well-known internal investigation expert, provides some of his thoughts around what goes into a well-run investigation. His perspective is from someone who performs investigations outside your organization, either because the matter was so serious an outside expert was required; specific subject matter expertise (SME) was not available in your organization or due to the objectivity of the investigation. Today I want to consider who should be on your investigation team. 

As discussed previously data collection, retention and preservation are critical elements of any significant internal investigation so you will need to have the involvement of your IT function. IT can help put a litigation hold on email that can help with the preservation of data in other areas of the organization. Further, they can assist with certain other aspects as more facts and circumstances are known. 

HR is often an underutilized function for an internal investigator. HR can be very useful to provide context about employees’ work history. There may be notes in HR areas as diverse as training and exit interviews. HR can also be useful to give the investigator “some insight regarding the credibility of the individual that might be making the allegation. For example, are they a good and trusted employee? How long have they been there? What’s their general demeanor? What’s been the feedback on that particular individual?” 

Both the Board and senior management can provide different types of support for an investigation. Marks noted the Board has oversight responsibility and senior management is responsible for the day-to-day, tactical operations of the organization, including the internal controls. This means from the Board’s perspective, “we would want to make sure that our governance processes were in place and operating effectively when it comes to an investigation. So, my concern, or concern from a board member’s perspective, from an investigation, early on, is what’s the financial impact; what’s the legal impact, for a publicly traded organization? Are there potential issues here which we as a Board need to be concerned with going forward?” 

From the senior management’s perspective, Marks believes “the key thing there is if there is an issue and there was the ability to either override controls or controls weren’t in place or there was something that basically caused this, what do we need to do to assess that? What do we need to do to fix that? What was the root cause for this potential bad behavior? Like I said, how do we fix that or how do we put a plan together in order to fix that or shore that up?” He emphasized this is not the Board’s responsibility but that of senior management. Marks also pointed out that while an investigator would probably assume that the Board of Directors had been notified at this point about the issues being investigated, the investigators may want to make certain the Board has been made aware of the incident and investigation.           

Marks suggested outside consultants in the form of forensic accountants should be a part of your investigation team. Such a skilled set team member can bring an investigative mind that drives them to answer questions about what occurred, when and how it happened, and who was involved. However, most lawyers do not understand how forensic accounting is performed and how they can assist your compliance investigation going forward. 

Forensic auditing works to collect and analyze accounting and internal-controls evidence. They use this information to produce a fact-based report that can inform the decision-making process in inquiries, investigations and dispute resolution. The by-products of internal audit’s work can include remediation strategies to help a company mitigate and remedy procedural or internal-controls gaps that allowed the underlying issue to occur. Inquiries into accounting and internal controls raise a host of technical issues requiring specialized knowledge that forensic accountants are uniquely positioned to provide. This is a qualitative difference from internal audit, which more often looks at process to determine if it has been adhered to in a procedure. 

The objective of a forensic audit investigation team member is to collect, analyze and report on the evidence or facts surrounding an act that often has litigious, fraudulent or criminal implications. Auditors also collect and analyze evidence, but an independent auditor’s objective is to attest to the credibility of assertions that are under examination, such as the material accuracy of financial statements for which the audited company’s management is responsible. However, a key role of the forensic accountant is to identify a concern and to notify company management about the issue or issues discovered. 

As with a decision on bringing in outside counsel to perform a compliance investigation, you will need to consider whether a forensic accountant should be retained as an outside consultant or hired as an employee. One critical reason to bring in an outside professional is so they will be not be governed by management or influenced by potential biases within a company. Lastly is the issue of privilege. If a forensic accountant is not assigned through your legal department or through outside counsel, you can kiss away even the chance of claiming privilege. 

Obviously, the GC would be involved to help protect the attorney client privilege if for no other reason. Further, an investigation needs to have the corporate compliance function involved, to understand what compliance program was in place at the time of the incident in question, what procedures the compliance function had and understand if this truly was a gap in the compliance function or “maybe there was an area within the compliance function that wasn’t operating as prescribed, or maybe it was a little bit weak.” 

Three Key Takeaways

1. HR plays a key but often underused role in internal investigations.
2. The Board of Directors and senior management have different roles.
3. Use your legal department to protect the privilege.

In the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (Evaluation), under Prong 7 Confidential Reporting and Investigation asks the following: Properly Scoped Investigation by Qualified Personnel – How has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented? These questions were clearly presaged by the DOJ’s Yates Memo and the Foreign Corrupt Practices Act (FCPA) Pilot Program. The pressure on every Chief Compliance Officer (CCO), and indeed company, to get an investigation done quickly, efficiently and most importantly done right is even greater now.   

Jonathan Marks, a partner at Marcum LLP and a well-known internal investigation expert, gave some of his thoughts around what goes into a well-run investigation. Marks began by cautioning that any CCO must be cognizant of the strictures laid out in the Evaluation. It all begins with who in-house is looking at the complaint and does the CCO, compliance practitioner or legal team have the skills and capabilities to handle the matter which has arisen? Obviously if there are esoteric accounting issues or significant internal control work-arounds and overrides, a CCO may not have those skills to really understand all the issues. Similarly, if the matter is a global FCPA or equivalent bribery and corruption matter, Marks related, these “come in different flavors, and because they come in different flavors you may not have the skills or capabilities to do an investigation that would take place in say Brazil or Russia or China or India.” 

All of this ties into how the government will view an investigation, particularly if the company does not have the skills and capabilities necessary to analyze the allegation, or if the allegation of fraud is serious enough where they believe that an independent investigation rather than an internal investigation really needs to be done.” Moreover, if allegations or the investigation are going to be subject to regulatory scrutiny, one of the benefits of having somebody come in from the outside is that there is independence, skepticism, the ability to work through things unlike you would with an internal investigation where an internal audit might be involved. Marks concluded by noted, “from an outsider’s perspective looking in, there is more credibility of having somebody come to conduct your investigation.” 

Marks believes the first thing that any investigator must do is understand the business environment and the extended business enterprise. He further stated, “what I mean is really understand the business you’re dealing with, the industry that it’s in, the potential risks, the pressures and motivations that might be at play here. Understanding that generally with most frauds there is some pressure to do something because of something else and there are some motivations.” Such an initial understanding can help you formulate a comprehension of the internal controls that might be in place or that were lacking that could either have not been designed properly or overridden.

The next step is to quickly and thoroughly analyze the initial underlying facts and circumstances when it comes to the issue or the issues at hand. For Marks, the number one issue is the credibility of the complaint, which is more than simply the credibility of the complainant. Marks said it was important to understand how the allegations of wrongdoing came to light and the seriousness of the issues involved. He went on to note that his initial inquiry would include such questions as, “What are people saying happened or what is an individual saying that happened? You know the background of the complaint, if known. How long have they been with the organization? Are they credible? Have they complained before? If in fact this was either a whistle blower or a tip.”           

At this early assessment, Marks believes you should also consider the possible legal and financial impact of the allegations. If you determine it is serious at this early juncture, you should always consider your internal crisis management team and if your organization does not have one, you should consider retaining such an expert. Marks explained, “Crisis management doesn’t necessarily mean that a crisis happened, it means that if in fact we are in crisis mode, how does that impact the company? So, thinking about those issues and then knowing what to do, if in fact you are in a crisis mode, I think is ultra-critical.” He went on to add, “I think crisis management is totally underplayed. I think that many organizations don’t have an appropriate crisis management plan. If something bad does happen, a lot of times I see organizations that are struggling to kind of put the pieces together.” 

Marks also noted that both communication and collaboration are critical even at this early stage. He advocated that the company ask a series of questions such as what issues are “on the table” and who is impacted by these issues within the company; is it the company auditors or some other corporate function? He also advocated considering third parties and contracted entities in this calculus by inquiring if there were key suppliers impacted by the investigation. On the one hand, “a key supplier that might get wind of this and might not want to do business with us anymore?” Yet, conversely, such a key supplier could be a sole source supplier so you may need think about alternative arrangements. You should begin to consider these issues early on and continue to think about them as you are going through and doing and investigation. 

Document preservation is always a critical issue and Marks believes this is one which government regulators will pay particular attention to both at this initial phase and throughout the investigation. You need to take steps to ensure all data is locked down. This means getting into the weeds on such issues as where are all your company’s servers located; what is your back-up situation; do you have hand-held devices secured and are the organization’s instant and text messaging tied down. If you do not take such steps you could well find yourself in a situation where either information is lost or there's a possibility or suspicion that information is lost. Unfortunately, that is the situation that leads to a prosecutor’s imagination going wild. Basically, you need to have the information locked down so that if the government wants to come in and perform an independent review or test your hypothesis, you can provide them with the required information. 

Three Key Takeaways

1. Always remember your ultimate audience may be the government.
2. You must understand both the business environment and extended business enterprise.
3. Communication and collaboration in any investigation are critical so you should begin early and continue to do so throughout the investigation.

Today I am joined again by Professor Samuel Buell, from Duke University School of Law to discuss a recent paper he co-authored with Rachel Brewster entitled, "The Market for Global AntiCorruption Enforcement". In the paper and in this podcast Professor Buell discusses the internal structural changes which took place in the 1980s and 1990s which set the stage for the explosive growth in FCPA enforcement. He then relates the changes on the domestic scene which facilitated its explosive growth. He ends by exposing the myth of the revolving door.