The call, email or tip comes into your office; an employee reports suspicious activity somewhere across the globe. That activity might well turn into a Foreign Corrupt Practices Act (FCPA) issue for your company. As the Chief Compliance Officer (CCO), it will be up to you to begin the process which will determine, in many instances, how the company will respond going forward. This month’s podcast series will provide to you all the steps you will need to consider going forward.
This scenario was driven home in a FCPA enforcement action brought by the Securities and Exchange Commission (SEC) in July 2015 involving Mead Johnson Nutrition Company (Mead Johnson). In that case, the company performed two internal investigations into allegations that its Chinese business unit was engaged in conduct which violated the FCPA. Unfortunately the first investigation, performed in 2011 did not turn up any evidence of FCPA violations. It was not until 2013, when the SEC made an inquiry to the company that it performed an adequate internal investigation which uncovered FCPA violations.
Similarly, consider Zimmer Biomet, which (when it was only Biomet) resolved an FCPA violation in 2012 for nearly $23MM and entered into a Deferred Prosecution Agreement (DPA). Within the year, Biomet notified its Monitor that it has found evidence of additional FCPA violations, which in turn violated the terms and conditions of the DPA. However these additional violations by the company (now Zimmer Biomet) turned out to have been actions which occurred in 2010, well before the initial DPA but were not uncovered in the company’s worldwide investigation which led to the first settlement. Zimmer Biomet paid an additional $13MM for this oversight and extended out both the DPA and the Monitorship, all because the company had failed to fully investigate itself thoroughly.
The 2012 FCPA Guidance states the following on investigations, “Moreover, once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” That is simply it. This simple introduction was expanded upon in the Justice Department’s Evaluation of Corporate Compliance Programs (Evaluation) released in February. Prong 7 in the makes the following inquiries:
Effectiveness of the Reporting Mechanism – How has the company collected, analyzed, and used information from its reporting mechanisms? How has the company assessed the seriousness of the allegations it received? Has the compliance function had full access to reporting and investigative information?
Properly Scoped Investigation by Qualified Personnel – How has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented?
Response to Investigations – Has the company’s investigation been used to identify root causes, system vulnerabilities, and accountability lapses, including among supervisory manager and senior executives? What has been the process for responding to investigative findings? How high up in the company do investigative findings go?
The Mead Johnson and Zimmer Biomet matters are but two examples which make clear the need to have robust, integrated investigations. Marc Bohn, writing in the FCPA Blog, said about the Mead Johnson matter, “Investigations that lack sufficient depth, resources, or forethought can pose significant risk because they increase the likelihood that something critical will be overlooked, potentially permitting misconduct to continue unabated.” Both Mead Johnson and Zimmer Biomet point to the critical nature of FCPA investigations and why the government takes this requirement so rigorously. But more than protecting a company from liability under the FCPA, in the internationalized world of global compliance investigations are becoming more important. Bio-Rad recently announced that its FCPA settlement was a “risk-factor” which required public disclosure under US securities law.
In the domestic arena, internal investigations can go a long way towards helping a company move past a public relations debacle or perhaps abate negative publicity. One need only consider the recently released internal investigation report commissioned by the Wells Fargo Board of Directors around the bank’s fraudulent accounts scandal. The report was merciless in its criticism of certain structural and cultural failures at the bank. It named names of culpable former senior executives at the company. However one thing it did not address were allegations from multiple whistleblowers who claimed to have reported the fraudulent conduct and were ignored or actively retaliated against. If the internal investigation turns out to have white washed these whistleblowers, the financial penalty and negative public reaction could be both swift and severe.
Corrupt investigations are never a good thing for a company as they can disrupt business relationships and future opportunities. Yet today they are even more important. In the month of June I will be exploring how you can create, design and implement a robust investigation protocol for an internal investigation and when you should bring in outside counsel for an independent investigation. I will consider the Board of Director’s role in investigations and other corporate functions such as internal audit, IT and legal in any investigation. I will review special issues such as privilege, Upjohn and Miranda warnings and data privacy.
As Hallmark Seven of the Ten Elements of an Effective Compliance program states, in part, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation” and Prong 7 of the Evaluation also deals with reporting; I will consider hotlines. Both their implementation and use in a best practices compliance program. I will feature several compliance practitioners, both lawyers and non-lawyers, who will relate how they developed their investigative strategies and navigated various stakeholders to obtain positive results for their clients.
Three Key Takeaways