It is always gratifying when a reader calls you out for your podcasts and postings. It is even more so when your work inspires them to join in the conversation with a pod or post of their own. I was, therefore, very intrigued by Priscila Copi, who recently wrote on LinkedIn, “Inspired by an episode of Thomas Fox’s podcast and my own experience, I share best practices in internal investigations and the importance of well-structured protocols to strengthen organizational integrity.” In her piece, Internal Investigations Financial Market, she related that effective internal investigations are not just a cornerstone of a robust compliance program but a testament to an organization’s commitment to transparency, integrity, and ethical behavior. Today, I write about her thoughts on the key components of an investigative protocol, the importance of maintaining consistency across global operations, and some lessons we in the United States can draw from Brazilian regulatory frameworks and enforcement cases.
The Importance of Confidentiality, Transparency, and Impartiality
Copi reminds us that at the heart of every internal investigation lies a delicate balance: ensuring confidentiality for all parties involved while maintaining transparency and impartiality. This balancing act is vital for building trust within your organization and with regulators. Confidentiality ensures whistleblowers and witnesses feel safe to come forward without fearing retaliation. Transparency guarantees stakeholders, including employees and regulators, trust the investigation process. Impartiality ensures that the findings of the investigation will withstand scrutiny both internally and externally. These principles are not just ethical imperatives but essential for mitigating legal risks and protecting corporate reputation.
The Components of an Effective Investigative Protocol
It is no secret that well-structured investigative protocol is the backbone of a credible compliance program. Copi is kind enough to cite my five-step process that should form the foundation of any investigation:
- Opening and Categorizing the Case
The process begins by identifying and categorizing the alleged violation. This step involves notifying relevant stakeholders, including senior management and the investigative team. Categorization determines the course of the investigation, helping allocate resources and ensuring alignment with regulatory requirements.
- Planning the Investigation
In this phase, the investigative team develops a comprehensive plan, which may involve reviewing documents, quarantining data, and identifying individuals for interviews. Each step must adhere to strict evidentiary standards to ensure findings are admissible and defensible if challenged.
- Executing the Investigative Plan
Execution should follow a logical sequence. For instance, document reviews should precede interviews, ensuring that interviewers are well-informed and can ask meaningful questions. This phase also requires meticulous documentation to create a clear audit trail.
- Monitoring the Investigation
Monitoring ensures that the investigation stays on track and addresses all relevant questions. Preliminary findings should be reviewed to identify gaps or areas needing further clarification. Proper storage of evidence is critical to maintaining its integrity.
The investigation concludes with the communication of findings to relevant stakeholders and the preparation of a final report. This report should include detailed documentation of all steps taken, ensuring consistency and materiality, especially if the findings are presented to regulators or used in litigation.
(Ed. Note: This original formulation came from a speech by Jacki Trevino and Jay Martin.)
Why Uniform Protocols Matter
Copi reminds multinational American organizations that maintaining uniformity in investigative protocols is critical. A documented and standardized approach minimizes the risk of inconsistent findings, which can undermine the credibility of your compliance program. However, uniformity must be balanced with local adaptation. For instance, what works at headquarters may not be workable or appropriate for subsidiaries in jurisdictions with different cultural or legal norms. In such cases, close collaboration with local legal teams and alignment with headquarters is essential to maintain consistency and compliance with local laws.
Lessons from Brazil’s Regulatory Framework
After setting the stage, Copi offers real guidance to North American compliance professionals by reviewing Brazilian anti-corruption law, key enforcement actions, and company responses. Brazil offers a compelling case study on the importance of robust investigative protocols, given its strong regulatory frameworks like the Anti-Corruption Law and sector-specific regulations enforced by entities such as the Central Bank of Brazil (Bacen), the Securities and Exchange Commission (CVM), and the Superintendence of Private Insurance (SUSEP).
1. Brazilian Anti-Corruption Law
This landmark legislation, the Clean Companies Act, emphasizes the importance of corporate integrity programs, which must include whistleblowing channels, investigative protocols, and employee training. Companies that show robust compliance measures may see reduced penalties in enforcement actions. Odebrecht entered into a leniency agreement under this law, which involved repaying embezzled funds and implementing stringent compliance measures. The case highlights how transparency and cooperation can mitigate reputational and financial damage.
2. Bacen’s Circular
The Central Bank’s regulations focus on preventing money laundering and terrorist financing. Financial institutions must implement detailed investigative protocols and ensure comprehensive documentation to identify and report suspicious activities.
Bacen’s intrusive inspections exemplify how regulators scrutinize compliance. Recent cases involving credit market fraud, misuse of foreign exchange transactions, and FinTech-related fraud underscore the importance of a robust investigative framework.
3. CVM and SUSEP Regulations
The CVM’s Instruction 607/2019 and SUSEP’s CNSP Resolution 382/2020 emphasize transparency, good governance, and whistleblower protections. Recent enforcement actions against XP Investimentos and ModalMais demonstrate the CVM’s commitment to holding companies accountable for infractions, such as front-running and inadequate disclosures.
Practical Takeaways for Compliance Professionals
What lessons can the American compliance professional draw from Copi’s experience and overview?
1. Invest in Investigative Training
Investigative protocols are only as effective as the people implementing them. Regular training for compliance teams, internal auditors, and other stakeholders ensures they understand their roles and responsibilities.
2. Leverage Technology
Technology can streamline investigations by automating document review and data analysis tasks. Advanced analytics can also identify patterns that may indicate misconduct.
3. Build a Culture of Integrity
An effective investigative process starts with a strong corporate culture. Encourage employees to speak up by fostering trust in whistleblowing channels and demonstrating that reports are taken seriously.
4. Document Document Document
Always remember, even in the international context, it never happens if it is not documented in a regulator’s eyes. This translates to detailed documentation that ensures consistency and serves as critical evidence in enforcement actions or litigation.
5. Adapt to Local Contexts
Tailor investigative protocols to align with local legal and cultural norms while maintaining overall consistency with global standards.
The Role of Leadership in Investigations
Leadership buy-in is essential for the success of any investigative process. Senior executives must set the tone from the top, demonstrating a commitment to transparency and accountability. This commitment ensures that investigations are adequately resourced and findings are acted upon regardless of the individuals or departments involved.
Internal investigations are more than just a compliance requirement; they reflect an organization’s ethical backbone. By adhering to best practices and learning from regulatory frameworks like those in Brazil, companies can ensure that their investigative processes address misconduct and foster a culture of trust and integrity.
Copi reminds us that a strong investigative protocol is not just about compliance but about building a sustainable and ethical business. By embedding these principles into your compliance program, you can confidently navigate the complexities of internal investigations, ensuring regulatory compliance and organizational resilience.
