Welcome to a special five-part blog series, entitled Corporate Case Management in the Era of the DoJ’s Monaco Memo, sponsored by i-Sight Software Solutions (i-Sight). Over this series, Jakub Ficner, Director of Partnership Development, and I consider how the Monaco Doctrine and Monaco Memo have impacted compliance in several key areas. We not only detail the changes wrought by the Monaco Memo but how compliance professionals can respond to these new challenges. In Part 2, we look at the need for active triage in your investigative protocol to allow your organization to meet the strictures of the Monaco Memo.
In the wake of the Monaco Doctrine and attendant Monaco Memo, one of the things that the Department of Justice (DOJ) clearly now expects is even more enhanced cooperation during investigations. But this does not mean the prior version of ‘enhanced’ cooperation where you might throw more bodies at an investigation and it does not mean you have to spend more money or bring additional resources. This type of ‘enhanced’ cooperation means the speed and quality of your investigation. It has emphasized the issue of triage and why triage is so critical in not only a speak up culture, but also in the investigative process.
We began at the beginning; what is triage? Ficner analogized investigative triage as something like triage within a hospital or healthcare environment. It is a quick review of the facts as they are related in front of you and making a determination in terms of the severity, criticality, and next steps for managing the complaint based on the nature of the complaint and the information that you have at the time. Ficner added, “having a triage place or triage process in place really reduces the risk that organizations face of not handling a complaint properly right from the start.”
It is critical to have both your investigative protocol and triage process written out before any report comes in, so you are not trying to create one on the fly. Ficner suggested that your protocol should include such steps as “what you should do when a complaint or allegation is received, based on the nature of the complaint or allegation. Next factor in elements such as the nature of it, the case type, the jurisdiction or region of the complaint, and ultimately the severity of the complaint and using backend rules.” It is also important to have a mechanism in place to “enforce that process, because while having a process is great, but if the DOJ sees that you are not consistently following that process, then it can actually hamper the risk mitigation factors to the organization.”
We turned to the type of report which implicates a senior executive, which makes things “riskier.” It certainly requires steps in place you should take. Ficner noted these include “the notifications that we need to trigger and the people who ultimately need to complete the action items.” It is critical that the rules “be enforced using automation, so it is routed to the appropriate team or individual, and the appropriate notifications are triggered. And those initial assessment steps that we know we need to take each and every time are factored into that process.”
Put another way it is critical to “Document, Document, Document” because ultimately the system your organization has in put in place has to be “auditable and defensible.” This is the core of the i-Sight solution, an “application that enables you to be able to see how a complaint came in, when it came in, who was notified and what steps were followed each and every time. And by having that audit trail in place that shows it went for triage, these are the steps that we take when we receive this type of allegation based on the nature of the allegation, and we see that it was action consistently. Those are things that ultimately our clients are looking for as they’re mitigating factors. When the DOJ looks at organizations is there a process in place they can clearly demonstrate that it is auditable, it is defensible?”
A final key element is does your protocol have a consistent approach to follow? If your intake comes in from Singapore, London, Brazil, or the United States do you have confidence that the compliance professional who investigates it will have a consistent approach to follow? Here Ficner noted that given the “complex nature of operating in multiple different regions, jurisdictions, different laws, subject based on where the complaint originated, where the complaint or violation occurred, you can factor those parameters into the actual assessment process so that you can uniquely tailor: you have a single set of steps that we need to follow to assess one of these complaints.”
Join us tomorrow where look at ethical investigations.