Lenny Dawson died yesterday. He was the winning quarterback for the Kansas City Chiefs in Super Bowl III, after having been the losing quarterback for the same team in Super Bowl I. A graduate of that little-known football power Purdue, he was a six-time AFL all-star and known, according to his NYT obituary as a “pin-point passer.” He was elected to the Pro Football Hall of Fame in 1986. In his post playing career, I got know Dawson, as one of the early co-hosts, all with Nick Buoniconti, from 1978 to 2001 of the HBO program Inside the NFL. Dawson is perhaps lesser known for one of the greatest pro football pictures ever taken which appears with this blog.
I thought Dawson’s ability to read defenses was a great way to intro a discussion of triage in your compliance program. In October 2021, Deputy Attorney General Lisa Monaco announced the “Monaco Doctrine” around white-collar enforcement actions, which include those under the Foreign Corrupt Practices Act (FCPA). Under the Monaco Doctrine, the Yates Memo requirement for the investigation and turning over of all information discovered about potential criminal activity was required for a company to qualify for credits and discounts available under the FCPA Corporate Enforcement Policy. This announce and subsequent court cases have put more pressure on compliance professionals in the investigative phase of any FCPA or other federal matter. This paper will lay out some of the key steps to meet this burden.
Triage of Internally Reported Allegations
Everyone who has watched the movie or television show M*A*S*H, understands the need for triage. In the hospital setting, triage is the process of determining the priority of patients’ treatments based on the severity of their condition. In the 2020 FCPA Resource Guide, 2nd Edition, there is a short but succinct statement, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” This is considered in more expansive language in the 2020 Update to the Evaluation of Corporate Compliance Programs. Under Part 1, Section D. Confidential Reporting Structure and Investigation Process, it stated in part, Properly Scoped Investigation by Qualified Personnel—How does the company determine which complaints or red flags merit further investigation?
Given the number of ways that information about violations or potential violations can be communicated to the government regulators, having a robust triage system is an important way to separate the wheat from the chaff and bring the right number of resources to bear on a compliance problem. One important area is making an initial determination of whether to bring in outside counsel to head up an investigation and the resources that you may want or need to commit to a problem. You literally need to “kick the tires” of any allegations or information so that you know the circumstances in front of you before you make decisions. You can achieve this through a robust triage process.
The five-stage process includes the following:
- Stage 1. These consist of allegations that have a low threat level and do not suggest a breakdown of internal controls. Tips that get grouped into this stage do not have a financial or reputational impact.
- Stage 2. These allegations are more serious in nature, and often indicate some deficiency in the design of internal controls. Examples include business rule violations such as recurring employee theft or patterns of falsifying expense reports.
- Stage 3. These allegations are serious in nature, generally involve an override of internal controls, and thus are at a minimum a serious deficiency. But they have only a minimal impact on the financial statements or the company’s reputation. More serious allegations in this category include fraud, embezzlement, and bribery involving employees or mid-level management.
- Stage 4. These are serious allegations that could have an impact on the completeness and accuracy of the audited financial statements, and that could indicate a material weakness in internal controls. They do not, however, appear to involve any member of the senior management team.
- Stage 5. These are serious allegations that involve one or more members of the senior management team or are serious enough to damage the company’s reputation. The receipt of allegations in this stage usually place the company into crisis management mode and could result in the restatement of audited financial statements or added regulatory scrutiny.
By using such an approach, you will be able to respond more quickly and efficiently to any allegations that arise. Of course, as more information is developed during an investigation, the matter can be moved up or down this scale. Such an approach is also important for a company’s outside investigative counsel to partner more with the entity to help hold down costs. Outside counsel can work to build confidence that the company’s investigators could handle a large or wide-ranging investigation. This confidence would help outside counsel in any discussions they might have with the DOJ during the pendency of an investigation.
Appropriate triage of allegations has several different impacts for any matter which comes to the attention of compliance. Obviously, it will help you to initially determine the seriousness of the matter. From there you can allocate an appropriate level of resources. It will also aid in your discussion with the DOJ if you must go that route. Finally, in the situation where facts come in, it provides the required documented evidence that a process was followed that you can show the government that a claim was properly scoped, as required under the 2020 Update. But the key is to be prepared, not only in terms of having your investigation and notification protocols in place before an allegation comes in but also doing the proper triage so that you have an initial understanding of what you may be facing.
For more in triage in your compliance program, check out the iSight sponsored webinar, Everything You Need to Get E&C Investigations Right Tuesday, August 30 at 2 PM ET. Best of all the event is available at no charge. For additional information and registration, click here.
