Tag: internal investigations

Categories
31 Days to More Effective Compliance Programs

Day 22 – Internal Reporting and Triaging Claims

The call, email, or tip comes into your office; an employee reports suspicious activity across the globe. That activity might well turn into an FCPA issue for your company. As the CCO, it will be up to you to begin the process, which will determine, in many instances, how the company will respond going forward. This is more than simply maintaining hotlines. Companies have to make real efforts to listen to employees. You need to have managers trained on handling employee concerns; they must be incentivized to take on this compliance responsibility, and you must devote communications resources to reinforcing the company’s culture and values to create an environment and expectation that managers will raise employee concerns. The Monaco Memo’s emphasis on internally detecting such actions and self-reporting makes this more important.

The reason is that a business’s employees are the company’s best source of information about what is going on in the company. It is certainly a best practice for a company to listen to its employees, particularly to help improve its processes and procedures. But more than listening to its employees, a company should provide a safe and secure route for employees to escalate their concerns. This is the underlying rationale behind an anonymous reporting system within any organization. Both the U.S. Sentencing Guidelines and the Organization of Economic Cooperation and Development (OECD) Good Practices list as one of their components an anonymous reporting mechanism by which employees can report compliance and ethics violations. Of course, the Dodd-Frank Whistleblower provisions also heed the implementation of a hotline.

Given the number of ways that information about violations or potential violations can be communicated to government regulators, a robust triage system is an important way for a company to determine what resources to bring to bear on a compliance problem.

Jonathan Marks has articulated a five-stage triage process that allows for an early assessment of any allegations and a manner to think through your investigative approach. Marks cautions you must have an experienced investigator or other seasoned professional making these determinations, if not a more well-rounded group or committee. Next, consider the types of evidence to review going forward. Finally, before selecting a triage solution, understand what tools are available, including forensic and human, to complete the investigation.

 Three key takeaways:

1. The DOJ and SEC put special emphasis on internal reporting lines.

2. Test your hotline regularly to make sure it is working.

3. Every claim should be triaged before starting an investigation.

Categories
FCPA Compliance Report

Investigative Protocols After the Monaco Memo

In this episode, I take things in a different direction today as I post the recording of a webinar I recently put on for i-Sight Software Solutions. In this presentation, I detail what the Monaco Memo means your corporate investigative protocol.

Some of the highlights include:

·      What changes did the Monaco Memo portend for corporate investigative protocols?

·      What unintended consequence did the Russian invasion of Ukraine bring to the public view of whistleblowers?

·      Why is triage a key aspect of your investigative protocol?

·      Why should you create an investigative protocol long before an investigation becomes needed?

·      How do you create an investigative protocol to keep key decision makers in the loop?

 Resources

For a White Paper on these issues, click here.

Categories
Innovation in Compliance

Corporate Case Management in the Era of the DoJ’s Monaco Memo: Episode 3 -Ethical Investigations

Welcome to a special podcast series, Corporate Case Management in the Era of the DoJ’s Monaco Memo, sponsored by i-Sight Software Solutions. Over this five-part podcast series, I speak with Jakub Ficner, Director of Partnership Development at i-Sight Software. This series considers how the Monaco Doctrine and Monaco Memo have impacted compliance in several key areas. In this Part 3, we look at ethical investigations and how to allow your organization to meet the strictures of the Monaco Memo. Highlights include:

  • How did the Monaco Memo impact investigations?
  • The importance of keeping the reporter informed.
  • Why consistency and transparency are key aspects of the investigative process.
  • Creating an audit trail is in your investigation protocol.

For more information, check out i-Sight here.

Categories
FCPA Compliance Report

Matt Galvin and Dan Kahn-Part 1, Disclosing to and Working with the DOJ

This episode of the FCPA Compliance Report begins a special two-part series with two well-known compliance professionals. Matt Galvin, most recently the CCO at AB-InBev and Dan Kahn, former acting Deputy Assistant Attorney General of the Criminal Division, Chief of the Fraud Section, and Chief of the FCPA Unit. Dan is now in private practice at DavisPolk. In this Part 1 we take up the key issues around dealing with the DOJ including the factors which go into the decision to self-disclose, incentives and disincentives in compliance programs, internal investigations including who is involved and scoping an investigation, presenting information to the DOJ during the pendency of an investigation and negotiating the final settlement and post-resolution; including both ongoing reporting and continuing innovation in your compliance program.

Resources

Matt Galvin on LinkedIn

Dan Kahn at Davis Polk

Categories
The Walden Pond

Improving Internal Investigations with Steve Spiegelhalter


 
Steve Spiegelhalter is the North American Investigations Practice Leader and Managing Director at Alvarez & Marsal. As a former federal prosecutor with the US Department of Justice’s Criminal Division, Fraud Section, and the Foreign Corrupt Practices Act (FCPA) Unit, Steve has intimate experience in investigating complex criminal and civil affairs and implementing compliance programs. He joins Vince Walden to discuss the future of conducting internal investigations.
 

 
Steve talks about the improvements GCs and CCOs have made in internal investigations over the last five years. They have evolved their in-house skills and resources. Additionally, they have gotten better at interacting with external counsel to solve matters more efficiently. 
COVID-19 has highlighted that foreign corrupt practices and corruption are long-term risks that are becoming more prominent. There has been a rise in fraud issues since the workplace has shifted to remote. Behaviors of malpractice that would have gone unnoticed are now being laid bare. 
Resources
Steve Spiegelhalter on LinkedIn
AlvarezandMarsal.com

Categories
31 Days to More Effective Compliance Programs

How the Yates Memo changed internal investigations


In September 2015, Sally Yates, then Assistant Attorney General, announced the Memo that bears her name (Yates Memo), saying, “we have revised our policy guidance to require that if a company wants any credit for cooperation, any credit at all, it must identify all individuals involved in the wrongdoing, regardless of their position, status or seniority in the company and provide all relevant facts about their misconduct. It’s all or nothing. No more picking and choosing what gets disclosed. No more partial credit for cooperation that doesn’t include information about individuals.” This statement tied directly into the first point of the Yates Memo, which stated, “To be eligible for any cooperation credit, corporations must provide to the Department all relevant facts about the individuals involved in corporate misconduct.”
More than three years after the announcement of the Yates Memo, the DOJ modified this course slightly. In 2018, then-Deputy Attorney General Rod Rosenstein relaxed the rigid approach required by the Yates Memo and inserting more flexibility and discretion to government investigators. Rosenstein said that the DOJ would continue to focus on individuals in its white-collar investigations, but he ended the Yates Memo’s approach requiring ALL relevant facts to be turned over to the DOJ. This permitted corporations to receive credit for their cooperation if they identify individuals who were significantly involved in or caused the criminal conduct and permitted greater flexibility and discretion in awarding cooperation credit in civil cases.
Then Attorney General Jeff Sessions echoed these concepts in his Keynote remarks at the Ethics and Compliance Initiative in April 2017. He reiterated that the DOJ would focus on individual criminal misconduct in the context of enforcing the FCPA. This continued emphasis will mean that there is even more pressure on corporate compliance programs to get it right and get it right sooner rather than later.
Three key takeaways:

  1. What is a Yates binder?
  2. While the Yates Memo required you to hand over ALL evidence, the Rosenstein Corollary added flexibility.
  3. Senior management is now in the firing line.
Categories
FCPA Compliance Report

FCPA Compliance Report-Episode 433, Sean Freidlin on the Current State of Internal Investigations

In this episode I visit with Sean Freidlin, the Senior Product Marketing Manager, Compliance at Hanzo. We take a deep dive into the state of compliance investigation in 2019, focusing on the impact of the Evaluation of Corporate Compliance Programs on investigations. For more information, Hanzo has published the following work, “THE 2019 GUIDE TO INTERNAL INVESTIGATIONS FOR COMPLIANCE-An eBook on Planning, Protocols, Data Collection, Triage, and Remediation” on which I collaborated. (The eBook was sponsored by Hanzo.) The eBook provides the compliance professional with multiple tools, strategies and tactics for the entire lifecycle of investigations; from initial intake through remediation. I know that you will find it incredibly useful. You can download it here.
Categories
FCPA Compliance Report

Leveraging AI in Compliance Investigation: Part 5 – Where are investigations headed?

Today we conclude a five-part podcast series sponsored by Hanzo, where we have considered how to leverage Artificial Intelligence (AI) in compliance investigations. I have been joined by several members of the Hanzo team as we explored the current best practices around investigations and how your compliance function can take investigations to a level of cost efficiency and operational proficiency. Our explorations include considering the current Department of Justice (DOJ) guidance on investigations, the use of AI in the Hanzo Investigator, how Hanzo technology can help a company overcome common investigative challenges and Hanzo’s specific approach to finding and managing data across the entire lifecycle of an investigation. In Part 5, I am once again joined by Keith Laska, Hanzo CEO, to consider how the company’s specific approach to finding and managing data across the entire lifecycle of an investigation improves the efficiency of a compliance investigation in a cost-effective manner.  For more information check out Hanzo.co.
Categories
Blog

Day 17 of One Month to Better Investigations and Reporting – Whom to Suspend During an Internal Investigation and De-confliction

Scope of VW Suspensions Grows”, William Boston reported on the ongoing internal investigation by the company’s outside counsel Jones Day. Boston noted that VW had “suspended a larger number of engineers than previously acknowledged, following a recommendation from the law firm conducting” the investigation. The article went on to state, “Jones Day urged suspension of anyone who could have been involved in the scam – from high-level decision makers to ordinary engineers – to prevent possible perpetrators from tampering with the evidence.” This final statement emphasizes a key consideration in an FCPA investigation, which is to tie down the evidence. Former Arnold & White partner Mara Senn has said that “probably from the government’s perspective, the most important aspect of setting up an investigation in a way that makes them feel comfortable, is ensuring that all data is locked down.” However, if you are worried about evidence tampering, you may have a bigger problem. Pointing up the difficulties in making such a blanket sweep, an unnamed source, who provided this information to Boston, quoted the WSJ piece as saying, “We had to suspend everyone in this area to get them out of the way of this process. This is necessary for the investigation, but it’s tough because we are now missing their professional knowledge and experience.” This issue brings up another point that Senn has discussed: when to suspend or discipline an employee during an internal investigation. Senn said, “That is a very case-by-case difficult question to answer, but in general, I think it’s better to keep them around for as long as you need them. Once they’ve been fired or otherwise disciplined, even if you keep them around, they will be less cooperative with you and possibly, if you fire them, not cooperative. You can require them to cooperate in the termination agreement, but, in practice, cooperation can mean many different things.” Given the Schrems decision by the European Court of Justice (ECJ), I wonder how the investigation will be fair with the German-based employees. Data in the US would be deemed company-owned, but in Europe, it may be private to the investigated employee. This problem became even greater with the recent decision by Privacy Regulators from 28 EU nations that backed the EC J’s Schrems decision that invalidated the Safe Harbor regime. As reported by Jo Sherman in the FCPA Blog, “that closed the legal pipeline by which data has flowed freely from the EU to the U.S. for the last 15 years. The rationale for the court decision and the subsequent backing of the EU Data Protection Authorities is that the U.S. government’s surveillance powers are considered too excessive and disproportionate and can override the data protections for EU citizens under the Safe Harbor framework.” Lanny Breuer, the former number two at the Department of Justice (DOJ) and now a partner at Covington and Burling LLP raised an interesting concern in the Justice Department’s FCPA Pilot Program context. It is around what Breuer terms “de-confliction.” This involves the government asking a company to halt its investigation for the government to be the first to interview witnesses. At the FCPA Blog Conference, Breuer said that if “de-confliction” is required as cooperation to gain the benefits of the pilot program, such a request from the DOJ would be “an extraordinary request, in my view” because it “could lead companies to be unable to disclose to other agencies or shareholders, and it could keep a board in the dark about the alleged wrongdoing.” Breuer added, “In general, publicly traded companies can’t just stand down from doing an investigation when such an allegation comes in.” He also commented that “he’d been asked to do so a couple of times.” Breuer raised four questions during his presentation, which every investigator must consider in de-confliction. 

(1) Would complying with the request be consistent with directors’ and corporate officers’ fiduciary duty of oversight?; 

(2) How can a company make decisions without speaking with its employees?; 

(3) How will a delay affect the company’s other regulatory obligations?;

(4) How can external counsel advise a company without knowing the facts? Companies hire external counsel to conduct thorough investigations, evaluate their clients’ conduct, and provide informed legal advice. These tasks can be difficult, if not impossible, to accomplish where external counselors have their hands tied behind their backs. The DOJ could have a broader remit or be involved with other ongoing investigations where they might make such requests. However, such ‘de-confliction’ could stop a company from engaging in a root cause analysis or even a robust investigation. At the same conference, an earlier panelist, Gerald Kral, the Chief Ethics and & Compliance Officer (CECO) of Brown-Forman, said on his panel that his company did an extensive root cause analysis of every claim or incident so it can not only understand what happened but put sufficient risk management protections in place to try and make sure it does not happen again. 

Three Key Takeaways:

  1. Decisions on whom to discipline and when are critical decisions during any investigation.
  2. Take a case-by-case approach.
  3. The de-confliction question can be quite troubling during an internal investigation.

 Whom to suspend and when coupled with de-confliction are bedeviling issues in any internal investigation. 

Categories
Blog

Day 16 of One Month to Better Investigations and Reporting – Privacy Concerns in Internal Investigations

Schrems’ decision by the European Court of Justice, US-based law firms could rely on Safe Harbor to use and analyze information from investigations conducted in Europe. However, the Schrems decision and subsequent EU privacy rulings and regulations have brought the entire issue around internal investigations into question. In a podcast interview with UK solicitor and data privacy expert Jonathan Armstrong about the decision, Armstrong noted that the decision puts real roadblocks in the path of a US company that could be investigating potential anti-corruption allegations in the UK or EU member country. The biggest issue would be personal privacy and information. Unlike the US, work emails are covered by the privacy rights afforded to individuals and are not the company’s property. The same is true of other information. Under the Schrems decision, the ability of a US corporation to access that information and then take it back to the US under the safe harbor provision is no longer available. I asked Armstrong how a company might be able to move forward and internally investigate potential FCPA violations. Armstrong suggested that the only way at this point was to obtain the consent of the investigated person. However, obtaining such consent raises a host of other problems. He said, “Can I get consent for an internal investigation? Can I speak to my Austrian agent and say, “Peter, I just need you to sign this form to transfer your data to the US”? Now, for consent to be valid, the European legislation has to be fully explained, it has to be honest, and it can’t be deceptive. I’ve got to say to him, “I want you to sign this form because I want to investigate you. I want to run a full FCPA investigation; you’re the prime suspect. I want to take a look at your emails, and I have to inform you that you have the right not to consent, and if you don’t consent, there’s no way I can investigate you. Could you sign the form, please?” As Armstrong went on to note, “What answer is he likely to give in an internal investigation, and how would the US authorities feel if I go and tip off the main suspect that he’s under investigation?” With these two key components of any best practices compliance program, hotlines, and internal investigations, seemingly now unavailable to CCOs or compliance practitioners for EU-sourced information, I believe additional pressure will be put on the compliance function. Any US company with EU-based operations will have to take steps immediately to ring-fence such data originating in Europe. It may also mean locally based-compliance practitioners must head any inquiries. Moreover, if you couple this ruling in the Schrems decision with the Yates Memo, you immediately see the issue involved for any company seeking cooperation credit because such a company is required to turn over any information to the Department of Justice (DOJ) as soon as possible. But now, even if companies can still develop facts and data through internal investigations, in the manner suggested by Pirrotta in using local law firms, you might not be able to get the information back to the US to use. Worse yet, is the option laid out by Armstrong to obtain consent from an investigation target? Not only do I find it improbable that anyone, European or otherwise, would give such consent, but in the unlikely event such consent is given, you have told the target they are the target, and other data sources might well begin to disappear. Armstrong put it starkly when he said, “you’re going to get no sympathy from the bribery prosecutors, bribery regulators if you mess this up. The SFO [Serious Fraud Office] allegedly lost the case on how the US firm involved conducted the investigation. They will have, rightly, I think, no sympathy at all for people whose investigations are themselves conducted unlawfully. It will need much careful thought to structure data transfers and interviews. How do you move those interview notes? How do you look at emails? All this stuff will be critical so that you don’t break data privacy data protection laws and tip off witnesses, you know, interfering with the scene of an investigation, et cetera, et cetera. All of these things are critical.” How does the Schrems decision contribute to compliance at the tipping point? If you can use two of the key components in a best practices compliance program; based upon the DOJ/Securities and Exchange Commission (SEC) Ten Hallmarks of an Effective Compliance Program or another standard, it will put significant pressure on other parts of the program. A compliance program will have to be structured more rigorously to prevent FCPA violations through internal controls and transaction monitoring tools. CCOs and compliance practitioners will also have to be more involved and have more visibility into the entire lifecycle of transactions so they can determine how to begin to move from even prevention to prescription of any FCPA violations. Just as the compliance world changed with the announcement of the Yates Memo, the DOJ Compliance Counsel, and the VW emissions-testing scandal, the Schrems decision will change the need for a more robust compliance program from now on to help protect a company. 

Three Key Takeaways:

  1. The Schrems decision significantly impacted US-based internal investigations.
  2. Study the privacy laws of the country where you are performing your investigation.
  3. Informed consent is difficult to obtain, but it may be critical for your investigation.

 Take care to protect privacy concerns when performing investigations outside the US.