Tag: investigations

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Issues in Cross Border Investigations

In an article, entitled “Internal Investigations, How to Conduct an Anti-Corruption Investigation: Developing and Implementing the Investigation Plan”, Mara Senn, now Director & Senior Counsel, Global Compliance Investigations at Zimmer Biomet  and Michelle K. Albert, former lawyer at Arnold & Porter discussed cross-border investigations. They considered the following issues.
Offer interview translations.
Avoid cultural pitfalls.
Observe data privacy restrictions.
Comply with labor requirements.
Be aware of other local requirements.
Put forms in native translations.
Preserve the attorney-client privilege.
Prepare for local enforcement actions.
Prepare for security risks.
Protect whistleblowers.

Three key takeaways:

  1. Use translators and translations of key documents in witness interviews.
  2. Use local counsel to facilitate the investigation and to help navigate any local anti-corruption investigation issues.
  3. Never, never, never retaliate. The SEC will pay whistleblower bounties for non-U.S. citizens.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – The Witness Interview

What are the characteristics of a good interview in the context of an internal investigation? Is there one technique you can use which will provide you the results you want to achieve? How should you think through your questions and document review prior to the investigation? At this point in time, how do such issues play out in the time of Coronavirus?
There is no one right way to prepare for and conduct an interview. What is important is that you have a plan and execute on that plan. Begin by obtaining an understanding of what the various stakeholders want answers to. This could include the Board of Directors, C-Suite executives, the GC and legal department, the CCO and compliance function or up to government regulators such as the SEC or DOJ.

Three key takeaways:

  1. There is no one right way to prepare and do an interview.
  2. The interview should not be confrontational.
  3. The interview, like the entire investigation process, is a chess match.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Investigative Challenges

What are some of the top challenges you may face during an investigation? Beyond the basics, a company must consider the intake process as a starting point, which Jonathan Marks noted is one of the biggest challenges. Rather surprisingly, he noted there are still companies without a hotline or anonymous reporting system, stating “We still see organizations whereby there is no formal ethics hotline except for the fact that they might send an email to some member of management or some member of the Board.”
Planning your investigation, having the right team members involved, and meeting the challenges which inevitably arise during an investigation can be difficult. However, beginning with the DOJ’s 2015 Yates Memo, the 2016 FCPA Pilot Program, and the 2017 and 2019 versions of Evaluation of Corporate Compliance Programs, together with the 2020 Update, 2023 ECCP, and FCPA Corporate Enforcement Policy, the pressure on every CCO and company to get an investigation done quickly, efficiently and, most importantly, right is even greater now. Marks has laid out a concrete way for you to think through how to plan an investigation, staff it correctly, and meet the inevitable challenges.

Three key takeaways:

  1. The intake process may seem the most straightforward but many companies drop the ball at this initial step.
  2. You must never retaliate against employees who come forward in good faith.
  3. Always think several steps ahead.
Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – Selection of Investigative Counsel

Dan Dunne, in a Compliance and Ethics Professional article, entitled “Foxes and henhouses: The importance of independent counsel”, discussed what he termed a “critical element” in any investigation, which he denominated as “fair and objective evaluation.” Dunne wrote that a key component of this fair and objective evaluation is the Who question: who should supervise the investigation and who should handle the study? Dunne’s clear conclusion is that independent counsel should handle any serious investigation.

There are three reasons for a company to retain independent counsel for internal investigations of severe whistleblower complaints. First, André Agassi was right, perception is reality. Secondly, if regular outside counsel investigates their own prior legal work or legal advice, a very large and potentially messy number of loyalty and privilege issues can arise in the internal investigation. The third reason is the relationship of the regular outside counsel or law firm with regulatory authorities. If a company’s regular outside counsel performs the internal investigation and the results turn out favorably for the company, the regulators may ask if the investigation was a whitewash or at the very least, less than robust. If the SEC or DOJ cannot rely on a company’s own internal investigation, it may perform the investigation all over again with its own personnel. Further, these regulators may believe that the company, and its law firm, have engaged in a cover-up. This is certainly not the way to buy credibility.
Three key takeaways:

  1. Serious allegations demand a serious response, with seriously good lawyers leading the investigation.
  2. Credibility is the biggest thing that any person or company brings to the table when sitting across from the DOJ or SEC.
  3. The use of regular corporate counsel can negatively impact your investigation because of the issues of loyalty and privilege.

For more information, check out The Compliance Handbook, 4th edition.

Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – The Investigation Protocol

After the internal report comes in and you have properly triaged the matter, you need to scope out and investigate it, promptly, thoroughly, and with competent personnel. In the 2020 Update, provided these series of questions about your internal investigations:
 Properly Scoped Investigations by Qualified Personnel – How does the company determine which complaints or red flags merit further investigation? How does the company ensure that investigations are properly scoped? What steps does the company take to ensure investigations are independent, objective, appropriately conducted, and properly documented? How does the company determine who should conduct an investigation, and who makes that determination?
 Investigation Response – Does the company apply timing metrics to ensure responsiveness? Does the company have a process for monitoring the outcome of investigations and ensuring accountability for the response to any findings or recommendations?
 Resources and Tracking of Results – Are the reporting and investigating mechanisms sufficiently funded? How has the company collected, tracked, analyzed, and used information from its reporting mechanisms? Does the company periodically analyze the reports or investigation findings for patterns of misconduct or other red flags for compliance weaknesses? Does the company periodically test the effectiveness of the hotline, for example by tracking a report from start to finish?

In a presentation, Jay Martin, and Jacki Trevino discussed the specifics of an investigation protocol. It consisted of 1) opening and categorizing the case; 2) planning the investigation; 3) executing the investigation plan; 4) determining appropriate follow-up, and 5) closing the case. If you follow this basic protocol, you should be able to work through most investigations, in a clear, concise, and cost-effective manner. Furthermore, you should have a report at the end of the day which should stand up to later scrutiny if a regulator comes looking. Finally, you will be able to “Document, Document, and Document”, not only the steps you took but why and the outcome obtained.
Three key takeaways:

  1. A written protocol, created before an investigation, is a key starting point.
  2. Create specific steps to follow so there will be full transparency and documentation going forward.
  3. Consistency in approach is critical.
Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – Internal Reporting System Best Practices

What are some best practices regarding an internal reporting system? The 2012 FCPA Guidance stated, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” The 2019 Guidance further refined this basic requirement for a hotline with inquiries into the effectiveness of your corporate hotline, asking, “Effectiveness of the Reporting Mechanism – Does the company have an anonymous reporting mechanism, and, if not, why not?  How is the reporting mechanism publicized to the company’s employees?  Has it been used?  How has the company assessed the seriousness of the allegations it received?  Has the compliance function had full access to reporting and investigative information?” In this podcast, we detail some of the key best practices.

Three key takeaways:

  1. Get the word out to your employees about your company hotline through a variety of mediums and platforms.
  2. Train your employees on the use of the hotline.
  3. Use data from your hotline to continually update and improve your compliance program.
Categories
FCPA Compliance Report

FCPA Compliance Report – Maria D’Avanzo on Investigations

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In the latest episode of FCPA Compliance Report, Maria D’Avanzo from Traliant returns to discuss the essential role of outside counsel in FCPA investigations and the challenges that a CCO may face. They believe having trusted counsel with business acumen and commercial knowledge is vital, especially when discovering potential violations outside the initial scope of the investigation. Maria shares her experience working with the CEO and chair of the audit committee and offers excellent tips for compliance professionals learning to trust their gut. The speakers also discuss the importance of self-disclosure and equally applying disciplinary actions across different jurisdictions in misconduct cases. This explosive discussion is full of insights, advice, and best practices, making it a must-listen for anyone looking to improve their organization’s compliance standards. You won’t want to miss it!

Key Highlights:

  • Managing Whistleblower Complaints: Next Steps and Importance of Outside Counsel
  • FCPA Investigation Best Practices
  • Navigating investigations outside of the initial scope
  • Navigating Compliance Decision-Making
  • Internal Disciplinary Processes and Corporate Compliance
  • Supervised learning and DOJ cooperation challenges
  • The decision (or not) to self-disclose

Resources:

Maria D’Avanzo on LinkedIn

Traliant

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Uncovering Hidden Risks

Ep 5 – Tips for Internal Investigations While Maintaining Privacy

Randyll Newman, Supervisor of Student Data and Information Security for Prince William County Public Schools in Virginia, joins host Erica Toelle and guest host Christophe Fiessinger on this week’s episode of Uncovering Hidden Risks. Randyll oversees the planning, operation, and management of security for the school division’s network infrastructure, data, and student information systems. He also served 10 years as a police officer and detective in Fairfax County, Va., retiring from the United States Naval Reserves after serving 26 years. Randyll discusses how organizations approach internal investigations, how important it is to maintain privacy for students and faculty during these investigations, and examples from previous case studies.

In This Episode You Will Learn:
  • Prince William County Public Schools’ reputation for innovative education
  • How important it is to maintain privacy for students and faculty
  • Business requirements for internal investigations
  • Considerations and adherence to regulatory compliance: Family Educational Rights and Privacy Act (FERPA); and Children’s Internet Protection Act (CIPA)
  • Tips and advice for other organizations
Some Questions We Ask:
  • What principles guided the initiative to ensure user privacy?
  • Can you outline the privacy principles you follow during investigations?
  • How did you design the technical solution to meet these business requirements?
Resources:

For more background, read the PWCS Case Study

View Randyll Newman on LinkedIn

View Christophe Fiessinger on LinkedIn

View Erica Toelle on LinkedIn

Related Microsoft Podcasts:          

Listen to: Afternoon Cyber Tea with Ann Johnson 

Listen to: Security Unlocked

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network. 

Categories
31 Days to More Effective Compliance Programs

Day 22 – Internal Reporting and Triaging Claims

The call, email, or tip comes into your office; an employee reports suspicious activity across the globe. That activity might well turn into an FCPA issue for your company. As the CCO, it will be up to you to begin the process, which will determine, in many instances, how the company will respond going forward. This is more than simply maintaining hotlines. Companies have to make real efforts to listen to employees. You need to have managers trained on handling employee concerns; they must be incentivized to take on this compliance responsibility, and you must devote communications resources to reinforcing the company’s culture and values to create an environment and expectation that managers will raise employee concerns. The Monaco Memo’s emphasis on internally detecting such actions and self-reporting makes this more important.

The reason is that a business’s employees are the company’s best source of information about what is going on in the company. It is certainly a best practice for a company to listen to its employees, particularly to help improve its processes and procedures. But more than listening to its employees, a company should provide a safe and secure route for employees to escalate their concerns. This is the underlying rationale behind an anonymous reporting system within any organization. Both the U.S. Sentencing Guidelines and the Organization of Economic Cooperation and Development (OECD) Good Practices list as one of their components an anonymous reporting mechanism by which employees can report compliance and ethics violations. Of course, the Dodd-Frank Whistleblower provisions also heed the implementation of a hotline.

Given the number of ways that information about violations or potential violations can be communicated to government regulators, a robust triage system is an important way for a company to determine what resources to bring to bear on a compliance problem.

Jonathan Marks has articulated a five-stage triage process that allows for an early assessment of any allegations and a manner to think through your investigative approach. Marks cautions you must have an experienced investigator or other seasoned professional making these determinations, if not a more well-rounded group or committee. Next, consider the types of evidence to review going forward. Finally, before selecting a triage solution, understand what tools are available, including forensic and human, to complete the investigation.

 Three key takeaways:

1. The DOJ and SEC put special emphasis on internal reporting lines.

2. Test your hotline regularly to make sure it is working.

3. Every claim should be triaged before starting an investigation.

Categories
Innovation in Compliance

Corporate Case Management in the Era of the DoJ’s Monaco Memo: Episode 5 – Data Drives Prevention

Welcome to a special podcast series, Corporate Case Management in the Era of the DoJ’s Monaco Memo, sponsored by i-Sight Software Solutions. Over this five-part podcast series, I visit with Jakub Ficner, Director of Partnership Development at i-SIght. This series considers how the Monaco Doctrine and Monaco Memo have impacted compliance in several key areas. In this concluding Part 5, we consider how data and data analytics are even more critical after the Monaco Memo and how using data can drive prevention and detection.

Highlights include:

  • How does ongoing monitoring lead to continuous improvement, and how does it relate to investigations?
  • How your investigative protocol can supplement ongoing monitoring.
  • How the outlays for your investigative process are a critical step going forward.
  •  Employing root cause analysis, corrective actions, and preventative action recommendations can provide valuable data from a holistic perspective.

For more information, check out i-Sight here.