Internal Investigations & Independence

Ask any attorney if they can conduct an internal investigation and the answer is “Yes, of course.”  It is easier said than done. 

There is an “art” to conducting internal investigations.  A practitioner has to be able to establish a “vision” of the investigation.  I like to analogize the process to a painter starting with a large canvass and visualizing the end product.  The practitioner has to visualize the process, starting with a purpose, adding in document collection, interactions with the government (if applicable), and keeping the eye on the ball. 

Companies do not want to be surprised by the results of an internal investigation.  If the company has no idea what the results will be, then the company’s governance is seriously lacking.  A major disconnect can lead to a disaster, and an internal investigation will not fix the problem.  

There are a number of ways in which an internal investigation can be derailed.  There are a number of pitfalls along the way.  One critical issue that has to be addressed at the beginning is the independence of the internal investigation.  If there is a question as to the independence of the internal investigation, the entire investigation can be undermined.

The value of an internal investigation is premised on an independent and objective view of the evidence.  Government prosecutors will not credit an investigation which has been conducted by a biased party.  It is easy to identify a slanted internal investigation when issues were ignored or downplayed or evidence was omitted.  Credibility is the key to every investigation.

The selection of outside counsel is only one piece in the puzzle.  Independence does not start with the selection of outside counsel – it starts from day one: the company has to appoint a special committee consisting of independent directors to oversee the internal investigation.  If there is any question as to the “independence” of outside directors, the company’s board needs to appoint a special committee consisting of distinguished individuals, some of which may be non-board members.

Senior management, including the General Counsel or the Chief Compliance Officer, should play a limited supportive role in the internal investigation by facilitating outside counsel’s access to documents and personnel.  If the conduct of any senior manager may be investigated, they must be walled off from any role in the internal investigation. 

The independent special committee should facilitate outside counsel’s access to the company and should supervise the conduct of the investigation to make sure there are no barriers to access.  If outside counsel does not have unfettered access to the special committee, then the investigation will be threatened by interference from subjects of the investigation.  That is unacceptable and creates serious risks for the company.   

Creating a Framework for Reviewing Gifts, Meals, Travel and Entertainment Expenses

Companies spend a lot of time and resources reviewing potential payments for gifts, meals, travel and entertainment.  There are ways to make this process easier and more efficient. 

There are three basic requirements for making the review process more efficient.

1.  Prospective standards – Companies need to adopt and enforce a prospective policy which carves out standards for the review and approval of such expenditures.  The policy has to be clear on the standards and the procedures to be followed. 

2.  Documentation – Companies have to document the process, maintain records, and audit the process.  Without documentation, the policy is doomed to fail, and provides no protection when government prosecutors conduct an investigation.

3.  Advice of Counsel – Outside counsel should be used to review and approve any close calls.  The run-of-the-mill situations can be handled by the policy.  In close cases, outside counsel should review the matter, provide a short memo analyzing and approving the expenditure.  The memo should be added to the file and available to auditors and the government if needed.  

Are Compliance Officers Being Asked to Accomplish the Impossible?

Compliance officers are a confident bunch.  Yes, they can worry like all the rest of us, but in the end, they have faith that they can accomplish their mission.

Forward thinking companies are recognizing the importance of empowering compliance officers and relying on their skills to build proactive compliance tools.  Companies are increasingly relying on compliance officers to “fix” the company’s problems – sometimes this mission can be broadly defined and unfairly placed on the compliance officer’s list of responsibilities.

Sometimes problems can be far broader than “just compliance.”  In trying to define the mission and establishing realistic expectations, a compliance officer should always look to the company’s governance structure and operations.  Good corporate governance practices usually will lead to proper compliance boundaries and responsibilities. 

In many industry sectors, compliance officers are now expected to carry out multiple responsibilities, including operational, legal, investigator, policeman/woman, economist, financier and even philosophers.  Compliance officers have to be careful to avoid being charged with more than they can handle, and they have to preserve a realistic role and set of expectations for themselves in the company.  .    

Five Critical Questions to Weigh When You Find an FCPA Violation

Companies discover FCPA violations all the time – most are small and few are big.  Most companies learn of these violations when implementing or upgrading their compliance program. 

Typically, FCPA violations are discovered in the aftermath of an acquisition (months or even years after the acquisition), or in a company’s failure to implement adequate controls and supervision of their third parties and/or distributors.

When discovered, companies have to do something.  The question is what should a company do.  The answer – it depends.  Here are the five critical questions which need to be addressed:

1.  Has the conduct stopped?

This is the first and most important question.  It is critical that the company put a stop to the conduct.  The failure to do so can reflect either the lack of commitment by the company to compliance, and/or the inability of the company to exercise adequate control of its employees.  Either way prosecutors will seize on such evidence and demand major changes to the company’s compliance program. 

The government has cited companies for failing to cease immediately conduct which violates the law.  In one case, a company was unable to stop improper payments by a subsidiary months after the violations were initially discovered.  

2.  What was the nature and extent of the violation (s)?

Once the conduct has been stopped, the company needs to learn as quickly as possible the nature and extent of the violation(s).  While there may be a rush to identify and define the problem, the company has to be careful to avoid issues and conduct which need to be examined.  A quick and accurate assessment has to be made, but flexibility has to be preserved to respond to additional facts. 

If the problem involves a failure to control third party agents in high-risk countries for years, a company should define a broad inquiry into the third party relationships in that country.  On the other hand, if the company suspects that improper payments were made through gifts and entertainment expenditures to a single entity (e.g. a sovereign wealth fund representative), the initial inquiry may be more limited in scope.

Whatever the initial assessment, the company should gather as much information as quickly as possible.  A small assessment team should review the information, conduct initial interviews and analyze the potential problem and exposure.

"Mandatory Compliance Programs"

The healthcare industry always has taken the lead in compliance issues, developing innovative compliance tools and programs.   Anti-corruption compliance borrows heavily from many healthcare compliance ideas.

Healthcare companies are dependent on the government for revenues.   As the government plays a greater role in our healthcare system, healthcare companies can expect compliance to become even more important.   At the same time, the government is dedicating more resources to prosecuting healthcare companies for fraud.  This effort will continue and ultimately expand.  For companies in the healthcare industries, the risks are significant and will only increase as the complexity of the healthcare system increases, and as the government plays a large role in the industry.

Healthcare companies have seen the development of mandatory compliance requirements. The sources of these requirements include: (1) the US Sentencing Guidelines; (2) Office of Inspector General/Health and Human Services Guidance; (3) Medicare Part C and D Mandatory Compliance Guidelines; and (4) FAR Acquisition Regulations.  Since 1998, the OIG/HHS has encouraged healthcare providers to implement voluntary compliance programs.