What Is A Compliance Program?Prevent and detect violations of applicable laws, regulations, rules & ethical standards –Process Oriented –Minimize Risks –Demonstrate commitment to Code of Conduct –Foster ethical and pro-compliance culture Analogy to Insurance Policy • “You Get What You Pay For”
How Do You Establish a Compliance Program?• Review legal requirements• Conduct a legal/regulatory risk assessment• Identify areas of focus• Ensure program meets Guidelines requirements• Upgrade program where necessary• Tailor-Fit Program to Unique Operations
Core Components of the Program Legal & Regulatory Risk Assessment Tone at the top Processes developed and owned by business leaders– Woven into operations – not a “legal” program Standards come from the laws of the nations in which you operate Training – consistent throughout business Must measure, monitor and audit what is mandated Reporting and investigations Continuous improvement Annual audit and periodic monitoring by an audit function3
Risk Assessment Where and What What behaviors are likely to get company in trouble with government agencies? Weighing legal risks Probability of occurrence Impact to business Adequacy of Existing Controls Priority with other projects Whose role(s)?4
Risk Assessment Basics • Legal & regulatory risk assessment is the cornerstone Identify each business’ legal/regulatory risks – Magnitude – Frequency – Location – Existing controls to address• Leaders’ expertise & input to identify & prioritize risks• Develop teams and plans to address each top risk• Ensure proper support for teams• Regularly report on progress of each plan• Risk Mitigation efforts must follow – Cost Benefit analysis is critical
Detect & Cure Misconduct Set up Procedures: –Internal Reporting of Misconduct or Violations; –Documenting Complaints; –Investigating Complaints; –Upper Management Reporting & Response –Enforcing Program –Improving Training (i.e. Self-Correcting)6
“Principles of Federal Prosecution of Business Organizations” (Sec. 9-28.300)General Factors To Consider in Charging:–Nature & Seriousness of Offense–Pervasiveness of Wrongdoing w/in Corporation–Corporation’s History of Wrongdoing (Crim/Civ/Reg)–Corporation’s Timely & Voluntary Disclosure
“Principles of Federal Prosecution of Business Organizations” (Sec. 9-28.300)General Factors To Consider in Charging:–Existence & Adequacy of Corp’s Compliance Program–Corporation’s Remedial Actions–Collateral Consequences–Adequacy of Prosecution of Individuals or Civil Actions
Goal: Understand & Influence Prosecutorial Discretion What is Root Cause of Problem ?– A “Bad Apple” (Employee)– A “Bad Orchard” (Organization / Culture)
Focus on Compliance Programs Factors in Evaluating a Compliance Program (among others):–Corporate governance mechanisms to detect and prevent misconduct, such as director’s oversight of compliance–Staff sufficient to audit, document, analyze and use the corporation’s compliance efforts–Employee’s knowledge of – and “buy-in” regarding the compliance program
7 Criteria for “Effective” Corporate Compliance Plans (8B2.1)1. Establishing compliance standards and procedures that are reasonably capable of reducing the prospect of criminal conduct (i.e. written company policy statements and policies approved by senior management or board);2. Assigning overall oversight responsibility to specific individuals within high-level positions (i.e. centralized compliance activities and a compliance officer with11 authority to monitor);
7 Criteria for “Effective” Corporate Compliance Plans (8B2.1) 3. Exercising due care not to delegate responsibility to individuals who are predisposed to illegal activities (accomplished with a careful and well- documented screening process for key employees); 4. Effectively communicating the programs standards and procedures to all employees (i.e. adequate employee training);12
7 Criteria for “Effective” Corporate Compliance Plans (8B2.1) 5. Taking reasonable steps to achieve compliance with the standards (i.e. monitoring, auditing, establishing best practices benchmarks, etc.); 6. Consistently enforcing the standards through appropriate disciplinary mechanisms (i.e. disincentives policy, range of disciplinary measures ); 7. Responding appropriately to an offense and taking all reasonable steps to prevent similar offenses, including any necessary program modifications (i.e. authorizing or13 conducting internal investigations)
Federal Sentencing Guidelines - Criteria for Effective Programs Size of the organization– Formal program for larger companies Nature of the business– Highly regulated activities require greater effort Prior compliance history– Previous problem areas should be addressed Industry standards– Must meet or exceed industry standards
Lessons Learned from Convicted Corporations• Most Adopt an Extremely Proactive & Pro- Compliance Approach (i.e. “Never Again” Mentality)• Staggering Economic Losses• Massive Investment to Regain Reputation (** Don’t Lose It In the First Place **)• Compliance = More Valuable Company
Traditional/Obvious Reasons forSetting Up A Compliance Program?Influence Prosecutor’s Discretion –Argument for not bringing criminal charges (both company & individuals)Proof of “Good Corporate Citizenship” Merit Badge • “If the Prosecutor Won’t Listen . . . Perhaps a Jury Will”Reduce penalties or fines
Elusive Reasons for Setting Up A Compliance Program?• Improve Overall Risk Management• Improve corporate image with public, employees, and community• Increase value of company• Provide for efficient management of compliance costs
Why Does Compliance Really Matter?Penalty Reductions? – (Only Part of the Story)•Much More Significant•Broader Applications – – “Ethical Barometer” or “Surrogate” – Better Management18
Measuring “Organizational Culture?”What an Organization SAYS? –Written Materials? • Code of Conduct • Plan & Procedures What an Organization actually DOES? –Measures/Monitors/Records –Invests –Incentives – Punishments & Rewards
Earning Your “Good Corporate Citizenship” Merit Badge• Does your corporation have compliance plans / ethics policies?• Demonstrated commitment from management?• Who is in charge of compliance? Centralized? CCO?• Do you do sufficient background checks?• Training?• Anonymous Hotline?
Earning Your “Good Corporate Citizenship” Merit Badge• Implementation? Benchmarking? –(objective monitoring /audit/enforce)• Documentation?• Plans to Respond to Incidents?• Continual Improvements?
Indicators of Effectiveness• Do employees support the company’s compliance message?• Do they believe management is fully supportive of these messages, even when business goals may seem to conflict?• Do employees understand the procedures?• Does the training work?• Do employees fear reporting concerns through the channels provided?
Establishing a Proactive Attitude About Compliance• Vigorous and visible management support• Compliance made a part of doing business• Consistent communication and diligent implementation• Targeted at high risk areas• Empowered employees supported by standards and training
Deferred Prosecution Agreement (“DPAs”) What is a DPA? Why are they used? Common Elements? Recent Trends
Definition of DPAA deferred prosecution agreement isa voluntary alternative to adjudicationin which a prosecutor agrees to grantamnesty (forego charges) in exchange for the defendant agreeing to fulfill certain requirements.
Common Elements in DPAs• Publicly Filed• Parties (with full authority/resolutions)• Term (1-5 years)• Information Filed (with offenses) – Waivers of S.O.L.• Admission of Wrong-doing (with detailed factual basis)
Common Elements in DPAs• Monetary Penalty Amount (Quite Hefty) – Paid Up Front?• Continued Cooperation (Broadly Defined)• Compliance “Booster” & Review• Governance Reform
Common Elements in DPAs• Business Limitations/Restrictions• Breach Clause• “Non-Contradiction” Clause Public Comments• Mandatory Self-Reporting of Violations• Dismissal of Formal Charges & Higher Penalties
Addt’l Options in DPAs– Strong written policy against violations– Development of standards/procedures to reduce violations– Development of internal controls based on risk assessments– Annual reviews and updates of compliance program
Addt’l Options in DPAs– Designation of single corporate executive to oversee compliance– Implementation of financial/accounting systems– Stronger communications/training– Clear channels for EE guidance and confidential hotline reporting
Addt’l Options in DPAs– Implementation of disciplinary procedures to address violations– Periodic review and testing of compliance to improve effectiveness
Addt’l Options in DPAsAppointment of Monitor – Paid by Company – Assessments and Report – Unique Challenges – Full Access – Reporting Authority to Gov’t – External Efforts to Transform Corporate Culture
Deferred Prosecution Agreement Good News:– No Criminal Prosecution (. . .unless)– No Automatic Corporate Death Sentence (Loss of Jobs)– Less Harm to “Innocent Stakeholders” • (Remember Arthur Andersen ?)– No costly or lengthy/distracting trial
Conducting Cost-Effective Internal Investigations Who & When to Call? What to do first? How to Protect? 38
Responding to “Trouble”♦Make Preliminary Inquiry & Assess “Temperature”♦Initiate Internal Investigation♦Take Corrective Actions: Stop the Bleeding♦If Conduct Internal Investigation, Assess Pros & Cons of: 1) Disclosure of Issues; and 2) Voluntary Cooperation 39
Fundamental Questions: What is an Internal Investigation? Why Conduct One? When to Start Internal Investigation? Who Should Conduct the Investigation? Where Do You Start? How Much Will It Cost?Who Needs to Approve & Who Needs to Be Involved? When Does It Need to Be Completed? What is Result? Where Does Report Go?
What is An Internal Investigation? As the name implies: – Any inquiry conducted internally (in contrast to external governmental) “One Size Does Not Fit All”: – 1-day / 1-witness – Multi-year; multi-witness; document-intensive; expert-intensive.
Internal Investigations Disclosure Obligations?• First . . . Is Disclosure Mandatory or Voluntary?• If Voluntary . . . Whether to Disclose?• If so . . . What to Disclose? –Nature of error/wrongdoing –Evidence of intent• To Whom?• What Format?
Why Conduct An Internal Investigation? What is Purpose? Information is Power Better to Know About the Problems First Find it all - “Good, Bad, Neutral” Allows Full Investigation & Corroboration Limit Exposure Gives Time to Contemplate Strategy Options
Reasons to Conduct Internal Investigation •Fulfill duties of directors and managers; •Gather critical facts and prepare for possible legal defense; •Review & revise accounting procedures and internal controls; •Modify compliance program; •Influence prosecutorial discretion; •Mitigate penalties (civil & criminal) •Provide recommendations and legal advice
When To Start ? Judgment Call – Accountable for Choice Who is Making Accusations? How Serious are the Allegations? Any Corroboration or Support? How Readily Refutable?In short – Start When Stakes Are “High Enough”
Before You Start: Plan to Control the “Spin”Since Internal Investigation = “Rumors” Prepare Company Response to Employee Questions: 1) Preliminary Nature of Investigation 2) Company’s Willingness to Cooperate (if applicable) 3) Company’s Own Efforts to Investigate and Gather Reliable Facts; and 4) Other Positive/Accurate Aspects of Company
Document Retention Advisory Suspend Document Retention Policy– Stop Auto Deletion of Electronic Files– Stop any Auto Destruction of Archived Files in Long- Term Storage Give Contact Information– If Called by Investigators– For Follow-up QuestionsUpdate the Document Advisory As Needed
Document Retention Advisory Distribution List (who to send it to?)What types of docs (drafts, duplicates, etc.)Make Clear the Policy Applies to Work on Personal Computers or PDAs Topics Covered (be over-inclusive) Documents Outside Workplace Confidentiality of Investigation
Where Do You Start? (General Overview)Determine Nature of Allegations, Issues & Potential ViolationsConsult with Management re: Background Information re: Allegations/Misconduct Potential Sources of InformationDevelop an Investigative Strategic PlanAssemble the TeamAddress Means of Supervision
Where Do You Start? (General Overview)Develop Facts Through Document Review & Interviews Prepare Chronologies Prepare Witness Lists Prepare List of Disputed & Undisputed Facts Prepare List of “Hot Docs” (Positive & Negative)
Where Do You Start? (General Overview)Develop Legal Issues/DefensesProtect Legal PrivilegesAssess Potential Conflicts of Interest Between Company & Employees
In Short: What Happened? Who Was Involved? Who Knew What? Is it a Regulatory Violation? Is it Criminal?What is the Potential Legal Exposure? Any Grounds for Defense?
Investigative Plan Scope and Purpose of Investigation Secure Relevant Documents– Retention Memo – “Don’t Destroy Anything”– Electronic Files & Evidence– Archives, etc. Identify Relevant Witnesses– Who? Why? When?– Remember “2 Witness Rule” Experts & Consultants
Who is the Client? Seems Obvious Important to Identify Early– Corporation– Board of Directors– Group of Executives– Individual Executive– Everyone . . . Initially ?
Who Should Conduct? Various Options – In-house – Outside Counsel – Blended Legal Team Factors to Assess – Familiarity with Issues/Regulations – Objectivity/”Fresh Eyes”
Assemble Team Attorneys & InvestigatorsIn-house Personnel and/or Outside Counsel– Advantages & Disadvantages for each Role of Non-Lawyers
Coordinated Victory:Be Efficient & Effective Isolate Roles & Strengths – Company Client Role – Lawyer’s role – Expert/consultant’s Role
Client’s Role Teach You all About Their Business- You Must Know More Than Your Opponent - Most Opponent’s Don’t Know Client’s Business (Use This Advantage) - Case a Wide Net for Information ♦ You Never Know When you Will Use It. - Teach You about Company Resources, Organizational Structure, Policies, Employees, Record-Keeping, Etc.
Lawyer’s RoleEducate Client about Business Crimes or Civil Liability– Severity & Consequences– Not About Being A “Bad Person”– Need for Complete Candor
Role of Investigator, Expert or Consultant Case-Specific Inquiry: – Typical Issues • Positive Character Evidence • Customary Practices in Industry • Background on Informants
Typical DefensesLegal - No Substantive Violation - Lack of Intent/KnowledgeEquitable - Good Faith/”Good Corporate Citizen” ♦ Don’t Just Claim it – “Show It”/Corroborate - Criminal Prosecution is Overkill ♦ Use Civil as Punishment
Government Perspective on Internal Investigations Government Loves Disclosure– Saves Resources– Barometer of “Good Corp. Citizenship”– Company is in Best Position to Get Facts Credibility is Key– Reputation of Lawyer Conducting Investigation– Independence of Lawyer
Another Goal: Accurately Characterize Conduct in Question Government: “Assumes the Worst” Defense: Provide Context & Proper Perspective Key Analogy: Gathering Bad Apples in Orchard
Who Needs to Approve? Who Needs to Be Involved (in Supervising & Reporting)Board of Directors (if Public Company) – Or CommitteeManagement – Key ExecutivesImportance of Pre-Approval: – Genie Out of Bottle – Post-Hoc Finger-Pointing – Consequences of Probing
When Does It Need to Be Completed? Depends upon: – Seriousness – Context – Resources – Externally Imposed Deadlines
What is Result?Oral Findings & Oral Report Written Summary Formal Written Report
Keys to a Successful Document Review •Get an Overview of Allegations •Develop a Plan •Use Company Resources to Identify All Records •Keep Track of Document Review Process / Inventory
The Paper TrailThree Critical Steps: – Retain – Collect – AnalyzeUnique Quality of Documents as Evidence – Fixed in Time (unlike witness memories) – Potential to Corroborate – “Tie Goes to the Version in the Docs”
Collecting DocumentsFinding the Relevant Documents Can be anAdventure – Look in Logical Places – Get Advice from In-House • Send Out Document Collection Memo • Document Collection Interviews – One-on-One – ID Types of Documents – Brainstorm (Where? Who else might know?)
Collecting DocumentsFile Rooms & Long-Term StorageElectronic Files – Searchable ? – Possible Outsource (if needed)Track the Documents Collected – Keep a Record of Source of Each Document • Tracking Sheet (Privileged & Confidential) – Employee – Location of Doc (hard copy, electronic, etc.) – Consider Bates Labeling as Docs are Collected • But “Gaps” can be problematic with suspicious AUSA
Analyzing DocumentsTraditional Approach: – Keep original documents in original order and original files – Use copy sets for analysis and re-organizationArrangement Options: – Chronological – By Witness – By Subject/TopicHi-Tech Options – Imaging/Coding
Protect PrivilegesCounsel Must Direct Investigation – Attorney-Client Privilege – Attorney Work Product – Self-Evaluative PrivilegeEngagement Terms & Upjohn Letter
Following the Paper TrailHave the documents during the witness interview – Refresh witness recollection – Allows specificity – Prevents “Weaseling”Be Wary of Reaching Any Conclusions without AnalyzingRelevant Documents – Lose instant credibility with Gov’t if your initial predictions/assessments are proven wrong by docs
Employee Interviews •Review Ethical Checklist Before Conducting Employee Interviews (Corporate Miranda)•Explain Purpose & Subject Matter of Interview •Develop Rapport & Level of Comfort •Avoid Even the Appearance of Obstruction or Influencing Witness Testimony
Employee InterviewsAnticipate Government’s/Opponent’s Perspective - Ask the Hard Questions - Clarify Basis for Opinions & Information - Request Corroboration - Request Additional LeadsInform Employees of Rights re: Gov’t.InvestigationPrepare Written Summaries
Obstruction of JusticeDon’t Do Anything That Even Has Appearance !!Types: – Witness Tampering – Document Destruction – False Entries