Derailing Internal Reviews, Audits, Assessments and Investigations

This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.

Following FCPA enforcement actions provides important insights that can be translated into corporate compliance program best practices. One key element of an effective ethics and compliance program is conducting periodic assessments and implementing an efficient and responsive internal investigation protocol. Under the Sentencing Guidelines, an effective ethics and compliance program has to prevent and detect potential violations of law and the company’s code of conduct.

Recently, FCPA enforcement actions have underscored some glaring problems in this area. Several companies identified potential compliance problems or weaknesses in their anti-corruption compliance programs. However, these inquiries and investigations failed to uncover the full scope of the problem, leading to the continuation of illegal bribery. It was not until outside counsel conducted an internal investigation that the full scope of the problem was uncovered.

There are two possible explanations for this problem – both of which are not good. First, the internal investigation protocol applied by the company is weak and suffers from serious deficiencies either in terms of resources or capabilities. Second, and very troubling, is the possibility that internal inquiries are conducted to produce a result that is favorable to current management. If the structure of these inquiries is mere window dressing, designed to reach a predetermined result, the company has serious culture problems and could be exposed to potential obstruction issues.

In the last six months, the FCPA enforcement actions have had a familiar pattern: inadequate controls over gifts, meals and entertainment, particularly in China. It is not like this is a new issue; compliance and enforcement professionals have been discussing this risk for years and recommending appropriate steps to mitigate those risks.

Outside counsel is usually brought in and retained with a mandate to conduct a thorough independent investigation. Outside counsel is not beholden to the company or depending upon approval from senior management for counsel’s career. But outside counsel is not a foolproof solution – there have been plenty of situations where outside counsel has investigated the matter with an eye to currying favor with senior management or a corporate Board.

The focus of this article is not on outside counsel and oversight of outside counsel to ensure a fair and thorough independent investigation.

Companies that suspect FCPA violations need to devote more attention to ensuring that their own investigations uncover evidence of such violations. The SEC and DOJ will cite the failure of internal investigation functions to detect and investigate potential violations. If an initial investigation is deficient, the company will lose a valuable opportunity to demonstrate the strength of its culture, as well as the assignment of adequate resources to detect and uncover illegal conduct.

A company that seeks to brush a matter under the rug or that conducts a cursory investigation is certain to lose points and credibility with the DOJ and SEC.

For compliance practitioners, the message is clear: companies have to design and implement effective independent internal investigation functions. A separate investigation function that is supported by top management and encouraged to uncover potential problems is an important engine for promoting an ethical culture and establishing a speak-up culture where employees trust the company’s internal policing system.

When companies avoid the hard truths, turn a blind eye to potential problems or skew risk assessment results, they risk serious enforcement actions and damage to any culture of compliance. Senior management has to embrace these functions and avoid any appearance of or actions to obstruct an inquiry into potential misconduct. This cannot be done on a case-by-case basis, but depends on establishing a structure that promotes independence and objective investigations.

A company’s credibility on its commitment to a culture of compliance is easy to test when it comes to its internal investigation function. If the company encourages internal reporting, commits to respond to potential problems and avoids any inkling of retaliation against employees that report problems, the company will be able to build a solid foundation to promote objective and fair internal investigations.