Wednesday, January 20, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights

Derailing Internal Reviews, Audits, Assessments and Investigations

by Michael Volkov
March 4, 2016
in Uncategorized
internal audits are important, but so are independent investigations

This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.

Following FCPA enforcement actions provides important insights that can be translated into corporate compliance program best practices. One key element of an effective ethics and compliance program is conducting periodic assessments and implementing an efficient and responsive internal investigation protocol. Under the Sentencing Guidelines, an effective ethics and compliance program has to prevent and detect potential violations of law and the company’s code of conduct.

Recently, FCPA enforcement actions have underscored some glaring problems in this area. Several companies identified potential compliance problems or weaknesses in their anti-corruption compliance programs. However, these inquiries and investigations failed to uncover the full scope of the problem, leading to the continuation of illegal bribery. It was not until outside counsel conducted an internal investigation that the full scope of the problem was uncovered.

There are two possible explanations for this problem – both of which are not good. First, the internal investigation protocol applied by the company is weak and suffers from serious deficiencies either in terms of resources or capabilities. Second, and very troubling, is the possibility that internal inquiries are conducted to produce a result that is favorable to current management. If the structure of these inquiries is mere window dressing, designed to reach a predetermined result, the company has serious culture problems and could be exposed to potential obstruction issues.

In the last six months, the FCPA enforcement actions have had a familiar pattern: inadequate controls over gifts, meals and entertainment, particularly in China. It is not like this is a new issue; compliance and enforcement professionals have been discussing this risk for years and recommending appropriate steps to mitigate those risks.

Outside counsel is usually brought in and retained with a mandate to conduct a thorough independent investigation. Outside counsel is not beholden to the company or depending upon approval from senior management for counsel’s career. But outside counsel is not a foolproof solution – there have been plenty of situations where outside counsel has investigated the matter with an eye to currying favor with senior management or a corporate Board.

The focus of this article is not on outside counsel and oversight of outside counsel to ensure a fair and thorough independent investigation.

Companies that suspect FCPA violations need to devote more attention to ensuring that their own investigations uncover evidence of such violations. The SEC and DOJ will cite the failure of internal investigation functions to detect and investigate potential violations. If an initial investigation is deficient, the company will lose a valuable opportunity to demonstrate the strength of its culture, as well as the assignment of adequate resources to detect and uncover illegal conduct.

A company that seeks to brush a matter under the rug or that conducts a cursory investigation is certain to lose points and credibility with the DOJ and SEC.

For compliance practitioners, the message is clear: companies have to design and implement effective independent internal investigation functions. A separate investigation function that is supported by top management and encouraged to uncover potential problems is an important engine for promoting an ethical culture and establishing a speak-up culture where employees trust the company’s internal policing system.

When companies avoid the hard truths, turn a blind eye to potential problems or skew risk assessment results, they risk serious enforcement actions and damage to any culture of compliance. Senior management has to embrace these functions and avoid any appearance of or actions to obstruct an inquiry into potential misconduct. This cannot be done on a case-by-case basis, but depends on establishing a structure that promotes independence and objective investigations.

A company’s credibility on its commitment to a culture of compliance is easy to test when it comes to its internal investigation function. If the company encourages internal reporting, commits to respond to potential problems and avoids any inkling of retaliation against employees that report problems, the company will be able to build a solid foundation to promote objective and fair internal investigations.


Tags: HIPAA
Previous Post

Protiviti: Cybersecurity Risk Becoming a Mainstay in Annual Audit Plans

Next Post

Winning the War for Talent

Michael Volkov

Michael-Volkov-leclairryan Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at mvolkov@volkovlaw.com. Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues. Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for five years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice. Michael also maintains a well-known blog: Corruption Crime & Compliance, which is frequently cited by anti-corruption professionals and professionals in the compliance industry.

Related Posts

silhouette of businesspeople in meeting with blue cyber background

Cyber Risk Quantification and Prioritization is the Future of GRC

January 20, 2021
miniature airplane on global currency

FinCEN’s Proposed Changes to the Recordkeeping and Travel Rule Thresholds

January 20, 2021
man working on smartphone and laptop

Adverse Media Screening: Relying on Google Alone Can Expose Organizations to Risk

January 19, 2021
hand showing three fingers on gray background

A Culture of Compliance: The 3 R’s

January 19, 2021
Next Post
Top talent demands competitive benefits. Can you retain your star performers with the benefits you’re offering?

Winning the War for Talent

Access realtime data

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management culture of ethics cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights