No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Risk

When Investigators Pile On, Make Sure You Navigate These Pitfalls

Planning for the Unplanned Can Help Firms Pilot the Complexities of Multifront Regulatory Probes

by John West and Chris Carlson
November 3, 2021
in Risk
Illustration of a man with a cone on his head stumbling toward a manhole.

When businesses do wrong in the current climate of regulatory enforcement, they often find themselves under scrutiny from federal, state and local agencies. In this eventuality, one can take some steps (and avoid others) to mitigate the impact.

All companies dread the idea of a federal, state or local regulator investigating their business practices. These days, instead of a single investigation, a company can expect that an initial investigation will spark concurrent and future investigations by other regulators. These seemingly endless investigations require substantial time, effort and energy better spent elsewhere. These resources are put to the test when the company faces investigation after investigation and is forced to make decisions that do not affect just one regulator.

Review benchmark goals in obtaining a global release of all potential liability associated with the business practice at issue and learn about solutions to some of the numerous pitfalls that often occur during an investigation. By following these steps and planning for the unplanned, a company can navigate the complexities of a multifront regulatory investigation.

The End Goal: Ensuring Peace with Investigating Regulator, Vertical–Sister Regulators and Horizontal Regulators

Ensuring Peace with Investigating Regulator

As the federal government’s role of lead enforcer waned during the Trump administration, state and local regulators expanded their capacities and statutory reach. For instance, state attorneys general – who historically investigated state matters separately and joined in multistate settlements on national issues – now separately seek to hold companies accountable, for example, for allegedly hiding early knowledge of climate change from investors and consumers, allowing U.S. Customs & Border Protection to conduct immigration sweeps on Greyhound buses, and alleged workplace safety deficiencies arising during the pandemic. At the local level, large municipalities have increasingly adopted ordinances that provide for independent enforcement of state deceptive practices laws and their own False Claims Act ordinances. If a settlement is contemplated, the foremost goal is to ensure that this same conduct is not investigated further by the same regulator based upon a different statute the regulator is able to enforce.

Today I am suing Exxon Mobil Corporation, Shell Oil Company, Sunoco LP, CITGO Petroleum Corporation, & other related companies for deceptive and unfair practices. #vtpoli https://t.co/IU5sqA65gW

— TJ Donovan (@TJforVermont) September 14, 2021

Ensuring ‘Horizontal’ Peace with Sister Regulators

Federal and state governments consist of a web of interconnected agencies. Today, it is not uncommon for multiple agencies within a federal or state government to initiate investigations against the same corporate target. Each of these agencies will declare that they lack the authority to release the claims of their sister agencies. Thus, an investigation by one agency does not preclude another agency from initiating its own investigation. On some occasions, one competitive sister agency will initiate an action after other agencies have resolved their own investigations, especially if the media has implied that a certain agency neglected or underenforced its regulatory directive.

The same is true on the state level where state agencies share concurrent authority with the state attorney general. An example occurred late last year when 50 state attorneys general and bank regulators from 53 jurisdictions reached separate settlements with Nationstar Mortgage regarding its servicing practices. Because the public announcement of a resolution will spark additional scrutiny, a company should fully assess its regulatory exposure before making any such announcement. A company often benefits from delaying a resolution announcement to gain additional intelligence about the potential for follow-on investigations.

Ensuring ‘Vertical’ Peace with Appropriate Federal, State and Local Regulators

Over the past decade, state attorneys general and localities have taken action to expand their staffs and pushed for expanded statutory enforcement authority based upon a perceived lack of federal enforcement. While our experience has already demonstrated that the Biden administration has resulted in stronger regulatory enforcement, companies should not expect states and localities to walk away from this three-tier regulatory system. For example, Equifax’s data breach resulted in a resolution with the Federal Trade Commission, a multistate settlement with 48 states, the District of Columbia and Puerto Rico, separate settlements with Indiana and Massachusetts and a resolution with the city of Chicago, along with pending lawsuits by other localities.

Regulators have taken specific precautions not to encroach on the authority of others. For example, West Virginia’s recent $10 million resolution with McKinsey & Co. in February 2020 (occurring separately from a $573 million multistate settlement with 49 states), included an express provision that upon proper notice McKinsey waived its right to argue that West Virginia’s localities were included within the release. This provision notes the regulator’s limited authority and ensures that the company is on notice that other regulators are not barred from bringing subsequent actions for the same business practice.

Additionally, the city of Chicago was also able to reach a $1.5 million settlement with Equifax in addition to the amount paid to the Illinois Attorney General under the multistate settlement. Chicago’s press release declared that the settlement “complemented settlements reached with Equifax by the federal government, state governments and private plaintiffs.”

Corporate Strategy: Navigating the Pitfalls

Before an investigation even begins or in the early stages of an investigation, a company must create a corporate strategy that envisions and prospectively combats concurrent and future investigations by federal, state and local regulators. Best-case scenario, when a company decides to settle a federal, state or local investigation, the company will obtain a release from the entire scope of the regulator’s enforcement authority and resolve other investigations simultaneously. However, like anything, all perfect plans will run into a series of hiccups throughout the investigatory process. Corporate entities need to create an initial plan as well as a series of responses to potential changes in the approach to multijurisdictional investigations. Due to the uncertainty of multijurisdictional investigations, it is critical that a company’s corporate strategy is adaptable and able to triage potential pitfalls.

Pitfall #1: Release Provisions

As the statutory directives of regulators expand, it is critical that a company’s resolution release every potential claim that a regulator could bring related to the conduct at issue. This requires insight to ensure not only that the “Covered Conduct” investigated by the regulator is released but also is mindful of other statutory authority and ensures that the release covers these activities as well. For example, if a company is being investigated for misleading communications to consumers, the state attorney general’s investigation may only be based upon consumer protection violations; however, many states are able to stand in the shoes of state citizens through their “parens patriae” authority and bring product liability claims where the covered conduct would be the product defect not the consumer communication.

Pitfall #2: Risk Exposure Assessment

Even with an appropriate release, a resolution with one regulator does not occur in a vacuum, and a company must evaluate whether a public resolution will lead other regulators to inquire about the specific practices at issue. Because the public announcement of a resolution will spark additional scrutiny, a company should fully assess its regulatory exposure before making any such announcement. A company needs to determine if its risk exposure assessment is scoped and analyzed correctly to prepare for current, pending and future investigations. This assessment should allow the company to create a strategic approach to current and pending litigation as well as prepare in advance for future investigations. The risk exposure assessment should identify the business practice in question, decide which regulators may initiate an investigation, evaluate investigation risks, decide on risk control measures and update the assessment as necessary. A correct risk exposure assessment allows the company to gain insight into which regulators, if any, may initiate a regulatory investigation. A thorough and comprehensive risk exposure assessment allows a corporate entity to fully internalize the regulatory exposure risks, especially those arising from the public announcement of a resolution to make a clear decision on how to approach sister regulators that have yet to take any action.

Pitfall #3: Identifying Possible or Pending Investigations

So, how do companies identify possible or pending regulatory investigations? One of the best ways is to ask the resolving regulator whether he or she had discussed the matter with other regulators. Traditionally, if a cordial line of communication has been maintained during the negotiation process, the regulator will readily provide this information on the eve of a resolution. At the state level, some state attorneys general have agreed to commit within the agreement terms that the office is unaware of any pending state agency investigation. That said, no state attorney general will provide the same level of peace for other state attorneys general.

If possible, a company should seek to resolve its investigation through a concurrent settlement because this enables a company to move forward in quick succession after a settlement, instead of having multiple settlements occurring over an elongated period of time. A continuing drip of settlement results in prolonged stress on a company’s legal team and utilizes time and energy from company executives trying to move forward from the business practice at issue.

Pitfall #4: Failure to Get Advance Warning About Other Potential Agencies Investigations

Although a company may receive an early warning about upcoming investigations, it is unlikely that a company will receive adequate warning for every investigation and may be unable to completely ensure that a regulator will not take action in the future. As a result, when entering into a settlement, a company should prepare a risk matrix of all regulators that could take follow on action. This risk matrix should analyze the relevant statutes of limitation and historical instances where that regulator has entered into a subsequent settlement that post-dates an initial settlement from another regulatory body.

Moreover, because it is almost impossible — and financially imprudent — to ensure that all regulators with statutory authority will not take future action, the company should develop and implement a corporate strategy that is responsive to numerous potential investigations. This strategy should include a detailed explanation of why the company’s previous settlement achieved the newly investigating regulators goals, including providing for consumer restitution and changing the company’s business practices mitigating the risks of the similar conduct.

Pitfall #5: Ensure Control Over Information Produced During Discovery

In light of the complex landscape of cooperating regulatory officials, it is critical that a company ensure control over information produced during discovery. The best way to ensure control over information is a confidentiality agreement. In order to prevent regulators from sharing information with one another without a company’s knowledge, the company must negotiate confidentiality agreements with each regulator. If no confidentiality agreement is in place, the corporate target should assume that the information provided to one regulator will be shared with other regulators at both the state and federal level because statutes often dictate that a regulator may share information at its discretion.

Further, a company cannot use a standard confidentiality agreement for each regulator. Instead, it is imperative that a company negotiating confidentiality agreements has a full understanding of how each regulatory body reads its own statutory confidentiality obligations.

In addition to ensuring control over information produced during discovery, confidentiality agreements also provide the company an opportunity to tease out whether other investigations are occurring under the surface. When negotiating a confidentiality agreement, companies should consider the possibility that this information may be shared with other regulators and, in turn, used to facilitate additional investigations without the company’s knowledge.

Pitfall #6: Negotiating Consistent Injunctive Terms Across Multijurisdictional Investigations

When already aware of other pending investigations, a company should utilize this time to reach agreements that include overlapping and consistent injunctive terms. This minimizes the burden on the company after the settlement has been finalized. Overlapping and consistent injunctive terms decrease the burden on the company long after the investigation has concluded.

When a settlement has been finalized and another investigation arises, a company should try to negotiate similar injunctive terms with the new investigating regulator that correspond with the terms in the finalized settlement. Even more, a concurrent settlement provides multiple regulators with the ability to take credit for the same programs, including business changes or consumer restitution, while a company can seek to leverage these changes across multiple negotiations. Thus, coordinated investigations create a win-win situation for both regulators and the corporate target.

Conclusion

Companies benefit by taking action now to establish a structure to navigate the pitfalls that often arise during a single regulatory investigation or (increasingly common) multi-tiered regulatory action. This plan also provides a holistic framework to respond to unanticipated problems and determine before an investigation is initiated how a company will treat the possibility of additional regulatory inquiries.

 


Tags: Risk Assessment
Previous Post

Oxeye Emerges From Stealth; Platform Will Target $2.4B Cloud-Native AST Market

Next Post

Above Board: How Directors Are Tapping Compliance to Pursue Goals and Mitigate Risk

John West and Chris Carlson

John West and Chris Carlson

John WestJohn West is a partner and chair of Troutman Pepper’s business litigation department, where he advises clients on regulatory compliance matters handling all phases of government and internal investigations. Providing strong strategic and practical advice, he has particular experience in matters involving government contractors, the False Claims Act, and the alcoholic beverage industry. He can be reached at john.west@troutman.com.
Chris CarlsonChris Carlson represents clients in regulatory, civil and criminal investigations and litigation at Troutman Pepper. He employs his prior regulatory experience to benefit clients who are interacting with and being investigated by state attorneys general. He can be reached at chris.carlson@troutman.com.

Related Posts

ai policy

Planning Your AI Policy? Start Here.

by Bradford J. Kelley, Mike Skidgel and Alice Wang
May 7, 2025

Effective AI governance begins with clear policies that establish boundaries for workplace use. Bradford J. Kelley, Mike Skidgel and Alice...

business relationship concept hands

Relationship (Owner) Goals: Why Half Your TPRM Red Flags Stay Hidden

by Chris Audet
April 9, 2025

The front-line staff who manage vendor relationships are uniquely positioned to spot problems before they escalate, yet many organizations fail...

cute robot looking at financial volumes

AI’s Dual Role in FinServ Risk Management

by Nalini Priya Uppari
March 28, 2025

As technology evolves, so do the tools that help banks and investment firms maintain stability amid uncertainty

mineral mining operation

Why Critical Minerals Demand a Compliance Revolution

by Rebeca Vergara Gaona
February 11, 2025

Corporate compliance lessons could help strengthen intergovernmental mineral agreements before problems arise

Next Post
A life buoy sits on a ship gunnel, above board

Above Board: How Directors Are Tapping Compliance to Pursue Goals and Mitigate Risk

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights