No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Governance

What is Your Board’s Investigation Protocol?

by Thomas Fox
February 26, 2014
in Governance
What is Your Board’s Investigation Protocol?

Many companies have an investigation protocol in place when a potential Foreign Corruption Practices Act (FCPA) or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic, because if a Board of Directors does not handle an investigation right, the consequences to the company, its reputation and value can all be quite severe.

In an article in The Corporate Board magazine, entitled “Successful Board Investigations,” by David Bayless and Tammy Albarrán, partners in the law firm of Covington & Burling LLP, the authors recognize that the vast majority of investigations will be handled or directed by in-house counsel. However, if and when such an investigation is needed, it is critical that it be handled with great care and skill. The authors note, “while this task is fraught with peril, there are a number of steps a Board can take to ensure that the investigation accomplishes the Board’s goals, which will enable it to make informed decisions, and withstands scrutiny by third parties” because it is this third-party scrutiny, in the form of regulators, government officials, judges/arbitrators or plaintiffs’ counsel in shareholder actions, who will be reviewing any investigation commissioned by a Board of Directors.

The authors believe that there are five key goals that any investigation led by a Board of Directors must meet. They are:

  • Thoroughness – The authors believe that one of the key and most critical questions that any regulator might pose is just how thorough the investigation is to test whether they can rely on the facts discovered without having to repeat the investigation themselves. Regulators tend to be skeptical of investigations where limits are placed (expressly or otherwise) on the investigators in terms of what is investigated or how the investigation is conducted. This question can be an initial deal killer; if the regulator involved views an investigation as insufficiently thorough, its credibility is undermined. And, of course, it can lead to the dreaded “where else” question.
  • Objectivity – Here, the authors write that any “investigation must follow the facts wherever they lead, regardless of the conse­quences. This includes how the findings may impact senior management or other company employees. An investigation seen as lacking objectivity will be viewed by outsiders as inadequate or deficient.” I would add that, in addition to the objectivity requirement in the investigation, the same must be had with the investigators themselves. If a company uses its regular outside counsel, it may be viewed askance, particularly if the client is a high-volume client of the law firm involved, either in dollar amounts or in number of matters handled by the firm.
  • Accuracy – As in any part of a best practices anti-corruption compliance program, the three most important things are document, document and document. This means that the factual findings of an investigation must be well supported. For if the developed facts are not well supported, the authors believe that the investigation is “open to collateral attack by skeptical prosecutors and regulators. If that happens, the time and money spent on the internal investigation will have been wasted, because the government will end up conducting its own investigation of the same issues.” This is never good and your company may well lose what little credibility and good will it may have engendered by self-reporting or self-investigating.
  • Timeliness – Certainly in the world of FCPA enforcement, an internal investigation should be done quickly. This has become even more necessary with the tight deadlines set under the Dodd-Frank Act whistleblower provisions. But there are other considerations for a public company, such as an impending Securities and Exchange Commission (SEC) quarterly or annual report that may need to be deferred absent a timely resolution of the matter. Lastly, the Department of Justice (DOJ) or SEC may view delaying an investigation as simply a part of document spoliation. So timeliness is crucial.
  • Credibility – One of the realities of any FCPA investigation is that a Board-of-Directors-led investigation is reviewed after the fact by not only skeptical third parties but also sometimes years after the initial events and investigation. So not only is there the opportunity for Monday-morning quarterbacking, but quite a bit of post-event analysis. So the authors believe that any Board-of-Directors-led investigation “must be (and must be perceived as) credible as to what was done, how it was done and who did it. Otherwise, the Board’s work will have been for naught.”

To help manage these five issues the authors have seven tangible considerations they suggest that a Board of Directors follow to help make an investigation successful. These seven consideration are listed as follows.

1. Consider whether you need independent outside counsel

The authors stress that the appearance of partiality “undermines the objectivity and credibility of an investigation.” That means you should not use your regular counsel. The authors refer to the Securities and Exchange Commission (SEC) analysis of how independent Board members truly are to explain the need for independent counsel. They state, “the SEC considers the following criteria when determining whether (and how much) to credit self-policing, self-reporting, remediation and cooperation:”

  • Did management, the Board or committees consisting solely of outside directors oversee the review?
  • Did company employees or outside persons perform the review?
  • If outside persons, have they done other work for the company?
  • If the review was conducted by outside counsel, had management previously engaged such counsel?
  • How long ago was the firm’s last representation of the company?
  • How often has the law firm represented the company?
  • How much in legal fees has the company paid the firm?

As Andre Agassi might say, “perception is reality.”

2. Consider hiring an experienced “investigator” to lead the internal investigation

Noted internal investigation expert Jim McGrath has written and spoken about the need to utilize specialized counsel in any serious investigation. If a Board is leading an investigation, I would submit that by definition, it is serious. The authors say that your investigation needs to be led by a lawyer with significant experience in conducting internal investigations, a strong background in criminal or SEC enforcement and substantive experience in the particular area of law at issue. These traits are needed so that your designated counsel will think like an investigator, not like an in-house lawyer or civil litigator.

3. Consider the need to retain outside experts

In any FCPA or other anti-corruption investigation, there will be the need for a wider variety of subject matter experts (SMEs) than a compliance professional. The authors correctly recognize that “if there are accounting issues, forensic accountants might be needed. In this day and age, an electronic discovery consultant is often required and can be a cost-effective option for gathering and processing electronic data for review.” These types of investigations will most probably be cross-border as well, and this will require other varieties of expertise. The authors caution, “the lowest bid may not necessarily be the best for a particular investigation. While cost is important, understand the limitations of each consultant and, with input from your investigator, determine which consultant best meets your goals.”

4. Analyze potential conflicts of interest at the outset of and during the investigation

The authors see two types of conflicts of interest that may come to light during an investigation. First is the one which comes up when the law firm or lawyers conducting the investigation are those whose prior legal advice has some bearing on the matters being investigated because a company’s regular outside lawyers represent the company. During an internal investigation, however, the lawyers may be hired by, and represent, the Board or its committee. The second occurs when a lawyer or law firm jointly represents the Board and employees at the company, as regulators have become increasingly concerned with joint representations. Moreover, “the trickier question is what to do when there simply is a risk that representing one client could limit the lawyers’ duties to the other.” So in these situations, joint representation may not be appropriate.

5. Carefully evaluate whistleblower allegations

With the advent of Sarbanes-Oxley (SOX) and Dodd-Frank, whistleblowers have become more important and taking their allegations seriously is paramount. This does not mean trying to find out who the whistleblowers might be to punish or silence them, even if they are located outside the United States and therefore do not have protections under these laws; they can still get hefty bounties. The authors recognize that companies can “run into problems when whistleblower allegations are discounted, if not outright dismissed, especially if the whistleblower has a history of causing trouble or is perceived as incompetent. When this type of whistleblower makes a claim, it is easy to presume ulterior motives.” While such motives might exist, it does not matter one iota when it comes to the investigation, as “regulators are very wary of Boards that do not satisfactorily evaluate a whistleblower’s complaint based on a perception of the whistleblower himself, as opposed to the substance of the complaint.”

6. Request regular updates from outside counsel without limiting the investigation

These types of investigations are long and very costly. They can easily spin out of cost control. But, by trying to manage these costs, a Board might be perceived as placing improper limits on the investigation. The “goal is to strike the right balance between the cost of the investigation and its thoroughness and credibility.” To do so, the authors advise that flexibility is an important ingredient. A Board can begin the project with an agreed-upon initial scope of work and then “revisit the scope of work as the investigation progresses. If conduct is discovered that legitimately calls for expanding the scope of the investigation, then the Board can revisit the issue at that point. Put another way, the scope of what to investigate is not a static, one-time decision. It can, and usually does, evolve.” By seeking regular updates and questioning counsel on what they are doing and why, directors can manage costs while ensuring that the investigation is sufficiently thorough and credible.

7. Consider whether an oral report at the conclusion of the investigation is sufficient

While there may be instances in which, due to complexity and the nature of the allegations involved, a written report is necessary, the authors believe that there may be times when an oral report delivered to a Board is better than a written report, for while “a written report may be easier to follow and appear to be the logical conclusion to an investigation, it is an expensive and time-consuming endeavor, and it comes with great risk.” The authors indicate three reasons for this position.

First, it is much easier to inadvertently waive the attorney-client privilege if a written report is created; additionally, in the wrong hands, such a written report may well create “a roadmap to a plaintiff” in any shareholder action. Second, once those findings and conclusions are written, they may become “set in stone. If later information comes to light that impacts the report’s conclusions, altering the conclusions may undermine the credibility of the entire investigation. So, retaining flexibility to change the findings if further information is later learned is a real advantage of an oral report.” Third, and finally, “it takes time to prepare a well-written and thorough report. When an internal investigation must be conducted quickly, spending time to prepare a written report may not be an efficient use of time.” For all of these reasons, and perhaps others, an oral report presented to the Board and documented in Board meeting minutes may be sufficient.

The authors conclude their piece by stating, “by keeping in mind the issues addressed above, the Board will be better prepared for the investigation and readily able to exercise good judgment throughout the review. A well-conducted investigation by the Board may spare the company further disruption and costs associated with follow-on investigations by the regulators, or at the very least minimize the company’s exposure.” I would only add that by following some of the prescriptions set out by Bayless and Albarrán, your Board might also avoid the fate that befell several well known companies which are now in the middle of very public, multimillion-dollar FCPA investigations. Just as companies need to be prepared for such matters, so should Boards be.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014


Previous Post

Regulatory Compliance Has No Speed Traps

Next Post

Empowering Business Agility: Strengthening Internal Audit’s Impact and Value

Thomas Fox

Thomas Fox

Thomas Fox has practiced law in Houston for 25 years. He is now assisting companies with FCPA compliance, risk management and international transactions. He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously Division Counsel with Halliburton Energy Services, Inc. where he supported Halliburton’s software division and its downhole division, which included the logging, directional drilling and drill bit business units. Tom attended undergraduate school at the University of Texas, graduate school at Michigan State University and law school at the University of Michigan. Tom writes and speaks nationally and internationally on a wide variety of topics, ranging from FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets. Thomas Fox can be contacted via email at tfox@tfoxlaw.com or through his website www.tfoxlaw.com. Follow this link to see all of his articles.

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

Next Post

Empowering Business Agility: Strengthening Internal Audit’s Impact and Value

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT