What is Your Board’s Investigation Protocol?

Many companies have an investigation protocol in place when a potential Foreign Corruption Practices Act (FCPA) or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic, because if a Board of Directors does not handle an investigation right, the consequences to the company, its reputation and value can all be quite severe.

In an article in The Corporate Board magazine, entitled “Successful Board Investigations,” by David Bayless and Tammy Albarrán, partners in the law firm of Covington & Burling LLP, the authors recognize that the vast majority of investigations will be handled or directed by in-house counsel. However, if and when such an investigation is needed, it is critical that it be handled with great care and skill. The authors note, “while this task is fraught with peril, there are a number of steps a Board can take to ensure that the investigation accomplishes the Board’s goals, which will enable it to make informed decisions, and withstands scrutiny by third parties” because it is this third-party scrutiny, in the form of regulators, government officials, judges/arbitrators or plaintiffs’ counsel in shareholder actions, who will be reviewing any investigation commissioned by a Board of Directors.

The authors believe that there are five key goals that any investigation led by a Board of Directors must meet. They are:

• Thoroughness – The authors believe that one of the key and most critical questions that any regulator might pose is just how thorough the investigation is to test whether they can rely on the facts discovered without having to repeat the investigation themselves. Regulators tend to be skeptical of investigations where limits are placed (expressly or otherwise) on the investigators in terms of what is investigated or how the investigation is conducted. This question can be an initial deal killer; if the regulator involved views an investigation as insufficiently thorough, its credibility is undermined. And, of course, it can lead to the dreaded “where else” question.
• Objectivity – Here, the authors write that any “investigation must follow the facts wherever they lead, regardless of the conse­quences. This includes how the findings may impact senior management or other company employees. An investigation seen as lacking objectivity will be viewed by outsiders as inadequate or deficient.” I would add that, in addition to the objectivity requirement in the investigation, the same must be had with the investigators themselves. If a company uses its regular outside counsel, it may be viewed askance, particularly if the client is a high-volume client of the law firm involved, either in dollar amounts or in number of matters handled by the firm.
• Accuracy – As in any part of a best practices anti-corruption compliance program, the three most important things are document, document and document. This means that the factual findings of an investigation must be well supported. For if the developed facts are not well supported, the authors believe that the investigation is “open to collateral attack by skeptical prosecutors and regulators. If that happens, the time and money spent on the internal investigation will have been wasted, because the government will end up conducting its own investigation of the same issues.” This is never good and your company may well lose what little credibility and good will it may have engendered by self-reporting or self-investigating.
• Timeliness – Certainly in the world of FCPA enforcement, an internal investigation should be done quickly. This has become even more necessary with the tight deadlines set under the Dodd-Frank Act whistleblower provisions. But there are other considerations for a public company, such as an impending Securities and Exchange Commission (SEC) quarterly or annual report that may need to be deferred absent a timely resolution of the matter. Lastly, the Department of Justice (DOJ) or SEC may view delaying an investigation as simply a part of document spoliation. So timeliness is crucial.
• Credibility – One of the realities of any FCPA investigation is that a Board-of-Directors-led investigation is reviewed after the fact by not only skeptical third parties but also sometimes years after the initial events and investigation. So not only is there the opportunity for Monday-morning quarterbacking, but quite a bit of post-event analysis. So the authors believe that any Board-of-Directors-led investigation “must be (and must be perceived as) credible as to what was done, how it was done and who did it. Otherwise, the Board’s work will have been for naught.”

To help manage these five issues the authors have seven tangible considerations they suggest that a Board of Directors follow to help make an investigation successful. These seven consideration are listed as follows.

1. Consider whether you need independent outside counsel

The authors stress that the appearance of partiality “undermines the objectivity and credibility of an investigation.” That means you should not use your regular counsel. The authors refer to the Securities and Exchange Commission (SEC) analysis of how independent Board members truly are to explain the need for independent counsel. They state, “the SEC considers the following criteria when determining whether (and how much) to credit self-policing, self-reporting, remediation and cooperation:”

• Did management, the Board or committees consisting solely of outside directors oversee the review?
• Did company employees or outside persons perform the review?
• If outside persons, have they done other work for the company?
• If the review was conducted by outside counsel, had management previously engaged such counsel?
• How long ago was the firm’s last representation of the company?
• How often has the law firm represented the company?
• How much in legal fees has the company paid the firm?

As Andre Agassi might say, “perception is reality.”

2. Consider hiring an experienced “investigator” to lead the internal investigation

Noted internal investigation expert Jim McGrath has written and spoken about the need to utilize specialized counsel in any serious investigation. If a Board is leading an investigation, I would submit that by definition, it is serious. The authors say that your investigation needs to be led by a lawyer with significant experience in conducting internal investigations, a strong background in criminal or SEC enforcement and substantive experience in the particular area of law at issue. These traits are needed so that your designated counsel will think like an investigator, not like an in-house lawyer or civil litigator.

3. Consider the need to retain outside experts

In any FCPA or other anti-corruption investigation, there will be the need for a wider variety of subject matter experts (SMEs) than a compliance professional. The authors correctly recognize that “if there are accounting issues, forensic accountants might be needed. In this day and age, an electronic discovery consultant is often required and can be a cost-effective option for gathering and processing electronic data for review.” These types of investigations will most probably be cross-border as well, and this will require other varieties of expertise. The authors caution, “the lowest bid may not necessarily be the best for a particular investigation. While cost is important, understand the limitations of each consultant and, with input from your investigator, determine which consultant best meets your goals.”

4. Analyze potential conflicts of interest at the outset of and during the investigation

The authors see two types of conflicts of interest that may come to light during an investigation. First is the one which comes up when the law firm or lawyers conducting the investigation are those whose prior legal advice has some bearing on the matters being investigated because a company’s regular outside lawyers represent the company. During an internal investigation, however, the lawyers may be hired by, and represent, the Board or its committee. The second occurs when a lawyer or law firm jointly represents the Board and employees at the company, as regulators have become increasingly concerned with joint representations. Moreover, “the trickier question is what to do when there simply is a risk that representing one client could limit the lawyers’ duties to the other.” So in these situations, joint representation may not be appropriate.

5. Carefully evaluate whistleblower allegations

With the advent of Sarbanes-Oxley (SOX) and Dodd-Frank, whistleblowers have become more important and taking their allegations seriously is paramount. This does not mean trying to find out who the whistleblowers might be to punish or silence them, even if they are located outside the United States and therefore do not have protections under these laws; they can still get hefty bounties. The authors recognize that companies can “run into problems when whistleblower allegations are discounted, if not outright dismissed, especially if the whistleblower has a history of causing trouble or is perceived as incompetent. When this type of whistleblower makes a claim, it is easy to presume ulterior motives.” While such motives might exist, it does not matter one iota when it comes to the investigation, as “regulators are very wary of Boards that do not satisfactorily evaluate a whistleblower’s complaint based on a perception of the whistleblower himself, as opposed to the substance of the complaint.”

6. Request regular updates from outside counsel without limiting the investigation

These types of investigations are long and very costly. They can easily spin out of cost control. But, by trying to manage these costs, a Board might be perceived as placing improper limits on the investigation. The “goal is to strike the right balance between the cost of the investigation and its thoroughness and credibility.” To do so, the authors advise that flexibility is an important ingredient. A Board can begin the project with an agreed-upon initial scope of work and then “revisit the scope of work as the investigation progresses. If conduct is discovered that legitimately calls for expanding the scope of the investigation, then the Board can revisit the issue at that point. Put another way, the scope of what to investigate is not a static, one-time decision. It can, and usually does, evolve.” By seeking regular updates and questioning counsel on what they are doing and why, directors can manage costs while ensuring that the investigation is sufficiently thorough and credible.

7. Consider whether an oral report at the conclusion of the investigation is sufficient

While there may be instances in which, due to complexity and the nature of the allegations involved, a written report is necessary, the authors believe that there may be times when an oral report delivered to a Board is better than a written report, for while “a written report may be easier to follow and appear to be the logical conclusion to an investigation, it is an expensive and time-consuming endeavor, and it comes with great risk.” The authors indicate three reasons for this position.

First, it is much easier to inadvertently waive the attorney-client privilege if a written report is created; additionally, in the wrong hands, such a written report may well create “a roadmap to a plaintiff” in any shareholder action. Second, once those findings and conclusions are written, they may become “set in stone. If later information comes to light that impacts the report’s conclusions, altering the conclusions may undermine the credibility of the entire investigation. So, retaining flexibility to change the findings if further information is later learned is a real advantage of an oral report.” Third, and finally, “it takes time to prepare a well-written and thorough report. When an internal investigation must be conducted quickly, spending time to prepare a written report may not be an efficient use of time.” For all of these reasons, and perhaps others, an oral report presented to the Board and documented in Board meeting minutes may be sufficient.

The authors conclude their piece by stating, “by keeping in mind the issues addressed above, the Board will be better prepared for the investigation and readily able to exercise good judgment throughout the review. A well-conducted investigation by the Board may spare the company further disruption and costs associated with follow-on investigations by the regulators, or at the very least minimize the company’s exposure.” I would only add that by following some of the prescriptions set out by Bayless and Albarrán, your Board might also avoid the fate that befell several well known companies which are now in the middle of very public, multimillion-dollar FCPA investigations. Just as companies need to be prepared for such matters, so should Boards be.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014