Few things can strike more fear into the heart of a businessman – including an officer, director, or in-house counsel – than an allegation of criminal or regulatory wrongdoing, whether it arises internally or through a governmental demand for information. While we cannot promise that you will never experience such fear or that no such allegation will ever be proven true (after all, employees are sometimes, regrettably, bad actors), we can help guide you through the process in a way that should minimize the fear, inconvenience, and distraction from your company’s primary business goals.
The following advice is neither cursory nor extremely detailed. Instead, it is offered in the spirit of guidance, in an effort to provoke thinking, planning, questioning, and, where necessary, calls for help from a professional. It is, quintessentially, a businessperson’s guide to an unfamiliar – and, we hope, very rare – process. Let’s start from the beginning.
SEARCH WARRANTS: WHAT TO DO WHEN THE GOVERNMENT COMES KNOCKING (AND WON’T BE TURNED AWAY)
You’re good people. You run a clean business. But there they are, standing in your front lobby, looking like humorless, starched-shirt, trench-coated archetypes from central casting: federal agents, armed with a search warrant, and they want access to your files, now. As Karl Malden famously asked in the old American Express commercial, “What will you do? What will you do?” Never fear; we’re going to tell you.
First and foremost, do not panic. As long as you are polite and professional, while remaining fully cognizant of your legal rights, you will get through this ordeal. Ideally, you will have planned for this eventuality (however remote or ridiculous it may seem), and you will be well-equipped to handle the disruption. Although no two searches are identical, here are a few critical steps that you should always take to protect your rights:
Designate and Alert a “Point of Contact” for All Dealings with the Agents
The first job of the first person to encounter the agents is to alert someone in a position of authority (e.g., in-house counsel, COO, head of security) who can serve as the point of contact (“POC”) for all dealings with the agents. Unless there is an unreasonable delay in securing the POC’s appearance, the agents will generally agree to await his or her arrival before executing the warrant.
Obtain Vital Background Information from the Agents
The POC should immediately request identifying information from the agents, including agency affiliation, badge numbers, and business cards. The POC should also identify the agent in charge and ask that all communications flow through the POC and that agent. The POC should then request a copy of the search warrant and the accompanying affidavit (to which an agent had to swear in order to obtain the warrant from a judge or magistrate). The POC must then read both the warrant and the affidavit in order to determine (a) the authorized scope of the search and (b) the basis for the Government’s belief that it is likely to find “evidence or instrumentalities” of a crime at the company’s offices.
Call Your Lawyer
Once the POC has obtained the foregoing information, he or she should call counsel, whether in-house or outside. At this critical juncture, the company must be concerned with protecting its rights – and those of its personnel – in a criminal investigation. The best way to protect these rights is to call upon counsel with experience in government investigations. During the call, the POC should convey to counsel all of the information gleaned to date and follow any instructions counsel gives.
Although agents will generally decline the request, the POC should ask that the agents await the arrival of counsel before conducting their search. At a minimum, the POC should tell the agents that counsel must be present for any interviews of company personnel and, if asked, should decline any request to “consent” to any search beyond the parameters of the warrant. (If no warrant exists, the POC should not consent to anything.)
Oversee the Agents’ Search
Under no circumstances should the POC, or any company employee, interfere with the execution of the search warrant, lest the Government pursue an “obstruction of justice” charge against the offender. At the same time, though, the POC should attempt to ensure that the agents (a) communicate with the company only through the POC and (b) do not exceed the scope of the warrant. The POC should also designate responsible employees to “shadow” the agents, in order to record in detail what the agents seize and to note any logistical questions the agents might ask (which may provide insight into what items the Government deems most important and/or into why the Government is conducting the search in the first place).
Minimize the Risk of Personnel Problems
Agents will frequently attempt to interview employees while executing a search warrant, often on substantive issues that go to the heart of the Government’s investigation. While the company cannot legally instruct an employee not to speak with the Government, the company can, and should, if possible, (a) dismiss all non-essential employees for the remainder of the day; (b) advise all employees of their right not to speak to the agents; and (c) forbid any employee from speaking with the media about the search. By sending most employees home and barring any media contacts, the company can help prevent nervous employees from making statements that could be used against the company in a criminal prosecution.
Moreover, the company is justified in protecting its employees’ constitutional rights by advising them that (a) they are not obligated to speak with the agents, and (b) they are entitled to have counsel present for any voluntary statements they might choose to make. It is also advisable to tell employees that lying to a federal agent is a federal crime, such that if they choose to speak to an agent, they must be extremely careful to state, truthfully, only what they are certain they know.
Minimize the Risk of Business Disruption
Presumably, your business is an on-going concern, and you’d like to keep it that way. As such, the company must try to avoid giving the agents irreplaceable, original files during the search. Pre-planning makes this task easier, as the company will already have appropriate back-up copies of vital hard copy and electronic documents and will already have segregated privileged materials in special files. If the company has not undertaken such pre-planning, however, the personnel observing the search should (a) make copies of seized documents, if possible; (b) offer the agents copies of computer hardware and software (and, if denied, try to make a back-up copy of anything seized); (c) segregate and designate any possibly privileged materials and alert the agents to the existence of the same; and (d) prepare or obtain a detailed inventory of, and receipt for, all items seized.
Again, the POC who coordinates all of these efforts should ensure that employees do not obstruct the agents and should make it clear to the agents that the company will cooperate fully in the execution of the warrant. At the same time, the POC, and any on-site employees, must be sensitive to waivers of rights, such as attorney-client privilege, customers’ privacy rights, and individuals’ Fifth Amendment rights against self-incrimination. The best way to avoid any waiver is to keep control over interactions with the agents and to involve counsel in the process.
An Ounce of Prevention . . .
Although the foregoing pointers should help any company “survive” an unexpected search warrant, the better course is to prepare in advance for such a scenario. As part of the pre-planning, the company — in conjunction with outside counsel — should:
1. Select and train an appropriate Point of Contact;
2. Ensure 24/7 access to counsel (e.g., via hotlines, cell phones, “telephone trees”);
3. Conduct employee training that covers the critical issues discussed above, including advice on the rights of employees and direction to avoid any media contact; and
4. Establish a document management system that includes duplicates of key materials needed to run the business; back-ups of all computer files; and segregation of privileged materials in special hard copy and electronic files.
Also, keep in mind that the execution of a search warrant is often only one prong of a two-prong strategy, the second of which is an interview blitzkrieg by teams of agents who visit employees at their homes (usually very early in the morning or very late at night). These after-hours visits tend to catch employees totally off-guard and can lead to confused and damaging statements that the Government will later use against the company and/or individual employee (a result that has led us to dub this the “Knock and Squawk” prong of the Government’s strategy). Thus, as part of the company’s proactive planning, it is essential that the company alert employees to this possibility and advise them of their rights to silence and to counsel.
Although many factors affect the likelihood that your company will ever be subjected to a search warrant, no industry is immune. Wherever a crime can occur, whether federal or state, a search warrant could be executed. And because search warrants reflect a court’s judgment that a crime already has occurred, you cannot afford to “assume the best” or to “go it alone.” Instead, you must plan properly, react quickly, and secure legal expertise from those who understand the nuances of search warrants and who can stand as a bulwark between you and the awesome power of government agents. In short, while useful in a pinch, the foregoing crisis management tips are no substitute for careful planning and coordination with your legal counsel.
INTERNAL INVESTIGATIONS: HOW TO ENSURE THAT YOU KNOW MORE THAN THE GOVERNMENT DOES (AND BEFORE IT KNOWS IT)
OK, you survived the search warrant process. Or, let’s say your first inkling that something is amiss in your company is a grand jury subpoena, or a whistleblower action, or merely a serious internal complaint. No matter what the “trigger,” you need to decide whether to investigate the allegations of wrongdoing and, if so, how you will do this without creating more problems than you might already have. And we are not here concerned with what your attorneys will do during any internal investigation, but with what you need to do to ensure the best possible outcome for your business. Let’s start with the basics.
Determine Whether an Internal Investigation is Warranted
If the Government is actively investigating the conduct of your company or its employees, you cannot afford not to investigate. The Government is not inclined to launch investigations willy-nilly. If government investigators are targeting your company, they know something (or at least they think they do), and you must do whatever you can to (a) figure out what they know and (b) counter it.
Let’s say, however, that the trigger is not a government inquiry, but an internal (or non-governmental, external) complaint. Under what circumstances should you launch an internal investigation? First, if you’re a public company, you must consider your fiduciary obligations to your shareholders, including the duties of care and loyalty. In order to survive any challenge to the exercise of management’s “business judgment,” company officers and directors must make informed decisions, based on material information about the potential problem. That’s hard to do in the absence of a thorough, independent investigation of alleged wrongdoing.
Second, the company must consider any relevant disclosure obligations. Although there is no general legal duty to disclose internal problems – including potential violations of the law – the company may have (a) a legal obligation not to conceal a felony; (b) a statutory or regulatory duty to disclose material, adverse information; and/or (c) a desire to disclose wrongdoing in an effort to avoid criminal prosecution and/or to mitigate any penalty resulting from a criminal conviction (a topic that we will address in greater detail in the next section of this Primer).
In short, unless the allegation is wholly trivial – and there is minimal likelihood of any governmental entity ever taking an interest in it – the better course is to undertake the internal investigation.
Decide Who Will Conduct the Investigation
When deciding who should conduct the investigation, the company must understand that the credibility of the process is paramount. Whether the company endeavors to explain the allegations to its employees, to the Government, or to civil litigants, the more independent the investigation, the better.
That is not to say that the company cannot handle the investigation in-house. Among the advantages of having in-house counsel conduct the inquiry are (a) lower cost; (b) superior understanding of the company and its business; and (c) greater on-site availability. Thus, for example, if the alleged wrongdoing does not implicate management, is of moderate dollar value, is of limited duration, is of minor import to the business, and is primarily internal, an in-house investigation may be appropriate.
On the other hand, outside counsel are indispensable for more significant matters. Among other things, outside counsel have more investigative experience, are seen as more independent of the company, are more familiar with the applicable criminal statutes, have greater trial experience, and are more accustomed to dealing with prosecutors. For these reasons, it is rare that a company of any significant size performs in-house investigations in matters of potential criminal significance, though outside counsel should, of course, work closely with in-house counsel (or management) in any such investigation.
The remaining question, then, is what counsel to choose: the company’s regular outside counsel or special investigative counsel. Regular corporate counsel possesses many of the advantages of in-house counsel but may also suffer from many of the same shortcomings with respect to independence and experience. When attempting to strike the proper balance, the company may be best served by interviewing both regular corporate counsel and special investigative counsel on these key issues.
Establish an Appropriate Protocol for the Investigation
The goal of an internal investigation is to uncover the unvarnished truth, while protecting the results of the investigation from third-party disclosure. Thus, the company must establish a protocol that preserves its attorney-client privilege. (Although the company may eventually choose to waive the privilege in the context of pre-indictment negotiations with the Government, we will address that scenario in the next section). In order to achieve these twin goals, the company should begin with four simple steps.First, public companies are well-advised to pass a Board resolution authorizing, and defining the scope of, the internal investigation. (This is indispensable where counsel represents the Board and not the company, itself.) Among other things, the resolution should (a) state that the attorney-client privilege will cover all aspects of the investigation; (b) provide for the retention of expert assistance to counsel; and (c) direct employees to cooperate fully in the investigation.
Second, the company should enter into a written retention agreement with outside counsel. Any such agreement should, at a minimum, (a) identify the specific client; (b) delineate the scope of the investigation; (c) state that the purpose of the investigation is the provision of legal advice to the client; and (d) cover logistical issues, such as outside counsel’s staffing, fees, and expenses.
Third, management should provide employees with notice of the internal investigation. Such notice should, at a minimum, include (a) a discussion of the nature of the inquiry; (b) a statement regarding the need for cooperation with counsel (including, if necessary, an admonition that cooperation is a condition of employment); and (c) directions regarding preservation of the attorney-client privilege, including management’s expectation that employees will keep confidential all communications with counsel.
Fourth, the company must discuss with counsel the law applicable to the attorney-client privilege in the relevant jurisdiction. If the alleged wrongdoing implicates solely federal interests, the Supreme Court’s holding in Upjohn Co. v. United States, 449 U.S. 383 (1981), extends the attorney-client privilege, in essence, to all company employees. Where state action is possible, however – whether by State investigative authorities or in a case where federal jurisdiction is based on the diverse citizenship of the parties – the company and its counsel must take care to comply with state law on privilege, which may be more limited in scope. (In Illinois, for example, the attorney-client privilege extends only to the “control group” of managers in the company.)
Choose How to Memorialize the Results of the Investigation
Once counsel has completed the internal investigation, the company must decide whether it wants the results reported orally or in writing. In this regard, the company must consider several factors. First, the company may have a duty, pursuant to law or regulation, to produce a written report.
Second, depending on the nature of the allegations, the company may want a written report in order to document the basis on which it took, or failed to take, any particular action, in a manner consistent with its fiduciary obligations to its shareholders. The more serious and complex the situation, the greater the potential need for a written report.
Third, the company must discuss with counsel the “discoverability” of a written report, both by the Government and by future civil litigants. If client and counsel determine that production to such a third party is likely, counsel can either report findings orally or produce a “sanitized” written report that focuses on facts and omits specific legal advice.
Fourth, the company should consider whether a written report that provides a pre-packaged presentation for the Board and management, a road map to the company’s defense against a government investigation and/or prosecution, and guidelines for any necessary corrective measures is a net benefit to the business or a possible dagger in the company’s heart in later criminal or civil litigation.
Internal investigations are a fact of modern life for companies of virtually any size. Although such investigations may entail both cost and disruption, companies that understand the issues and prepare effectively can minimize both. The reader is cautioned, however, that lengthy tomes have been written on the subject of internal investigations. As such, the foregoing pointers – critical though they may be – are no substitute for the advice and efforts of competent, experienced legal counsel when it comes to preserving all of the good that your company has worked so hard to achieve.
PRE-INDICTMENT NEGOTIATIONS: HOW TO DODGE THE PROSECUTION BULLET AND GET BACK TO WORK
In response to the advice in the previous section, you reviewed our handy internal investigation checklist and hired counsel to conduct a thorough examination of your company’s conduct, so that you could determine your company’s possible civil and criminal exposure before the Government moved against you. Now comes the hard part: convincing the Government that no matter what you found during that investigation, your company does not merit criminal prosecution.
Unfortunately, you’re fighting this battle in an informational vacuum, because not only will the Government typically not share with you what they “have on you,” but unless you are proactive in your relations with the prosecutors, you may not learn that critical information until a grand jury hands down a criminal indictment against you. Let’s try to level the playing field a bit here, with some practical advice on how your company can manage the trials and tribulations of negotiations with the Government.
Understand Your Status in the Investigation
The first thing that you and your counsel must do when deciding how to deal with the Government is to determine your status in the investigation. If you are a “target” of the investigation, it means that the Government has developed evidence sufficient to suspect that you have committed a crime. If you are a “subject,” it means that your conduct is within the scope of the investigation but that you are not (yet?) a target. If you are neither of the above, you are probably a witness who may possess information of value to the Government’s investigation.
Obviously, your status can have a profound impact on how you interact with prosecutors. If you are a “target” or a “subject,” you must always remember that anything you say may be used against you in a criminal prosecution. If, on the other hand, you are a “mere witness,” you may be more inclined to cooperate, because you want to avoid becoming a target or a subject.
The status issue becomes more complicated when the client is the company itself, as distinct from the officers, directors, and employees who carry on its business. In any government investigation of corporate wrongdoing, the actual culprits are individuals, yet their misconduct may give rise to vicarious corporate criminal liability. This inherent conflict between the interests of the company and those of its employees looms large with respect to status, because a company has no Fifth Amendment right to silence and cannot, therefore, withhold information from the Government on that basis. Individual employees, however, do have that right and can refuse to cooperate in any internal investigation. Thus, even if the company is not a target and wants to cooperate, it must still deal with employees who do not and whose refusal to do so may jeopardize the company’s independent interests.
This scenario also has significant implications for your legal representation, because when there is a conflict between the interests of the company and those of individuals within it, separate legal counsel is vital in order to avoid waiver of the attorney-client privilege and possible disqualification of your chosen counsel. Questions of multiple versus individual representation, common interests, and joint defense agreements are beyond the scope of this section, but they are, nonetheless, issues that you must address with your attorney in order to protect yourself as you weather the Government’s inquisition.
Most companies feel compelled to waive their privilege and to produce internal investigation information to the Government, because (a) the Government expects it, and (b) as suggested earlier, the company may have to sacrifice individual wrongdoers in order to avoid indictment of the company itself. Thus, if your company is a target or subject of a government investigation, you will need to decide early in the process – as quickly as your counsel can get a handle on the nature of the problem – whether your desire to cooperate (and, thus, potentially to avoid indictment) outweighs the risk of providing incriminating evidence to the Government.
In addition, perhaps, to throwing certain employees under the proverbial bus, cooperation has another downside: follow-on civil litigation launched by plaintiffs’ lawyers who piggy-back off of the Government’s investigation. It would be nice if you could provide confidential information to the Government without waiving your privilege, but the law does not currently favor such “limited” or “selective” waiver. First, case law across the country has generally rejected any self-imposed limitations on waiver of the attorney-client privilege and the work product doctrine. Once you choose to waive the privilege and disclose confidential information to the Government, you have usually waived the privilege as to all related subject matter and as to any and all third parties.
Second, the Government has twice failed to enact “limited waiver” provisions into law, both in the context of SEC civil investigations and in the context of the Federal Rules of Evidence, which apply to civil and criminal cases, alike. Somewhat ironically, it was the business community and the white collar defense bar that helped defeat the latter provision, because the possible forced disclosure of privileged information to plaintiffs’ lawyers often represents the company’s strongest argument for resisting production to the Government.
In addition, you may have to disclose privileged information to certain third parties who are assisting your company with respect to the Government’s investigation, including outside auditors and insurance carriers. As a general rule, no privilege attaches to your communications with these entities, so it is critical that you consult with counsel in order to determine what information you can share with such third parties.
Assess the Risks of Meeting with the Government
Even if you and your counsel decide to turn over privileged information in written form – whether raw (e.g., interview notes) or refined (e.g., a final report to the Board of Directors) – you may also feel compelled to meet with the Government in order to plead your case directly. You can do so either through an attorney proffer or through individual proffers. Neither type of proffer is without risk.
First, where attorneys are conveying information to government prosecutors on behalf of the client, the Government may seek to pierce the attorney-client privilege, if the client uses the attorney to provide false information. Martha Stewart learned this lesson the hard way.
Second, while individual proffers usually occur under the terms of a limited use immunity (“Queen for a Day”) letter – whereby the Government cannot use the witness’s statements against her during its case-in-chief – the Government always retains the right to use such statements to (a) conduct further investigation; (b) impeach the witness at trial; (c) rebut at trial any factual assertion or defense that is inconsistent with the witness’s statements; and (d) prosecute the witness for perjury, false statements, and/or obstruction of justice.
Nonetheless, a company seeking to avoid indictment may require certain employees to proffer as a condition of employment, in order to demonstrate the company’s cooperation in the Government’s investigation. And as we have experienced first-hand, even where the client is an individual, a proffer may be the only way to convince the Government of the client’s innocence. Clearly, the decision whether to proffer is one that you cannot afford to make without a soul-searching conversation with your counsel.
Evaluate Your Options for Amnesty or Leniency
In many government investigations, the timing of your cooperation determines the benefit that you may derive from it. For example, the U.S. Department of Justice’s Antitrust Division currently offers amnesty for the first company to self-report violations of the antitrust laws. Subsequent cooperators may receive consideration, but not amnesty.
Likewise, early and full cooperation in any government investigation may inspire leniency on the part of the Government. This leniency can take many forms, from a deferred prosecution agreement (where the company avoids prosecution entirely and is placed on an often onerous form of corporate probation) to plea and sentencing consideration (where the Government drops charges or agrees to a lesser sentence, but cannot offer deferred prosecution, because the wrongdoing was prevalent at high levels of the company).
In sum, you and your counsel must consider the possible salutary effects of cooperation and act in a timely fashion in order to ensure that such benefits are available to you.
In light of space constraints and the business focus of this Primer, the foregoing section merely skims the surface of a very complex issue: whether, when, and how you should cooperate with the Government when your company is implicated in a criminal investigation. While the company may survive a search warrant on its own, and may even decide to run its own internal investigation, there is simply no substitute for seasoned counsel when it comes to making life-or-death cooperation decisions for your company. To put it bluntly, this is no time to cut corners and hope for the best. If an experienced, credible, outside attorney cannot prevent an indictment against your company, nobody can.
COMPLIANCE PROGRAMS: HOW TO MANAGE INVESTIGATORY RISKS PROACTIVELY (AND SAVE YOURSELF TROUBLE DOWN THE ROAD)
By now, you have experienced an invasive government search, a probing internal investigation, and harrowing negotiations with prosecutors. But what if you got a “do-over?” What if you could take steps, proactively, to reduce the odds of these intrusions detracting from your company’s business goals? Knowing the costs – financial, reputational, psychological – that this course of events imposed on your company, would you make a little investment up front that could pay big dividends down the road?
Well, while there’s no magic shield against all outside inquiry, the development and implementation of an effective compliance program can do wonders for protecting your investment in your company, its people, and its reputation in the marketplace. Let us walk you through the “who, what, when, where, how, and why” of such a program, with an eye toward showing you how a savvy investment in risk management can mean great rewards (in costs saved) for your company.
Who Needs a Compliance Program ?
You do. No company – public or private, large or small – is immune from investigation, regulation, litigation, or prosecution when it steps over the line civilly or criminally. Whenever any employee could engage in conduct that might open you up to civil or criminal liability, you are vulnerable, and you should have a compliance program in place. And by “company,” we don’t mean only a corporation, because the same considerations apply to partnerships, associations, trusts, and other legal entities.
What Kind of Compliance Program Must We Implement ?
A good one. Lip service and half-hearted efforts are pointless. Instead, you should start with Chapter 8 of the U.S. Sentencing Guidelines, which lays out the requirements for what the federal government considers an “effective” compliance program to (a) prevent and detect misconduct and (b) promote an “organizational culture that encourages ethical conduct.”
Specifically, the Guidelines require that an organization’s compliance program include (1) written standards of conduct and procedures for running the program; (2) direct involvement by the Board of Directors or other ultimate governing body in the design and implementation of the program; (3) a senior executive to oversee the operations of the program (such as a Chief Compliance Officer, CFO, or General Counsel); (4) measures to ensure that no employee with day-to-day operational responsibility has engaged in illegal activities, or even activities “inconsistent with an effective compliance and ethics program;” (5) routine communication of standards and procedures to all employees, as well as effective employee training programs; (6) internal monitoring, audit, and reporting mechanisms; (7) consistent promotion and enforcement of established standards and policies; and (8) a system to respond to instances of misconduct and to prevent any recurrence, including through modifications to the existing compliance program.
Under the Guidelines, however, merely establishing such a program is not enough. Your company must also periodically evaluate the effectiveness of the program, and it must offer the proper combination of incentives and penalties for ethical and unethical conduct, respectively. Promotion of unethical actors or retaliation against employees who report misconduct are not, for example, hallmarks of an “effective” compliance program.
When Should We Implement Such a Program?
Now. You must be proactive in establishing a compliance program, because the downside of not doing so is too great. Government enforcement activities have been on the rise for a long time, and the criminal penalties for misconduct are rising right along with them. Even setting aside criminal conviction and fines, however, a company accused of breaking the law may face debarment from government contracts, whistleblower actions from its own employees, civil liability from shareholders or allegedly injured third parties, and severe damage to its reputation. It is never too early to design and implement a program whose goal is to encourage ethical behavior and, perhaps more importantly, to keep your company out of the headlines and out of court. Remember, the conduct of a single rogue employee may be imputed to your company, so the sooner you have an effective compliance program in place, the better.
Where Are We Looking to Prevent and Deter Misconduct?
The glib answer is “everywhere,” because any employee and any given operation of your company may present an opportunity for misconduct. The reality, however, is a bit more nuanced. The Guidelines themselves require that your company “periodically assess the risk of criminal conduct.” This is what we, in the business, call a “compliance audit.” It must occur before you establish a compliance program, and it should occur from time to time after the program is in place. Think of a compliance audit as a preemptive internal investigation. Rather than looking at what went wrong retrospectively, you are trying to determine, prospectively, where your greatest risks lie and how you can set up a system to prevent, or at least to detect, problems in those areas.
In undertaking this “audit,” you should focus on the three criteria described in the Guidelines. First, assess the nature and seriousness of potential misconduct. Second, evaluate the likelihood that any particular type of misconduct may occur, given the nature of your business. Third, scan your company’s prior history for clues about where misconduct has occurred, or might occur. For example, depending on the nature of your business, you may need to analyze the risk of misconduct related to the antitrust laws, securities laws, Sarbanes-Oxley, environmental laws, employment laws, regulated industry rules, the False Claims Act, the Foreign Corrupt Practices Act, or various fraud statutes (such as banking, insurance, healthcare, mail, and wire). Only by understanding the legal risks your company faces can you begin to craft a compliance program that will help to prevent and detect the realization of those risks.
How Do We Go About Implementing an Effective Compliance Program ?
There is no one “right” way to implement an effective compliance program, but we can offer a few rules of thumb in this regard. First, you should use internal or external experts to set up a written program that follows the Guidelines. Second, your employee training should be interactive, directly relevant to each employee’s job, and frequent enough that all employees are kept up to date. Third, you need to establish a mechanism for reporting possible misconduct, such as a “hotline” (sometimes staffed by a third-party provider), that protects the reporting employee’s anonymity. Fourth, you need to publish written rules about incentives and punishments. For example, ethical behavior might count on an employee’s annual review, while misconduct would result in immediate termination. In addition, employees in positions posing a high risk of damaging misconduct should undergo background checks.
When developing and implementing a compliance program, you should consider – as the Guidelines do – any applicable government regulations or industry standards, the size of your organization (more is expected of larger entities), and prior instances of misconduct whose recurrence the program should be designed to prevent. Again, the goal here is to tailor the program to the specific risks of misconduct that your company faces, in light of its business environment.
Why Does Our Company Even Need a Compliance Program ?
We’re living in the “Age of Compliance,” where every business entity – no matter what its size, structure, or purpose – must manage specific risks to its continued, successful operation. If it fails to do so, investigation, litigation, regulation, prosecution, legislation, and damage to reputation are all possible outcomes. Of course, the highest goal of a compliance program is to prevent wrongdoing, which has all kinds of benefits for your company. But even if the program only detects misconduct, that still helps you, because the existence of an effective compliance program can play a positive role in criminal charging decisions and can lead to greatly reduced fines, even if your company suffers a criminal conviction.
If the program actually uncovers wrongdoing, your company can curry favor with the Government – and maybe even get amnesty from prosecution – if it is quick to report the wrongdoing. The existence of a compliance program may also prevent the appointment of a government-designated corporate monitor, who would have substantial control over how your company conducts its business for months or years to come.
On the civil side, the program could bolster your company’s litigation defense by showing that the misconduct was against explicit corporate policy and that you had taken all reasonable steps to prevent it. And as much as we hate to say it, these programs can also protect your company from employees who may want to steal from you.
A compliance program is like any other business investment in risk management. You can tailor it to the particular needs of your company, and as long as it meets the criteria of an “effective” program – one that gives you a high degree of confidence that it can prevent, detect, and mitigate the effects of, employee wrongdoing (whether intentional or reckless) – it can save you money, aggravation, and damage to the reputation that you have worked so hard to develop. In the Age of Compliance, penny-wise and pound-foolish is no way to run a business.
We sincerely hope that this Primer has proved both interesting and educational and that you will employ its guidance, should the need ever arise. We also hope, for both your sake and that of your business, that the need never arises. We don’t live in a perfect world, however, so please know that we stand ready, willing, and able to assist you should you have any questions or concerns about any of the topics touched upon in this Primer or if, Heaven forbid, you ever find yourself the target of a government investigation.©2009 Levenfeld Pearlstein, LLC