In the Spring of 2012 I published a five-part series of on-line articles through Corporate Compliance Insights under the heading of “Incorporating the Fraud Triangle into Compliance Risk Assessments.” While those articles were publicly available, I understand they received a fair degree of attention and were quoted and/or cited by numerous persons doing white-papers or articles where this information was relevant. A friend in the compliance profession recently told me that this series of articles was no longer available publicly/online and asked if I might consider updating/revising that work into one complete article and putting it back out into the public domain – here it is.
It is with great pleasure that I may announce the launching of the website for International Association of Independent Corporate Monitors (IAICM). A not-for-profit Membership Organization established in 2015 and headquartered in Virginia, in the greater Washington DC area, IAICM is an organization of professionals dedicated to educating the public on the topic of Independent Corporate Monitors (“Monitors”) and advancing the use and quality of service of those individuals serving or seeking to serve as Monitors.
The purposes of IAICM are to promote and improve the professional practice of Corporate Monitoring, to be a recognized thought-leader in the field of Corporate Monitoring, to make available information on Corporate Monitoring to the public, and to provide high quality, relevant information, resources and training to professionals and others practicing in the area of Corporate Monitoring.
IAICM’s Code of Professional Conduct is an invaluable resource for standards and best practices for those serving or seeking to serve as a Monitor. Indirectly, the Code also suggests best practices for Reporting Agencies and Host Organizations considering or using Monitors. All Members of IAICM must certify that they will abide by and uphold the IAICM Code, providing both a guide and a performance measuring stick for Host Organizations, Reporting Agencies, and the public-at-large.
The mysteriousness of Corporate Monitoring is enhanced by the difficulty in obtaining information on the topic. A person studying Corporate Monitoring not only must collect information from a wide variety of sources, but may also have great difficulty identifying reliable and relevant sources.
IAICM’s Public Resource Center helps address this by making available to the public the only repository of information on Corporate Monitoring. From key government policy documents to actual Agreements requiring Monitors, the Public Resource Center makes them easy to search and find. Interested in identifying all known Monitorships by a particular agency, underlying misconduct, or during a particular time frame? Our search engine helps visitors not only identify these in our repository, but presents, in one easy-to-read screen, the relevant information and supporting documents for each matter in our repository.
All IAICM Members have qualifications that suggest they possess the breadth and depth of relevant skills, knowledge, and experience, together with reputation of character, to effectively serve as an Independent Corporate Monitor consistent with IAICM’s Code of Professional Conduct. To facilitate the needs of those considering candidates for a Monitorship, finding a speaker on the topic, seeking guidance, or simply doing research, all IAICM Members are publicly listed on this site, along with each Member’s relevant contact and professional information.
I just published a fun little piece that analogizes haunted houses with corporate compliance & ethics programs that is available on the PBMares blog. I hope you will enjoy it and Happy Halloween!!!
It is with great pleasure that I can announce that last month (August 2015), the ABA House of Delegates approved Standards for Corporate Monitors. These “black letter” standards will be published with commentary in ABA Standards for Monitors, 4th ed., ©2015 American Bar Association.
This work originally began with an Ad-Hoc Task Force on Corporate Monitor Standards, that was assembled by the Criminal Justice Section (CJS) of the American Bar Association (ABA) in 2010. In late 2013, after over two years of study on the topic, the Ad-Hoc Task Force was disbanded and a formal Standards Committee designated to develop the Standards. I had the privilege of serving on both the Ad-Hoc Task Force and the Standards Committee, which delivered our product to the CJS in August of 2014. After two readings before the CJS Council, these Standards were passed by the CJS Council in April 2015 and presented to and approved by the ABA House of Delegates in August 2015.
Though they presently lack commentary, they are the only official set of Standards currently applicable to lawyers who serve in the role of an Independent Corporate Monitor. The Standards define a Monitor broadly, as a person or entity:
- Engaged by a Host Organization pursuant to a Court Order or an Agreement and Engagement Letter;
- Who is independent of both the Host Organization and the Government;
- Whose selection is approved by the Government or ordered by a court; and
- Whose responsibilities and authority are established by Court Order or by the terms of the Agreement and the Engagement Letter.
Recognizing that Monitors are used and/or contemplated beyond the DOJ Monitors whom many have come to be familiar with, we drafted these Standards broadly (see the definition within the Standards of “Government”). For instance, the World Bank and Suspension & Debarment Offices have routinely used Monitors for years and we wanted to ensure that our Standards incorporated best practices sufficiently broad so as to include the many Monitorships that occur outside of DOJ. In addition to the issues that have brought public attention/criticism to this practice, such as the selection process for Monitors, we devised and deliberated on a host of other issues affecting the practice and, where it was appropriate, devised Standards to address them.
One of the first steps taken during the Ad-Hoc Task Force’s work, was to open communication channels with a variety of government law and regulatory enforcement agencies, as well as other oversight organizations, who were using or considering the use of Monitors. The purpose was to ensure that the concerns of such agencies and oversight organizations were considered as we developed these Standards. The Standards Committee also included representatives of the DOJ and State AG Offices to further ensure that relevant concerns and issues would be considered.
I am humbled to have been included among such a distinguished group of professionals who comprised our Committee and very proud of the Standards that we created, which I believe to be robust, comprehensive, and thorough. Given how eager the various agencies and oversight organizations were to share their concerns with us, I am certain these Standards will have a significant impact on future Monitorships.
I must caution readers that the “black letter” Standards can, at points, be difficult to fully appreciate absent commentary, which may not be available for quite some time. If anyone has a question about what our Committee was thinking associated with any of the “black letter” Standards, please email me at JHanson@ArtificeForensic or call me at (202) 590-7702 and I would be happy to provide my personal opinions/thoughts (I speak only for myself and not the Committee, ABA, or CJS).
It should also be noted that these Standards only technically apply to attorneys. Many Monitors are not attorneys (myself included). It is hoped that they will nonetheless be broadly construed as “best practices” for anyone serving as a Monitor. Towards those ends, the International Association of Independent Corporate Monitors (IAICM) was formed in 2015. The IAICM is a 501(C)6 not-for-profit Membership organization serving those who practice in this field and is presently developing a Code of Professional Conduct that will establish Standards for its members. The IAICM’s Code, though consistent with the ABA Standards, may cover additional areas and/or delve more deeply into some areas than the Standards. The IAICM Code, together with the Standards, should be more than sufficient to establish best practices for Monitors, regardless of their professional designations/experiences/certifications/licenses.
The IAICM, though legally formed and anticipated by many government and oversight organizations that use Monitors, has not yet made its website publicly accessible – but be on the lookout for it soon!
On September 9, 2015, Deputy Attorney General Sally Quillan Yates issued a memo to all of DOJ regarding individual accountability for corporate wrongdoing. It’s been a heavy issue for years – that executives in companies where frauds or misconduct have occurred don’t seem to get prosecuted – and according to this memo, DOJ formed a “working group of senior attorneys from Department components and the United States Attorney community with significant experience in this area” to examine “how the Department approaches corporate investigations, and identified areas in which it can amend its policies and practices in order to most effectively pursue the individuals responsible for corporate wrongs.” This particular memo was stated as being a product of that working group.
I suppose that many may take this as a long-awaited admission that DOJ wasn’t focusing on individuals enough in corporate fraud matters (criminal and civil). I don’t know that I believe that to be the case, but I do find it refreshing to see greater emphasis placed on holding individuals accountable. Personally, when I was an FBI Agent, I was much more interested in putting people in jail than seeing my cases resolved with a settlement agreement of some sort. We always pursued the people behind the crimes. But like I said, the statistics and data do seem to indicate that some greater emphasis was needed in this area.
I haven’t analyzed the memo yet and may post some thoughts about it after I do so. Though I am guessing that many will be doing so very soon, probably better than I, and I look forward to reading their thoughts. Some of the repercussions that this memo will create are obvious, such as much more intense internal corporate investigations (which the external lawyers, compliance consultants and forensic accountants will welcome), while others are more subtle (e.g. how this will affect disclosures and negotiations).
Anyway, with no further commentary from me, here are the six (6) “key steps” that this memo says will provide guidance to “strengthen our pursuit of individual corporate wrongdoing“:
- In order to qualify for any cooperation credit, corporations must provide to the Department all relevant facts relating to the individuals responsible for the misconduct;
- Criminal and civil corporate investigations should focus on individuals from the inception of the investigation;
- Criminal and civil attorneys handling corporate investigations should be in routine communication with one another;
- Absent extraordinary circumstances or approved departmental policy, the Department will not release culpable individuals from civil or criminal liability when resolving a matter with a corporation;
- Department attorneys should not resolve matters with a corporation without a clear plan to resolve related individual cases, and should memorialize any declinations as to individuals in such cases; and
- Civil attorneys should consistently focus on individuals as well as the company and evaluate whether to bring suit against an individual based on considerations beyond that individual’s ability to pay.
Here’s a copy of the Memo: DOJ Memo – Individual Accountability for Corporate Wrongdoing – Sept 2015 – I suppose it will become referred to eventually as the “Yates Memo”.
One of the primary considerations when contemplating accepting a fraud examination engagement is whether or not the work justifies the costs to our clients. Just like our clients, among the chief purposes of us being in business is to earn money, so we hate to turn away or minimize work. But if we truly strive to best serve our clients and be perceived as trusted advisers, there are times when we need to advise our clients not to hire us (or anyone else) or to more appropriately align the scope of our work with realistic expectations as to outcomes.
It’s not that unusual to get a call from a company that has cause to believe an employee(s) has committed a fraud and where the company is very angry at the betrayal of trust and worried about how big the loss is. That anger and fear can make them very attractive to inexperienced and/or unscrupulous consultants/fraud examiners/accounting firms, many of whom charge premium rates for this type of work. Many times have I heard such prospective clients say “It’s a matter of principle, so I don’t care about the costs! I want to get to the bottom of it and put the [expletives] in jail!”
That feeling about costs passes quickly, particularly after the invoices for your work start coming and there is no insurance to cover the costs and the likelihood of recovering any of the stolen funds is remote. Lets face it, most people who embezzle funds from an employer are not hoarding up what they stole. They spend it. And not on hard assets that may be converted to cash or otherwise benefit our clients. Simply put, it’s usually gone.
As a trusted adviser, when we believe that to be the case and absent some legal, regulatory, or contractual need for the client to conduct a full fraud examination, we are obliged to share our concerns with the client. We need to make the client aware of its risks and set their expectations on the outcome(s) realistically and practically. Where possible, we should devise other ways to help them that provide a reasonable return on their investment for our time and expertise, even if that return is more preventative of future misconduct (e.g. internal control suggestions) and/or just a moral victory (e.g. criminal prosecution) more so than a recovery of misappropriated funds.
In such instances over the many years I have been doing fraud examinations, I have both talked prospective clients out of hiring me for such an examination or into reducing the scope of my examination from that which they initially envisioned. In either case, I never leave them lacking in understanding about why conducting a formal and/or exhaustive fraud investigation was likely not going to achieve the results they desired. I also never leave them empty-handed, in the sense that, for example, I teach them how to do some investigating themselves and/or provide some ideas on internal controls that might prevent the next internal fraud. I rarely charge for that time (it’s usually minimal time and a nice “thanks” is payment enough) and have found the favors are usually returned somewhere down the road, whether by referral, reference, or selling/maintaining other accounting/tax/financial consulting services for that client.
One great example of this is an embezzlement matter that I took on a few years ago for a relatively small business. The employee at issue, whom I will hereafter refer to simply as “Joe,” had been with the business for over a decade, much of which time was spent in nearly complete control over the accounting function(s). There were no internal controls to speak of and Joe not only had the ability to steal in a wide variety of ways (i.e. payroll, accounts payable, credit card usage, false vendors, accounts receivable, cash, etc.), but also had the knowledge, experience, and ability to well conceal such activities within the books and records of the business.
After meeting with the client to gain a full understanding of the matter, their accounting system(s) & controls (or lack thereof), and learn about Joe (family, lifestyle, etc.), I quickly realized that due to the many ways that Joe could have stolen from the business and could have attempted to conceal it, conducting an exhaustive fraud examination designed to uncover the full extent of Joe’s fraud(s) would be extraordinarily expensive, while the likelihood of recovering much, if any of the stolen funds was poor. I suggested to the client that I be retained, through the client’s counsel, as a “consulting expert” rather than a “testifying expert” (which was the client’s original intent), so that I could better leverage any work to the client and otherwise keep its costs for the examination down.
In this particular matter, I quickly recognized that the facts and timing allowed for an interesting and possibly significant cost-savings option for the client – the possibility that I could interview Joe. Joe’s employment had been terminated on a Wednesday for some cause other than fraud (the fraud concerns were not mentioned to Joe when his employment was terminated) and they called me that Thursday afternoon. Following my directions, the client quickly identified and documented about $200K in alleged misappropriations. I spent about thirty hours reviewing and testing the work the company had very quickly done at my suggestion and learning as much as I could about Joe. Early the following week, I called Joe, identified myself, explained my purpose, and asked if he would be willing to let me interview him immediately. The ending result from the consensual interview of Joe was a hand-written confession.
The client had no insurance to cover Joe’s thefts and realized through our discussions that the likelihood of recovering much or any of the stolen funds was remote. More so than recovering their losses (which could not be completely quantified without significant work at great costs), the client’s desired outcome became “justice” and a criminal referral that included a hand-written confession was the ideal solution. The guidance and alternative solution that I proposed and undertook saved the client many tens of thousands of dollars in fraud examination and attorney’s fees and helped ensure that Joe became a current resident of a penal facility. In addition to a restitution order from the criminal prosecution, I believe the client eventually got a civil judgment, but to the best of my knowledge, both were more paper than currency. At least justice didn’t cost them much in this case.
I could have easily talked that client into an exhaustive forensic fraud examination. They initially felt the need for that (it was also recommended by the client’s counsel) and that was why they called me. But I knew that doing that was not in their best interests and I firmly believed that it was my duty to let them know it, even though I fully understood that if they agreed, the fees generated by my work would be many tens of thousands of dollars less. I definitely lost some short-term revenue, but I gained a long-term friend who has many needs that I or my firm can be fully trusted to help them with.
The old adage “look before you leap” finds very sound application in this practice area, and it’s our duty as trusted advisers to not just apply it to ourselves when contemplating accepting a fraud examination engagement, but to help our clients apply it as well.
In November of 2014, I published a paper entitled “Improving Corporate Settlement Agreements” on JDSupra. A few media people and industry experts picked it up and made comments on it – all the ones that I read were positive (thanks guys!).
In that paper, one of the issues that I raised was the lack of compliance and ethics program expertise among government agencies in the field of compliance and ethics programs. For example, while DOJ prosecutors are exceptionally knowledgeable, trained, and experienced in white collar crime matters, I know of very few who can say the same about corporate compliance and ethics programs. Yet it is exactly the robustness and effectiveness of an organization’s compliance and ethics program that dictates if or how the organization will emerge – prosecution, suspension/debarment, settlement, etc….
I would love to say that some DOJ people read that paper and took it to heart, but that’s probably doubtful. Nonetheless, I was thrilled when I saw the announcement that the DOJ FCPA Unit was bringing on a compliance and ethics expert to do exactly what I was saying needs to be done in that regard (I had other criticisms in my paper as well that I would love to see addressed).
It has been reported that in July 2015, the Chief of the Fraud Section at DOJ confirmed that this position/role was being filled. Here’s a link to an article on it. The article stated: “This new compliance counsel position constitutes a significant change for DOJ, which in the past has relied on its cadre of white collar criminal prosecutors to evaluate compliance programs. The compliance counsel will help DOJ answer the recurring issue of whether an FCPA violation occurred because the company lacked an effective anti-corruption compliance program or because a rogue employee circumvented an otherwise strong program. Should DOJ decide to prosecute the company, the compliance counsel’s evaluation of the company’s compliance program will inform the final resolution with the company, including whether the company will be required to retain an independent compliance monitor.”
Kudos to the DOJ FCPA Unit for recognizing this need and doing something about it. I and many others in the field will be anxiously awaiting to see it in action. I also hope we will see this in other DOJ units (e.g. Anti-Trust) – this isn’t just an FCPA issue!
Also, I have seen some non-DOJ units picking up on this need. For example, key decision makers in the Department of Interior’s Office of Inspector General and Suspension & Debarment Offices have become Certified Compliance and Ethics Professionals through the Society of Corporate Compliance and Ethics. I have heard that the same is happening in at least one other Agency’s OIG and S&D offices.
There’s a long road ahead, but it seems people are at least seeing that a road exists.