Considering the Fraud Triangle in Compliance Risk Assessments

In the Spring of 2012 I published a five-part series of on-line articles through Corporate Compliance Insights under the heading of “Incorporating the Fraud Triangle into Compliance Risk Assessments.”  While those articles were publicly available, I understand they received a fair degree of attention and were quoted and/or cited by numerous persons doing white-papers or articles where this information was relevant.  A friend in the compliance profession recently told me that this series of articles was no longer available publicly/online and asked if I might consider updating/revising that work into one complete article and putting it back out into the public domain – here it is.

International Association of Independent Corporate Monitors

It is with great pleasure that I may announce the launching of the website for International Association of Independent Corporate Monitors (IAICM).   A not-for-profit Membership Organization established in 2015 and headquartered in Virginia, in the greater Washington DC area, IAICM is an organization of professionals dedicated to educating the public on the topic of Independent Corporate Monitors (“Monitors”) and advancing the use and quality of service of those individuals serving or seeking to serve as Monitors.

The purposes of IAICM are to promote and improve the professional practice of Corporate Monitoring, to be a recognized thought-leader in the field of Corporate Monitoring, to make available information on Corporate Monitoring to the public, and to provide high quality, relevant information, resources and training to professionals and others practicing in the area of Corporate Monitoring.

IAICM’s Code of Professional Conduct is an invaluable resource for standards and best practices for those serving or seeking to serve as a Monitor.  Indirectly, the Code also suggests best practices for Reporting Agencies and Host Organizations considering or using Monitors.  All Members of IAICM must certify that they will abide by and uphold the IAICM Code, providing both a guide and a performance measuring stick for Host Organizations, Reporting Agencies, and the public-at-large.

The mysteriousness of Corporate Monitoring is enhanced by the difficulty in obtaining information on the topic.  A person studying Corporate Monitoring not only must collect information from a wide variety of sources, but may also have great difficulty identifying reliable and relevant sources.

IAICM’s Public Resource Center helps address this by making available to the public the only repository of information on Corporate Monitoring.  From key government policy documents to actual Agreements requiring Monitors, the Public Resource Center makes them easy to search and find.  Interested in identifying all known Monitorships by a particular agency, underlying misconduct, or during a particular time frame?  Our search engine helps visitors not only identify these in our repository, but presents, in one easy-to-read screen, the relevant information and supporting documents for each matter in our repository.

All IAICM Members have qualifications that suggest they possess the breadth and depth of relevant skills, knowledge, and experience, together with reputation of character, to effectively serve as an Independent Corporate Monitor consistent with IAICM’s Code of Professional Conduct.  To facilitate the needs of those considering candidates for a Monitorship, finding a speaker on the topic, seeking guidance, or simply doing research, all IAICM Members are publicly listed on this site, along with each Member’s relevant contact and professional information.

DOJ Hiring a Compliance Expert

In November of 2014, I published a paper entitled “Improving Corporate Settlement Agreements” on JDSupra.  A few media people and industry experts picked it up and made comments on it – all the ones that I read were positive (thanks guys!).

In that paper, one of the issues that I raised was the lack of compliance and ethics program expertise among government agencies in the field of compliance and ethics programs.  For example, while DOJ prosecutors are exceptionally knowledgeable, trained, and experienced in white collar crime matters, I know of very few who can say the same about corporate compliance and ethics programs.  Yet it is exactly the robustness and effectiveness of an organization’s compliance and ethics program that dictates if or how the organization will emerge – prosecution, suspension/debarment, settlement, etc….

I would love to say that some DOJ people read that paper and took it to heart, but that’s probably doubtful.  Nonetheless, I was thrilled when I saw the announcement that the DOJ FCPA Unit was bringing on a compliance and ethics expert to do exactly what I was saying needs to be done in that regard (I had other criticisms in my paper as well that I would love to see addressed).

It has been reported that in July 2015, the Chief of the Fraud Section at DOJ confirmed that this position/role was being filled.  Here’s a link to an article on it.  The article stated: “This new compliance counsel position constitutes a significant change for DOJ, which in the past has relied on its cadre of white collar criminal prosecutors to evaluate compliance programs. The compliance counsel will help DOJ answer the recurring issue of whether an FCPA violation occurred because the company lacked an effective anti-corruption compliance program or because a rogue employee circumvented an otherwise strong program. Should DOJ decide to prosecute the company, the compliance counsel’s evaluation of the company’s compliance program will inform the final resolution with the company, including whether the company will be required to retain an independent compliance monitor.”

Kudos to the DOJ FCPA Unit for recognizing this need and doing something about it.  I and many others in the field will be anxiously awaiting to see it in action.  I also hope we will see this in other DOJ units (e.g. Anti-Trust) – this isn’t just an FCPA issue!

Also, I have seen some non-DOJ units picking up on this need.  For example, key decision makers in the Department of Interior’s Office of Inspector General and Suspension & Debarment Offices have become Certified Compliance and Ethics Professionals through the Society of Corporate Compliance and Ethics.  I have heard that the same is happening in at least one other Agency’s OIG and S&D offices.

There’s a long road ahead, but it seems people are at least seeing that a road exists.

Thomson Reuters Article on Deferred Prosecution Agreements and Monitors

I was interviewed earlier this year for this third part in a series of articles by Thomson Reuters on DPAs.  If you would like to read it, click here or you can download a pdf copy that Thomson Reuters provided to me: Thomson Reuters Article on DPAs Part 3 – 13Apr2015

Messaging Risks – When IS the Right Time?

There was an awful lot of outrage about the Nationwide commercial drawing attention to home accidents affecting children during the Superbowl this year. It didn’t seem that the outrage was so much directed at the message as much as it was the timing – it was done during a time when people were trying to be entertained, not horrified.

I have four young daughters, so I get that anything that makes me think about their mortality (much less my delinquency or negligence contributing to something that harms them) causes a certain amount of discomfort. A lot of discomfort. But I was with my family watching the game when this commercial aired and I have to say, though it certainly put a temporary damper on our festive spirits, it also caused a moment of reflection. I had forgotten about securing a television set in our home that could fall if one of my kids climbed on it (such a scene was in the commercial).

So I am supposed to be angered that I suffered a brief interruption of my precious and fleeting television entertainment-induced happiness to be reminded that I needed to do something the consequences of which could cause a constant interruption of my happiness for the rest of my life?

When exactly is the time for delivering messages that draw our attention to risks? The argument that this commercial was poorly timed because it interfered with our entertainment is, in my mind, absurd. Television is predominately for entertainment. Therefore, there could be no appropriate time for a commercial like this. Perhaps there are some shows that cater to the melancholic, where “depressing” commercials might resonate better?

The idea behind heightening awareness of risks is to draw the largest amount of attention possible to those risks. In the case of this message, using a Superbowl commercial was sure to reach a heck of a lot more people than some educational/informational show that airs in the middle of the night watched by a couple hundred people.

The public uproar stimulated questions relevant to my professional compliance and consulting work – Are we living in a culture that has no appreciation for hearing about and taking actions to mitigate risks? A culture that actually takes offense when we do?

In business, we need to appreciate, understand and act on risks. Yet compliance and ethics professionals face similar challenges with Boards, Executives, Senior Management and even line employees and/or agents of an organization. Though there is an expectation that these roles know about and deal with risks, it’s not something they particularly care to hear about, particularly in the higher ranks, where it is of great importance and impact. They prefer to discuss financial results, stock performance, mergers & acquisitions, etc. – you know, the REAL and IMPORTANT stuff.

I face a similar challenge when trying to develop proactive compliance and ethics consulting work. Organizations simply don’t want to hear about faint, non-imminent, and “philosophical” dangers that could sink or significantly impair their organization.  Much less do they want to spend a little money to properly deal with it.

Using the Nationwide commercial as an analogy, one might think the risk of an unsecured weapon in the home is minimal because one’s children have been well educated on the risks and, due to their obedience, would not play with the weapon. Perhaps true. But what about the kids who come over to play?

The rationalizations in business are really no different.  I can’t tell you how often I heard victims of a fraud (both when I was an FBI Agent and now as a consultant) tell me something like “But Sally was such a nice and religious lady whose been with us for 15 years – she COULDN’T have stolen from us!  You must have made a mistake.” 

To all the compliance and ethics professionals out there working hard to do the right thing, whose risk messages too often fall on deaf ears, I raise my coffee cup to you. You ever need an ear, my number ain’t hard to find.

New York Times Article Response

As an expert in the field of Corporate Monitors and a passionate advocate of Monitor reform (in the form of Standards and “best practices”), I follow news about Monitors very closely.  An article recently published in the NY Times by Steven M. Davidoff (“In Corporate Monitor, a Well-Paying Job but Unknown Results”) deserves comment by a knowledgeable and experienced person from this field.  Unfortunately, there are many misperceptions about Monitors that mask and hinder from constructive deliberation the real issues that should be highlighted, discussed, and considered for reform in this field.

Among the most prominent of these issues is the Monitor selection and appointment process.  The misperception that has evolved is that this is a “good old boy network” where current DOJ or other government agency officials give “lucrative” contracts to former co-workers or friends.

The reality is that, since 2008/2009, the DOJ has done an effective job of preventing this from happening with Monitors and that the selection process is, as I will explain more fully later, now driven by customary and effective professional service industry business development practices.  The real issues and concern lies within the Monitor selection and approval process of those outside of the DOJ, who utilize Monitors more frequently than the DOJ and are presently significantly more susceptible to nepotism and/or potential abuse.

There are no hard numbers on this, but as one who tracks it as best as I am able, I would estimate that the DOJ accounts for maybe 20% (that is on the high side) of Monitors among all the agencies that use them.  The rest is spread out among other federal law and regulatory enforcement agencies (particularly in the suspension & debarment area), state & local agencies, the Courts, and non-government oversight organizations (i.e. World Bank).  As is often the case, the DOJ may get the most press on the topic, but that’s only because they have the most high profile matters, not the most matters.

After the Zimmer Holdings controversy led to congressional inquiry and threatened law-making in early 2008, DOJ responded with what is commonly referred to as the “Morford Memo,” which is DOJ’s most widely known policy regarding the selection and use of corporate monitors in pre-trial diversion agreements.  That policy was furthered by another, lesser publicly known and/or referenced Criminal Division memo, issued by Lanny Breuer on June 24, 2009 entitled “Selection of Monitors in Criminal Division Matters.”  In both Memos, the pool of candidates for a Monitorship comes from the Company, not the DOJ.

According to several GAO reports ordered by the congressional inquiry, the DOJ was following its policy on Monitors quickly after institution.  For those with interest, I have linked them here: June 2009, November 2009, and December 2009.

Here’s the reality – there is presently no indication of any political favoritism playing any role whatsoever in the selection and appointment process for Monitors in DOJ matters by the DOJ.  None.  To the contrary, DOJ goes to extraordinary lengths, including applying the Morford and Breuer memos more conservatively than they require, to avoid any appearance of favoritism.  To this point, though each memo could be read as to permit the DOJ to take a more active role in determining the Monitor and/or pool of Monitor candidates, the DOJ does not – it instead requires the Company to propose a pool of Monitor candidates and refuses to provide any candidate names, even if asked.

There is a simple and wholly commercial reason why many Monitors come from the ranks of former federal prosecutors.  It is because the white-collar defense attorneys who represent the companies needing Monitors also come mostly from the ranks for former federal prosecutors!  Business development in the white-collar defense world relies on referrals – a Monitorship is simply a business referral.  This is no different than if they represent a company and refer the representation of company individuals to people in their legal network whom they ordinarily make back-and-forth referrals to and believe qualified to do a good job.

In the SAC Capital Advisors matter, there is no indication whatsoever that the DOJ gave a “gift” to the proposed Monitor, Bart Schwartz, a former federal prosecutor, as Davidoff suggests.  It appears that Mr. Schwartz was proposed by the company in accordance with the DOJ policies described and hyperlinked earlier.  Moreover, his approval appeared to be subject to judicial approval as well, adding an additional level of scrutiny and further removing it from DOJ’s ability to “manipulate.”  As it regards Mr. Schwartz, it’s not as though he is fresh out of the government and has no relevant experience in the area.  To the contrary, he is a highly qualified Monitor candidate who left government service decades ago.  Much like with “expert witnesses,” who need not have necessarily been so qualified previously in order to be retained in a matter, many of those proposed as Monitors have never been a Monitor before.  Though this is common, unavoidable, and necessary, it also provides greater opportunity for controversy, disagreement, and discord.  Mr. Schwartz is a very experienced Monitor and likely to avoid such issues and be more effective and efficient than someone lacking Monitor experience.  It is perfectly reasonable to expect that companies would find such persons independent of the government and propose them as Monitor candidates.

Transparency is another issue worth exploring.  If you read the Breuer Memo that I referenced and hyperlinked earlier, you will see that significant documentation should exist within and around the Monitor selection process in the DOJ’s Criminal Division.  I am aware that such documentation is prepared and does exist, but I do not believe that it is something likely to be shared publicly.  I’ve never filed a FOIA request, but I wouldn’t bet on getting those documents if I did so.  I fully appreciate the pros and cons on this issue and would like to see the DOJ explore ways to provide greater transparency in this regard.

Outside of the DOJ, where Monitors are used more commonly and frequently, transparency is largely non-existent.  Many, if not most other agencies that utilize Monitors have little or no written policy around any parts of the process, from selection through reporting.  Much less do they create any documentation during that process that would provide insight into how a particular Monitor was nominated, selected, and/or approved.  The same goes for the Courts (i.e. Judges).

I have noticed a “practice-shift” over the last couple of years where Federal Agencies (outside of DOJ, but perhaps following in DOJ’s footsteps) have begun refusing to provide the names (i.e. more than one – a “pool” of names) of potential Monitor candidates to organizations, even when those organizations request it, for fear of running afoul of “endorsement” prohibitions under 5 C.F.R. §2635.702.  I wrote the US Office of Government Ethics earlier this year asking specifically about the application of any ethical requirements and/or guidance specific to Corporate Monitors, but as one might expect, received no response at all.  I am not an attorney and may well be wrong about this, but I personally do not believe that §2635.702 applies in this context, so long as there is no “private gain” for the relevant government officials.  I would like to see the Government Ethics Office examine this and provide specific guidance as to whether or not a government agency can provide a pool of names of Monitor candidates to a company, particularly when so requested by the company.

Greater transparency and policy/practice documentation is a real issue, particularly as more and more agencies are beginning to appreciate the value of and use Monitors in resolving issues.

Let’s talk fees now.  I seem to always see the word “lucrative” associated with Monitorship agreements in press articles – another broad and inaccurate stereotype born out of the Zimmer Holdings controversy.  Certainly some of the biggest Monitorships cost organizations a sizeable amount, but that is the nature of professional hourly work in complex matters within large organizations.  One could apply the term “lucrative” as well to the fees charged by external defense counsel, subject-matter experts, forensic accountants, information technology consultants, corporate compliance & ethics consultants, e-discovery professionals, document reviewers, marketing professionals, and a whole host of others whom organization’s engage long before a Monitor ever comes into the picture.

For the SAC matter, Davidoff’s suggestion that the Monitor’s fees “will probably run in the millions, if not tens of millions, of dollars” is illogical and wholly out of touch with reality.  This estimate of fees seems to be more of a sensationalistic reference to the Zimmer Holdings matter (which the article brings up later) than to what any reasonable person would expect having read the scope of the “Compliance Consultant” within the SAC Plea Agreement.  Under this Agreement, SAC’s Compliance Consultant will only perform two (2) assessments and file two (2) reports, all done within six (6) months. A third assessment and report may be required, if deemed necessary by the government.

Keep in mind that SAC Capital (now Point72) is not a mammoth organization with thousands of employees all over the world facing a multitude of risk areas.  To the contrary, it appears to me that SAC is now practically nothing in terms of size and will only manage the money of its owner – meaning that the Monitor’s assessments should not be very big or difficult at all, nor will they extend over a lengthy period of years, as is common to many Monitorships.  SAC is hardly a traditional Monitorship and certainly not a large one likely to generate millions of dollars in fees.

Another common question relates to whether or not a Monitor actually has any impact on the organization monitored.  Though I can personally fall back on my own experience as a Monitor to satisfy myself that we do, I can also look to more objective studies that support the real and positive impact of Monitors.  In addition to the GAO reports I linked above, some of which address that question directly with companies that were monitored, one of the best studies that I have seen on the question is a white paper entitled “Can Corporate Monitorships Improve Corporate Compliance?” by Cristie Ford and David Hess (I would love to see them update that paper!).  Short answer – Monitors can and do have an impact, though much of that impact relies on the substance and terms of the underlying Agreements, which really drive the scope, authority, purpose, and role of a Monitor.

Speaking of that, another important and greatly misunderstood issue is the role, authority, purpose, and scope of a Monitor.  Davidoff writes: “He is the ostensible key to ensuring that Point72 will remain on the straight and narrow.  A compliance monitor or consultant is a creation of the last decade. When a corporation accused of wrongdoing agrees to settle the charges or is sentenced to probation, it is often required to pay for a monitor to ensure that it does not break the law again. The corporate monitor is to supervise the compliance procedures of the company as well as beef them up.”

Monitors are not a creation of the last decade.  While there has been an increased visible use of Monitors by the DOJ within the last ten years, Corporate Monitors go back at least two decades.  Also, as previously mentioned, many people mistakenly think that Monitors are only used by the DOJ, which is just the opposite of the reality.

When a company settles a matter, a Monitor is only required around 20% to 30% of the time (even outside of DOJ), certainly not “often,” as Davidoff suggests.  In fact, this percentage has declined within the DOJ since 2008, though it shows signs of increasing, particularly as standards and best practices continue to develop around the field.  Also, there is a developing trend of the DOJ and other government agencies requiring what I call a “hybrid-Monitor,” which is exactly the case with SAC Capital Advisors.  As best as I can tell, though the title used in these Agreements may not even contain the word “Monitor,” the DOJ continues to apply Morford and Breuer principles and process and other agencies still treat the role as they would a “Monitor.”

The purpose and role of a Monitor is largely misunderstood, leading to false and unrealistic expectations.  Davidoff promulgates several scope-related misperceptions that have no basis in reality – such that Monitors are in place to ensure that a company “will remain on the straight and narrow” or that we “ensure that it (the organization) does not break the law again” or that we “supervise the compliance procedures of the company as well as beef them up.”

The purpose and role of a Monitor is to verify an organization’s timely and effective compliance with the Terms of an Agreement.  An Agreement, by the way, that the Monitor had no part in devising.  These Agreement Terms are most frequently associated with an organization’s remediation and improvement efforts in the areas of corporate compliance & ethics programs and internal controls, largely because §8B2.1 of the United States Sentencing Guidelines (“Effective Compliance and Ethics Program”) has made those areas the measuring stick of corporate liability.  As a result, the Monitor’s assessments and scope are often heavily weighted, in accordance with the Terms of the Agreement(s), on corporate compliance and ethics programs.

Because an Agreement is exactly that, an Agreement, the parties could choose and agree to include Terms that provide the Monitor with authorities far exceeding that which I have described as a Monitor’s general purpose and role.  If the parties so choose and agree, they could give the Monitor significant authority beyond merely verification and reporting, such as operational decision-making, contracting approval/disapproval, etc….  This level of authority is extraordinarily rare among all monitorships and presently non-existent among DOJ Agreements requiring a Monitor.

Absent some remarkably unusual Term(s) in an Agreement requiring it of a Monitor, a Monitor’s purpose and role is NOT to ensure that the company “will remain on the straight and narrow” or “ensure that it (the organization) does not break the law again.”  Nobody can do that.  Nobody expects that.

The Terms of the Agreement (not the Monitor) are responsible for ensuring, in principle, that the organization will have a compliance and ethics program that, in accordance with §8B2.1(a)(2) of the US Sentencing Guidelines, “…shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct.”

To recognize and emphasize that all fraud cannot be prevented, §8B2.1(a)(2) continues: “The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.”

The notion that a Monitor can prevent and/or uncover all fraud within an organization, is utterly absurd.  It is so unconscionable that suggesting it defies all common sense.

The real scope issue lies within the Terms of the Agreement(s) underlying the Monitorship, which as noted previously, the Monitor had no part in drafting.  Having been a Monitor and having read every Agreement requiring a Monitor that I can get my eyes on, it is my opinion that most of these Agreements are not constructed sufficiently so as to ensure that the monitored organizations have compliance and ethics programs that adequately comport with §8B2.1 of the US Sentencing Guidelines.  While DOJ’s Agreements have improved drastically in this regard over the last few years, they still too narrowly focus on the underlying issues (i.e. bribery, false claims, insider trading, etc…) and not on the whole compliance and ethics program, which is what §8B2.1 covers.

As a result of this, while a company may significantly improve, for example, its anti-corruption compliance program component under an Agreement with the DOJ, it may utterly fail in other risk areas subject to criminal misconduct and/or abuse.  In other words, DOJ risks missing the forest for the trees by too narrowly focusing on the underlying issues and not on the overall compliance and ethics program, which if designed appropriately and implemented effectively, would address all fraud and compliance risks and better prevent recidivism.  Isn’t that the real spirit of what everyone wants to accomplish?

Additionally, as a compliance and ethics program expert, I feel that in these Agreements (particularly those requiring a Monitor) the DOJ and most other agencies overly focus on compliance program components and not enough on ethics and ethical tone.  The title of §8B2.1 is “Effective Compliance and Ethics Program” (emphasis added) and §8B2.1(a)(2) specifically relates to ethical tone, yet rare is the instance that one of these Agreements obliges a Monitor to assess and report on an organization’s ethical tone!  Ethical tone and compliance programs are symbiotic – one cannot succeed without the other – and the government does not yet seem to have come to a full appreciation of it.

Another issue alluded to in Davidoff’s article related, generally, to the concept(s) of “self-monitoring” and/or government monitoring.  In self-monitoring, the company assesses its own performance against the terms of an Agreement and reports to the government.  Government monitoring is where the relevant government agencies conduct the monitoring.

In my opinion, “self-monitoring” is an oxymoron and cannot be generally relied upon to ensure either effective compliance with the Terms of an Agreement or that the organization establishes a compliance and ethics program that achieves the desired end-results (“spiritual compliance”) of an Agreement.  Though many might think that trust and objectivity are the primary concerns in this regard, I have found that the real problem with self-monitoring is technical competence.  When an organization is left to its own to make these assessments, the in-house people assigned to make and/or review such assessments often simply lack the requisite corporate compliance and ethics industry experience and knowledge necessary, leading to a “check the box” process or attitude that can hinder effective and/or “spiritual compliance” with the Agreement.  This is not to suggest that a Monitor should always be required, only that greater consideration of an organization’s technical competence needs to be incorporated into the decision matrix as to whether or not a Monitor should be utilized.

For example, when an Agreement requires that an organization conduct some type of specific compliance training of employees, the company may genuinely believe it has effectively done so simply because they offered a training session (hence, “check the box”) and therefore report successful compliance with that Term of the Agreement to the government.  What I frequently find, as a Monitor and compliance consultant, is that such training was not effective – meaning that those employees at risk to a compliance issue could not reasonably recognize the relevant compliance and ethics risk(s) or apply the relevant policies within the context of their role(s) (hence my term, “spiritual compliance”).

The same lack of compliance & ethics industry technical competence exists within the ranks of relevant government agencies as well, where it is exacerbated by agency budget/resource issues, making fruitful and effective compliance monitoring by the government unrealistic, if not impossible.   The agencies that have the combination of technical competence and resources are very few (i.e. HHS) and even those utilize Monitors from time to time.

Self-monitoring and/or government monitoring assumes an expertise that is presently uncommon among organizations and government agencies – the whole compliance and ethics industry itself is barely out of its infancy, though it is growing and progressing rapidly.  Monitors fill this void perfectly, often playing the role of teacher and guide to both the organization and government.

I much appreciate Davidoff’s dislike that Monitor reports cannot usually be obtained.  There are many who argue that Monitor reports, as a general rule, should be publicly available, albeit with appropriate redactions, primarily to protect proprietary, sensitive, and/or personal information that such reports might contain.  Also, how willing organizations might be to enter into Agreements where they know a Monitor’s reports will be available to the world could have a very chilling impact on both the willingness to enter into such an Agreement and the degree to which the organization might more openly and fully work with a Monitor towards “spiritual compliance.”

Balancing the obligation for the Monitor to inform (report to) the government against the risks of such information being used or misused by outside interested parties is a very difficult task, whose consequences could easily outweigh the public interest as it concerns access to a Monitor’s reports.  For a more recent general exploration of these issues, I suggest “Minding the Monitor: Disclosure of Corporate Monitor Reports to Third Parties” by Karen Green and Timothy Saunders of Wilmer Hale.

There are a myriad of important issues that still exist around Corporate Monitors that yet need to be pointed out, deliberated, and resolved.  I never even touched on “independence,” which is certainly one of the big ones! As someone who is passionate about and intimately involved in the development of Standards and “best practices” for Monitors, I hope that writings such as this may bring attention to the important and real Corporate Monitor issues, allay misperceptions, and lead to a greater appreciation for Monitors – an extraordinarily effective and largely under-utilized means by which government and/or other oversight bodies can better achieve long-lasting success in resolving corporate misconduct, fraud, waste, and/or abuse.

Litigation Support Roles of Forensic Accountants

When I was an FBI Agent, my job was enigmatic to most people.  Now, as a “forensic accountant,” I find my job is nearly just as mysterious – and misunderstood.  Maybe I should become a plumber!

Forensic accounting has evolved significantly over the last fifteen years and the litigation support roles of forensic accountants have increased and changed dramatically.  Nonetheless, I frequently find that many accountants and attorneys still pigeonhole forensic accountants under the classical role/definition, which is primarily associated with providing expert testimony about technical accounting issues in disputes.  While that is still a viable, common, and valuable role, many accountants may not be taking advantage of additional service opportunities and many attorneys may not fully appreciate all the ways and how much an experienced forensic accountant can serve and help them.

Before I share some of these forensic accounting roles, it is best to differentiate a “testifying expert” (i.e. “expert witness”) from a “consulting expert.”  A testifying expert, as the title implies, is generally used in the context of a legal dispute to prepare a formal report and provide expert testimony regarding a particular topic relevant to the dispute.  All of the work of a testifying expert is focused towards testimony, and therefore follows a prescribed set of rules and standards designed to ensure fairness, completeness, legal & procedural compliance, etc….

A “consulting expert” is not primarily associated with providing testimony (though sometimes the role converts to “testifying expert” during the process) and works only within a framework of broad and general rules and standards, much less defined and stringent than those applicable to testifying experts.  Instead of focusing on a narrow area for the purpose of testifying, the consulting expert assists counsel by providing expertise in various and relevant areas that enable counsel to better represent, serve, and advise its client(s).

In the field of forensic accounting, the consulting expert role has become commonplace, though still largely underutilized.  Some of the most effective attorneys have come to appreciate all the ways in which an experienced forensic accountant can assist them and routinely incorporate forensic accountants into all of their white-collar defense work (corporate and personal) and even in many civil litigation matters.

For some of these attorneys, forensic accountants have become their “secret weapon.”  In some respects, forensic accountants may be the “best kept secret” in the litigation support world.

In this post, I hope to let the secret out by sharing some of the litigation support roles that forensic accountants have come to play.  This may be helpful, not just to attorneys who rely on litigation support professionals but have not yet been exposed to the range and variety of ways that forensic accountants can support and help them, but also for those accountants contemplating a career in forensic accounting or current accountants looking to build or expand their litigation support practices and/or service offerings.

It’s easiest to start with the most obvious.  Most forensic accountants are also Certified Public Accountants (CPAs), who have significant training and experience with accounting principles, methodologies, procedures, standards, and rules.   In many litigation matters, particularly those where fraud is a concern, counsel must consider and understand the accounting of its client.  Clearly, in situations where there are allegations and/or concerns of financial statement or accounting fraud, such expertise has very significant and direct relevance.

Accounting is also highly and directly relevant in matters where any alleged underlying misconduct had an impact on the financial statements of an organization, such as is commonly seen in government contracting, securities fraud, money laundering, and anti-corruption matters, among others.  Accounting may also be important in a variety of related ways, from calculating disgorgement to determining loss under the United States Sentencing Guidelines.

In reality, accounting is important in any fraud matter because accounting is a record of ALL activities (which translate into numbers as “transactions”) of an organization. The organization’s accounting cannot help but be impacted by any inappropriate and/or illegal activities within or by the organization.  A good forensic accountant can help counsel understand and appreciate that impact and put it into the context of the relevant laws and regulations.

Internal Controls
Probably the next most obvious area in which forensic accountants can provide significant litigation support value relates to internal controls, particularly, though not necessarily limited to, those around accounting functions.

All organizations have internal controls, even if some smaller organizations aren’t particularly conscious of and/or appreciate it.  Very simplistically, from a purely classical accounting perspective, such internal controls are largely in place to help ensure accurate accounting.  However, in fulfilling that objective, internal controls have evolved into the primary means by which an organization attempts to prevent and/or detect fraud.

Internal controls do not come in “one size fits all.”  Aside from where particular internal controls are necessary under regulatory or other requirements, the level of and effectiveness of internal controls is largely dependent on a variety of factors, including, but not limited to, the organization’s size, resources, industry, accounting system(s), and risk(s).  In many respects, risk(s), plays a key and greatly underappreciated role.  Internal controls must be risk-based, not only to maximize its effectiveness, but also to do so at a cost that is reasonable and bearable to an organization.

There are two primary internal control assessments that a forensic accountant would ordinarily conduct: (1) design and (2) effectiveness.  The design assessment is meant to assess the design of the overall internal controls structure.  This takes into consideration not only any specific regulatory/industry requirements and “best practices” as to design and structure (i.e. personnel responsibilities, reporting, independence, etc.), but also incorporates the organization’s risks and other factors, as was noted above.

An effectiveness assessment is meant to determine how effective the organization’s internal controls are in practice and is much more time intensive than a design assessment.  An experienced forensic accountant will incorporate into each internal controls effectiveness assessment ways that the internal controls might be circumvented and perform tests to determine how effective the controls are in preventing it.

It should be noted that a very experienced forensic accountant can often determine possible ways that internal controls could be circumvented that those not deeply experienced in fraud matters, including many of those who commit and/or contemplate fraud, would not have imagined.  The best forensic accountants not only have significant experience to aid them in these assessments, but also are highly creative in devising means by which circumventions may occur so as to cover the full range of possibilities.  The forensic accountant can then, if necessary, “reverse engineer” the internal controls to better prevent circumvention or identify instances where circumventions occurred.

One interesting phenomenon of internal controls is the affect of “over control.”  Some organizations, in an abundance of fear and caution, place so many internal controls around some functions so as to make a person’s ability to perform that function greatly difficult and/or time consuming.  While well intended, my experience has found that such over control often leads to employee discontent, causing them, with no ill intent, to devise creative ways to “work-around” the controls in order to perform their job functions.   Not only does this cause a control failure in and of itself, but it also plants the seeds feeding the perception that controls are not that important, which can blossom into a serious and systematic ethical tone problem.  A good forensic accountant can identify over controls and provide guidance to an organization about how to find an appropriate balance.

In instances of alleged misconduct and/or fraud, internal controls, or the lack thereof, will have necessarily played some role.  Forensic accountants can help counsel understand how effective internal controls were and are in preventing and/or detecting fraud.  As is frequently the case, forensic accountants can also help counsel understand how internal controls may have been circumvented.  Very experienced forensic accountants also recognize and understand government expectations about internal controls and how they fit within the context of prosecutorial and/or regulatory resolutions and can assist counsel with demonstrating those instances where internal controls were strong and successful – where they worked.  Such positive demonstrations of effective internal controls can have a significant impact on government decisions.

Where internal controls were not well designed and/or effective, the expertise of a forensic accountant can be invaluable in providing counsel with the information needed to best advise and guide the organization about how to improve/strengthen those internal controls.  As counsel is keenly aware, robust and timely remedial measures can be a highly favorable factor when discussing and/or negotiating resolutions with the government.

Corporate Compliance and Ethics Programs
§8B2.1 of the United States Sentencing Guidelines (“Effective Compliance and Ethics Program”) is widely recognized as the foundation and measuring stick for corporate liability, both criminally and generally (i.e. suspension & debarment matters).  This is evidenced by various policies and procedures, as well as informal guidance, used and/or publicly communicated by various government agencies (i.e. United States Attorneys’ Manual, FAR, SEC Enforcement Manual & Seaboard Report, etc…).  Ultimately, the design and effectiveness of an organization’s corporate compliance and ethics program plays a central and key role in the reporting and resolution of all matters involving corporate fraud and/or misconduct.

One of the key elements of an effective compliance and ethics program under §8B2.1 is the inclusion of monitoring and auditing to detect criminal conduct (§8B2.1(b)(5)(A)).  Forensic accountants, as was previously noted regarding “internal controls,” are perfectly suited to this task.  Moreover, an experienced forensic accountant can place the organization’s efforts in monitoring and detecting criminal conduct into the context of §8B2.1(b)(5)(A) and the underlying alleged misconduct.

Some experienced forensic accountants, having recognized the importance and role of compliance and ethics programs in corporate internal investigations, have taken the time to become experts in this field, which is not a traditional “accounting” field.  They have joined organizations such as the Society of Corporate Compliance and Ethics (SCCE) and/or the Ethics and Compliance Officers Association (ECOA), which, as leaders in the industry of corporate compliance and ethics programs, provide these forensic accountants with access to publications, resource materials, training and networking opportunities that improve and/or hone the forensic accountants ability to better assist counsel in these key areas.

The SCCE offers a formal “certification” as a Certified Compliance and Ethics Professional, which is presently the preeminent credential for those in the compliance and ethics industry, requiring not only the passing of a thorough, formal, and proctored exam, but on-going continuing education of at least twenty (20) hours of professional education annually.  Forensic accountants looking to expand services in these areas should seriously look into credentials in this field (as many have done with valuations, etc.).

Similar to the previously described expert assistance that a forensic accountant can provide counsel on internal controls, forensic accountants who are also experts on corporate compliance and ethics programs provide significant assistance to counsel in assessing, understanding, and remediating overall corporate compliance and ethics programs.  Moreover, such a forensic accountant can help counsel understand and articulate the successes and failings of such programs in the context of all of §8B2.1, both in preventing & detecting misconduct and fraud generally, as well as its relevance to the specific underlying alleged misconduct.

As experienced counsel is well aware, this is a central consideration of the government in its considerations and negotiations regarding punishment and/or what it will require of the organization.

Government Mentality & Counsel Liability
Some of the best forensic accountants often come from the ranks of law enforcement.  This background enables such forensic accountants to plan and conduct their work not only with more credibility to the government, but with a greater grasp of the government’s concerns, investigative techniques/tools, and mentality.  Additionally, such experience enables such a forensic accountant to better avoid actions that, as an “agent” of counsel, might be adverse to counsel’s ethical obligations and standards of practice.

Where a forensic accountant does not have such law enforcement experience, they may gain a degree of relevant fraud understanding, training and knowledge through the Association of Certified Fraud Examiners (ACFE).  The ACFE is the oldest and most established and reputed organization serving this field, providing accountants and others interested in fraud examinations with resource materials, training, publications, and a peer network that better enables them to effectively assist counsel and avoid issues.  The ACFE also offers a credential, the Certified Fraud Examiner (CFE), that requires the passing of a test and on-going relevant continuing education requirements.

In those instances where counsel does not have prosecutorial experience, a forensic accountant’s law enforcement experience may be invaluable, affecting counsel’s actions and guidance to the organization significantly, as well as counsel’s negotiations with government agencies.  Such a forensic accountant’s experience may also enable him or her to help counsel avoid ethical and/or standards of practice pitfalls.

Where counsel has former prosecutorial experience, a forensic accountant’s law enforcement experience supplements counsel’s experience.  In the same way that, for example, an Assistant United States Attorney (AUSA) and Office of Inspector General Special Agent coordinate and work together on matters, such a forensic accountant works with an organization’s counsel to assure the best possible uncovering of relevant facts & evidence and determine and articulate the arguments/defenses/strategies most relevant and effective towards defending the organization and/or negotiating reasonable settlement terms.  The dynamic, trust, and roles that make an AUSA/Agent team formidable and effective inside the government transition to and work to the same affect for those who have left the government for the private sector.

A forensic accountant’s prior law enforcement experience can significantly assist counsel in, among other ways:

  • Understanding relevant law enforcement policies & procedures and identifying the government’s compliance (or lack thereof) with such policies & procedures;
  • Identifying and calculating the impact of United States Sentencing Guidelines considerations and enhancements;
  • Identifying likely and relevant government investigative techniques (i.e. cooperating witnesses, Title IIIs (“wiretaps”), informants, surveillance, trash covers, search warrants, etc…) consistent with the government’s likely prosecutorial strategies/arguments and history;
  • Negotiating more efficient and relevant subpoena responses and returns;
  • Identifying possible Brady, Jencks and/or Giglio material(s)/evidence;
  • Negotiating the return of records seized by the government;
  • Identifying experts in areas of relevance to counsel’s arguments and/or in anticipation of the government’s allegations;
  • Identifying likely key evidence to be offered by the government and its role and impact on the government’s prosecutorial/regulatory strategy;
  • Determining, in matters involving suspension and debarment, compliance and internal control measures relevant to a government contractor’s “present responsibility” obligations/requirements under the FAR;
  • Identifying relevant mitigating circumstances/evidence and;
  • Identifying relevant and key system weaknesses/failures and providing counsel and the organization guidance and assistance towards timely designing and implementing effective and reasonable remedial measures.

Though it is an intangible, counsel is also keenly aware of the importance of counsel’s credibility with the relevant government agencies with whom it interacts during the course of representing an organization in an internal investigation or self-disclosure of misconduct.  The more credible counsel is in the eyes of the government, the greater the likelihood for smooth exchanges of information, less operational disruption on the organization, and even a more favorable outcome for the organization.

Though there are many other factors that contribute to government credibility, most of which must be earned, counsel who once served in government enforcement roles (i.e. AUSAs) often have a “credibility advantage” at the outset of interactions with the government.   Though this is certainly not always the case, current government enforcement persons may tend to initially more trust former government enforcement persons than those with no such experience.

Those in government enforcement roles swear an oath to support and defend the constitution of the United States upon taking office and, during their government tenure, share a sense of purpose, duty, and justice that goes beyond mere job duties and responsibilities.  In the FBI, we liked to say that our profession was more akin to a “calling” than a “career,” more similar in nature to that of a Priest than an employee.

It has been my experience and I like to believe that most who take this oath take it not only seriously, but also carry its values beyond their government service.  Right or wrong and however much one may attempt to justify and/or condemn it, this is a reality – it is human nature.   The bonds formed through a shared oath tend to go beyond that of a contract, employment or otherwise.

This credibility is not only important for counsel, but for the forensic accountants and other litigation support professionals who work with and for counsel in internal corporate investigations.  Forensic accountants with prior law enforcement experience may have a higher degree of initial credibility with government enforcement personnel, particularly those in law enforcement, than those without such experience.  This intangible may play a significant role in bolstering the credibility of counsel with former government experience or even help create credibility for counsel who may not have yet earned it.

One example of this intangible benefit is when counsel meets with the government in the early stages of government interactions, whether through a voluntary disclosure or, in matters where the organization was not yet aware of the issue, at the request of the government.   In many instances, the organization’s counsel will not only meet with government attorneys, but also with government investigators.  The presence of a team of persons (counsel and forensic accountant) with credibility in the eyes of both the government attorneys and investigators can set a more positive and “friendly” tone that may carry throughout the entire matter.  This can save not only extensive “heartache” for the organization, but costs.

Whether it is a government investigation or an independent internal corporate investigation, the primary investigative tool is interviews.  As an FBI Agent, I would estimate that of the various tools and techniques available to me in investigating white-collar crime (i.e. “fraud”), interviews accounted for between eighty and ninety percent (80% – 90%) of my time in each matter.  Because of the reliance on interviews in any investigation, it is of utmost importance that interviews be conducted thoroughly, fairly, and competently.

Investigative interviewing is as much an art as it is a science.  The science can be learned through training, reading, and study, but the art is only learned through mentorship, combined with extensive and relevant application.  Forensic accountants with a law enforcement background will have had significant opportunities to learn and develop both the science and art of investigative interviewing.

For those forensic accountants without the benefit of law enforcement experience, interview training can be gained through a variety of reputable companies and/or organizations, including the ACFE.  Such training covers relevant areas such as, but not limited to, legal requirements/pitfalls, rapport building, witness calibration, detecting deception (i.e. cluster changes, non-verbal cues of anxiety, reading body language, etc), evidence taking, and report writing.  The best investigative interview training incorporates adult-based learning theories, including hypothetical situations, videos of actual interviews, and role-playing, so as to be most effective.  While such training is invaluable and a must for accountants seeking to move into forensic accounting, it remains very difficult for accountants in general to find sufficient opportunities to apply this training in practice outside of law enforcement – that is to develop and hone the “art” of investigative interviewing.

Many attorneys have developed highly effective investigative interviewing styles, but such effectiveness could be enhanced dramatically by utilizing in their internal investigations forensic accountants with significant training and experience in investigative interviewing.  Though there are attorneys who, over many years and a variety of practice experience, have become highly skilled interviewers, there are many more whose skills are still in development.

A deposition is a form of interview, but it is greatly different in purpose, strategy, and form than investigative interviews used in most internal corporate investigations.  Deposition skills may provide a good beginning foundation for investigative interviewing, but must be supplemented with additional and specific investigative interviewing training and significant non-deposition, investigative interviewing experience to be most effective in the context of internal investigations.

Because interviews play such a significant, central, and key role in government investigations, forensic accountants with prior law enforcement experience are highly likely to have mastered investigative interviewing.  FBI Agents, for example, go through exhaustive training on the science of interviewing, which they begin to see applied when paired with a mentor (“training Agent”) as they begin their career.   Throughout an FBI Agent’s career, they may conduct thousands of investigative interviews, through which they are afforded the opportunity to perfect and hone their styles and investigative interviewing effectiveness.  An Agent’s investigative interviewing training also continues throughout their career, with innumerable “in-services” and other opportunities to learn about the latest science and legal issues relevant to investigative interviews.

Accountants desiring to most effectively and successfully move into forensic accounting may consider devoting some part of their early career to law enforcement or try to obtain a part-time role whereby they gain some relevant law enforcement experience (i.e. reserve status with local law enforcement).  After leaving the FBI for the private sector, I have on many occasions experienced situations where, when working with highly experienced counsel or forensic accountants without law enforcement experience, the investigative interviewing experience and abilities that I gained as an FBI Agent far exceeded their expectations, resulting in more effective and efficient client service and outcomes.

In one such instance, on an internal corruption investigation, I was working with a forensic accountant with no law enforcement experience, but about twenty (20) years of private sector experience.  In my preparation for an interview, I found information that led me to believe that the person to be interviewed was highly likely to have key information.  As the other forensic accountant and I prepared for the interview, I shared with him my thoughts and devised an interview strategy that I believed might garner the cooperation of the interviewee, if he were not so inclined.

As the interview unfolded and the interviewee’s lack of cooperation and lying was apparent to me, I began to apply my strategy, which was utterly foreign (outside of reading about it) to my career forensic accounting partner.  The strategy worked and the information provided helped make our internal investigation continue more effectively – and efficiently.  Without this cooperation, we could have expended hundreds of more hours to otherwise independently develop the same information, if at all.

Counsel for an organization, particularly those without significant investigative interviewing training and experience, will not only directly benefit in the conduct of the investigation at hand by utilizing such an experienced interviewer, but will also receive mentoring in that process that may greatly benefit their own investigative interviewing style and effectiveness in future matters.

The role(s) of a forensic accountant have changed dramatically over the last fifteen years and it remains a rewarding and growing litigation support practice area.

From its origins as a testifying “expert” witness on technical accounting matters to consulting expert assisting counsel in a variety of key areas, many not accounting related, in internal corporate investigations, forensic accountants have become among the best kept secrets of the most effective and successful white collar defense attorneys.

Though many other forensic accountants have likely had the same experience, it is illustrative and relevant to summarize by sharing comments from an attorney with a relatively small regional law firm whom I worked with a couple of years ago on a civil litigation matter.  She had worked with local “forensic accountants” for most of her over twenty years as a lawyer, but never had she worked with one who had such an impact on so many “non-accounting” areas relevant to her case, including her entire case strategy.

Beginning during our first meeting, we shared ideas that immediately impacted her litigation strategy.  Over the course of the matter, from among nearly a hundred thousand un-indexed data files and accounting records, we pieced together compelling circumstantial evidence of a significant and deeply hidden fraud and put it into not only what she called a “bullet-proof” report, but into the context of her legal arguments and strategy.  She believed that our work effectively forced the opposing party to settle favorably for her client.  Simply put, she didn’t know forensic accountants could do that.
We can and we do.

Compliance Based Investing

Usually when one thinks about investing in compliance, it is in the context of an organization investing its efforts and resources into its Compliance and Ethics Program (hereafter “Program”).  But that’s not what I’m talking about.

For a long time now, some investors have considered religious, social and/or political stances or actions of organizations when making investment decisions.  It should come as no surprise that the next evolution of “responsible investing” may well be focused on an organization’s Program.

As an expert who routinely assesses such Programs, often due to potentially catastrophic compliance or ethics failings, I greatly appreciate the degree to which a robust and effective Program reduces corporate liability/risk.  In my mind, less risk of corporate liability/penalty (i.e. suspension/debarment, prosecution, de-listing, etc.) = less investment risk.

In 2012, I began incorporating Program design assessments into my personal investment considerations.  It is not without its challenges, as many publicly traded organizations do not make a great deal of information about their Program publicly available.  Moreover, even when a fair amount of information is publicly available, it may only be sufficient to assess the design of the Program and not whether or not the Program has been effectively implemented within an organization.

For those not familiar with such assessment, a “design” assessment is intended to determine the degree to which a Program’s design comports with compliance & ethics industry standards and the United States Sentencing Guidelines (Section §8B2.1 – “Effective Compliance and Ethics Program”).  An “implementation” assessment is intended to determine how effectively the Program is, among other things, overseen, managed, communicated and implemented within an organization.

When I am not able to find any information about a publicly traded organization’s Program on an organization’s website, I immediately disqualify that organization for any further investment consideration.  In my mind, such a glaring lack of regard for compliance and ethics speaks volumes as to ethical tone and risk management, among other things.

For those publicly traded companies that make available some information about its Program, the next hurdle relates to whether or not it is sufficient to allow even a rudimentary Program design assessment.  Where the amount of and type of information falls just short of that necessary to piece together some idea as to how well the Program is designed, I have found that an email to the investor relations contact and/or General Counsel may result in more information.  The response to such a request alone tells me much about the organization’s regard for a Program’s importance.

Where a company makes a great deal of information about its Program publicly available, regardless of the results of my design assessment, I at least take some comfort in seeing that the organization appears to take compliance and ethics seriously.  For a few of these companies where I felt the Programs fell a little short in terms of design, I nonetheless elected to invest in those organizations as they appeared to be on the right compliance and ethics path.

It will be interesting to see if this becomes a more commonly applied piece of analysis for other investors.  There is no data that I am aware of that has been compiled to reflect any correlation between stock price and compliance & ethics programs, but it sure would be interesting to see!

One thing is certain.  If your company has a good compliance program, let people know about it.

Incorporating the “Fraud Triangle” into Compliance Risk Assessments

In my Corporate Compliance Insights column, I have run a series of articles discussing how Compliance and Ethics Professionals might incorporate the Fraud Triangle into their Annual Compliance Risk Assessment(s).  Though I cannot re-print the articles here, below are summaries of each with a link to each respective piece in the series.

This is a fascinating subject for mixed compliance and fraud professionals like myself. Incorporating the factors of the Fraud Triangle into compliance related areas has been very effective for me in the compliance and Independent Corporate Monitor work that I do.  Feedback has been very positive on this series and I hope that the articles may provide you with some practical ideas that will help you improve the effectiveness of your own Compliance & Ethics Programs.

The first in the series is an Overview of the Fraud Triangle, which introduces the theory and sets the stage for the articles to follow.  It also defines and distinguishes “Occupational Fraud” from “Predatory Fraud.”  Though the Fraud Triangle was developed by a criminologist and concerned criminal acts associated with fraud, I have found that the concepts also apply to less than fraud-related criminal actions, such as violating a compliance policy or acting unethically in the course of an occupation.

The next article in the series explores the “Opportunity” factor of the Fraud Triangle, which relates to one’s ability to commit fraud, violate a compliance policy or act unethically, and is affected by such things as, among others, internal controls, knowledge & training, authority, and experience.

Part 3 of the series examines the “Rationalization” factor of the Fraud Triangle, which relates to a person’s ability to internally justify/rationalize their unethical, wrongful or criminal actions.  This is often affected not only by a person’s individual moral standards, but also by the ethical tone within an organization and the person’s perception(s) about the fairness and equality of rewards and punishments for actions and behavior.

The next in the series looks at the “Motivation” factor of the Fraud Triangle, which generally relates to an “unshareable need” that arises within a person’s life.  This is the one factor of the Fraud Triangle that an organization has the least control over, as well as the most difficult one to be assessed.  This “unshareable need” is a personal need that can arise from a broad range of things, ranging from common and ordinary life issues (i.e. a divorce) to those that are more nefarious (i.e. drug addiction).  As this need increases within a person’s life, so to does the risk of that person taking actions contrary to an organization’s Code of Ethics and/or Compliance Policies.  To help illustrate this, I included in this article some very interesting and real-life examples that I have encountered over the course of my 20 plus years of fraud investigations experience, including many from my service as an FBI Agent.

The final in the series examines the “Perception Factor”.  This is technically not a part of the Fraud Triangle and concerns the perception by an individual regarding whether or not they will get caught if they violate a compliance policy, act unethically or commit a fraud.  I have found that this can be an overriding factor in a person’s decision whether or not to violate a compliance policy, act unethically or commit a fraud, even when the three factors of the Fraud Triangle are at a high risk.

FCPA Settlement Agreements, Monitors and Self-Monitoring

There has been a slightly less frequent requirement by the DOJ for Independent Corporate Monitors (“Monitors”) in FCPA-based settlement agreements during 2011.  Counts may vary a little due to timing, but there have been about seven (7) such settlement agreements during the first half of 2011, of which two (2) required Monitors and three (3) required some form of “self-reporting.”  Previously, Monitors had been required, on average, in a little more than forty percent (40%) of FCPA-based settlement agreements, a fair amount more than the twenty-eight percent (28%) average for the first half of 2011.

What is behind this apparent trend and does it have anything to do with concerns that have been raised over the last few years about the costs and scope of Monitors?  Does it signal a broader “policy” shift within DOJ and/or outside of just FCPA matters?

What should be considered by government agencies when contemplating whether or not to allow an organization to self-monitor their compliance with the terms of a settlement agreement?

If one looks at DOJ’s written policies on the topic and public statements by DOJ officials, such a change is clearly not “official policy” in general, nor is it just for FCPA matters.  Also, while costs of a Monitor are certainly among the many factors considered by all parties, there is nothing to indicate costs are a key consideration by DOJ in determining whether or not to require a Monitor at all, much less a factor in this trend.

As a Monitor and one who tracks the use of Monitors intensely and very broadly, I am absolutely confident in saying that the use of Monitors is universally (FCPA being an exception thus far in 2011) increasing, not decreasing.  Not only among more regulatory and enforcement agencies at all levels of government within the United States, but abroad.  Without articulating and referencing all the support behind this assertion (just look at previous issues of “The Monitor” to see the broad use and requirement of Monitors), I think we can dispel any notion that this apparent trend in FCPA-based matters has any broader implications, both in and outside of DOJ. Accordingly, I would like to explore why this trend may be happening within DOJ FCPA-based settlement agreements.

From my reviews of the underlying settlement agreements in the older and more recent FCPA matters, both where a Monitor was and was not required, there seem to be three key things that have happened and are continuing to happen that I believe explain this trend.  The cost of a Monitor is definitely not one of them and never should be.

Expertise of Counsel
First, outside counsel for the firms involved in FCPA matters have gotten really good.  Not only have they gained an abundance of experience in such matters because of the sheer volume of DOJ FCPA investigations that have taken and are taking place, but they now have a plethora of settlement agreements available that tells them explicitly what the DOJ expects with regards to compliance programs and what other companies have done in those instances where a Monitor was not required, or vice-versa.

Accordingly, even as these seasoned defense attorneys begin to plan an internal investigation, they are looking for compliance and control failures and providing immediate advice about remedial measures aimed specifically at addressing the issues they know DOJ will have and in a fashion similar to that which they have seen other companies do to avoid a Monitor.  The cost savings of this as compared to the cost of a Monitor could be argued to not be as large as perceived, given that the “additional” services by such law firms does not come free, or inexpensively, nor does it always necessarily entail the use of very experienced compliance professionals, though that is changing too.  Nonetheless, many of these attorneys are exceptionally experienced in these matters and this strategy and process has been very effective to date in helping companies avoid the imposition of a Monitor in resolving FCPA matters.

Along those same lines, the DOJ (and the SEC) have not sat quietly regarding their expectations of compliance programs and internal controls within companies subject to the FCPA.  To the contrary, they have been very vocal in sharing their views about the topic, as well as about Monitors and some of the factors involved in considering whether or not to require them.  With such an abundance of information (i.e. settlement agreements, public statements by DOJ/SEC officials, articles, white papers, etc), its longer “rocket science” to “reverse engineer” what needs to be done in order to minimize the likelihood of a Monitor being required in DOJ FCPA matters.

The Corporate Compliance Industry
Second, among the key considerations in resolving FCPA matters (and corporate misconduct in general), is the state and effectiveness of an organization’s “pre-existing” corporate compliance and ethics program and internal controls.  Corporate compliance, as an industry, is still relatively new and has grown tremendously over the last few years.  Their impact on organizations’ pre-existing compliance programs has been positive, deep and broad.

There are several large and highly reputable organizations that now cater specifically to the compliance industry, some of whom even offer certifications for compliance professionals.  These organizations host large national and international conferences, as well as a myriad of local and regional seminars that cover all aspects of compliance within just about every industry. They have created and aggressively communicated standards and best practices as well, which comport with, among other things, the United States Sentencing Guidelines as it relates to corporate compliance & ethics programs.  As the compliance profession has grown and made more training and information accessible about best practices in compliance and ethics programs, corporate compliance professionals within organizations with pre-existing compliance programs have become better trained and equipped to improve their organization’s compliance programs, which results in less remediation and oversight if/when a problem occurs.

In addition to those organizations focused on the industry of corporate compliance and ethics, FCPA compliance has been a major topic of coverage by industry organizations (i.e. American Bar Association, Association of Certified Fraud Examiners, American Institute of Certified Public Accountants) and the professional training companies that serve the constituents of those organizations (i.e. American Conference Institute, Practising Law Institute, etc.).  It is also the topic of a huge amount of “viral” coverage, with law firm websites, newsletters, tweets, Linked-In groups and blogs that track everything going on related to FCPA matters and, in some cases, providing instant access to libraries of relevant documents and resource materials.

Want to keep up with FCPA issues/happenings?  Set a “Google Alert” on “FCPA” with instant updates and watch your email inbox explode.

Proactive FCPA Services
Finally, the universe of companies with exposure to the FCPA is tremendous and the risk(s) high.  For many years now, attorneys, consultants and compliance professionals have been using the DOJ’s aggressive prosecution of violators, which entails individual criminal prosecutions and monstrous organizational fines and restitution, to make companies (and their Board Members, where applicable) abundantly aware of their FCPA risks, personally and organizationally.  While organizations have traditionally avoided the costs of such proactive services in general, the seemingly huge personal and organizational risk(s) in FCPA has caused many organizations to shift their cost/benefit considerations in favor of action.  As a result, many companies have obtained professional compliance related services to proactively assess and improve the FCPA compliance components of their corporate compliance programs.  Proactive FCPA compliance has been among the hottest professional service areas of all proactive risk-based services for several years now.

As a result, there are many more companies, particularly within the industries “targeted” by the DOJ for FCPA, with viable “pre-existing” compliance programs today, who previously had little or no compliance program at all, much less one that addressed FCPA specific risks.

Self-Monitoring is Not Monitoring
The need for a Monitor must be evaluated in light of each matter’s particular circumstances.  A Monitor is not always necessary or appropriate to assuring the timely and effective compliance of an organization with their settlement agreement obligations.  However, the DOJ (and any other government agency) should cautiously contemplate their reliance on self-reporting by an organization on that organization’s compliance with the terms of a settlement agreement.  While the DOJ might hope that most companies, their counsel and the company’s employees would do so with the effectiveness, transparency and integrity expected of an Independent Corporate Monitor, there is no “independent” in self-reporting.

As just one example from my own experiences as a Monitor, I have had within the scope of my Monitorships the responsibility of verifying that organizations have met their settlement agreement obligations regarding reports/complaints of employee misconduct.  These have included complaints raised through a Hotline, directly or indirectly with the Chief Compliance Officer, through a direct supervisor, and/or any other means.  For those raised through a Hotline, for example, I routinely review the Hotline log (often done through a third-party and may include both telephonic and electronic communications) and assess how all such complaints were responded to, resolved and reported.   I then report to the relevant government agency on my findings.

In my Monitorships, regardless of whether a complaint was made through a Hotline or otherwise, the organizations knew that a I was watching, reducing the risk that any complaints could be ignored, mishandled or not appropriately reported in accordance with the settlement agreement obligations and/or applicable laws and regulations.  While not all complaints and/or resulting investigations required that they be reported, either to me as the Monitor or the government, the ability of the company to subjectively and solely make such a decision was impacted by my presence.  This helps assure that complaints are not only appropriately and effectively addressed, but that what needed to be reported to the government was so reported.  In fact, the companies that I have served as the Monitor of have tended to “over-report,” meaning they reported to the government about complaints that did not require reporting, either by law or the settlement agreement.  For example, in one of my Monitorships a Hotline call was received regarding an employee’s request for their own personal tax information and had no implications or relationship to misconduct; however, it was reported by the organization to me and the government merely because it came through the organization’s Hotline.

Though I am not involved in it and have no personal knowledge about the particulars, a company presently under a Monitor has very recently and publicly come under scrutiny as a result of a complaint (they note it as a “tip” in their public filings).  While it is unclear at this point whether the tip that led to that internal investigation came into the Hotline or not, it and the results of their internal investigation was reported to their Monitor and the government and has called into question whether or not they “knowingly and willfully breached material provisions” of their settlement agreement.  The company further acknowledged that this was a “significant liability” for them and could lead to government and civil liabilities and possible exclusion from certain government contracting which would have a “material adverse effect” on their financial condition.
Would this have come to light at all without a Monitor present, if they were left to self-reporting?  We may never know.

In addition to the utter lack of independence, an organization’s capability/ability should also be carefully and closely weighed by government agencies that contemplate permitting an organization to self-report on their compliance with a settlement agreement.  Among the chief responsibilities of a Monitor is to verify not only that the company complies with their settlement agreement obligations, but that they do so timely and effectively.  As it relates to effective compliance, many companies may not have the requisite resources and compliance experience to adequately make such a determination, while Monitors do, frequently having more experience in making such assessments than a company’s management, in-house counsel and/or compliance personnel.

One example of evaluating effective compliance from my own Monitorship experience involved an organization’s obligations in their settlement agreement regarding specific accounting and internal control requirements.  The complexity of these requirements exceeded the ability of the accounting and compliance professionals within the organization.  They intended to comply with their settlement agreement requirements in these areas and genuinely thought they had done so, but in reality they had not.  As the Monitor, I brought their failure to their immediate attention and provided guidance about how they might remedy their errors, which they were able to do, improving their own systems and procedures while effectively fulfilling their settlement agreement requirements at the same time.  Had this been left to self-reporting, neither the company nor the government would have known that the actions taken by the company were not effective.

Similarly, but much more frequently, I have experienced this same issue in evaluating the effectiveness of compliance training(s) required by settlement agreements.  Because such trainings are a key means of communicating a company’s compliance policies and the primary means of assuring that their employees understand and can apply them in their roles, they have been and continue to be a recurring requirement in settlement agreements.  There have been instances in my own Monitorships where, with the best intentions in mind, such compliance training has been conducted, in accordance with the requirements of a settlement agreement, that were wholly ineffective.  My testing found that those who received the training did not adequately understand the compliance policies or how they were applicable in their roles.  This lack of effectiveness was immediately raised with the organizations, allowing them to refine and improve their compliance training, as well as learn techniques to assess the effectiveness of that training within their own on-going compliance program monitoring, while effectively meeting their compliance training obligations as per their settlement agreements.  Once again, without the presence of a Monitor to recognize such a deficiency, neither the organizations involved nor the government agencies to whom they would have self-reported would have ever known.

Perhaps most concerning of all as it relates to self-reporting are those instances where companies view their compliance with a settlement agreement as a “check the box” exercise, with no regard to the spirit and goals of the settlement agreement.  In such instances, the government (and possibly the company itself) would not know whether or not a company is effectively complying with their settlement agreement obligations.  To the contrary, they would think everything was proceeding along smoothly.  At least until the next crisis arises.

Yes, Monitors come with a price.  While there are many misperceptions about how high that price may be (perhaps another good topic to explore), such a price is outweighed by the many benefits for the organization, the government agency, the industry and the public-at-large, among others.  Not only do I think that costs are not a factor in the recent decline in the use of Monitors in FCPA-based settlement agreements, I think they should never be a significant consideration at all in any matters where a Monitor is considered.  If the costs of a Monitor are a concern to a company, perhaps the attorneys who help companies negotiate the settlement agreements with the government should push harder to have the government offset any associated fines with the costs of the Monitorship, as was recently done in the Sirchie Acquisition Company (FCPA) and XE Services (Export Controls) settlement agreements.

The price of non-compliance, intentional or not, is too high to pay.