Considering the Fraud Triangle in Compliance Risk Assessments

In the Spring of 2012 I published a five-part series of on-line articles through Corporate Compliance Insights under the heading of “Incorporating the Fraud Triangle into Compliance Risk Assessments.”  While those articles were publicly available, I understand they received a fair degree of attention and were quoted and/or cited by numerous persons doing white-papers or articles where this information was relevant.  A friend in the compliance profession recently told me that this series of articles was no longer available publicly/online and asked if I might consider updating/revising that work into one complete article and putting it back out into the public domain – here it is.

International Association of Independent Corporate Monitors

It is with great pleasure that I may announce the launching of the website for International Association of Independent Corporate Monitors (IAICM).   A not-for-profit Membership Organization established in 2015 and headquartered in Virginia, in the greater Washington DC area, IAICM is an organization of professionals dedicated to educating the public on the topic of Independent Corporate Monitors (“Monitors”) and advancing the use and quality of service of those individuals serving or seeking to serve as Monitors.

The purposes of IAICM are to promote and improve the professional practice of Corporate Monitoring, to be a recognized thought-leader in the field of Corporate Monitoring, to make available information on Corporate Monitoring to the public, and to provide high quality, relevant information, resources and training to professionals and others practicing in the area of Corporate Monitoring.

IAICM’s Code of Professional Conduct is an invaluable resource for standards and best practices for those serving or seeking to serve as a Monitor.  Indirectly, the Code also suggests best practices for Reporting Agencies and Host Organizations considering or using Monitors.  All Members of IAICM must certify that they will abide by and uphold the IAICM Code, providing both a guide and a performance measuring stick for Host Organizations, Reporting Agencies, and the public-at-large.

The mysteriousness of Corporate Monitoring is enhanced by the difficulty in obtaining information on the topic.  A person studying Corporate Monitoring not only must collect information from a wide variety of sources, but may also have great difficulty identifying reliable and relevant sources.

IAICM’s Public Resource Center helps address this by making available to the public the only repository of information on Corporate Monitoring.  From key government policy documents to actual Agreements requiring Monitors, the Public Resource Center makes them easy to search and find.  Interested in identifying all known Monitorships by a particular agency, underlying misconduct, or during a particular time frame?  Our search engine helps visitors not only identify these in our repository, but presents, in one easy-to-read screen, the relevant information and supporting documents for each matter in our repository.

All IAICM Members have qualifications that suggest they possess the breadth and depth of relevant skills, knowledge, and experience, together with reputation of character, to effectively serve as an Independent Corporate Monitor consistent with IAICM’s Code of Professional Conduct.  To facilitate the needs of those considering candidates for a Monitorship, finding a speaker on the topic, seeking guidance, or simply doing research, all IAICM Members are publicly listed on this site, along with each Member’s relevant contact and professional information.

DOJ Provides New Guidance to Prosecutors on “Individual Accountability for Corporate Wrongdoing”

On September 9, 2015, Deputy Attorney General Sally Quillan Yates issued a memo to all of DOJ regarding individual accountability for corporate wrongdoing.  It’s been a heavy issue for years – that executives in companies where frauds or misconduct have occurred don’t seem to get prosecuted – and according to this memo, DOJ formed a “working group of senior attorneys from Department components and the United States Attorney community with significant experience in this area” to examine “how the Department approaches corporate investigations, and identified areas in which it can amend its policies and practices in order to most effectively pursue the individuals responsible for corporate wrongs.”  This particular memo was stated as being a product of that working group.

I suppose that many may take this as a long-awaited admission that DOJ wasn’t focusing on individuals enough in corporate fraud matters (criminal and civil).  I don’t know that I believe that to be the case, but I do find it refreshing to see greater emphasis placed on holding individuals accountable.  Personally, when I was an FBI Agent, I was much more interested in putting people in jail than seeing my cases resolved with a settlement agreement of some sort.  We always pursued the people behind the crimes.  But like I said, the statistics and data do seem to indicate that some greater emphasis was needed in this area.

I haven’t analyzed the memo yet and may post some thoughts about it after I do so.  Though I am guessing that many will be doing so very soon, probably better than I, and I look forward to reading their thoughts.  Some of the repercussions that this memo will create are obvious, such as much more intense internal corporate investigations (which the external lawyers, compliance consultants and forensic accountants will welcome), while others are more subtle (e.g. how this will affect disclosures and negotiations).

Anyway, with no further commentary from me, here are the six (6) “key steps” that this memo says will provide guidance to “strengthen our pursuit of individual corporate wrongdoing“:

  1. In order to qualify for any cooperation credit, corporations must provide to the Department all relevant facts relating to the individuals responsible for the misconduct;
  2. Criminal and civil corporate investigations should focus on individuals from the inception of the investigation;
  3. Criminal and civil attorneys handling corporate investigations should be in routine communication with one another;
  4. Absent extraordinary circumstances or approved departmental policy, the Department will not release culpable individuals from civil or criminal liability when resolving a matter with a corporation;
  5. Department attorneys should not resolve matters with a corporation without a clear plan to resolve related individual cases, and should memorialize any declinations as to individuals in such cases; and
  6. Civil attorneys should consistently focus on individuals as well as the company and evaluate whether to bring suit against an individual based on considerations beyond that individual’s ability to pay.

Here’s a copy of the Memo: DOJ Memo – Individual Accountability for Corporate Wrongdoing – Sept 2015 – I suppose it will become referred to eventually as the “Yates Memo”.

DOJ Hiring a Compliance Expert

In November of 2014, I published a paper entitled “Improving Corporate Settlement Agreements” on JDSupra.  A few media people and industry experts picked it up and made comments on it – all the ones that I read were positive (thanks guys!).

In that paper, one of the issues that I raised was the lack of compliance and ethics program expertise among government agencies in the field of compliance and ethics programs.  For example, while DOJ prosecutors are exceptionally knowledgeable, trained, and experienced in white collar crime matters, I know of very few who can say the same about corporate compliance and ethics programs.  Yet it is exactly the robustness and effectiveness of an organization’s compliance and ethics program that dictates if or how the organization will emerge – prosecution, suspension/debarment, settlement, etc….

I would love to say that some DOJ people read that paper and took it to heart, but that’s probably doubtful.  Nonetheless, I was thrilled when I saw the announcement that the DOJ FCPA Unit was bringing on a compliance and ethics expert to do exactly what I was saying needs to be done in that regard (I had other criticisms in my paper as well that I would love to see addressed).

It has been reported that in July 2015, the Chief of the Fraud Section at DOJ confirmed that this position/role was being filled.  Here’s a link to an article on it.  The article stated: “This new compliance counsel position constitutes a significant change for DOJ, which in the past has relied on its cadre of white collar criminal prosecutors to evaluate compliance programs. The compliance counsel will help DOJ answer the recurring issue of whether an FCPA violation occurred because the company lacked an effective anti-corruption compliance program or because a rogue employee circumvented an otherwise strong program. Should DOJ decide to prosecute the company, the compliance counsel’s evaluation of the company’s compliance program will inform the final resolution with the company, including whether the company will be required to retain an independent compliance monitor.”

Kudos to the DOJ FCPA Unit for recognizing this need and doing something about it.  I and many others in the field will be anxiously awaiting to see it in action.  I also hope we will see this in other DOJ units (e.g. Anti-Trust) – this isn’t just an FCPA issue!

Also, I have seen some non-DOJ units picking up on this need.  For example, key decision makers in the Department of Interior’s Office of Inspector General and Suspension & Debarment Offices have become Certified Compliance and Ethics Professionals through the Society of Corporate Compliance and Ethics.  I have heard that the same is happening in at least one other Agency’s OIG and S&D offices.

There’s a long road ahead, but it seems people are at least seeing that a road exists.

Thomson Reuters Article on Deferred Prosecution Agreements and Monitors

I was interviewed earlier this year for this third part in a series of articles by Thomson Reuters on DPAs.  If you would like to read it, click here or you can download a pdf copy that Thomson Reuters provided to me: Thomson Reuters Article on DPAs Part 3 – 13Apr2015

Recent Series of Articles on DPAs in Morning Consult

I was recently interviewed by Morning Consult for a series of articles regarding deferred and non-prosecution agreements and wanted to share those here for anyone interested.  They are linked below (hopefully these links remain “live” for some time).

Part 1 – “More Banks Avoiding Trials in Era of Deferred Prosecution Agreements”
Part 2 – “Ripple Effects of Charging Banks Give Prosecutors Pause”
Part 3 – “Prosecutors in the Compliance Forest”

Messaging Risks – When IS the Right Time?

There was an awful lot of outrage about the Nationwide commercial drawing attention to home accidents affecting children during the Superbowl this year. It didn’t seem that the outrage was so much directed at the message as much as it was the timing – it was done during a time when people were trying to be entertained, not horrified.

I have four young daughters, so I get that anything that makes me think about their mortality (much less my delinquency or negligence contributing to something that harms them) causes a certain amount of discomfort. A lot of discomfort. But I was with my family watching the game when this commercial aired and I have to say, though it certainly put a temporary damper on our festive spirits, it also caused a moment of reflection. I had forgotten about securing a television set in our home that could fall if one of my kids climbed on it (such a scene was in the commercial).

So I am supposed to be angered that I suffered a brief interruption of my precious and fleeting television entertainment-induced happiness to be reminded that I needed to do something the consequences of which could cause a constant interruption of my happiness for the rest of my life?

When exactly is the time for delivering messages that draw our attention to risks? The argument that this commercial was poorly timed because it interfered with our entertainment is, in my mind, absurd. Television is predominately for entertainment. Therefore, there could be no appropriate time for a commercial like this. Perhaps there are some shows that cater to the melancholic, where “depressing” commercials might resonate better?

The idea behind heightening awareness of risks is to draw the largest amount of attention possible to those risks. In the case of this message, using a Superbowl commercial was sure to reach a heck of a lot more people than some educational/informational show that airs in the middle of the night watched by a couple hundred people.

The public uproar stimulated questions relevant to my professional compliance and consulting work – Are we living in a culture that has no appreciation for hearing about and taking actions to mitigate risks? A culture that actually takes offense when we do?

In business, we need to appreciate, understand and act on risks. Yet compliance and ethics professionals face similar challenges with Boards, Executives, Senior Management and even line employees and/or agents of an organization. Though there is an expectation that these roles know about and deal with risks, it’s not something they particularly care to hear about, particularly in the higher ranks, where it is of great importance and impact. They prefer to discuss financial results, stock performance, mergers & acquisitions, etc. – you know, the REAL and IMPORTANT stuff.

I face a similar challenge when trying to develop proactive compliance and ethics consulting work. Organizations simply don’t want to hear about faint, non-imminent, and “philosophical” dangers that could sink or significantly impair their organization.  Much less do they want to spend a little money to properly deal with it.

Using the Nationwide commercial as an analogy, one might think the risk of an unsecured weapon in the home is minimal because one’s children have been well educated on the risks and, due to their obedience, would not play with the weapon. Perhaps true. But what about the kids who come over to play?

The rationalizations in business are really no different.  I can’t tell you how often I heard victims of a fraud (both when I was an FBI Agent and now as a consultant) tell me something like “But Sally was such a nice and religious lady whose been with us for 15 years – she COULDN’T have stolen from us!  You must have made a mistake.” 

To all the compliance and ethics professionals out there working hard to do the right thing, whose risk messages too often fall on deaf ears, I raise my coffee cup to you. You ever need an ear, my number ain’t hard to find.