Considering the Fraud Triangle in Compliance Risk Assessments

In the Spring of 2012 I published a five-part series of on-line articles through Corporate Compliance Insights under the heading of “Incorporating the Fraud Triangle into Compliance Risk Assessments.”  While those articles were publicly available, I understand they received a fair degree of attention and were quoted and/or cited by numerous persons doing white-papers or articles where this information was relevant.  A friend in the compliance profession recently told me that this series of articles was no longer available publicly/online and asked if I might consider updating/revising that work into one complete article and putting it back out into the public domain – here it is.

International Association of Independent Corporate Monitors

It is with great pleasure that I may announce the launching of the website for International Association of Independent Corporate Monitors (IAICM).   A not-for-profit Membership Organization established in 2015 and headquartered in Virginia, in the greater Washington DC area, IAICM is an organization of professionals dedicated to educating the public on the topic of Independent Corporate Monitors (“Monitors”) and advancing the use and quality of service of those individuals serving or seeking to serve as Monitors.

The purposes of IAICM are to promote and improve the professional practice of Corporate Monitoring, to be a recognized thought-leader in the field of Corporate Monitoring, to make available information on Corporate Monitoring to the public, and to provide high quality, relevant information, resources and training to professionals and others practicing in the area of Corporate Monitoring.

IAICM’s Code of Professional Conduct is an invaluable resource for standards and best practices for those serving or seeking to serve as a Monitor.  Indirectly, the Code also suggests best practices for Reporting Agencies and Host Organizations considering or using Monitors.  All Members of IAICM must certify that they will abide by and uphold the IAICM Code, providing both a guide and a performance measuring stick for Host Organizations, Reporting Agencies, and the public-at-large.

The mysteriousness of Corporate Monitoring is enhanced by the difficulty in obtaining information on the topic.  A person studying Corporate Monitoring not only must collect information from a wide variety of sources, but may also have great difficulty identifying reliable and relevant sources.

IAICM’s Public Resource Center helps address this by making available to the public the only repository of information on Corporate Monitoring.  From key government policy documents to actual Agreements requiring Monitors, the Public Resource Center makes them easy to search and find.  Interested in identifying all known Monitorships by a particular agency, underlying misconduct, or during a particular time frame?  Our search engine helps visitors not only identify these in our repository, but presents, in one easy-to-read screen, the relevant information and supporting documents for each matter in our repository.

All IAICM Members have qualifications that suggest they possess the breadth and depth of relevant skills, knowledge, and experience, together with reputation of character, to effectively serve as an Independent Corporate Monitor consistent with IAICM’s Code of Professional Conduct.  To facilitate the needs of those considering candidates for a Monitorship, finding a speaker on the topic, seeking guidance, or simply doing research, all IAICM Members are publicly listed on this site, along with each Member’s relevant contact and professional information.

DOJ Hiring a Compliance Expert

In November of 2014, I published a paper entitled “Improving Corporate Settlement Agreements” on JDSupra.  A few media people and industry experts picked it up and made comments on it – all the ones that I read were positive (thanks guys!).

In that paper, one of the issues that I raised was the lack of compliance and ethics program expertise among government agencies in the field of compliance and ethics programs.  For example, while DOJ prosecutors are exceptionally knowledgeable, trained, and experienced in white collar crime matters, I know of very few who can say the same about corporate compliance and ethics programs.  Yet it is exactly the robustness and effectiveness of an organization’s compliance and ethics program that dictates if or how the organization will emerge – prosecution, suspension/debarment, settlement, etc….

I would love to say that some DOJ people read that paper and took it to heart, but that’s probably doubtful.  Nonetheless, I was thrilled when I saw the announcement that the DOJ FCPA Unit was bringing on a compliance and ethics expert to do exactly what I was saying needs to be done in that regard (I had other criticisms in my paper as well that I would love to see addressed).

It has been reported that in July 2015, the Chief of the Fraud Section at DOJ confirmed that this position/role was being filled.  Here’s a link to an article on it.  The article stated: “This new compliance counsel position constitutes a significant change for DOJ, which in the past has relied on its cadre of white collar criminal prosecutors to evaluate compliance programs. The compliance counsel will help DOJ answer the recurring issue of whether an FCPA violation occurred because the company lacked an effective anti-corruption compliance program or because a rogue employee circumvented an otherwise strong program. Should DOJ decide to prosecute the company, the compliance counsel’s evaluation of the company’s compliance program will inform the final resolution with the company, including whether the company will be required to retain an independent compliance monitor.”

Kudos to the DOJ FCPA Unit for recognizing this need and doing something about it.  I and many others in the field will be anxiously awaiting to see it in action.  I also hope we will see this in other DOJ units (e.g. Anti-Trust) – this isn’t just an FCPA issue!

Also, I have seen some non-DOJ units picking up on this need.  For example, key decision makers in the Department of Interior’s Office of Inspector General and Suspension & Debarment Offices have become Certified Compliance and Ethics Professionals through the Society of Corporate Compliance and Ethics.  I have heard that the same is happening in at least one other Agency’s OIG and S&D offices.

There’s a long road ahead, but it seems people are at least seeing that a road exists.

Thomson Reuters Article on Deferred Prosecution Agreements and Monitors

I was interviewed earlier this year for this third part in a series of articles by Thomson Reuters on DPAs.  If you would like to read it, click here or you can download a pdf copy that Thomson Reuters provided to me: Thomson Reuters Article on DPAs Part 3 – 13Apr2015

Recent Series of Articles on DPAs in Morning Consult

I was recently interviewed by Morning Consult for a series of articles regarding deferred and non-prosecution agreements and wanted to share those here for anyone interested.  They are linked below (hopefully these links remain “live” for some time).

Part 1 – “More Banks Avoiding Trials in Era of Deferred Prosecution Agreements”
Part 2 – “Ripple Effects of Charging Banks Give Prosecutors Pause”
Part 3 – “Prosecutors in the Compliance Forest”

Messaging Risks – When IS the Right Time?

There was an awful lot of outrage about the Nationwide commercial drawing attention to home accidents affecting children during the Superbowl this year. It didn’t seem that the outrage was so much directed at the message as much as it was the timing – it was done during a time when people were trying to be entertained, not horrified.

I have four young daughters, so I get that anything that makes me think about their mortality (much less my delinquency or negligence contributing to something that harms them) causes a certain amount of discomfort. A lot of discomfort. But I was with my family watching the game when this commercial aired and I have to say, though it certainly put a temporary damper on our festive spirits, it also caused a moment of reflection. I had forgotten about securing a television set in our home that could fall if one of my kids climbed on it (such a scene was in the commercial).

So I am supposed to be angered that I suffered a brief interruption of my precious and fleeting television entertainment-induced happiness to be reminded that I needed to do something the consequences of which could cause a constant interruption of my happiness for the rest of my life?

When exactly is the time for delivering messages that draw our attention to risks? The argument that this commercial was poorly timed because it interfered with our entertainment is, in my mind, absurd. Television is predominately for entertainment. Therefore, there could be no appropriate time for a commercial like this. Perhaps there are some shows that cater to the melancholic, where “depressing” commercials might resonate better?

The idea behind heightening awareness of risks is to draw the largest amount of attention possible to those risks. In the case of this message, using a Superbowl commercial was sure to reach a heck of a lot more people than some educational/informational show that airs in the middle of the night watched by a couple hundred people.

The public uproar stimulated questions relevant to my professional compliance and consulting work – Are we living in a culture that has no appreciation for hearing about and taking actions to mitigate risks? A culture that actually takes offense when we do?

In business, we need to appreciate, understand and act on risks. Yet compliance and ethics professionals face similar challenges with Boards, Executives, Senior Management and even line employees and/or agents of an organization. Though there is an expectation that these roles know about and deal with risks, it’s not something they particularly care to hear about, particularly in the higher ranks, where it is of great importance and impact. They prefer to discuss financial results, stock performance, mergers & acquisitions, etc. – you know, the REAL and IMPORTANT stuff.

I face a similar challenge when trying to develop proactive compliance and ethics consulting work. Organizations simply don’t want to hear about faint, non-imminent, and “philosophical” dangers that could sink or significantly impair their organization.  Much less do they want to spend a little money to properly deal with it.

Using the Nationwide commercial as an analogy, one might think the risk of an unsecured weapon in the home is minimal because one’s children have been well educated on the risks and, due to their obedience, would not play with the weapon. Perhaps true. But what about the kids who come over to play?

The rationalizations in business are really no different.  I can’t tell you how often I heard victims of a fraud (both when I was an FBI Agent and now as a consultant) tell me something like “But Sally was such a nice and religious lady whose been with us for 15 years – she COULDN’T have stolen from us!  You must have made a mistake.” 

To all the compliance and ethics professionals out there working hard to do the right thing, whose risk messages too often fall on deaf ears, I raise my coffee cup to you. You ever need an ear, my number ain’t hard to find.

Mom’s Lessons

If you were wondering whether or not I had dropped off the face of the earth for the last six weeks, you guessed right.  October of 2014 was a month that, along with September 2001, I would love to utterly erase from my memory.

My mother, who had been so courageously battling cancer for the last five years, lost the battle on October 17, 2014.  Despite a contractor catching my house on fire and a kidney stone suddenly showing up, I was able to get to Bristol, VA and be with my mom before her passing.  I remained in Bristol to support my dad and help with all of the funeral arrangements.  After the funeral, I packed their house up and moved dad up to Fredericksburg, VA with my family.

As I reflected on my mom’s life and lessons, there were a few in particular that I find relevant to the work I do today, particularly in the area of compliance and ethics.  My mom was raised in a second generation Italian family in extreme poverty in New Orleans.  I recall hearing stories of how she slept together with her sister and brother in a small room where they had to take turns staying awake to keep the rats off of them.

Despite the obstacles, mom appreciated the value of hard & honest work, education, and selfless service.  Working various jobs, she put herself through nursing school and began what became a forty-one year long career as a nurse.   Mom’s nursing accomplishments were of no comparison with Nobel Prize winners and will never be remembered outside of the small circles of those whom they affected, but they are nonetheless as profound and meaningful, both to those affected and to those who might see in her life and work the impact and role of a positive high ethical tone and commitment to always doing what was right and in the best interests of her “customers” – her patients.

My mom always stressed the importance of honesty and showed me the benefits of it every time I owned up to something I did wrong as a child.  As long as I was honest about my mistakes, the punishment was appropriately reduced.  Thank God – or I would still be in “time-out” some forty years later!   That is a lesson I have carried all my life and am trying hard to pass on to my children, as well as those with whom I work.

Positive ethical tone within an organization begins with honesty.  And ends with dishonesty.

An effective compliance & ethics program will include on-going education and training.  While my mom worked hard to put herself through school to become a nurse, she never stopped her education there.  Over the course of her career as a nurse, she took on many new challenges/specialties, some of which she did pioneering work in.  The lesson is that education never stops.  We never stop learning and we always have room to learn more, regardless of where we are now in our lives and careers.  Compliance training IS on-going education.  It is not checking a box.

Being a nurse is among the most altruistic jobs one might have.  Caring for those who, in many instances, can’t care for themselves.  Helping them with the most humbling and/or simple tasks – many tasks that even family might shy away from.  Not losing sight of their human dignity and treating them with respect, even as they lost respect for themselves.  My mom was always a champion of the patients, even when being so was not always in the financial best interests of the hospital or kindly looked upon by her superiors.  As best as I know, mom never had to deal with any “corporate” fraud issues as a nurse/employee, but she certainly had her share of ethical issues.  Sometimes described as a “firecracker” when it came to advocating for her patients, I am sure mom upset her share of hospital superiors of lesser ethical constitution over the years.

It’s a great lesson for us.  By placing greater value on what we do and doing things right (rather than on where our stock price is), we find a more fulfilling and long-lasting success.  When someone acts unethically or engages in some sort of misconduct, we have to speak up – until somebody listens.

I recall with both joy and sadness a little boy named Stephen, who was a cancer patient under my mom’s care in a pediatric intensive care unit.  I was living far away at the time, working as an FBI Agent.  In caring for Stephen, my mom had learned that he had dreamed of one day becoming an FBI Agent and so she asked that I might visit him when I next came to town – in fact, she made certain to remind me of it MANY times as I planned my next visit!

When I got to town, my mom made sure that the hospital was my very first stop.  She also insisted that I wear a suit – my official FBI Agent “uniform.”   After Stephen’s chemo treatment(s) that day, she rolled him in a wheelchair to a private little waiting area where she had asked me to wait.  Stephen was probably about ten years old and his cancer was terminal – in its latest stage.   It was obvious that this child had suffered much and long, and was still in pain.  He didn’t have a single hair on his head and maybe weighed forty pounds in all his clothes.  Yet when my mom introduced me as her FBI Agent son, he lit up like a Christmas tree.  My mom and Stephen’s mom left briefly, so that we could have our “top secret debriefing.”  I let him hold by badge and credentials, let him see my handcuffs and the gun holstered on my hip, and answered every question he could muster the strength to ask – and many that I knew he would ask if he could.

When our time was over, I gave Stephen an official FBI t-shirt, a junior FBI Agent badge, some FBI pens, and other little things that I can’t even remember – though they meant the world to him.  I learned a couple months later that Stephen had passed and that he had specifically requested that he be buried in that FBI t-shirt that I gave him.  To this day I can’t think about that without tearing up.

This is just one example of how my mom took the time to listen to her “customers” and to appropriately do more for them than what just her job required.   She got no honors, medals, promotions, mentions or bonuses for this – and that was fine by her.  The joy brought to Stephen was priceless.

I’ll miss you mom.  Thanks for all you did for me and for everyone you touched.  I hope I can pass on the lessons I learned from you to my children as well as you passed them on to me.  I also hope that I might follow your example(s) with the same humble obscurity as you sought and that I might touch just one tenth of the number of lives that you did.

Tell Stephen hello for me.

Expert Testimony – Corporate Compliance & Ethics

A new “practice” area may be emerging for testifying experts.

When an employee(s) of an organization violates a law, regulatory requirement, etc., the organization can be, and often is, held liable for it.  That liability may be, among to other things, criminal in nature (corporate criminal liability) or one associated with government contracting (present responsibility and/or responsible government contractor).  It may also be civil, in such instances where there are collateral civil actions (class actions and/or shareholder derivative suits) arising out of the employee(s) misconduct.

One of the primary considerations of corporate liability, at least from the enforcement perspective, is the organization’s corporate compliance & ethics program (“Program”).   That Program, in many respects, serves as the “body armor” against vicarious liability because of its consideration under 8B2.1 of the United States Sentencing Guidelines.  Government prosecutors and Agency regulators, including suspension and debarment officials, consider an organization’s Program heavily, as demonstrated by the attention focused on such Programs in various government settlement agreements (i.e. Deferred and Non-Prosecution Agreements, Administrative Agreements, Consent Agreements, etc…).

While the benefits of an outside compliance expert are obvious as it relates to demonstrating the effectiveness of a Program to the Government, this may be a consideration in collateral civil litigation, where the Program can become a defense for the organization (or an offense for the plaintiff).  Plaintiffs and defendants routinely hire outside experts for all sorts of things associated with such litigation (i.e. damage calculations, forensic accountants, etc.) – Why not a Compliance and Ethics Program Expert?  After all, if the organization had an effective Program, what more could they have reasonably done to prevent the misconduct?  If the government uses this as the measuring stick, why shouldn’t it be considered in civil litigation?

Just a thought.  But if your organization or an organization you represent becomes embroiled in such matters, you should consider how this might fit into your litigation strategy.

If you want more thoughts about how a Corporate Compliance and Ethics Program Expert might fit within the litigation strategy of any matters you are involved in, call me.  If nothing else, it would be a very interesting conversation.

Incorporating the “Fraud Triangle” into Compliance Risk Assessments

In my Corporate Compliance Insights column, I have run a series of articles discussing how Compliance and Ethics Professionals might incorporate the Fraud Triangle into their Annual Compliance Risk Assessment(s).  Though I cannot re-print the articles here, below are summaries of each with a link to each respective piece in the series.

This is a fascinating subject for mixed compliance and fraud professionals like myself. Incorporating the factors of the Fraud Triangle into compliance related areas has been very effective for me in the compliance and Independent Corporate Monitor work that I do.  Feedback has been very positive on this series and I hope that the articles may provide you with some practical ideas that will help you improve the effectiveness of your own Compliance & Ethics Programs.

The first in the series is an Overview of the Fraud Triangle, which introduces the theory and sets the stage for the articles to follow.  It also defines and distinguishes “Occupational Fraud” from “Predatory Fraud.”  Though the Fraud Triangle was developed by a criminologist and concerned criminal acts associated with fraud, I have found that the concepts also apply to less than fraud-related criminal actions, such as violating a compliance policy or acting unethically in the course of an occupation.

The next article in the series explores the “Opportunity” factor of the Fraud Triangle, which relates to one’s ability to commit fraud, violate a compliance policy or act unethically, and is affected by such things as, among others, internal controls, knowledge & training, authority, and experience.

Part 3 of the series examines the “Rationalization” factor of the Fraud Triangle, which relates to a person’s ability to internally justify/rationalize their unethical, wrongful or criminal actions.  This is often affected not only by a person’s individual moral standards, but also by the ethical tone within an organization and the person’s perception(s) about the fairness and equality of rewards and punishments for actions and behavior.

The next in the series looks at the “Motivation” factor of the Fraud Triangle, which generally relates to an “unshareable need” that arises within a person’s life.  This is the one factor of the Fraud Triangle that an organization has the least control over, as well as the most difficult one to be assessed.  This “unshareable need” is a personal need that can arise from a broad range of things, ranging from common and ordinary life issues (i.e. a divorce) to those that are more nefarious (i.e. drug addiction).  As this need increases within a person’s life, so to does the risk of that person taking actions contrary to an organization’s Code of Ethics and/or Compliance Policies.  To help illustrate this, I included in this article some very interesting and real-life examples that I have encountered over the course of my 20 plus years of fraud investigations experience, including many from my service as an FBI Agent.

The final in the series examines the “Perception Factor”.  This is technically not a part of the Fraud Triangle and concerns the perception by an individual regarding whether or not they will get caught if they violate a compliance policy, act unethically or commit a fraud.  I have found that this can be an overriding factor in a person’s decision whether or not to violate a compliance policy, act unethically or commit a fraud, even when the three factors of the Fraud Triangle are at a high risk.

FCPA Settlement Agreements, Monitors and Self-Monitoring

There has been a slightly less frequent requirement by the DOJ for Independent Corporate Monitors (“Monitors”) in FCPA-based settlement agreements during 2011.  Counts may vary a little due to timing, but there have been about seven (7) such settlement agreements during the first half of 2011, of which two (2) required Monitors and three (3) required some form of “self-reporting.”  Previously, Monitors had been required, on average, in a little more than forty percent (40%) of FCPA-based settlement agreements, a fair amount more than the twenty-eight percent (28%) average for the first half of 2011.

What is behind this apparent trend and does it have anything to do with concerns that have been raised over the last few years about the costs and scope of Monitors?  Does it signal a broader “policy” shift within DOJ and/or outside of just FCPA matters?

What should be considered by government agencies when contemplating whether or not to allow an organization to self-monitor their compliance with the terms of a settlement agreement?

If one looks at DOJ’s written policies on the topic and public statements by DOJ officials, such a change is clearly not “official policy” in general, nor is it just for FCPA matters.  Also, while costs of a Monitor are certainly among the many factors considered by all parties, there is nothing to indicate costs are a key consideration by DOJ in determining whether or not to require a Monitor at all, much less a factor in this trend.

As a Monitor and one who tracks the use of Monitors intensely and very broadly, I am absolutely confident in saying that the use of Monitors is universally (FCPA being an exception thus far in 2011) increasing, not decreasing.  Not only among more regulatory and enforcement agencies at all levels of government within the United States, but abroad.  Without articulating and referencing all the support behind this assertion (just look at previous issues of “The Monitor” to see the broad use and requirement of Monitors), I think we can dispel any notion that this apparent trend in FCPA-based matters has any broader implications, both in and outside of DOJ. Accordingly, I would like to explore why this trend may be happening within DOJ FCPA-based settlement agreements.

From my reviews of the underlying settlement agreements in the older and more recent FCPA matters, both where a Monitor was and was not required, there seem to be three key things that have happened and are continuing to happen that I believe explain this trend.  The cost of a Monitor is definitely not one of them and never should be.

Expertise of Counsel
First, outside counsel for the firms involved in FCPA matters have gotten really good.  Not only have they gained an abundance of experience in such matters because of the sheer volume of DOJ FCPA investigations that have taken and are taking place, but they now have a plethora of settlement agreements available that tells them explicitly what the DOJ expects with regards to compliance programs and what other companies have done in those instances where a Monitor was not required, or vice-versa.

Accordingly, even as these seasoned defense attorneys begin to plan an internal investigation, they are looking for compliance and control failures and providing immediate advice about remedial measures aimed specifically at addressing the issues they know DOJ will have and in a fashion similar to that which they have seen other companies do to avoid a Monitor.  The cost savings of this as compared to the cost of a Monitor could be argued to not be as large as perceived, given that the “additional” services by such law firms does not come free, or inexpensively, nor does it always necessarily entail the use of very experienced compliance professionals, though that is changing too.  Nonetheless, many of these attorneys are exceptionally experienced in these matters and this strategy and process has been very effective to date in helping companies avoid the imposition of a Monitor in resolving FCPA matters.

Along those same lines, the DOJ (and the SEC) have not sat quietly regarding their expectations of compliance programs and internal controls within companies subject to the FCPA.  To the contrary, they have been very vocal in sharing their views about the topic, as well as about Monitors and some of the factors involved in considering whether or not to require them.  With such an abundance of information (i.e. settlement agreements, public statements by DOJ/SEC officials, articles, white papers, etc), its longer “rocket science” to “reverse engineer” what needs to be done in order to minimize the likelihood of a Monitor being required in DOJ FCPA matters.

The Corporate Compliance Industry
Second, among the key considerations in resolving FCPA matters (and corporate misconduct in general), is the state and effectiveness of an organization’s “pre-existing” corporate compliance and ethics program and internal controls.  Corporate compliance, as an industry, is still relatively new and has grown tremendously over the last few years.  Their impact on organizations’ pre-existing compliance programs has been positive, deep and broad.

There are several large and highly reputable organizations that now cater specifically to the compliance industry, some of whom even offer certifications for compliance professionals.  These organizations host large national and international conferences, as well as a myriad of local and regional seminars that cover all aspects of compliance within just about every industry. They have created and aggressively communicated standards and best practices as well, which comport with, among other things, the United States Sentencing Guidelines as it relates to corporate compliance & ethics programs.  As the compliance profession has grown and made more training and information accessible about best practices in compliance and ethics programs, corporate compliance professionals within organizations with pre-existing compliance programs have become better trained and equipped to improve their organization’s compliance programs, which results in less remediation and oversight if/when a problem occurs.

In addition to those organizations focused on the industry of corporate compliance and ethics, FCPA compliance has been a major topic of coverage by industry organizations (i.e. American Bar Association, Association of Certified Fraud Examiners, American Institute of Certified Public Accountants) and the professional training companies that serve the constituents of those organizations (i.e. American Conference Institute, Practising Law Institute, etc.).  It is also the topic of a huge amount of “viral” coverage, with law firm websites, newsletters, tweets, Linked-In groups and blogs that track everything going on related to FCPA matters and, in some cases, providing instant access to libraries of relevant documents and resource materials.

Want to keep up with FCPA issues/happenings?  Set a “Google Alert” on “FCPA” with instant updates and watch your email inbox explode.

Proactive FCPA Services
Finally, the universe of companies with exposure to the FCPA is tremendous and the risk(s) high.  For many years now, attorneys, consultants and compliance professionals have been using the DOJ’s aggressive prosecution of violators, which entails individual criminal prosecutions and monstrous organizational fines and restitution, to make companies (and their Board Members, where applicable) abundantly aware of their FCPA risks, personally and organizationally.  While organizations have traditionally avoided the costs of such proactive services in general, the seemingly huge personal and organizational risk(s) in FCPA has caused many organizations to shift their cost/benefit considerations in favor of action.  As a result, many companies have obtained professional compliance related services to proactively assess and improve the FCPA compliance components of their corporate compliance programs.  Proactive FCPA compliance has been among the hottest professional service areas of all proactive risk-based services for several years now.

As a result, there are many more companies, particularly within the industries “targeted” by the DOJ for FCPA, with viable “pre-existing” compliance programs today, who previously had little or no compliance program at all, much less one that addressed FCPA specific risks.

Self-Monitoring is Not Monitoring
The need for a Monitor must be evaluated in light of each matter’s particular circumstances.  A Monitor is not always necessary or appropriate to assuring the timely and effective compliance of an organization with their settlement agreement obligations.  However, the DOJ (and any other government agency) should cautiously contemplate their reliance on self-reporting by an organization on that organization’s compliance with the terms of a settlement agreement.  While the DOJ might hope that most companies, their counsel and the company’s employees would do so with the effectiveness, transparency and integrity expected of an Independent Corporate Monitor, there is no “independent” in self-reporting.

As just one example from my own experiences as a Monitor, I have had within the scope of my Monitorships the responsibility of verifying that organizations have met their settlement agreement obligations regarding reports/complaints of employee misconduct.  These have included complaints raised through a Hotline, directly or indirectly with the Chief Compliance Officer, through a direct supervisor, and/or any other means.  For those raised through a Hotline, for example, I routinely review the Hotline log (often done through a third-party and may include both telephonic and electronic communications) and assess how all such complaints were responded to, resolved and reported.   I then report to the relevant government agency on my findings.

In my Monitorships, regardless of whether a complaint was made through a Hotline or otherwise, the organizations knew that a I was watching, reducing the risk that any complaints could be ignored, mishandled or not appropriately reported in accordance with the settlement agreement obligations and/or applicable laws and regulations.  While not all complaints and/or resulting investigations required that they be reported, either to me as the Monitor or the government, the ability of the company to subjectively and solely make such a decision was impacted by my presence.  This helps assure that complaints are not only appropriately and effectively addressed, but that what needed to be reported to the government was so reported.  In fact, the companies that I have served as the Monitor of have tended to “over-report,” meaning they reported to the government about complaints that did not require reporting, either by law or the settlement agreement.  For example, in one of my Monitorships a Hotline call was received regarding an employee’s request for their own personal tax information and had no implications or relationship to misconduct; however, it was reported by the organization to me and the government merely because it came through the organization’s Hotline.

Though I am not involved in it and have no personal knowledge about the particulars, a company presently under a Monitor has very recently and publicly come under scrutiny as a result of a complaint (they note it as a “tip” in their public filings).  While it is unclear at this point whether the tip that led to that internal investigation came into the Hotline or not, it and the results of their internal investigation was reported to their Monitor and the government and has called into question whether or not they “knowingly and willfully breached material provisions” of their settlement agreement.  The company further acknowledged that this was a “significant liability” for them and could lead to government and civil liabilities and possible exclusion from certain government contracting which would have a “material adverse effect” on their financial condition.
Would this have come to light at all without a Monitor present, if they were left to self-reporting?  We may never know.

In addition to the utter lack of independence, an organization’s capability/ability should also be carefully and closely weighed by government agencies that contemplate permitting an organization to self-report on their compliance with a settlement agreement.  Among the chief responsibilities of a Monitor is to verify not only that the company complies with their settlement agreement obligations, but that they do so timely and effectively.  As it relates to effective compliance, many companies may not have the requisite resources and compliance experience to adequately make such a determination, while Monitors do, frequently having more experience in making such assessments than a company’s management, in-house counsel and/or compliance personnel.

One example of evaluating effective compliance from my own Monitorship experience involved an organization’s obligations in their settlement agreement regarding specific accounting and internal control requirements.  The complexity of these requirements exceeded the ability of the accounting and compliance professionals within the organization.  They intended to comply with their settlement agreement requirements in these areas and genuinely thought they had done so, but in reality they had not.  As the Monitor, I brought their failure to their immediate attention and provided guidance about how they might remedy their errors, which they were able to do, improving their own systems and procedures while effectively fulfilling their settlement agreement requirements at the same time.  Had this been left to self-reporting, neither the company nor the government would have known that the actions taken by the company were not effective.

Similarly, but much more frequently, I have experienced this same issue in evaluating the effectiveness of compliance training(s) required by settlement agreements.  Because such trainings are a key means of communicating a company’s compliance policies and the primary means of assuring that their employees understand and can apply them in their roles, they have been and continue to be a recurring requirement in settlement agreements.  There have been instances in my own Monitorships where, with the best intentions in mind, such compliance training has been conducted, in accordance with the requirements of a settlement agreement, that were wholly ineffective.  My testing found that those who received the training did not adequately understand the compliance policies or how they were applicable in their roles.  This lack of effectiveness was immediately raised with the organizations, allowing them to refine and improve their compliance training, as well as learn techniques to assess the effectiveness of that training within their own on-going compliance program monitoring, while effectively meeting their compliance training obligations as per their settlement agreements.  Once again, without the presence of a Monitor to recognize such a deficiency, neither the organizations involved nor the government agencies to whom they would have self-reported would have ever known.

Perhaps most concerning of all as it relates to self-reporting are those instances where companies view their compliance with a settlement agreement as a “check the box” exercise, with no regard to the spirit and goals of the settlement agreement.  In such instances, the government (and possibly the company itself) would not know whether or not a company is effectively complying with their settlement agreement obligations.  To the contrary, they would think everything was proceeding along smoothly.  At least until the next crisis arises.

Yes, Monitors come with a price.  While there are many misperceptions about how high that price may be (perhaps another good topic to explore), such a price is outweighed by the many benefits for the organization, the government agency, the industry and the public-at-large, among others.  Not only do I think that costs are not a factor in the recent decline in the use of Monitors in FCPA-based settlement agreements, I think they should never be a significant consideration at all in any matters where a Monitor is considered.  If the costs of a Monitor are a concern to a company, perhaps the attorneys who help companies negotiate the settlement agreements with the government should push harder to have the government offset any associated fines with the costs of the Monitorship, as was recently done in the Sirchie Acquisition Company (FCPA) and XE Services (Export Controls) settlement agreements.

The price of non-compliance, intentional or not, is too high to pay.