Corporate Fraud

User Generated

Pnyvtvey

Business Finance

Description

Absolutely no plagiarism, must be original and very thorough. Please make sure everything is followed in the question and the grading rubric. Assigned readings are attached but also must include one other academic relevant resource, total of at least 2 references. Must include in-text citations. Please include the free link to the relevant academic source.

Question: Based on the readings for this week, why do you think that some companies have failed to effectively implement policies to prevent corporate fraud?

Readings:

http://go.galegroup.com/ps/i.do?p=GVRL&u=lirn13050&id=GALE|CX3437701156&v=2.1&it=r&sid=GVRL&asid=1baeec2c#content

Other reading will be uploaded as PDFs.

Please see grading rubric below. This assignment should be at least 4-5 paragraphs long and very thorough. Make sure you integrate real-life applications to support key points.

Criteria

Ratings

This criterion is linked to a Learning Outcome Quality of Initial Response

Initial response displays an excellent understanding of the course readings and underlying concepts and includes the correct use of relevant terminology. Initial response integrates specific real-life application (current events, work or personal experience, prior coursework, etc.) to support key points. Initial response is clear, concise, and compelling.

This criterion is linked to a Learning Outcome Research

Initial response contains at least one reference to a valid (recent, relevant, high-quality) external source of information pertaining to the discussion topic. Research is cited, in-text, to support key points. Integration of research in initial response exceeds expectations. (This should be along with the provided textbook, so a total of 2 references).

This criterion is linked to a Learning Outcome Mechanics

Entirely free of mechanical errors. These include: grammar, punctuation, spelling, and formatting (font style and size).

Unformatted Attachment Preview

Conducting corporate internal investigations Michael Missal, Ed Fishman*, Brian Ochs and Rebecca Kline Dubill Received (in revised form): 17th July, 2007 *Kirkpatrick & Lockhart Preston Gates Ellis LLP, 1601 K Street NW, Washington, DC 20006, USA; Tel: +1202 778 9000; Fax: +1202 778 9100; E-mail: ed.fishman@klgates.com Michael Missal is the global leader of the firm’s Policy and Regulatory Practice. He regularly represents public companies, financial institutions, officers and directors, and other entities in connection with internal investigations, securities litigation and enforcement, and related regulatory and litigation matters. He served as Lead Counsel to the Examiner in the WorldCom bankruptcy proceeding and as Lead Counsel to the Independent Review Panel for the CBS News investigation of the 60 Minutes segment on President Bush’s Texas Air National Guard Service. Prior to joining the firm, he served as Senior Counsel in the Division of Enforcement of the US Securities and Exchange Commission (SEC). Ed Fishman represents private and public sector clients in various regulated industries with respect to government and internal corporate investigations, corporate transactions and related regulatory matters. He frequently represents US and multinational clients in the financial, project development and technology industries with respect to anticorruption, accounting and related internal control and corporate governance matters. Brian Ochs concentrates his practice in securities enforcement matters, broker–dealer regulation and internal investigations. He frequently advises banks, broker–dealers and other financial institutions and their officers and directors in connection with SEC investigations, litigation and other enforcement matters. Prior to joining the firm, he spent ten years on the staff of the Enforcement Division of the SEC, where he served as Assistant Director from 1998 to 2003. © 2007 Palgrave Macmillan Ltd. 1741-3591 $30.00 Rebecca Kline Dubill specialises her practice on internal investigations, securities enforcement and related arbitration and litigation matters. She has extensive experience in conducting and coordinating complex internal investigations in a number of substantive areas. She also represents broker–dealers, investment companies, investment advisers, corporate officers and directors, and other individuals before the SEC, the US Department of Justice (DOJ), the New York Stock Exchange and the NASD. ABSTRACT KEYWORDS: US corporate internal investigations, best practices, Sarbanes–Oxley Internal investigations of possible illegal or improper conduct by corporations have become an increasingly important exercise of good corporate governance in the United States. In the wake of the major corporate scandals involving Enron and WorldCom, the US Congress enacted tougher corporate accountability standards through the Sarbanes–Oxley Act of 2002 (‘Sarbanes–Oxley’).1 The financial statement certification and increased Board of Director responsibilities set forth in Sarbanes–Oxley have contributed to the rising importance of corporate internal investigations. In addition, US regulators at the federal, state and local levels have fostered an emerging culture of corporate compliance by giving credit to companies that take voluntary steps to investigate, disclose and halt any illegal or improper conduct. This paper describes various best practices that have emerged in the US for conducting corporate internal investigations, particularly Vol. 4, 4, 297–308 International Journal of Disclosure and Governance www.palgrave-journals.com/jdg 297 Conducting corporate internal investigations those involving high-profile matters that are of paramount importance to the financial status, risk exposure or reputation of the company sponsoring the investigation.2 International Journal of Disclosure and Governance (2007) 4, 297–308. doi:10.1057/palgrave.jdg.2050065 WHEN SHOULD AN INTERNAL INVESTIGATION BE CONDUCTED? An internal investigation may be initiated for a variety of reasons, but is typically conducted when there have been allegations or credible suspicions of wrongdoing, misconduct, or ethical lapses by a company or its employees.3 These allegations can come to the attention of the company through whistleblowers, the results of internal or external audit reviews, or as a result of financial problems. An internal investigation also may be warranted when there have been allegations of wrongdoing by a competitor company or within an entire industry. These allegations against third parties often are brought to the company’s attention through media reports, private litigation or the actions of government regulators. The decision to conduct an internal investigation should be carefully considered, as there are significant potential risks as well as benefits, and the decision to initiate an investigation is very difficult to reverse. An internal investigation may be costly and disruptive to a company’s ongoing operations, depending on how the investigation is carried out and the scope of the conduct at issue. An internal investigation may expose the company and its officers, directors and employees to criminal or civil liability by setting forth a ‘roadmap’ for government regulators or private plaintiffs that reveals the identity of potential wrongdoers, describes significant evidentiary material and provides an outline of potential causes of action. An internal investigation also may uncover misconduct beyond the scope of the initial allegations. These potential drawbacks of an internal investigation, however, will often be more than offset by its potential benefits. A key benefit is 298 the role that an internal investigation can play in limiting potential exposure to criminal or civil liability as a result of corporate wrongdoing. A prompt and thorough internal investigation might forestall or limit the scope of a separate government investigation by allowing the regulator to assess the relevant evidence gathered and legal conclusions drawn by the internal investigators while conserving its own limited resources. Also, the disclosure of the results of an internal investigation to regulators may focus any external investigation on particular individuals responsible for the misconduct and may avoid or defer criminal prosecution against the company itself for the acts of its agents. Many US regulatory agencies such as the Department of Justice (‘DOJ’) and the Securities and Exchange Commission (‘SEC’) have formal policies that take cooperation into account when deciding whether and the extent to which civil or criminal penalties should be imposed against a corporate entity in a particular circumstance. A company may be eligible for significant cooperation credit if it undertakes a credible internal investigation, makes a prompt and voluntary disclosure of the results of that investigation to the relevant regulators and takes steps to discipline individual wrongdoers and improve corporate oversight controls. In contrast, the failure of a company to investigate despite ‘red flags’ suggesting improper conduct could subject that company to greater potential penalties if regulators conclude, based on the results of their own investigations, that misconduct occurred and was not disclosed or remedied in a timely manner. Another important function of an internal investigation is to provide the company with the facts it needs to make informed decisions about the consequences of potential misconduct. For example, an internal investigation can help identify corporate personnel who should be terminated for violating the law or otherwise disciplined for violating the company’s policies and procedures. In addition, an internal investigation often will identify internal controls, International Journal of Disclosure and Governance Vol. 4, 4, 297–308 © 2007 Palgrave Macmillan Ltd. 1741-3591 $30.00 Missal, Fishman, Ochs and Dubill financial reporting practices and other internal procedures that should be strengthened and improved. An internal investigation also can provide the information necessary to determine whether settlement of government charges or private litigation is advisable. An internal investigation also may be compelled by mandatory reporting requirements. For example, Sarbanes–Oxley requires CEOs and CFOs of public companies to certify that the company’s public filings fairly represent, in all material aspects, the company’s financial position and results of operations. A CEO or CFO may be unwilling or unable to make such a certification, or a company’s independent auditors may be unwilling to proceed with their review of the company’s financial statements, until the completion of an internal investigation into possible accounting or financial disclosure irregularities. Moreover, selfregulatory organisations (‘SROs’) such as the National Association of Securities Dealers (NASD)4 or the New York Stock Exchange often require that members report breaches of applicable law or SRO rules. A company may need to conduct an internal investigation and gain a more complete understanding of the facts in order to make an effective disclosure. WHO CONDUCTS THE INTERNAL INVESTIGATION? An internal corporate investigation is most frequently conducted by a company’s in-house counsel, by its internal audit department, or by regular or independent outside counsel. A company’s in-house counsel or internal audit department will be more familiar with the company’s business, the company’s document retention policies and the company’s employees. Moreover, management and the relevant employees may feel more comfortable with having insiders investigate potential wrongdoing and the overall costs of the investigation most likely will be lower. Therefore, many routine corporate enquiries into employment law matters, the sufficiency of certain internal © 2007 Palgrave Macmillan Ltd. 1741-3591 $30.00 controls and other matters are conducted by in-house counsel or internal audit. There are, however, compelling reasons to retain outside counsel in certain circumstances, perhaps especially in high-profile investigations where objectivity is a prominent concern. The type of alleged improper conduct that may compel an independent internal investigation often will be dependent on a variety of factors including the structure of the company, the regulatory framework applicable to its business, the company’s history of prior offences, the severity and scope of the allegations of misconduct, and the attitude of management and the Board of Directors. In general, however, an internal investigation by an outside firm may be appropriate when the misconduct involves corporate officers or directors, potentially violates applicable laws, relates to accounting or other financial irregularities, or might lead to regulatory investigations and enforcement action. At a minimum, the retention of an outside law firm rather than an in-house investigator makes an investigation more likely to be perceived as objective and independent, particularly if the outside law firm does not normally do extensive work for the company. In highprofile matters, an outside law firm experienced with such internal investigations probably has the necessary resources to complete an investigation quickly and may be in a better position to ensure the integrity and effectiveness of the investigation (as perceived by regulators or other third parties). Outside counsel also may have more expertise in the techniques of conducting internal investigations and in the relevant substantive areas of law. An outside firm should retain specialised experts as needed, such as accountants or forensic investigators. WHO CONTROLS THE INTERNAL INVESTIGATION? At the outset of an internal investigation, the identity of the client on whose behalf the Vol. 4, 4, 297–308 International Journal of Disclosure and Governance 299 Conducting corporate internal investigations investigation is being conducted and the scope of the investigation should be made clear. Depending on the circumstances, internal investigations may be controlled by a company’s management, Board of Directors, a standing committee of the Board (such as the Audit Committee) or a specially created committee of the Board dedicated to overseeing the investigation. Counsel may have to work through different lines of supervision and authority for the investigation, depending on who is implicated in the potential misconduct and who is viewed as the client. If there are any suggestions that particular members of senior management or the Board of Directors were engaged in wrongdoing, those parties should not have any influence in or control over the investigation. In situations where outside counsel is engaged to conduct an independent internal investigation, it is often helpful when the company appoints an employee as a ‘facilitator’ to help outside counsel identify likely sources for relevant documents, arrange interviews and facilitate counsel’s access to witnesses and documentation. This facilitator should be someone who has not been implicated in the wrongdoing. Investigating counsel and the client also should agree upfront on the initial scope of the investigation, which can then be re-evaluated as necessary. The scope should be broad enough to include lines of potentially relevant enquiry that may not be obviously related to the suspected misconduct. Time and resource limitations may, however, require a more narrow scope. If the company is under pressure to issue financial statements by a specific deadline, or if the company is on the verge of bankruptcy and has resource constraints or limited access to former employees, a full internal investigation of all potential misconduct may not be possible.5 After an initial determination about the scope of the investigation is made, an engagement letter should be prepared by the outside investigative team that specifies the identity of the client and delineates the likely scope of the investigation. 300 HOW SHOULD AN INTERNAL INVESTIGATION BE ORGANISED AND INITIATED? Careful attention should be given to putting together the appropriate team of lawyers and any necessary experts. Since the primary objective of an internal investigation is to ascertain facts, not advocate a position, the investigators should be capable of being objective and balanced. Former prosecutors who are experienced in gathering facts and conducting interviews often are useful members of the investigating team. Productive lines of enquiry likely will emerge if time is taken at the start of an independent investigation to learn the structure and operation of the relevant business, with the help of accounting or other experts if necessary. A leader of the investigative team should be designated to coordinate and supervise the activities of the investigators, interface with and provide status updates to the client and any interested regulators, and serve as the primary editor of any written or oral report on the results of the investigation. A work plan should be prepared and revised as necessary so that the investigative team clearly understands its objectives and responsibilities, including keeping disruption of the ongoing business to a minimum. Team members should frequently communicate with each other so that everyone is aware of developing issues and facts as documents are reviewed and interviews conducted. They also should be sensitive to maintaining the confidentiality of the investigation, as premature leaks of information within the company or to the media will make it harder to get candid responses from interviewees and may threaten the integrity of the process. Finally, investigating counsel and the client should give some thought at the outset as to whether a final report on the results of the investigation will be in oral or written form, so that the appropriate information is documented in appropriate detail during the course of the investigation. International Journal of Disclosure and Governance Vol. 4, 4, 297–308 © 2007 Palgrave Macmillan Ltd. 1741-3591 $30.00 Missal, Fishman, Ochs and Dubill HOW SHOULD THE INTERNAL INVESTIGATION BE CONDUCTED? Documents The documentary record can be one of the most important sources of information in an internal investigation. Documents are crucial to piecing together a coherent narrative, especially where witness recollections may not be fresh or may be biased. A system for collecting, organising and reviewing both hard copy and electronic documents should be established from the beginning of the investigation. In independent investigations, this process can be facilitated with the assistance of an in-house lawyer or paralegal familiar with the company’s document management systems. The use of customised document management technology (scanning and cataloguing tools), which enhances the ability of the investigative team to search, organise and retrieve needed items from the vast amount of data that is likely to be collected, also can be extremely helpful. At the outset of an investigation, a notice of investigation should be distributed to any employees who may have relevant information. The notice should provide sufficient details to communicate the scope of the investigation, but not indicate the direction of the investigation or otherwise jeopardise the integrity or confidentiality of the enquiry. Employees should be told that the investigation is confidential and that they should not discuss the investigation or the underlying issues with anyone except counsel that they may elect to hire to defend their personal interests. The notice of internal investigation should be accompanied by a document preservation notice that instructs employees not to alter, discard, destroy or conceal potentially relevant evidence. The usefulness of an internal investigation may be seriously impaired by the failure to identify and secure relevant documents, so any document preservation notice should err on the side of being over-inclusive. To preserve and secure relevant electronic documents and communications, a company’s © 2007 Palgrave Macmillan Ltd. 1741-3591 $30.00 routine data destruction and deletion policies should be stopped. Documents should be retained on the network and restored if deleted. Hard drives and laptops of relevant employees — along with personal computers and personal digital assistants (‘PDAs’) if necessary — should be collected and imaged promptly. In certain situations, it may be prudent to secure the offices and hard copy files of relevant employees. Particular care should be taken to preserve e-mails, as they reflect the contemporary and unfiltered state of mind of the sender and can therefore be an invaluable source of evidence. Relevant employees should be given a comprehensive list of requested documents, including drafts, notes and off-site documents (including any documents that may have been taken home). Counsel also may consider obtaining a signed certification from employees that they have provided all responsive documents and data. Once collected, documents should be reviewed for relevance and privilege. Privileged documents should be segregated immediately and accessible only to counsel and its agents to prevent inadvertent waiver of the attorney– client or work product privilege. Preferably, a preliminary list of potential interviewees can be drawn up during the initial document review phase so that a separate set of relevant documents can be assembled in preparation for each interview. Documents also may be sorted into sets by subject matter. ‘Hot documents’ of particular importance to the investigation should be circulated to relevant personnel on the investigation team and copies kept in a separate set. The document review team generally will be responsible for assembling and maintaining a detailed chronology of the events under investigation, cross-referenced with relevant documents and other source material (such as interview notes) and continuously updated to facilitate the preparation of the final oral or written report. Interviews Interviews are typically the greatest source of information in an internal investigation, so they Vol. 4, 4, 297–308 International Journal of Disclosure and Governance 301 Conducting corporate internal investigations should be carefully planned for and conducted as promptly as possible. Interviews can provide useful context, flesh out the meaning of documents, direct investigators to important issues or additional sources of evidence, and generally help investigators evaluate facts and assess credibility. Generally, an interview should be conducted as quickly as possible to get an unvarnished recollection and ‘lock in’ a witness’s story — perhaps even before a significant number of documents have been reviewed. If counsel will, however, have only one opportunity to interview someone (eg, a senior officer), it might be best to conduct such an interview at a more advanced stage of the investigation after more information has been gathered. In many cases, it will be necessary to interview people more than once: first, to gain a general understanding of the events at issue, then again later to gain more specific and targeted information and to show the witnesses relevant documents that may contradict their recollections. It is often beneficial to interview lowerlevel employees first before speaking with more senior officials to gain a better understanding of events and relevant personnel. Interviews should be conducted by at least two lawyers whenever possible, allowing one lawyer to concentrate on the questions and any relevant documents while the other lawyer takes down written notes. Typically, it is better not to record interviews so that any privileges can be protected and so that the witness is less intimidated. Having at least two investigating lawyers present can facilitate recollection of what a witness said on a particular subject. Also, an employee should be given the option to have a lawyer present at an interview.6 This accommodation should not significantly delay an interview, and the lawyer present should be encouraged not to interfere with the questioning. Allowing the interviewee’s lawyer to ask questions at the end of the interview might facilitate these goals and also might help the investigation’s fact-finding mission by adding important information to the record. 302 At the beginning of every interview, counsel should provide what is commonly known as the ‘Upjohn warning’.7 At a minimum, these warnings state that counsel has been retained to conduct an investigation, that the information obtained during the interview is privileged, that counsel does not represent the witness and that the decision whether or not to waive the attorney–client privilege rests solely with the entity that retained counsel to investigate. If the interviewee is a current employee, additional warnings may be appropriate, such as notice that there is a related government investigation, that the company is cooperating fully with that investigation, that the company may turn over a written summary of the interview to the government or that the company intends to waive the attorney–client privilege applicable to the matters discussed during the interview. Failure to make such disclosures could cause the witness to challenge the propriety of the interview and perhaps the sufficiency of the investigation itself. Generally, in-person interviews (and to a lesser extent phone interviews) are preferable to written questionnaires, as they enable fuller communication and provide a better means of preserving any claim of attorney–client privilege. Also, counsel may find it useful to begin an in-person interview by asking relatively open-ended questions without direct use of documents in order to ascertain what the witness is able to remember independently. After obtaining the witness’s independent collection, counsel could then show the interviewee relevant documents to refresh memory and assess credibility during the rest of the interview. PRESERVING ATTORNEY–CLIENT PRIVILEGE AND WORK PRODUCT PROTECTION Preserving the attorney–client privilege and work product protection is crucial for maintaining maximum control over the results of an investigation. Failure to maintain these International Journal of Disclosure and Governance Vol. 4, 4, 297–308 © 2007 Palgrave Macmillan Ltd. 1741-3591 $30.00 Missal, Fishman, Ochs and Dubill privileges could leave some of the company’s most sensitive information in the hands of regulators, private plaintiffs, or competitors. Ultimately, a company may choose to waive applicable privileges and disclose the results of an investigation to regulators or the public. The company and its counsel should, however, ensure that disclosure remains an option and not a forced circumstance. Communications between a corporate employee and investigating counsel are only protected by the attorney–client privilege in the following circumstances: (1) where the communication is made for the purpose of securing legal advice; (2) where the employee is communicating at the direction of his corporate superior; (3) where the superior is making the request so that the corporation can secure legal advice; (4) where the subject matter of the communication is within the scope of the employee’s corporate duties and (5) where the communication is not disseminated beyond those persons who, because of the corporate structure, need to know its contents. Therefore, to preserve the attorney–client privilege, it should be stated early and often (such as in the engagement letter and in written summaries of interviews) that the investigation is being conducted at the client’s request and is undertaken for the purpose of providing legal advice. Also, management should directly instruct employees to cooperate with the investigation and any written summaries of interviews prepared by counsel should specify that the information was provided at the request of the company and in furtherance of the investigation. The work product protection extends to materials prepared by or on behalf of counsel in anticipation of litigation. There are two different types of work product that can be developed during an internal investigation: (1) factual work product, which includes any evidence gathered by the investigative team and (2) opinion work product, which includes the mental impressions of counsel. Factual work product may be discoverable by third parties © 2007 Palgrave Macmillan Ltd. 1741-3591 $30.00 upon a showing of ‘substantial need’ for the information. Opinion work product enjoys virtually absolute protection from compelled disclosure. The investigative team can maximise work product protection by integrating legal analysis (such as mental impressions or legal theories rather than simply facts) into their written summaries of interviews. All attorney–client privileged and work product documents created or collected by the investigative team should be clearly labelled ‘confidential’ and should note which specific protection applies. One of the biggest hurdles in maintaining work product protection is the ‘anticipation of litigation’ requirement. Although the test for whether a communication was created in anticipation of litigation varies by jurisdiction, in general, there must be an identifiable prospect of litigation or regulatory investigation. The work product generated during an internal investigation is more likely to be ‘in anticipation of litigation’ if the investigation was taken in response to the existence or threat of regulatory action or private litigation. As a general rule, disclosure to third parties acts as a waiver of privileged communications. Waiver may, however, be avoided if the information is shared under a ‘joint defence’ arrangement with third parties as part of an ‘ongoing joint effort to set up a common defense strategy’.8 As a general rule, courts have found such joint defence arrangements sufficient to maintain the privilege where the parties have some common interests, so long as those interests are not so divergent that the parties are effectively adversaries. Disclosure of privileged communications (such as the final report of an internal investigation or the underlying materials used to prepare the report) to the government may be made subject to a confidentiality or nonwaiver agreement that specifies disclosure is made without waiving any applicable privileges with respect to third parties. Some courts have held that the production of information to the government pursuant to such an agreement does not effectuate a waiver of Vol. 4, 4, 297–308 International Journal of Disclosure and Governance 303 Conducting corporate internal investigations attorney–client privilege or work product protection. WHAT HAPPENS AT THE END OF THE INVESTIGATION? Choosing a report format At some point during an internal investigation, the client must make the sometimes difficult decision of whether to receive a written and/or oral report of the results of the investigation. This decision may not need to be made until late in the process, once most of the relevant facts are gathered and initial conclusions have been drawn. Nevertheless, the entire investigation should be conducted with an eye towards preparing some type of final report. An advantage of a written report is that it provides the client with all of the key facts and legal conclusions in one document. A written report also provides tangible evidence that the client has sanctioned a thorough and complete examination of the issue being investigated. For this reason, written reports are frequently provided to regulators as part of a voluntary disclosure to demonstrate cooperation, presented during litigation to refute charges of wrongdoing, or offered as the basis of a stipulation for settlement purposes. There are also reasons, however, not to produce a written report. A written report may contain findings or information that is potentially embarrassing or damaging to the company if disclosed or leaked to the public. Maintaining the confidentiality of a written report also can be difficult and may provide a ‘roadmap’ for regulators to use against the company. Furthermore, it may galvanise civil litigants who would otherwise not be aware of the issues under investigation or the client’s exposure to certain legal theories. For these reasons, a client in a high-profile investigation may consider possible alternatives to a written report, such as a limited written report focussed solely on the process of the investigation and an oral summary report to a 304 limited audience of the Board and/or senior management. A limited written report might include only a summary of key findings, an overview of the investigative process or an executive summary without supporting details. An oral report to a limited audience avoids potential misinterpretation or abuse, while providing the client with the necessary results of the investigation. If the existence of an internal investigation is, however, known to the public or to regulators, a company’s decision not to produce a written report may expose it to accusations that it is trying to conceal the results.This perception might be more damaging than public disclosure of the findings through a written report, particularly in a high-profile matter. Essential elements of a report Whether a final report is delivered to the client in written or oral form, it generally should contain the following elements: (1) background and mandate, (2) executive summary, (3) review of the investigative process, (4) findings, (5) conclusions and (6) recommendations. Counsel should begin assembling an outline of the report early in the investigation and keep track of citations to source material for the easy retrieval of information. The background and mandate section sets out counsel’s understanding of all the facts leading up to the decision to undertake an investigation. A crucial part of this section is an explicit identification of the client and a description of counsel’s mandate in undertaking the investigation (the exact scope of the investigation and what limitations, if any, were placed on counsel by the client or external factors such as the unavailability of key witnesses). It generally should be followed by an executive summary section, which describes the basic findings and conclusions for readers with various perspectives. The review section summarises the steps that counsel took to conduct the investigation: the number of lawyers and experts involved, the process used to identify, collect and review International Journal of Disclosure and Governance Vol. 4, 4, 297–308 © 2007 Palgrave Macmillan Ltd. 1741-3591 $30.00 Missal, Fishman, Ochs and Dubill relevant documents, the identity of people interviewed and the overall time taken to complete the investigation. It also should describe documents that were unavailable or witnesses who declined to cooperate or were otherwise unavailable.This section might include a narrative assessment of whether counsel believes it had adequate cooperation from the client and others to conduct a thorough and objective investigation. The findings section should contain a narrative description of the relevant facts, organised according to the nature of the matter being investigated (eg, chronologically, or by issue, transaction, or business group). Because the findings serve as the basis for the later legal conclusions and recommendations set forth in the report, it is crucial for the credibility and effectiveness of the report as a whole that counsel be able to identify the authority for every factual finding in this section. If the evidence from different witnesses or documents on a particular point is contradictory, that fact should be dispassionately noted in the report. If counsel was unable to verify information or had any reason to question the accuracy or authenticity of certain evidence, this also should be noted and explained. The conclusion section should provide an assessment of the potential legal vulnerabilities of the company and its agents based on the facts collected during the investigation. It should therefore lay out the applicable legal standards and analyse the potential consequences under those laws of the facts set forth in the findings section. The particular structure of this section will be dictated by the purpose of the investigation. Counsel may want to include a wellreasoned discussion of potential legal theories that it considered but found lacking support.This can provide the client with a framework for analysing potential culpability should more information come to light. Alternatively, this section could persuade relevant authorities that charges against the company are not warranted. The recommendations section should contain a description of actions that counsel © 2007 Palgrave Macmillan Ltd. 1741-3591 $30.00 believes the company either should or is legally compelled to take, such as personnel actions, structural reforms, improved internal control processes, additional scrutiny of certain areas, or legal actions against individual wrongdoers or third parties. Counsel should be aware that making such recommendations may expose the company to the scrutiny or criticism of regulators or others should it choose not to follow the recommended course of action. A final, written report should typically not be reviewed by anyone in the company before it is finalised, in order to preserve its integrity and independence. In some situations (particularly if the issues involved are highly technical), it may be helpful to allow someone within the company who has the technical background, but who is not implicated by the internal investigation to review and comment on a nearfinished draft of the relevant facts to ensure accuracy. Disclosure of results After the investigation is complete and a report has been made in oral or written form to the client, the company must decide whether to disclose the report or the findings of the investigation to regulators or to the general public. The client should carefully consider whether the company is legally required to make this type of disclosure. Such disclosure may be mandatory in the following situations: (1) settlement agreements may require disclosure; (2) some companies are subject to specific regulations that require disclosure to regulators9; and (3) filings under the Securities Act of 193310 and the Securities Exchange Act of 193411 must include any material information needed to make the company’s statements not misleading. Although only portions or a description of the key findings from a final report may be disclosed, the company should be aware of the danger of selective disclosure. A company that has conducted a high-profile internal investigation may have reasons to consider disclosure to government regulators Vol. 4, 4, 297–308 International Journal of Disclosure and Governance 305 Conducting corporate internal investigations or the public even in the absence of any legal mandate. Voluntary disclosure to the public often allows the company to control the timing, content and manner of the public release of information, enabling it to refute any inaccurate information that may have already been disseminated. Also, a frank self-appraisal may resonate positively with investors and the public, especially where the wrongdoing was of a less serious nature or was restricted to a limited number of individuals. Even where underlying conduct is more egregious or systemic, public release of the investigative report may provide a measure of finality that might be preferable to ongoing piecemeal revelations that constantly raise new doubts. Short of full public disclosure, there may be benefits to making a full and voluntary disclosure to regulatory officials. Such disclosure may forestall regulatory or criminal action by fairly presenting the facts and making arguments that may either dissuade authorities from taking action or persuade them to be more lenient in settlement discussions. Government authorities have increasingly encouraged the voluntary disclosure of misconduct. For example, the DOJ’s McNulty Memorandum12 states that one consideration for prosecutors in assessing whether a corporation’s cooperation with government investigators is sufficient to prevent an indictment is ‘the corporation’s timely and voluntary disclosure of wrongdoing’. The SEC has similar guidelines for making voluntary disclosures. These potential advantages, however, can be overstated. A company should seriously consider the potential risks of disclosure. Both DOJ and the SEC can be exacting in their assessment of what is cooperation and will frequently make additional demands beyond the disclosure of investigative results (such as requests for additional documents, interviews or an expanded enquiry into other subjects). Moreover, it is not clear that meaningful credit is always given for cooperation. By making a voluntary disclosure to the authorities, a company may sacrifice more than it has gained by leaving itself without 306 further leverage against the demands of the government regulators. Also, by choosing to publicly disclose the findings, the company may generate pressure to take disciplinary action against any wrongdoers or to abandon certain practices, thereby losing the flexibility to make such decisions without outside influence. Another significant drawback to voluntary disclosure is that, while exceptions exist in some jurisdictions, as a general rule disclosure to the government of the report of an internal investigation will serve as a waiver of the attorney–client privilege, exposing the report to discovery in parallel civil proceedings.13 The potential loss of the attorney–client privilege is a key consideration in deciding whether to disclose an investigative report or the results of an internal investigation to third parties. Courts have resisted attempts to maintain the confidentiality of investigative reports once they have been disclosed to the government.14 There are, however, some measures that can limit the potential waiver of any applicable privileges. A company may want to request a subpoena before disclosing a report to a regulator, as some courts have held that disclosure made to the government pursuant to a subpoena may not act as a blanket waiver because it was compelled.15 A company also may try to obtain a signed confidentiality agreement from the government before turning over the report, as some courts have held that such agreements protect the work product privilege, if not the attorney– client privilege, and therefore may help avoid disclosure of the underlying documentary record and source material from the investigation.16 In addition, a company should be attentive to how it uses the report of an internal investigation, as some courts have found that ‘offensive’ use, such as basing a defence on an exculpatory report, is incompatible with an assertion that the report is privileged.17 A company may have a better chance of preserving privilege if it bases its defence on the underlying facts developed in the report rather than the report itself. International Journal of Disclosure and Governance Vol. 4, 4, 297–308 © 2007 Palgrave Macmillan Ltd. 1741-3591 $30.00 Missal, Fishman, Ochs and Dubill Disciplining employees If actual or potential employee wrongdoing comes to light during an internal investigation, a company faces the decision of how and whether to discipline the employees involved. The company should consider several competing factors, such as the effect on other employees, the effect on ongoing operations, the effect on the continuing investigation and the effect on the company’s relations with regulators. Degrees of discipline can range from a written reprimand to termination. A company also may consider disciplining an employee for refusing to cooperate with the internal investigation. An internal investigator generally has no ability to subpoena witnesses, and therefore an employee can merely decline to cooperate with the investigators unless the employer can exercise some reasonable form of leverage. Terminating an employee who refuses to cooperate should not be done reflexively, as there can be serious consequences for the company under employment laws. On the other hand, if a company is perceived as encouraging the intransigence of its employees by a failure to discipline, it may negatively affect the company’s public reputation or credit for cooperating with a regulator.Therefore, the company should document its efforts to encourage employee cooperation with the internal investigation. Remedial action If misconduct comes to light during an internal investigation, taking immediate action to halt such misconduct and disciplining wrongdoers signals to regulators, the investment community and the public that the company is taking its obligations seriously, operating in good faith and willing to take difficult actions if necessary to remediate any improper behaviour. The drawback to swift action is that disciplining an employee may make that employee less amenable to further cooperation with the investigation, and, if terminated, the company may lose all access to the employee for purposes of the investigation. Also, disciplinary action © 2007 Palgrave Macmillan Ltd. 1741-3591 $30.00 taken in the midst of an investigation (particularly in high-profile investigations where members of senior management may be terminated or forced to resign) may alert regulators or potential third-party litigants to possible wrongdoing. Finally, acting too hastily may expose the company to liability if facts later emerge that mitigate or excuse the conduct of the person disciplined. Therefore, it is often advisable to wait until the investigation is well under way, and to give the relevant person an opportunity to respond, if possible, before taking action such as termination (unless it is abundantly clear that the individual engaged in wrongdoing or violated important company policies). CONCLUSION The foregoing discussion highlights various best practices that have emerged in conducting US corporate internal investigations. Many of these practices are driven by the legal regimes and doctrines — such as Sarbanes– Oxley, the DOJ/SEC emphasis on voluntary cooperation and the protections of the attorney–client and work product evidentiary privileges — that prompt and shape the development of internal investigations. Although there is no specific statutory law that dictates the required parameters of an internal investigation, the failure to follow best practices (as they continue to evolve and emerge) will threaten the integrity, independence and effectiveness of any internal review conducted by a US corporation. ACKNOWLEDGMENTS We are grateful to Christine Goepp Towberman, a summer associate with the firm, for her valuable contributions to the preparation of this paper. The authors also are indebted to all of the members of the firm’s internal investigations and securities enforcement practice groups for their experience, insight and other contributions to the development of these best practices for conducting corporate investigations. Vol. 4, 4, 297–308 International Journal of Disclosure and Governance 307 Conducting corporate internal investigations NOTES 1 Pub. L. No. 107-204, 116 Stat. 745 (2002). 2 The use of internal investigations in the US is not limited to corporations. Many nonprofit organisations, trade associations and even governmental entities conduct internal investigations. Moreover, the practice of conducting internal investigations is not limited to the US. Although this paper discusses only US corporate internal investigations, many of the principles discussed herein have wider applicability. 3 A corporation generally is liable for the acts of its corporate officers, employees or other agents acting within the scope of their employment and intending in part to benefit the corporation. 4 Upon completion of NASD’s pending merger with NYSE Regulation, the new SRO will be called the Securities Industry Regulatory Authority (‘SIRA’). 5 In such cases, it is critically important for the investigative team to identify those issues not examined, which may warrant further enquiry by regulators or others with subpoena power. 6 It is not unusual for a company to pay for an employee’s lawyer, depending on the past practice of the company, the seniority of the employee, the employee’s rights to a defence paid by the company under the employment agreement and the types of allegations being investigated. 7 The name comes from the US Supreme Court decision in Upjohn Co. v United States, 449 US 383 (1981) (holding that the attorney–client privilege between a company and investigating counsel extends to communications between investigating counsel and the company’s employees). 8 In re Grand Jury Subpoena, A Nameless Lawyer, 274 F.3d 563, 572 (1st Cir. 2001). 9 For example, companies that do business with the US federal government are required to disclose information giving ‘reasonable grounds’ to believe that illegal kickbacks may have been paid in connection with 308 10 11 12 13 14 15 16 17 International Journal of Disclosure and Governance Vol. 4, 4, 297–308 government contracts. Similarly, regulators of federally insured banks require disclosure when a bank believes it has been defrauded. Securities Act of 1933, 15 USC § 77(a). Securities Exchange Act of 1934, 15 USC § 17a. The McNulty Memorandum (issued by the then Deputy Attorney General Paul McNulty in 2006) and its predecessor the Thompson Memorandum (issued by the then Deputy Attorney General Larry Thompson in 2001) are internal DOJ memoranda that set forth the agency’s policy on the enforcement of the criminal laws against corporations and other business organisations. A recent federal district court decision, however, held that the disclosure of a final investigative report did not waive the opinion work product privilege applicable to drafts of the report, attorney interview notes, and legal memoranda produced in connection with the preparation of the final report. See In re Vioxx Products Liability Litigation, 2007 WL 854251 (E.D. La. 2007). Courts have consistently rejected the argument that an independent report should remain protected from discovery on the basis of a finding that there was only a ‘selective’ or ‘limited’ waiver of the attorney–client privilege when disclosed to the government. See, for example, In re Qwest Communications International, Inc., 450 F.3d 1179, 1201 (10th Cir. 2006); but see Diversified Industries v Meredith, 572 F.2d 596 (8th Cir. 1977) (holding that plaintiff company’s disclosure of investigatory materials to the SEC pursuant to a subpoena did not constitute a blanket waiver of the attorney–client privilege). See Diversified Industries v Meredith, 572 F.2d 596 (8th Cir. 1977). See, for example, In re Royal Ahold N.V. Securities & ERISA Litigation, 230 F.R.D. 433 (D. Md. 2005). See, for example, Granite Partners, L.P. v Bear, Sterns & Co., 184 F.R.D. 49, 55 (S.D.N.Y. 1999). © 2007 Palgrave Macmillan Ltd. 1741-3591 $30.00 Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. The Audit Committee As Sleuth: Conducting an Internal Investigation By Peter L. Rossiter and Jay Williams The audit committee often takes the lead in commissioning, overseeing and taking action based upon the results of an independent investigation. I n the post–Sarbanes-Oxley world, where corporate criminal and regulatory investigations have become much more common, audit committees are increasingly presented with issues that require them to consider whether they should commence an “internal investigation” in order to get to the bottom of an issue, perhaps using lawyers and other experts independent of management. This article explains some of the forces that are driving this phenomenon, which affects both public and private financial institutions. It also offers some practical advice about how to structure, conduct and complete investigations of this kind. Forces Affecting Public Companies Whistle-Blower Policies Section 301 of the Sarbanes-Oxley Act of 2002 (“SOA”) requires a publicly held company’s audit committee to establish procedures for the receipt, retention and treatment of complaints relating to accounting, internal accounting controls or auditing matters. The procedures must, among other things, allow for the confidential, anonymous submission by employees of concerns about questionable accounting or auditing matters. Companies have taken varying approaches to these requirements, sometimes adopting policies that are part of a larger program that deals with compliance issues broader than just financial and FEBRUARY–MARCH 2006 accounting matters and sometimes adopting narrower policies that respond specifically to these requirements. Whatever the approach, whistleblower programs raise the same issue: what to do with a complaint that comes in. Ignoring a credible complaint is not a practical option. Audit Committee Charters Public companies listed on the New York Stock Exchange (NYSE) or Nasdaq are also required to adopt charters for their audit committees. The listing standards of the NYSE and Nasdaq prescribe the contents of the charter. They require the audit committee to take on a broad set of tasks and responsibilities for financial accounting, auditing and compliance matters and give it access to both internal and external resources to carry out those tasks and responsibilities. Some of these requirements—such as the audit committee’s responsibility for a whistle-blower program and its authority to engage independent counsel—are required by SOA; others reflect NYSE- or Nasdaq-imposed standards for corporate governance. Taken together, they virtually assure audit committee involvement in any serious allegation of wrongdoing, particularly if it could affect the financial statements in a material way. Peter L. Rossiter and Jay Williams are Partners in the law firm Schiff Hardin LLP. Mr. Rossiter is Co-Head of the Public Companies Group and a member of the Financial Institutions Group. Contact him at prossiter@schiffhardin.com. Mr. Williams is a member of Schiff Hardin’s Litigation Group focusing on whitecollar defense and compliance matters and often investigates or litigates matters involving financial institutions. Contact him at jwilliams@schiffhardin.com. BANK ACCOUNTING & FINANCE 3 Conducting an Internal Investigation Private Companies Are Also Affected FDICIA Requirements The Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) and the FDIC regulations and guidelines under it (12 CFR §363) require financial institutions with more than $500 million in assets to have an audit committee with at least a majority of independent directors, whether the institution is publicly or privately held. The official guidance to these regulations lists, as appropriate duties for an audit committee, a host of matters relating to financial statements and internal controls, as well as review of the institution’s compliance with laws and regulations. For large institutions (assets over $3 billion), the audit committee is also required to be able to retain counsel “at its discretion without prior permission of the institution’s board of directors.” Fiduciary Duties The members of the audit committee of both public and privately held financial institutions have fiduciary duties to the institution and its owners. These duties include the duty to exercise care in performing their oversight function. When confronted with specific allegations of wrongdoing, that duty can very quickly become a duty to commission an investigation that will get to the bottom of the allegations. The failure to perform this duty in a timely and appropriate manner may lead to potential liability on the part of audit committee members themselves. Constituencies Can Demand an Investigation Auditors The Private Securities Litigation Reform Act of 1995 added Section 10A to the Securities Exchange Act of 1934. Section 10A imposes a variety of requirements in connection with audits. When an auditor detects or otherwise becomes aware of information indicating 4 BANK ACCOUNTING & FINANCE that an illegal act may have occurred, the auditor has an obligation to take action. First, the auditor must determine whether it is likely that an illegal act has, in fact, occurred. If it has, the auditor must then determine the effect of the act on the financial statements of the company and make sure that the audit committee or the board (in the absence of an audit committee) is informed of the illegal acts, unless they are clearly inconsequential. If the audit committee or the board does not respond appropriately, the auditor may in certain circumstances have an obligation to report the matter directly to the Securities and Exchange Commission (SEC) if the company fails to do so. As a result of these requirements, companies can safely assume that auditors will require an investigation of allegations of any serious wrongdoing that may affect the financial statements. Regulators The banking regulators, will, of course, be very interested in any alleged wrongdoing that affects the wide range of matters within their mandate, from the institution’s financial statements to its credit, risk management and internal control policies and functions. Because of the wide range of materials to which regulators have access, they are quite likely to become aware of any such allegations, whether in a formal review of “whistle-blower” compliance, in other reviews or in periodic conversations with management and compliance personnel. For serious matters, it is quite likely that they will want to see a credible internal investigation of the complaints. For publicly held companies, the SEC acts as the regulator of financial and other disclosures. The SEC does not have the examination authority of the banking regulators except in certain areas, such as with respect to broker-dealer and investment advisor affiliates. But it will quickly become aware of any allegations that call for disclosure in the institution’s financial statements or filings under the Securities Exchange Act of 1934. If any of these reveal or suggest wrongdoing, the institution may be greatly advantaged in discussions with the SEC if it has conducted and can share with the SEC the results of a credible internal investigation. Because the SEC frequently encourages corporations to disclose the results of their own internal investigations, a well-conducted investigation can make a significant difference in resolving SEC investigations favorably and expeditiously. FEBRUARY–MARCH 2006 Conducting an Internal Investigation Prosecutors Sometimes allegations involve potential criminal conduct. The institution’s response to such allegations can be a critical determinant of whether, if the allegations prove true, it will ultimately be prosecuted. Law enforcement officials give substantial weight to whether the institution maintains an effective compliance program in general and whether it responded effectively and appropriately to the specific allegations in deciding whether to bring charges against the institution and what charges to bring. For the U.S. Department of Justice, for example, the 2003 “Thompson Memorandum” lays out these considerations quite clearly. A prompt, thorough internal investigation can be a significant factor in influencing a prosecutor either not to bring criminal charges against the institution at all or to bring charges of a less serious nature than would otherwise have been the case. Civil Litigation If the conduct alleged has harmed the company and affected its stock price, it is quite likely that civil litigation will ensue. Although it may not be possible to protect the company in direct litigation, a demonstration that the institution has an effective compliance program and responded effectively to these allegations of wrongdoing can help insulate directors from personal liability. In addition, in some circumstances involving “derivative” litigation—lawsuits brought by stockholders on behalf of the company—the board has the ability to form a special litigation committee, investigate the allegations and, assuming the results of the investigation justify this conclusion, obtain dismissal of the litigation on the basis that it is not in the best interests of the company to pursue it. The intricacies of these maneuvers are beyond the scope of this article, but in many situations they lead a company to conclude that an independent investigation, monitored by the audit committee or a special litigation committee, is important. Conducting the Investigation Once the audit committee concludes that an investigation is prudent, for one or more of the reasons noted above, it confronts a host of practical issues. Who should conduct the investigation? What role should manageFEBRUARY–MARCH 2006 ment play in it? How can the scope of the investigation be defined? What steps can (or cannot) be taken to secure the cooperation of key employees? How can the results of the investigation be protected from disclosure to hostile third parties, who may seek to sue the company? These are key questions, the answers to which will determine the usefulness of the investigation and maximize the potential for it having a positive—or the least negative—effect on the company. Who Investigates In some circumstances, allegations of wrongdoing can be adequately investigated by “inside” personnel—employees of the institution, such as internal auditors or members of an inside legal department. The nature of the allegations and the potential materiality of the allegations should wrongdoing be found can be key factors in determining whether this is possible. Often, however, the potential problem and the scope of the work required are significant enough that it makes sense to turn to outside experts. In addition, if the allegations potentially implicate senior officers of the institution, conflicts of interest are often present. Moreover, many allegations of wrongdoing include an implicit or explicit charge that management oversight has been lax, which can compound the potential conflicts of interest. For these reasons, the need to conduct a credible internal investigation often requires the use of professionals outside the company. Because most such investigations involve some issues of law and the audit committee normally wishes to maximize its chances for preserving the confidentiality of the results of the investigation through invoking the attorney-client privilege, the outside investigator is often an outside law firm. In order to give the investigation maximum credibility, the institution normally turns to a firm that is not management’s usual outside counsel. Management’s Role Management can support the investigation, although care must be taken to insulate from this function anyone whose conduct is called into question by the allegations (and who may have, or require, their own separate legal representation). Indeed, it will probably be impossible for outside counsel to investigate allegations adequately without the full cooperation of some members of management. At the same time, management must be BANK ACCOUNTING & FINANCE 5 Conducting an Internal Investigation careful not to drive the investigation. That function is best performed by the audit committee. One important concrete step that management should take promptly, however, is to designate a point person to work with the outside counsel conducting the investigation to assure the integrity of all data and other evidence that will be important to the investigation. The destruction or alteration of any such data or evidence can compound what may already be a bad problem. That can happen because employees deliberately set out to undermine the investigation or merely because employees in good faith misunderstand the situation and think they are helping the institution. It is very important to prevent this from happening by taking effective action at the outset of any investigation. The necessary action may include giving a clear warning to all involved personnel as well as physically segregating paper records and making and safeguarding a copy of all relevant emails and other computer records. Scope The scope of the investigation will depend heavily on the nature of the allegations and the circumstances of the institution, so all judgments about scope are inherently situational. Many allegations could provoke a potentially limitless investigation, however, so it is important to define the limits of the investigation at the outset. Those limits may, of course, change in response to information developed in the investigation, but the initial effort at scope definition is well worth it. The typical investigation will include a review of all documentary evidence, including electronic documents. In today’s business world, where e-mail has become an important (if not the primary) means of day-to-day communication, defining the e-mail search is a crucial step in assuring that the investigation will be thorough and credible. Most investigations will also involve at least some interviews of key personnel and often more wide-ranging interviews, perhaps even of outsiders or third parties. There may even be a need for some forensic assistance using one of the many firms that specialize in this type of investigation. Finally, if the issues are principally accounting or auditing issues, there will be a need to engage an outside consultant with accounting expertise. In most situations it will be important to use a firm other than the institution’s 6 BANK ACCOUNTING & FINANCE regular auditors, in order to bolster the credibility of the investigation, avoid compromising the independence of the auditors and avoid raising issues with respect to the magnitude of the auditor’s nonaudit services. In all these scope definition matters, the audit committee will rely on the advice of counsel and other experts. It certainly can take input from management, but the audit committee should remain the driver in defining the scope and method of investigation. It must also monitor the investigation as it proceeds, reaching judgments and tuning the scope and process as it is conducted. If the audit committee simply launches the investigation and then lets it drift forward, it is likely to drift for a very long time and reach no good destination. Moreover, a well-structured and well-defined investigation will help contain costs, which can be substantial. Securing Cooperation To conduct an effective investigation, outside counsel will need the cooperation of some and perhaps many employees of the institution. It is critical to get this cooperation but, at the same time, counsel must be careful to make sure that all employees interviewed understand that the investigation is being conducted by the audit committee, through counsel who works for the company and not for the employees. The warnings that applicable ethical rules require counsel to give can be quite chilling. The risk, of course, is that if the key people will not cooperate, the only practical alternative may be an investigation by law enforcement officials, who have the force of law behind them to compel cooperation. Privilege Many investigations involve a risk that the information developed will, if accessible to private plaintiffs and their attorneys, lead to either derivative or direct litigation against the company or its officers and directors. Many investigations seek to maximize the extent to which the results can be shielded by the attorney-client privilege or work-product doctrine. To do that, the audit committee retains outside counsel as the investigator, who in turn retains the various other experts and consultants needed (rather than having them retained directly by the committee) (Exhibit 1). All documents generated by, or at the request FEBRUARY–MARCH 2006 Conducting an Internal Investigation of, counsel are marked as subject to the privilege and safeguarded. The results of the investigation are structured to separate, to the extent possible, the facts discovered from the legal conclusions of counsel. In certain instances, depending upon the circumstances, counsel may deliberately decide not to reduce the findings—either interim or final—to writing. There are practical constraints on the audit committee’s ability to shield the results of the investigation through use of the attorney-client privilege or work-product doctrine, including the demands of the various constituencies that have a stake, either immediately or down the road, in the investigation. The audit committee may hear and receive a complete report of the results of the investigation without jeopardizing any applicable privilege. In order to satisfy their Section 10A responsibilities, however, the auditors may require full access to the report. At that point, a company is between a rock and a hard place—it either hands over the report, which may well involve waiving the attorney-client (or workproduct) privilege or risks either a scope limitation on the audit or even the resignation of its auditors. Disclosure of the report to bank regulators can also waive the privilege. In some situations, the regulators will be sensitive to this concern and will work with the company to find alternative ways in which to satisfy their regulatory mandate without creating incremental risk for the company. “Nonwaiver” agreements are sometimes used as a way to try to provide disclosure without waiving the privilege, though they are not always upheld by courts when tested. If the results of the investigation become the focus of law enforcement officials, including the enforcement division of the SEC, the dynamic is quite different. They may simply require access to the report regardless of the consequences for the attorney-client privilege. If they do not get access, they may either conduct their own investigation or simply bring charges. They may also seek a broad waiver of the attorney-client privilege as a condition of giving the institution credit for cooperating—credit that can be important both in charging decisions and, should there be a criminal prosecution and conviction, in sentencing. These decisions can often be difficult, since an institution might be required (or at least requested) to turn over the report of its privileged investigation before knowing with any degree of precision or certainty what good, if any, doing so will have on the eventual outcome. FEBRUARY–MARCH 2006 Reporting the Results Format The nature of the report of the results of an internal investigation will necessarily vary with the nature of the matter being investigated and with the conclusions and decisions reached at earlier stages of the investigation with respect to the matters discussed above. Proper planning at the initial states is critical, recognizing, of course, that adjustments may need to be made along the way. The report can range from something very comprehensive to something very simple. For example, in some circumstances it may be appropriate to generate a formally bound report, reviewing the issues, the investigative work done and the legal and factual conclusions reached, together with recommendations reached by outside counsel. In other circumstances, the report may be as simple as an oral report to the audit committee, covering all aspects of the investigation, and conversations with other constituencies—auditors, regulators, law enforcement officials—to describe the factual conclusions reached. The full-blown formal report will most likely be used where there is no desire or practical possibility of keeping the investigation or its results confidential under the attorney-client privilege; the stripped-down oral version will maximize the chances of preserving privilege. As Exhibit 1 Protecting the Privilege Financial Institution Audit Committee Data analysis experts E-discovery experts Outside Counsel Private investigators Banking/ regulatory experts Forensic experts Accounting experts BANK ACCOUNTING & FINANCE 7 Conducting an Internal Investigation discussed above, however, the demands of the various constituencies interested in the investigation may well push the format in one direction or another. The important point is to plan from the outset with a full understanding of the potential uses of the report and to keep those potential uses in mind throughout the process of investigation. Follow-up The investigation is, of course, not an end in itself. The audit committee’s first responsibility, after receiving the results in whatever format, will be to assure itself that the work done was thorough and the conclusions are credible. It is very important for the audit committee to assure that the matter was fully investigated and the report is truly complete— nothing is worse than an investigation that proceeds by the “drip method,” where conclusions come in one at a time over a prolonged period in response to sequential questions from the audit committee or—worse—from the other constituencies such as auditors, regulators or law enforcement officials. Once the audit committee is satisfied in this respect, it must then determine what to do in response to the investigation. In this deliberation, as opposed to during the investigation itself, it may well be possible for the audit committee to work in collaboration with management. If there are no findings of management wrongdoing, or if the wrongdoers can be clearly identified and isolated, the audit committee will be able to consult with management about follow-up steps. These range from deciding with whom the results of the investigation will be shared (and how they will be shared) to deciding what changes in the institution’s structure or processes should be made in light of the results of the investigation. This last point, which is, in effect, an extension of the investigation, is especially important. If the investigation revealed clear problems, it is essential that the institution address those problems and make the necessary changes as promptly as possible. In some cases, even where the authorities have not yet become involved, the investigation may present the institution with the often difficult question of whether there is a requirement (or practical benefits) to “self-report” violations of law or other misconduct revealed by the internal investigation. 8 BANK ACCOUNTING & FINANCE If the investigation began with, or at any step involved, a whistle-blower, there are two additional, important concluding steps in any internal investigation. First, it will be important to report to the whistle-blower the results of the investigation and any action taken. There will be circumstances in which giving the full report, or a full description of the action taken, will not be possible, especially in situations that involve confidential personnel matters or where there is a practical prospect of retaining the attorney-client privilege. Nonetheless, letting the employee know that action has been taken will minimize misinterpretation, help prevent rumors and support organizational morale. Such a report may also be required by the organization’s whistle-blower policy. A second, equally important concluding step in investigations involving a whistle-blower is to determine what, if any, steps need to be taken to protect the whistle-blower. SOA contains provisions protecting whistle-blowers against reprisals, and there are many state statutes covering specific areas that contain similar protections. This can be a tricky undertaking. Even when the allegations of wrongdoing led to an investigation concluding that there was in fact wrongdoing, and the wrongdoers have been clearly identified and separated from the institution, there can be lingering resentment toward the individual who “caused” the turmoil that ensued. Many situations will not be even this clear-cut—the whistle-blower’s hands may not be entirely clean, or there may be no finding of wrongdoing, although the whistle-blower in fact came forward with a goodfaith, justified suspicion. Real care must be taken at this final stage of the investigation in order not to compound the institution’s difficulties. Business in a Fishbowl Public companies and regulated financial institutions today must conduct their business in a fishbowl. When allegations of wrongdoing surface, it is often the audit committee that will need to take the lead—by commissioning, overseeing and taking action based upon the results of a thorough, independent investigation. Done right, these investigations can help the audit committee minimize the harm such allegations can cause, making sure that the truth comes out in a credible way and the institution deals with it in the right way. FEBRUARY–MARCH 2006 legal briefs Whistling to the Audit Committee: How an Internal Investigation Begins By ChristopherJ. Zinski magine the following scenario. A company's whistleblower hotline records a soft, muffled voice, but the message is loud and clear: Three large lending transactions initiated last year were fraudulent, and a bank insider was involved. AU three borrowers are fictitious companies with falsified financial statements. More than $7 million is at risk. The names of the borrowers are too difficult to understand from the phone log, however, the voice has provided several crucial clues. All three loans were made through one of the banks San Diego offices, the time period involved is February through April, and a senior loan officer is involved in the scam. The callers final point is even more chilling—other offices and more loans could possibly be involved. A transcript of the hotline message is handed to the chair of the audit committee. What should the audit committee do? I Options and Obligations Section 301 of the Sarbanes-Oxley Act mandates that audit committees of public companies establish procedures for the receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters. That process, in this example, has surfaced the complaint concerning an alleged 42 Community Banker Augusr 2005 accounting irregularity to the right forum within the organization—the audit committee. The challenge now facing the audit committee is to determine how the anonymous complaint should be treated, and here the law does not provide a script. The audit committee could set up a team composed of senior officers and other employees to investigate the complaint. For instance, it could appoint the head of internal audit to lead an inquiry team, which would include the company's chief legal officer. But in this case, given the materiality of the allegations and the claim that bank insiders are involved, the audit committee can't be sure that the officers and employees leading the investigation are independent. Indeed the audit committee needs to understand why the internal audit staff missed the problem—if the allegations turn out to be true. Moreover, a staff attorney under the super\'ision of the chief legal officer may have documented the suspect lending transactions. While some types of complaints reported under the company's whistleblower policy may lend themselves to internal reviews, this fact pattern suggests that the audit committee should outsource the investigation to independent professionals. Section 301 of Sarbanes-Oxley grants audit committees the authority to engage independent counsel or other advisors, as it determines necessary to carry out its duties. Auditors and Regulators The details in the scenario above would trigger the duty of the company's directors to make a reasonable inquiry concerning the circumstances alleged in the whistleblower's complaint. Other parties have an interest in the inquiry as well. The company's external auditors will want a thorough investigation completed. The complaint suggests that the company may have recorded fictitious loans resulting in the overstatement of balance-sheet accounts and earnings. If the allegations prove true, the company's prior, audited consolidated financial statements may require restatement. Moreover, the auditors will want sufficient assurance that officers of the company were not engaged in illegal acts, otherwise the credibility of the company's internal controls and financial statement integrity are in doubt. An independent, thorough investigation will be necessary to satisfy the external auditor and satisfy the auditors legal duties. Bank regulators also will want to know whether the allegations are true. The whistleblower's complaint raises serious questions about the bank's internal control system, whether the bank's financial statements are accurately stated, and safety and soundness issues. The regulators have broad examination powers, and if the company does not thoroughly investigate the allegations in the legal briefs | complaint, the bank examiners may conduct their own inspection. The Securities and Fxchange Commission also may be interested in the investigation, particularly if it results in a restatement of the company's prior-year financial statements or material charge-offs. Taking swift action to investigate, disclosing the results to the appropriate government agencies, and cooperating with law enforcement will mitigate the risk that the company could face government prosecution or other penalties or sanctions. Internal and External Help The internal investigation will be most effective if the audit committee properly organizes the inquiry at the beginning. The first order of business is to retain a qualified law firm that is independent of the company. In addition to satisfying the independence standard, the law firm should assemble a team of its lawyers who have expertise in banking, criminal, and securities law, as well background and experience in financial accounting and internal audit. Early in the process, the law firm should prepare a comprehensive work plan, citing the documents it plans to review and interviews it expects to convene. This plan should be fully discussed with, and approved by, the audit committee. When the internal investigation ends, there are several possible outcomes. The company could receive a clean bill of health from special investigative counsel, or counsel could conclude that the facts raise ambiguities over whether illegal acts did or did not occur. And, of course, the whistleblower allegations could be proved true, and the investigation could discover bad facts and illegal activity. Upon receiving counsel's conclusions. however, there can be no doubt that the audit committee must adopt a course of action. Ambiguities may call for further investigation. Bad facts require remedial steps. The company's problems will only be compounded if the investigation recommends action that the audit committee, board, or management doesn't take. Once an investigation begins, the out- come is unknown and the remedial action necessary to correct a problem is unpredictable. But once the whistle is blown, the audit committee needs to investigate and act on the recommendations that follow. 1^ AU views expressed are solely those ofthe author. Christopher f. Zinski is a partner and financial institutions lawyer with Schiff I lardin LLP. a Chicago law firm. He chairs the firm's Financial Institutions Group. He also is a CPA and Certified Internal Auditor. Zinski can he reached at czinski@schiffhardin.com. hat sets With over 40 years of experience, The Todd Organization is one of the leading providers and administrators of Bank-Owned Life Insurance (BOLI) in the nation. The Todd Organization has access to and utilizes insurance products from major insurance carriers including Northwestern Mutual, one ofthe highest rated and most respected insurance carriers in the industry.' This difference not only sets us apart...it sets us ahead. Recent guidance p r o v ^ ^ ^ ^ ^ p C Bulletin 2004-56 makes it more critical than ever fur institutions to properly manage the risks of their BOLI program. For more information on how The Todd Organization can help ensure the long term ^success of your BOLI plan, please contact us at: The Todd Organization www.toddorg.com Steve Toven Director, Cummunity Bank Consulting toven s(?toddorg.com 703-356-0584 faiB 703-356-0585 THE TODD ORGANIZATION I Organization, the marfcsUng name lor Todd Consulting, I n c . i Wl. provides ana administers executive t>enent plans *Best possible insurance financial strer>stn ratings: A-r* -A.M. Best. AAA- FUeti Northwestern Mutual i.ile Insurance Company I ft Poof •». Aaa - Mijody s Investors Service. August 2005 Community Banker 43
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: CORPORATE FRAUD

1

Corporate Fraud
Institution Affiliation
Date

CORPORATE FRAUD

2

Companies have over time failed to address the issue of corporate frauds effectively. Many
of them apply the principle of if you want to rob a bank just own one. The first reason as to why
they have failed to implement policies towards the elimination of corporate frauds effectively is
because of the competition in the market. For companies to remain relevant in the market
sometimes they are forced to do practices of corporate fraud to paint a good picture to the outside
world (Dyck, Morse, & Zingales, 2010). One of these practices is by overstating of annual or
monthly profits while on the...


Anonymous
This is great! Exactly what I wanted.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags