FCPA Compliance and Ethics Blog

March 9, 2012

The CCO and Crisis Management

“What, Me Worry?” is one of my favorite all-time slogans. Anyone who grew up on the 60s or 70s recognizes this comes from Alfred E. Neuman, the enigmatic face of Mad Magazine. While this phrase certainly had its uses for us teenagers back then, it is not a by-word for how the compliance practitioner needs to prepare for a compliance crisis, usually in the form of the discovery of a potential Foreign Corrupt Practices Act (FCPA) violation. Fortunately, Ileana Blanco has provided somewhat better guidance that than of my former guiding spirit. In the February 27, 2012 edition of the Texas Lawyer, in an article entitled “In-House Counsel’s Guide to Crisis Management”, Ms. Blanco detailed what she believes are the best practices for an in-house counsel in responding to a legal catastrophe.

Blanco correctly notes that disclosure of a legal catastrophe may come to a company in a variety of ways. It could be an anonymous hotline report, a disclosed whistleblower and a request from a government regulator or federal agency or through an internal control detection mechanism. Whatever the source of the information, Blanco believes that there are three key parts to any plan for crisis management.


One of the roles of a Chief Compliance Officer (CCO) is to educate management and the Board of Directors that a compliance crisis can occur, no matter what the state of its best practices compliance program. The key is how will the company respond? The CCO needs to coach management that a crisis will entail the following:

  1. Business concern;
  2. Impacting financial performance and shareholders;
  3. Threats to future financial performance;
  4. Regulatory issues;
  5. Response to government investigations and internal investigations; and
  6. Shareholder, or perhaps other third party, litigation threats.

By educating senior management and the Board on these issues prior to a crisis, these decision makers should be in a better position to respond and dedicate the appropriate level of resources to any such event.


The CCO should work with management to develop an agreed upon “philosophy about how the company will react in a crisis situation” involving a FCPA violation. This philosophy needs Board vetting and approval. Blanco believes that there should be three paramount goals. First, the philosophy decided upon should remove the “sense of fear or uncertainty” regarding the crisis issue. Second, the agreed upon plan should, to the extent possible, decrease the “room for error” when making decisions in a crisis environment and the third is prior planning which should assist in “minimizing the cost of response and the resolution” thereof.

Achieving these goals begins with the preparation of a crisis management organization chart, which should include both designations for internal and external assets and their respective responsibilities. The CCO should develop a crisis management protocol and identify an expert response team. Blanco counsels that “the development of a crisis management team or crisis response strategy does not end with the preparation of a crisis response handbook outlining these steps.” There should be “dry runs or rehearsals” and the strategy developed should be a “dynamic and evolving process.”


Blanco intones that “time is of the essence in responding to a crisis.” This truism is even more so with the now compressed time frames from the Dodd-Frank Whistleblower provision. Your company needs to be in a position to respond to any report of an alleged violation within 120 days. This means you need to be ready. In addition to the regulatory sanctions which could be leveled, your company may also be under a national or (if you are News Corp) an international microscope. This is also the time to “own up to mistakes and appear accountable” and not to engage in a “no-win blame game or finger pointing exercise.”

A designated company spokesperson should handle all media, including social media contacts. Your plan should decide such questions as “Do we make comments on the record? And “Who” makes these comments?” Witness the PR disaster of Alstom, when it was recently debarred by the World Bank and a company spokesperson initially said that it was old news. Later the company General Counsel released a statement saying, “Any comments that were previously made by Alstom are not valid.” Oops.

Blanco ends by noting that “crisis leadership is critical to assess the company’s situation and implement an effective strategy”. Moreover, in any crisis there is some opportunity to implement and demonstrate improvement. Such action by a company will obviously help in any enforcement action going forward, particularly with the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) in a FCPA enforcement action. At the end of the day, if your CCO has a preparation and solution plan, you may be able to limit the fallout if, and when, a compliance crisis occurs.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Blog at WordPress.com.