One of the things that I learned from the television series M*A*S*H was the need for triage. In the hospital setting, triage is the process of determining the priority of patients’ treatments based on the severity of their condition. At the Dow Jones Global Compliance Symposium, there were a couple of panels which discussed the need for triage in your compliance program around issues that are reported through a company’s internal reporting mechanism.
Given the number of ways that information about violations or potential violations of the Foreign Corrupt Practices Act (FCPA) can be communicated to the Department of Justice (DOJ) having a robust triage system is an important way that a company can separate the wheat from the chaff and bring the right number of resources to bear on a FCPA problem. Kevin O’Connor, Vice President (VP) for Global Compliance, United Technologies Corp, said that one of the things that this is important in making an initial determination of whether to bring in outside counsel to head up an investigation. It is also important in a determination of the resources that you may want or need to commit to a problem. Ty Cobb, a partner at Hogan Lovells, put it this way “How much information do you need to know before you go to outside counsel? Quite a bit.” Another panelist, Jamie Gorelick, partner at WilmerHale, put it in a different manner when she said “you have to kick the tires” so that you know the circumstances in front of you before you make the decision to go to outside counsel.
But even if you kick the tires and determine that you do need to involve outside counsel, there are still ways in which a corporation can work to control the costs of a FCPA investigation. O’Conner said that United Technologies is able to keep the costs down by having a very robust team of investigators embedded in many departments across the company, outside of the compliance function. O’Connor said that these employees come from employment and professional backgrounds which trained them in the basics of investigations. Many of these United Technologies employees come from law enforcement but there are other professions such as national security, foreign service, the intelligence community, human resources and others.
O’Connor said that the key is to hire people with a background and prior training investigations. These investigators receive FCPA and other compliance training while at United Technologies so that if a major incident arises they can be used to supplement outside counsel personnel who may lead an investigation. In this way, United Technologies is able to keep outside counsel from sending lawyers all over the world and thereby run up the costs of a FCPA investigation. This concept was put another way by another panelist, David Yawman, Senior Vice President & Chief Compliance and Ethics Officer, PepsiCo Inc., who said that he “wants to be building sprinkler systems and not fighting fires”. He explained this meant that he wants to have trained personnel available to him, who can have their primary function outside the compliance group but can be called upon as needed in such a FCPA investigation.
On another panel Paul McNutly, partner at Baker & McKenzie LLP, explained that he believed it would be important for a company’s regular outside counsel to partner more with the entity as a way to help hold down costs. McNulty explained that a law firm could work to help put on the additional FCPA and compliance focused training that O’Connor discussed on a more regular and ongoing training. This partnership relationship would allow the law firm to have confidence that the company’s investigators could handle a large or wide-ranging FCPA investigation. This confidence would help outside counsel in any discussions they might have with the DOJ during the pendency of a FCPA investigation.
McNulty was asked how do you help keep costs from reaching the ‘ridiculous’ level? He also mentioned that a company needs to initially scope any FCPA allegation which may arise through a company’s internal reporting mechanism or other manner. But said another step is to develop a reasonable investigation plan. This can be particularly important if you self-disclose to the DOJ. You will need to go into the DOJ and present your investigation plan so McNulty suggested an early discussion with the government on the scope of the investigation is critical.
Panelist Gorelick stressed that you should engage the DOJ to show not only the scope of your investigation but that it can be limited so that you do not face the dreaded ‘where else’ question. You should develop a logical plan with the nexus to the facts. However, she emphasized that you must have credibility with the government that not only will your investigation will be robust but that facts you have determined in your initial triage are a reasonable interpretation.
I found it very useful that there was a discussion relating to costs of a FCPA investigation that extended over two panels at the conference. Both in-house and outside counsel presented concrete and achievable solutions that can be implemented to help contain costs. But the key is to be prepared, not only in terms of having your investigation and notification protocols in place before the FCPA allegation comes in but also doing the proper triage so that you have an initial understanding of what you may be facing.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2013
FCPA Compliance and Ethics Blog 