around the bar
February 10, 2013

Internal Compliance Programs and the FCPA: What Works, What Doesn’t?

Carefully consider the attorney-client privilege, documentation and scope upfront when confronted with a Foreign Corrupt Practices Act investigation. An experienced panel of prosecutors, defense lawyers and others advised on how to prepare your business client going into an investigation, what to do during a review and some of the elements that are considered during the sentencing phase, at a Criminal Justice Section-sponsored program Feb. 8 during the ABA Midyear Meeting in Dallas.

“Internal Investigations and Effective Compliance Programs” moderator Shirley Baccus-Lobel, of the Law Office of Shirley Baccus-Lobel in Dallas, asked Michael Heiskell — with Johnson, Vaughn & Heiskell, in Fort Worth, Texas — what should be done when a lawyer learns that her business client is under investigation.

Among the tips provided by Heiskell:

  • Document, document, document, showing that there is transparency in the process;
  • Send a memo to the employees who are being interviewed, advising them that they must tell the truth when being interviewed, and that they may wish to hire an outside attorney;
  • Ensure that you have a corporate compliance program in place; and
  • Request adequate resources and have a team in place to collect the materials and conduct the interviews that are required.

Didier Lavion, with PwC Forensic Services in New York, recommended that — in the event a client is aware that a dawn raid is impending — a team goes along during the raid.   Whatever data the federal regulators have, Lavion said, “Be prepared to have the same data and be ready to respond.

“When you collect data, have an understanding about data privacy expectations, especially in other countries,” Lavion continued.  For example, in Russia, hard drive transfers out of the country can be stopped by the government.  And in terms of data, ensure that the chain of custody and access control logs are carefully maintained, Lavion said.

Several panelists, including Lavion and Sarah Wirskye, with Meadows, Collier, Reed, Cousins, Crouch & Ungerman, L.L.P. in Dallas, cautioned as to how widely you cast the net in collecting data.  Consider the relevance of the data to the issue at hand.  If this is not carefully thought about upfront, a company and its lawyers can spend hundreds of thousands of dollars collecting and analyzing data needlessly.

When interviewing witnesses and drafting notes about the investigation, be consistent in how you maintain records.  For example, decide whether you keep drafts of correspondence and the level of detail in billing records.  It doesn’t mean that there is not thorough record-keeping, Wirskye emphasized.  And remember that it’s not only the government that might gain access to the information, it’s also the media or the plaintiffs’ lawyers, and this could lead to a public relations nightmare, Wirskye pointed out.

Richard Roper, with Thompson & Knight, LLP in Dallas, weighed in on a corporate compliance program.  He emphasized that a company have a strategy in place to mitigate against criminal liability, but also pointing out that one person’s definition of a “reasonable” compliance program could be far different from that of another.  It will also vary from company to company.  Having buy-in from the board of directors about the importance of compliance is critical, Roper said, expounding by saying that the appropriate tone at the top will encourage a flow of information and employee questions.

Moving beyond the investigation to the sentencing phase, Sarah Saldana — U.S. attorney for the Northern District of Texas — said that a robust compliance program is certainly taken into consideration in sentencing.  The level of culpability of an individual, the culture of a company with respect to compliance, and the pervasiveness of the activity within a company are also considered.  The regulators consider whether a corporate culture is at fault or whether there is simply one bad apple, Saldana said.