This is the day that the US government traditionally celebrates Columbus’ discovery of the Americas, in the form of Columbus Day. My grandfather emigrated from Italy so he always took Columbus Day as his heritage day. My little sister was also born on the same calendar day, so here is to my grandfather and all the other immigrants who made America what it is today and my baby sister, sitting on a mountaintop in Tennessee enjoying the autumn foliage.
In visiting with SCCE Chief Executive Officer (CEO) Roy Snell last week at the 2015 Compliance and Ethics Institute, we talked about what I perceived to be some of the momentous events around compliance and ethics in the month of September. I identified the Department of Justice (DOJ) Yates Memo, the DOJ’s new Compliance Counsel position and Volkswagen emissions-testing scandal as three things that will certainly change compliance going forward. Snell articulated it even further when he said he thought the compliance profession may have been put on a tipping point through these occurrences and he said that before the Schrems decision was released by the European Court of Justice (ECJ) last week.
Whatever you think about the Schrems decision, I think we have now ‘tipped’ and are moving into uncharted waters for anti-corruption compliance. So I’m introducing Compliance at the Tipping Point week where I will review what happened over the past 30 days or so, what got us there and where we may be going forward. Whether you want to take the Bette Davis admonition to “Put on a seat belt as it could be a bumpy ride” or simply go full English and “Watch this space” I think the compliance world is changing and if you do not begin to prepare now, the consequences could be severe not only for your company but for you personally as well.
The first thing that changed was the release of the “Yates Memo” and speech given by its author, Deputy Attorney General Sally Quillian Yates, at the New York University School of Law, entitled “New Policy on Individual Liability in Matters of Corporate Wrongdoing” and the “Yates Memo” which was entitled “Individual Accountability for Corporate Wrongdoing”. This change relates to the DOJ’s now stated goal of going after culpable individuals rather than simply settling with corporations that pay large fines.
In her speech, Yates said the following, “Effective immediately, we have revised our policy guidance to require that if a company wants any credit for cooperation, any credit at all, it must identify all individuals involved in the wrongdoing, regardless of their position, status or seniority in the company and provide all relevant facts about their misconduct. It’s all or nothing. No more picking and choosing what gets disclosed. No more partial credit for cooperation that doesn’t include information about individuals.” This statement ties directly into the first point of the Yates Memo, which has the title “To be eligible for any cooperation credit, corporations must provide to the Department all relevant facts about the individuals involved in corporate misconduct.” [Emphasis in original]
While there have been some commentators who have viewed the Yates Memo and announcements around it as nothing new, I think the Yates Memo and Yates’ remarks portend a new era. She wants the DOJ and Securities and Exchange Commission (SEC) to investigate individuals immediately at the start of investigations. She stated, “the department yesterday instructed its attorneys that, going forward, they are to focus on individuals from the start of an investigation, regardless of whether the investigation begins civilly or criminally. Moreover, once a case is underway, the inquiry into individual misconduct can and should proceed in tandem with the broader corporate investigation. Delays in the corporate case will no longer suffice as a reason to delay pursuit of the individuals involved.” Even though these remarks were directed at government lawyers, I think it clearly means that corporations will be required to initially change the focus of their investigations from attempting to perform any type of root cause analysis to obtaining evidence against individuals and turning it over to the government as soon as possible.
For the Chief Compliance Officer (CCO) or compliance practitioner, this means the entire focus of your investigative protocol must now change. Previously an investigation was to determine how conduct that might have violated the Foreign Corrupt Practices Act (FCPA) occurred and then focus on how to remedy it. The first step a CCO or compliance practitioner would take when sufficient evidence was developed would be to fix the problem so that it did not occur going forward. If there were compliance program or internal control weaknesses, they would be immediately fixed so that neither the original perpetrators could continue the conduct but also so others could not take advantage of any such structural weakness.
That is no longer the case. The DOJ expects you to bring them information about potentially culpable individuals who can be prosecuted going forward. This means employees are going to immediately stop talking to you if they were inclined to do so in the first place. It will make making that essential root cause analysis more difficult and the attendant remedy that is a part of any best practices compliance program.
But Yates went further than simply saying the DOJ expects you to turn over your own employees. She made clear that both she and the DOJ want companies to give up senior executives involved in illegal conduct. She said “We’re not going to be accepting a company’s cooperation when they just offer up the vice president in charge of going to jail.” Here the difficulty is around the FCPA requirement for a criminal prosecution or intent. How do you determine intent in a manner where senior executives may never have been involved directly in a transaction? Does this mean insufficient tone at the top will somehow morph into intent for a FCPA prosecution? Whatever it may mean going forward, at the very least I think it means that high heads in an organization could very well start to roll.
The FCPA Guidance made clear that any best practices compliance program is designed to prevent; detect and remedy. The final step of that formulation as well as Maxim No. 3 of McNulty’s Maxims (1) What did you do to prevent it? (2) What did you do to detect? (3) What did you do to fix it?; may both need to change. The final prong in both formulations of ‘remedy’ may well become turn over the information to the DOJ before you remedy your compliance regime.
That is indeed a sea change.
[View source.]
