SCCE conference: investigation protocols and anti-trust audits
Held in Washington, DC in October, this year’s Society of Corporate Compliance and Ethics’ (SCCE) annual Compliance and Ethics Institute drew 1,300 participants from as far away as Nigeria, Hong Kong, Slovenia and Hawaii. The four-day conference featured dynamic interactive sessions, many of which called for compliance and ethics officers to weigh in on a variety of complex compliance challenges.
At the opening general session on October 7, attendees packed the ballroom to hear Judge Patti Saris, chair of the United States Sentencing Commission, speak about the impact the sentencing guidelines have had on workplace misconduct since their implementation 22 years ago. The commission’s goal in providing for ‘certain mitigating credits’ for organizations with front-end compliance programs was to offer a strong financial incentive for self-policing, she said.
With the dominance of environmental cases in the last two years, the commission thinks it may be time to reconsider how applicable the sentencing guidelines are to the environmental and food and drug offenses that were initially carved out, Saris said. And because the anti-trust guidelines are viewed as outdated, the commission may also be looking at whether to mandate higher fines for those violations, she added.
Stephen Cohen, associate director of enforcement at the SEC, said to expect more whistleblower awards and stressed that ‘the purpose of the whistleblower program is to bolster, not supplant, the compliance framework in the private sector.’
He pointed out that companies benefit from including compliance officers in discussions where key decisions regarding anti-corruption efforts are made, and when they consider compliance officers as trusted advisers and give them the necessary authority and independence to help lead their organizations.
Cohen cited the government’s decisions not to prosecute Morgan Stanley or Ralph Lauren for bribery violations, partly due to the companies demonstrating they had internal controls that provided assurance that other employees were not bribing government officials, or due to their enhanced compliance efforts. ‘Fraud is usually a sign of deficient compliance standards,’ Cohen explained, adding that compliance officers need to be on the lookout for people who are overly technical in their investigations of incidents of misconduct or those who show contempt for legal standards.
At the SCCE gala awards dinner, Sally March, a director at Drummond March and one of the four award winners, was recognized for helping to develop the SCCE’s international track and advance its training programs in Europe. Kathleen Edmond, chief compliance officer at Best Buy, received an award for creating a blog that not only keeps employees abreast of new compliance developments and disciplinary actions but also is visible to the outside world. An award went to Compliance Week for its coverage of the burgeoning compliance profession over the past decade, while Dan Roach, chief compliance officer at Optum360, was recognized for his dedication as co-chair of the SCCE in addition to his efforts on the Health Care Compliance Association’s board.
An all-day, multi-part workshop on investigations covered how to interview employees who have reported misconduct, plan and protect the integrity of an investigation, and properly document the investigative process and its conclusions. When collecting documents during investigations, compliance officers should consider the kind of case that is under review and which documents are likely to be needed, said Latour Lafferty, a partner at Fowler White Boggs. ‘Having foresight into their use will instruct how you collect the documents,’ he explained.
Lafferty stressed the need to appoint a custodian of documents, who then becomes a potential witness in your case. It’s also necessary to log the chain of custody to be able to know who touched which document when, which can be material to a case, and to establish a document management system to enable electronic searches of document PDFs and keep track of the original locations from which documents were taken.
Investigation reports should never include legal conclusions if the company doesn’t want to risk being held liable for not adhering to those conclusions, said Meric Bloch, compliance officer at Adecco and author of the SCCE’s new book, Workplace investigations.
Compliance officers must also summarize findings of investigations and follow up to make sure corrective actions were taken if the allegations prove true, said Al Gagne, former director of ethics and compliance at Textron Systems. ‘If you know management swept something under the rug when you know there was a violation, you need to consider your future with that company,’ he warned.
Supply chain compliance
A session on conflict minerals and what companies need to do to be in compliance with new SEC disclosure rules emphasized the need for companies to educate their suppliers about what’s required in vetting the origin of certain substances like tin and tantalum. The ‘indeterminable origin’ category shows the SEC understands how long it can take a firm to carry out a full due diligence assessment of its supply chain, depending on how far removed suppliers are from the minerals’ country of origin, said Foley Hoag attorney Amy Lehr.
In surveying their suppliers, companies may want to ask whether they are directly answerable to the SEC disclosure rule. A supplier that is required to file its own conflict minerals report ‘is probably more diligent and credible than a supplier who is not reporting to the SEC,’ said Bobby Kipp, a partner at PwC.
Companies must also document how they came to a decision about whether a certain mineral serves an essential function in their products or is merely ornamental. ‘What’s really important is being able to justify what you did and being able to prove it,’ explained Lehr. While companies have a lot of leeway in what these reports end up looking like, these filings are subject to liability under the Exchange Act, she added.
One recommendation that came out of a session on global anti-trust and competition law risks was that compliance officers should train employees using actual audit results. Showing people where their company fell short in an audit gets their attention, said Joseph Murphy, author of 501 ideas for your compliance and ethics program. An underused auditing technique is to do a keyword search on employees’ emails for mention of competitor domain names and other possible evidence of collusion with rivals for market manipulation purposes. Activity at trade association meetings has come under closer scrutiny, and some companies are doing just-in-time training for employees right before they leave for overseas business trips.
A key piece of advice from the cyber-security risk session was that compliance officers should join the local Electronic Crimes Task Force, which can help companies track down the sources of security breaches. Quarterly training of employees on cyber-security is the most efficient and cost-effective security method a company can adopt, said Douglas Scott Johnson, former deputy assistant director of the United States Secret Service’s office of investigations.