Conducting an Effective
Internal Corporate Investigation
Association of Corporate
Counsel – Michigan Chapter
June 10, 2014
Welcome
Your presentation team
Rex E. Schlaybaugh, Jr.
‫‏‬
Member and Chair Emeritus
Dykema Gossett LLP
Bloomfield Hills, MI
Moderator
‫‏‬
Robert T. Biskup
‫‏‬
Director, Forensics
Deloitte Financial Advisory Services LLP
Detroit, MI
Speaker
‫‏‬
Brian M. Moore
‫‏‬
Member
Dykema Gossett LLP
Bloomfield Hills, MI
Speaker
‫‏‬
2
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Introduction
Why we are here today
• Circumstances / issues giving rise to internal investigations
− Cyber-attacks on data / network security
− Corporate fraud / bribery and corruption
− Whistleblower rights
− Anti-competition activities
− Product safety / quality control
− Financial reporting / accounting irregularities
• Regulatory environment (Dodd-Frank, SEC, DOJ Leniency Programs, SOX)
− Invites, if not demands, investigations as part of regulatory response protocol
− Credits independent investigations as important part of cooperation and a key
element in reducing corporate liability
− Regulators and investors expect independent directors and external advisors
to lead investigations where circumstances warrant
3
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Introduction
Why we are here today
• Benefits of an effective internal investigation
− Memorialize‫‏‬company’s‫‏‬good-faith response
− Trigger remedial action; enhancement to policies, procedures, internal controls
− Better to know and, if warranted, voluntarily disclose
− Minimize potential consequences, penalties, liabilities, debarments
• Triggers warranting an investigation
4
− Financial fraud
− Whistleblower complaints
− Misconduct by corporate officers or
employees
− Calls to hotline or anonymous
reports
− Ethical issues
− Media report
− Conflicts of interest
− Regulatory noncompliance
− Government search warrant,
subpoena or CID
− Any allegation creating significant
risk or potential for derivative lawsuit
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Introduction
Why we are here today
• All internal investigations are fluid, time-sensitive, and require flexibility
• Important to develop a collaborative process
• Key questions / issues to consider at the outset
− Who should lead the investigation
− Role of external counsel and advisors
− Development of a structured and collaborative process
− Role of Management and / or Board of Directors
− Impact of investigation on attorney-client privilege & work-product privileges
− Scope and plan of the investigation
− How the investigation should be conducted (document collection, internal
interviews, external interviews)
− Who should receive the end-product, and in what form
5
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Who should investigate?
• Higher risk cases – investigation should be under the direction of attorneys
− HR, internal audit or compliance officer for matters involving lower risk
• Office of General Counsel
− Isolated and well-defined allegations
− Activities of lower-level employees
− Advantages: familiar with company; known to management; less disruption to
operations; cheaper
• Outside counsel
− Risk of criminal or civil exposure
− Inquiries from government agencies / regulators
− Activities of board members, management, or senior employees
− Investigation led by audit committee or special committee
− Advantages: experience and resources; maintain independence (consider new
outside counsel); additional safeguards of attorney-client privilege
6
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Collaborative Process
• Role of Management / Board of Directors
− Need management support, but independent of management control to ensure
credibility
− Appoint management point person (OGC for most investigations)
− Board oversight may be necessary if management potentially implicated
− Independent of board control if activities of board members at issue
• Need for subject matter experts (SMEs)
− Forensic accountant necessary for most investigations
− Counsel should retain experts for services in connection with providing legal
advice to company (protect privilege)
− Counsel should direct their activities
7
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Developing a Structured Process
• Develop matrix of incoming report categories
− Examples of violations of company policy, laws, regulations
◦ Accounting / financial reporting (potential SOX 301)
◦ Managerial frauds (potential SOX 302)
◦ Employee relations (routine HR vs. significant compliance issues)
◦ Asset misappropriation
◦ Kickbacks, collusion, bribes, corruption
◦ Anti-competition activities
◦ Data privacy
◦ Cyber attacks and data security
◦ Credit card abuse
◦ Environmental
◦ Product safety
◦ Threats to personal safety and security
8
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Making it Collaborative
• For each category, develop primary and secondary leads
− Legal (OGC and external counsel)
− Compliance
− Internal Audit
− Security
− Human Resources
− Internal Control
− Information Technology
− HQ, Regional, and Local leads
− Internal Regulatory Groups
− Business Operations
9
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Assembling the Right Team
• When to involve outside forensic accountants
− Accounting irregularities
− Financial reporting issues
− Asset or money tracing
− Large data gathering
− Complex structured and unstructured data analytics
− IT system implications
− International coverage
− Other support needed by counsel
10
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Defining when to Escalate
• Develop specific criteria and procedures
− Allegations against senior management
− Allegations involving managerial fraud
− Allegations involving accounting improprieties
− Allegations involving financial statement fraud
− Allegations with legal / regulatory implications
− Allegations with reputational implications
− Allegations involving bribery or kickbacks
− Allegations impacting product quality
− Allegations involving potentially material internal control weaknesses
11
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Defining when to Escalate (continued)
• Who needs to know?
− General Counsel?
− CFO?
− HR?
− CEO?
− Business Unit Management?
− Board of Directors or Board Committee?
− External Auditors?
− Exceptions and process for dealing with internal conflicts of interest
12
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Issues Involving Officers or Board Members
• Special considerations
− Consider who must be informed in each scenario (CEO, CFO, GC, HR, CCO)
− Consider special evidence gathering protocols
− Consider administrative leave situations
− Consider external reporting requirements
− Consider involving company auditors
− Consider special investigation committee overseen by board when
independence is an issue
13
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Protecting Privileges
• Investigations‫‏‬conducted‫‏‬by‫‏‬counsel‫‏‬for‫‏‬purposes‫‏‬of‫‏‬the‫‏‬company‫“‏‬obtaining‫‏‬
legal‫‏‬advice”‫‏‬are‫‏‬generally‫‏‬protected‫‏‬by‫‏‬attorney-client and work product
privileges
− Typically applies to both in-house & outside counsel
− Underlying facts are not privileged
• Investigation for business purposes may not be protected
• Recent federal district court decision raises concerns whether companies can
claim privilege over investigations conducted pursuant to a regulatory or
corporate policy. United States ex rel. Harry Barko v. Halliburton Company, et al.,
No. 05-CV-1276 (D.D.C. Mar. 6, 2014)
− Impact should be limited as case sufficiently distinguishable from most
attorney-led investigations
14
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Steps of an Internal Investigation
Step 1: Define Scope of Investigation
Step 2: Prepare Investigation Plan
Step 3: Collect / Analyze Data & Documents
Step 4: Conduct Witness Interviews
Step 5: Prepare Final Report
15
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Step 1: Define Scope of Investigation
• Crucial to cost-efficient and effective investigation is defining the proper scope at
outset of investigation
• Defining factors
− Precise issues / allegations being investigated
− Immediate & potential audience of investigation results
− Need for subject-matter expert
− Scope of corporate involvement
− Time frame of allegations
− Identification of sources of potential evidence
− Identification of relevant witnesses (informational & target)
16
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Step 2: Prepare an Investigation Plan
• Overview of the allegations & investigation scope
• Timetable for investigation events
− Collect / analyze documents
− Interview witnesses
− Preliminary reporting
• Timetable for final reporting
17
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Step 3: Preserve / Collect / Analyze Data
& Documents
• Depending on scope of investigation & involvement of government / regulators
• Collect key documents immediately
− Company rules, controls, policies and procedures
− Memoranda or notes regarding allegation
− Prior complaints
− Contracts
− Personnel files
• Investigation hold memo to identified custodians
− Suspend normal document destruction policies
− Consider simultaneous imaging computer hard drives & back-up media
of key witnesses
18
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Step 3: Preserve / Collect / Analyze Data
& Documents (continued)
• Document collection
− Designate IT point person to coordinate efforts
− Consider outside vendor (or retained forensic expert)
• Document review – balance cost & thoroughness
− Consider contract attorneys for large-scale reviews
• Memorialize document collection and review processes
− Formulate search criteria and parameters
− Involve government / regulators, if necessary
19
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Step 3: Preserve / Collect / Analyze Data
& Documents (continued)
• Data preservation
− Email
− Hard drives
− Personal computers
− Mobile devices
− Hardcopy documents
− Local and central servers
− Consider global data protection regulations
20
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Step 4: Conduct Witness Interviews
• Prepare interview outline
− Explain purpose
− Provide Upjohn instruction
− Ask witnesses about compliance with P&P
− Exhaust memory before reviewing documents
• Determine order of witnesses
− Internal informational witnesses (may define / redefine scope)
− External informational witnesses (e.g., outside auditor)
− Internal target witnesses (primary alleged target last)
• Two-person interviews
− Accurate note-taking
− Second witness to testimony
21
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Upjohn Warnings
• Proper Upjohn Warnings
− Company requested counsel to gather information in order to provide legal
advice to the Company in connection with its investigation of [ __ ]
− Counsel represents the Company; not the witness
− Interview is protected by the attorney-client privilege
− Privilege belongs to and is controlled by the Company; not the witness
− Company can decide to waive the privilege and disclose discussion to thirdparties without notice to the witness
− Keep interview confidential to preserve privilege; witness may not disclose to
any third-party, including other employees or anyone outside the Company
− Any questions? Willing to proceed?
22
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Step 5: Final Report
• Form of report
− Written report not always necessary or advisable
− PowerPoint presentation or oral report reduces risk of privilege waiver
• Content of written report or presentation
− Only factual findings / observations?
− Consider legal conclusions and / or recommendations
− Identify non-compliance with established policies & procedures
• Remedial actions resulting from investigation should be documented (e.g.,
personnel decisions or policy changes)
23
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Disclosing Investigation Results – Impact on
Privilege
• Decision for the Client
• Outside Auditor
− May demand disclosure; require additional work
− Failure to disclose may delay audit opinion
− Disclosure risks waiver of privilege
− Split of authority; no waiver is predominate view
• Board of Directors
− Privilege preserved if board is the client
− Sharing can result in waiver if board is not the client
− Waiver if conduct of board members at issue
24
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Disclosing Investigation Results – Impact on
Privilege (continued)
• Government / Regulators
− Case-by-case analysis
− Consider statutory obligations to disclose (e.g., SEC, FDA)
− Consider statutory benefits to disclose
◦ SEC‫‏‬2001‫“‏‬Seaboard‫‏‬Report”:‫‏‬considered‫‏‬in‫‏‬assessing‫‏‬cooperation
◦ SEC‫‏‬2006‫”‏‬Statement‫‏‬on‫‏‬Penalties”:‫‏‬considered‫‏‬in‫‏‬assessing‫‏‬penalties
• Other factors
− Government already know? Eventual disclosure likely?
− Nature of disclosure; can it be limited?
− Anticipate litigation?
− Privilege waiver in most cases; assume waiver
25
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Any Questions?
For further information:
‫‏‬
Rex E. Schlaybaugh, Jr.
Dykema Gossett LLP
39577 Woodward Ave., Suite 300
Bloomfield Hills, MI 48304
(313) 568-5370
rschlaybaugh@dykema.com
Robert T. Biskup
Deloitte Financial Advisory Services LLP
200 Renaissance Center, Suite 3900
Detroit, MI 48243
(313) 396-3000
rbiskup@deloitte.com
Brian M. Moore
Dykema Gossett LLP
39577 Woodward Ave., Suite 300
Bloomfield Hills, MI 48304
(248) 203-0772
bmoore@dykema.com
26
Copyright © 2014 Deloitte Development LLC. All rights reserved.
About Deloitte
As‫‏‬used‫‏‬in‫‏‬this‫‏‬document,‫“‏‬Deloitte”‫‏‬means‫‏‬Deloitte‫‏‬LLP‫‏‬and‫‏‬its‫‏‬subsidiaries.‫‏‬Please‫‏‬see‫‏‬www.deloitte.com/us/about‫‏‬for‫‏‬a‫‏‬detailed description of
the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of
public accounting.
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Copyright © 2014 Deloitte Development LLC. All rights reserved.
Member of Deloitte Touche Tohmatsu Limited