Home – Corporate Internal Investigations; A User Guide for Companies

Corporate Internal Investigations; A User Guide for Companies

Corporate Internal Investigations;

A User Guide for Companies

Copyright 2012 ALM Media Properties, LLC

All Rights Reserved Further duplication without permission is prohibited

The Corporate Counselor Newsletter

August 1, 2012 Wednesday

SECTION: Pg. 1 Vol. 27 No. 4

LENGTH: 2487 words

HEADLINE: Corporate Internal Investigations; A User Guide for Companies Part One of a Three-Part Series

BYLINE: Vince Farhat, Vito Costanzo and Stacey Wang


Companies are under increasing pressure to investigate and self-report allegations of corporate misconduct. As government agencies become more aggressive in investigating allegations of corporate fraud and abuse, an unprepared company may unwittingly find itself mired in obstruction of justice charges because initial protective steps were not taken to identify and preserve potential sources of evidence and to establish the independence of the company's decision-makers via the alleged misconduct.

This is the first artcle in a three-part series providing companies with a stepby-step guide for planning and conducting sensitive internal investigations into potential wrongdoing. Part one of the series discusses the initial decision of whether to conduct an internal investigation and immediate steps that must be taken to preserve evidence and create an independent investigation.


Every case is different. A company's management style, its corporate culture, whether the circumstances are already under investigation by the government, and the nature of the suspected wrongdoing, among a host of other factors, can all play into the dynamics of a particular case. Several general guideposts, however, ring true in the investigative process: 

All companies want to minimize business disruption, avert 1. t potential public relations problems, and avoid being charged with a crime or assessed a potentially catastrophic civil penalty. Companies are right to consider these legitimate goals in deciding whether and how to conduct an internal investigation.

-  With these goals in mind, any internal investigation must always consider the possibility of a potential government investigation, if one is not already underway. Even if the company does not believe it is a target, it should approach any credible allegation of misconduct as if it will have to answer to the government. It may be that precautionary steps taken in the beginning will pay off in avoiding a government enforcement action altogether, or at least minimizing penalties in the event of an enforcement action.

-  Maintaining independence in the internal investigative process is critical. All the time and resources spent on an internal investigation will be wasted if the investigation is not credible or, worse yet, if the government suspects that witnesses or documents were tampered with during the investigation. 

-  Potential collateral consequences should be identified and assessed so that the initial steps are taken with such potential consequences in mind. Companies may find that they have severely miscalculated their risks when what initially appeared to be a containable problem triggers parallel criminal or civil proceedings by state, federal, or local authorities, or proceedings by regulatory bodies.

-  All of these considerations should be tempered by the rule of the reason. If a company has limited re-sources and the risk of liability is remote, it may not be prudent to undertake an expensive internal investigation. However, in some circumstances, failing to investigate could have severe consequences. This balance can be a difficult one to strike.

With these considerations in mind, the first question the company faces is whether to initiate an investigation based on certain triggers.


Evaluating the Trigger

Generally, the decision to investigate may be triggered by: 1) a routine internal audit; 2) a private or public complaint by a consumer, employee or competitor; 3) a manager or Board member who learns of suspected impropriety or anomaly in business practice; or 4) an anonymous tip.

The first step is to evaluate the credibility of the complaint or allegation. The company should have a compliance plan in place designating a person or committee with knowledge of the company's key players and departments. That person or team should be notified of all triggers and be responsible for conducting an initial assessment of the complaint or allegation, and should log all triggering events in a centralized location so the company can monitor complaints for possible trends. Logging and monitoring triggering events helps show that the company has an effective compliance plan and that it does not turn a blind eye to complaints and misconduct allegations.

Companies must ensure that the persons charged with initially evaluating complaints are free from possible taint. This crucially important lesson that an "insider" may taint the effort to maintain the perception of independence was taught in the phone-hacking scandal against News Corporation that began last year, and in the continued coverage of the evolving scandal. Joel Klein, Rupert Murdoch's trusted adviser and senior vice-president, oversaw a phone hacking investigation to discover what company managers knew about the hacking. The New York Times identified Klein's "seemingly contradictory roles - de facto chief of internal affairs officer and ascendant executive with Mr. Murdoch's ear" as jeopardizing the internal investigative process. See Jeremy W. Peters, et al., Ex-Schools Chief Emerges as Unlikely Murdoch Ally, N.Y. Times, July 23, 2011 at A1.

Duties Imposed by Law

In some instances, senior management may be obligated by law to take steps once the suspected wrongdoing is discov-ered. For example, investigation and disclosure requirements are mandated by the Sarbanes Oxley Act; various Security and Exchange Commission (SEC) Guidelines, such as SEC's 21(a) Report on Voluntary Cooperation (Seaboard) (2011); Financial Industry Regulatory Authority (FINRA) Guidance Regarding Credit for Extraordinary Cooperation () and Sanctions Guidelines; the Federal and state False Claims Acts; the Foreign Corrupt Practices Act (FCPA); Federal and state Equal Employment Opportunity laws; and wage/hour statutes. These are only some of the laws that require the company to affirmatively conduct an investigation and, if appropriate, make a disclosure.

Moreover, officers and directors owe legal duties of loyalty and reasonable care in overseeing operations as well as fi-duciary duties to the company's shareholders. Board members can be personally liable for fines, penalties and losses incurred by a company as a result of unlawful conduct. Directors must assure themselves that reasonable information and reporting systems exist in the company. See Table 1, below.


A government investigation or the likelihood of a government investigation justifies an internal investigation. When government involvement is likely, extra care must be taken to document the steps taken and preserve all potentially relevant evidence. Not doing so may subject the company to potential obstruction of justice charges if, with the anticipation of government scrutiny, a document is destroyed or modified, or the internal investigation process could have unduly influenced witness memories.

If private litigation exists or is anticipated based on alleged misconduct, the company should treat everything as potentially "on the record" if the government gets involved. Although the government may not ultimately institute an investigation, private litigation is sometimes a source of information for the government and can put the company on the government's radar. This means that the company's counsel in private litigation should be sure to preserve applicable privileges.


The decision of whether to conduct an internal investigation is less clear where there is no information that the govern-ment is or will be investigating and there is no likelihood of litigation over the alleged misconduct. With the list of pre-liminary considerations in mind, the balancing act of weighing the risks and benefits of conducting an investigation are described in Table 2 below.


-  Step One: Preserve all potentially relevant sources of evidence and immediately suspend document destruction proce-dures.

Generally speaking, companies should have and enforce reasonable document retention policies which define normal operating procedures absent an investigation. However, as soon as the company can reasonably anticipate litigation or a government investigation, all routine actions that would result in the destruction (including overwriting and janitorial functions) of documents or information that may be relevant to the litigation or investigation should be suspended. Even if the company does not know the specifics of the dispute or investigation, the act of enforcing what would ordinarily be a best practice may be viewed as spoliation of relevant evidence or, in a criminal investigation, obstruction of justice.

For example, Credit Suisse executive Frank Quattrone was charged with corruptly persuading others to destroy documents during a government investigation, even though he allegedly had only heard about and had not seen the government subpoena at the time he sent an e-mail to enforce the bank's usual document retention policy. See United States v. Quattrone, 441 F.3d 153, 179 (2d Cir. 2006).

Even the impression of possible spoliation can quickly change the game. If documents have been destroyed, adverse civil findings may be made against the company. That means the jury at trial may be given an instruction by the court to treat the missing evidence as evidence that would have been unfavorable to the company. Such impression may also lead to obstruction of justice charges.

What information must be preserved? All electronic storage devices, including electronic calendars and personal digital assistants, cell phones and texts are all potential sources of evidence. This is one area in which understanding the com-pany's technology infrastructure and communicating with the information technology department is crucial. Automated janitorial functions must be stopped and relevant back up tapes preserved. All preservation efforts should be documented. This step must be done quickly to minimize the possibility of accidental destruction and opportunity for modification. Relevant employees should, at minimum, sign memoranda acknowledging their preservation obligations, particularly as to personal devices on which company business may be conducted.

Preserving ESI can become very expensive depending on the nature of the company's business, the company's technology infrastructure system, and whether the company has historically implemented and enforced a retention policy. Various systems, such as the current trend toward cloud computing, carry with it advantages and disadvantages from the standpoint of information preservation and in conducting an internal investigation. As an immediate response, however, the company must stop all deletion.

-  Step Two: Establish independence immediately

As discussed above, the perception of independence is paramount to maintaining credibility of the company and the internal investigation process. An independent internal committee can be a committee of one, if the scope calls for it, but the key is for that person to be independent.

When to Involve Outside Counsel

Sometimes, red flags can be quickly addressed and resolved by company personnel without involving outside counsel. For example, the human resources department often has the expertise necessary to conduct preliminary investigations of discrimination or harassment allegations. In-house counsel should be involved in these steps to preserve applicable privileges.

Where appropriate, white-collar outside counsel can add a layer of independence to the process that cannot be achieved with in-house counsel or the company's usual outside counsel. This is particularly true if the company's usual outside counsel may appear to lack independence.

Dual Roles of General Counsel And Compliance Officer

In recent years there has been a push from regulators to create freestanding compliance departments that are indepen-dent of the legal department. The potential conflict arises from the general counsel's fundamental role as the defender of the company while the compliance officer must set the tone for the company's compliance culture. Some high-profile cases have shown the challenges faced by companies when the two functions come into conflict. For example, in 2003, U.S. Senate Finance Committee Chairman Chuck Grassley criticized Tenet Healthcare for having placed one individual as both the general counsel and as chief compliance officer. Not only did the government fine Tenet Healthcare, but it later initiated an investigation against the individual in the conflicting roles. More recently, WellCare Health Plans, Inc.'s former general counsel/chief compliance officer was named individually in an action for securities violations and insider trading. See U.S. Secs. and Exchange Com'n v. Farha, et al., Case No. 8:12cv47t23MAP, United States District Court for the Middle District of Florida, filed Jan. 9, 2012.

Next month, Part Two of this series will cover how to design and plan internal investigations as well as the process of collecting and reviewing documents and electronically stored information.

Table 1

Evaluating the Trigger when no government involvement is anticipated

• Is there a legal duty to investigate?

• Who must be notified and included in the evaluation process?

• Is the designated person or team independent and objective?

• Is the source of the allegation credible?

• Is the source an employee subject to protections and does the law provide such source an incentive to proceed against the company?

• Have there been prior similar complaints?

Table 2

Downsides to Internal Investigations>Benefits to Internal Investigations:

• Expensive > Shows a commitment to good compliance when serious red flags are investigated

• Disruptive and potential morale problems > Employees will take procedures and policies more seriously if they know the company will investigate wrongdoing

• Distraction to management > If policies and protocols are in place, and the investigation is done with best practices, this can provide peace of mind to management. The risk of management becoming a personal target of a later investigation may outweigh any initial inconveniences

• Increased likelihood that the government or press will find out about the issue > Taking control and learning the potential facts can put the company in a position to control how the public first learns of the information rather than reacting to someone else informing the public 

• May uncover more serious problems > The serious problems may be affirmatively addressed, which would increase the credibility of the company in the view of the government

Vince Farhat and Vito A. Costanzo are partners and Stacey H. Wang is an associate in Holland & Knight's West Coast Litigation Group, resident in the Los Angeles office. They may be reached at Vince.Farhat@hklaw.com, vi-to.costanzo@hklaw.com and stacey.wang@hklaw.com, respectively.

LOAD-DATE: August 1, 2012