"What, Me Worry?" is one of my favorite all-time slogans.
Anyone who grew up on the 60s or 70s recognizes this comes from Alfred E.
Neuman, the enigmatic face of Mad Magazine. While this phrase certainly had its
uses for us teenagers back then, it is not a by-word for how the compliance
practitioner needs to prepare for a compliance crisis, usually in the form of
the discovery of a potential Foreign Corrupt Practices Act (FCPA) violation.
Fortunately, Ileana Blanco has provided somewhat better guidance that than of
my former guiding spirit. In the February 27, 2012 edition of the Texas Lawyer, in an article
Counsel's Guide to Crisis Management", Ms. Blanco detailed what she
believes are the best practices for an in-house counsel in responding to a
Blanco correctly notes that disclosure of a legal
catastrophe may come to a company in a variety of ways. It could be an
anonymous hotline report, a disclosed whistleblower and a request from a
government regulator or federal agency or through an internal control detection
mechanism. Whatever the source of the information, Blanco believes that there
are three key parts to any plan for crisis management.
One of the roles of a Chief Compliance Officer (CCO) is
to educate management and the Board of Directors that a compliance crisis can
occur, no matter what the state of its best practices compliance
program. The key is how will the company respond? The CCO needs to coach
management that a crisis will entail the following:
By educating senior management and the Board on these
issues prior to a crisis, these decision makers should be in a better position
to respond and dedicate the appropriate level of resources to any such event.
The CCO should work with management to develop an agreed
upon "philosophy about how the company will react in a crisis situation"
involving a FCPA violation. This philosophy needs Board vetting and approval.
Blanco believes that there should be three paramount goals. First, the philosophy
decided upon should remove the "sense of fear or uncertainty" regarding the
crisis issue. Second, the agreed upon plan should, to the extent possible,
decrease the "room for error" when making decisions in a crisis environment and
the third is prior planning which should assist in "minimizing the cost of
response and the resolution" thereof.
Achieving these goals begins with the preparation of a
crisis management organization chart, which should include both designations
for internal and external assets and their respective responsibilities. The CCO
should develop a crisis management protocol and identify an expert response
team. Blanco counsels that "the development of a crisis management team or
crisis response strategy does not end with the preparation of a crisis response
handbook outlining these steps." There should be "dry runs or rehearsals" and
the strategy developed should be a "dynamic and evolving process."
Blanco intones that "time is of the essence in responding
to a crisis." This truism is even more so with the now compressed time frames
from the Dodd-Frank Whistleblower provision. Your company needs to be in a
position to respond to any report of an alleged violation within 120 days. This
means you need to be ready. In addition to the regulatory sanctions which could
be leveled, your company may also be under a national or (if you are News Corp)
an international microscope. This is also the time to "own up to mistakes and
appear accountable" and not to engage in a "no-win blame game or finger
A designated company spokesperson should handle all
media, including social media contacts. Your plan should decide such questions
as "Do we make comments on the record? And "Who" makes these comments?" Witness
the PR disaster of Alstom, when it was recently debarred by the World Bank and
a company spokesperson initially said that it was old news. Later the company
General Counsel released a statement saying, "Any comments that were previously
made by Alstom are not valid." Oops.
Blanco ends by noting that "crisis leadership is critical
to assess the company's situation and implement an effective strategy".
Moreover, in any crisis there is some opportunity to implement and demonstrate
improvement. Such action by a company will obviously help in any enforcement
action going forward, particularly with the Department of Justice (DOJ) and
Securities and Exchange Commission (SEC) in a FCPA enforcement action. At the
end of the day, if your CCO has a preparation and solution plan, you may be
able to limit the fallout if, and when, a compliance crisis occurs.
Visit the FCPA Compliance and Ethics Blog,
hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and
other forms of risk management for a worldwide energy practice, tax issues
faced by multi-national US companies, insurance coverage issues and protection
of trade secrets.
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2012
For more information about LexisNexis
products and solutions connect with us through our corporate site.