Ted Lindsay died Monday. He was the final surviving member of the famed Detroit Red Wings Production line to pass away. The Production Line led the Red Wings to four National Hockey League (NHL) titles in the 1950s. According to his New York Timesobituary, “the Red Wings won the Stanley Cup in 1950, defeating the Rangers, 4 games to 3; in 1952, sweeping the Montreal Canadiens, 4-0; and in 1954 and 1955, beating the Canadiens each time, 4-3. In 133 playoff games, Lindsay had 47 goals and 49 assists for 96 points.” Lindsey was mean SOB but as Hall of Fame referee Bill Chadwick once said, “Ted was a mean hockey player but he was the kind of guy I would have wanted to play for me. He’d do anything to get the puck in the net.” Now reunited with Gordie Howe and Sid Abel in the great ice in the sky, I hope you boys are scoring some goals.

The call, email or tip comes into your office; an employee reports suspicious activity somewhere across the globe that might well turn into a Foreign Corrupt Practices Act (FCPA) issue for your company. As the Chief Compliance Officer (CCO), it will be up to you to begin the process to determine, in many instances, how the company will respond going forward.

This scenario was driven home in a FCPA enforcement action brought by the Securities and Exchange Commission (SEC) in July 2015 involving Mead Johnson Nutrition Company (Mead Johnson). In that case, the company performed two internal investigations into allegations that its Chinese business unit was engaged in conduct which violated the FCPA. Unfortunately, the first investigation, performed in 2011, did not turn up any evidence of FCPA violations. It was not until 2013, when the SEC made an inquiry to the company that it performed an adequate internal investigation which uncovered FCPA violations.

Similarly, consider Zimmer Biomet Holdings Inc., which (when it was only Biomet) resolved an FCPA violation in 2012 for nearly $23MM and entered into a Deferred Prosecution Agreement (DPA). Within the year, Biomet notified its Monitor that it had found evidence of additional FCPA violations, which in turn violated the terms and conditions of the DPA. However, these additional violations by the company turned out to have been actions which occurred in 2010, well before the initial DPA but were not uncovered in the company’s worldwide investigation which led to the first settlement. Zimmer Biomet paid an additional $13MM for this oversight and extended out both the DPA and the Monitorship, all because the company had failed to fully investigate itself thoroughly.

The 2012 FCPA Guidance states the following on investigations, “Moreover, once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” That is simply it. This simple introduction was expanded upon in the Department of Justice’s (DOJ) Evaluation released in February. Prong 7 in the makes the following inquiries:

Effectiveness of the Reporting Mechanism How has the company collected, analyzed, and used information from its reporting mechanisms? How has the company assessed the seriousness of the allegations it received? Has the compliance function had full access to reporting and investigative information? 

Properly Scoped Investigation by Qualified Personnel How has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented? 

Response to Investigations Has the company’s investigation been used to identify root causes, system vulnerabilities, and accountability lapses, including among supervisory manager and senior executives? What has been the process for responding to investigative findings? How high up in the company do investigative findings go? 

The Mead Johnson and Zimmer Biomet matters are but two examples which make clear the need to have robust, integrated investigations. Marc Bohn, writing in the FCPA Blog, said about the Mead Johnson matter, “Investigations that lack sufficient depth, resources, or forethought can pose significant risk because they increase the likelihood that something critical will be overlooked, potentially permitting misconduct to continue unabated.” Both Mead Johnson and Zimmer Biomet point to the critical nature of FCPA investigations and why the government takes this requirement so rigorously. But more than protecting a company from liability under the FCPA, the internationalized world of global compliance investigations are becoming more important. Bio-Rad Laboratories, Inc., recently announced that its FCPA settlement was a “risk-factor” which required public disclosure under US securities law.

In the domestic arena, internal investigations can go a long way towards helping a company move past a public relations debacle or perhaps abate negative publicity. One need only consider the recently released internal investigation report commissioned by the Wells Fargo Board of Directors around the bank’s fraudulent accounts scandal. The report was merciless in its criticism of certain structural and cultural failures at the bank. It named names of culpable former senior executives at the company. However, one thing it did not address were allegations from multiple whistleblowers who claimed to have reported the fraudulent conduct and were ignored or actively retaliated against. If the internal investigation turns out to have white washed these whistleblowers, the financial penalty and negative public reaction could be both swift and severe.

Corruption investigations are never a good thing for a company as they can disrupt business relationships and future opportunities. Yet today they are even more important. It is necessary to create, design and implement a robust investigation protocol for an internal investigation and determine when you should bring in outside counsel for an independent investigation. Further, you must consider the Board of Director’s role in investigations and other corporate functions such as internal audit, IT and legal in any investigation. Finally, do not disregard special issues such as privilege, Upjohn and Miranda warnings and data privacy.

Lastly, it is prudent to recall Hallmark Seven of the Ten Hallmarks of an Effective Compliance program which states, in part, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation” so take time to also review your hotline protocol, from implementation to its use in your best practices compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2019