I recently had the chance to sit down with Mikhail Reider-Gordon, Managing Director of Global Affairs at Affiliated Monitors, Inc. (AMI), for a five-part sponsored podcast series. One of the key themes was why independence in monitors is so critical. A second key theme was the ongoing and continuing evolution of monitorships.
From her varied professional background Gordon has seen the continuing and ever-present need for independence by monitors and in monitorships. She noted that she has observed the selection of monitors “where their true independence is perhaps dubious.” There has also been a trend of “hiring former colleagues with their agencies or people that have worked with in the past by regulators.” This has led some commentators to accuse the process of cronyism but also that monitors may be more sympathetic to the enforcement side. This latter point has led many companies to shy away from monitorships when perhaps they could best use their assistance.
It has also led into what Gordon characterized as the “danger of informal sympathies” with “subtle influences that can remove true impartiality.” Gordon underscored that true neutrals are not as easily come by as many may have thought. Such informality can be found in so many of our human relationships, former law school classmates, work colleagues, friendships, even home or social background can play such a significant role in allowing dispensations to occur, all of which can impact success of combating noncompliance.
Additionally, “emotion driven exchanges, including values-based practices of solidarity and belonging and ubiquity.” She concluded that these issues are “not often visible to anyone outside and maybe not even consciously understood by those involved themselves, but it can certainly lead to the awarding a monitorship to an individual or firm that’s not genuinely independent.” All of this can lead to “a subtle spectrum here where informality and culture can allow biases to impact the value of the monitoring process before it is even kicked off.”
It is important that the monitor does not set out with a new agenda or most particularly is not concerned about retaining other business with an industry or company. This extends to not playing “gotcha” or coming into a monitorship with a regulators mentality. Rather, Gordon suggested that a monitor come in with an attitude of improvement or, in another word, remediation.
We turned to the issue monitors face perhaps not a recalcitrant company but one which genuinely believes they have done nothing wrong. Gordon emphasized the key is that there is still room for improvement. Even if a company begins from a “negative place” Gordon believes that one of the jobs of a monitor is “helping them get to an understanding that no compliance program is ever complete, that there are always improvements to be made.” Companies need to recognize where changes are occurring and monitors help in adapting to this change.”
Every company’s compliance program is in constant evolution. These changes could be driven by a wide variety of factors such as a change in a proposed marketing campaign, a new acquisition or merger, a new product or product line or an expansion into a new territory. Even a change in personnel can prompt revisiting elements of a program. Compliance and ethics programs need to be growing and changing constantly.
Gordon tied all this “back to understanding on ethical culture where informality can allow certain behaviors to slide into a negative situation.” It could be “a willingness to cross lines regarding a specific regulation or failing to see that the spirit of the laws are not being fully upheld in a particular entity.” All of this means a monitor “can start with the proposition that every compliance and ethics program can be improved and then move to address what changes have to occur that will demonstrate to the outside world company and to the regulator which is overseeing terms of settlement agreement. Let’s get you to that place and help you to understand the value of constant evolution and compliance and ethics program.”
Just as compliance programs and the role of the Chief Compliance Officer (CCO) have evolved, the situations involving a monitor have evolved. We began with a consideration of some of Gordon’s thoughts about how the intersection of law and technology, including privacy, data management and data bias are really driving the conversation with clients around oversight and monitorships. Gordon began with the trend and growth in monitoring entities that have violated data privacy laws. Interestingly, this can come not from any overt or even poor decision on a company’s part or action. It could be from a data breach or it could be they misuse data. Gordon pointed to misuse such as Facebook, under evolving privacy laws. Here Gordon related that “Companies are a little on the back foot.”
The reality is that the modern corporation, profit or non-profit turns on information and, from Gordon’s perspective, “a lot of entities have really not fully incorporated that into their overall compliance program structure. Monitors now are addressing both directly monitoring how an entity is handling their data, are well they are complying either with privacy laws or data security standard; as well as in other forms of monitorship where it is data intensive. There may be a personal identifying information or sensitive corporate information, sensitive IP and trade secrets. All that needs to be considered when monitors are working a company on a monitorship.”
The evolution of monitorships has also occurred around timing. Originally, monitors were brought in at the conclusion of an enforcement action. Now monitors are often brought in during and even before an enforcement action begins on a pro-active basis, to get out ahead of the problem. This can be to see if an issue exists or to remediate the issue before the conclusion of an enforcement action. If it is the former situation, it can help to prevent an enforcement action from even getting off the ground. If the enforcement action has already begun, the pro-active approach can help a company garner a declination or if one cannot be obtained prevent a multi-year, post-settlement monitorship from being mandated.
Gordon noted that through a pro-active monitorship, a company is “demonstrating to the regulator the seriousness. The company is demonstrating that they take this matter seriously, through this preemptive action. It is evidence there is genuine desire to comply with the letter and spirit of law. This means it can have real impact. This can lead regulators to conclude that the company is taking this matter seriously. This can lead regulators to basically conclude that all the resolution agreement needs to provide is to check their homework.”
It is this pro-active approach that allows a company to get out in front of things before a problem gets to a crisis point. Gordon noted, “we operate in a data-driven economy. There are new data privacy and security requirements and challenges up ahead. As a CCO, you may not be quite certain where that fit in to your overall compliance program. You anticipate one breach and you will suddenly find yourself in front of the FTC. That is the perfect opportunity to say maybe a proactive monitor coming in and helping us get a handle on how we ought to be addressing these risks on these problems before the crisis point.”
Gordan believes that such an approach not only has significant operational value but it can put an organization on the right footing with the regulators as it sets the right tone. But even more than simply the regulators (as important as they may be) are other internal and external stakeholders. Using such a pro-active approach, to find out where the vulnerabilities and threats are then reduce them; it leads all such stakeholder to feel like there is a plan for dealing with these ever-evolving laws and social expectations which could impact risk. Gordon concluded with “and that’s invaluable” for any business.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2019