The FCPA Guidance has about as clear, concise and short a statement about hotlines than any other Tenet of an Effective Compliance Program. It states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” But more than simply hotlines, companies have to make real efforts to listen to employees. But you must spend time working on this issue. You need to have managers who are trained on how to handle employee concerns; they must be incentivized to take on this compliance responsibility and you must devote communications resources to reinforcing the company’s culture and values to create an environment and expectation that managers will raise employee concerns.

The reason is that its own employees are a company’s best source of information about what is going on in the company. It is certainly a best practice for a company to listen to its own employees, particularly to help improve its processes and procedures. But more than listening to its employees, a company should provide a safe and secure route for employees to escalate their concerns. This is the underlying rationale behind an anonymous reporting system within any organization. Both the US Sentencing Guidelines and the Organization of Economic Cooperation and Development (OECD) Good Practices list as one of their components an anonymous reporting mechanism by which employees can report compliance and ethics violations. Of course, the Dodd-Frank Whistleblower provisions also give heed to the implementation of a hotline.

What are some of the best practices for a hotline? I would suggest that you start with at least the following:

  1. Availability.
  2. Anonymity.
  3. Escalation.
  4. Follow-Up.
  5. Oversight.

In this area is that of internal company investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Furthermore, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

I would emphasize, yet again, that after your investigation is complete, the Fair Process Doctrine demands that any discipline must not only be administered fairly but it must be administered uniformly across the company for a violation of any compliance policy. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

What is your FCPA Investigation Protocol?

With the advent of the Securities and Exchange (SEC) Whistleblower Program, courtesy of Dodd-Frank, it is imperative that a company quickly and efficiently investigate all hotline reports. This means you need an investigation protocol in place so that the entire compliance function is on the same page and knows what to do. The following is a suggested starting point.

Step 1: Opening and Categorizing the Case.

Step 2: Planning the Investigation.

Step 3: Executing the Investigation Plan.

Step 4: Determining Appropriate Follow-Up.

Step 5: Closing the Case.

Three Key Takeaways

  1. Pre-taliation is becoming a more important SEC enforcement tool.
  2. Test your hotline on a regular basis to make sure it is working.
  3. Utilize social media for both tips and reports and to spot trends.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.


In this episode I visit with Juliet Lui as we discuss how to best handle small and medium investigations in an efficient and cost effective manner. We discuss how such matters often slip through the cracks as they are not perceived as high profile yet can cause significant problems if allowed to fester. We discuss methodology, costs and deliverables. Lui details two case studies to emphasize how important small and medium investigations can be as they often uncover larger and more critical problems and issues.

In this episode, I visit with white collar defense specialist Sara Kropf, founder of the Kropf Law Firm. She discusses defending corporate executives and employees who are caught up in corporate internal investigations which may be turned over to the government. She discusses how the Yates Memo has changed the relationship between such employees, their counsel and the company. She blogs at Grand Jury Target blog.

Some of the issues we explore include the following.

  1. What are the obligations of inhouse counsel to inform an employee of his or her potential 5th amendment rights before an interview?
  2. Does the DOJ emphasis on internal investigations turn outside counsel to a de facto arm of the government for criminal procedure purposes if there is a chance the internal investigation will be disclosed to the government?
  3. What should a company do if the DOJ instructs them to stand down and allow the government to interview an employee?
  4. What should a company do if an employee refuses to answer questions or even meet with internal investigators?
  5. What happens is an employee who refuses to meet with company investigators runs to the government to either (1) present their own version of the facts to the DOJ or (2) cut a deal to avoid or lessen prosecution?
  6. What are the different types of proffers?
  7. Why indemnification is critical for senior executives and employees?

qtq80-OqbmVYThe second day of the SCCE Compliance and Ethics Institute (CEI) Conference began with Principal Deputy Associate Attorney General Bill Baer providing remarks. After opening with how aggressively the Department of Justice (DOJ) had prosecuted banks for illegal activity during the 2008 financial crisis, he turned to a more compliance focus subject matter; that being what constitutes extensive cooperation under the DOJ Foreign Corrupt Practices Act (FCPA) Pilot Program and, more broadly, which would allow a company to receive a reduction in a fine or penalty.

Most interestingly he said that DOJ consideration for cooperation credit is only available where an entity has satisfied the requirements of the Yates Memo which he termed the “department’s Individual Accountability policy.” To meet this initial threshold, companies who want credit for their cooperation must disclose all facts relating to the individuals involved in the wrongdoing, no matter where those individuals fall in the corporate hierarchy. He stated, “We will not credit cooperation unless this threshold requirement has been met.”

He went on to give the general disclaimer that while each investigation and defendant will be treated differently, there were some common elements the DOJ has observed. The first is that the cooperation should be proactive; that is, the company should materially assist the DOJ, including by disclosing facts that are relevant to the investigation, even when not specifically asked to do so. This could mean such things as a “company describing its own conduct and pointing us to inculpatory documentary evidence, such as emails and text messages.” It could also mean providing documents or access to witnesses that the department might not have obtained through its subpoena power. Somewhat more troublingly, Baer also said such cooperation could be “providing information that the government did not know about or did not recognize would be significant.”

He provided some examples where cooperation with the DOJ makes case administration easier and more efficient for the DOJ. These Instances included providing summaries of evidence that were designed to specifically to assist the government’s investigation; providing data compilation to the DOJ in a manner which is helpful and that the DOJ could not readily achieve on its own. It also included encouraging individuals with knowledge of the relevant conduct to cooperate with the investigation. Finally he listed providing information that might otherwise not have been discovered in the ordinary course of the investigation.

Baer cautioned that another linchpin is timeliness of the cooperation. If it is in the early stages of an investigation it is substantially more helpful than cooperation after the DOJ has “invested significant time and energy in exposing problematic conduct.” The corollary to this is that “little or no cooperation credit will be afforded in situations where the supposed cooperation occurs after the department has completed the bulk of its investigation.” One can think back to both the Weatherford and Total FCPA enforcement actions, where the companies actively resisted the DOJ’s investigation until at some point they ‘got it’ and began to actively cooperate.

This series of remarks ties into something observed in the Nortek Corporation FCPA enforcement action, where the company self-reported to the government even before completing its internal investigation. Baer said that a company should come in as early as it possibly can, even if it has not completed an internal investigation. He did acknowledge that “A company will not be disqualified from receiving cooperation credit simply because it doesn’t have all the facts lined up on the first day; rather, under those circumstances, we expect that cooperating companies will simply continue to turn over the information to our lawyers as they receive it.”

Turning to the quality of the information provided, Baer said that a company (or individual for that matter) would be considered for credit where it provides information that allows the DOJ to obtain conclusions that are more significant. He explained, “where a cooperator enables the government to pursue conduct that might not otherwise have been addressed. This type of cooperation may involve detailing relevant conduct by a different party (or parties) participating in the same or similar scheme or that enables the department to net greater recoveries.”

He went on to add that a company could take other actions which could lead to a reduced fine or penalty or even a declination to prosecute. They turned on situations where a company acknowledged the responsibility for it negative actions. He also noted a key factor could be a company’s efforts to help assist victims of the illegal conduct. Baer conceded, “These actions are distinct from cooperation, which is focused on helping us uncover and understand the underlying conduct.  But they can be important additional factors in the department’s determination of an appropriate outcome.”

Baer also had some cautionary remarks around cooperation. He stated, “not every interaction between the government and a party under investigation will constitute cooperation.” He then provided an example from the DOJ’s enforcement action against “the RMBS banks, mere compliance with legal requirements such as subpoenas, or one-sided presentations urging the department to decline an enforcement action, do not measure up. Indeed, the department may view some such activities – including the belated provision of information that an entity was legally obligated to produce – as impediments to investigative work rather than genuine examples of cooperation.”

No doubt drawing on his inner Potter Stewart, Baer concluded with the ubiquitous remark, “We know meaningful cooperation when we see it.” He went on to cite a recent matter involving an un-named prescription drug chain that overbilled the government for orders of prescription drugs that were never picked up by customers. He said that the evidence involved handwritten pick-up signature logs kept at the cash registers of thousands of pharmacies and noted, “The company decided to cooperate early and in ways that mattered. In addition to the thousands of pages of the handwritten logs, the defendant produced extensive spreadsheets reflecting the information on the logs. To accomplish this, the defendant had a team enter the information line by line into a format where it could be analyzed. The defendant also shared its analysis using the information from the logs. This effort avoided the need to spend months and significant government resources tabulating the logs.”

From these remarks it is clear that the DOJ expects no adversarial relationship if you self-disclose and want cooperation credit. It was unclear from these remarks if that would also include the negotiations of any proposed fine or penalty. It will be interesting to see what happens to Telia Company AB and Deutsche Bank in their negotiations as they both balked at paying the originally proposed fine, stating they were simply the DOJ’s “opening demand”. If they actively fight the fine amounts, I wonder if it will penalize their cooperation credit.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2016

knew-all-alongYou know it is going to be a very bad day when, as a company’s Chief Executive Officer (CEO), you receive a letter asking the following, “Specifically, the committee should thoroughly examine this issue, including: How it is possible that more than 5,000 employees could bilk customers over the course of five years; the timing, extent and disposition of customer complaints; whether Wells Fargo’s sales and compensation structure incentivized employees to engage in deceptive and abusive practices; and what additional safeguards may be needed to prevent this type of behavior.”

That language came out of a letter from Senate Banking Committee Chairman, Richard Shelby, and was quoted in a New York Times (NYT) Dealb%k column by Andrew Ross Sorkin, entitled “The Brazen Sham No One Noticed”. To Senator Shelby’s questions, Sorkin added a rather obvious one “What, exactly does a risk manager at Wells Fargo do?” For myself, one of the most basic questions was simply how could some 2 million fraudulent accounts, involving both products and services, be opened and no one notice?

It turns out that the problem for Wells Fargo is not that no one noticed that sales representatives had been fraudulently cross-selling for years. The greater problem for the bank was that it was well known within the organization for years and it was never stopped. In a Wall Street Journal (WSJ) article by Emily Glazer, entitled “Wells Fargo Tripped By Its Sales Culture”, she noted, “Questionable sales tactics persisted, though, and were an open secret in Wells Fargo branches across the country.” She wrote that the bank began asking questions internally about “an uptick in bad behavior” as far back as 2009 when sales spiked during one month’s Jump into January sales program. She noted, “For five years, Wells Fargo conducted investigations into improper practices, hired consultants and tinkered with sales and compensation incentives.”

Surveys, Assessments and Internal Investigations

In 2010 “employee-satisfaction surveys done for Wells Fargo by research firm Q & A Research Inc. showed that some bank employees felt uncomfortable about what managers had asked them to do or when pushing customers to buy products.” In 2012, the “Wells Fargo’s community-banking unit assembled a special task force to look for suspicious patterns in sales practices and examine areas of the U.S. where customer complaints were prevalent, such as Southern California, according to current and former bank executives.”

There was an assessment in 2013 after some 200 Wells Fargo employees were fired for fraudulent practices around cross-selling. After some directors and executives wondered if the real problem was the bank’s cross-selling culture and not the terminated employees; it was determined that it was simply ‘rogue employees’. An anonymous source for the WSJ piece said, ““When we first started looking at it, we didn’t think it was anything other than rogue junior players and a few rogue managers””. Even with this finding, the bank’s risk management team “increased its oversight and audit capabilities” over the community banking unit.

In 2015, the bank hired Accenture and the venerable law firm Skadden, Arps, Slate, Meagher & Flom “to conduct an internal investigation”. The Board was regularly briefed on the investigation’s progress. As a direct result from this internal investigation “the bank lowered some sales goals and toughened new procedures to ensure that new accounts were legitimate.” After the Los Angeles District Attorney “alleged that Wells Fargo pressured retail employees to commit fraud”, the bank “hired consulting firm PricewaterhouseCoopers to do an in-depth analysis. About a dozen PwC employees worked on the project for about a year, discovering fraudulent sales practices that were prominent in Phoenix, Miami and Newark, N.J.”

Compliance and Ethics Training

Then there was compliance and ethics training. In another NYT Dealb%k column by Michael Corkery and Stacy Cowley, entitled “Warned About Excesses, Then Prodded to Sell”, they wrote, “The message to the dozens of Wells Fargo workers gathered for a two-day ethics workshop in San Diego in mid-2014 was loud and clear: Do not create fake bank accounts in the name of unsuspecting clients. Similar warnings were being relayed from corporate headquarters in San Francisco to regional bankers in Texas, as senior management learned that some Wells employees had been trying to meet exacting sales goals by creating sham bank accounts and credit cards instead of making legitimate sales.”

How seriously was the training taken? In her WSJ piece, Glazer reported the following, “At a sales meeting in Florida in 2014, Wells Fargo & Co. regional executives scolded lower-level managers about an obvious problem that kept cropping up at the bank. Managers were told that their employees should never open accounts for people who don’t exist, people familiar with the meeting recall. One manager in the room saw things differently. In an email peppered with exclamation points and capital letters, she urged her employees to ignore the bosses and get sales up at any cost, says someone who saw the email.”

Internal Reporting of Illegal Activity

Instances where Wells Fargo employees attempted to speak up about unethical or even illegal behavior were met with indifference or outright hostility. Khalid Taha, a former employee was quoted “They warned us about this type of behavior and said, ‘You must report it’ but the reality was people had to meet their goals.” Another former employee, Ruth Landaverde was quoted in the WSJ piece as saying, “If somebody said: ‘This doesn’t make sense. Where are you getting these sales goals?’ then [the response] was: ‘No, you can do it’ or ‘You’re negative’ or ‘Oh, you’re not a team player’. She says she often got the same response whenever she said a customer didn’t need another credit card. “The answer was: ‘Yes, they do,’” she says. She quit after being warned she wasn’t reaching her sales goals, she says.”

It does appear that the CEO was made aware of the illegal conduct at Wells Fargo. One Wells Fargo employee reported the unethical conduct in an email directly to CEO Stumpf. As reported from the Senate Banking Committee hearing, in an exchange between Stumpf and Senator Robert Menendez, who read an email that he said was written in 2011 by a Wells Fargo employee reporting concerns about cross-selling pressure directly to the CEO. Mr. Stumpf said “I don’t remember that one.” Mr. Menendez replied: “Well, she was fired.” Yet, in his testimony CEO Stumpf said he was made aware of the problem in 2013 and the Board was informed in 2014.

External Reporting of Unethical Conduct

Of course, the real losers in all this illegal and unethical activity were the banks customers, who received the unwanted and, in some cases, unknown services and products. Yet these same customers also reported the actions to the bank and nothing came out of this information. Corkley and Cowley reported one former Wells Fargo employee who, “fielded complaints from customers about questionable accounts until shortly before he left the bank this summer. He said bank managers had grown weary of writing up reports on potentially improper sales.” He said that it was “like jaywalking,” and “hard to police.” Other customers interviewed for the piece spoke about the difficulties in cancelling credit and debit cards they “didn’t know about and didn’t want.”

Some questions not yet answered

If every customer was contacted to obtain or use up to eight product or services, one might wonder about credit risk? Sorkin did when he listed several questions posed to him by Richard Bove a research analyst. The questions included, “What does this indicate about the bank’s underwriting policies? Can anyone have a Wells credit card without any checks being made concerning that person’s ability to make payments for debt created using this card?” And what does this say about the information the company has reported to investors and regulators? The bank also apparently opened 1.5 million false transaction accounts? Does this mean that accounts can be opened with no balances? What does it say about the willingness of the bank to operate with accounts on which it makes no money? What policies and procedures at this bank allowed this to occur?””

So, in spite of all the investigations, auditing, assessments, internal and external reporting how could Wells Fargo have allowed this problem to grow? Perhaps the most concise answer came from Glazer who, in another WSJ piece, entitled “On the Way to ‘Great,’  Six Products Per Customer”, wrote that in the bank’s 2010 annual report, CEO Stumpf “said he often was asked why Wells Fargo had set a cross-selling goal of eight [products and services per customer]. The answer is, it rhymed with ‘great’ he wrote. “Perhaps our new cheer should be ‘Let’s go again, for ten!’”


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2016