|
 |
|||||||
|
|
|
|
|||||||||||||||||
|
|||||||||||||||||||
|
|
||||
|
Column
Permissible tactics, PR concerns, safeguards, and other considerations for boards in authorizing an investigation. By Ellen Zimiles and Scott Moritz The scandal embroiling the Hewlett-Packard board of directors has brought the subject of corporate internal investigations to the fore in the media and in corporate governance circles. Indeed these recent events are enough to have made some management and directors somewhat reticent about using outside investigators. Yet one thing remains undeniably clear: Companies will continue to be obligated to conduct internal investigations when they are in receipt of allegations of fraud or misconduct. At the same time, board members have become increasingly aware that they must uphold the highest level of integrity and ethical standards as they exercise their responsibilities to the company and their shareholders. What the H-P case has brought into focus for many is the importance of achieving a better understanding of the methods typically utilized by investigators working on behalf of the board. Such awareness training should include both the legal boundaries that should be observed and the potential for public relations debacles should details of actions taken reach the press. A good first step for boards to take as they make decisions about authorizing internal investigations is for the directors to review the company’s code of conduct. It is important to remember that the code of conduct isn’t simply an employee handbook; rather it constitutes the rules of behavior that govern the entire organization from the top down. The Gray Area As an investigative tool, pretexting, defined as an effort or strategy intended to conceal something, is often a permissible method to employ in obtaining certain types of information and one which H-P used. In fact, it can be a very valuable technique. Some information and modes of behavior, however, are clearly out of bounds and can lead to criminal and civil liability for both the investigators and the clients who benefited from information obtained through illegal or unethical means. For example, impersonating law enforcement or government officials is not permissible under any circumstances. Using any form of pretexting to obtain bank or consumer credit information in the U.S. is never appropriate. (Many states have recently enacted identity theft laws which make it unlawful to impersonate someone to get sensitive individual consumer information such as credit card information, phone records, utility information, and user IDs and passwords for various accounts.) Although it has not been alleged in the H-P matter, impersonating a journalist in an effort to get information from other journalists can do long-term damage to a company’s reputation. In addition to pretexting, it has been revealed that several journalists were the subject of an investigation authorized by H-P’s board. Investigating journalists in general is an area in which even the law enforcement community, which has much wider latitude in the conduct of investigations than the private sector, has traditionally observed strict constraints. Permissible Tactics In the H-P matter, there were methods that could have been employed that would likely not have sparked controversy. For example, the telephone, computer networks and email system belonging to H-P are company property and there is no expectation of privacy on the part of employees and officers using them. Phone records, emails and the files stored on local hard drives and network servers can be analyzed by the company or third parties acting at its direction without the consent of the users. The company’s investigators can likewise freely scrutinize mobile phones and handheld devices belonging to the company and home and mobile telephone bills submitted for expense reimbursement without the user’s permission. PR Concerns In addition to legal boundaries, public perception is a very real consideration with internal investigations. One has to put the situation through an ethical litmus test. How would a given action read on the front page of a newspaper? Is it something the company would be proud to be known for? What if it winds up in court? One example of a legal investigative technique that might raise ethical questions is the use of “trash covers” or “dumpster diving.” A “trash cover” is the law enforcement term for sifting through a person or company’s trash. Although it may be perceived as unseemly, removing household trash after it has been placed at the curb is usually lawful. Paying a custodian to gain access to the trash of office trash receptacles or a dumpster on private property is generally not. Safeguards Underlying consideration of all these hypotheticals is a resounding necessity: Board members and senior executives must understand the methods employed by investigators and outside counsel when undertaking internal investigations. They can be held accountable for any misdeeds. The identity of the investigative firm or firms, whether they use subcontractors and who those subcontractors are, and whether they have indicated in writing that they have familiarized themselves with and agreed to abide by the company’s code of conduct are all areas that will be critical if a controversy arises. Mastery of such issues should become standard procedure. In addition, it is a good practice to request a detailed work plan from the investigative firm and then subject the work plan to thorough review prior to authorizing the start of the investigation. Any investigative steps that the board expresses concern about should be discussed with legal counsel. Indeed, the vast majority of internal investigations should be undertaken at the direction of outside counsel to allow the company the protections afforded them by the Attorney Client Privilege and the Attorney Work Product Doctrine. Fortunately, the vast majority of investigators adhere to a strict ethical code. Most are well versed in the legal and ethical boundaries guiding investigations. Their insights can be invaluable in guiding board members and senior executives as to risks inherent in the investigative process. A good investigator will caution clients and their counsel against using questionable investigative techniques or resources, and their input is a critically important part of the decision-making process. Areas of Risk While pretexting is currently in the spotlight, there are other key issues that in the current climate should be filtered through the company’s code of conduct and compliance programs. These issues are not confined to internal investigations but also include operational issues. Who would have thought once mundane issues such as executive compensation or foreign investment could lead to tremendous liability for violations of the Foreign Corrupt Practices Act (FCPA) or options backdating allegations? But there is no question that the Department of Justice’s increased enforcement of the FCPA and the options backdating scandal are areas of increased vulnerability for boards. Most risk in these areas comes from some combination of four elements: 1) employees and officers; 2) vendors and agents; 3) customers; and 4) business partners. Understanding the unique risks presented by each in a given transaction is central to the risk-mitigation process. For example, as U.S. companies invest abroad, U.S. officials seek viable solutions to enjoin potential violation of the FCPA. The design and implementation of an effective FCPA compliance program and corporate code of conduct, coupled with financial internal controls, can substantially abate a company’s risk of violating the Act. When considering entering overseas markets, seeking to win contracts with foreign governments, or entering into joint ventures outside the U.S., directors need to have a keen understanding of the nexus between these transactions and any foreign public figure. In many instances where a board was caught up in controversy surrounding their options granting practices, it is clear that the code of conduct and ethical litmus tests were not central to the decision making process. A Simple Solution At the end of the day, tone at the top is a critical measure of a company’s commitment to ethical corporate governance. How many board members can cite sections of the company’s code of conduct and compliance program that may be relevant to the subject under consideration by the board? Legal compliance, the code of conduct, and reputational considerations should guide every major decision undertaken by a board of directors. Boards that follow this simple practice are far less likely to be embroiled in scandal. It’s really that simple. Dos and Don’ts For Internal Investigations Do 1. Review the code of conduct and apply your own “ethical litmus test” 2. Insist on the investigator’s adherence to the code of conduct 3. Request a detailed work plan for board approval 4. Challenge the work plan on any areas of concern 5. Consider how it will read on the front page 6. Identify the risks in each board decision Don’t 1. Don’t be uninformed 2. Don’t let emotions dictate decision making 3. Don’t be bullied by other board members or their advisers 4. Don’t assume that it must be okay because it’s what was recommended 5. Don’t forget that you may be accountable |
|
|||
| Ellen
Zimiles is chairman and CEO of Daylight Forensic & Advisory LLC, an
independent fraud risk management firm conducting forensic
investigations and advising on regulatory compliance to corporations
and the public sector worldwide (http://www.daylightforensic.com).
She co-founded the firm in 2006 with Chief Operating Officer Joseph
Spinelli. She has more than 23 years of litigation and investigative
experience, with 10 years of law enforcement experience. Prior to
forming Daylight, she was a principal at a Big Four accounting firm,
where she served as coordinator for the forensic practice across all
industry segments, and as practice leader for the financial services
Industry. Zimiles is a leading authority on anti-money laundering,
fraud and public corruption matters both domestically and
internationally, and speaks frequently on these matters in banking,
legal, compliance and academic platforms. Zimiles also served as the
independent financial auditor for the International Brotherhood of
Teamsters as part of a consent agreement in the U.S. District Court for
the Southern District of New York. Previous to her Big Four experience,
Zimiles served for more than 10 years as an assistant U.S. attorney
hired by U.S. Attorneys Rudolph Giuliani and Mary Jo White in the U.S.
Attorney's Office for the Southern District of New York. Scott Moritz is executive director of Daylight Forensic & Advisory in the New York office. He has more than 20 years of complex investigative, forensic accounting, and law enforcement experience. Prior to joining Daylight Forensic, he was a director at a Big Four accounting firm, where he served as both director of corporate intelligence and leader of the data governance and privacy protection team for the forensic practice. He also previously served as senior managing director and anti-money laundering practice chair at a global investigative firm. For nearly 10 years, he served as a special agent for the Federal Bureau of Investigation. He is nationally recognized for his money laundering and asset forfeiture investigations expertise. He is a Certified Fraud Examiner, Certified Anti-Money Laundering Specialist and Certified Information Privacy Professional. Copyright © 2006 Directors & Boards, P.O. Box 41966 Philadelphia, PA 19101-1966. All rights reserved. Contact the webmaster. < Privacy Notice > |
|||||
