In 2022, companies are likely to see an increase in white collar and regulatory investigations and enforcement actions. Here are just a few reasons why this is likely to happen. First, in the late fall, Deputy Attorney General Lisa Monaco indicated that the Justice Department would bring a renewed focus on corporate crime and that the Department was “going to find ways to surge resources” to its prosecutors. In January, another senior Justice Department official, Nicholas McQuaid, said at a forum on the FCPA that the Department has “a very robust pipeline” of FCPA cases.
Second, the Antitrust Division has recently secured a spate of indictments against executives for wage fixing and labor market allocations. Most recently, on January 28, 2022, a grand jury indicted four owners and/or managers of home health care agencies for conspiracy to suppress wages and restrict job mobility of essential workers during the pandemic.
Finally, the SEC increased its number of enforcement cases by 7% in 2021 compared to 2020. This trend is likely to continue and possibly grow under the leadership of Chairman Gensler who has emphasized that his agency will be pursuing high-impact cases to send a message to the market that certain misconduct will not be tolerated.
To limit exposure to potential investigations and enforcement actions, companies should ask themselves — where are the risks? Where will investigators, regulators, and prosecutors look? The answer seems obvious. They will look in those places within a company where bodies are too often buried: internal audits, risk committee activities, whistleblower complaints, and Board of Directors meeting materials and minutes.
Experienced investigators, regulators, and prosecutors routinely look in these places because sensitive issues that are frequently flagged in these locations are often either ignored or inadequately addressed. Evidence found in these places is a powerful weapon in the hands of the government because, in essence, it constitutes an admission and often reaches top executives within an organization.
An effective internal audit program periodically will review a company’s policies and procedures to ensure that its compliance program is being appropriately implemented. A strong program will pay special attention to high-risk areas. For example, internal audit of a global bank will undoubtedly assess its AML and Sanctions compliance, while internal audit of a multi-national company is likely to examine its third-party vendors for FCPA compliance.
Weaknesses and deficiencies are often noted in internal audit reports offering a road map to known problems. These reports are typically shared with executives and, if significant enough, with senior leadership, as well as the Audit Committee of the Board.
If internal audit identifies a problem, remedial steps must be taken and the results documented. If an identified problem isn’t addressed, the report will show an awareness of a problem and leave a trail of breadcrumbs behind. In our experience, it is surprising how frequently an internal audit raises a real concern that doesn’t receive adequate attention.
For the same reasons, materials (including minutes and presentations) of the Risk Committee of the Board of Directors and other committees/groups within the company responsible for assessing risk should be periodically inspected to assess lurking regulatory issues. These committees are responsible for identifying and mitigating against behaviors that may constitute or lead to excessive risk taking. If regulatory risks are identified and inadequately mitigated or worse ignored, these materials will expose the company’s knowledge of existing issues that have not been addressed to the government.
Records relating to whistleblower complaints are another potential treasure trove for investigators, prosecutors, and regulators. An appropriate review of each complaint takes time and energy and sometimes requires deep expertise.
An unaddressed or overlooked complaint, however, may create serious economic harm, producing a potential existential threat to executives or worse to the company. For proof of harm caused by inadequately addressed whistleblower complaints, there is a long line of cases (e.g., Wells Fargo).
Companies would be wise to take periodic secondary look back reviews or audits of whistleblower complaints to ensure that they are being appropriately examined and resolved. This work is like buying an insurance policy and will provide a little piece of mind. It will also demonstrate to the government a company’s commitment to good compliance.
Board of Director Minutes and Presentation Materials
Gems are sometimes found in Board of Directors meeting minutes and presentation materials. They are the holy grail for the government when negative information is recorded there because knowledge then may be imputed to senior leadership. Occasionally, the Board may take positions, for example, that are inconsistent with its public litigation position, which may be reflected in these records. And when that happens it’s likely to be a home run for the government. Board minutes and materials should be periodically reviewed to ensure that the Board is appropriately addressing regulatory and compliance risks.
Because some or all of these sources of information result from necessary and in many cases required business processes, companies cannot avoid creating these records for the government. The only thing worse than not having these records is having them and doing nothing about them. Better to check these sources periodically to ensure that identified problems have been adequately addressed than to run the risk that the regulators will find the bodies before you do.