Investigations should always being with the end in mind.
During an investigation, the board’s and audit committee’s goal should be to simply to get to the bottom of allegations as quickly as possible, either to substantiate or invalidate them, and the Supreme Court’s ruling on the Digital Realty Trust, Inc. has challenged us to up our game again. Candidly, we should all be revisiting our investigation process (See below for my overview) , from intake (Phase One) to remediation (Phase 5).
To ensure the investigation is successful, it must meet some key objectives: Thoroughness, Objectivity, Accuracy, Timeliness, and Credibility. That being said, not all internal investigations will result in regulatory involvement or litigation. However, understand that Regulators are skeptical of investigations where limits were placed on investigators, or those conducting the investigation are biased in any way – unconsciously or consciously. If the investigation is viewed as less than thorough, or lacks independence, its credibility is more likely than not undermined.
The SEC has always had the ability to consider a party’s cooperation in exercising its enforcement discretion, but it was not until the 2001 “Seaboard Report” that the SEC formally identified factors that it would consider in evaluating corporate cooperation. Concomitant with the aforementioned, the SEC issued a policy statement articulating a framework for evaluating cooperation by individuals in the Commission’s investigations and actions.
The SEC has set forth some of the criteria, which consist of 13 non-exclusive factors that reflect four “broad measures” of cooperation: self-policing prior to the discovery of the misconduct, prompt self-reporting, remediation and cooperation with law enforcement. These along with other factors will be considered in determining whether, and how much, to credit a company — from the extraordinary step of taking no enforcement action to bringing reduced charges, seeking lighter sanctions, or including mitigating language in documents we use to announce and resolve enforcement actions.
So if you’re a board or audit committee member you should ensure the investigation is independent, the scope is not restricted, you are familiar with the criteria that follows, and have answers, supported by complete, verifiable and timely evidence, to as many questions as possible outlined within the 13 non-exclusive factors. Because, if you think the see no evil, hear no evil, speak no evil tactic works, I can assure you it doesn’t.
1. What is the nature of the misconduct involved? Did it result from inadvertence, honest mistake, simple negligence, reckless or deliberate indifference to indicia of wrongful conduct, willful misconduct or unadorned venality? Were the company’s auditors misled?
2. How did the misconduct arise? Is it the result of pressure placed on employees to achieve specific results, or a tone of lawlessness set by those in control of the company? What compliance procedures were in place to prevent the misconduct now uncovered? Why did those procedures fail to stop or inhibit the wrongful conduct?
3. Where in the organization did the misconduct occur? How high up in the chain of command was knowledge of, or participation in, the misconduct? Did senior personnel participate in, or turn a blind eye toward, obvious indicia of misconduct? How systemic was the behavior? Is it symptomatic of the way the entity does business, or was it isolated?
4. How long did the misconduct last? Was it a one-quarter, or one-time, event, or did it last several years? In the case of a public company, did the misconduct occur before the company went public? Did it facilitate the company’s ability to go public?
5. How much harm has the misconduct inflicted upon investors and other corporate constituencies? Did the share price of the company’s stock drop significantly upon its discovery and disclosure?
6. How was the misconduct detected and who uncovered it?
7. How long after discovery of the misconduct did it take to implement an effective response?
8. What steps did the company take upon learning of the misconduct? Did the company immediately stop the misconduct? Are persons responsible for any misconduct still with the company? If so, are they still in the same positions? Did the company promptly, completely and effectively disclose the existence of the misconduct to the public, to regulators and to self-regulators? Did the company cooperate completely with appropriate regulatory and law enforcement bodies? Did the company identify what additional related misconduct is likely to have occurred? Did the company take steps to identify the extent of damage to investors and other corporate constituencies? Did the company appropriately recompense those adversely affected by the conduct?
9. What processes did the company follow to resolve many of these issues and ferret out necessary information? Were the Audit Committee and the Board of Directors fully informed? If so, when?
10. Did the company commit to learn the truth, fully and expeditiously? Did it do a thorough review of the nature, extent, origins and consequences of the conduct and related behavior? Did management, the Board or committees consisting solely of outside directors oversee the review? Did company employees or outside persons perform the review? If outside persons, had they done other work for the company? Where the review was conducted by outside counsel, had management previously engaged such counsel? Were scope limitations placed on the review? If so, what were they?
11. Did the company promptly make available to our staff the results of its review and provide sufficient documentation reflecting its response to the situation? Did the company identify possible violative conduct and evidence with sufficient precision to facilitate prompt enforcement actions against those who violated the law? Did the company produce a thorough and probing written report detailing the findings of its review? Did the company voluntarily disclose information our staff did not directly request and otherwise might not have uncovered? Did the company ask its employees to cooperate with our staff and make all reasonable efforts to secure such cooperation?
12. What assurances are there that the conduct is unlikely to recur? Did the company adopt and ensure enforcement of new and more effective internal controls and procedures designed to prevent a recurrence of the misconduct? Did the company provide our staff with sufficient information for it to evaluate the company’s measures to correct the situation and ensure that the conduct does not recur?
13. Is the company the same company in which the misconduct occurred, or has it changed through a merger or bankruptcy reorganization?
According to Latham & Watkins, numerous factors come into play in determining a cooperator’s fate, but three factors appear to be most significant in the SEC’s balancing process. Perhaps most obvious is the party’s culpability. Not surprisingly, more serious conduct, such as intentional fraud, will warrant more onerous terms, all other things being equal. This is especially true when the conduct is not limited to a single transaction, stretches over a period of time, or is the product of what the SEC perceives to be a company’s culture or lack of controls. There well may be situations where the conduct is sufficiently culpable that no amount of cooperation can avoid charges, but that cooperation credit is reflected in lesser terms. Note: No cooperation agreement provides a company with a free pass! Even if the SEC declines to bring charges, it could require disgorgement or other payment as part of the agreement.
Regardless of the company’s decision as to whether to cooperate or not, again it’s wise for the audit committee to have answers to as many questions as possible outlined within the 13 non-exclusive factors presented above. Additionally, boards of private and not-for-profit companies/organizations should be able to do the same.
I welcome you comments, thoughts, and opinions.