Government-imposed corporate monitors—once a rare occurrence in the U.S.—are now commonplace, not only with domestic regulators but also with regulatory agencies in various other countries, in connection with enforcement proceedings and prosecutions for criminal offenses such as anti-corruption violations and other misconduct. In 2016, DOJ imposed monitors in nine of the 35 deferred or non-prosecution agreements. James R. Copeland, Rafael Mangual, “The Shadow Regulatory State at the Crossroads: Federal Deferred Prosecution Agreements Face an Uncertain Future,” Manhattan Institute (June 27, 2017). These recent cases indicate, however, that by taking appropriate steps, companies can avoid a government-appointed monitor. See Jody Godoy, “Telia’s No-Monitor FCPA Deal Could Be a Model,” Law360.com (Sept. 28, 2017).
Even though government imposed monitors help organizations restore trust, recover from past misdeeds, and help prevent future legal and reputational damage, no company volunteers for a government-appointed monitor.
Here are five practical ways to avoid or narrow the scope of a government-imposed corporate monitor:
Assess the likelihood of the government demanding a monitor.
DOJ and SEC consider six factors when determining whether to impose a compliance monitor: (1) seriousness of the offense; (2) duration of the misconduct; (3) pervasiveness of the misconduct, including whether the conduct cuts across geographic and/or product lines; (4) nature and size of the company; (5) quality of the company’s compliance program at the time of the misconduct; and (6) subsequent remediation efforts. See DOJ and SEC, “A Resource Guide to the U.S. Foreign Corrupt Practices Act” p. 71 (2012).
As they involve historical events, counsel and companies cannot alter the seriousness, duration and pervasiveness of the misconduct. Nevertheless, as the investigation unfolds, counsel and company should anticipate the government’s perspective on these issues.
Similarly, the pre-existing corporate compliance program is historical in nature. As to this issue, counsel and companies should consider and develop candid responses to DOJ’s guidance on questions the government will ask when it evaluates the effectiveness of the program at the time of the incident. See DOJ, Criminal Division, Fraud Section, “Evaluation of Corporate Compliance Programs” (February 2017).
Perform timely and comprehensive remediation.
Timely and comprehensive remediation is perhaps the most important step that counsel and companies can take to avoid a monitor. Effective remediation coupled with implementation of an effective ethics and compliance program increase the chances that prosecutors and regulators can conclude that a monitor is not needed.
Speed is important. The government expects the company to undertake remediation efforts immediately upon learning of misconduct. Companies too often delay remediation until after the investigation is completed. To address privilege concerns, many companies create separate investigative and remediation work streams. As a practical matter, the remediation team does not have access to privileged information.
As to remediation, expect the prosecutors and regulators to consider: (1) competence and independence of remediation team; (2) timeliness; (3) quality and depth of the root cause analysis; (4) efforts to root out other misconduct by the perpetrators or similar misconduct by others in the organization; (5) adequacy, design and operating effectiveness of corrective measures; (6) discipline of primary and secondary actors; and (7) independent assessment of the remediation program and corrective measures. See Jonny Frank, “Remediation,” Litigation Services Handbook: The Role of the Financial Expert, 5th Ed., Chapter 13A, Roman L. Weil, Wiley (October 2015).
Obtain pre-settlement third-party assessment or certification.
It’s one thing for the company to self-certify; it’s significantly more compelling when an independent third party evaluates the design, audits the operating effectiveness and opines on the company’s efforts to remediate its misconduct by implementing an effective ethics and compliance program designed to prevent and detect future violations.
The third-party team, of course, needs to be independent and enjoy credibility with the relevant prosecutors and regulators. While the team need not be large, it should be multidisciplinary and include experts in audit, data, ethics and compliance, and the industries and markets in which the company does business. The team should also follow an established framework and methodology familiar to the prosecutors and regulators. In the United States, for example, it is common to apply the 2013 COSO Internal Control─Integrated Control Framework and relevant PCAOB and AICPA audit standards. Like remediation efforts, pre-settlement, third-party certification provides for a sense of assurance to prosecutors and regulators in concluding against the appointment of a compliance monitor.
Appoint a self-imposed monitor.
As the old adage goes, “If you can’t beat ‘em, join ‘em.” The seriousness, duration, and pervasiveness of the misconduct are sometimes so severe that remediation and even a third-party pre-settlement certification will not save the organization from a government-appointed monitor. In those situations, counsel and the company should consider voluntarily appointing a monitor—a strategy that seems to be gaining popularity outside the U.S. Barclays Capital, Daimler and Rolls Royce all successfully implemented this strategy when confronted with corruption-related investigations. In these matters, in lieu of appointing a new monitor, the government permitted the companies to retain independent third parties that were engaged previously by the companies to review ethics and compliance programs. More recently, Petrobras and Airbus have made similar moves, appointing independent third parties to handle investigations into allegations of corruption.
The terms of the self-imposed monitor should model terms that the prosecutor or regulator ordinarily requires. The DOJ, for example, typically requires that the compliance monitor be independent and have demonstrated expertise with respect to the particular industry, applicable laws, corporate compliance, and the ability to access and deploy appropriate resources. DOJ also requires its monitors to develop work plans and, ultimately, certify whether the company has reasonably designed and implemented effective remediation and ethics and compliance programs and controls. In selecting a self-imposed monitor, companies should require similar terms to avoid the government insisting upon a post-settlement monitor.
Seek to manage the scope of the monitorship.
If the company cannot avoid a monitor, it may be able to control who is appointed and the scope of the monitorship. DOJ policy, for example, allows the company to submit three candidates to serve as monitor. Companies should nominate candidates who; understand that monitor’s role is forward-looking; appreciate the difference between an independent and adversarial mindset or approach; and understand that monitors, like auditors, can rely upon the company’s work product and resources. Ask candidates to submit a draft of work and staffing plans to gauge their experience and approach.
An inevitable, but often hidden cost of a monitorship is the internal disruption of working with a monitor—anticipating and ensuring they get what they need as efficiently as possible. While retaining an internal monitor liaison, a leader of the PMO, may seem a superfluous cost burden, the savings on internal disruption, miscommunications and time spent in the monitor’s learning curve should easily offset such costs.
Finally, if possible, tailor scope to the nature of the misconduct. In corruption cases, for example, try to focus the monitor’s scope on the specific incentives and means that the company employed.
Recent DOJ speeches and news reports indicate there is a growing sense among prosecutors and regulators that companies want to “do the right thing” when it comes to corporate compliance. DOJ has indicated it will continue to reward companies for implementing effective compliance programs. While it is unlikely that regulators will move away from imposing monitors altogether, it is important for companies to undertake proactive efforts to ensure that they are doing everything possible to prevent misconduct and remediate any incidents that do occur. If recent examples are any indication, these actions can make a significant difference in the outcome.
Jonny Frank is a partner with StoneTurn and leads the firm’s New York office. He serves as the business ethics and compliance monitor to Deutsche Bank AG and as the executive deputy compliance monitor to Volkswagen AG. Simon Platt co-founded StoneTurn in 2004 and is the firm’s chairman. He currently serves as forensic adviser to the monitor of a Tier 1 automotive supplier and a regional accounting firm.