Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Congress and the Department of Justice (DOJ) are driving home an important point: A company's central management is ultimately responsible for any criminal conduct by its business divisions and employees, and must therefore implement policies and procedures to ensure that it promptly discovers and corrects any potential violations.
The Sarbanes-Oxley Act requires 'up-the-ladder' reporting by and within a company's legal department of suspected violations of law, to ensure that central management becomes aware of material violations and remedies them. See Sarbanes-Oxley Act of 2002, ' 307, Pub. L. No. 107-204, 116 Stat. 745, 784. Meanwhile, the DOJ recently issued 'Principles of Federal Prosecution of Business Organizations.' (Available on the U.S. Department of Justice Web site at http://www.usdoj.gov/usao/eousa/foia_reading_room/usam/title9/crm00162.htm.)
The DOJ Principles explain that the likelihood a corporation will face criminal prosecution depends upon, among other things, 1) pervasiveness of criminal conduct within the corporation, including the extent to which central management was aware of and/or condoned any wrongdoing; 2) the corporation's history of criminal conduct; 3) the corporation's timely and voluntary and disclosure of wrongdoing and willingness to cooperate; 4) the existence and adequacy of compliance programs; and 5) the corporation's remedial efforts, including discipline of responsible individuals. Taken together, these factors make clear that central management must quickly come to grips with any criminal violation, and that it will ultimately bear the responsibility for the failure to do so.
The increased requirement of centralized accountability created by Sarbanes-Oxley (and further emphasized by the DOJ Principles) presents a particular problem for United States issuers with multi-national units and extensive overseas operations. For such corporations, the combination of widely dispersed, often decentralized operations and variations among the legal and cultural norms in which the corporations do business creates a significant risk that material violations of U.S. laws may not be reported to central management, and may therefore escape remediation.
Multinational businesses are especially vulnerable to violations of certain U.S. laws, such as the Foreign Corrupt Practices Act of 1977 (FCPA), 15 U.S.C. ” 78dd-1, et seq., and laws prohibiting money laundering. If enough such violations go unreported, there may arise the kind of 'pervasive' and unremediated wrongdoing that is almost certain to trigger the wrath of prosecutors and bring serious consequences for the company, its senior management and its attorneys.
Experience tells us that no one solution is right for all companies, but certain guideposts are useful in helping inside counsel evaluate how best to structure their compliance efforts. First, given the DOJ's emphasis on effective compliance programs and the overall importance of 'up-the-ladder' reporting, companies must promulgate written policies designed not only to prevent wrongdoing, but also to ensure that when bad acts occur, they are immediately reported to central management. Such policies must be articulated to employees (through training in their own language) and enforced through periodic audits and consistent discipline when violations occur. Second, once policies and procedures are in place and suspicious activities are detected, central management must play a role, along with outside counsel, in investigating and correcting those activities.
Once a red flag is found, central and local management each will want to supervise the investigation. Resolving competing claims to primary jurisdiction often presents difficult issues, and the 'right' answer may differ from company to company, country to country, and situation to situation. The proper assignment of responsibility depends on the facts of each case, including specific local or regional sensitivities, the propriety and effectiveness of local management's past conduct, and the ability of local management to carry out an 'independent' review, free of real or perceived conflicts of interest.
Important Areas for International Compliance Programs
Here are some practical suggestions, using the FCPA as an example.
'Red Flags and Iceberg Tips'
What is the best response when a local (foreign) business unit has reason to believe corporate policy and the FCPA/OECD may have been violated? It is prudent to have a mechanism for rapid consultation between local and central management and to use it before launching an investigation from the U.S. Local management, including the local legal team, speaks the language, knows the people, knows the customs, and will have easy access to witnesses and documents, as well as to forensic resources.
On the other hand, a centrally coordinated review may be essential if the suspect payments were large or frequent. Local management may appear to have a 'conflict' in investigating itself. More important, the key question under the FCPA and Sarbanes-Oxley is whether upper U.S. management is involved in the activity. While this question creates a potential conflict too, it also makes clear why central review is so important. The watchword in all of this is independence. Only a truly 'independent' review will satisfy the requirements of Sarbanes-Oxley and the DOJ standards today.
Independence does not mean that the review can only be conducted by outside auditors and/or counsel, but it requires, at a minimum, the active involvement of the central compliance department in determining whether a particular violation is 'material' and therefore worthy of additional investigation and/or reporting. In light of the potential cultural differences between local and central management ' and the resulting differences in the ways in which they may regard certain conduct ' eliminating local discretion will ensure that any required up-the-ladder reporting will be made.
In the most effective reviews, both local and central management ' business, audit, and legal ' work together with outside attorneys experienced in compliance and enforcement. Once the red flag is raised, a balance in approach is critical. Through consultation with experienced counsel, the most efficient use of forensic resources locally and internationally can be applied to maximize the company's ability to take corrective action. In this way, the company can satisfy its internal reporting obligations and also maximize the chances that any violations will be detected and remedied promptly, thereby placing it in the best possible position with respect to the DOJ, SEC, and any other prosecuting authorities.
Congress and the Department of Justice (DOJ) are driving home an important point: A company's central management is ultimately responsible for any criminal conduct by its business divisions and employees, and must therefore implement policies and procedures to ensure that it promptly discovers and corrects any potential violations.
The Sarbanes-Oxley Act requires 'up-the-ladder' reporting by and within a company's legal department of suspected violations of law, to ensure that central management becomes aware of material violations and remedies them. See Sarbanes-Oxley Act of 2002, ' 307,
The DOJ Principles explain that the likelihood a corporation will face criminal prosecution depends upon, among other things, 1) pervasiveness of criminal conduct within the corporation, including the extent to which central management was aware of and/or condoned any wrongdoing; 2) the corporation's history of criminal conduct; 3) the corporation's timely and voluntary and disclosure of wrongdoing and willingness to cooperate; 4) the existence and adequacy of compliance programs; and 5) the corporation's remedial efforts, including discipline of responsible individuals. Taken together, these factors make clear that central management must quickly come to grips with any criminal violation, and that it will ultimately bear the responsibility for the failure to do so.
The increased requirement of centralized accountability created by Sarbanes-Oxley (and further emphasized by the DOJ Principles) presents a particular problem for United States issuers with multi-national units and extensive overseas operations. For such corporations, the combination of widely dispersed, often decentralized operations and variations among the legal and cultural norms in which the corporations do business creates a significant risk that material violations of U.S. laws may not be reported to central management, and may therefore escape remediation.
Multinational businesses are especially vulnerable to violations of certain U.S. laws, such as the Foreign Corrupt Practices Act of 1977 (FCPA), 15 U.S.C. ” 78dd-1, et seq., and laws prohibiting money laundering. If enough such violations go unreported, there may arise the kind of 'pervasive' and unremediated wrongdoing that is almost certain to trigger the wrath of prosecutors and bring serious consequences for the company, its senior management and its attorneys.
Experience tells us that no one solution is right for all companies, but certain guideposts are useful in helping inside counsel evaluate how best to structure their compliance efforts. First, given the DOJ's emphasis on effective compliance programs and the overall importance of 'up-the-ladder' reporting, companies must promulgate written policies designed not only to prevent wrongdoing, but also to ensure that when bad acts occur, they are immediately reported to central management. Such policies must be articulated to employees (through training in their own language) and enforced through periodic audits and consistent discipline when violations occur. Second, once policies and procedures are in place and suspicious activities are detected, central management must play a role, along with outside counsel, in investigating and correcting those activities.
Once a red flag is found, central and local management each will want to supervise the investigation. Resolving competing claims to primary jurisdiction often presents difficult issues, and the 'right' answer may differ from company to company, country to country, and situation to situation. The proper assignment of responsibility depends on the facts of each case, including specific local or regional sensitivities, the propriety and effectiveness of local management's past conduct, and the ability of local management to carry out an 'independent' review, free of real or perceived conflicts of interest.
Important Areas for International Compliance Programs
Here are some practical suggestions, using the FCPA as an example.
'Red Flags and Iceberg Tips'
What is the best response when a local (foreign) business unit has reason to believe corporate policy and the FCPA/OECD may have been violated? It is prudent to have a mechanism for rapid consultation between local and central management and to use it before launching an investigation from the U.S. Local management, including the local legal team, speaks the language, knows the people, knows the customs, and will have easy access to witnesses and documents, as well as to forensic resources.
On the other hand, a centrally coordinated review may be essential if the suspect payments were large or frequent. Local management may appear to have a 'conflict' in investigating itself. More important, the key question under the FCPA and Sarbanes-Oxley is whether upper U.S. management is involved in the activity. While this question creates a potential conflict too, it also makes clear why central review is so important. The watchword in all of this is independence. Only a truly 'independent' review will satisfy the requirements of Sarbanes-Oxley and the DOJ standards today.
Independence does not mean that the review can only be conducted by outside auditors and/or counsel, but it requires, at a minimum, the active involvement of the central compliance department in determining whether a particular violation is 'material' and therefore worthy of additional investigation and/or reporting. In light of the potential cultural differences between local and central management ' and the resulting differences in the ways in which they may regard certain conduct ' eliminating local discretion will ensure that any required up-the-ladder reporting will be made.
In the most effective reviews, both local and central management ' business, audit, and legal ' work together with outside attorneys experienced in compliance and enforcement. Once the red flag is raised, a balance in approach is critical. Through consultation with experienced counsel, the most efficient use of forensic resources locally and internationally can be applied to maximize the company's ability to take corrective action. In this way, the company can satisfy its internal reporting obligations and also maximize the chances that any violations will be detected and remedied promptly, thereby placing it in the best possible position with respect to the DOJ, SEC, and any other prosecuting authorities.
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.