Five Ways to Eliminate the Need for a Corporate Monitor

With that in mind, here are five practical ways to avoid or narrow the scope of a government-imposed corporate monitor.

1. Assess the Likelihood of the Government Demanding a Monitor

The DOJ and Securities Exchange Commission (SEC) consider six factors when determining whether to impose a compliance monitor:

1. seriousness of the offense;
2. duration of the misconduct;
3. pervasiveness of the misconduct, including whether the conduct cuts across geographic and/or product lines;
4. nature and size of the company;
5. quality of the company's compliance program at the time of the misconduct; and
6. subsequent remediation efforts.

See, DOJ and SEC, A Resource Guide to the U.S. Foreign Corrupt Practices Act, p. 71 (2012).

As they involve historical events, counsel and companies cannot alter the seriousness, duration and pervasiveness of the misconduct. Nevertheless, as the investigation unfolds, counsel and company should anticipate the government's perspective on these issues.

Similarly, the pre-existing corporate compliance program is historical in nature. As to this issue, counsel and companies should consider and develop candid responses to the DOJ's guidance on questions the government will ask when it evaluates the effectiveness of the program at the time of the incident. See, DOJ, Criminal Division, Fraud Section, “Evaluation of Corporate Compliance Programs” (February 2017).

2. Perform Timely and Comprehensive Remediation

Timely and comprehensive remediation is perhaps the most important step that counsel and companies can take to avoid a monitor. Effective remediation coupled with implementation of an effective ethics and compliance program increase the chances that prosecutors and regulators can conclude that a monitor is not needed.

Speed is important. The government expects the company to undertake remediation efforts immediately upon learning of misconduct. Companies too often delay remediation until after the investigation is completed. To address privilege concerns, many companies create separate investigative and remediation work streams. As a practical matter, the remediation team does not have access to privileged information.

As to remediation, expect the prosecutors and regulators to consider: 1) the competence and independence of remediation team; 2) timeliness; 3) the quality and depth of the root cause analysis; 4) efforts to root out other misconduct by the perpetrators or similar misconduct by others in the organization; 5) adequacy, design and operating effectiveness of corrective measures; 6) discipline of primary and secondary actors; and 7) independent assessment of the remediation program and corrective measures. See, Jonny Frank, “'Remediation,' Litigation Services Handbook: The Role of the Financial Expert,” 5th Ed., Chapter 13A, Roman L. Weil, Wiley (October 2015).

3. Obtain Pre-Settlement Third-Party Assessment or Certification

It's one thing for the company to self-certify; it's significantly more compelling when an independent third party evaluates the design, audits the operating effectiveness and opines on the company's efforts to remediate its misconduct by implementing an effective ethics and compliance program designed to prevent and detect future violations. The third-party team, of course, needs to be independent and enjoy credibility with the relevant prosecutors and regulators. While the team need not be large, it should be multidisciplinary and include experts in audit, data, ethics and compliance, and the industries and markets in which the company does business. The team should also follow an established framework and methodology familiar to the prosecutors and regulators.

In the United States, for example, it is common to apply the 2013 COSO Internal Control-Integrated Control Framework and relevant Public Company Accounting Oversight Board (PCAOB) and American Institute of Certified Public Accountants (AICPA) audit standards. Like remediation efforts, pre-settlement, third-party certification provides for a sense of assurance to prosecutors and regulators in concluding against the appointment of a compliance monitor.

4. Appoint a Self-Imposed Monitor

As the old adage goes, “If you can't beat 'em, join 'em.” The seriousness, duration, and pervasiveness of the misconduct are sometimes so severe that remediation and even a third-party pre-settlement certification will not save the organization from a government-appointed monitor. In those situations, counsel and the company should consider voluntarily appointing a monitor — a strategy that seems to be gaining popularity outside the United States. Barclays Capital, Daimler and Rolls Royce all successfully implemented this strategy when confronted with corruption-related investigations. In these matters, in lieu of appointing a new monitor, the government permitted the companies to retain independent third parties that were engaged previously by the companies to review ethics and compliance programs. More recently, Petrobras and Airbus have made similar moves, appointing independent third parties to handle investigations into allegations of corruption.

The terms of the self-imposed monitor should model terms that the prosecutor or regulator ordinarily requires. The DOJ, for example, typically requires that the compliance monitor be independent and have demonstrated expertise with respect to the particular industry, applicable laws, corporate compliance, and the ability to access and deploy appropriate resources. The DOJ also requires its monitors to develop work plans and, ultimately, certify whether the company has reasonably designed and implemented effective remediation and ethics and compliance programs and controls. In selecting a self-imposed monitor, companies should require similar terms to avoid the government insisting upon a post-settlement monitor.

5. Seek to Manage the Scope of the Monitorship

If the company cannot avoid a monitor, it may be able to control who is appointed, and the scope of the monitorship. DOJ policy, for example, allows the company to submit three candidates to serve as monitor. Companies should nominate candidates who:

1. understand that monitor's role is forward-looking;
2. appreciate the difference between an independent and adversarial mindset or approach; and
3. understand that monitors, like auditors, can rely upon the company's work product and resources.

Ask candidates to submit a draft of work and staffing plans to gauge their experience and approach.

An inevitable, but often hidden, cost of a monitorship is the internal disruption of working with a monitor — anticipating what they'll need and ensuring they get it as efficiently as possible. While retaining an internal monitor liaison, a leader of the PMO, may seem a superfluous cost burden, the savings on internal disruption, miscommunications and time spent in the monitor's learning curve should easily offset such costs.

Finally, if possible, tailor scope to the nature of the misconduct. In corruption cases, for example, try to focus the monitor's scope on the specific incentives and means that the company employed.

Conclusion

Recent DOJ speeches and news reports indicate there is a growing sense among prosecutors and regulators that companies want to “do the right thing” when it comes to corporate compliance. The DOJ has indicated it will continue to reward companies for implementing effective compliance programs. While it is unlikely that regulators will move away from imposing monitors altogether, it is important for companies to undertake proactive efforts to ensure that they are doing everything possible to prevent misconduct and to remediate any incidents that do occur. If recent examples are any indication, these actions can make a significant difference in the
outcome.

*****
Jonny Frank is a partner with StoneTurn and leads the firm's New York office. Simon Platt co-founded StoneTurn in 2004 and is the firm's chairman. This article also appeared in the New York Law Journal, an ALM sibling publication of this newsletter.