Tony Phillips (firstname.lastname@example.org) is a Principal in McKool Smith’s Houston and Washington, DC, offices, where he is part of the White Collar Defense and Investigations practice. David Searle (email@example.com) is the Chief Compliance Officer & Associate General Counsel at Bristow Group in Houston, Texas, USA.
Compliance professionals often find themselves wearing two distinct hats. Usually, they are the “friendly face,” conducting compliance training, responding to questions, and tactfully helping the business maximize profitability within the confines of the law and company policies. Sometimes, however, they are compelled to be the “corporate cop,” administering Upjohn warnings to that same vice president who recently attended compliance training (but was apparently asleep).
In this latter role, the effective compliance professional must balance the responsibility to investigate with independence and integrity against the reality that internal investigations are often a political hot potato. Business partners prefer to maximize their discretion and control—especially when inquiries touch on their areas of responsibility—and understandably dislike the uncertain demands on resources and time associated with early stage investigations. Life would be easy if the task of investigating could simply be turned over to them. The reality, of course, is that regulators and other stakeholders, not to mention fundamental fairness, demand a level of independence that, (in most organizations) requires a compliance professional to lead the investigation. The often delicate task is leading in a manner that does not leave the business blindsided, defensive, or unnecessarily disrupted.
This article focuses on the resources and benefits, often overlooked by compliance professionals, of the participation in compliance investigations by colleagues sitting in other traditional administrative functions such as legal, human resources (HR), information technology (IT), internal audit, and corporate security. Too often compliance professionals find themselves tackling even complicated internal investigations alone. They may do this because they fear that involving others—even those in other support functions—may jeopardize the investigation’s independence or integrity. They may also avoid involving other support functions out of a genuine concern that colleagues would rather avoid any political fallout from the business if wrongdoing is uncovered.
Although these concerns may be valid, the effective compliance professional proactively involves other administrative functions in the investigative process. Forging close working relationships with these colleagues on the front end will pay huge dividends when the need to investigate arises. Not only can other functions assist in the investigative process, but, more importantly, their influence may also become indispensable to educate the business about the need for the investigation in the first place and, ultimately, confirm and credit the compliance department’s findings. If opposition arises, the compliance professional will need allies. Those compliance professionals who fail to embrace a team approach may find themselves alienated from those in other administrative functions and, worse yet, the business itself.
Understanding the strengths of the players before problems arise
When it comes to investigations, it is important to have a mind-set that looks for ways to involve other administrative functions, as opposed to looking for reasons to exclude them. Depending upon the strengths of the individual players and the degree of influence that each has in the organization, colleagues from other departments can add real value to the investigative process.
Whether or not a compliance professional is also a lawyer or is sitting within the legal department, their primary responsibilities may conflict with those of in-house counsel. Compliance professionals are primarily tasked with protecting the organization—uncovering the truth so that the existence of wrongdoing can be assessed and remediated. In-house counsel, on the other hand, is primarily tasked with defending the organization—advocating for the company’s legal interests against adverse external parties, such as regulators and the plaintiff’s bar. The relationship between the compliance and legal functions can become particularly fraught when someone inside the organization identifies misconduct and threatens to bring a lawsuit.
In-house counsel provide a necessary perspective on external legal risks that can affect how an investigation is structured. Only by fully understanding the potential effect on the company’s legal interests can the compliance professional make judicious decisions about who to involve in the investigative process, what documents to review, and who to interview (and when). In the highest-risk investigations, and depending on how the compliance function is staffed and managed, in-house counsel may have to take the lead in order to ensure the preservation of legal privilege.
In terms of navigating the political waters, another key consideration is that the general counsel is almost always a member of the senior management team; most compliance officers are not. A compliance professional who does not enjoy the full support of the legal department is destined to soon become irrelevant.
In many companies, HR is likely to have the closest relationship with the business and can often make or break a compliance investigation. Even if not close to the business, HR usually has a good pulse on business partners’ views as to whether wrongdoing has occurred and whether an investigation is needed—even if such views are grounded in misguided perceptions. The effective compliance professional needs to know this information as soon as possible. HR can often provide the best intelligence.
Effective compliance professionals typically earn the support of HR by recognizing (and often deferring to) HR’s experience and expertise in dealing with most “people issues.” In most cases, hotline reports and other complaints that raise employee relations concerns are best handled by HR with as little meddling as possible from the compliance department. The effective compliance professional remains accessible and available to assist HR with such investigations, of course, but understands that compliance’s time is better spent on higher-risk matters.
By standing down on primarily HR issues and avoiding mission creep, the compliance professional is likely to enjoy more support from HR when it comes to investigating sticky ethics matters within the compliance department’s direct remit. Even on such matters, actively soliciting HR’s input with respect to things like the workplace rights of those being interviewed, the shaping and reporting of investigation findings, and the recommendation of discipline for wrongdoers will help generate support for the compliance mission—both from HR and from the business partners who regularly rely on HR for guidance.
Every compliance professional knows the value of a strong relationship with IT, especially when it comes to day-to-day tasks like systems monitoring and launching online training. But IT often becomes the compliance professional’s closest ally when an investigation arises. Obtaining timely assistance with litigation holds, collecting employee communications such as emails and texts, and monitoring for data breaches or unauthorized destruction is often instrumental in guaranteeing the success and preserving the integrity of an investigation. Delays caused by an inability to access information can quickly frustrate an investigation and potentially disrupt the business.
Keeping an appropriate number of IT teammates “in the know” about the progress of an investigation, without compromising its confidentiality, can help garner their support. IT colleagues are often the most removed from the business, so keeping them updated on the progress of an investigation can help increase their proactive assistance. Getting the right information, and getting it quickly, can help a compliance professional diagnose an issue and prevent identified problems from getting worse.
Some internal auditors, particularly those who specialize in forensic auditing, are excellent investigators. Some auditors, however, struggle with separating critical facts and issues from less relevant ones. With effective guidance from the compliance professional, internal auditors can play one of the most critical roles on an investigative team, particularly where accounting acumen or analyzing large amounts of data is required.
Developing a close relationship with internal audit can be instrumental in identifying high-risk issues and preventing manageable problems from turning into major investigations. In the modern Sarbanes-Oxley world, internal audit departments find themselves struggling for more time and resources to perform risk-based audits, but a close partnership between compliance and internal audit can help identify and prioritize an organization’s most risk-prone areas of business and potentially identify compliance or other issues that require attention. Early enrollment of internal audit is likely to guarantee continued support throughout any investigation that follows.
Given their shared skill set, internal auditors can also be of significant value in helping compliance professionals communicate an investigation’s findings to a company’s outside auditors.
Corporate security personnel are most often the primary lead in matters where the company or its employees have been victimized. Although they can be excellent investigators, with many coming from law enforcement backgrounds, they may lack a full understanding of the legal implications and need for privilege when a private company faces external exposure for alleged wrongdoing. Again, guidance from the compliance professional is essential to maximize their value.
The corporate security team is likely best equipped for field work that includes interviewing outside witnesses and obtaining records from third parties. Unless this function is outsourced due to the sensitive nature of the investigation, it is unlikely that anyone else in the company can fill this role effectively. Given the backgrounds of many corporate security personnel and their day-to-day work, they may provide some of the strongest support for investigations and the compliance program overall.
To be sure, there are support functions other than those discussed above—including, for example, health, safety, and environment or communications—that may also participate at some level in the investigative process (or its aftermath). What is most important is recognizing how to maximize the strengths and unique roles that each administrative function can play as part of the investigative team.