Skip to main content

Trends in Independent Monitoring

Intro:

Hello, and welcome to Integrity Through Compliance: AMI’s Business Success Series. This podcast was created by seasoned compliance experts at Affiliated Monitors to speak practically to your business needs. During this series you will hear from AMI’s experts in corporate compliance, healthcare, government contracts, antitrust, manufacturing, education, and more, who will provide their observations on industry trends, geared to raise your awareness and to protect your brand. So grab a cup of coffee and join us as we guide you and your business to integrity through compliance.

 

Brenda Morris

Hello. Today, you’ll hear from two of Affiliated Monitors’ in-house experts: Senior Vice-President Eric Feldman and Managing Director Mikhail Reider-Gordon. This is part two of a two-part series where Mikhail and Eric first discussed with you the role of an independent monitor, the various industries that benefit from an independent monitor, and the enforcement trends that we expect to see in 2021. Now today, we’re going to focus on how a business can avoid being assigned a monitor. But first and foremost, because so many folks are unfamiliar with an independent monitor, Mikhail, could you just remind us the circumstances when an independent monitor is ordered, and how they’re selected?

 

Mikhail Reider-Gordon

Sure, thanks Brenda. So most monitorships arise as a result of a corporate guilty plea, or deferred prosecution agreement (we call those DPA’s), or non-prosecution agreements (NPA’s). And really, we’ve got to go back nearly 30 years. 1993 was the first use of DPA’s and NPA’s by DOJ. And within two years of those, we saw the first recognized monitorship (1995) having to do with Consolidated Edison’s sentencing for disclosure failures. And that was actually around a large explosion, a safety issue. But since that time, you know, the frequency of monitorships has increased significantly. And over the years, we’ve seen DOJ really start to build guidelines around how monitors are appointed: the role of monitors, the independence of monitors. We saw on the Morford Memorandum in 2008, which established the guidelines for how to determine/how to appoint a monitor, right? The selection and use of monitors, and DPA’s and NPAs.

And then we saw the Brewer Memorandum in 2009, and that was actually titled “Selection of Monitors and Criminal Matters” right? So he built on the Morford Memorandum and set out what the terms of monitoring agreements can look like, refine the selection and the documentation process. And that was built on. Then the Grindler Memorandum in 2010, which was additional guidance on the use of monitors under DPA’s and NPAs, and really outlined the means by which corporations interacted with monitors, and what that meant. And then that was followed by the what’s known as the Benczkowski Memorandum in 2018. But we’ve also seen — as DOJ has embraced monitorships and the value of appointing monitors — we’ve seen so many other regulatory bodies undertake similar style appointments. And so we, (I think, as Eric mentioned on our last episode) we see this even down to individual licensing boards, all the way through international organizations, like the World Bank Group, and from regulatory bodies all around the world.

 

Brenda Morris

So, the unifying factor is: compliance is important and it’s key. So Eric, could you speak to us a little bit about what indicators you’ve seen from agencies about the benefits and the guidelines around selecting an independent monitor?

 

Eirc Feldman

Well, sure. You know, Brenda, it’s interesting that when an independent monitor is required, no one really questions IT at that time. And up until recently, there weren’t many questions as to whether or not a company really needed to have a monitor. For a while, it looked like if there was a settlement, there would be a monitor assigned. As compliance and ethics as a company function started to become much more embraced by both companies and the Department of Justice, and the department issued guidance on what compliance and ethics programs ought to look like, the question then arose: is there a way for us, (if we focus on compliance and ethics upfront, proactively) to avoid the outcome of a monitor, even if for some reason we have a bad actor that is able to defeat our controls, or to defeat any detection or observation? Yet we had a good compliance program that found it.  Do we still have to have a monitor?

And Mikhail mentioned the Benczkowski Memo in 2018, and that was the first time that the question was addressed (by DOJ anyway), as to whether or not it made sense to have a monitor. The Benczkowski Memo created a cost-benefit kind of analysis, that the default position for DOJ would be that a monitor would not be appointed unless there was a compelling reason to do so, given the cost of a monitorship both in terms of dollars, and the cost in terms of intrusiveness of the process on a company. That was good news, I think. And I remember when the Benczkowski Memo came out, I got phone calls from colleagues who said, “what is this going to mean for your business? You guys aren’t going to be doing any more monitoring. It looks like companies can avoid monitors now. What’s going to happen to AMI?”

And immediately, our view was that, no this is a good thing. Because if companies can proactively avoid having a monitor assigned with a scope and a duration that is determined by the government instead of by the company, wouldn’t it make sense to use a monitor (or other third party independent assessor) to come in and demonstrate early that your compliance and ethics program is effective in order to avoid a monitor? And that seems to be funny, coming from the mouths of monitors and people who serve as monitors, but honestly, that’s the way we’ve been approaching monitorships forever, which is to work with the company to strengthen their ethics and compliance program so the issue that got them in trouble does not repeat. And that remediation is important.

 

Brenda Morris

And that is such an important part of any business. I mean, no businesses without risk. So, to be forewarned is to be prepared, prepared forewarned (whichever which way it goes). But if you have the structure in place, if something should go wrong…I mean, the government, more than anything else, wants to know that you did the best you could with what you had, and what you had is the best that’s out there — or should be: a world-class compliance program.

 

Mikhail Reider-Gordon

Yeah. And that goes to what, you know, DOJs principles as a federal prosecution of business organization, right, that call specifically for prosecutors to determine whether a corporation’s compliance program is merely a paper program, or whether it was designed, implemented, reviewed, and revised as appropriate and in an effective manner, right? That all comes down to being proactive. Talking about avoiding us, (even though we’re marvelous as monitors) trying to avoid us…I mean, that’s what companies need to think about.

 

Brenda Morris

Even as recent as 2020, June of 2020. Eric, I know you know about this, about the evaluation of corporate compliance programs guidance that DOJ came out with. Could you speak on that a little bit?

 

Eric Feldman

Sure, the evaluation guidance from DOJ originally came out in a very different form in 2017 when Hui Chen was the compliance consultant assigned to the fraud section of DOJ. In fact, we were monitors for an FCPA case at that time when the guidance came out, and the purpose was to inform prosecutors, and to train prosecutors, line prosecutors around the country on what they should be looking for in compliance programs. The 2019 guidance was much more granular and specific, and came up with detailed questions that could be asked surrounding that 2017 guidance. And the 2020 guidance is even more granular than that  (the update), and it talks about what makes for a good compliance program, and what do we as prosecutors expect to see? And if we do see it, that will mean that there could be an impact, (a positive impact) on the negotiated outcome.

Things like the (getting to Mikhail’s point), it not being a paper program: have you assessed risk in the organization to determine if your program is risk-based? That was in the 2020 guidance. You know, what does a whistleblower program look like, and how should it be executed? Is training more than just a once a year paper exercise? All of these things are addressed there, and in the Benczkowski Memo (going back to that), and in the guidance there’s a clear instruction. And it basically says: between the time of an event occurring — an ethics failure, let’s say — and the time of the resolution, if the company takes sufficient actions to strengthen their compliance program and remediate the causal factors that led to the failure, then there could be a significant impact on the outcome, including whether or not a decision needs to be made, that they need to have a monitor assigned.

So to me, that means spend the money upfront. Have a third party come in and assess whether or not your program is meeting its objectives. Do that before the ethical failure. That would be the best of all worlds, although that’s a hard sell. It’s hard to convince a company that thinks, ‘our people are great and everyone is ethical. Nothing could ever happen here.’

 

Brenda Morris

‘We’ve never had a problem.’

 

Eric Feldman

Never! ‘Why, why would we need to bring in somebody to assess our program when it’s obviously working, because we haven’t had any trouble?’ That is the early intervention. But then it’s what I call reactive proactivity, where you’ve got a problem. You know, you have a problem. Maybe the government has found out, maybe they haven’t, but then you bring in a third party to say, ‘all right, let’s position ourselves in a way where we could, if we have to, demonstrate to DOJ or other government agencies that we had a problem, we fixed the problem, we strengthened our program, you know, mea culpa.’ And in that way you could avoid the imposition of a monitor potentially.

 

Brenda Morris

And you hit upon a really important point, too. A lot of companies don’t invest in their whistleblower programs. They don’t really have a real notification set up. And Mikhail, can you talk to us a little bit about the impact whistleblower actions have had?

 

Mikhail Reider-Gordon

Yeah, yeah, yeah, absolutely. There’s a lot to ruminate on, on whistleblower hotlines. I mean, because you’re not getting calls does that mean there are no problems? Or you’re getting loads of calls. Does that mean, you know, your company is in a terrible state? And I think you need to step back from this and you really…we haven’t seen more than a handful of corruption cases (at least FCPA cases) driven by whistleblowers, last few years. I mean we saw British American Tobacco settle this year. That was a whistleblower driven case. Airbus last year, and that was a whistleblower that went to the SFO…Eni S.p.A., Glaxo, just in 2019. However, on the SEC side, of course we saw a record year for whistleblower complaints. It’s useful in context to realize that we’re now up to some, you know, 60 countries around the world that have some sort of whistleblower protection laws on their books. 26 OECD countries (maybe more now) have employee whistleblower protection laws, and many of those protections now extend to consultants, vendors, temporary employees, even former employees. The EU has adopted new whistleblower protection directives at the national level across the EU.

All 27 countries will have to promulgate their whistleblower protection laws by the end of this year, ‘21. So what’s the value here, right, of whistleblower laws? Everybody seems to be adopting whistleblower laws. Now, as a company implementing a whistleblower hotline…and it’s interesting because, you know, a Harvard Business School study on whistleblowing found companies that have more complaints from whistleblower hotlines actually have fewer lawsuits, smaller bills from legal settlements, and fewer fines.

 

Brenda Morris

I believe that.

 

Mikhail Reider-Gordon

Yeah, yeah. And moreover, companies with internal reports tend to have more positive attributes — that is, they have greater profitability, they have stronger governance practices. So there’s a little bit of that misconception that if you know, a company experiencing high volumes of complaints, that somehow that means greater issues, that the company’s more troubled. It’s actually the reverse, because it seems to reflect that employees are comfortable reporting, and more importantly, recognize potential ethical and compliance problems and want to do the right thing; that they are able to discern the difference between ethical and unethical behavior and are willing to report it.

And on the other side of that, on the enforcement side — again, another Harvard study — you know, they looked at I don’t know, 500+ whistleblower allegations against publicly listed firms for about a decade’s worth. And they found, you know, that, 1: DOJ’s likelihood of intervention and investigation, you know, were driven less specifically by the whistleblower mechanism (the fact that it was reported by a whistleblower). But that they are more likely to intervene, and conduct longer investigations of whistleblower cases when it has more resources and there’s a high expectation of recovery, and the consequences of that DOJ intervention — and this is really, you know, gosh, all compliance officers and CEO’s, and boards ought to be sitting up for this — the design of the firm’s control systems, right?

They compare the outcomes for firms with whistleblower cases that were intervened by DOJ, and then those whistleblower cases that were not intervened by DOJ. And they identified that firms subject to DOJ intervention improve their internal controls, improve their employee relations, improve their board independence. And I realize nobody’s wanting to put their hand up to say, “Hey, intervene here,” but the firms that have experienced DOJ intervention had lower future whistleblowing compared to firms that did not experience DOJ intervention. And when we think about the value of whistleblowing, and then we tie that to both self-reporting (voluntary disclosure), and we look at the results there, here we see again companies with proactive compliance efforts self-reporting, the average sanction for those companies voluntarily self-reporting between 2011–2020 was $69M, versus companies that didn’t…average penalties: $228M.

 

Brenda Morris

Now that’s a business case.

 

Mikhail Reider-Gordon

That’s a business case. Exactly. So, you know, when you combine the robust response to whistleblowing hotlines, so (1) setting up that hotline, (2) you know, robust response to what comes in on that hotline, and then if necessary, that self-reporting, you get a modicum of intervention. Look at the benefits both monetarily, and just in strengthening the compliance program.

 

Eric Feldman

So prosecution is good for you, I guess.

 

Mikhail Reider-Gordon

(Laughter) Yeah, in a sense, to an extent! It may not even be prosecution. I mean, again, we were talking, intervention. There’s a difference.

 

Brenda Morris

Well, it still comes down to business case, because what happens when you have an enforcement action, that’s the business case right there. We have to invest, because we don’t want this to happen again. And being formerly from in-house. I mean, it’s so difficult with compliance oftentimes because Eric, how you stated it, you know, we’ve not had a problem before. Our people are wonderful. Of course our people are ethical. Of course, you know, our leadership has all this integrity. But it takes one little mishap, and it’s human nature, right? No one goes to work (or very few people go to work) and say, “I’m going to do something really unethical today.” And you know,  it’s a lot of things that come up to our mistakes sometimes, and then they get hidden, or people don’t tell and it just grows and it festers. But if folks have a way that they can (as Mikhail stated) when there’s a program in place, they feel emboldened. They feel protected. They don’t feel like there’s going to be any retaliation. They feel that, you know, this is what my organization stands for, and I want to be a part and be on the right side of things. But it’s hard to make that business case unless and until something really has gone wrong and you want to say, okay, this is never going to happen again.

 

Eric Feldman

Well, that’s, that’s so true because you know, most general councils that I’ve come in contact with when given a choice of disclosing voluntarily or not disclosing believe, they firmly believe that it is not in the best interest of the company to disclose unless they have to. And that really is — based on the statistics and the experience that Mikhail just described, as well as our experience — that really isn’t true. Now you take it to a different level: think about suspension and debarment vs. DOJ and the multitude of suspending and debarring officials in federal government agencies. Our experience has been that many (if not most) of the suspension and debarment actions, particularly recently, have been relating to, — as you described it, Brenda — sort of mistakes and non-compliance on rather arcane federal regulations surrounding various aspects of the contracting process like Buy America Act versus Buy American Act, which have two different requirements on the percentages, and the countries, and other things.

And mistakes are made, and it’s then that the SDO, when a mistake is made, will come into the company and say, okay, where’s your ethics and compliance program? Are you in compliance with FAR 52.203-13 on Code of Ethics and Business Conduct? Do you have all of these mechanisms in place? And the answer for a lot of companies (particularly those that are middle-sized or smaller) is no, we never thought we needed to do that. So having those things in place puts them in a much better position to weather the storm of mistakes that could happen by any one of a thousand different employees within the organization.

 

Brenda Morris

On any given day.

 

Eric Feldman

On any day, that’s right.

 

Brenda Morris

Well, you know, can we talk a little bit about real world experiences; incidents where Mikhail or Eric, either one of you have worked on matters where bringing in an independent monitor either eliminated one being assigned, or mitigated any kind of enforcement action from any government agency?

 

Eric Feldman

Sure. There are a couple that I can raise. So, you know, a lot of these kinds of proactive measures begin with legal counsel and it’s when a really smart defense council develops a strategy and encourages a company to, as soon as they know that there is some kind of an issue, to bring in an outside third party —not to investigate — but to bring in a third party to evaluate the effectiveness of the ethics and compliance program, or even evaluate whether it’s sufficient by any measure — by DOJ guidance, or any other kind of measurement. So we’ve had several using that scenario. One was an NGO that had had some reported issues that were contained in press reports. And because of that, the suspending and debarring official (I believe it was USAID at the time) became interested in looking at that company. They hadn’t taken any action yet. A company hired attorneys, the attorneys then decided hey, let’s engage a third party to come in and take a look at our program worldwide. And this NGO operated in developing countries all over the world. And we assessed the program, not just the paper program, but the effectiveness of the program. There were issues. We made recommendations. The company was proactive and implementing them. As a result (at the time) the SDO did not take any action. Now, ultimately there were some issues with the company where they had to restructure, but at least they were given the opportunity to restructure and continue providing the invaluable service that they provided around the world.

Another case that we had was a UK oil services company that had some issues with inspections of oil platforms in the Gulf of Mexico, which is an EPA and Department of the Interior matter — both agencies. And the law firm was pretty astute, and they asked us to come in and assess their ethics and compliance program. We did so. We had probably 15 or 20 significant recommendations. Those went to the SDO, and they were not able to avoid a monitor. But what ended up happening is the administrative agreement was structured solely around monitoring implementation of AMI’s recommendations. So they weren’t subject to a very broad-scoped monitorship that costs them a whole lot of money, and took a whole lot of time, and could potentially find other issues. It was just about implementing those recommendations. So everyone benefited from that, including the company and the government.

 

Brenda Morris

No that’s huge. And any investigation (or even a review, to a certain extent, by AMI) can affect or impact the business. You know, the way you have to go in and ask questions and gather information, it does have impact to the business. And the fact that you had already done the work in a fashion that the government trusted the work that was done, and just relied on going back and seeing, hey, have you done this? That limits and really does have a positive outcome for the business.

 

Eric Feldman

Absolutely. And we’ve even had instances where (they’re fewer and further between, as I mentioned before) where a company decides, look, we’re just not comfortable with what we’ve got, or we want an outside expert to take a look at whether or not what we’re doing is making any sense and would pass muster. And we’ve been brought in on some of those cases, and those have resulted in the company being able to strengthen its program before DOJ, or any other federal agency, got involved with wrongdoing.

 

Brenda Morris

And what Mikhail, I heard you about to say something, I’m sorry, did we cut you off?

 

Mikhail Reider-Gordon

Oh no. That’s all right. I mean, I was picking up on what Eric was talking about, just to emphasize that where monitors have been imposed, DOJ or the SFO has specifically called out the company’s compliance program or remediation efforts were inadequate, right? So they said that about Panasonic Aviation in theirs, because the company’s efforts to enhancement had not been tested as yet, right? They were too new. So that’s why DOJ said, yeah, look, there needs to be a monitor. If you look at Mobile TeleSystems, it was an inadequate anti-corruption control and compliance program. If you look at Odebrecht, you know, a huge, huge case. Again, a lack of testing of internal controls drove the decision to impose a monitor, which, you know, comes back to: if you’re facing any sort of identified problem long before you even come to the point of self-disclosing, or even making the decision (you don’t know, maybe the regulator already knows that the company has this issue going on and has an active investigation) it’s to ensure that your compliance program really is addressing obvious deficiencies. You want to avoid the monitor, then the best thing to do is to really take a hard look at your compliance program and remediate sooner than later. Because at the time you hit that settlement point, if you can demonstrate that not only have you made these remedial steps — like, you’ve been testing it actively, you have been making progress, you’ve taken proactive measures — that may help you avoid a monitorship.

 

Brenda Morris

All of this is really helpful. And I would ask, as always, we try to give the audience three takeaways. If we can, Eric, can you take us out with three takeaways of how a business can avoid a monitor?

 

Eric Feldman

Sure. Number one — and probably numbers one, two, and three — pay attention to your compliance and ethics program early. Ensure that it is not just a paper program, but is actually effective. Use the DOJ guidance as a tool to self-evaluate, and get a third party to come in and take a look at it. And that could help you prevent having a monitor at some point in the future.

 

Mikhail Reider-Gordon

Yeah. I concur with that, particularly that independent set of eyes. It’s so easy — and Brenda, you know this in-house — to have one view of the existing program and think that it’s all going along well, but sometimes, you know, it’s a myopic vision, and you need that independent set of eyes that just looks at the greater legal regulatory landscapes and says, well, this element is great, but you’ve completely neglected this other area. As you know, Eric alluded to federal contracting and the many, many regulations under FAR and DFARS. There’s so many elements that may have been just inadvertently overlooked, or that may not be as robust as they could be. And having that independent viewpoint can be critical in testing, in evolving new metrics for testing — you know, really understanding it’s not just the number of hotline calls, but the quality of the hotline calls, and what you do with the hotline calls as response, et cetera. So building on what I think both of you said here, and underscoring it (laughter) with a huge red pen: proactive assessment. Take a hard look.

 

Brenda Morris

You guys have been wonderful, and given a lot of practical and real-world examples of how being proactive, making sure that you have a compliance program not only enhances your business, but also improves your employee engagement. So thank you both. And we’ll see you next time.

 

Eric Feldman

Thanks Brenda.

 

Mikhail Reider-Gordon

Thanks Brenda.

 

Outro

Thank you for joining Affiliated Monitors’ podcast, Integrity Through Compliance: AMI’s Business Success Series. Today’s segment is just a sample of the subject matter expertise captured by AMI’s compliance professionals. Go to our website at www.affiliatedmonitors.com to view the comprehensive list of industry and in-house talent AMI has available to enhance professional and business integrity programs and controls. Also, connect with us on LinkedIn to receive updates and trends in the areas of enforcement and compliance. If you have any questions about today’s podcast or would like to learn more, please contact us at podcast@affiliatedmonitors.com. Our Affiliated Monitors podcast production team of Deloris Saad, our compliance associate, and Dan Barton, our editor and podcast music composer, look forward to you joining us again for our next installment of Integrity Through Compliance: AMI’s Business Success Series.

Leave a Reply