February 2009

Firms Need an Investigation Plan, Much Like a Disaster Response Plan

Holland & Knight Newsletter
Daniel I. Small

Corporations have largely viewed government investigations as a reactive issue: responding to inquiries, events and allegations. But this is a dangerous misconception. Companies develop policies and procedures for all kinds of far-fetched situations but often do not consider being visited by the government.
Inside and outside corporate counsel need to convince the client that careful review, updating and training is imperative. Remember bird flu? Companies far from any danger scrambled to adopt policies. Companies in hurricane zones have earthquake policies. Yet the risk of a government investigation is far more real, and the likelihood is growing.
In April, the FBI reported it had 529 fraud investigations in 2007, nearly double the number from five years earlier. That’s just one of many agencies investigating the corporate world. Relying on “it can’t happen here” is an invitation to disaster.
Corporate policies and procedures for possible future crises can defuse the anxiety and confusion that come with any crisis. They also can help people under stress avoid mistakes that can make a bad situation worse. Law enforcement agents at the office with a subpoena, at the plant or warehouse with a search warrant or at employees’ homes at night with “just a few questions” can easily cause panic, and panicked people without guidance can do all kinds of harmful things such as lying to agents, destroying documents and spreading wild rumors.
Companies need to make sure they develop, update and implement policies and procedures that can help guide their people before, during and after being visited by the government in a white-collar investigation. While no readable policy can realistically cover every detail and contingency, the key is to focus on the most important and most explosive areas.

White-Collar IEDs

The three most explosive areas for white-collar IEDs are interviews, email and documents. We’ve all become grimly familiar with improvised explosive devices in the wartime context. In an investigation, the explosions are not physically deadly, but they are unexpected and must be anticipated. There must be clear and well-understood policies and procedures for each.
No employer should tell its employees not to cooperate with a government investigation. However, a criminal investigation is a complex and confusing jungle fraught with hazards for all involved, and a guide is recommended. Companies must help their employees understand that – whether at home or at the office – they do not have to speak with investigators without an attorney, and they would be ill-advised to do so.
They can politely but firmly take the questioners’ cards and say they will have a lawyer get in touch. The company needs to have a point person and a process for employees to report any government contact. In addition, the company needs to decide in advance when and how it will provide counsel to represent and prepare employee witnesses. Hopefully, it also has given some consideration to choosing counsel.
Unprepared witnesses with mistakes, gossip and guesses – or worse – can badly damage a company and at the very least send an investigation in unnecessary directions that cost dearly in time, money, anxiety and possibly even the company’s reputation.
Email has become the new office water cooler: we treat it as if it were casual conversation. We type things that we would never type if we thought we were creating a formal letter or document. In this day of servers and backups, pressing “delete” can be a meaningless gesture. Companies need policies on creation, retention and production of emails.
Employees need to be trained to understand the misconceptions and dangers of creating emails. Examples abound to support lawyers’ warnings not to write, type or text anything you wouldn’t be comfortable seeing again in court. Think of all the famous witnesses who were surprised and embarrassed by their own emails.
Retention means there must be policies in place for how long email in all forms and files are to be retained and procedures in place for purging those e-mails. If it comes down to production, there must be procedures in place so that, once there is a government inquiry, a hold can be put on all destruction of potentially relevant material, and someone or a team is in charge of coordinating, assembling, review and production.
The same three challenges are in play with documents. Do employees understand what makes a document privileged, or what destroys the privilege? Do they understand the kind of content that should be in a document and the kind of information that should not? The issue is often not what was intended to be stated in a document, but how it will be interpreted by others. All this and more needs to be defined.
The retention issues are similar to email. What is your retention policy, do your people know it, who is in charge of implementing it, and who is overseeing and reviewing the process? Is there a hold policy once an inquiry is made, and who is responsible for document retention and coordination? Over all of this is the fundamental “Ghostbusters” question: “Who ya gonna call?”
When government agents are swarming your facility, that is not the time to flip through the Yellow Pages or to call your corporate counsel and pray they know someone who does this type of work. Responding to investigations and white-collar defense is a niche practice. It requires extensive knowledge and experience. It’s worth investing the time to find and meet legal counsel you are comfortable with, just in case the unthinkable happens.
Many companies have bits and pieces of these policies and procedures in place. But few have more than that, and many of them should be more diligent to update and train on a regular basis. An investment now in developing effective policies, procedures and training can help lessen the disruption and damage, and increase the chances that further damage will not be self-inflicted once an investigation begins.
This article was published in the July 15, 2008 issue of the Daily Business Review. This article is reprinted with permission from the Daily Business Review. © 2008

Related Insights