[This post was originally published on FCPA Professor on November 12, 2014 by an anonymous compliance professional]
When you’re the Chief Compliance Officer (“CCO”) of a company that ends up in the middle of one of “those” all-encompassing FCPA investigations (as if there’s any other kind), people often want to know . . . what is it like? How does it feel to be at ground zero of pure FCPA adrenaline? This is my answer, based on my repeated experiences. I wish I could say it just happened once. This is also based on my discussions with other CCOs.
It’s a rollercoaster with few ups and a lot of downs.
There’s that moment at the beginning when you know something is wrong. Usually you know it’s not going to be trivial. So you dig a bit more. Or have someone else dig a bit more. Somewhere along the line, it strikes you. This is going to be big. Very big. We can just call that the “oh crap” moment. Every CCO I know has had at least one.
You feel a rush. An excitement. It’s what you’ve trained for, and read about. And now it’s happening. But there is invariably, immediately, a sense of dread. Depending on the size of the issue and the seniority of the people involved, that sense of dread can range from a knot in the stomach to downright nausea. Will the C-suite management understand it? (Do you even have the ear of the C-suite management?) Will they do the “right thing”?
You know exactly what should happen next. You should get on the phone with your favorite skilled, independent investigations counsel. But before you can do that, you have to be a salesman. You need to convince someone (sometimes the CEO, sometimes the General Counsel, sometimes a non-executive director) that this is something. Or at the very least, it’s not nothing. With any luck, you can make them see sense. Most of the time, they’ve never been through this. The education process can be slow and tedious.
You know who the right counsel are . . . but not so fast. You don’t have the budget. Many times, you don’t even have the ability to hire outside counsel without the approval of your General Counsel. Do you have the GC’s backing? Do they see compliance as a help or as a nuisance? Do they believe you when you say this needs independent investigation? Or do they think you’re just being alarmist? What if the GC (or someone else) wants to investigate themselves? Or hire the go-to corporate counsel? Or hire their buddy, the jovial law school classmate of the GC who has never actually done an investigation but, really, how hard can it be? You have to explain – calmly, rationally and often repeatedly – why that just isn’t the right thing to do.
In the meantime, a clock may be ticking. The company may be facing a quarterly SEC filing or the signing of a deal contract or the receipt of monies on the deal. All of these have implications. All of your powers of (gentle) persuasion are brought to bear.
And your reward for all of this? If you’re lucky, they listen to you. The right outside counsel walks in the door and the matter rests in their capable hands. It’s a leap of faith to put something this sensitive in the hands of outside counsel. Or, more specifically, outside counsel’s judgment of when enough is enough. These issues always reach higher than you think.
More often than not, the legal group squeezes you out. Compliance, after all, is not generally part of legal. You may be kept in the loop, or you may be completely excluded. If you’re very lucky, you are kept abreast of what is happening and people seek out your guidance and opinion. But honestly? Don’t hold your breath. Particularly if this all results in a report to a regulator, you’ll definitely be pushed to the side. Privilege is held in a tight circle that doesn’t generally include you. So just go back to your office and keep the compliance program moving along.
What if you’re not lucky? What if you can’t get anyone to understand? What if the issue is too subtle, or involves too senior a salesperson (they bring in the revenue, after all) or too important a client? Not many can just stake out the moral (and legal) high ground and resign. Sometimes the situation is that bad, or you have regulatory obligations, and you’re forced into that decision. I know a brave few who have actually done that. Put yourself in their shoes. Think what it would mean for yourself and your family to walk away from a steady (and often healthy) paycheck. What a price to pay for your convictions.
It’s far more common that you hold your tongue and bide your time. You find a way to rationalize the situation. You compromise. Being a CCO is, above all else, about compromise. Does that surprise or appall lawyers in private practice or working for the government? It shouldn’t. Good CCOs are always “commercial” (whatever that is supposed to mean). As a CCO, you’re being “business friendly.” Or, to be less cynical, you’re doing your job. You’re there to balance the company’s interests with the legal requirements.
But mostly you hope and pray that you’ve done the right thing. And that a regulator never second guesses your actions. That seems to be happening more and more. I know too many CCOs who are being subpoenaed to give testimony and defend their actions in front of regulators. Sometimes as witnesses, but sometimes (rarely) as suspects. So much for regulators seeing CCOs as the guys in the white hats.
Even if the (right) lawyers do come in and they investigate, you hope that you didn’t raise a false alarm. Then you hope none of your friends in the business were involved (CCOs always have friends in the business). And when it turns out you were exactly right, and it really was worse than what you thought, it’s a hollow victory. People lose their jobs. People that you know and sometimes people that you like and who weren’t malicious or evil. They were just doing their jobs and got caught up in the tide. Sometimes they are sued or brought up on criminal charges. The rest of the company is left in a state of shock. You may have been trained to spot a FCPA issue when it arises, but there’s very little training on how to deal with the human element. It is far and away the worst part of the job.
FCPA Institute - Denver (May 4-5)
A unique two-day learning experience ideal for a diverse group of professionals seeking to elevate their FCPA knowledge and practical skills through active learning. Learn more, spend less. CLE credit is available.