Significant Risks For Companies Without Comprehensive Compliance And Ethics Programs

Companies ignore recommendations to draft and implement comprehensive compliance and ethics programs at their peril. During the past year, clients have retained us in a number of cases in which an effective compliance and ethics program may have: (1) prevented the allegedly improper conduct and the resulting government investigations; or (2) provided a strong defense to those investigations by negating allegations of an intent to defraud. Recent changes to the Federal Rules of Civil Procedure impose extensive and complex new requirements for the preservation, management and production of electronically stored information. As a result of these changes companies need to make sure that their compliance programs contain careful procedures for the management of electronic information.

The following are just two of many examples of cases that we have recently handled that demonstrate the need for, and potential impact of, a comprehensive compliance and ethics program.

Case One: A technology company failed to carefully read a contract it signed with a government agency. For several months, the company performed on the contract. When it failed to receive payment for its services, a company representative called the government agency and requested the reason for the failure to pay. The representative learned that the contract required the company to provide detailed payroll and time sheets, certified by the appropriate manager, a common practice in government contracting. Because of the failure to carefully read the contract and establish procedures for compliance with its requirements, the company did not have any contemporaneously prepared payroll or time sheets. Instead of notifying management of this situation, the local representative prepared and certified payroll and time sheets with fictitious entries, falsely reporting the time worked. The government agency paid the contractor after receipt of the fraudulent time sheets.

Two years and hundreds of thousands of dollars later, an innocent question by an employee to a government representative triggered a government audit of the contract. At that point, we were brought in to conduct an internal investigation. We discovered the falsity of the time sheets. The agency is now considering a False Claims Act action and debarment proceedings against the company to suspend it from future contracts with government agencies.

Case Two: Senior executives at a publicly-traded, multi-national company wanted a compliance program, but they did not believe the program should have central oversight. The program was viewed as a "cost center," and the company did not provide sufficient manpower or other resources to effectively operate the program. Basic compliance procedures were not established and all responsibility for compliance was relegated to field offices. When one segment of the company received a notice about a customs fee, it failed to forward the notice to the appropriate office. The company had documentation in another office that would have eliminated the need to pay the assessed fee. The time for providing that documentation, and then the time to appeal the imposition of the fee lapsed before the responsible office learned about the issue. The firm had a complete defense to the imposition of any fee, but still had to pay several hundred thousand dollars in fees, penalties and interest for failing to timely provide the required documentation. Comprehensive compliance procedures and oversight by an effective program would have detailed and trained employees on the proper handling of this situation.

Lessons To Be Learned: The U.S. Department of Justice, the Securities and Exchange Commission and numerous regulatory agencies have been conducting investigations of heavily regulated companies in a variety of industries over the past several years, resulting in substantial penalties and hundreds of millions of dollars in settlements. Many of the investigations are for violations of the anti-kickback, false claims and conflict of interest statutes that govern companies' relationships with the government. Whistleblowers are encouraged to step forward and provided with financial incentives and protections against retaliation at the federal, state and local levels. Companies that do not have robust, comprehensive compliance and ethics programs are viewed by the government investigators as corrupt. They are typically required to pay multiples of the government's analysis of damages.

The first purpose of a compliance and ethics program is to prevent or detect situations like those described above. Effective programs and the ethical cultures they promote help companies to detect wrongdoing and correct it before the government gets involved. If someone does violate one or more of the myriad regulatory requirements facing heavily regulated industries, a good program can provide a substantial part of the company's defense. A failure to have a good program frequently eliminates any chance that the company will get the benefit of the doubt.

An effective compliance and ethics program requires careful training and educational programs detailing impermissible, and, importantly, proper and legal ways to accomplish the company's goals. It also requires monitoring and auditing programs to insure that the employees are following the requirements outlined in the training. The failure to properly evaluate the compliance risks companies face and implement a comprehensive compliance program to address those risks can result in criminal penalties and cost companies millions of dollars in legal fees, settlement costs and penalties.

The Electronic Discovery Rules: New rules governing electronic discovery require an update to the records retention component of compliance programs and provide another reason to implement a compliance program. The new rules come in amendments to the Federal Rules of Civil Procedure. They require a series of complex preservation and production procedures for electronic records. Recent statistics report the average public company has pending at any one time around two hundred law suits. Even non-public companies are usually unable to completely avoid litigation and must be aware of the new requirements.

The wide-spread use of computers and email has made discovery in litigation much more complex. The complexity often has resulted in the failure to properly respond to discovery requests and to preserve and provide all relevant information. In some of these cases, courts have imposed sanctions on the non-responsive party. A good records management system is critical to help companies avoid running afoul of the electronic discovery requirements.

On December 1, 2006, the Federal Rules of Civil Procedure were amended to include new rules applicable to electronic discovery and the production of electronically stored information ("ESI"). Rule 26 of the Federal Rules require a preliminary conference to discuss discovery issues. This conference must include a discussion of procedures to preserve ESI, avoid inadvertent privilege waivers and determine the form or forms in which ESI will be provided. Importantly, at the initial conference, a party will be required to designate his electronic data as either "accessible" or "not reasonably accessible." The designations have important cost-shifting implications from one party to the other.

An amendment to Rule 26(b)(2) excuses a party from producing ESI that is "not reasonably accessible because of undue burden or cost" unless the Court finds that there is good cause to require the production of the ESI. This amendment will require a party to identify potentially responsive information that it has not searched for or produced because of the cost or burden of retrieving and analyzing the information. Identification of potentially responsive information must be provided, especially in the event the party does not provide the ESI. Otherwise, it may appear to the Court that the party is attempting to hide the ESI and could subject the party to sanctions.

The Committee Report published with the changes to Rule 26 discusses some of the difficulties that will arise with electronic discovery.

For example, production may be sought of information automatically included in electronic files but not apparent to the creator or to readers. Computer programs may retain draft language, editorial comments, and other deleted matter (sometimes referred to as "embedded data" or "embedded edits") in an electronic file but not make them apparent to the reader. Information describing the history, tracking, or management of an electronic file sometimes called ("metadata") is usually not apparent to the reader viewing a hard copy or a screen image. Whether this information should be produced may be among the topics discussed in the Rule 26(f) conference.

Litigation counsel will be required to do a great deal of work to be prepared to handle the discovery conferences. Due to the variety of information that may be electronically stored, counsel must understand a client's computer systems, data, and active and inactive (archival) data storage.

A duty to identify and preserve relevant records attaches when the company has a reasonable belief that it might be sued or become the subject of a government investigation or audit. The evidence that must be preserved is that which a party knows, or reasonably should know, is relevant in the action, is reasonably calculated to lead to the discovery of admissible evidence, is reasonably likely to be requested during discovery and/or is the subject of a pending discovery request.

One difficult task is making certain that electronic data is not altered after the requirement to preserve the information is triggered. The data on some computers is altered every time a document is opened. For example, dates may change resulting in an incorrect date for when a document was created, or previous changes to the document may be eliminated.

Another issue is identifying the key individuals whose electronic information must be provided. These are the individuals likely to have discoverable information that the disclosing party may use to support its claims or defenses, as well as information that is relevant to the subject matter involved in the action.

Once a party reasonably anticipates litigation, it must suspend its routine document retention/destruction policies and put in place a "litigation hold" to ensure the preservation of relevant documents. As a general rule, a litigation hold does not apply to inaccessible back-up tapes (disaster recovery tapes), but would apply to any accessible back-up tapes. Of course, there is an exception to the general rule. If a company can identify where key individual information is stored, the tapes should be preserved if the information in those tapes is not otherwise available.

Proper preservation of ESI is critical to avoid sanctions for the failure to preserve documents. A variety of sanctions may be imposed if: (1) the party having control over the evidence had an obligation to preserve it at the time it was destroyed; (2) the records were destroyed with a culpable state of mind; and (3) the destroyed evidence was relevant to the party's claim or defense. Potential sanctions include an adverse inference where the Court treats the documents as unfavorable to the party who failed to preserve them; exclusion of evidence; striking a pleading; awarding of attorney's fees and costs; or claims and defenses in very egregious cases.

Many companies fail to implement a strong compliance program that can prevent conduct that leads to government investigation, as seen from the examples above. The changes in the Federal Rules related to electronic information provide another strong reason for a comprehensive compliance program that includes a document management program. Companies should evaluate the state of their records management systems and revise them to address these new risks.

Published April 1, 2007.