As part of a 2016 series examining global risk, Metropolitan Corporate Counsel convened a roundtable dinner on June 16 at Eleven Madison Park in New York to discuss issues related to crisis and reputational risks. It was the second of four planned dinners on the broader topic of global risk that the publication is cohosting this year with Clifford Chance, one of the world’s leading international law firms.
To promote candor and a valuable exchange of ideas that the participants and readers can benefit from, the series has been limited to a dozen general counsel and chief legal or compliance officers of large multinational corporations. A precondition for their participation was respect for their anonymity as well as the anonymity of their companies.
The 12 companies attending this year’s Global Risk Roundtable have combined annual revenues of $250 billion. They represent a broad swath of industries, including pharmaceuticals, energy, transportation, manufacturing, heavy equipment, and consumer and retail goods and services.
MCC publisher Kristin Calve kicked off by introducing Clifford Chance partners David DiBari (Americas Head of Litigation & Dispute Resolution) and Guy Norman (Global Head of Corporate), who are serving as her cohosts this year. DiBari prefaced the proceedings by underscoring the importance of mitigating “difficult, dangerous situations that can impact your reputation, your brand, your franchise,” then focused on the cautionary tale of a major international corporate that was hit by a major reputational and legal crisis for which it was entirely unprepared. According to DiBari, the cascade of errors following the event stem from the company's lack of a pre-existing crisis management plan. As a result, spokespeople for the company – up to and including the CEO – failed to properly position the company and presented themselves as unsympathetic and cavalier in the face of a calamity that had cost lives and livelihoods. Next, they blamed third-party contractors, whom they held up as the true responsible parties. Finally, they tried to minimize the damage in the minds of the public. Advance crisis management planning and training would not have prevented the disaster, but would have helped avoid the company's subsequent errors that made a bad situation worse.
“This is an example of how not to do it,” DiBari summed up, before introducing the main speaker. Former Department of Justice senior terrorism and national security prosecutor Edward O’Callaghan, a New York–based subject matter expert from Clifford Chance’s Litigation team, pursued the topic by highlighting the ways in which the corporate enforcement environment has changed since 2008’s financial crisis.
Prosecutors are “looking for opportunities to hold businesses and executives accountable” for catastrophic failures, noted O’Callaghan. “They want to see how criminal penalties can be imposed” on both companies and executives engaged in wrongdoing."
All this, he said, could render crisis risk more than a reputational issue, which would be dire enough. Now there is the very real risk of not just fines for companies, but also incarceration for company employees and officers all the way to the top.
Age of Enforcement
O’Callaghan’s expertise in this subject stems in part from his tenure as lead prosecutor on the United Nations’ Oil-for-Food program corruption scandal of the past decade. Intended beneficiaries of the humanitarian program were defrauded of $65 billion in aid that was corrupted through funds being funneled to unintended beneficiaries, including the Saddam Hussein regime.
“We wanted to get the bad guys,” O’Callaghan recalled. “We wanted to bring cases against criminal enterprises.”
He emphasized that many of the corporations that had some legitimate interests in the contracts in question cooperated with his investigation.
The Oil-for-Food allegations began surfacing in 2003, and it was 2010 before the prosecution was substantially completed. Over that span, disreputable practices in the financial sector triggered a recession that was felt broadly and deeply.
The average voter’s “perspective was that no one was held accountable,” for the wrongdoing that led to the financial crisis, O’Callaghan said. The public mood in part led to the passing of 2010’s Dodd-Frank Act, which granted regulators more latitude to pursue corporate misfeasance. Transference of anger over the financial crisis combined with the increased competition among federal entities to prosecute led to an environment, he said, where government officials are less particular about who gets targeted. The entire enterprise is now often held accountable for the crimes of relatively minor actors or a small criminal enterprise nested in the corporate organization chart.
DiBari pointed out that DOJ is “no longer the only bully in the sandbox,” nor is even the U.S. government as a whole. Malaysia, Indonesia, Switzerland, Hong Kong and Singapore have all flexed regulatory muscle lately.
“You can’t look at it from just a U.S. perspective anymore,” DiBari said. He pointed to a case for which DOJ might previously have cited a Brazilian company’s use of American depository receipts to raise capital as a reason why U.S. law should prevail, but instead it stood aside as Brazil’s authorities took the lead.
Still, the American enforcement environment continues to move in the direction of targeting senior leadership, according to O’Callaghan. There will always be individuals in organizations willing to operate in gray areas in order to generate profits, and those are where corporate counsel should focus their attention.
“What’s right on the line today is likely to be an enforcement area down the road,” O’Callaghan said.
Even the appearance of impropriety needs to be avoided. O’Callaghan cited the Justice Department’s recent prosecution of FedEx on narcotics and money-laundering charges for the standard business practice of delivering orders for online pharmacies. FedEx was one of few companies willing to put DOJ to the test of proving their allegations, and their resolve resulted in a mid-trial dismissal of all charges.
“DOJ will lean forward,” he said, even if “the evidence of criminality is far from compelling.”
The department has always had the investigative tools to make cases, he noted, adding that many of these more recent cases impacting a firm’s reputation are investigated similarly to traditional organized crime cases involving wiretaps and confidential informants. In the recent instances, the whistleblowers’ motivations might be similar to those of any other cooperating witness': the threat of imprisonment based on either related or unrelated charges, or of being deported on immigration offenses. Still, the act of testifying against one’s own employer might also stem from a vendetta against management.
Plan for the Worst
The risk of criminal prosecution, though, is just another reason to build a reputational risk plan, according to O’Callaghan.
A good place to start is heading off whistleblowers, without being considered obstructionist by government regulators. O’Callaghan recommended establishing an internal reporting structure that allows employees or other stakeholders to contact a compliance officer under the corporate aegis. As he put it, “They mustn’t believe their first and only good option is to go to the regulator.”
While he noted that hotlines are a good start, he urged executives to make sure that the right people are in place to assess and respond to reports of bad behavior.
These people would include representatives from media relations, government relations and labor relations, as well as outside counsel. Both human resources and information technology need to be at the table too, he added.
A discussion ensued around the table about one infamous example of lax oversight. The Libor scandal that came to light in 2012 – after many years of misconduct – might have been mitigated had the conspirators’ employers’ IT professionals been more proactive in the reputational risk management process. O’Callaghan noted that deploying the right technology may have more quickly uncovered which traders were spending a suspicious amount of time during the work day in particular chat rooms, or who were sending emails containing the string “let’s go offline” with the most frequency.
An HR as well as a Legal Issue
The banks’ HR departments, as the arm of a company that provides training and communicates corporate policy to employees, could also have helped more if they were properly enabled, DiBari noted. “What I did was for the good of the company,” as O’Callaghan quoted, was frequently incorrectly cited as a justification by traders after they were caught.
HR could also help devise incentive plans that reward good behavior. O’Callaghan recalled how pre-crash mortgage originators were compensated entirely based on the number of loans that they signed off on, not at all the quality of the loans being pooled and securitized as investment vehicles.
Of course, HR can be even more direct than that: Some people just need to be fired, or at least sanctioned in some way that sidelines them in their careers, O’Callaghan said. A decision might need to be made about whether to fire an employee outright or to induce their resignation, even if that means offering a settlement. In either case, it remains a judgment call whether and how to publicize these actions.
Part of the calculus around publicizing employee changes relates to European work councils, which might tolerate a “fact-finding” assessment but would protect their constituents vigorously if a named employee were to be formally investigated, according to one attendee.
The consensus of the table was that different cultures are going to have different perspectives on matters related to reputational risk – and will in fact define it differently.
DiBari pointed out that “what U.S. law requires might be bad manners” in another country. Even so, corporate headquarters need to understand the social dynamics involved.
“You can’t sit centrally and push out policy to the entire world,” Norman said.
There was broad agreement, though, on this point: Reputational risk management is not about changing hearts and minds. It is about compliance, and it can only be effectively instituted through careful oversight.
This last point means holding supervisors responsible for their employees’ malfeasance. The consensus at the table was that employees need to know that corporate policies are to be followed or sanctions up to and including dismissal will be dispensed. But by making bosses culpable as well, those front-line managers will ensure compliance by providing appropriate training and making adherence to the rules part of performance evaluations.
Norman brought up another reason for ensuring the chain of command’s buy-in: Although everything in the U.S. business environment gets channeled through corporate counsel, such is not the case abroad. In many trading partner nations, counsel’s role is defined much more narrowly.
Test the Plan
It is also critical to test the crisis response plan. Results of exercises DiBari characterized as “dawn raid training” can enhance the company’s capacity for risk assessment and provide gap analysis insights. The outputs of these tests are improved remediation protocols.
Perhaps the keystone of these protocols is, according to O’Callaghan, “Don’t destroy anything. No matter where in the world you are, if they’re raiding your office, they already know what they expect to find.”
These dawn raid exercises must be conducted periodically, especially within global enterprises where senior staff is frequently rotated. But even domestic managers benefit from occasional refreshers.
“It’s all about talented people making the right decisions,” O’Callaghan said. “They need to understand that, when you become a manager, your responsibilities grow, not shrink.”
This becomes an issue in the case of newly acquired overseas subsidiaries.
“They might try to control the information [about a potential crisis] locally and not pass it up the chain,” Norman said. “And for publicly listed companies, suddenly they have a very serious problem.”
Although O’Callaghan instructed the attendees to “never speak in absolutes,” in response to public reports of widespread corporate wrongdoing or catastrophic failures, he did offer one: Companies that find themselves in the midst of a reputational crisis “will get sued, and they will lose.”
The trick, then, is to lose with grace, which will expedite the road to rehabilitation and there are ways, he suggested, to do that:
- Even if you cannot stipulate to liability, you can and should express sympathy.
- Make sure that top executives are not seen sailing on yachts, taking ski vacations or jetting around on personal aircraft while people are dealing with misery caused by their company’s actions or omissions.
- Coordinate your public relations and legal functions, augmenting them with outside contractors as needed.
- Perform dawn raid training and other contingency planning exercises at least annually.
- Whenever possible, retain American lawyers because of the stringent U.S. privilege protections that allow for more candid internal communications and development of effective legal strategies and responses.
Published September 6, 2016.