Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Shop Talk: Conducting Internal Investigations

Jaclyn Jaeger | October 11, 2011

With the Securities and Exchange Commission now offering whistleblowers hefty rewards to come forward with tips on corporate misconduct, compliance officers will have to work harder to stay informed of potential wrongdoing.


The following executives participated in the Sept. 20 roundtable on internal investigations in the wake of SEC whistleblower rules.

Carolyn Campbell,
Deputy General Counsel & Corporate Secretary,
Quanta Services

Rhonda Carroll,
Chief Compliance Officer & Corporate Secretary,
Encore Bancshares

Jerry Courtney,
VP, Compliance & Internal Audit,
Petroleum Geo-Services

Luis Derrotta,
Associate General Counsel,

Laura Doerre,
General Counsel,
Nabors Industries

Jay Martin,
Chief Compliance Officer,
Baker Hughes

Kevin McMahon,
Chief Compliance Officer,
Calpine Corp.

Paul Mitchell,
Andrews Kurth

Matthew Nielsen,
Andrews Kurth

Larry Parsons,
Chief Ethics & Compliance Officer,
Freescale Semiconductor

Jackie Phillips,
VP, Ethics & Compliance,
Spectra Energy

Stephen Shelton,
VP, Internal Audit,

George Smith,
Regional Head, Business Integrity Dept., Americas,
Shell International B.V.

José Tabuena
VP, Compliance & Risk,
Texas Health Physicians

For More Information on Compliance Week Roundtables

At the other end of the spectrum, most employee complaints are seemingly minor incidents reported to human resources or a local manager, where the matter is often resolved without the legal or compliance department ever knowing about it.

How can compliance departments remain in the middle of those forces? That was the topic at Compliance Week's most recent editorial roundtable in Houston, co-hosted with law firm Andrews Kurth. A dozen compliance, legal, and audit executives talked about the need to reach underlying issues—whether they are employee complaints about coworkers, or evidence of potential fraud and corruption—and decide how to launch an internal investigation.

“The problem is you don't know when that ‘routine' investigation is going to turn into a non-routine investigation,” said participant Laura Doerre, general counsel of Nabors Industries. “It can be concerning if you don't have the right people recognizing red flags.”

As a matter comes to light, one of the biggest challenges is deciding early whether it warrants an investigation—and if so, who should conduct it and how it should be managed. “You're making a decision with very limited information, and it's going to be judged with 20/20 hindsight,” Doerre said. “You don't want to over-allocate resources, but you certainly don't want to under-allocate resources and not have the right group looking into a matter.”

Even worse, investigations are growing longer and more expensive, especially if they involve overseas operations, such as an investigation into Foreign Corrupt Practices Act violations, panelists said. “Certainly the distance, the cultural and language differences, and the differences in available information, can make it challenging in some instances to conclude investigations as quickly as we would like,” said Stephen Shelton, vice president of internal audit for KBR, a global engineering, construction, and services company.

Step 1 is to determine whether a reported problem is a one-time indiscretion that can be addressed unto it or indicates a deeper systemic issue that needs further scrutiny. One roundtable attendee gave the example of a manager constantly keeping for himself sports tickets that a vendor provides. Employees might complain about that, but HR departments will often view the problem as poor management skills and prescribe sensitivity training—ignoring the possibility that the sports tickets may merely be one sign of a manager who's taking kickbacks from other sources as well.

Attendees agreed that a series of mundane hotline calls can also indicate a deeper problem when a pattern emerges. For example, a particular division generating lots of complaints may signal a management problem. “There is some reason why those people are calling the hotline,” Doerre said. “From that standpoint, it's helpful for compliance officers to see the bigger picture, even though a lot of the actual investigative work may not rise to the level of something we may handle.”

Failing to recognize patterns in the minor complaints can allow time for small problems to become big ones. A more recent compliance department worry, however, is not getting the big complaints at all. Roundtable participants were united in their concern that the new SEC whistleblower program will encourage employees to take their information directly to the SEC, bypassing internal reporting systems.

Participants discussed the idea of requiring employees first to report any problems to the company before going to a regulator. Some disagreed with that notion; disciplining an employee for failing to report misconduct, they said, seemed like an invitation for an anti-retaliation complaint.

That doesn't mean companies don't have options. Paul Mitchell, a partner in the litigation practice at Andrews Kurth, suggested that companies require employees to sign an acknowledgment each year that they have not violated any anti-fraud policies and are not aware of anyone else having done so. If an employee then blows the whistle, the company has “a lot more credibility” during an investigation with those written acknowledgments in hand, he said.

In many cases, companies can alleviate the fear of an employee going to the SEC with a complaint before reporting internally via an effective compliance program and strong assurance from the highest levels that whistleblowers will be protected and reported problems will be addressed, said Matthew Nielsen, a partner in Andrews Kurth's Corporate, Compliance, Investigations, and Defense practice. “That's where companies should focus, setting that right 'tone at the top,' and having that filtered through the organization,” so employees know whom to report matters to and feel comfortable doing so, he said.

“We definitely want to encourage employees to report internally before going externally,” said Larry Parsons, chief ethics and compliance officer of Freescale Semiconductor. “There are a number of things you can do to make that happen.”

“The problem is you don't know when that ‘routine' investigation is going to turn into a non-routine investigation,” said participant Laura Doerre, general counsel of Nabors Industries. At left is Baker Hughes CCO Jay Martin.

Anadarko Associate General Counsel Luis Derrotta speaks to the panel (right). On his right sits Larry Parsons, chief ethics and compliance officer for Freescale.

Freescale, for example, includes a statement in its Code of Business Conduct and Ethics encouraging the reporting of misconduct, Parsons said. The code also assures employees that they'll be free from any retaliation for making a good faith report to Freescale's hotline.

“We also specifically address our managers in the code and let them know that we hold them to a higher standard when it comes to recognizing and addressing inappropriate conduct,” Parsons said.

Roundtable participants also discussed the idea of providing incentives for employees to report wrongdoing internally, which drew mixed reactions. “In addition to finding that a little distasteful, I don't know that it would be that effective,” said one executive. “We certainly can't compete with the amount of money the SEC is offering.”

Some companies already provide built-in incentives for employees to report problems. At Freescale, for example, if an employee raises a safety concern or a financial issue that ends up preventing injury or saving the company money, that is factored into the employee's performance evaluation and could lead to a larger bonus, Parsons said.

“We made only a few changes to our programs as a direct result of the whistleblower rules,” Parsons continued. “We felt we already had most of the things we needed in place.” Freescale's focus is on effective communications to ensure employees understand the internal avenues that are available to them to report issues and that those issues are investigated and addressed, he said.

Some participants said they were waiting to see how early cases in the SEC's whistleblower program proceed before they make too many changes. “It's really too early to tell what the impact of the new whistleblower program is going to be,” Mitchell said. “Our best information is that the SEC is inundated with letters right now, and we just don't know the status of their process of those whistleblower letters.”

SEC Investigations

Roundtable participants also discussed how the new enforcement regime has changed the way the SEC performs investigations. For some, a big challenge is simply time. Investigations used to wrap up in nine to 15 months. Now, they can last two years or more.

The SEC is dealing with more cases and fewer staff, “so its resources are probably stretched a little thin, and things are taking substantially longer than they have in the past,” Nielsen said.

Indeed, investigations can now last so long companies don't know whether the probes are actually open or closed. Calling the SEC to ask was an idea nobody seemed to relish; instead, they wished for some sort of “death notice” from the SEC indicating that an investigation was over. “Knowing when an investigation has been fully completed is always a bit of a mystery,” said one executive. “The SEC may investigate, and then you may not hear from them for months. You don't know if that means the investigation is closed.”

Attendees also discussed whether a company should self-report misconduct it discovers to the authorities—especially since employees might now report something that the company normally would not. An immaterial matter where the company pinpointed the control failure and took remedial action need not be disclosed, Mitchell said. On the other hand, any matter involving larger amounts of money—say, $1 million—should be reported no matter what, he said.

Rhonda Carroll, Encore Bancshares chief compliance officer, and Petroleum Geo-Services VP, Compliance & Internal Audit Jerry Courtney tune in to the discussion.

Many attendees, however, lamented that the SEC does not provide a clear threshold for what constitutes a “material” problem. Is the threshold for materiality a fixed amount of money? A fixed number or level of executives? Misconduct in a certain part of the world, or a certain type of misconduct, like overseas bribery? “There is no traffic ticket with the SEC. The speed limit is unknown,” as one compliance officer put it.

What qualifies as a material problem depends on the matter at hand, Mitchell said. “If it's the [Foreign Corrupt Practices Act], which the SEC is very heavily involved in today, any violation is going to be something that needs to be looked into,” he said.

The good news, Shelton said, is that over the last five years companies on a global scale have shown a “much greater awareness and acknowledged commitment to anti-corruption procedures.”

Awareness of the FCPA and similar anti-corruption procedures issues continues to expand, Mitchell agreed. “More companies are putting in place sophisticated training and controls as these issues continue to be at the forefront of the SEC and DOJ's agenda,” he said.

While the effects of the SEC's whistleblower program are still unclear, Nielsen predicted that the SEC will start making more informal inquiries, sending companies voluntary requests for information based on the tips they receive, he said. “Companies, when they receive these, need to take them very seriously.”