A panel of four Dorsey partners and a compliance officer from 3M presented a panel discussion to a standing-room-only group of nearly 300 people at the Dorsey & Whitney Corporate Counsel Symposium on November 10, 2004. The panel presentation, entitled “Old Dogs, New Tricks: Changing Compliance Needs in a Post-Enron World,” was chaired by Dorsey partner and WCC group head Ed Magarian (Minneapolis). The panel members included Dorsey partners Mike Bellinger (New York), Chris Shaheen (Minneapolis), Nick Akerman (New York), and 3M’s Director of Business Conduct and Compliance, John Stoxen. The following is not a verbatim transcript but contains highlights from that discussion, followed by a summary of amendments to the Federal Sentencing Guidelines.
E. Magarian (moderator): You’ve heard the old adage that if you don’t like the weather in Minnesota one day, just wait for the next. When it comes to the world of corporate compliance it seems to be that if you don’t
like what the law is in one decade, just wait for the next. In the 1980s it was the era of discretion in sentencing. White-collar crime was treated far more leniently than it is today and most businesses did not have a corporate compliance officer.
The 1990s gave way to a new era, the era of sentencing guidelines, which became effective in 1991. Thus, in the early 1990s, white-collar crime became one of the top priorities of the Department of Justice.
On September 11, 2001, however, everything changed. On that day, the war on terrorism became the top priority, not white-collar crime. For about one year, the government appeared to divert substantial resources from white-collar crime and other priorities to terrorism.
But then Enron, Tyco, and Martha Stewart became front page news. Congress passed Sarbanes-Oxley. There were changes to the federal sentencing guidelines, as well as the New York Stock Exchange corporate governance rules. And the Department of Justice has again made white-collar crime a high priority. This renewed interest in white collar prosecution is encumbered with a new level of confusion regarding the federal sentencing guidelines following a recent Supreme Court decision.
Nick Akerman will first address corporate compliance in the pre-Enron era.
CORPORATE COMPLIANCE IN THE PRE-ENRON ERA
N. Akerman: Corporate compliance prior to Enron was dictated by the federal sentencing guidelines and their criteria for an adequate compliance program. If the company charged with a crime had a compliance program that met the guidelines’ seven standards, the compliance program would act as a mitigating factor in the company’s sentence. Furthermore, prior to the corporate federal sentencing guidelines, corporations could not be sentenced for more than a $25,000 fine. Under the federal sentencing guidelines in the 1990s, the bar was raised to $72 million for potential fines, and even left open the possibility that the company could be put on probation. These changes reflected the changing government view of the company being the perpetrator of the crime as opposed to being the victim of the crime.
E. Magarian: Mike, prior to Enron, what kind of resources were companies devoting to corporate compliance officers
M. Bellinger: Pre-Enron, the compliance officer in most major corporations was the general counsel, and it probably was 2% or 3% of what he or she did. But I think as we go ahead and talk about corporate compliance we have to realize that the sky is not falling. I think that if you have the corporate compliance elements that John Stoxen’s going to discuss in place, that’s a good thing, but there should not be a presumption of wrongdoing on behalf of companies.
E. Magarian: John, before Enron and before you became the Chief Compliance Officer over at 3M, was there somebody in your position who handled compliance? How did the process work?
J. Stoxen: If you look back at 3M’s program in the 1990s, we had an executive level senior oversight committee, but we didn’t have anybody carrying out initiatives on a day-to-day basis. In the 1990s, that was what every company did. A lot of companies made changes due to the 1991 sentencing guidelines, and then kept the status quo thereafter. At 3M we decided before the new sentencing guidelines amendments came out, but after Enron, that the environment was changing and we had to react to that. We commissioned a task force that created the day-to-day operational position that I’m in today. Like most compliance officers, I’m the first one at my company.
Now, this area is exploding. I was just at the Ethics Officer Association annual meeting, which is the largest group of compliance professionals in the U.S. They had over 600 people attend this year, which was double what they had last year. It’s a real emerging area – I recently saw compliance officer on the list of the top five hot jobs in America.
CORPORATE COMPLIANCE IN THE POST-ENRON ERA
E. Magarian: I think John makes an interesting point. To me what it illustrates is that companies are changing from having a compliance program on paper, to a brave new world of actually having someone spend all of their time on compliance. What were the catalysts that got us where we are today?
C. Shaheen: The two main catalysts were Enron and Tyco. Enron was a series of complicated partnership arrangements that were used to conceal debt and artificially inflate earnings. When all of this eventually came to light, Enron ended up restating its profits for 4 years. The result was a complete loss of confidence by investors, the bankruptcy of Enron, criminal convictions in several cases, and the possibility of more. I think what was a more significant outcome of Enron was the complete ruin of Arthur Anderson. There’s certainly a lesson there for all of us in terms of integrity and accountability.With respect to Tyco, the first criminal trial of Dennis Koslowski ended in a mistrial and he’ll be tried again. The primary issue in that case involves the use of company funds for personal use and concealing the diversion of those funds.
E. Magarian: Due to the ripple effects of Enron and Tyco, we’ve had some statutory changes. Nick, will you address those?
N. Akerman: Obviously Sarbanes-Oxley was the major watershed change here. As you all know, it required certifications by the CEO and the CFO on financials and if the government can prove that certifications were done with the intent to defraud, the criminal penalties here are staggering: 20 years in prison and high fines. Sarbanes-Oxley also codified certain codes of conduct that were already in the sentencing guidelines. It also created added responsibilities for audit committees, such as independent auditors, receptions of complaints, and whistleblower protections.
In addition, as of November 1 of this year, the federal sentencing guidelines were amended. They expanded the scope of a compliance program to include not only detecting and preventing possible criminal violations, but also to include the prevention and detection of unethical conduct and violations of the civil law. Furthermore, the federal sentencing guidelines now require the board of directors to exercise oversight of the compliance program, as well as money and resources for compliance. In addition, there now must be a mechanism for not only reporting criminal conduct but the company compliance program must also provide guidance for employees who have questions or concerns about the ethical way to conduct themselves.
Keep in mind, however, that the federal sentencing compliance guidelines are not mandatory. They are simply a mitigating factor in terms of whether the company is ever prosecuted for a crime. What the federal sentencing guidelines have done, however, is to set the gold standard for compliance that others have expanded are continuing to expand. Just last week, the New York Stock Exchange issued its corporate governance rules which pick up on what the Federal Sentencing Guidelines have done, and more. I think the New York Stock Exchange has adopted an extremely broad view of compliance and that this is really where the future is going to be taking us.
HAS COMPLIANCE GONE TOO FAR?
E. Magarian: John, in your role in terms of what you’re doing at 3M, do you think that compliance has gone too far or is this something that you think is good?
J. Stoxen: I don’t think the changes are bad, although you’re seeing a focus on unethical conduct, which is pretty controversial. When you look at the sentencing guideline amendments, the ad hoc commission did not recommend any changes having to do with ethical conduct. The sentencing commission itself red-lined in all the references to ethical conduct and are very insistent that they want a program that goes beyond mere compliance with the law to a program that supports an ethical culture. I think the reason you’re seeing that in the sentencing guidelines is because when they look at situations like Enron, they saw a company that had a fantastic code of conduct on paper, but didn’t take it seriously. So I think it’s a good thing. For 3M it made very little difference; we already had an ethical business conduct policy. But I think there are a lot of companies that made a decision not to address ethics in their compliance program and now have to re-evaluate.
E. Magarian: Mike, as you’ve heard from this panel, we are in a culture of promoting ethics, basically by threatening harsh consequences. Do you think we’ve gone too far?
M. Bellinger: My view is that it is very difficult to legislate ethics, and what we’re doing now is assuming there are bad things going on in the corporations. For instance, mutual funds and market timing is a big scandal now. But before Elliott Spitzer began this investigation the SEC never issued any regulations on market timing and mutual funds. Despite being legal, the guidelines are a stick over people’s heads when in fact, it is far from clear that anyone’s done anything wrong. I’m not so sure that this is the way that we should be heading. I think that the government has to be able to prove that there is wrongdoing. At the end of the day I think what these regulations do is scapegoat some individual, who is then thrown overboard to make sure that the corporation isn’t punished.
E. Magarian: If you are fashioning a compliance policy and you’re looking to protect the company, part of the problem is making employees take it seriously. What kind of challenges does that pose and how do you do it?
J. Stoxen: The biggest challenge is executive support for the program at the top of the company. At 3M we’re fortunate to have a CEO that never misses an opportunity to stress that we can’t cut corners legally and ethically. That message has to be continually driven from the very top of the organization if this is going to be successful. The example at the top is much more important than the words at the top so it starts with that and then beyond that it goes into issues like communication and education.
N. Akerman: Let me follow up for just a moment on what Mike said. There are some good things that do come out of this, and what can be considered as over-regulation by the government can be used for the benefit of the company. For example, if you put employment problems into a compliance program, it acts as an early warning system, which gives the company an ability to fix things and prevent employment disputes which can ultimately save litigation costs. It’s an opportunity to bring into the fold the HR function, the IT function, and the legal function to protect company assets. Nine times out of ten, the company is the victim, not the perpetrator of the crime so if programs are set up to detect crime you are in a better position to file lawsuits against people who perpetrate crimes on the company. Over the long run I think that you can see that these programs can pay for themselves.
E. Magarian: One of the issues you raised earlier was whistleblower protection under Sarbanes-Oxley. Sometimes you have companies that are confronted with an investigation, believe they know who the whistleblower is, and have to lay off or terminate that person. What does a company do in that position?
C. Shaheen: Well, I think it’s certainly been a boon to plaintiffs’ employment lawyers. If it’s a performance or downsizing related decision, you have to be extremely careful about letting someone go who claims whistleblower status. You can actually create additional culpability. Those issues have to be thought through and documented very carefully if you are going to make that decision.
N. Akerman: In fact, the definition that the Department of Labor uses now for whistleblower is extremely broad, so this has to be an HR topic.
E. Magarian: One of the things I will typically tell folks who are in that position is somebody in the end is going to have take responsibility for terminating the potential whistleblower and there is criminal exposure. Usually there are not a lot of hands going up to take that responsibility, and I think for good reason. The rules make it very difficult to make decisions for good business sense, and sometimes the whistleblower is involved in the underlying conduct that ultimately leads to the government investigation.
C. Shaheen: One of the most difficult issues that arises is that whistleblower status often arises after there is already a sense by the employee that their employment is in jeopardy and then it becomes viewed as a safe harbor by someone who is a problem already to your organization.
EVOLVING PRIVILEGE ISSUES
E. Magarian: The new federal sentencing guidelines indicate that the government wants companies to turn over the fruits of their labors at the end of the investigation. They want you to waive the privilege and provide all internal memos and witness interviews. What do you do about that?
M. Bellinger: I think that as a threshold matter you have to determine whether you’re going to give the government a road map as to what happened here while the class action plaintiffs are sitting right outside your door waiting to use it as a basis for their complaint. I think that is one of the challenges that we face now and there is a raging debate as to whether you conduct sanitized witness interviews or not. In at least one of our investigations we’ve instructed everyone to only memorialize the facts and not to put any impressions down in their memoranda. Those are the type of things that in the past I would have gone from soup to nuts and get every fact I could. Now I’m not so sure if companies want me to do that.
C. Shaheen: If you want to talk about the pendulum swinging too far, this is the most disturbing aspect. In the government's view if you don’t waive the attorney client privilege, you are not cooperating. Our clients are therefore being deprived of the kind of analysis in written form that they should get and the candor that should flow from that as part of a confidential relationship. Most of us have been creating memos that are somewhat sanitized. Certainly you can provide that information orally and not create a paper trail for plaintiffs’ class action lawyers, but it is fundamentally unfair to the client. For most companies the realistic choice is that you have to play ball with the SEC or U.S. Attorney’s office and waive the privilege. There aren’t many companies who are confident that they can survive a full-scale prosecution or the kind of public whipping that comes from an SEC investigation. If there is an effort to swing the pendulum back, that’s a place where I would want to start.
Selected Questions From The Audience.
WHEN DO YOU ADVISE EMPLOYEES TO GET AN ATTORNEY?
Q: Do these new dynamics affect when and if you advise the employees to get their own attorney?
C. Shaheen: I don’t think so; we always have to be very clear with employees when we interview them that we are representing the company and not the employee. Therefore, the employee is still left to decide whether to get their own attorney.
M. Bellinger: Well I think that the threshold decision is whether there is a conflict between the corporation and the individual. If in good faith, you can reach the decision that there is not, it is in the best interest of the corporation that you get to talk to this person before that person goes out and gets a lawyer. In my view, especially given the new federal sentencing guidelines, when we go in to see an employee, and if we’ve reached what I consider to be a good basis that there is no conflict, we try to persuade them to let us represent them. That seems to be the norm; you want the employees to talk to you and you want to make sure you know what they are going to say when the AUSA or class action lawyer calls.
WILL THE PENDULUM SWING BACK:ATTORNEY–CLIENT PRIVILEGE
Q: Given where the pendulum is now regarding privilege issues and legislating ethics, when you say the sky is not falling, are you suggesting that the pendulum will swing back?
M. Bellinger: I think that companies have to hold fast. It is highly unlikely at the end of the day that if you have corporate compliance procedures in place that the government is going to put the company out of business or it is going to sentence the company and then extract a high fine. If you press the AUSA and explain that this was an isolated incident, that your client has compliance programs in place, and that the company is responsible for feeding 5,000 families and for pension benefits, in my view it is unlikely that your client is going to be sentenced.
I think the pendulum will swing back. First of all, corporate America is not a cesspool of criminality. Second, I think corporate America is going to say "we want to comply with the laws, but now you have introduced things that are just fundamentally unfair." What is unfair is that if a company wants to hire outside counsel for an investigation, outside counsel may not write down the results of the investigation because the government may demand it and it will harm the client later. As far as I am concerned, that is unseemly.
J. Stoxen: I agree that this is probably the most disturbing element of the recent developments in how you run compliance programs. I proceed on the assumption that virtually everything I do in my job, even though I am a lawyer, has no privilege or protection from being produced in any litigation or government investigation. I think I am more likely these days to want to consult outside counsel when issues come up because that is going to create a better argument that things not be produced. I don’t want to be in a world where opinions and advice cannot be given to me in the most efficient mechanism possible because everything has to be an oral conversation. That is inefficient and makes it very difficult for us to do our jobs. So, if the pendulum swings back in one area, I hope that this is going to be the one.
E. Magarian: We have seen over the decades how there has been an ebb and flow of enforcement. But the sentencing guidelines speak to the waiver issue that we have been talking about. Basically, the guidelines do not require a waiver for credit, but what they say is that the waiver of privilege and work-product is a prerequisite for the cooperation score which would help lower the fine whenever such waiver is necessary to provide timely and thorough disclosure of pertinent information known to the organization. Now, does this language give you any comfort or do we have a situation here of an exception swallowing the rule?
M. Bellinger: Anyone who has negotiated with an AUSA in the last two or three years will tell you that generally the government has become increasingly rigid because of the sentencing guidelines. This is investigation by calculator. Given my experience with a number of different AUSAs, the language of the guidelines gives me no comfort whatsoever. Because of the federal sentencing guidelines—and federal judges have been complaining about this openly in their decisions and when they speak at seminars—sentencing has been taken out of the courts’ hands and now resides with the U.S. Attorneys’ Office. I think the U.S. Attorneys’ Offices have become almost fundamentalists, and so that language is totally meaningless.
WILL THE PENDULUM SWING BACK: INDEMNIFICATION
Q: One place where I think the pendulum has really swung too far is on the issue of indemnification of employees because a lot of regulators are saying that a decision to indemnify may be a sign of non-cooperation. Do any of you have any experience that may be useful to us in the decision of indemnification?
N. Akerman: There are certain state laws that actually require the indemnification. California requires indemnification whether you want to do it or not. Delaware law requires indemnification for certain employees. It is a very important issue because if the person winds up taking the Fifth Amendment you do not want the adverse inference being used against the company. One factor that is considered in determining whether the assertion of the Fifth Amendment privilege can be used against the company in a civil context is whether or not the company is paying the legal fees involuntarily. It is an issue you have to deal with in the beginning, but in some instances, you just do not have any choice.
WHEN DOES A COMPANY NEED A COMPLIANCE OFFICER?
Q: Based on your experience, how large does a company have to be now to justify a full-time compliance officer, regulated industries aside?
J. Stoxen: I can tell you that a lot of smaller companies that I am aware of have people with multiple hats, one of them being compliance. And in some cases, smaller companies still have the function with the general counsel. I think it is now the best practice to delegate that to someone else in recognition of the fact that the general counsel does not have the time to devote to this on a day-to-day basis. The sentencing guidelines do state, however, that it is okay to have the high level oversight person and the day-to-day operational person be the same person. What size justifies a larger full-time commitment is hard to say – I have seen companies with just a few thousand employees with full-time compliance resources.
E. Magarian: First, with regard to amendments to the sentencing guidelines, there is a much greater focus on smaller organizations getting credit for an effective compliance policy than there use to be. Second, what we have typically done when there is not an effective compliance policy is to tell the government that in addition to doing the investigation and cooperating, we are putting together a compliance policy and will make it effective. Certainly, the government and the guidelines take into account the fact the amount of resources a company has available. Even so, at the end of the day if the government finds a legal violation and they do not believe you have an effective compliance policy, you are not going to be where you want to be.
Certainly, the government and the guidelines take into account the fact the amount of resources a company has available. Even so, at the end of the day if the government finds a legal violation and they do not believe you have an effective compliance policy, you are not going to be where you want to be.
PREDICTIONS FOR 2005
E. Magarian: We have got probably less than two minutes, so I will start off with a prediction for 2005. My prediction is that the U.S. Supreme Court will declare in whole or in part the federal sentencing guidelines to be unconstitutional, but none of this will effect this corporate compliance issue in terms of an effective compliance policy.
J. Stoxen: One prediction I will make is that next year would be a great year to buy stock in an outsourced hotline company because I think a lot of companies are looking at their internal lines. The new requirements of anonymity and better tracking of the calls are pushing a lot of companies to look at options to provide a 24-hour a day, seven day a week, international line that all your employees can call to raise concerns.
N. Akerman: I think what is going to happen, as envisioned by the New York Stock Exchange rules, is that more companies are going to realize they can use these rules for their own benefit. They will start to trying to devise ways that they can use these compliance rules to protect their own assets and to minimize employment litigation.
C. Shaheen: I am going to go out on a limb and suggest that Elliot Spitzer will announce that he is exploring the possibility of running for a higher office than that which he currently holds (laughter and clapping).
M. Bellinger: My prediction is that the corporate compliance climate is going to continue to be clouded by human beings, and one of major clouds is going to be e-mail because you are never going to be able to stop your employees from sending sarcastic e-mails, which the government will use to prosecute.
E. Magarian: I want to thank the panelists and everyone for attending.