1. What Is A Compliance Program?
Prevent and detect violations of applicable laws,
regulations, rules & ethical standards
–Process Oriented
–Minimize Risks
–Demonstrate commitment to Code of Conduct
–Foster ethical and pro-compliance culture
Analogy to Insurance Policy
• “You Get What You Pay For”

2. How Do You Establish
a Compliance Program?
• Review legal requirements
• Conduct a legal/regulatory risk assessment
• Identify areas of focus
• Ensure program meets Guidelines requirements
• Upgrade program where necessary
• Tailor-Fit Program to Unique Operations

3. Core Components of the Program
Legal & Regulatory Risk Assessment
Tone at the top
Processes developed and owned by business
leaders
– Woven into operations – not a “legal” program
Standards come from the laws of the nations in which you
operate
Training – consistent throughout business
Must measure, monitor and audit what is mandated
Reporting and investigations
Continuous improvement
Annual audit and periodic monitoring by an audit function
3

4. Risk Assessment
Where and What
 What behaviors are likely to get company in trouble with
government agencies?
Weighing legal risks
 Probability of occurrence
 Impact to business
 Adequacy of Existing Controls
Priority with other projects
Whose role(s)?
4

5. Risk Assessment Basics
• Legal & regulatory risk assessment is the cornerstone
Identify each business’ legal/regulatory risks
– Magnitude
– Frequency
– Location
– Existing controls to address
• Leaders’ expertise & input to identify & prioritize risks
• Develop teams and plans to address each top risk
• Ensure proper support for teams
• Regularly report on progress of each plan
• Risk Mitigation efforts must follow
– Cost Benefit analysis is critical

6. Detect & Cure Misconduct
Set up Procedures:
–Internal Reporting of Misconduct or Violations;
–Documenting Complaints;
–Investigating Complaints;
–Upper Management Reporting & Response
–Enforcing Program
–Improving Training (i.e. Self-Correcting)
6

7. “Principles of Federal Prosecution of
Business Organizations” (Sec. 9-28.300)
General Factors To Consider in Charging:
–Nature & Seriousness of Offense
–Pervasiveness of Wrongdoing w/in Corporation
–Corporation’s History of Wrongdoing
(Crim/Civ/Reg)
–Corporation’s Timely & Voluntary Disclosure

8. “Principles of Federal Prosecution of
Business Organizations” (Sec. 9-28.300)
General Factors To Consider in Charging:
–Existence & Adequacy of Corp’s Compliance
Program
–Corporation’s Remedial Actions
–Collateral Consequences
–Adequacy of Prosecution of Individuals or Civil
Actions

9. Goal: Understand & Influence
Prosecutorial Discretion
What is Root Cause of Problem ?
– A “Bad Apple” (Employee)
– A “Bad Orchard” (Organization / Culture)

10. Focus on Compliance Programs
Factors in Evaluating a Compliance Program
(among others):
–Corporate governance mechanisms to detect and
prevent misconduct, such as director’s oversight of
compliance
–Staff sufficient to audit, document, analyze and use
the corporation’s compliance efforts
–Employee’s knowledge of – and “buy-in” regarding
the compliance program

11. 7 Criteria for “Effective”
Corporate Compliance Plans (8B2.1)
1. Establishing compliance standards and
procedures that are reasonably capable of
reducing the prospect of criminal conduct
(i.e. written company policy statements and
policies approved by senior management or
board);
2. Assigning overall oversight responsibility to
specific individuals within high-level
positions (i.e. centralized compliance
activities and a compliance officer with
11 authority to monitor);

12. 7 Criteria for “Effective”
Corporate Compliance Plans (8B2.1)
3. Exercising due care not to delegate
responsibility to individuals who are
predisposed to illegal activities
(accomplished with a careful and well-
documented screening process for key
employees);
4. Effectively communicating the program's
standards and procedures to all employees
(i.e. adequate employee training);
12

13. 7 Criteria for “Effective”
Corporate Compliance Plans (8B2.1)
5. Taking reasonable steps to achieve compliance
with the standards (i.e. monitoring, auditing,
establishing best practices benchmarks, etc.);
6. Consistently enforcing the standards
through appropriate disciplinary
mechanisms (i.e. disincentives policy, range
of disciplinary measures );
7. Responding appropriately to an offense and
taking all reasonable steps to prevent
similar offenses, including any necessary
program modifications (i.e. authorizing or
13 conducting internal investigations)

14. Federal Sentencing Guidelines -
Criteria for Effective Programs
Size of the organization
– Formal program for larger companies
Nature of the business
– Highly regulated activities require greater effort
Prior compliance history
– Previous problem areas should be addressed
Industry standards
– Must meet or exceed industry standards

15. Lessons Learned from Convicted Corporations
• Most Adopt an Extremely Proactive & Pro-
Compliance Approach
(i.e. “Never Again” Mentality)
• Staggering Economic Losses
• Massive Investment to Regain Reputation
(** Don’t Lose It In the First Place **)
• Compliance = More Valuable Company

16. Traditional/Obvious Reasons for
Setting Up A Compliance Program?
Influence Prosecutor’s Discretion
–Argument for not bringing criminal charges (both
company & individuals)
Proof of “Good Corporate Citizenship” Merit Badge
• “If the Prosecutor Won’t Listen . . .
Perhaps a Jury Will”
Reduce penalties or fines

17. Elusive Reasons for Setting Up A
Compliance Program?
• Improve Overall Risk Management
• Improve corporate image with public,
employees, and community
• Increase value of company
• Provide for efficient management of
compliance costs

18. Why Does Compliance Really
Matter?
Penalty Reductions?
– (Only Part of the Story)
•Much More Significant
•Broader Applications –
– “Ethical Barometer” or “Surrogate”
– Better Management
18

19. Measuring
“Organizational Culture?”
What an Organization SAYS?
–Written Materials?
• Code of Conduct
• Plan & Procedures
What an Organization actually DOES?
–Measures/Monitors/Records
–Invests
–Incentives – Punishments & Rewards

20. Earning Your “Good Corporate
Citizenship” Merit Badge
• Does your corporation have compliance plans
/ ethics policies?
• Demonstrated commitment from
management?
• Who is in charge of compliance? Centralized?
CCO?
• Do you do sufficient background checks?
• Training?
• Anonymous Hotline?

21. Earning Your “Good Corporate
Citizenship” Merit Badge
• Implementation? Benchmarking?
–(objective monitoring /audit/enforce)
• Documentation?
• Plans to Respond to Incidents?
• Continual Improvements?

22. Indicators of Effectiveness
• Do employees support the company’s
compliance message?
• Do they believe management is fully
supportive of these messages, even when
business goals may seem to conflict?
• Do employees understand the procedures?
• Does the training work?
• Do employees fear reporting concerns through
the channels provided?

23. Establishing a Proactive Attitude About
Compliance
• Vigorous and visible management
support
• Compliance made a part of doing
business
• Consistent communication and
diligent implementation
• Targeted at high risk areas
• Empowered employees supported
by standards and training

24. Recommended Prescription
Try to Prevent, Detect & Correct Problems =
“Preventive Law”
Develop & Implement “Effective” Compliance Plans
• Previously:
» Presence = “Good Faith”
• Currently:
» Absence = “Bad Faith”

25. Deferred Prosecution Agreements
A Blessing or a Curse?
All the Punishment with no formal “guilt”

26. Prosecutorial Discretion Redux
Traditional Options for Corporate Targets
– Prosecute/Indict
– “Declination”
New Discretionary Tool
Deferred Prosecution Agreement

27. Deferred Prosecution Agreement (“DPAs”)
What is a DPA?
Why are they used?
Common Elements?
Recent Trends

28. Definition of DPA
A deferred prosecution agreement is
a voluntary alternative to adjudication
in which a prosecutor agrees to grant
amnesty (forego charges) in exchange
for the defendant agreeing to fulfill
certain requirements.

29. Common Elements in DPAs
• Publicly Filed
• Parties (with full authority/resolutions)
• Term (1-5 years)
• Information Filed (with offenses) –
Waivers of S.O.L.
• Admission of Wrong-doing (with
detailed factual basis)

30. Common Elements in DPAs
• Monetary Penalty Amount (Quite Hefty)
– Paid Up Front?
• Continued Cooperation (Broadly Defined)
• Compliance “Booster” & Review
• Governance Reform

31. Common Elements in DPAs
• Business Limitations/Restrictions
• Breach Clause
• “Non-Contradiction” Clause
Public Comments
• Mandatory Self-Reporting of Violations
• Dismissal of Formal Charges & Higher
Penalties

32. Addt’l Options in DPAs
– Strong written policy against violations
– Development of standards/procedures to
reduce violations
– Development of internal controls based on
risk assessments
– Annual reviews and updates of compliance
program

33. Addt’l Options in DPAs
– Designation of single corporate executive to
oversee compliance
– Implementation of financial/accounting
systems
– Stronger communications/training
– Clear channels for EE guidance and
confidential hotline reporting

34. Addt’l Options in DPAs
– Implementation of disciplinary procedures to
address violations
– Periodic review and testing of compliance to
improve effectiveness

35. Addt’l Options in DPAs
Appointment of Monitor
– Paid by Company
– Assessments and Report
– Unique Challenges
– Full Access
– Reporting Authority to Gov’t
– External Efforts to Transform Corporate
Culture

36. Deferred Prosecution Agreement
Good News:
– No Criminal Prosecution (. . .unless)
– No Automatic Corporate Death
Sentence (Loss of Jobs)
– Less Harm to “Innocent Stakeholders”
• (Remember Arthur Andersen ?)
– No costly or lengthy/distracting trial

37. Deferred Prosecution Agreement
Bad News:
– Everything but Formal Indictment
– Negative Stigma / Binding
Admissions / $$
– External Probing / Monitoring

38. Conducting Cost-Effective
Internal Investigations
Who & When to Call?
What to do first?
How to Protect?
38

39. Responding to “Trouble”
♦Make Preliminary Inquiry & Assess “Temperature”
♦Initiate Internal Investigation
♦Take Corrective Actions: Stop the Bleeding
♦If Conduct Internal Investigation, Assess Pros & Cons of:
1) Disclosure of Issues; and
2) Voluntary Cooperation
39

40. Fundamental Questions:
What is an Internal Investigation?
Why Conduct One?
When to Start Internal Investigation?
Who Should Conduct the Investigation?
Where Do You Start?
How Much Will It Cost?
Who Needs to Approve & Who Needs to Be Involved?
When Does It Need to Be Completed?
What is Result?
Where Does Report Go?

41. What is An Internal Investigation?
As the name implies:
– Any inquiry conducted internally
(in contrast to external governmental)
“One Size Does Not Fit All”:
– 1-day / 1-witness
– Multi-year; multi-witness; document-intensive;
expert-intensive.

42. Internal Investigations
Disclosure Obligations?
• First . . . Is Disclosure Mandatory or Voluntary?
• If Voluntary . . . Whether to Disclose?
• If so . . . What to Disclose?
–Nature of error/wrongdoing
–Evidence of intent
• To Whom?
• What Format?

43. Why Conduct An Internal Investigation?
What is Purpose?
Information is Power
Better to Know About the Problems First
Find it all - “Good, Bad, Neutral”
Allows Full Investigation & Corroboration
Limit Exposure
Gives Time to Contemplate Strategy Options

44. Reasons to Conduct Internal Investigation
•Fulfill duties of directors and managers;
•Gather critical facts and prepare for possible legal
defense;
•Review & revise accounting procedures and internal
controls;
•Modify compliance program;
•Influence prosecutorial discretion;
•Mitigate penalties (civil & criminal)
•Provide recommendations and legal advice

45. When To Start ?
Judgment Call
– Accountable for Choice
Who is Making Accusations?
How Serious are the Allegations?
Any Corroboration or Support?
How Readily Refutable?
In short – Start When Stakes Are “High Enough”

46. Before You Start:
Plan to Control the “Spin”
Since Internal Investigation = “Rumors” Prepare
Company Response to Employee Questions:
1) Preliminary Nature of Investigation
2) Company’s Willingness to Cooperate
(if applicable)
3) Company’s Own Efforts to Investigate and Gather
Reliable Facts; and
4) Other Positive/Accurate Aspects of Company

47. Document Retention Advisory
Suspend Document Retention Policy
– Stop Auto Deletion of Electronic Files
– Stop any Auto Destruction of Archived Files in Long-
Term Storage
Give Contact Information
– If Called by Investigators
– For Follow-up Questions
Update the Document Advisory As Needed

48. Document Retention Advisory
Distribution List (who to send it to?)
What types of docs (drafts, duplicates, etc.)
Make Clear the Policy Applies to Work on
Personal Computers or PDAs
Topics Covered (be over-inclusive)
Documents Outside Workplace
Confidentiality of Investigation

49. Where Do You Start?
(General Overview)
Determine Nature of Allegations, Issues & Potential
Violations
Consult with Management re:
Background Information re: Allegations/Misconduct
Potential Sources of Information
Develop an Investigative Strategic Plan
Assemble the Team
Address Means of Supervision

50. Where Do You Start?
(General Overview)
Develop Facts Through Document Review &
Interviews
Prepare Chronologies
Prepare Witness Lists
Prepare List of Disputed & Undisputed
Facts
Prepare List of “Hot Docs” (Positive &
Negative)

51. Where Do You Start?
(General Overview)
Develop Legal Issues/Defenses
Protect Legal Privileges
Assess Potential Conflicts of Interest
Between Company & Employees

52. In Short:
What Happened?
Who Was Involved?
Who Knew What?
Is it a Regulatory Violation?
Is it Criminal?
What is the Potential Legal Exposure?
Any Grounds for Defense?

53. Investigative Plan
Scope and Purpose of Investigation
Secure Relevant Documents
– Retention Memo – “Don’t Destroy Anything”
– Electronic Files & Evidence
– Archives, etc.
Identify Relevant Witnesses
– Who? Why? When?
– Remember “2 Witness Rule”
Experts & Consultants

54. Who is the Client?
Seems Obvious
Important to Identify Early
– Corporation
– Board of Directors
– Group of Executives
– Individual Executive
– Everyone . . . Initially ?

55. Who Should Conduct?
Various Options
– In-house
– Outside Counsel
– Blended Legal Team
Factors to Assess
– Familiarity with Issues/Regulations
– Objectivity/”Fresh Eyes”

56. Assemble Team
Attorneys & Investigators
In-house Personnel and/or Outside Counsel
– Advantages & Disadvantages for each
Role of Non-Lawyers

57. Coordinated Victory:
Be Efficient & Effective
Isolate Roles & Strengths
– Company Client Role
– Lawyer’s role
– Expert/consultant’s Role

58. Client’s Role
Teach You all About Their Business
- You Must Know More Than Your Opponent
- Most Opponent’s Don’t Know Client’s
Business (Use This Advantage)
- Case a Wide Net for Information
♦ You Never Know When you Will Use It.
- Teach You about Company Resources,
Organizational Structure, Policies,
Employees, Record-Keeping, Etc.

59. Lawyer’s Role
Educate Client about Business Crimes or Civil
Liability
– Severity & Consequences
– Not About Being A “Bad Person”
– Need for Complete Candor

60. Role of Investigator, Expert or
Consultant
Case-Specific Inquiry:
– Typical Issues
• Positive Character Evidence
• Customary Practices in Industry
• Background on Informants

61. Typical Defenses
Legal
- No Substantive Violation
- Lack of Intent/Knowledge
Equitable
- Good Faith/”Good Corporate Citizen”
♦ Don’t Just Claim it – “Show It”/Corroborate
- Criminal Prosecution is Overkill
♦ Use Civil as Punishment

62. Government Perspective on
Internal Investigations
Government Loves Disclosure
– Saves Resources
– Barometer of “Good Corp. Citizenship”
– Company is in Best Position to Get Facts
Credibility is Key
– Reputation of Lawyer Conducting Investigation
– Independence of Lawyer

63. Another Goal: Accurately Characterize
Conduct in Question
Government: “Assumes the Worst”
Defense: Provide Context &
Proper Perspective
Key Analogy: Gathering Bad Apples
in Orchard

64. Who Needs to Approve?
Who Needs to Be Involved
(in Supervising & Reporting)
Board of Directors (if Public Company)
– Or Committee
Management – Key Executives
Importance of Pre-Approval:
– Genie Out of Bottle
– Post-Hoc Finger-Pointing
– Consequences of Probing

65. When Does It Need to Be Completed?
Depends upon:
– Seriousness
– Context
– Resources
– Externally Imposed Deadlines

66. What is Result?
Oral Findings & Oral Report
Written Summary
Formal Written Report

67. Keys to a Successful Document Review
•Get an Overview of Allegations
•Develop a Plan
•Use Company Resources to Identify All
Records
•Keep Track of Document Review Process /
Inventory

68. The Paper Trail
Three Critical Steps:
– Retain
– Collect
– Analyze
Unique Quality of Documents as Evidence
– Fixed in Time (unlike witness memories)
– Potential to Corroborate
– “Tie Goes to the Version in the Docs”

69. Collecting Documents
Finding the Relevant Documents Can be an
Adventure
– Look in Logical Places
– Get Advice from In-House
• Send Out Document Collection Memo
• Document Collection Interviews
– One-on-One
– ID Types of Documents
– Brainstorm (Where? Who else might know?)

70. Collecting Documents
File Rooms & Long-Term Storage
Electronic Files
– Searchable ?
– Possible Outsource (if needed)
Track the Documents Collected
– Keep a Record of Source of Each Document
• Tracking Sheet (Privileged & Confidential)
– Employee
– Location of Doc (hard copy, electronic, etc.)
– Consider Bates Labeling as Docs are Collected
• But “Gaps” can be problematic with suspicious AUSA

71. Analyzing Documents
Traditional Approach:
– Keep original documents in original order and
original files
– Use copy sets for analysis and re-organization
Arrangement Options:
– Chronological
– By Witness
– By Subject/Topic
Hi-Tech Options – Imaging/Coding

72. Protect Privileges
Counsel Must Direct Investigation
– Attorney-Client Privilege
– Attorney Work Product
– Self-Evaluative Privilege
Engagement Terms & Upjohn Letter

73. Following the Paper Trail
Have the documents during the witness interview
– Refresh witness recollection
– Allows specificity
– Prevents “Weaseling”
Be Wary of Reaching Any Conclusions without Analyzing
Relevant Documents
– Lose instant credibility with Gov’t if your initial
predictions/assessments are proven wrong by docs

74. Employee Interviews
•Review Ethical Checklist Before Conducting
Employee Interviews (Corporate Miranda)
•Explain Purpose & Subject Matter of Interview
•Develop Rapport & Level of Comfort
•Avoid Even the Appearance of Obstruction or
Influencing Witness Testimony

75. Employee Interviews
Anticipate Government’s/Opponent’s Perspective
- Ask the Hard Questions
- Clarify Basis for Opinions & Information
- Request Corroboration
- Request Additional Leads
Inform Employees of Rights re: Gov’t.
Investigation
Prepare Written Summaries

76. Obstruction of Justice
Don’t Do Anything That Even Has Appearance !!
Types:
– Witness Tampering
– Document Destruction
– False Entries