Corresponding with Cornelius

one_financial_center_boston

Here are some of my recent comments on some other blogs or other websites that allow comments.

I am happy to have you leave comments at Compliance Building. But if not here, take a look at what other people are saying. Join me in the conversation over there.

What Would You Do?? by Heather Milligan of The Legal Watercooler

Heather comments on the $80,000 paid vacation offered by Skadden posting, if I were a Skadden associate, I would take this opportunity to explore my passions. Perhaps law is it … but maybe not. Why not take this time to figure it out while you are young and relatively unencumbered? I commented that law schools should seize the opportunity and offer some specialty programs to provide some additional specialized education to these lawyers with time on their hands.

Obama Knows Where the Wild Things Are

Over on  my personal website, I found a video of President Obama reading Where the Wild Things Are.

Personal, Private, Professional, Public by Mike McBride of The Many Faces of Mike

Chatting about my 4Ps of publishing to the internet

What I’d Do: Part 2 – First We Focus On The Client by Francine McKenna of re: The Auditors

Francine has a great discussion about the divided loyalties of auditors and the effects of the recent reductions in their workforce.

Catch the Wave: Client Data is Becoming Cloud-Bound by Gary Levine on Capitalization Matters

Gary looks at some of the ways law firm client information is moving into the cloud, including my post on extranets.

Image is by Solarapex published on Wikimedia Commons and made available through a Creative Commons license: One Financial Center (Boston)

Risk Assessment – Getting It Right

pwc

PricewaterhouseCoopers LLP sponsored this webcast: Corporate leaders have long recognized that the pace of change continues to increase in velocity, thus challenging management’s execution of the business’ strategic and tactical plans. Enterprise Risk Management (ERM) is a management tool that can be effective in identifying and assessing the risks that come with change and allow management to respond to their organization’s changing risk profile in a timely fashion. The speakers were all from PricewaterhouseCoopers LLP:

  • Joseph C. Atkinson, Principal
  • Brian Brown, Partner
  • Peter Frank, Director
  • Catherine Jourdan, Director

These are my notes.

Why focus on risk? Changes in the marketplace and the world economy has given the perception that the world is a riskier place. That may or not be true. But people are more focused on risk. It seems that poor risk management had a role in the recent economic troubles. Joe advocates that risk assessment should be integrated into business processes.

Brian took over and focused on defining risk and risk management. “Risk assessment is a systematic process for identifying and evaluating the events that could affect the achievement of an organization’s objectives, both positively or negatively.”

Risk Assessment can be mandatory or voluntary. Anti-Money-Laundering, Basel II, and Sarbanes-Oxley compliance all require formalized risk assessment and focus on such processes as monitoring of client accounts, operational risk management, and internal control over financial reporting. Often it also voluntary, driven by business needs, to assess development opportunities, talent retention, operational efficiency and performance improvement.

There are three primary frameworks for risk management: COSO‘s ERM requirements, Federal Sentencing Guidelines, and OCEG’s Red Book.

Peter took over and focused on the challenges to an effective risk assessment. Common business challenges include:

  • Risk assessment is viewed only as an episodic initiative, a required report that needs to be updated
  • An inordinate amount of effort is invested in gathering data and information, and the volume is difficult to interpret and leverage in a meaningful way for executive leadership
  • The risk assessment is viewed as a conclusion of the process, rather than a starting point.
  • Risks are identified and risk mitigation practices are emphasized without meaningful understanding of impact, causing some risks to be over-controlled and stifling innovation
  • Risk assessment is viewed as an additional function or department, not as an integrated management capability to embed in day-to-day activities
  • Accountability for risk management and performance management resides in silos
  • Multiple risks assessments are performed, using different definitions and measurements of risks, creating confusion and making confident action impossible

Catherine moved on to the six essential steps to performing a risk assessment.

  1. Identify relevant business objectives
  2. Identify events that that could affect the achievement of objectives
  3. Determine risk tolerance
  4. Assess inherent likelihood and impact of risks
  5. Evaluate the portfolio of risks and determine risk responses
  6. Assess residual likelihood and impact of risks

Joe came back to conclude that “risk assessment discipline should be embedded in the organization’s regular business processes and yield valuable information to support decision-making to help systematically link risk, reward, and performance management.”

Corporate Miranda for Internal Company Investigations

agent_reads_the_miranda_rights_As in-house counsel are often the ones starting an internal investigation, they need to be mindful of the same issues that appear when outside counsel are conducting an internal investigation. I wrote about the referral for discipline in the Ruehle case and the malpractice claim in Pendergast-Holt investigation in Attorney-Client Privilege and Internal Investigations.

It is even more important to clarify that the in-house counsel represents the organization. Employees are often used to dealing with in-house counsel as colleagues and give little regard to who they actually represent. After all, it is natural for employees regularly interacting with with in-house counsel to view them as their lawyer. Under the ABA’s model rules, Rule 1.13 (f) requires:

In dealing with an organization’s directors, officers, employees, members, shareholders or other constituents, a lawyer shall explain the identity of the client when the lawyer knows or reasonably should know that the organization’s interests are adverse to those of the constituents with whom the lawyer is dealing.

It is important to keep notes that you made the disclosure. Part of the issue in the Ruehle case and the Pendergast-Holt investigation is over what was said to the individual employees regarding representation. Treat the clarification statement as a “Corporate Miranda.”

Does the employee then have the right to remain silent? The Miranda rights under the Fifth Amendment are a limitation on the government, not a private company. The employee can remain silent, but you can terminate the employee for not cooperating. Of course it is good practice to let the employee know ahead of time what the consequences are for not cooperating.

Do they have the right to attorney? Again, the Miranda rights under the Fifth Amendment are not a limitation on a private company. There is a practical question about how you want to treat employees and whether the responses will be better if the employee talks with a lawyer before answering. It is probably better to give the employee a reasonable amount of time to get their own lawyer.

One aspect of the Miranda warning does come into play. What the employee says can be used against them.

What if they can’t afford an attorney? Back to the statement that the Miranda rights under the Fifth Amendment are not a limitation on a private company.

But corporate law does come into play for attorney costs. Under Delaware corporate law, a Delaware corporation must indemnify an officer or director who is successful on the merits or otherwise in the defense of a qualifying claim. (see §145 (c) of the Delaware General Corporation Law) In addition to the required indemnification, a Delaware corporation may indemnify individual employees for expenses incurred “if the person acted in good faith and in a manner the person reasonably believed to be in or not opposed to the best interests of the corporation, and, with respect to any criminal action or proceeding, had no reasonable cause to believe the person’s conduct was unlawful.” (see §§145 (a) & 145 (b) of the Delaware General Corporation Law) Then there are often contractual arrangement with senior management for indemnification and a D&O insurance policy that may trigger the payment of defense costs. Other types of entities and other states’ laws that may have different treatment of defense costs and indemnification.

It is important to set up guidelines and protocols for investigations. Has your organization put together its own Corporate Miranda?

See also:

Image is from Wikimedia Commons:CBP Border Patrol agent reads the Miranda rights

Dishonest Deed, Clear Conscience

logo-hbswk-home

In the world of compliance, you may sometimes wonder if that code of ethics really works. Lisa L. Shu, Francesca Gino, and Max H. Bazerman presented their research that a code of ethics really can reduce bad behavior: Dishonest Deed, Clear Conscience: Self-Preservation through Moral Disengagement and Motivated Forgetting.

Their studies provided evidence that morality and memory function as sliding scales and are not fixed dimensions of a person. They found that once people behave dishonestly, they disengage, setting off a downward spiral of future bad behavior and increasingly lenient moral codes. They also found that this slippery downward slope can be counteracted with ethical codes, that increase awareness of ethical standards.

If a situation permits dishonesty, then you should expect dishonesty. At the same time, merely reminding employees about established ethical codes, could counteract the effect of a permissible situation.

See:

It’s Tax Day – Are You Tempted to Cheat on Your Taxes?

no_irs

The American tax system is a good test case for cheating. We know it’s good to pay taxes because the government does lots of good things for us. At the same time, we have a selfish desire to pay as little in taxes as possible.

Our tax returns are self-reporting for our income and characterization of our deductions. We police ourselves, knowing that there are criminal penalties for not reporting income and the threat of an audit. With increasingly computerized reporting systems, the IRS seems to know lots more about our income.

The IRS has three dimensions of tax compliance: filing, payment, and reporting. Filing compliance refers to whether taxpayers filed required returns in a timely manner, or at all. Payment compliance considers whether taxpayers paid their reported tax liability in full on a timely filed return. Reporting compliance addresses the accuracy with which taxpayers report their tax liability to the IRS.

Math errors increased from 2.98% in 1996 to 7.63% in 2002, while under-reporting decreased from 1.23% to 0.86%

Have you finished your taxes? The compliance numbers show that you need to double-check your math.

See:

Image is from Wikimedia Commons: No IRS.

The Impersonator – How Attorney Marc Dreier Bilked Investors Out of Millions

dreier

We live in an age of white-collar villains. But of all the financial bad guys out there, Marc Dreier is arguably the single greatest character of them all. Bernie Madoff may have stolen more money. Dick Fuld may have caused more systemic damage. But it’s Dreier alone whose story reads like the stuff of Hollywood. Dreier isn’t just accused of swindling more than $400 million from thirteen hedge funds. Prosecutors say he carried out the deception by inventing $700 million in financial assets out of whole cloth, staging fictional conference calls, and impersonating executives, sometimes personally, sometimes with the help of an associate, all while snapping up Warhols and waterfront homes, partying with pop stars and football players, and chasing an endless parade of much-younger women. He also allegedly stole some $40 million from his clients’ escrow accounts, a brazen legal sin. Unlike Madoff, who worked from behind the scenes in the Lipstick Building, Dreier took a starring role in his own financial drama. Where Madoff was outwardly quiet and self-effacing, Dreier was openly egotistical, even smug. He seemed to think he could lie to his victims’ faces and get away with it, to thrill, even, in the art of deceiving people. It’s been suggested that Bernie Madoff was a pathological liar. With Marc Dreier, there appears to be little doubt.

This paragraph comes from a great article in New York Magazine by Robert Kolker: The Impersonator. Like Bernie Madoff, Marc Dreier bilked unsuspecting investors out of many millions of dollars. But Dreier did it with flair.

The photo of Dreier with Michael Strahan is from the free content collection of Newscom.

Red Book 2.0 Released by OCEG with the GRC Capability Model

oceg_logo1

The Open Compliance and Ethics Group has released the second version of its Red Book about compliance models. OCEG’s Red Book 2.0 provides a guide for implementing and managing a GRC system or aspect of that system. That means Governance, Risk, and Compliance. Red Book 1, which came out in 2005, focused on “getting the compliance house in order.” This version takes a more holistic approach of incorporating the various elements as part of business processes.

It weighs in at 255 pages so I have lots of reading ahead.

See:

Attorney-Client Privilege and Internal Investigations

Two cases illustrate some of the problems with the use of outside counsel for internal investigations. The possibility that a conflict of interest could arise when an attorney or law firm simultaneously represents an organization and one or more of its officers or directors is a recurring issue.

A ruling earlier this month by U.S. District Judge Cormac Carney made a stark warning to lawyers that they need to warn a company’s employees in internal company investigations that they represent the company, not the employee. Judge Carney dismissed portions of the government’s criminal case against William J. Ruehle, the former CFO of Broadcom Corp. after finding that the law firm hired by Broadcom to review possibly illegal stock-option grants failed to explain clearly to the executive that it wasn’t representing him. Irell & Manella was involved in three separate but related representation of Broadcom and Mr. Ruehle.

Judge Carney ruled that Mr. Ruehls’s statements are privileged because he “reasonably believed that the lawyers were meeting with him as his personal lawyers, not just Broadcom’s lawyers. Mr. Ruehle has a reasonable expectation that whatever he said to the Irell lawyers would be maintained in confidence.”

Judge Carney mentioned an Upjohn warning or “corporate miranda” to inform a constituent member or an organization that the the attorney represent the organization and not the constituent member. The Judge ruled that the Upjohn warning would not be sufficient because Mr. Ruehle was already a client of Irell. The judge threw the statements of Mr. Ruehle out of evidence and also referred the law firm to the California state bar for disciplinary action.

A similar issue recently arose during the government investigation of R. Allen Stanford. Proskauer Rose lawyer Thomas Sjoblom accompanied Stanford Financial Group’ Chief Investment Officer Laura Pendergest-Holt to an SEC investigation. According to the Wall Street Journal, he said during the testimony that he represented Mr. Stanford and officers and directors of his affiliated entities. Ms. Pendergest-Holt believed he was representing her. She got indicted and is now suing Sjoblom for malpractice. She alleges that Sjoblom caused her to speak to the SEC without informing her of her Fifth Amendment rights against self-incrimination, that she was not required to testify, that she had no attorney-client privilege with him and that the interests of her employer were adverse to her interests

If you hire an outside law firm as part of an investigation, you need to make it clear that the lawyers represent the company and not the employee or executive. The lawyers need to be clear as well since they are likely to be subject to an ethics complaint or malpractice suit if they are not clear.

See:

2009 World’s Most Ethical Companies

ethisphere

Ethisphere has published its collection of 2009 World’s Most Ethical Companies. Twenty companies dropped off the 2008 list and 25 new ones were added, leaving a list of 99 companies.

Who caught my eye was Jones Lang LaSalle, a real estate company (one of my company’s business relationships) who was back on the list again. They seem to be the benchmark for the real estate industry.

(The Ethisphere website has been up and down all day. Try back later if the links are not working)