F O R M E T R O A R E A I N - H O U S E C O U N S E L

J U N E 1 4 , 2 0 0 4GCNew York

Companies benefit from prompt investigations, clear policies and strategies for prevention.

Responding to Fraud Allegations

BY LANNY BREUER

AND ALAN VINEGRAD

IN THE WAKE of the recent spate ofhighly publicized corporate scandals, corporations that receive or uncover an

allegation of fraud must navigate increasinglydifficult waters in trying to formulate aneffective and expeditious response.

On the one hand, the failure to act aggressively against potential fraud could resultin civil suits, enhanced criminal penalties underthe U.S. Sentencing Guidelines, new sanctionsestablished by the Sarbanes-Oxley Act of 2002,and enforcement actions by federal and stateregulators. Yet planning a response raises alitany of concerns.

Does the alleged activity amount to fraud?Should the allegation be investigated at all?If so, who should conduct the investigation?How should employees involved in thefraudulent activity be handled? Will the corporation’s investigation remain confiden-tial? Should a disclosure be made to theauthorities? And if fraud is established, whatare the consequences for the corporation?

How a corporation responds to possible fraudwill vary depending upon whether the companydiscovers the allegation through internalsources, a civil lawsuit, or an investigation by

the government. What is clear, however, is thata corporation is best advised to develop a soundstrategy not only for responding to allegationsof corporate fraud, but also for detecting andpreventing fraud before it becomes a problem.

Cataloging all the federal and state laws proscribing fraudulent activity, not to mentiontheir common law counterparts, would takevolumes. By one count in the late 1990s, theterms “fraud,” “fraudulent,” “fraudulently,” or“defraud” appeared 82 times in the federal criminal code alone.1 Yet the range of “frauds”that can be committed obscures the fact that“fraud,” at a conceptual and practical level, is usually predicated on the relatively straightforward act of lying to or deceivinganother for some economic benefit. The riskthat this may occur in the corporate setting isreadily apparent, even if the conduct is not ofan Enron or Worldcom magnitude.

Detecting, Preventing

As recent events demonstrate, perhaps themost important step for a corporation to take isto implement appropriate procedures for detect-ing and preventing fraud rather than having torespond to it after the fact as a result of a lawsuitor government investigation. But detecting sophisticated corporate fraud can be a difficulttask, not surprising given that wrongdoers can

only enjoy the fruits of their schemes if theiractivity goes undetected. However, several basicsteps can minimize the risks.

A robust internal compliance program overseen by sophisticated individuals of integrity and experience is the best mechanismfor identifying and preventing corporate fraud.Developing and implementing such a programrequires an understanding of the industry inwhich a corporation operates, areas in the industry inherently vulnerable to abuse, and howthe company recognizes revenue and expenses.

A corporation should develop a written policy clearly setting forth its policies and procedures for reporting fraud. The policyshould make clear that the commitment to preventing fraud runs to the highest levels ofthe corporation. Indeed, a company would bewell-advised to appoint a person of stature andindependence, at the executive level, to oversee its internal compliance program andreceive reports of wrongdoing. The policy alsoshould make clear that those who report fraudwill not be retaliated against for doing so, andthat those who participate in fraud will be held accountable.

Simply drafting a policy for detecting andpreventing fraud is not enough, however. Acompany also should have in place a stronginternal audit team that has the ability andresources to monitor business practices. A corporation also must train its employees on thecompliance policies on an ongoing basis, updat-ing and retraining the employees as the policiesevolve. Finally, common sense is key to detect-ing fraud. For example, complex transactions,sudden changes in revenue and expenses, ortransactions lacking in obvious business purposeshould be viewed with healthy skepticism.

Lanny Breuer, former Special Counsel toPresident Bill Clinton, and Alan Vinegrad,former United States Attorney for the EasternDistrict of New York, are partners at Covington &Burling, in the Washington, D.C., and New Yorkoffices, respectively. Bradley Smith, an associ-ate at the firm in the D.C. office, assisted in thepreparation of this article.

Once a corporation identifies an allegedfraud, the next, and perhaps most critical, question is whether to conduct an internalinvestigation into the charge. The benefitsassociated with quickly launching an investigation often far outweigh the risks.

A corporation can develop a sound strategicplan for addressing the allegation if it knows andunderstands better than other parties the scopeof any fraud, the individuals involved, and thepotential victims. Moreover, by promptly investigating potential fraud, a corporation bestpositions itself to minimize possible liability andpenalties, blunt publiccriticism, cabin harmcaused by the fraudbefore it spreads, and dissuade the governmentfrom undertaking itsown investigation.Conducting an internalinvestigation, in essence,allows a company togain — and hopefullymaintain — controlover the fraud.

That said, internalinvestigations carryintrinsic risks. When acorporation is unable toensure confidentialityand preserve relevant legal privileges, an internal investigation, and the documents generated during that probe, can lay bare thecase for government action and private law-suits. In some instances, by initiating an inves-tigation — even when a thorough investigationis the appropriate response — a business maycreate the appearance that it operated inappro-priately, even when, at the end of the day, theinvestigation reveals nothing untoward.

Preserve Relevant Documents

Once a corporation decides to investigatean allegation of fraud, it must learn the fullextent of any wrongdoing, and critical tounderstanding the fraud is collecting documents. Generally, steps should be takenimmediately to preserve and protect anyrelevant documents as soon as a company

learns that it or its employees may haveengaged in fraudulent activity. While it may

not always be feasible, or even possible, for alarge business to identify every individual whomay hold pertinent materials, preservationefforts should be broad enough to ensure that allemployees who are potentially connected withthe fraud preserve their relevant documents.

The need to preserve documents takes onparticular significance in light of criminalpenalties the Sarbanes-Oxley Act2 imposes onanyone who “knowingly” destroys documentswith the “intent to impede, obstruct, or influ-ence” a federal investigation or “in relation toor contemplation of any such” investigation.3

Given that a leading pubic accounting firm metits demise as a result of an allegation of improp-er document destruction, a written documentretention policy is advisable, if not essential.

Special care also must be taken to secure anyelectronic material, including e-mails, until thematter is resolved. This may require purchasingadditional software or other computer hardwareto increase a business’ electronic storage capaci-ty. Though costly, preserving electronic materi-al is essential in today’s world. The governmentis unlikely to sympathize with a company that,while aware of possible fraud, deleted or lostpotentially relevant electronic documents.

Almost without exception, an attorney forthe company should be involved at the outsetin planning its response to possible fraud. Byincluding an attorney at the initial stage, thecorporation maximizes its ability to claim thatits deliberations (and any documents that corporation lawyers or their agents create dur-

ing the investigation) fall within the attorney-client and work-product privileges.

A corporation may, for strategic reasons,later waive privileges, but by placing an attorney in charge of formulating the response,a company at least gives itself the option ofasserting a privilege claim. It also puts someoneknowledgeable about legal ramifications anddisclosure obligations in the middle of the corporation’s response.

A company also must decide whether toretain outside counsel when facing fraud allegations, particularly when it decides to

conduct an internalinvestigation. On theone hand, having anin-house attorney con-duct the investigationhas advantages. A person affiliated withthe business possessesinstitutional knowl-edge that can only beacquired by outsidecounsel through time,effort and expense.Moreover, the costs ofan investigation areapt to be lower if conducted internally.Less tangible reasons

may exist for relying on in-house personnel:asking an outsider to participate may causesome within the company to “clam up” andview any ensuing internal investigation in ahostile, uncooperative manner.

Yet where substantial fraud is alleged, significant strategic advantages exist in retaining outside counsel to conduct the investigation. Outside attorneys experienced in“white collar” investigations will be familiarwith the myriad civil, regulatory and criminalissues involved in responding to allegations ofcorporate fraud. Retaining outside attorneys alsogives the corporation’s actions an objectivityand credibility that may not be as apparent if in-house counsel alone handled the matter.These qualities may be critical in convincingany investigators and regulators later on that thecompany’s investigation was impartial and complete. Finally, and by no means insignifi-cantly, outside counsel can act as a buffer

GC N E W YO R K

NEW YORK LAW JOURNAL

between the corporation and third parties, suchas government investigators.

Similar factors also should inform a compa-ny’s decision to retain outside experts or consultants to assist in investigating potentialfraud. For example, where it is alleged that a corporation falsified or misstated financial statements or accounting reports, hiring external financial analysts and auditors to inves-tigate the claim, rather than relying exclusivelyupon internal auditors, may increase the perceived credibility of the corporation’sresponse to the allegations and thus better posi-tion it in dealing with government authorities.

Corporate Privileges

A corporation must be careful to preserve itslegal privileges when responding to an allegation of fraud.

Establishing the attorney-client privilege iskey. In the corporate setting, as a general rule,the privilege covers communications involvingcorporate employees and either outside counselor in-house counsel, provided the communica-tions are made for the purpose of obtaininglegal, as opposed to business, advice.Distinguishing business advice from legal advicecan be more difficult where communications aresent only to an in-house attorney, and generallya stamp or some other marking on documentsshould indicate that the communication is privileged and made for the purpose of obtaining legal advice.

The attorney-client privilege is not limitedto counsel and employees, however. It also mayprotect communications with outside experts oragents, provided that the individuals workunder the direction and supervision of counsel,and the information they gather is necessary forproviding legal advice to the corporation.4

Depending on the context in which a company begins investigating allegations offraud, the work-product privilege also may beavailable to a corporation. This privilege, whichthe Supreme Court outlined in Hickman v.Taylor5 and which was subsequently codified inRule 26 of the Federal Rules of Civil Procedure,protects from disclosure documents generatedduring or in anticipation of litigation by an attorney, his agent, or a corporate employee.

Unlike the attorney-client privilege, which,once properly established, is generally

considered absolute and cannot be breachedunless waived by the client, the attorney work-product privilege may be overcome wherean opponent shows that a substantial needexists for the material and that it cannot beobtained from another readily available source.Even where work-product documents must bedisclosed, however, the documents may beredacted to protect the attorney’s mentalimpressions, opinions and legal theories.

The self-evaluative privilege also may applywhen addressing a fraud allegation. As thename suggests, this privilege is premised on thetheory that requiring a corporation to producedocuments generated during an internal investigation would discourage corporationsfrom diligently investigating and correctingwrongdoing.6 Relying exclusively on the self-evaluative privilege would be unwise, how-ever. The privilege is not frequently recognized,and has been rejected by a number of courts.7

Along with collecting and reviewing relevant documents, interviews of employees,and perhaps of others, are critical to assessing allegations of corporate fraud. In conducing anemployee interview, several factors should bekept in mind.

First, the employee should understand thatthe attorney conducting the interview (for reasons discussed above, an attorney shouldparticipate in any employee interview) represents the corporation, not the individual.Second, the employee should be told thatwhile the interview is legally privileged, andthe employee should therefore keep its contents confidential, any informationrevealed during the interview may be disclosedby the corporation to the government or others outside the corporation. Third, theemployee should be informed that the company expects its employees to cooperatefully with the investigation, even going so far(if necessary) as conditioning continuedemployment on participating in an interview.

Occasionally, employees may ask if theyshould retain counsel in connection with anyinterview. Ultimately, only the employee candecide that, and, generally speaking, theyshould be told that the decision to hire anattorney is the employee’s alone to make.However, because a corporation is a privateentity, the right to counsel and the privilege

against self-incrimination are not usually triggered by interviews conducted as part of aninternal investigation. Thus, unless otherwiseprovided by company policy or an employee’scontract, an employee who refuses to participate in an interview unless her attorneyis present, or because of concerns about self-incrimination, may be terminated.

In addition to interviewing employees, itmay be appropriate, if not essential, to interview non-corporate third parties in orderto fully assess the nature and magnitude of thealleged fraud. Obviously, such interviews mustbe done with great care, for they risk disclosingpublicly the existence of the allegation andinvestigation and are beyond the scope of theattorney-client privilege. But the facts of thesituation may dictate that such interviews beconducted despite these risks. If so, the timingof these interviews should be controlled to atleast minimize the risk of premature disclosure.

Disclosure to the Government

Oftentimes, disclosure of fraud to the government will be compelled by statute or regulation. Even when it is not, however, a corporation’s voluntary disclosure of wrongdo-ing to the government may be critical to mini-mizing the risk of criminal prosecution or regu-latory action or reducing possible sanctions.

The Department of Justice guidelines settingforth criteria to be used by federal prosecutorswhen deciding whether to charge a company8

provide that a “corporation’s timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation ofits agents” will be weighed.

Even if a corporation is ultimately charged,voluntary disclosure can inure to the corpora-tion’s benefit. Under the U.S. SentencingGuidelines, for instance, a corporation’s sentence following a criminal conviction maybe reduced if it promptly reported the wrongdoing, cooperated with the governmentand accepted responsibility.9

Despite such important benefits, revealinginformation to the government involves perils.One notable danger is an incomplete or partialdisclosure. Revealing only some informationabout fraudulent activity to the governmentcould, in the worst case, later be parlayed byprosecutors into an obstruction of justice charge

J U N E 1 4 , 2 0 0 4

or, at the very least, could negate any benefitsthat might otherwise result from disclosure.

Additionally, disclosing information to thegovernment may require waiving attorney-client and other privileges. For example, thesame sentence of the Department of Justicememorandum that indicates a corporation’s voluntary disclosure will be one factor the government considers when deciding whether acorporation “cooperated with the government”also states that a company’s willing “waiver ofthe corporate attorney-client and work productprotection” will be considered.

Normally, the memorandum indicates, anywaiver request will “ordinarily be limited tothe factual internal investigation and any contemporaneous advice given to the corporation concerning the conduct at issue,”though the government is free to request abroader waiver under the guidelines. Yet bydisclosing privileged material to the government, the corporation may be deemedto have waived the relevant privilege withrespect to other parties, including potentialcivil litigants.

In some situations, the corporation may beable to protect privileges by negotiating anexplicit confidentiality agreement in which thegovernment agrees that it will not claim thatthe disclosure waived the attorney-client andwork-product privileges,10 but some courtshave held the privileges (particularly the attorney-client privilege) waived even when aconfidentiality agreement exists.11

A corporation also must decide how to dealwith employees found to have participated incorporate fraud. While this is so regardless ofwhether the fraud is disclosed to the authori-ties, it is particularly important where such disclosure is anticipated.

The government considers how the corporation disciplined those responsible forthe fraud when deciding what type of action totake against it. Terminating or demotingresponsible individuals often is a necessary, ifunpleasant, step in order to convince the government that the corporation is respondingseriously to the fraud, as well as an appropriatecorporate response in its own right. If possible,however, a corporation may want to structurethe discipline in a way that maximizes its ability to gather information from the

employee and others, such as by imposing discipline only after all employees are thoroughly interviewed.

In addition, the company should take remedial steps to avoid a recurrence of the prob-lem. This may include reassigning personnel,increasing internal audit or supervisory scrutiny,supplemental employee training, or changingprocedures or business practices relevant to theconduct giving rise to the problem.

Keep Sarbanes-Oxley in Mind

In developing a plan for addressing allegedfraud, a corporation also must consider therequirements created by Sarbanes-Oxley, inaddition to other disclosure requirementsimposed by securities and other laws. Severalprovisions of Sarbanes-Oxley are particularlynoteworthy in the corporate fraud context.

For example, the Act establishes new fraud-related crimes and enhanced sentencesfor various types of fraud.12 Moreover, under§307 of the Act, attorneys who appear andpractice before the Securities and ExchangeCommission on behalf of a public companymust notify a corporation’s chief legal counselor chief executive officer of any “material violation” of securities laws, “breach of fiduciary duty or similar violation by the company” or its agents; if those officials do nottake appropriate action, then the attorney mustnotify the corporation’s audit committee,another independent committee of the board ofdirectors, or the entire board of the violation.

Furthermore, §302 provides that any fraud,regardless of its “materiality,” must be disclosedto a corporation’s outside auditors and auditcommittee if it “involves management or otheremployees who have a significant role in theissuer’s internal controls.” Consequently,depending upon the character of the frauduncovered, a corporation may have to take stepsto comply with disclosure requirements underexisting securities laws, apart from what mayotherwise be (or not be) in the corporation’sbest interests to disclose.

Conclusion

Dealing with an allegation of corporate fraudis not easy, but in today’s environment, developing a system for detecting and prevent-ing it, as well as responding to it, is essential.

Though the strategy will vary dependingupon the facts of a particular situation andapplicable laws, regulations and internal company policies, the corporation’s best“response” is to have meaningful policies andsystems in place for minimizing the risks offraud and for detecting it before it becomes amajor problem. Once a problem surfaces, moving expeditiously and discreetly to investigate the problem and take appropriateaction is the next best course of action.Participation of in-house counsel is critical tothe success of both approaches.

•••••••••••••••••••••••••••••••

1. See Ellen S. Podgor, “Criminal Fraud,” 48 Am. U. L.Rev. 729, 740 (1999).

2. Pub. L. No. 107-204, 116 Stat. 745 (2002).3. 18 U.S.C. §1519.4. See, e.g., United States v. Kovel, 296 F.2d 918,

921-23 (2d Cir. 1961) (accountants); In re Grand JurySubpoenas Dated March 24, 2003, 265 F.Supp.2d 321,324-26 (S.D.N.Y. 2003) (public relations consultants).

5. 329 U.S. 495 (1947).6. See, e.g., Troupin v. Metropolitan Life Ins. Co., 169

F.R.D. 546, 548-49 (S.D.N.Y. 1996); Webb v. Westinghouse,81 F.R.D. 431, 432-33 (E.D. Pa. 1978).

7. See, e.g., In re Ashanti Goldfields Sec. Litig., 213 F.R.D.102, 104 (E.D.N.Y. 2003) (“The question of whether a self-evaluative privilege should be recognized as a matter of federal law has not yet been settled by the Supreme Court orthe Second Circuit, and a number of lower federal courtshave declined to recognize it.”) (citing cases).

8. These guidelines may be found athttp://www.usdoj.gov/dag/cftf/corporate_guidelines.htm.

9. See U.S.S.G. §8C.2(g).10. See, e.g., In re Steinhardt Partners, L.P., 9 F.3d 230, 236

(2d Cir. 1993) (declining “to adopt a per se rule that all voluntary disclosures to the government waive work productprotection” and suggesting that the privilege could remain ifthe party and the authorities “entered into an explicit agree-ment … [to] maintain the confidentiality of the disclosedmaterials”); Mauzen Co. v. HSBC USA, Inc., 2002 WL1628782, at *1-2 (S.D.N.Y. July 23, 2002) (holding that corporation did not waive its work product privilege wherethe corporation entered into an oral confidentiality agreement with relevant authorities to protect the privi-lege); Information Res. Inc. v. Dun & Bradstreet Corp., 999F.Supp. 591, 591-93 (S.D.N.Y. 1998) (collecting and summarizing case law).

11. See, e.g., In re Columbia/HCA Healthcare Corp. BillingPractices Litig., 293 F.3d 289, 294-306 (6th Cir. 2002); In reBank One Sec. Litig., 209 F.R.D. 418, 423-24 (N.D. Ill. 2002).See also LaBelle v. Philip Morris, Inc., No. 20-98-3235-23,2000 WL 33957169, at *4-*7 (D.S.C. Oct. 23, 2000) (summarizing cases).

12. See, e.g., Pub. L. No. 107-204, §§802 (criminaliz-ing the destruction of documents with the intent toimpede a federal investigation), 804 (lengthening thestatute of limitations for securities fraud), 807 (providingcriminal penalties for new securities fraud statute); 902(criminalizing attempts or conspiracies to commit fraud),903 (increasing penalties for mail and wire fraud), 1106(increasing penalties for violating the Securities andExchange Act of 1934).

GC N E W YO R K

NEW YORK LAW JOURNAL

J U N E 1 4 , 2 0 0 4

This article is reprinted with permission from the June 14, 2004 edition of GC NEW YORK. © 2004 ALMProperties, Inc. All rights reserved. Further duplication without permission is prohibited. For information, contact American Lawyer Media, Reprint Department at 800-888-8300 x6111. #099-07-04-0001