Companies operating in a regulated industry should have company policies and internal guidelines for employees and general counsel in the event of an investigation.
It is common place to have hurricane plans, emergency evacuation plans, even terrorism event plans. Companies have insurance to protect themselves against the varying dooms day scenarios. What is often missing, though, is the thought that a criminal investigation could happen too. A criminal investigation may be just as likely or more likely than a natural disaster if a company is operating in a regulated industry or even doing business oversees in high FCPA (Foreign Corrupt Practices Act) violation markets. So, why not be prepared? Companies should take the time to work with outside counsel in drafting policies and guidelines for employees and general counsel so that if an investigation occurs, leadership is not scrambling to figure out what to do. But...it must be done right.
Case in point: A Houston-based global technology and engineering firm had the right idea by having policies in place, but today, the SEC announced charges against the firm for violating whistleblower protection Rule 21F-17 enacted under the Dodd-Frank Act. The firm required witnesses in certain internal investigation interviews to sign confidentiality statements with language warning that they could face discipline and even be fired if they discussed the matters with outside parties without the prior approval of the firm's legal department. Since these investigations included allegations of possible securities law violations, the SEC found that these terms violated Rule 21F-17, which prohibits companies from taking any action to impede whistleblowers from reporting possible securities violations to the SEC.
The company paid the SEC a $130,000 penalty to settle the case and voluntarily amended its confidentiality statement by adding language making clear that employees are free to report possible violations to the SEC and other federal agencies without the firm's approval or fear of retaliation.
The SEC gave guidance in stating: “By requiring its employees and former employees to sign confidentiality agreements imposing pre-notification requirements before contacting the SEC, [the firm] potentially discouraged employees from reporting securities violations to us,” said Andrew J. Ceresney, Director of the SEC’s Division of Enforcement. “SEC rules prohibit employers from taking measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC. We will vigorously enforce this provision.”
If your company operates in a regulated industry or in a market where FCPA violations are a concern, you should explore drafting guidelines and policies to prepare in advance for the potential of a criminal investigation.