![Page 1: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/1.jpg)
SETTING POLICIES and GUIDELINES forCONDUCTING INTERNAL INVESTIGATIONS
Society of Corporate Compliance and Ethics6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Al Gagne, CCEPDirector, Ethics & ComplianceTextron Systems Corporation
SCCE Internal Investigations Workshop – November 11-12, 2010
![Page 2: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/2.jpg)
SESSION AGENDA
• Developing an Investigations Policy
• Risk Identification and Mitigation
• Centralized versus Decentralized Management over the Investigation Process
• Responsibility and Authority
• Identification of Investigative Resources
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 2
• Identification of Investigative Resources
• Establishing Communication Channels
• Status Reporting
• Voluntary vs. Mandatory Disclosures
• Corrective & Disciplinary Actions
• Q & A
![Page 3: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/3.jpg)
Is there a need for an Investigation Policy?
Consider the following:
• All organizations experience fraud and misconduct.
• Increased responsibility on Management to prevent, detect and correct unacceptable behaviors.
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 3
behaviors.
• Legal requirements to disclose fraud and certain misconduct.
• Risk mitigation.
• Key element of a sound E&C Culture.
• Makes good sense.
![Page 4: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/4.jpg)
WHAT ARE YOUR LEGAL & COMPLIANCE RISKS?
– Accuracy of Business Records
– Anti-Bribery & Corruption
– Antitrust & Unfair Competition
– Conflicts of Interest
– Customer and Supplier Relationships
– Diversity
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 4
– Drug-Free Workplace
– Environmental Health & Safety
– Equal Opportunity
– Gifts & Entertainment
– Harassment-Free Workplace
– Insider trading
– Intermediaries (Consultants, Distributors, Representatives)
![Page 5: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/5.jpg)
WHAT ARE YOUR LEGAL & COMPLIANCE RISKS?
– International Trade: Anti-Boycott, Export & Import Compliance
– Money Laundering
– Personal Data Protection (HIPPA)
– Political Contributions & Activities
– Protection of Physical Property & Proper Use of Company Assets
– Protection of Intellectual Property
– Public Disclosures
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 5
– Public Disclosures
– Transactions with Governments
• Identify process owners or subject matter experts for each compliance risk area.
• Anticipate and develop internal strategies for investigating potential
violations in the high risk areas.
It’s not a matter of “If” it will happen, but “When” it will happen!”
![Page 6: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/6.jpg)
HOW DO INVESTIGATIONS FACTOR INTO THE RISK ASSESSMENT PROCESS?
ETHICS & COMPLIANCE
PROGRAM ELEMENTS
RISK MITIGATION
PLANNING
&
IMPLEMENTATION
EDUCATION
&
TRAINING
IDENTIFY AND
EVALUATE
RISKS
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 6
PROGRAM ELEMENTS
FEDERAL
SENTENCING
GUIDELINES
MATTER
REPORTING
&
INVESTIGATIONS
COMMUNCATION
&
CULTURAL
DEVELOPEMENT
RECORDS
MANAGEMENT AUDITING
&
MONITORING
POLICIES
&
PROCEDURES
![Page 7: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/7.jpg)
CONDUCT A CAPABILITY ASSESSMENT
• Identify the subject matter experts for each major risk
– Consider experience level of possible investigator
– Consider history and frequency of violations
– Identify area of expertise required
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 7
The Complete Compliance & Ethics Manual, 2nd Edition,
Copyright 2010 has a very comprehensive “Checklist for
Assessing Investigative Capabilities”.
![Page 8: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/8.jpg)
SAMPLE INVESTIGATION POLICY STATEMENT
All allegations of suspected or known violations of
law and company policy and misconduct will be
reviewed in a timely manner and, if necessary,
investigated at the direction of the Chief Ethics &
Compliance Officer to determine the relevant facts
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Compliance Officer to determine the relevant facts
and circumstances of the alleged violation or
misconduct. Investigation reports will be submitted
to Management who is responsible for determining
the appropriate corrective and disciplinary actions.
8
![Page 9: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/9.jpg)
PROVISIONS IDENTIFYING EMPLOYEE RESPONSIBILITY
Every employee has a duty to report known or
alleged violations of company policy, even when
personally involved in the violation.
Employees are expected to cooperate with internal
auditors and investigations by providing truthful
accounts and relevant documentation in response to
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
accounts and relevant documentation in response to
questions and information requests.
Employees who fail to cooperate, or otherwise
impede an internal audit or investigation, will be
subject to disciplinary action in accordance with the
company’s disciplinary action policy.
9
![Page 10: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/10.jpg)
PROVISIONS FOR INTAKE
Reports of known or alleged misconduct should be
reported to an immediate supervisor or others in
Management.
Help lines will be established to provide for and, if
requested, anonymous reporting of know or
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
requested, anonymous reporting of know or
suspected violations of the law or company policy
and procedures. (List Help Line number and Web
address of any On-Line reporting tools)
Management personnel are responsible for notifying
Ethics & Compliance, Legal, or Human Resources
upon receipt of a report of alleged misconduct.
10
![Page 11: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/11.jpg)
PROVISIONS FOR INTAKE
• There will be no reprisals or retaliation against
any employee for reporting in good faith a
suspected or known violation.
• We will strive to maintain the confidentiality of the
source. Additionally, reports can be made on an
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
source. Additionally, reports can be made on an
anonymous basis, where local law permits.
• Concerns about accounting, internal accounting
controls, auditing matters or other concerns can
also be reported by mailing the concern to the
Board of Directors or the Audit Committee at the
address listed below.
11
![Page 12: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/12.jpg)
CENTRALIZATION VS. DECENTRALIZATION OF THE INVESTIGATION PROGRAM
Consider the options in light of your current
organization.
• Centralized – all investigations conducted under
the direction of the E&C Organization.
• Semi- Centralized – investigations are conducted
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
• Semi- Centralized – investigations are conducted
by risk area owners with reports to E&C.
• Decentralized – “Silos” perform investigations and
report independently of the E&C Function.
• What is Legal’s role given the options?
12
![Page 13: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/13.jpg)
CENTRALIZATION VS. DECENTRALIZATION OF THE INVESTIGATION PROCESS
Single source for intake and case management.
Eliminates or greatly reduces duplication.
Minimizes the “Silo” effect.
Central oversight over all investigations in process.
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
Central oversight over all investigations in process.
Streamlines reporting process.
Efficiencies in records management.
13
![Page 14: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/14.jpg)
PROVISION TO DETERMINE WHO SHOULD INVESTIGATE
E&C, with the cooperation and support of internal
resources (Legal, HR, Finance, Security, Internal
Audit, Quality, etc.) will determine the need to
conduct an internal investigation.
Consider a sub-provision identifying the specific
organization, in general, that will handle certain
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
organization, in general, that will handle certain
investigations.
14
![Page 15: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/15.jpg)
PROVISION TO DETERMINE WHO SHOULD INVESTIGATE
External resources may also be utilized, at the
discretion of the CECO, in situations where subject
matter expertise is required or potential conflicts of
interest (real or apparent) exist between internal
investigators and the accused party.
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
investigators and the accused party.
15
![Page 16: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/16.jpg)
PROVISION TO DETERMINE WHO SHOULD INVESTIGATE
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 16
Take care when investigating “up the food chain”.
![Page 17: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/17.jpg)
CORRECTIVE ACTION PROVISION
• Where an investigation reveals the need to take corrective
action, changes to systems, practices and procedures will
be implemented.
• Breaches of the Code of Conduct may also be subject to
disciplinary action up to and including termination of
employment.
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
• In some instances, a breach of the Code of Conduct may
also have legal implications, subjecting the employee and
company to civil or criminal penalties, fines or other
sanctions.
17
![Page 18: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/18.jpg)
REPORTING & DISCLOSURE PROVISON
The CECO is responsible for providing periodic (monthly,
quarterly, etc.) status reports of investigation activity to Senior
Management and the Board of Directors.
Additionally, the CECO will immediately notify the Chief
General Counsel of any matter where credible evidence or a
reasonable basis exists to believe that a government law or
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 18
reasonable basis exists to believe that a government law or
regulation has been violated.
The Chief General Counsel will make a determination to
disclose the facts of the matter in a timely manner to the
appropriate local, state, or federal authorities.
![Page 19: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/19.jpg)
PROVISONS FOR CLOSING the LOOP
The CECO will, to the extent practical, follow-up with
reporters of known or suspected violations of company
policy. Reporters will be advised that the allegation(s) were
reviewed, investigated, and if substantiated, followed-up
with appropriate corrective actions.
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 19
Note: Details of the investigation or corrective and
disciplinary actions should not be discussed with a
reporter. A polite “thank you” and “case closed” is
sufficient.
![Page 20: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/20.jpg)
RECORD KEEPING PROVISION
Copies of internal investigation reports will be
maintained by Ethics & Compliance for (X) years,
or in accordance with the company’s record
retention guidelines.
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 20
![Page 21: SETTING POLICIES and GUIDELINES for CONDUCTING …...– Protection of Physical Property & Proper Use of Company Assets – Protection of Intellectual Property – Public Disclosures](https://reader034.vdocuments.us/reader034/viewer/2022050104/5f42d825f987df77c00d54ac/html5/thumbnails/21.jpg)
SETTING POLICIES and GUIDELINES forCONDUCTING INTERNAL INVESTIGATIONS
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 21