The release of the so-called Yates Memo in fall 2015 shook the compliance world. U.S. Deputy Attorney General Sally Q. Yates made it clear that federal regulators would look to combat corporate misconduct by “seeking accountability from the individuals who perpetrated the wrongdoing.”
In other words, senior executives and compliance officers were facing increased scrutiny and personal liability. Now, a year later, we asked Marcia Narine Weldon, an assistant professor at St. Thomas University in Florida, about her assessment of the memo’s fallout.
1. How did you see Yates manifest itself in corporate America this past year?
It’s doubtful the DOJ, a year ago, understood the unintended consequences of its actions.
Every compliance officer and general counsel has been talking about the Yates Memo because it represents a fundamental change in how lawyers and compliance officers interact with their peers and internal clients. Instead of working on building relationships of trust with clients, many in-house personnel are now put in the position of either actually conducting investigations so that they would turn over information to the Department of Justice, or developing policies and protocols to prepare themselves for that eventuality.
It’s doubtful the DOJ, a year ago, understood the unintended consequences of its actions. Yates, shortly after the memo was released, said there was “nothing radical about the concept,” and in May said the “only difference now is that companies cannot—in the name of privilege or otherwise—pick and choose which facts to provide if they want credit for cooperation.” Still, it’s clear that companies are struggling to comply with the DOJ’s new stance without waiving privilege.
2. What are some best practices you’ve seen or been aware of for heading off Yates investigations before they happen?
The best way to avoid an investigation is to ensure that employees feel confident enough in their organization’s reporting infrastructure and policies that they feel that they can report issues without reprisal and that management can learn of issues and mitigate problems before they turn into potential illegal or unethical behavior. The fear of retaliation may be even higher if employees are reporting on a senior executive, but those are precisely the kind of managers that the Yates Memo contemplates as possible targets. Accordingly, companies need to reassure employees and encourage them to come forward. Companies should also ensure that the proper internal personnel are adequately trained on how to conduct witness interviews and reports because those investigations are now fair game for the prosecutors. Investigators will also need to revise their Upjohn warnings so that it is clear that the individual employee may want to seek counsel.
3. What compliance policies or procedures already in the market do companies need to implement--if they haven’t already?
If companies hadn't already done so, they should make sure that their internal reporting mechanisms such as hotlines or helplines are well-publicized, perceived to be credible by employees, vendors, suppliers, and members of the general public, and audited regularly for effectiveness.
If companies hadn't already done so, they should make sure that their internal reporting mechanisms such as hotlines or helplines are well-publicized, perceived to be credible by employees, vendors, suppliers, and members of the general public, and audited regularly for effectiveness. To ensure that employees would take these mechanisms seriously, either internal or external audit or a third party compliance consulting firm could conduct employee services or some benchmarking to help companies improve. Companies must also make sure that they have the requisite policies and procedures to transfer employee data across country lines and do not run afoul of data protection laws by forwarding data on international employees for the investigation. They should also confirm that any document retention and destruction policy is updated and regularly audited and publicized, and that all appropriate personnel understand the company litigation hold processes.
4. Once you have implemented those kind of practices, what contingencies should you have–just in case?
Senior management, counsel, and the board should agree upon certain core principles and be able to answer the following questions:
- When should investigations be handled internally or externally and who should retain the counsel? In some cases, the board may want to retain counsel instead of allowing the general counsel to handle the matter.
- What will be the policy if a senior manager or executive refuses to answer questions or insists on having counsel present? Who will pay for the counsel?
- Does the board need additional training on how Yates could affect their operations and decisions that the board may need to make regarding disclosing sensitive information about high-level personnel or even board members themselves?
- How will the procedures put in place affect voluntary disclosures under other legal regimes and who in the organization should have ultimate responsibility for making these decisions.
Given how quickly the compliance world is changing, a new tone from Washington is something leaders of organizations can’t afford to ignore. The above questions are just a sampling of what boards and senior management should be considering, preferably with guidance from outside counsel.
How has the Yates Memo manifested itself to you this year? Share in the comments section below.