Can You Survive A Fraud Investigation? Part 1: A Practical Guide To Preparing For Government Investigations

Friday, February 17, 2012 - 10:05

Part II of this article appeared in the March, 2012 issue of The Metropolitan Corporate Counsel and can be found here.

Government investigations can have profound effects on a company.  The mere initiation of an investigation can disrupt operations, discourage morale, and, in some cases, trigger reporting obligations.  If those investigations become public, the effects can be even more serious. Customers can question the integrity of the company, investors can dump shares or challenge management, and lenders can tighten credit. For government contractors and others in highly regulated industries, the exposure can multiply quickly.  Government agencies often consider suspension or debarment, for example, based solely on the allegations in a complaint. 

With such extreme leverage, the Department of Justice (DOJ) has negotiated record-breaking settlements. One pharmaceutical company paid $3 billion to settle civil and criminal fraud allegations. An international contractor paid $800 million to settle Foreign Corrupt Practices Act (FCPA) allegations. A government contractor accused of misleading the General Services Administration during schedule negotiations paid $200 million in the largest ever procurement fraud settlement under the False Claims Act (FCA).

Small businesses are frequently targeted by investigators, too – especially if they have received preferential treatment by government agencies. Many small businesses lack strong ethics and compliance programs, leaving them particularly exposed. Fewer revenue sources and higher debt ratios mean that even a minimal enforcement action can have a disproportionate impact on a small business.

With the stakes so high and the frequency increasing, preparing for government investigations is critical – it can make the difference between being a witness and being a target. If you do learn that your company is the subject – or worse, the target – of a government investigation, how you respond can be just as critical to minimizing any further exposure. 

This two-part article explains how to prepare for and respond to government investigations. In the first part, we discuss the growing exposure to government investigations and recommend some proactive steps to identify and address high-risk areas before an investigation begins. In the second part, we explain common techniques investigators use for collecting evidence and offer tips for responding to each type.  These ideas are designed to be a practical guide for corporate counsel and compliance officers who want to minimize the risk that their companies get ensnared in investigations and to know what initial steps to take if a government investigation unfortunately does occur. 

This article, of course, does not cover every scenario.  The playbook for subject companies is not one-size-fits-all.  The issues at each company and in each investigation are unique.  The size and resources of the organization may necessitate alternative approaches.  In light of these variables and the consequences of mishandling an investigation, the prudent first step is to solicit guidance from counsel experienced in these areas.

I. The Growing Target List

Government investigations of corporate offenses are on the rise.  Over the last five years, DOJ began investigating an average of 138 new civil FCA cases each year – a 60 percent increase over the previous five years. Whistleblowers standing in the shoes of the government filed an additional 478 qui tam cases per year on average during the last five years, including a record 638 in 2011.  The Federal Bureau of Investigation, meanwhile, increased the number of pending fraud and financial crime investigations by 38 percent from 2005 to 2009.  FCPA investigations have likewise skyrocketed.  In some industries, government investigations are becoming an unfortunate cost of doing business.

At the same time, the definition of what the government considers “fraud” or “criminal misconduct” is eroding.  Most people think fraud involves intentional bad acts, but the threshold for intent under the False Claims Act is much lower.  A company can “knowingly” submit a false claim or cause another to do so through reckless disregard or deliberate ignorance of the truth or falsity of its statements.  In other words, when doing business with the government, a company’s inattention to red flags, failure to follow standard operating procedures, or failure to track information that forms the basis of a certification can be viewed by the government as fraud.

Similarly, some regulatory schemes place strict liability on corporate officers for the conduct of their companies. Violations of the Food, Drug, and Cosmetic Act (FDCA), for example, can be criminally prosecuted.  Under the responsible corporate officer doctrine, corporate executives with authority or responsibility to prevent violations can be charged with criminal misdemeanors even without consciousness of wrongdoing at the company.  In 2011, the DOJ obtained 21 criminal convictions and $1.3 billion in criminal fines, forfeitures, restitution, and disgorgement under the FDCA.

Small businesses are becoming the focus of government investigations more often, too.   In government contracting, investigators have targeted businesses that falsely claim to meet eligibility criteria for preferential treatment and set-aside contracts, as well as companies that use eligible business as a “pass-through” to get access to set-aside contracts.  Furthermore, the Small Business Association (SBA) Inspector General has pushed for legislation to make such fraud prosecutions even more attractive to prosecutors.  The legislation would define the government’s loss as the full amount paid on the contract – a steep penalty for cases in which the government may have obtained the full value of any goods or services it acquired.

II. Proactive Steps To Take

No matter how well intentioned a company may be, government investigations can be hard to avoid in the current enforcement climate.  Fortunately, proactive measures can reduce the likelihood of an investigation and maximize your company’s chances of getting through one unscathed. 

A. Assess Risk Areas

To prepare for a possible government investigation, you must first understand where your  risk is greatest.  History can provide a good starting point. If the company has had problems before, make sure these have been addressed – on paper and in practice. If other companies within your industry have faced investigations, take a hard look at similar practices within your company.  Finally, review universally risky activities, such as timekeeping and billing, interactions with the government, teaming with new partners and subcontractors, gifts, and business development. Each one should be subject to internal controls that minimize the risk of fraud or abuse. 

Obviously, this list is not comprehensive.  Each business’s pressure points will vary depending on the structure of the company, the individuals who work there, and the nature of the industry.  Once you understand the business and its risks, however, you can create or strengthen a compliance program to address the risk areas.

B. Strengthen the Compliance and Training Plan

A robust compliance and training plan is the foundation of assuring government investigators that a company is a good citizen.  DOJ has identified a compliance program as one of the key factors it considers in whether to charge a company in a criminal case.  In particular, the government considers whether the program is designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program. An effective plan can show that management treats ethics and compliance seriously and has taken reasonable measures to prevent misconduct.  It can also show that the misconduct was isolated and distance the actions of an individual employee from those of the company.  A toothless program, on the other hand, may be viewed by prosecutors as tacit encouragement by management to engage in misconduct to achieve business objectives.  In the event misconduct occurs and a company is charged, the U.S. Sentencing Guidelines also consider an effective ethics and compliance plan as one way an organization can remedy a criminal harm. 

The specific operating procedures of a compliance plan will depend on the nature of the business and applicable laws and regulations.  Additionally, the depth of a compliance program may depend on the size of the company.  At the core, though, all compliance programs should:

  • Adopt and distribute a written code of conduct;
  • Promote an ethical culture through executive oversight of compliance and regular communications on the subject;
  • Assign responsibility for ethics and compliance to specific individuals with access to executive management of the company;
  • Develop procedures to prevent and detect improper conduct, such as auditing and monitoring of business operations;
  • Establish internal reporting channels, including an anonymous hotline, through which employees can report potential improper conduct or violations of company policy;
  • Develop procedures to assess reports of improper conduct and, if credible evidence exists, disclose the improper conduct;
  • Develop procedures to implement corrective action, including discipline for wrongdoers and steps to prevent recurrence;
  • Screen principals of the company for prior misconduct;
  • Train all employees – both new and experienced ones – on ethics;
  • Require full cooperation in internal and external audits; and
  • Plan to periodically re-evaluate the compliance program.

To make sure that risk areas are addressed and operating procedures are realistic and enforceable, get buy-in from business managers before implementing any compliance plan.  For a plan to be permanent and effective, corporate management must set the right tone, making documented efforts to communicate to employees that ethics and compliance are important company values.  Finally, to keep the plan relevant, update it to reflect recent events.

C. Review Other Internal Controls

Once the basic compliance and training plan are in place, counsel can help review other internal controls to ensure their adequacy for preventing fraud and other misconduct.  For example, here are some practical suggestions for minimizing exposure to a government investigation:

  • Design timekeeping and billing systems to have multiple layers of review and minimal opportunities for manipulation;
  • Restrict interactions with government officials to experienced managers and other employees trained in doing business with the government;
  • Verify certifications and other statements to the government for accuracy;
  • Monitor expenses for improper gifts and other things of value, or for any unusual or problematic activities;
  • Set up document retention capabilities, such as software that allows for searching and copying, a flexible and retrievable backup system, and centralized storage of documents;
  • Perform due diligence on new partners and subcontractors; and
  • Review new business ventures for compliance and consistency with company ethics.

No compliance plan is foolproof, but these steps will show a corporate commitment to ethical conduct.  If the government does come knocking at your door, your company will be well positioned to respond to the investigation.

III. Conclusion

In the next part, we will offer practical responses in the alarming event that your company becomes the subject – or worse, the target – of a government investigation.  This primer only provides some general suggestions for how to prepare for and respond to a few common government investigative techniques.  Since each investigation is unique, and a company’s response can greatly affect its legal strategy, we recommend consulting with legal counsel as soon as possible upon receiving a subpoena, learning that government agents are interviewing current or former employees, being served with a search warrant, or responding to any type of government investigation.

*            *            *


This article represents the views of the authors and should not be construed as providing legal advice or legal opinion. Readers should consult their attorneys with any specific legal questions about these matters.


Roderick L. Thomas is Chair of Wiley Rein’s White Collar Defense practice in Washington, DC.  He specializes in white collar crime and civil fraud allegations, after serving more than 10 years in the U.S. Attorney’s Office in Washington, DC. As part of his extensive background in federal investigations and prosecutions, he routinely represents clients in internal investigations, subpoena matters, False Claims Act and qui tam matters, criminal investigations, Foreign Corrupt Practices Act matters, congressional investigations, and parallel civil and criminal proceedings.  He can be reached at (202) 719-7035.

Mark B. Sweet is a Partner in Wiley Rein’s White Collar Defense practice.  He counsels clients on complex issues for government investigations, whistleblower complaints, and mandatory disclosures.  Mr. Sweet has conducted a number of internal investigations and is experienced in interacting and negotiating with government agents.  He advises clients on best practices for collection and production of electronically stored information in response to government subpoenas and discovery requests. His practice spans civil and criminal investigations for government contractors, food and drug companies, communications firms, and others.  He can be reached at (202) 719-4649.

 Please email the authors at or with questions about this article.