Editor: Please tell us about your experience with the Department of Justice and how it prepared you for your present assignment at Weil.
Tyrrell: I joined Weil in February 2010 as the co-chair of our White Collar Defense and Investigations Group. Prior to that, I served with the Department of Justice for over 20 years. My last position was chief of the Fraud Section from 2006 through 2009, where I supervised the work of 60 prosecutors on criminal Foreign Corrupt Practices Act, securities fraud, healthcare fraud and government contract fraud matters. Prior to that, I served for three years as deputy chief in the DOJ’s Counterterrorism Section starting shortly after 9/11, overseeing counterterrorism and terrorist financing matters.
As chief of the Fraud Section, I supervised and reviewed all of DOJ’s criminal FCPA matters and decided which cases would be pursued and on what terms they would be resolved. I established many of the precedents that are still followed by Fraud Section prosecutors. I also played a similar role with respect to some of the largest criminal securities fraud matters of the past decade.
That experience gives me unique insight into how cases are reviewed and evaluated by DOJ, and what approach in a particular case is likely to produce the most favorable outcome for a client, including on issues like voluntary disclosure, corrective or remedial measures, and design and implementation of compliance programs.
Editor: What are some of the key components of effective, proactive compliance programs?
Tyrrell: First, having clear and understandable policies – regardless of subject area – that are embraced by senior leaders in the company is critical. If employees and others don’t understand the policy and don’t believe their leaders are serious about it, why are they going to follow it? Second, getting the message out to employees about what they can and can’t do is essential. This includes having appropriate training programs and sharing information with the workforce about positive and negative examples of employee conduct. Third, risk-based diligence and oversight of key employees and third parties – like agents, consultants, and joint venture partners – is another component. Companies have to know with whom they’re doing business. And finally, it is important to have mechanisms that encourage the free flow of information from the top down and bottom up about risks the company faces, issues and problems that arise, and how those problems are solved.
Editor: How important is a top-level commitment to compliance?
Tyrrell: It is critically important. Senior leaders must set an example by communicating regularly with employees about the importance of compliance, and demonstrating that commitment should be a factor in how executives – and all employees – are evaluated and compensated.
Editor: What is the role of voluntary reporting in establishing a good relationship with the regulatory and enforcement authorities?
Tyrrell: That’s a complicated question that should be addressed on a case-by-case basis.
In the first instance, if a company has a legal obligation to disclose – for example, government contractors are obliged to disclose fraud – then the analysis begins and ends there.
Assuming there is no legal obligation that compels disclosure or no imminent threat of disclosure by an outside party, such as a newspaper, then I typically advise clients to take credible allegations of wrongdoing seriously, look into those allegations in a manner that is appropriate under the circumstances, and assess the nature and extent of the company’s exposure and the pros and cons of disclosure. Then, and only then, should a disclosure be made if it is in the best interest of the company – or, for a public company, if the securities laws require it.
Of course, it often will not be in a company’s best interest to disclose if, for example, the allegations prove not to be credible or if it is unclear whether the conduct even amounts to a violation of law. Under those circumstances, a disclosure could unnecessarily embroil the company in a lengthy and costly government investigation and result in other repercussions such as triggering civil litigation and harm to a company’s reputation that could otherwise be avoided.
It’s a challenging calculus. I can tell you from past experience that there are companies that have strong reputations for compliance with regulators and others that do not. However, the fact that a company doesn’t disclose a problem that ultimately comes to DOJ’s attention is not necessarily going to damage the company’s credibility with DOJ. Regulators recognize that not every allegation should be of interest to them – and, frankly, having counsel that knows when they’ll be interested and when they won’t is really important.
Editor: How can companies stay ahead of international anti-corruption initiatives?
Tyrrell: It is important to have people who understand and track important developments, including through interaction with their peers. Many law firms, including Weil, keep abreast of such developments and pass such information on to clients.
From a compliance standpoint, sending out regular alerts to employees, especially to managers, is a good practice. Something else that can be helpful, especially in companies that don’t have large legal or compliance groups, is asking senior business leaders to report to the legal and compliance group on a periodic basis. This promotes regular communication within the company and makes the business people an important part of the overall process.
Editor: How dynamic is the current environment with respect to laws like the FCPA?
Tyrrell: It is a very dynamic area.
On the enforcement side, the DOJ and the SEC have had great success in enforcing the FCPA. The number of enforcement actions has steadily increased, and substantial penalties continue to be imposed. While total enforcement actions dropped in 2011, that was only because there was a large jump in individual prosecutions in 2010. But the action is not limited to the U.S.
During my tenure at DOJ and since, there has been increasing interaction between U.S. regulators and their foreign counterparts. As a result, regulators in many countries are becoming more interested in pursuing corporate crime, including commercial bribery. The UK and Germany are two examples.
Also, when the U.S. brings an FCPA case against a company and identifies countries where bribes were paid, it is becoming more common for those countries to initiate their own investigations – sometimes through dramatic and disruptive actions, like searches and seizures of businesses, computers and records. I recently learned about searches and seizures in India that occurred after DOJ’s announcement of an FCPA settlement involving payments there. As a former enforcement official who regularly interacted with foreign counterparts, this does not surprise me. What does surprise me is how many companies are unprepared for such action. This underscores how important it is for companies to retain firms that have both the experience and the capacity to anticipate and prepare for this type of “domino effect” and, if possible, to proactively prevent it.
On the compliance side, most multinationals have become very sophisticated about – and are committing more resources to – compliance. They are aware of the risks, and they understand that investing a dollar today can save you a hundred dollars tomorrow. They recognize that the consequences of a serious FCPA problem can be enormous. Fines and penalties can climb into the hundreds of millions of dollars, as can costs of an internal investigation. Damage to reputation can be substantial. Shareholder and class litigation, as well as other civil litigation, can be costly to defend and resolve. Business opportunities often are abandoned or lost because companies must terminate relationships with third parties that are compliance concerns. Also, companies that do business with governments and international organizations, like the World Bank, the IMF and similar entities, face the possibility of debarment.
Fortunately, on the U.S. side, the DOJ and the SEC consider these potential consequences in deciding what action to take against a company. Often, they won’t require that the company plead guilty to a felony. They might offer something less, like a non-prosecution or deferred prosecution agreement in which the company publicly admits a violation and assumes specified compliance and other obligations but isn’t actually adjudicated guilty.
While this can soften the blow from an enforcement action, the blow can still be substantial.
Editor: Tell us about the role of whistleblowers and the ramifications for companies.
Tyrrell: The Dodd-Frank whistleblower provisions offer incredible financial incentives for people to report alleged wrongdoing to the SEC. At the same time, most public companies encourage employees to raise compliance issues internally and have procedures for addressing them and preventing future problems. Obviously, there is a real tension between these two competing avenues for reporting wrongdoing.
The fact that the SEC is offering employees the opportunity to reap huge financial benefits by bypassing internal reporting processes is a real concern. It’s sending a message to employees that is inconsistent with the message the government has been sending to companies for years, namely that companies should have strong compliance programs, including for reporting and addressing misconduct.
The SEC’s new program is new, so it’s hard to say whether it will be a source of more cases – although the SEC has spoken about receiving large numbers of tips. From my experience as a long-time prosecutor, I think whistleblowers are a mixed bag. I have considerable experience with False Claims Act whistleblowers. That program has been in place for decades and has uncovered some very serious problems. But there also have been abuses by whistleblowers and lawyers who represent them. There’s a substantial cost to the government and businesses who have to work through these allegations separating what’s real from what’s frivolous. Whether the benefits of such a program outweigh its costs is really a matter of opinion.
The difference with the SEC program is that it was aimed at public companies, many of which already were doing a terrific job of promoting compliance, addressing allegations of wrongdoing and, when warranted, reporting to the authorities. In other words, the program is a solution looking for a problem. As such, I have serious doubts about it.
Editor: What is the value of an objective perspective, such as that offered by law firms, to assist with corporate compliance efforts?
Tyrrell: The greatest value is that you can say to regulators that we didn’t just do this internally, we had people on the outside look at it too.
Most of our clients are sophisticated and have in-house lawyers who are highly ethical, hardworking people who take their responsibilities very seriously. They keep up with developments and do a terrific job of discharging their responsibilities, including dealing with allegations of wrongdoing. But regulators have a perception that outside counsel will bring a “more objective” perspective to more serious problems. I don’t necessarily agree with that perspective, but the reality is that it exists.
Outside counsel also can offer different approaches to compliance challenges that they have gleaned from working with many clients who face similar challenges. Also, they usually have more time to keep apprised of recent developments, know what regulators expect, and can focus in-house counsel on compliance issues that present the greatest risk to a company.