Editor: Please describe your practice area, the location of your office and your background with the firm and at the Department of Justice (DOJ).
Grindler: I am a partner with King & Spalding in its Washington, DC office. The focus of my practice is on white collar defense, internal and congressional investigations, False Claims Act matters and crisis management.
I was a partner with King & Spalding for nine years before returning to the DOJ in March 2009. I returned to DOJ as a deputy assistant attorney general in the Criminal Division supervising the Appellate and Fraud Sections. The latter handles FCPA matters. I was then asked by Attorney General Holder to serve as acting deputy attorney general, the number two position in the department. I held that position for approximately a year. Following that, I served as chief of staff to the attorney general for two years.
I worked for Attorney General Reno and Deputy Attorney General Holder at DOJ during the Clinton administration from 1995 to 2000. I also served as an assistant U.S. attorney in the Southern District of New York and the Northern District of Georgia.
Editor: What types of investigations are handled by the DOJ and SEC, respectively?
Grindler: The primary mission of the DOJ is to protect the safety of the American people and to enforce federal criminal and civil laws and regulations. As you can imagine, there’s an extraordinarily broad variety of criminal and civil matters that are investigated and prosecuted by the DOJ. They range from financial and healthcare fraud to civil False Claims Act enforcement to the fight against terrorism and violent crime. The SEC has responsibility for the civil enforcement of the securities laws while the DOJ has responsibility for the criminal enforcement of those laws. In that sense, they have separate roles, but there are many matters that are investigated both by the SEC and the DOJ. As appropriate, the DOJ and SEC frequently cooperate on securities law investigations.
Editor: How is technology changing the investigative process?
Grindler: Technology has had a great impact on both the methods and means by which crimes are committed as well as on the skills needed by the FBI and other law enforcement agencies to conduct successful investigations. A significant area of concern is the increase in more sophisticated cyber attacks on U.S. companies and the country’s infrastructure. As technology has become more sophisticated, cyber criminals are able to work throughout the world – many times using encrypted software, which has made detection of such criminal activity and locating the perpetrators more challenging than ever before.
Editor: How important is it for corporations to set up internal processes so that wrongdoing can be reported by employees?
Grindler: It’s incredibly important because the ability of a company to identify internal misconduct at the earliest possible stage will go a long way to enabling the company to stop improper activity and evaluate whether the problem is systemic or isolated. If it is systemic, remedial measures should be taken to address the problem throughout the company.
Also, there are mandatory reporting requirements in certain situations that may need to be addressed. For example, in 2008 a federal regulation was issued that requires all government contractors to timely disclose to the government any credible evidence of a violation of federal criminal law involving fraud, bribery or a violation of the False Claims Act. If a disclosure is not made in a timely fashion, that, in and of itself, provides grounds for suspension or debarment of the contractor. Also, the Affordable Care Act and implementing regulations require healthcare providers to report and return any overpayments to the Department of Health and Human Services within 60 days of identifying the overpayment. If the provider fails to meet this deadline, it risks suspension of government payments until the matter is resolved. There also are potential benefits to self-reporting, such as leniency from the Antitrust Division or mitigation of sanctions or fines under the Principals of Federal Prosecution of Business Organizations.
Editor: Describe the role of whistleblowers and qui tam relators and how they motivate the reporting of false claims and securities violations to the government.
Grindler: The purpose behind the SEC’s whistleblower regulations promulgated pursuant to the Dodd-Frank Act and qui tam provisions of the False Claims Act is to incentivize individuals to disclose securities violations and false and fraudulent claims to the federal government. The FCA qui tam provisions provide that a relator can bring a civil case in the name of the United States alleging that an individual or entity has filed false monetary claims with the government. The government investigates the allegations and makes a decision whether it’s going to intervene. If the government declines to intervene, the relator can proceed with the case on his/her own. Under the Dodd-Frank Act and the SEC’s regulations, a whistleblower submits information regarding an alleged violation of the securities laws to the SEC. The Dodd-Frank provisions do not provide a private right of action to whistleblowers should the SEC decide not to proceed.
The motivation for someone with inside knowledge to report a securities violation or false or fraudulent claims stems from the fact that an SEC whistleblower or qui tam relator is entitled to receive a percentage of amounts recovered. Under Dodd-Frank, a whistleblower can recover between 10 and 30 percent if the sanction involves at least $1 million. Under the FCA, relators can get between 15 and 25 percent if the government intervenes -- and up to 30 percent if the government does not intervene. It is clear that the bounties have encouraged more whistleblowers to come forward with allegations of fraud and false claims. In 2012 alone, the SEC received over 3,000 whistleblower tips.
Editor: There was some concern when the whistleblower regulations were issued that they would undermine internal company processes for addressing wrongdoing.
Grindler: The final SEC regulations implementing the Dodd-Frank whistleblower provisions do not require that a whistleblower report securities violations through a company’s internal compliance systems as a prerequisite to being eligible to receive an award. However, a whistleblower’s reporting of securities violations initially through internal legal or compliance procedures may be a factor to increase the award. On the other hand, if a whistleblower interferes with or undermines the integrity of an internal compliance system, that is a factor that will support a reduction of an award.
Editor: What are some of the other circumstances that trigger internal investigations?
Grindler: Other triggers for internal investigations include (a) a crisis event such as an environmental disaster or a significant, undisclosed financial loss (the Deepwater Horizon oil spill and the recent multi-billion-dollar “London Whale” loss at JP Morgan provide examples); (b) discovery of an irregularity by an audit committee or through a compliance review; (c) service of a grand jury or civil administrative subpoena or execution of a search warrant; and (d) cyber attack - there will be a need to determine the source of the attack and whether there has been a loss of intellectual property or trade secrets or identity theft.
Editor: How important is an enterprise risk management plan?
Grindler: In a number of recent investigations, senior officials have claimed that they were not informed of the illegal or improper activity or have concluded that the risk assessments by the company were not adequate. Greater attention should be paid to identifying business practices that may present the greatest regulatory or enforcement risk and then putting in place a plan to monitor such activity.
In addition, companies should have in place a plan for how to deal with a crisis situation. When a crisis occurs, there may be a frenzy of activity involving many parties, including victims, the media, Congress, federal, state and foreign regulators, shareholders and sometimes competitors. Companies should establish a decision- making process that will be triggered if a crisis event occurs. Quick ad hoc decisions in the immediate aftermath of a crisis event may come back to haunt the company.
Editor: What role do you see for the general counsel in crisis situations?
Grindler: The general counsel plays a critical role in crisis situations. He or she provides key advice to senior management and the board not just on legal issues, but on crisis management generally. The general counsel must be prepared to provide guidance on media responses; interactions by employees with government agents should a search warrant be served; evaluating whether securities law disclosures must be made; and the interactions with the prosecutors, congress and state authorities.
Editor: How important is it to begin an internal investigation in a timely fashion after becoming aware of a significant risk?
Grindler: If significant enforcement or regulatory risks are identified, it’s very important to understand the core issues presented by the risks. If the allegations suggest that there has been improper conduct, a prompt investigation can assist a company in either stopping the conduct or, if the information proves to be incorrect, discouraging damaging internal speculation before the story receives media attention or before a federal or state investigation is initiated. If the allegation is found to have some merit, initiating a prompt investigation and taking remedial action may demonstrate to the government that the company acted responsibly and corrected the problem in a timely fashion.
Editor: There have been situations where e-discovery, say, in the normal course of litigation, may reveal a light–hearted attitude toward serious matters. Should a company ask its employees to be cautious about what they say in their emails?
Grindler: It is entirely appropriate for a company to provide its employees with what I call “hygiene advice” about writing emails. I am not suggesting that an employee should refrain from sending accurate, substantive emails if the occasion warrants it. However, experience shows that employees many times send emails that are unnecessary or unrelated to the work that they’re doing. Companies may wish to talk to employees about the proper subjects for email communications, making jokes about business issues and the importance of avoiding speculation or stating conclusions before there is adequate factual development.
Editor: The press has been quite active in investigating what it believes to be corporate wrongdoing. How should a company respond?
Grindler: If a reporter is going down that path, the allegations should be taken seriously. Once in the public domain, people many times believe what they hear or read with little regard for its accuracy. Reporters usually check with the company before an adverse story is published. The corporation should promptly look into the allegations to determine whether there is any truth to them and whether any steps should be taken to stop and remedy the conduct. A company should be willing to engage reporters (sometimes off the record) in an effort to establish credibility. One approach is to indicate that the company takes the allegations seriously and would like some time to look into and verify what the reporter has alleged.
Editor: When is it helpful for a company to retain someone like yourself to do an investigation?
Grindler: A company should retain outside counsel when the events listed in my earlier response occur. When a government investigation is focused on the company and where there is a subpoena, search warrant or congressional inquiry, it is important to retain attorneys who have experience in handling these matters so they can work with the general counsel, the board and senior management in assessing the validity of any allegations and then determining how best to respond. Outside counsel for the company and the board many times are perceived by the government as more objective because they are not subject to the same pressures otherwise faced by company employees.