Editor: How does forensics fit in with litigation support? In corporate compliance programs?
Maringer: With respect to litigation support, law firms frequently need specialized services to assist in their engagements. The term “forensics” is broad and can encompass forensic accounting and other types of investigative support, such as digital forensics, all of which come into play in these types of matters. Once there is an investigation or litigation involving counsel, there is often the need for assistance from firms that can provide deep subject matter expertise in terms of collecting and analyzing the relevant financial and other data to support the litigation strategy.
Peeler: We frequently perform compliance risk assessments for clients in which we review their global operations and determine their greatest risks. Forensic accounting can be a useful tool for sampling and to get a sense of scale around certain risks.
Editor: What role has technology played in forensics?
Maringer: Technology has been playing an increasingly important role due to the volume and types of data that corporations are generating these days. Formerly, traditional sampling of the data was the norm for a forensic investigation. Now, with the ability to ingest large volumes of data and to correlate different data types and sources through technology, one can get a complete picture of a company’s issues – whether in the context of a “health check” or in response to a regulatory inquiry. In today's world, especially once the government is involved, a company is expected to undertake a full and thorough internal investigation, and this depends on the company’s ability to leverage technology and specifically data analytics to interrogate the available information.
Editor: What are the most common types of compliance failures that stem from a lack of due diligence or preventative forensic accounting?
Peeler: We focus on the “keep-you-up-at-night issues,” meaning those compliance areas where if something goes wrong, it can be truly disastrous for the company and individuals involved. If there has been a lack of due diligence, it frequently results in two problems: either an anti-corruption violation or a trade sanction violation arising from a customer transshipping goods to problematic destinations. When you look at the enforcement actions in these areas, almost all involve third parties and a due diligence failure of some kind.
Editor: Are there inherent conflicts between Western-based compliance regulations and global competition?
Peeler: There is just no question. Take, for example, the FCPA. The fervent enforcement of this anti-corruption law and the Western concepts of what constitutes a bribe are in stark contrast to the way many other countries have addressed these issues historically.
I spend a great deal of my time traveling the world to help bridge that gap through training. Regardless of where in the world I pose the question, “is bribery wrong?” I almost always receive a resounding and near-universal affirmative response. But when I begin to run through real-world scenarios and ask whether they constitute bribery, the answers vary widely.
Editor: How are compliance officers handling the Big Data challenge? How should companies incorporate data and analytics into their compliance programs, and what type of results could they expect?
Maringer: Compliance officers, and those who advise them, are coming to grips with the Big Data issue as the volumes of electronically stored information continue to grow. Additionally, forward-thinking leaders in this space are adding to this data by tracking the compliance-related activities of their employees through technology. By doing so, and incorporating analytics into their compliance programs, they will find themselves better equipped to respond in the event the Justice Department comes calling. The ability to maintain that an instance of malfeasance is an outlier or the act of a rogue employee – and to have the data to back up that claim – is invaluable. Compliance officers today are also looking at ways to handle global issues, and unless they are willing to set up an enormous infrastructure in-house, many choose to outsource the collection and analysis of their compliance data to companies such as ours. For example, we offer a compliance platform called Navigator, which enables companies to track their employees’ activities worldwide, and provides data analytic support to compliance officers by analyzing the resulting information and turning it into useful intelligence on which important decisions can be based.
Editor: How would you define Big Data?
Maringer: Big Data typically relates to the volume of available information. In addition to volume, however, we are seeing more and more complexity in the data itself and an increase in the different types of data that we analyze.
Editor: Why is the monitoring of a compliance program on an ongoing basis the key to avoiding government investigations as well as reducing likelihood of litigation?
Peeler: In some cases, monitoring is actually required. The guidance issued by the U.S. and U.K. on their respective anti-corruption laws, for example, requires some form of an annual review and health-check of compliance programs. And that makes sense. When you put a policy in place designed to mitigate risk, you base it on your company’s business profile, market, and where you are doing business at that time. Every year, though, the business and markets likely change, and therefore so does the risk. If you’re not looking at those changes and considering modifying your policies over time, they will quickly become ineffective and will needlessly expose your company to risk.
Editor: Do you see an increasing role for government in reviewing companies’ compliance practices?
Peeler: I believe the government perceives a benefit in leaving somewhat ambiguous its position on what constitutes a model compliance policy. That isn’t to say that it hasn’t given general guidance or that we aren’t able to discern trends and guidelines through enforcement actions. But by leaving certain details somewhat undefined, companies must focus on a moving target – and this likely leads to better compliance efforts overall. I don’t see that changing any time soon.
Editor: What role does due diligence play in mitigating the risk of FCPA violations?
Maringer: Traditional due diligence is critical for the identification and mitigation of FCPA and associated risks. If you operate as a multinational, you may inherit the risks of the people with whom you are engaging – whether it’s third-party agents or in the context of a merger or acquisition.
You’ll want to know in advance if a potential business partner has been investigated for corruption issues or has engaged in policies or practices that could lead to issues down the road. Due diligence is a key component to any compliance program and can go a long way in protecting against increased liabilities and reputational risks.
Editor: How should compliance experts handle mergers and acquisitions and the due diligence connected with them?
Maringer: As I mentioned earlier, due diligence is essential in the M&A context because of the liability you may inherit as a result of the deal, as well as the potential risk to your existing reputation. A thorough, pre-acquisition due diligence process should aim to understand the inner workings of the target, their clients, their processes, and how they run their business. This information is critical to protect the acquirer from a regulatory perspective and will hopefully also lead to a smoother integration process.
Editor: How does forensics apply to enterprise risk management and internal investigations?
Peeler: We frequently blend the compliance risk assessments we perform for companies with the company’s own enterprise risk management processes. While the two approaches have slightly different goals, it is extraordinary how much overlap there is between them and how much data you derive from combined efforts.
When we do an internal investigation and find the first hint of a problem – whether a bribe had been paid, for example – there are steps to take before we interview a single individual. Forensics and forensic accounting are critical in that process. We frequently review emails and often turn to forensic accounting to help examine the books and records and expense reports involved.
Forensics and forensic accounting are extremely important tools for CRAs, ERMs and internal investigations.
Editor: In a case where an FCPA violation is suspected, what investigative measures should corporate counsel take once alerted to the situation?
Peeler: I’ll give you my top three. First, consider privilege. Whatever steps you take to investigate, maintain privilege. It can always be waived later if the need arises, but careless decisions upfront can give away a critical bargaining chip and expose your company to unnecessary risk. Second, carefully develop a scope of the work with counsel that’s knowledgeable about anti-corruption laws around the globe. Then, based on what you know at the outset, determine how many people should be interviewed, whose email must be screened, and what countries are involved. This may change (and frequently does), but, whenever possible, working in a phased approach is always best. And finally, before executing your plan, understand what other laws may impact your investigation. Data privacy, for example, is handled very differently around the globe, and a failure to abide by these laws can create both civil and criminal liability.
Editor: What advantages does technology give the forensic accountant, and what “analog” investigation techniques are still useful?
Maringer: Forensic accounting and data analytics are increasingly intertwined, as more and more data is in electronic form, and the volume is increasing. Forensic accounting teams rely heavily on technology and data analytics to support their work. That said, the human element is invaluable. Unless you have a person with subject matter expertise who understands the issues on a given topic or in a geographic region, you cannot be effective. The best of all worlds is to have crack investigators and forensic accountants who have technology at their disposal. That way, you’re bound to quickly and effectively get to the heart of a problem.