1 Year After Yates Memo: The Wrong Internal Investigation

Donna C. Boehme – Law360 – October 3, 2016

rsz_3rd-party-yatesLast month marked one year since Deputy Attorney General Sally Quillian Yates issued a much-discussed mandate directing federal prosecutors to focus on not just companies but also individual employees. In this Law360 Expert Analysis series, three compliance experts share their thoughts on the Yates memo’s impact.

Ever since the issuance of the Yates memo by Deputy Attorney General Sally Yates,[1] there has been no shortage of commentary on its impact on company compliance programs. But after hearing from one of my networks that some companies were busy producing “Yates binders” for each major internal investigation, I realized this is probably a good time to reflect on internal investigations in the post-Yates era.

We can start with a reflection on two of the biggest corporate compliance fiascos of the modern era: Volkswagen AG and General Motors. It is notable that in both cases, the problems which resulted in so much disruption, reputational damage, and other liabilities to each company were known internally (and in the case of VW, for possibly decades), but somehow failed to be fully investigated and raised to appropriate levels for resolution before hitting the media headlines.

In the case of VW, the company is now pursuing an internal investigation into reports that internal parties, including employees and the vendor of the fraud-enabling software, attempted to warn the company about the problem, but to no avail.[2] Similarly, GM has been focusing on why employee concerns about a faulty ignition switch tied to at least 124 deaths failed to reach management or result in a more timely recall.[3] Aside from accountability questions of “What did management know?” and “When did they know it?” after Yates, it’s safe to say that both companies should be examining the manner in which their internal investigations are conducted.


Experienced chief compliance officers and Compliance 2.0 professionals[4] don’t need the Yates memo[5] to tell them that the way in which their company conducts internal investigations is “where the rubber meets the road” for their compliance program. This is, by far, the most important indicator of their program’s ability to find, fix and prevent problems and to support a culture of transparency, accountability, and ethical leadership. But Yates adds an additional element that must be incorporated into their company’s investigation guidelines: a laser focus on individual accountability from the very start. But, no Yates binders required!

At a minimum, companies will want to be able to demonstrate that their compliance investigations are robust and likely to bring the relevant facts to decision-makers. But after Yates, the stakes for internal investigations have been raised significantly, and no company wants to have to defend its failures because of inadequate attention to how internal investigations are conducted.[6]

Too often companies tend to play a form of “investigation lottery,” in which they appoint “experienced” managers to lead internal probes without adequate investigation guidelines in place (with additional training to support those guidelines). Because, after all the effort to design and build a compliance program that finds, fixes and prevents problems, why bet the farm on a “DIY investigation” approach that “hopes” investigators conduct their investigations in a competent way that supports the integrity of the overall program? Sending managers out to investigate compliance problems without a common understanding of the correct methodology is not only foolhardy but also a sure path to all manner of mistakes such as:

  • The call is routed to an investigator who, while well intentioned, lacks the training or subject matter expertise to determine the facts properly.
  • There is internal delay finding or assigning an appropriate investigator (whether due to lack of resources or turf problems) and the evidence evaporates, becomes stale, or is otherwise compromised.
  • A senior manager with an interest in the outcome of the investigation hears about the matter, calls the investigator, and interferes with the process.
  • A powerful chief financial officer or CEO calls in the chief compliance and ethics officer and tells her to end the investigation, or else.
  • The matter is referred to an audit committee member who then sends it to the general counsel, not realizing that the general counsel has a conflict.
  • Another department, such as security or personnel, demands ownership over the matter but then fails to investigate and resolve adequately.
  • The business unit leader makes offhand but disparaging comments about the investigation during the monthly staff meeting, discouraging team members from cooperating.
  • An experienced member of internal audit (and former law enforcement) conducts a series of interviews with one witness on one side of the table, and seven questioners on the other.
  • The head of human resources learns of the investigation during a compliance committee meeting, and then carelessly violates confidentiality at a company dinner. The investigation becomes tainted.
  • A manager known to be a protégé́ of the CEO is interviewed, but later writes a follow up email to the lead investigator intending to intimidate, chilling further progress in the case.
  • Although the chief compliance officer deems the matter serious enough to merit retaining an independent investigator, no budget exists for an outside expert. The internal investigators fear that their findings will not be well received by certain powerful factions in the company. [7]

But wait! Those companies that think they can take a quick shortcut by engaging some law firm partner or vendor without true compliance subject matter expertise to “”train” a group to “do” investigations on such topics as “preserving legal privilege” or “best interview techniques” should think again. These “one-size-fits-none,” premade solutions rarely, if ever, fit a company’s unique set of circumstances. That’s because they will be missing an important piece — the most effective guidelines and training come from engaging a multidisciplinary, internal group representing those who will actually support and perform the investigations. A CCO with true compliance subject matter expertise can lead this team to develop and implement investigation guidelines and protocols that will ensure professionalism, confidentiality, timeliness, objectivity, impartiality and nonretaliation in all internal investigations.

And in-house legal folk worried about being “operationalized” to be the U.S. Department of Justice’s investigators[8] should make investigations guidelines and training their first priority.

Companies facing compliance problems should be prepared to demonstrate their measures to ensure that internal investigations are conducted in a manner that can avoid such mistakes, support the integrity of their compliance program, and otherwise withstand compliance and post-Yates prosecutorial scrutiny. In a post-Yates world, a review of the company’s investigation guidelines and training program should be Topic  No. 1 — not a “Yates binder.”

The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.

[1] http://www.justice.gov/dag/file/769036/download

[2] http://in.reuters.com/article/volkswagen-emissions-idINKCN0RR0LB20150927

[3] http://fortune.com/2015/08/24/feinberg-gm-faulty-ignition-switch/; http://blog.volkovlaw.com/2014/06/when-the-in-house-lawyers-run-amuck/; http://compliancestrategists.com/csblog/2014/10/16/gms-diy-compliance-whatcouldpossiblygowrong/

[4] Compliance 2.0 refers to the modern compliance officer and compliance program – one structured to succeed with true compliance subject matter expertise, and positioned with adequate empowerment, independence, seat at the table, line of sight, and resources to effectively accomplish the modern compliance mandate. For more information: http://compliancestrategists.com/upgrade/wp-content/uploads/2016/05/Compliance-2.0-Infographic-1.jpg

[5] http://www.justice.gov/dag/file/769036/download

[6] http://www.latimes.com/business/autos/la-fi-hy-vw-audi-porsche-20160719-snap-story.html; http://blog.caranddriver.com/gm-knew-about-ignition-issues-10-years-before-issuing-recall/

[7] All of these mistakes are references to actual cases the author has seen in existing company programs as noted here: http://compliancestrategists.com/csblog/wp-content/uploads/2014/01/May-5-2009-Compliance-Week-PDF-Download.pdf

[8] http://www.corpcounsel.com/home/id=1202766991930/A-Year-Later-GCs-Say-Yates-Memo-Undermining-Their-Roles?mcode=1202617073467&curindex=0&slreturn=20160812134359

All Content © 2003-2016, Portfolio Media, Inc.

Leave a Reply