Guideposts for Successful Internal Investigations: Part 1 – Establishing an Investigation’s Framework

The ability to effectively conduct internal investigations is essential to any business.

From fiscal year 2014 to fiscal year 2018, the number of whistleblower retaliation complaints filed with OSHA has increased by 29 percent. Between 2007 and 2017, retaliation claims filed with the EEOC nearly doubled. In fiscal years 2017 and 2018, the Justice Department recovered over $6.5 billion from False Claims Act cases. The recoveries, settlements, and defense costs in these matters are real.

Not only do internal investigations help ensure ongoing legal and regulatory compliance, they also give companies a chance to correct any mistakes and identify potential risk areas before they become true liabilities. They can also fortify future defenses and minimize risk in litigation about alleged corporate misconduct.

Given the stakes, we have prepared this two-part blog series exploring effective steps for internal investigations.

This first post explores five steps to ensure the company identifies complaints when they arise and establishes an appropriate framework for investigating those complaints.

  1. Train board members, executive leadership, and managers on identifying, receiving and ensuring investigation of internal complaints. Not every complaint is couched as a complaint. A complaint might be embedded in an email or conversation between an employee and her manager about how the business is run. It might be raised “informally,” but it is nonetheless a complaint. Because complaints are not always clear, managers (from line supervisors to board members) need to understand how to identify complaints in their various forms, take those complaints seriously, and ensure they are investigated by the right people (e.g., in-house counsel’s office, compliance, or human resources). Failure to identify complaints can have serious ramifications.
  2. Identify and articulate the purpose or goal of an investigation. A company should endeavor to understand why it is conducting the investigation. Every internal investigation should have the following goals: (a) obtain a full, objective understanding of the facts; (b) facilitate fact-based decision-making; (c) take prompt corrective action and confirm disclosure requirements; and (d) preserve evidence and a complete record.
  3. Account for attorney-client privilege considerations. In-house or outside counsel should be informed about most investigations to ensure proper legal advice and maintain privilege. If a company intends to use the investigation and its results to defend a lawsuit or allegation of wrongdoing, it should be prepared to disclose underlying investigation interview notes, factual conclusions, and remedial steps, if any. Courts will generally not allow a company to use an investigation as a shield against liability while asserting attorney-client privilege regarding supporting documents obtained during the investigation. This does not mean all communications to or from the investigator must be disclosed. Steps can be taken to ensure attorney-client privilege is maintained where appropriate. For instance, the investigator can report findings to the business for decision-making purposes and separately to counsel for legal advice or in anticipation of litigation. If an attorney acts in the role of fact-finder, organizations should not necessarily assume there will be attorney-client privilege in subsequent proceedings. Understanding attorney-client privilege issues early can help a company maintain privilege to the maximum extent possible.
  4. Identify the appropriate investigator(s). Not every complaint requires the same investigator. An investigator may be qualified in one area, but another investigator might be more qualified in a different area. Sometimes, it may be important to have counsel investigate the complaint to provide legal advice or if litigation is anticipated. An attorney investigator might also be employed as an expert witness down the road, depending on the circumstances. The investigator should be as independent as possible. The investigator should also understand the importance of attorney-client privilege and the outer limits of its protections. This can help guide the investigator on when and how to share certain information with appropriate parties. The investigator should ultimately be someone the company is comfortable representing it as a witness in any potential dispute that later arises.
  5. Determine the scope of the investigation. Any investigation should be broad enough in scope to establish independence of the investigator. The investigator should not be limited in a way that might lead a third party to believe the results were preordained. Most investigations should encompass the complaint and any circumstances and facts reasonably related to the complaint and its subject matter.

These five initial steps to the investigation process will help companies minimize or mitigate risks associated with internal complaints.

In a separate blog, we will explore the next five steps to an effective investigation, focusing on the investigation itself, gathering information, and making reasonable assessments based on the evidence.

The Waiting Is the Hardest Part: Staff Decreases, Whistleblower Claim Increases Strain OSHA

A February 20, 2019 article from Bloomberg Law provides statistics to explain the significant delays experienced by litigators and attorneys alike in Occupational Safety and Health Administration’s investigation of whistleblower claims. A substantial increase in the number of whistleblower complaints filed with OSHA over the past five years and a contemporaneous decrease in the number of investigators available to investigate these claims has led to longer waits for OSHA decisions and delays in the adjudication of claims.

OSHA is charged with enforcing more than 20 whistleblower statutes. From fiscal year 2014 to fiscal year 2018, the number of whistleblower complaints filed with OSHA increased by 29 percent: from 7,408 to 9,566. Over this same period, the number of investigators available to investigate these claims decreased by 24 percent: from 100 to 76.

The staffing losses are due, in part, to a stagnant budget and a federal hiring freeze in 2017. The staffing restrictions resulted in OSHA opening full investigations into only 3,007 whistleblower cases in FY 2018, the fewest number of new investigations since 2013. This means, on average, each investigator opened approximately 40 new investigations in FY 2018, in addition to their already existing caseloads. Also during FY 2018, OSHA closed 2,964 investigations, down 15 percent from the prior year and the lowest since FY 2012. The average time to complete an investigation in FY 2018 for all types of whistleblower cases was 284 days, seven days more than the FY 2016 average. The Administration’s statistics are not likely to improve any time soon as it reportedly takes approximately two years for a new investigator to learn the requirements of the position.

The potential impact of these investigatory constraints is considerable. For example, under the Sarbanes-Oxley Act, a putative whistleblower has 180 days from an adverse employment action to file an administrative complaint with OSHA. The statute and regulations contemplate the entire administrative process, including OSHA’s investigation and decision, review of this decision by an Administrative Law Judge and subsequent by the Administrative Review Board, will be completed within 180 days. Based on current statistics, if OSHA opens an investigation into a complaint, it will take, on average, more than 100 days longer than the timeframe contemplated by the Act before OSHA completes its investigation. As the Act also permits whistleblowers to seek dismissal of their complaints in order to proceed de novo in federal court, more whistleblowers may elect to go this route, rather than have their claims languish at the administrative level. Since 2017, approximately 300 whistleblowers have elected to go this route, according to Bloomberg Law. However, as an employer only has 20 days to respond to a complaint filed with OSHA, the whistleblower is filing in federal court with full knowledge of the employer’s defense and the ability to craft a complaint that addresses any arguments raised by the employer. Additionally, while the claim languishes at the administrative level, an employer will typically have to deal with the loss of witnesses due to attrition or other factors, further complicating its defense of the whistleblower’s claim.

Please contact Jackson Lewis with any questions about avoiding whistleblower complaints.

A Look Back at Key Corporate Governance and Internal Investigations Issues in 2018

2018 was a transformative year for corporate governance. Record whistleblower awards, an increasing number internal investigations partly arising out of the #MeToo movement, an expansion of the role of companies’ boards, and corporate social responsibility all shaped 2018. This is our retrospective review of these trends.

 Record Whistleblower Tips and Awards and Possible Changes

Companies and regulatory agencies reported a rise in whistleblower tips in 2018. The Securities and Exchange Commission (SEC) Whistleblower Program had its largest annual payout in history, $168 million. It also reported its largest single payout, $84 million. Many of those receiving rewards in 2018 were company outsiders and non-U.S. residents.

Since its inception, the Program has awarded $326 million and has recovered $1.7 billion for the U.S. Treasury. Investors also have gained an estimated $432 million.

In 2018, the SEC proposed amendments to the Program rules. Significantly, the proposed amendments, which are currently in the comment phase, are designed to provide the SEC greater discretion with respect to awards at extremes of the Program. Under the amendments:

  • The SEC will have enhanced ability to limit the very large awards and increase the modest awards on collected monetary sanctions over $100 million and awards under $2 million.
  • The interpretive guidance will provide the meaning of “original information” and clarify the types of government actions that can qualify for whistleblower awards.

 Internal Investigations

In the wake of the #MeToo movement and with the continuing rise in whistleblower claims, companies performed more internal investigations in 2018 than they had in many years. Sexual harassment complaints, much like whistleblower complaints, often are reported internally first, thus triggering a company’s obligation to investigate and take remedial action, if necessary.

Data on sexual harassment enforcement from the Equal Employment Opportunity Commission (EEOC) backs this up. In 2018, charges filed with the EEOC alleging sexual harassment increased by more than 12 percent from fiscal year 2017.

Also in 2018, the Department of Justice (DOJ) announced a significant policy shift to its enforcement strategy. According to the DOJ, going forward, companies must reveal all relevant facts about responsible individuals in order to trigger the False Claims Act’s reduced damages provision. Identifying and disclosing information about individuals who were involved in potential fraud necessarily will involve effective internal investigations.

 The Emerging Role of the Board of Directors

The number of lawsuits brought against boards and individual board members for breach of fiduciary duty, among other things, has increased sharply in recent years. Government enforcement and prosecution of violations from perceived board dereliction is also on the rise. As a result, in 2018, board governance and scrutiny emerged as a key compliance component. More and more boards are taking an active role in establishing:

  • Compliance programs
  • Cybersecurity and privacy safeguards
  • Whistleblower protection measures

Some states are even tackling issues of diversity in board composition. In 2018, California passed a law mandating that publicly traded companies incorporated in California, as well as foreign corporations headquartered in California, have at least one female director by the end of 2019. Depending on board size, the California law will mandate additional representation by 2021.

 Corporate Social Responsibility

Another trend in 2018 has been the growing importance of corporate social responsibility (CSR) initiatives to investors, shareholders, and consumers. Investors are increasingly interested in CSR performance of target firms as a way to identify economic performance potential and to flag potential risks.

Entities are proactively identifying and addressing their legal, financial, operational, and reputation risks, and they are particularly focused on CSR risks through proactive initiatives or reactive responses to specific incidents. Companies and boards are investing in CSR programing as an integral element of company risk assessment and compliance programs and advocating public reporting of CSR initiatives. This is serving as both a differentiating and value-enhancing factor.

Please contact the authors of this post or your Jackson Lewis attorney with any questions about these developments.

Tenth Circuit Rules that False Claims Act (FCA) Does Not Cover Post-Employment Retaliation

In a win for employers, the Tenth Circuit Court of Appeals recently held that “…the False Claims Act’s anti-retaliation provision unambiguously excludes relief for retaliatory acts occurring after the employee has left employment.” Potts v. Center for Excellence in Higher Education, Inc., No. 17-1143 (10th Cir. Nov. 6, 2018) (emphasis added).


Debbi Potts, a campus director at an educational organization, resigned her employment in July 2012. In September 2012, Potts and the organization entered into an agreement whereby Potts promised not to disparage the organization or “contact[] any governmental or regulatory agency with the purpose of filing any complaint or grievance.”

In February 2013, several months after her resignation and agreement, Potts sent a complaint to the organization’s accreditor regarding “alleged deceptions in maintaining its accreditation.” (After entering into the agreement, Potts also sent a disparaging email.)

The organization sued Potts for breach of contract, citing Potts’s complaint to the accreditor. Potts, in turn, filed a lawsuit in federal court, claiming the organization retaliated against her in violation of the False Claims Act (“FCA”) when it sued her. The organization moved to dismiss Potts’s FCA lawsuit, which the district court granted.


The Tenth Circuit Court of Appeals affirmed the dismissal of Potts’s FCA retaliation claim, engaging in extensive statutory interpretation to support its conclusion that “employees” under the False Claims Act are limited to “persons who were current employees when their employers retaliated against them.” (emphasis added). In contrasting the False Claims Act with Title VII’s anti-retaliation provision, the Tenth Circuit concluded that “…the False Claims Act, by its list of retaliatory acts, temporally limits relief to employees who are subjected to retaliatory acts while they are current employees.” The Tenth Circuit ultimately held that “[b]ecause Potts alleges that the [organization] retaliated against her after she resigned her employment, she cannot have a cognizable claim under the statute.”

California Law Pushes Virtue of Diversity Requiring Females on Boards of Directors

California Governor Jerry Brown recently signed Senate Bill 826 into law which requires publicly-held corporations with principal executive offices in California to have a certain number of females on their boards of directors.

The new law sets forth phased requirements for these corporations. By the end of 2019, each covered company must have at least one female director. By the end of 2021, this number increases to three female directors if the company has six or more directors in total. (For boards with five or fewer directors, the numbers decrease.)

If companies fail to comply with the new law, the California Secretary of State is authorized to impose significant penalties: $100,000 for a first-time violation, and $300,000 for subsequent violations.

The bill highlights the underrepresentation of women on boards of directors, identifying that “[o]ne-fourth of California’s public companies in the Russell 3000 index have NO women on their boards of directors; and for the rest of the companies, women hold only 15.5 percent of the board seats.” The bill lists economic advantages to having female directors and cites a study which “found that companies with more women on their boards are more likely to ‘create a sustainable future’ by, among other things, instituting strong governance structures with a high level of transparency.”

In connection with the new law, Governor Brown recognized objections, but stated that “…recent events in Washington, D.C.–and beyond–make it crystal clear that many are not getting the message” and “[g]iven all the special privileges that corporations have enjoyed for so long, it’s high time corporate boards include the people who constitute more than half the ‘persons’ in America.”

Dallas Mavericks Investigation Report Recommends Women in Leadership and Anonymous Workplace Climate Surveys to Combat Sexual Harassment

Following a February 2018 Sports Illustrated article regarding alleged sexual harassment and misconduct within Dallas Basketball Limited, the Dallas Mavericks basketball organization (“Mavericks”), the Mavericks commissioned an independent investigation into the claims.  The investigators, comprised of two outside law firms, interviewed 215 witnesses and analyzed 1.6 million documents.  The investigation report was publicly released on September 19, 2018.

The lengthy report details a number of allegations regarding sexual harassment or other misconduct by the former CEO, the former Human Resources Director, and other employees.  Allegations ranged from inappropriate touching and sexual advances, to watching pornography at work, to domestic violence.  The report also highlights concerns regarding management’s failure to appropriately address employee complaints and stated that “there were no internal controls or governance structures in place[.]”

One of the most interesting components of the report is the remedial recommendations made by the investigators.

The investigators’ very first recommendation was to increase the number of female employees, including those in leadership positions, within the company.  The report observed that “Research has shown that the single most important thing that companies can do to reduce sexual harassment and gender discrimination in the workplace is to employ, and promote, more women.  Having women in executive leadership positions is particularly critical.”  The report noted that when the investigation began, there were no female executives.  Shortly thereafter, Cynthia Marshall was hired as President and CEO, and there are now eight women in executive positions (out of eighteen total).

The investigators also recommended that the Mavericks “[c]onduct anonymous workplace culture and sexual harassment climate surveys on a regular basis” to identify problems.  Further, the report illustrated instances where management failed to make important personnel decisions, and indicated the company’s culture “lacked any hierarchy and consisted of blurred lines of decision-making on some issues.”  The report stated that “Numerous studies have concluded that unstructured decision-making leads to increased risk and a higher prevalence of sexual harassment in the workplace, as policies are less likely to be enforced strongly and promptly, and disciplinary consequences become less clear and uniformly applied.”  Thus, the investigators recommended the Mavericks establish clearly-defined decision-making roles.

The report further recommended that the Mavericks expand its Human Resources department and hire a full-time General Counsel – both of which have now been done.  Of course, the investigators also recommended robust sexual harassment training and emphasized the importance of including leadership in these trainings.

The investigators’ recommendations demonstrate that traditional remedies, such as conducting trainings and redefining policies, may be insufficient, particularly when actions of the organization belie those policies and training efforts.  Instead, employers should address sexual harassment through more nuanced approaches aimed at creating a culture of inclusivity and trust in organizational leadership.


Effective Compliance Programs Require a Commitment from the Top

We follow the leader wherever we go, and that applies to compliance, as well. While federal and state laws require organizations to adopt compliance programs, a low level of commitment to these compliance efforts from the highest levels of management can pose a serious threat to the implementation and sustainability of such programs. It is easy to say “we are committed to compliance,” but how do organizations put this into practice? Employees must be able to trust that their leaders are first buying into the organization’s compliance policies and are following the appropriate processes themselves.

The Occupational Safety and Health Administration (“OSHA”), which enforces the whistleblower provisions of 22 federal statutes, has published Recommended Practices for Anti-Retaliation Programs. According to the Recommended Practices, management leadership, commitment, and accountability are the first elements to effective compliance. Management can demonstrate its commitment by backing up words with actions, such as:

  • making readily available a written Code that is clear and equally applicable to everyone in the organization;
  • ensuring that there is a manager who is responsible and accountable for the enforcement of the reporting system;
  • ensuring managers have access to senior management for compliance concerns;
  • engage in a dialogue with employees to create and improve management awareness of potential issues and anti-retaliation policies and practices;
  • requiring training for senior management so that they understand their legal obligations, and are able to identify issues that may impact these obligations;
  • implementing a mechanism to accurately evaluate employees’ willingness to report concerns and the employer’s actual record of responses to the employees who report; and
  • when appropriate, publicly recognizing the positive contributions of reporting employees.

Once it is clear that the management team understands the need, benefits, and processes of a compliance program, it can effectively contribute to building awareness of the rules throughout the workplace and educating employees about the proper procedures for reporting concerns. Active leadership and commitment by senior management will reinforce the written standards and signal to employees that ethics and corporate governance are essential to the sustainability of the organization.

On June 26, 2018, Michigan State University put these principles into action when it announced the creation of a new Office of Enterprise Risk Management, Ethics and Compliance. The Office is intended to ensure the University adheres to its internal polices as well as legal and regulatory requirements. The Office is the direct result of a request from the University’s Board of Trustees to help maintain the University’s integrity and develop a culture of compliance. In connection with the new Office, Michigan State intends to hire a Chief Compliance Officer to oversee the development of an ethics and compliance program to identify, prioritize and manage risk. The COO will also develop training and communication strategies as part of the compliance program. The COO will report to the University President, but will work independently with the Board’s newly established Committee on Audit, Risk and Compliance.

Maritime Technician Exonerated in Theft of Trade Secret Case

Following a month-long trial in Hartford, Connecticut, before Chief U.S. District Judge Alvin Thompson, a jury returned a split verdict in a case charging two defendants with conspiracy and theft of trade secrets. The jury completely exonerated one of two defendants, Jay Williams, represented by Jackson Lewis, while returning guilty verdicts on certain counts against his co-defendant, and acquitting him on several other counts.

Dylan Sparks, an electrical engineer from Ardmore, Oklahoma, and Jay Williams, a maritime technician from Griswold, Connecticut, formerly worked for LBI, a military contractor from Groton, Connecticut, specializing in the fabrication of marine vessels. The company worked together with two other contractors which specialized in navigational software, Charles River Analytics (CRA) of Cambridge, Massachusetts, and Metron Scientific Solutions of Arlington, Virginia, to design, build, and test an autonomous unmanned underwater vehicle for the Office of Naval Research (ONR). After working on the program for just over a year, ONR decided to discontinue LBI’s role on the project due to technical deficiencies, missed deadlines, cost overruns, and communications issues. Sparks and Williams, who had been involved on the program from the outset, wanted to remain involved in this important ONR research effort. Just prior to the start of the expanded CRA contract, both of them left their employment with LBI and took positions with CRA.

An indictment was returned in November 2016, charging Sparks and Williams with conspiracy to steal, upload, transmit, and possess stolen trade secrets — namely, alleged proprietary photographs, diagrams, and schematics of technology alleging belonging to LBI, in violation of 18 U.S.C. §1832. Each defendant also was charged with substantive offenses under the same federal statute; Sparks with 21 separate counts of uploading, transmittal and possession, and Williams with 7 counts of possession of stolen trade secrets. The allegations involved the defendants’ use of the cloud-based software known as “Dropbox,” which was used to upload and store various photographs, drawings, and other materials in personal accounts. The defense argued that this activity was for lawful and legitimate purposes, while the government alleged that it amounted to theft and possession of stolen trade secrets. There was no evidence offered at trial that any of the alleged proprietary data was ever shared with CRA, Metron, or anyone else.

After deliberating the case for approximately 15 hours, the jury found Williams not guilty of all charges against him, and found Sparks not guilty on 9 counts, but guilty on 13 counts – – primarily involving the theft and uploading charges.

According to Paul Kelly, counsel to Williams along with Sarah Walsh (of Jackson Lewis Boston office), “As we advised the jury, this case was a glaring example of government overreach, and the prosecution taking sides in what is essentially a civil dispute between two companies. Contrary to the government’s press release, this was not a case about protecting the national security or the intellectual property of LBI. In fact, the dedicated efforts of these two individuals served to enhance the security of the nation and contributed to the advancement of an important project for the U.S. Navy and its fleet.”

Jackson Lewis will be working as co-counsel to assist co-defendant Dylan Sparks on post-trial motions, including motion for dismissal based on government misconduct for failure to disclose exculpatory evidence before and during the trial.

Effective Compliance Starts at Home: Ensuring Your Company Learns of Issues Before Everyone Else Does

The need for an effective compliance program to assist companies in preventing, detecting and, if necessary, promptly correcting issues before they become problems is nothing new. However, there is an increased focus by the government designed to induce employees to report suspected unlawful conduct by their employers to regulatory agencies. While this focus may benefit consumers and investors, it also raises the real possibility a company will first learn about an issue after an audit or enforcement action has already been commenced, and control of the situation is largely out of the company’s hands. This new era of external enforcement means that companies must place an even greater emphasis on their internal compliance programs. But where to start?

In order to create or revise a compliance program, it is important to remember the basic elements required for an effective compliance program. According to the United States Sentencing Commission Guidelines Manual, in order for an ethics and compliance program to be effective, the organization must, through its Compliance Program, “exercise due diligence to prevent and detect criminal conduct” and “otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.” To accomplish these goals, every compliance program must contain seven key elements:

  • Compliance standards and procedures reasonably capable of reducing the prospect of misconduct;
  • Specific “High-level Personnel” assigned to oversee compliance;
  • Care in delegation of authority;
  • Effective communication of standards and procedures to all employees;
  • Implementation of reasonable compliance measures, such as monitoring, auditing and reporting systems;
  • Consistent enforcement through corrective actions; and
  • All reasonable steps taken to respond appropriately after an offense has been detected.

These elements naturally leave companies a wide latitude in developing policies and mechanisms to address the particular needs of the company and industry. However, by addressing each of these elements, the company is increasing the likelihood it will learn of, and more importantly be able to address, potential issues before regulators come knocking.

Record High Awards and Supreme Court Decision Further Incent Potential Whistleblowers to Report Conduct to the SEC

On March 19, 2018, the Securities and Exchange Commission (“SEC”) announced its highest ever Dodd-Frank Act (“DFA”) bounty awards to three whistleblowers. These SEC awards represent a new milestone in the SEC’s ongoing efforts to incentivize would-be whistleblowers to report unlawful conduct directly to the Commission. Two whistleblowers will divide a nearly $50 million award and a third whistleblower received $33 million; both awards shattered the previous high award of $30 million and continue the SEC’s trend of issued rising awards.

In a press release, Jane Norberg, Chief of the SEC’s Office of the Whistleblower, said these awards demonstrate that whistleblowers can provide the SEC with information that allows the agency to pursue and remedy violations that may otherwise go unnoticed. While these awards demonstrate the role whistleblowers play in assisting the SEC, multi-million dollar awards are likely to incentivize others with high quality information to file reports with the agency.

Since issuing its first award in 2012, the Commission has awarded more than $262 million to whistleblowers who have aided in their investigations. These awards are paid by an investor protection fund that Congress created in connection with passage of the Dodd-Frank Act. The fund is financed entirely through monetary sanctions paid by securities violators to the SEC. Notably, despite the sizeable awards, this DFA whistleblower fund does not have any impact to or reduce the funds collected for the benefit of harmed investors.

While the sheer size of these awards may be enough to entice potential whistleblowers, the Supreme Court’s recent decision in Digital Reality Trust, Inc. v. Somers also provides further incentive for whistleblowers to report suspected unlawful conduct directly to the SEC, and to bypass a company’s internal reporting mechanisms (i.e. hotline). In Digital Reality, the Supreme Court held the Dodd-Frank’s anti-retaliation provision only protects from retaliation those employees who first provide information of a violation of the securities laws to the SEC. In other words, employees who merely make an internal report through a company’s reporting processes, without notifying the SEC, cannot avail themselves of the DFA anti-retaliation protections. Hence, the Digital Realty Trust decision, together with the record-setting SEC awards, will likely prompt whistleblowers of all types – those with actual concerns of wrongdoing as well as opportunistic whistleblowers, to make their reports directly to the SEC.

Now, more than ever, employers need to pay attention to their internal corporate governance programs to ensure they are effective in re-enforcing the Company’s commitment to operating ethically and according to applicable laws, make it easy for employees to know where to go if they observe unlawful activity, and promote trust in the Company’s response to issues raised.

* Darran St. Ange, Summer Law Clerk, assisted in the preparation of this post.