The 1st Line of Defense

Corporate GovernanceRegulatory Compliance

C-Suite executives do not achieve success by accident. It takes incredible skill, hard work, and critical thinking to land a position in the C-Suite or to work closely with those who have done so. I have also seen another important character trait in everyone who works at this high-level—the willingness to take personal and entrepreneurial risk. However, these very traits also make C-Suite executives vulnerable to criminal liability. Time and time again, I’ve seen highly motivated executives, who have achieved incredible business success, end up at the wrong end of a criminal investigation.

How can this be? As I have explained in past articles, part of it is systemic. Our society now looks at the C-Suite as a hotbed of criminal activity. Over the years, I have participated in dozens of focus groups where I raise issues and defense theories prior to going to trial. The results would shock you. Ordinary people often possess skewed and hostile views about high-level executives. Many believe that anyone who has achieved considerable success must have gotten there by cheating. There is a pervasive presumption of guilt for anyone working in the C-Suite, sadly reinforced by the relatively few, but highly publicized corporate scandals. Rank and file federal prosecutors often hold these views as well, especially those who have never worked in the business world and who have little understanding of commercial relationships.

In nearly all of my cases, the executives under investigation had no idea that their conduct placed them at risk. Having a business background or graduating at the top of your class in B-School hardly prepares you for understanding the world of criminal investigations. Most of my clients engaged in ordinary business decisions, usually with the approval of in-house counsel and accountants who they relied upon for guidance and advice. Despite the belief that they were doing the right thing, the executives were blindsided by a criminal investigation that they had never anticipated or planned for. This environment creates enormous personal and business risk that is intolerable to anyone running an organization.

Indeed, most executives rely on internal corporate compliance systems and in-house advisors with perceived expertise in regulatory matters. If you are operating without any of these, you should not be sleeping soundly at night. However, while having compliance systems in place and competent in-house advisors around you is a good start, complete reliance on them is not enough.

Why do I say this? First, having a corporate plan in place often leads to a degree of over-confidence and laziness. Compliance becomes formulaic and a matter of checking the box, rather than a rigorous review and re-review of corporate decision making. Second, reliance in-house advisors can by problematic. Many times, these same individuals may have participated in the very decisions that created liability in the first place, or at least have concluded that there is no need to correct current policy. These actions leave everyone in the C-Suite at risk. To protect and defend the C-Suite, there has to be an over-haul in the thought process.

AWARENESS—At a minimum, C-Suite executives must have awareness of potential criminal risk. That means developing a corporate culture of addressing and testing all decisions, not just from a business standpoint, but from a potential risk standpoint as well. All of this probably sounds antithetical to running a business, and I can anticipate every reader thinking: “are you telling me I have to consider the criminal consequences of every decision? Really?” Well, the answer is “yes.” C-Suite executives need to think defensively as well as offensively. Every business decision needs to be viewed through the prism of what twelve ordinary people in a jury box would think about it and how they would perceive it.

That’s right. The definition of what is criminal in our system now cannot be articulated with any degree of certainty. Absent a few checks by judges, criminality is defined by lay juries, even in the context of complex business decision-making involving judgment and highly specialized subject matters such as accounting, healthcare, economics, securities trading, banking, etc. In nearly every case involving C-Suite executives, a prosecutor with little business acumen first subjectively determines that an executive acted unethically and then tries to fit her conduct into a criminal statute (which is quite easy to do). There are no longer clear lines between what is “unethical” or a “breach of contract” or a “crime.”

Awareness requires a culture of checking internal perceptions and openly discussing and addressing risk factors. Every decision that could be characterized as “sharp,” “edgy,” or in the “grey zone” requires increased scrutiny and review. There needs to be a culture of constantly considering and challenging the ethical issues of every corporate policy. C-Suite executives are used to hard thinking, frank conversation, and challenging assumptions. This rigor should be applied to ethical topics as well.

Most importantly, the culture has to eliminate “group think” and the marginalization of those who raise ethical concerns. So often the group comes to a decision and then moves on, with little consideration of dissent or challenge. This is a big mistake. C-Suite executives must invite comment and discussion to ensure that every decision is within ethical bounds. The articulation of these principles should be both oral and written to create a strong foundation that supports the good faith of the participants. During these discussions, inappropriate comments should be viewed from the perspective of how they would sound if the conversation were taped and played to a jury. For example, if someone makes an off-handed or joking comment that what the company is doing is “fraud,” then that statement should be taken seriously and addressed directly (with counsel) rather than just passed over.

SYSTEMATIC THOUGHT—Besides awareness, there must also be systematic thought. There is no doubt that corporate compliance programs are a good thing; indeed, they are required in today’s corporate environment. But they go only so far. C-Suite executives should think about bringing in outsiders—of course under the attorney-client privilege—to assess risk areas. In other words, from time to time, the C-Suite should conduct its own internal audit of potential risk factors and address them. I know this costs money and can be disruptive, but so many criminal investigations can be avoided by anticipating possible problem areas. Having a fresh pair of trained eyes will be indispensable to assessing risk. Frankly, most in-house counsel and compliance professionals do not have experience with criminal investigations and may not have the knowledge to identify risks obvious to outside counsel.

C-Suite team members should create a strong paper trail substantiating their efforts in this regard. Systematic thinking about these issues requires that good systems be in place. Those systems should be challenged and tested. For example, corporate counsel may have put in place a terrific corporate integrity system with the opportunity for people in the company to make anonymous comments or raise concerns. This is an important first step, but this approach alone is incomplete because it may miss decision-making where the participants have no idea that their conduct could run afoul of the criminal law. In other words, the system works at a certain level, but fails when it is most needed. Often, going outside and not relying on the system will be the only way to avoid disaster.

EXECUTION—Finally, there must be execution. C-Suite members must be committed to executing a continuing and evolving plan to ensure that a protective corporate culture takes hold. This takes work, energy, and time. But there is no substitute. Any action plan should be well-documented and confirmed by actual results. It is a powerful argument to both a prosecutor and a jury that the C-Suite thought critically about potential risk factors and acted appropriately by addressing them credibly.

So there it is, the first line of defense for the C-Suite: Awareness; Systematic Thinking; and Execution.


Remember, be careful out there.



Previous post

The Power of the Prosecutor

Next post

Who is your Daddy? - The Mistake of Corporate Counsel Representing the C-Suite Members and the Company