In a recent contribution to the CovAfrica blog, our Africa Anti-Corruption Practice outlined key considerations for handling internal investigations in Africa. Here we take a deeper dive into one of the most important, and challenging, aspects of internal investigations – remediation, drawing on a longer article we recently published in Global Investigations Review’s 2020 Europe, Middle East, and Africa Investigations Review.
Key Takeaways:
- Taking corrective action during the course of an investigation can put a swift end to any ongoing misconduct and help a company avoid further losses or liability.
- A company will often have enough information early in its investigation to take steps to mitigate the risk of continued harm to the company.
- Promptly investigating and addressing identified risks can help to narrow the scope of the investigation and save a company time and money.
***
Even companies with the most robust compliance programs can expect to identify misconduct at some point. How a company responds to and remediates those issues can have a tremendous impact on the scope of its legal exposure and the collateral risks that come with compliance failures, such as reputational damage, debarment from eligibility for government or multilateral development bank-financed contracts, and other adverse commercial consequences.
Taking corrective action during the course of an investigation, rather than waiting until the end of the investigation, can help a company put a swift end to any ongoing misconduct and avoid further losses or liability that may be caused by control deficiencies underlying the misconduct. Swift action of this sort also aligns with the expectations of international enforcement authorities. For example, the U.S. Department of Justice (“DOJ”) may recommend reduced penalties or decline to prosecute a company based in part on the company’s “timely and appropriate remediation in [FCPA] matters.”
While identifying the root cause of a particular compliance issue may require a company to engage in a thorough analysis of its controls, operations, and culture—which is often not feasible midway through an investigation—a company will often have enough information during an investigation to take effective remedial action. For example, if a company determines early in an investigation that one of its business partners has made improper payments on the company’s behalf, but additional investigation is needed to determine who at the company was involved in authorizing such payments and the amounts at issue, the company can still take steps to mitigate the risk, such as putting a freeze on payments to the partner or even terminating the relationship with the partner altogether.
Companies can also narrow the scope of an investigation by taking swift action to mitigate risks identified in the course of the investigation. For instance, in the business partner example discussed above, by promptly freezing payments or terminating the partner, the company may be able to save itself the time and expense of having to take burdensome and potentially costly or impracticable remedial steps that might be expected if the company was to continue doing business with the partner (e.g., auditing the partner’s books and records, securing assurances sufficient to gain comfort that improper payments will not be made going forward, and conducting enhanced monitoring of future payments).
Remediating during the course of an investigation also may be essential in enabling the company to avoid the burdensome compliance measures that are sometimes imposed in enforcement actions, such as a requirement to engage an independent compliance monitor at the company’s expense.
Taking swift remedial action, especially against third parties, can be challenging in Africa due to a variety of factors, including local content and shareholding requirements that limit the pool of qualified partners or vendors as replacements. The challenges associated with taking remedial actions against a third party also may be particularly acute in Africa due to the fact that the business environment places a premium on relationships and collaboration. Terminating a particular third party may lead to significant adverse effects on a business, including operational disruptions, loss of goodwill in a community or with government stakeholders, and even physical security risks. Organizations may thus be required to weigh meaningful risks associated with ceasing to engage in business with a particular third party against the significant compliance risks that such a relationship may pose if they fail to take appropriate remedial action.
Notwithstanding the challenges that promptly acting to address compliance issues can present, doing so is almost certain to pay off in the long run as a company navigates the legal, commercial, and reputational consequences of identified misconduct.