New directors should concentrate on three questions to prepare for the (almost) inevitable crisis.

1. What should a director do in advance to be as prepared as possible?
2. When the crisis arrives, what are the proper questions to ask and steps to take to minimize the impact on the corporation, the shareholders and the directors themselves?
3. What conflicts will emerge that may make coping with the crisis even more difficult? Answers to the second and third are situation-dependent, but thoughtful preparation will pay real dividends.

The Stock Market

Preparing for a crisis will help mitigate its impact. Yet, many boards do little or nothing to prepare, and hence, when the crisis arrives, they start from a defensive and disorganized base. This is particularly untoward, because, in many crisis situations, the company’s responses in the first 24-48 hours will be very important to managing the situation successfully. Directors should be educated on the principal laws which affect their businesses, they understand the nuances of their Directors & Officers liability insurance policy, and they should assemble and “drill” with a core crisis management team. Crisis plans should include, as a minimum, succession planning for illness or death of senior executives (including discussion of appropriate disclosure) depending upon the company, product recall and accounting or financial fraud or possible foreign corrupt practices. Plans to cope with physical, bio- and cyberterrorism should be addressed as well.

Planning for a crisis should be a key part of a company’s risk management process. Prudence suggests a 360-degree view of risks, which should be developed by a group of current and former directors, key executives and operating personnel, working outside the normal chain of command. This group, a “Risk Assessment Committee,” should evaluate risks based on probability and consequence, and should report to the board regularly on areas in which risk mitigation needs to be strengthened. The group’s work should be coordinated with any external enterprise risk management activities and with internal risk management efforts, a crisis will occur when a risk, whether or not anticipated, materializes.

Crises often have ramifications for the on-going operations of the business including but certainly not limited to access to capital markets and retention of key employees. While some of the preparatory work should be delegated to appropriate committees, the full board, at each regular meeting, should address the aforementioned questions in an appropriate sequence. External resources, including counsel, forensic accountants, security consultants and crisis communications support, will need to be involved to provide briefing materials and contingency plans. Screening and selecting these specialized advisors in advance is critical—they will provide major inputs when the crisis arrives. Internal crisis management teams also may be involved. (These teams usually are organized into functional areas such as IT, HS&E and physical security.)

What to do when the crisis arrives? The first step should be to select a leader of the crisis response effort. That leader may be the lead director (or chairman) or the chairman of a major board committee. The leader should supplement the core crisis response team as necessary. The team usually will involve top management, unless there is some evidence of a potential conflict, e.g., financial fraud. The team should include a small group of independent directors, appropriate technical advisors and communications support. To the maximum extent possible, the crisis management activity should be separated from the on-going business, to reduce disruption to employees, suppliers and customers.

It is very important for the board to take initial control of the crisis management process, both to avoid conflicts and to keep management focused on the company’s operations. If it becomes clear that the crisis can be appropriately handled by management without conflict of interest or diverting attention from operations, the board may reassign lead responsibility back to management.

After the team is assembled, the next step may well be to issue a statement regarding the company’s position and/or taking responsibility for the consequences of the crisis event. Simultaneously, the team should start fact-finding, to identify what is known, what is uncertain, and what consequences are likely to result. In the case of senior management health issues, the process may be relatively straightforward; in the case of product recall, illegal payments, or financial fraud, the process may require extensive fact-finding over a period of months and may involve coordination with regulators. (The question of notification of regulators—how much to report and when—is a complicated one, the answer to which will depend on facts and circumstances.) In many situations, fact-finding is a very slow process, requiring reviews of emails, written correspondence, etc. What is thought to be true often turns out to be false and vice versa. It is important that the company inform its outside auditors and its lenders in a timely but appropriate way. The auditors will need to consider interim filings, control opinions and the consequences of forensic work to be done by an independent firm if necessary.  And, to the extent that the company’s loan documents have representations about material adverse events or litigation, or financial covenants and/or capital markets access may be affected, and lenders and investors may need to be informed.

Directors should anticipate that crises arise with little or no warning, and, at the onset (and perhaps for some time), they will receive little and imperfect information. Pressured decision-making often will be required, without much analytical support. (Note the contrast to the regular board process, with thick binders, detailed presentations and carefully vetted management recommendations.)

The full board should be kept well-informed on a regular basis, but its focus should continue to be to monitor company performance. In the early stages of a crisis, much is likely to be unknown. “Murphy’s Law” seems to apply more often than not, in that new information which emerges is more likely to be negative than positive—unearthed email files may contain all kinds of bad news, and disgruntled employees may emerge with all kinds of stories.

As the crisis develops, certain conflicts are inevitable—and directors should be prepared for them.

First, management will want to take charge of the crisis response, and the internal general counsel will want to take responsibility for oversight of any investigation. Depending on the nature of the crisis, these efforts generally should be rebuffed. Management’s attention should be directed to improving the company’s operations, and unexpected conflicts may emerge which cause management some embarrassment or worse.

Second, legal counsel, whether the company’s lead outside firm or special counsel (choice of which itself is a topic to be addressed), often will advise to disclose as little as it permissible, and to avoid speculation or assertion about unknowns. Crisis communications teams, on the other hand, generally will favor fuller disclosure, and even acceptance of responsibility, in an attempt to “get in front of the problem.” Although there is no perfect balance, directors often will find themselves pulled in opposite directions. Directors need to think through both of these conflicts carefully, for the sakes of the corporation and shareholders they represent, as they focus on their decisions.

In summary, get ready, prepare for your calendar to be torn apart by unrelenting demands for meetings, and expect lots of finger-pointing and conflicting expert advice.

Herbert S. “Pug” Winokur Jr. is chairman and CEO of Capricorn Holdings, Inc., a private investment firm. He has served on a number of public and private for-profit and nonprofit boards, and has attended more than 300 public company board meetings.

images.com

The most ominous sign of this new approach can be seen in the highly public ethics investigation of the now former general counsel of the Securities and Exchange Commission (SEC). You may remember the basic story line from the many news reports: highly respected attorney returns to the SEC at the request of the chairwoman; he discloses to the chairwoman that he that he inherited Madoff-related proceeds from his mother’s estate; when he realizes he could become involved in formulating a compensation formula for Madoff victims, he makes additional internal disclosures, including to the SEC chief ethics officer, who approves his continued participation in the matter. Further criticism of his role in setting the compensation formula prompts an investigation by the SEC Inspector General, who alleges that the SEC Commissioners approved the compensation formula without knowledge of the general counsel’s conflict. Concluding that the former general counsel participated materially in a matter in which he had a financial interest, the Inspector General refers the matter to the Department of Justice. While the Department of Justice ultimately declines to investigate, the damage is done.

We’re not trying to guess at the “rights” and “wrongs” in this situation–we’ll leave that to the process of law. Still, it’s hard not to pause at the view from 10,000 feet (courtesy of news reports): a renowned public servant heeds the call to leave the private sector to return to government; was the first to identify the (controversial) financial relationship; discloses the relationship to seven separate senior SEC officials (none of whom identified a conflict); submits the matter to internal ethical review which clears him to participate in the work in controversy, and still ends up the subject of a Department of Justice (DOJ) review. One might fairly ask, “What else was he supposed to have done?”

This scenario ought to send more than a few chills up board member spines. Not because we’re certain of the facts. We aren’t. Not because conflicts standards for federal employees—which can have criminal penalties in certain instances—are going to be applied to the corporate sector. They’re not. And not because the DOJ is going to assert jurisdiction over conflicts of interest matters in private companies. It’s not. Rather, it’s because of what this mess might be telling us about how standards for conflicts review might be evolving, what might be driving this evolution, and about how boards ought to be responding.

The concern is with the “hot button” nature invariably associated with financial conflicts of interest. It’s exacerbated by the current “corporate accountability environment,” in which regulators are more willing than before to hold individual officers and directors responsible for corporate wrongdoing, in which a distinctly more personal face is being placed on allegations of organizational misconduct. We’re seeing it in any number of places—the SEC’s focus on personal liability in Foreign Corrupt Practices Act (FCPA) investigations; the IRS holding officers strictly liable for the company’s failure to “pay over” tax withholding payments; “responsible corporate officer doctrine” prosecutions by the DOJ and the Food & Drug Administration; and the Department of Health and Human Services’ right to exclude from the Medicare program key employees of a company convicted of a criminal violation—regardless of whether they knew of the problematic conduct. In an environment in which “finger-pointing” is more frequently the order of the day, the “bulls-eye” of scrutiny is increasingly being pasted on the backs of corporate leadership—temptingly so in situations involving allegations of self dealing and conflict of interest. And don’t be distracted by the fact that the current controversy is in essence an “inside government” matter; corporate governance regulators are likely to be closely following the story, wondering how the issue may apply to their own jurisdictions.

The SEC controversy hints of a higher standard of conduct of all parties to the conflicts review process. Didn’t see how that contract or relationship could constitute a conflict? Well, think again. Isn’t it enough to have told my board chair? My CEO?  Maybe not. But the compliance officer knew about it and told me I could stay involved “in the deal”! Not so fast. If, as the former SEC general counsel alleges, seven separate conflicts disclosures wasn’t enough to foreclose DOJ investigation, one wonders what would suffice. Seventy times seven?

A more realistic response to this development would involve the following steps:

1. Instill the board and key executives with an appreciation for the “corporate accountability” environment, and how it might be incited by conflicts of interest-related issues. Remind them that the purpose of a good conflicts of interest policy is not only to protect the organization and its governance decision-making process, but also to protect as possible the reputation of its officers and directors from avoidable conflicts of interest allegations.
2. Improve the diligence applied in the director nomination process. Closer attention should be applied to identifying candidates’ relationships that might be prone to conflict problems were they appointed to the board.
3. Challenge individual directors—as well as governance committee members—to view more broadly the conflicts implications of financial and even personal relations. Even if you don’t see the potential for conflict, take another look. How would the press see it? A corporate constituent? A regulator (you know, like maybe the SEC Inspector General). When in doubt, disclose.
4. Confirm the process by which disclosures are to be made—who is the party to whom questions on the appropriateness of disclosure are to be made; to whom/what body is the disclosure to be addressed, and whom/what body is the actual arbiter of a disclosure?
5. Assure the absolute independence of the conflicts review process; there’s no sense in compounding the problem by tolerating a conflict of interest involving those charged with the responsibility of reviewing the disclosure.
6. Make sure there are objective criteria available for the conflicts arbiters to use in determining whether a disclosure constitutes a conflict and, if it does, whether the conflict can be effectively managed.
7. Review for effectiveness and legal consistency the details of how conflicts affect the process of meeting quorum, supermajority voting requirements, participation in meeting discussions and, where necessary, recusal.
8. When conducting a particular conflicts review, remember that the board is expected to act in a manner that preserves the reputation of the organization; making a “media be damned” type approach more than a little problematic.
9. Ask your D&O carrier whether the board policy contains a coverage exception for violations of the duty of loyalty.
10. Remind board members that disclosure of a conflict of interest doesn’t provide a free pass to engage in related actions that may constitute a breach of fiduciary duty.

Oh, while you’re at it, make sure the positions of general counsel and compliance officer are separated, and held by separate persons. The compliance officer shouldn’t be reporting to the general counsel, and corporate officers shouldn’t be asking their subordinates to conduct conflicts evaluations of their direct reports, unless closely supervised by independent parties.

If you think this all just a dustup between regulators, you might think again. This disclosure dispute should be viewed in the context of the larger climate of accountability. Simply put, there is broad-based public sensitivity to allegations of self-dealing by persons in positions of control and responsibility. The concern that led to the Inspector General’s DOJ referral is one that is increasingly likely to be shared by a corporate governance regulator. While sanity may have ultimately prevailed here, it did so at such a cost. So, the perception of inequity in the SEC situation should prompt a corporate officer or director to pause, recognize that the rules may indeed be changing, and encourage a boardroom review of conflicts policies and procedures. There is no downside.

Michael W. Peregrine is a partner with McDermott Will & Emery based in the firm’s Chicago office.

“CEO Apologizes For Spying; As Governmental Queries Escalate, Company Pulls Out Of Key Transaction”

“Runaway Investigation Brings Down Senior Executives; Criminal Charges Loom”

“Company Snooping Sparks Probe; Interception of Calls Draws Government Inquiry”

“Company Spy Saga Widens; Company Says Surveillance Wasn’t Carried Out By Its Own Employees”

“Politicians Want Blood After Spying Scandal; Company’s Number Two Executive Is Ousted”

Ernest Brod

Investigative stumbles involving major companies date back to 1968 with General Motors’ highly intrusive investigation of Ralph Nader, who had written a book critical of the Corvair car. When GM’s actions became public, the outcry spawned executive firings and Congressional hearings. More than 30 years later, Hewlett-Packard’s investigation of a boardroom leak gained by tricking a telephone company into revealing personal customer information, brought the term “pretexting” into the mainstream and led to criminal charges, Congressional investigations and the passage of new legislation. And, yet, lessons remained unlearned.

Less than two years later, Walmart found itself in the headlines, in front of Congress and facing criminal charges after its investigators were caught intercepting telephone messages of newspaper reporters, employees, stockholders and critics. And in a virtual replay, in 2009 Deutsche Bank’s outside investigators were discovered spying on the company’s board members in connection with a leak.  The sorry parade of repeat performances begs the obvious question: Why do investigative scandals keep happening?

Corporations are often not as sensitive to the risks involved and are sometimes careless in selecting an investigator. Under pressure to achieve results, they may fail to set the scope or ask the tough questions of the investigators. And, in their eagerness to satisfy clients’ needs, some investigators may cross the thin line that exists between creative investigative procedures and dangerous activities.

Notwithstanding the risks, companies are still required to conduct investigations in a range of circumstances, including whistleblower allegations, regulatory inquiries, trade secret theft, counterfeiting of products, employee controversies and disability claims.  In today’s climate, senior management, boards, and inside and outside counsel must weigh numerous considerations.

1. Is an Investigation Necessary?

Investigations should be launched only after carefully assessing risks and rewards. Is an investigation vital to the company’s interests? (Has there been a theft of trade secrets or a serious whistleblower allegation?) Or, are company officials overreacting to a perceived threat?

2. Internal or External Investigators?

The next step is to decide whether to conduct the investigation in-house or engage an outside investigator. Internal investigators or security staff may be motivated to satisfy their “boss,” and be tempted to push the envelope. For more than routine matters, companies would be well served to seek an outside specialist with the objectivity, experience and resources.

3.  Who’s In Charge, and What Are the Rules of the Road?

It is imperative that the company establish clear and proper governance: Who will be responsible for supervising the investigation and make key decisions? Will the general counsel be involved? The CEO? The board? The need for early governance cannot be overstated so that the company can protect itself against potentially embarrassing problems before the investigation even begins. This is especially important in light of the possible damage to a company’s reputation if it is publicly identified with investigators’ alleged wrongdoing.  Companies have been slow to set up controls to govern their investigative activities. Is there a corporate Director of Investigations?  Where should the position report? Are there written procedures for the supervision and conduct of investigations, including acceptable actions? The well-prepared company will have an outside consultant perform a “diagnostic” of the firm’s approach to investigations.

4. Acceptable Tactics

The company and investigations firm should agree on acceptable investigative tactics.  In determining the specific techniques to be used, clients must always consider their reaction to media disclosure. In certain situations, some actions are easily defensible – as when company trade secrets are stolen or products are counterfeited. They may not be as easily defended when a CEO is upset by a rumor about him on the Internet.

Until the “The Telephone Records and Privacy Protection Act of 2006” came into effect, federal and state laws were murky about whether “pretexting” a phone company was illegal. The most applicable federal statutes – the Fair Credit Reporting Act and the Gramm-Leach-Bliley Act – referred specifically to obtaining financial information fraudulently. But is all pretexting illegal?

For example, an investigator checking the counterfeiting of a client’s watches may pose as a customer to purchase suspect watches from a street vendor. In trying to obtain intelligence about the alleged theft of a client’s trade secrets by a competitor, an investigator may contact the competitor company. The investigator may claim he or she “is working with a consulting firm,” or is “doing a research project,” or has been “asked to get this information by my boss.” Such mild pretenses are not usually objectionable. However, the investigator would cross the line if he identified himself as someone else, or claimed/implied a connection with a law enforcement organization.

What about the propriety of other common investigative activities?

Investigative Research– Sophisticated research and analyses of “open sources” for public record information is the most common investigative approach. It may lack drama but it is often the most efficient and cost-effective way to obtain information. The gathering of such data raises no legitimate legal or ethical issues.

Surveillance — Surveillance is expensive, complicated and risky. Unless the surveillance is intrusive enough to constitute harassment, there are usually no legal issues. But, if the surveillance becomes known, it is likely to be described in the media as “snooping” or “spying,” and could create a public relations nightmare.

Recording Conversations — Using equipment to listen to, or record, conversations without either party’s consent is usually illegal. There is a common misconception that legality depends on the right of the person placing the equipment to have access to the premises. A few years ago, a prominent politician found trying to place a “bug” on the family boat – to catch her husband in compromising circumstances – learned that regardless of her right to be on the boat, there must be consent by at least one party to a recorded conversation.

Searching Trash — Known as “dumpster diving,” the collection and search of refuse by investigators may be legal, if the trash has been disposed of in a manner that indicates there is no “expectation of privacy.” Even when conducted legally, it could result in negative publicity for the client and investigator if the practice becomes known.

5. Selecting an Outside Investigator

The need to inaugurate an investigation is almost always generated by a crisis, yet companies sometimes lose sight of the distinction between “gumshoe” and “white shoe” investigation firms. Establish mechanisms to monitor investigators’ activities and guard against impropriety (or worse) through a risk management group and/or internal general counsel. Get recommendations from people you trust and ask for references. Determine how the firm monitors its own activities, and make sure that the people you meet will work on your investigation.  Ask about their use of outside subcontractors, and how they supervise them.  Make sure their retention letter warrants that only legal methods will be employed.

In the final analysis, whether working with inside or outside investigators, companies must look for people with the reputation, experience, and culture that conforms to the physician’s Hippocratic Oath – “First do no harm.”

Ernest Brod is a managing director with Alvarez & Marsal Dispute Analysis & Forensic Services and leads the firm’s Business Intelligence practice.

As recent crises at BP, Toyota and Goldman Sachs prove, response is critical. During his years as a public company board director, Herbert “Pug” Winokur, dealt with the unexpected death of a CEO,  the kidnapping of senior executives and the implosion of Enron. “We were not smart enough back then to have hired a media or crisis communications firm, but we did have a law firm,” Winokur said. “Your normal instinct is to tell the world what you know, and be open and share, but you realize that comes with some risk.”

Goldman Sachs should have taken a different tact when the SEC charged it with fraud. “The absolutist denial was not necessarily the best course,” said Brad S. Karp, adding that public response may have been favorable had Goldman offered to review its disclosure policies.

Transparency, action and leadership are all vital components in how a company responds and the consumers’ subsequent views. Said Richard Levick, a communications expert:  “In crisis, there’s not the opportunity for perfect solutions. There’s only the opportunity for action. And consumers…will forgive our mistakes. They will not forgive inaction.”

Mike Rozembajgier cited Toyota’s inadequate communication during its inital recall as an example. “With any recall, the critical factors are what’s the real problem or issue with the product, and what’s the resolution? The goal of any recall, he said, is to protect the public: “That’s got to be paramount.”

Ellen Zimiles cited the importance of having a prepared CEO in place. “Sometimes the CEOs are terrific and take exactly the right tone. And sometimes, they just don’t, and it’s not their strength.”

Editorial Assistant Lindsay Dahlstrom is a recent graduate of Hofstra University.

There is presently some diversity of corporate governance in Japan.  While a small percentage of companies have adopted governance structures that would be familiar to Western investors, the traditional system of Japanese corporate governance, as exemplified by companies like Toyota, continues to dominate.  This traditional approach differs significantly from current U.S. practices, as it is characterized by a belief that corporate policy-making is best left to executives who have hands-on familiarity with the company’s operations.   As a result, it is still quite common for Japanese corporations to have large boards consisting entirely of insiders without a single independent director. Virtually all of these directors are corporate managers who were promoted to director status and retain line-management responsibilities, and there is little distinction between the execution and supervision roles.

In keeping with this approach, the Japanese Companies Act does not require the presence of independent directors on corporate boards to monitor management.  Instead, traditionally governed Japanese corporations rely internally on corporate auditors and externally on competition in product markets, team production alliances with suppliers, and “main banks” to monitor the performance of corporate management.

A “main bank” is both a large creditor and shareholder of the company, and is therefore in a position to intervene in corporate affairs if the company becomes troubled.

Because these creditor-directors are interested primarily in protecting the main bank’s loans to the corporation, their interests are not always co-extensive with those of passive investors.  In the past two decades, the corporate role of main banks has been on the wane.

The Japanese system reflects a different set of corporate goals than is typically found in the West.  Japanese corporate governance is often characterized as a stakeholder system, in contrast to the shareholder system of the U.S.  In Japan, corporations are primarily managed for stakeholders like employees, banks, suppliers, customers, and business partners. The role of management is not necessarily to increase the value of the shares and to benefit passive shareholders; rather, its critical task is to balance corporate obligations with the interests of all these stakeholders by allocating specific pieces of the corporate pie. Individual shareholders and institutional investors have traditionally been afforded a relatively low priority, although this has been changing to some extent due to ongoing reforms.

Reforms following in the wake of Japan’s economic crisis of the 1990s resulted in significant changes in the law, but more modest changes in corporate governance practices.  Recognizing the need to improve corporate governance, the Japanese government amended the prior Japanese Commercial Code in 2002, introducing the concept of outside directors and also allowing companies to choose between: (1) a U.S.-style board including nominating, audit and compensation committees which are to be composed primarily of outside directors; or (2) the traditional corporate auditor system under which no outside directors are required to be appointed.

This amendment sought to strengthen the governance of traditional corporations by requiring that half of the corporate auditors in large companies must be outsiders.  Given Japan’s tradition of insider-dominated boards, this was considered a significant reform.  However, the corporate auditors are generally not independent of management, and are not required to have any special accounting or auditing qualifications.  In addition, the potential of the new board committee system is weakened by a loose definition of outside director which only excludes individuals who are current or present directors, executives, or employees of the corporation or its subsidiaries.  This would permit employees of other corporate affiliates or even family members of management to serve as nominal outside directors.

Only recently has the topic of the independence of outside directors been given serious attention in Japan, as the Tokyo Stock Exchange has begun to address this issue with respect to listed companies.  In addition, a number of sophisticated companies that chose to adopt the “Western-style” board committee system, like Sony, have also voluntarily adopted the New York Stock Exchange’s (NYSE) definition of independence.

U.S. standards for board independence, though imperfect, are considerably more rigorous. The current NYSE listing standards date to reforms enacted in 2003, in the aftermath of a series of huge corporate scandals in the first years of this century. These standards require that a supermajority of a listed company’s board be independent.

More importantly, the NYSE rules require that not only current, but also prior, relationships be considered in assessing the independence of directors. Under the NYSE listing standards, no director qualifies as “independent” unless the board of directors affirmatively determines that the director has “no material relationship” with the listed company, either directly or as a partner, shareholder or officer of an organization that has a relationship with the company. In their annual proxy statements, companies are required to disclose these determinations and the basis for a determination that a relationship is not material.

The definition of “independence” under the NYSE rules is relatively restrictive.  For example, a former employee of the listed company or a former affiliate or employee of the listed company’s present or former auditor cannot be deemed independent until at least three years after such relationship terminated. A director may not be deemed independent if he is employed, or has been employed in the last three years, by a company in which an executive officer of the listed company serves as a member of the board of director’s compensation committee.

A director who receives more than $120,000 per year in direct compensation from the listed company, other than director and committee fees and pension or other forms of deferred compensation for prior service may not be deemed independent. The same applies to a director who is an executive officer or an employee of another company that has a substantial amount of business with the listed company for property or services.  Directors with immediate family members in any of the foregoing categories are likewise subject to a three year “cooling off” period.

In addition, the listing standards also mandate that board establish audit, nominating/corporate governance and compensation committees composed entirely of independent directors. Also independent directors are required to meet regularly outside the presence of management.

These U.S. reforms were adopted in the face of vocal opposition. Critics argued that empirical research offered little support for the proposition that director independence leads to improved firm performance. They also argued, in a vein consistent with traditional Japanese views, that it is more difficult for independent board members lacking operational expertise to make meaningful contributions to company decision-making.

Toyota’s current crisis provides lessons for our own debate over board independence.  Toyota, Japan’s largest and most respected corporation and an emblem of Japanese manufacturing prowess, has long been successful in global markets.  However, Toyota’s recent troubles indicate the limits of relying on competition in product markets and team production alliances to monitor management and provide effective corporate governance in an insider-dominated system.

Whatever direct harm might have been caused by the apparent defects in Toyota’s manufacturing processes, Toyota’s current crisis has been compounded by the apparent unwillingness of corporate management to address public concerns and to engage with legislators and regulators.  This raises the question of whether the Company’s secrecy and apparent stonewalling was fostered by the lack of independent management oversight on Toyota’s board.  Without oversight from directors who are not directly tied to the interests of management, there may be little incentive or opportunity within a corporation to address criticism of corporate activities.

The tension between board independence and operational efficiency is by no means a peculiarly Japanese phenomenon. American directors and investors should make efforts to ensure that a desire to ensure directors’ familiarity with operational details does not overwhelm the need for effective management oversight.

Bruce Aronson is associate professor at Creighton University School of Law and formerly a practicing attorney who represented Japanese clients.  Michael Stocker, of counsel to the law firm Labaton Sucharow LLP, represents clients in commercial litigation with a primary focus on sophisticated antitrust and securities class action matters.  Yoko Goto, an associate with Labaton Sucharow, also contributed to the article.

There are already a variety of regulatory reform proposals on the table and a broad spectrum of policy actions ready to be implemented by different nations in an effort to address the widespread feeling of discontent flowing from the recent financial crisis. There is an alternative path, however, that may prove to be a more productive and powerful force of change—one that is driven by the corporate sector itself. Progressive companies are taking the opportunity to “lead by example,” promoting the key tenets and principles that will help restore investor confidence. In effect, their day-to-day interactions with all stakeholders demonstrate how to live the right values and ethics.

The starting point for this journey is the board of directors. Collectively, the board has the responsibility for the future direction of the enterprise, its impact on stakeholders and society at large. The board     directly influences the critical management actions to drive short-term financial results, incent long-term value creation and develop strategies and plans that will ensure sustainable growth.

After the recent holiday break, a dozen Fortune 500 directors were asked for their thoughts on the biggest changes they see on the horizon and the implications for the boardroom. Common themes included greater globalization pressures, additional regulatory intervention and the potential rise of national protectionism. Many thought the current flashpoint issue of executive compensation must be addressed quickly to begin restoring investor confidence and credibility on Main Street.

The directors shared the view that a possible long-term, slow growth economic environment, combined with the aforementioned external forces, would challenge boards to become more transparent with key stakeholders on the major decisions that affect the enterprise. They see stake- holders continually “raising the bar” on board performance and taking a more proactive role in influencing the board through enhanced proxy access and more targeted advisory votes.

The fundamental issue to be addressed is how best to rapidly propagate the hallmarks of highly effective boards across the broadest group of companies while promoting the right governance principles and values. When one looks back on the prior decade, from Enron at the beginning, to Bear Sterns and Lehman Brothers at the end, it is easy to conclude that the core    enablers of boardroom change are already taking shape—a large pool of engaged, qualified directors; more shareholder-friendly director election processes; and a viral 24/7 communication cycle that ruthlessly disseminates information on any type of misstep or egregious behavior.

What is still needed is a common forum that brings together the best ideas, innovative practices and new approaches in a non-threatening environment that encourages collaboration and action across boardrooms.

One idea currently building momentum involves creating a closely linked global network of corporate chairmen and lead directors to serve as the primary conduit to more rapidly exchange current best practices, practical insights and actionable ideas. Its mission would help accelerate the development of highly effective boards and promote more progressive shareholder relations and corporate responsibility agendas. As one of the survey respondents concluded, “If I could wave a magic wand today, I would create a self-policing entity that would watch over the large public-company boards and help ensure no one went off the tracks, not the Securities and Exchange Commission, not Institutional Shareholder Services, but a group of practicing chairman and other board members who are fighting the good fight every day, with the goal of looking back in ten years to see a continuous improvement in corporate values, ethics, incentive systems, sustainable business growth and the impact on the global community.”

Keith Meyer is a vice chairman of Heidrick & Struggles and global managing partner of the firm’s Board Consulting Services Practice. Contact him at kmeyer@heidrick.com.

Let’s address the turnaround process as if all constituents are in favor of proceeding through to the end, when a restructured entity emerges.

There are many causes that contribute to business failure.  According to a study conducted by the Association of Insolvency and Restructuring Advisors only 9 percent of failures are due to influences beyond management’s control and to sheer bad luck.  The remaining 91 percent of failures are related to influences that management could control, and 52 percent are internally generated problems that management didn’t control.

Businesses fail because of mismanagement.  Sometimes it is denial, sometimes negligence, but it always results in loss.  Mismanagement is most often seen in more than one of multiple areas:

• Autocratic management, overextension
• Ineffective, non-existent communications
• High turnover neglect of human resources
• Inefficient compensation and incentive programs
• Company goals not achieved or understood
• Deteriorating business, no new customers
• Inadequate analysis of markets strategies
• Lack of timely, accurate financial information
• History of failed expansion plans
• Uncontrolled or mismanaged growth

Will Rogers once said, “If you find yourself in a hole, stop digging.”  Good advice for directors and managers with the responsibility to lead a company.

Turnaround specialists are often an excellent choice when these circumstances are present.  They bring a new set of eyes, trained in managing and advising in troubled situations.  These experts are either practitioners or consultants.  Turnaround practitioners take management and decision-making control as the chief executive officer or chief restructuring officer.  Turnaround consultants on the other hand advise management, perhaps the same management that failed before. The Turnaround Management Association (TMA) was formed in 1988 and has grown to 8,600 members around the world who represent multiple constituencies working in the industry.  TMA sponsors a Certified Turnaround Professional (CTP) program with strict reference checking requirements and testing of a body of knowledge to become certified.  Approximately 500 CTP professionals are registered today.

The key is to build enterprises that future buyers want to invest in.  Investors/buyers look for:

• Businesses that create value.  Consistency period to period.
• High probability of future cash flows.  History of performance and improvement, or the promise of cash.
• Market-oriented management team.  Focus on producing revenue.
• Ability to sell and compete; develop, produce, and distribute products; thrive and grow.  Track record or demonstrated changes in the right direction.
• Fair entry valuation.  Realistic return potential.
• Exit options.  Realize high ROI at the time of their resale.

There is a process of recovery and investment.  It is based upon the fundamental premise that there is a lack of management when companies are in trouble.  You must conduct fact-finding to assess the situation, then prepare a plan to fix the problems.  You must implement the planned courses of action by funding the process and building a team to carry it out.  Then monitor the progress and make changes where necessary.

It is important that an organization have a mechanism in place to alert the company’s Board of Directors and management about incidents of suspected employee misconduct and the need to conduct an internal investigation.  To comply with the Sarbanes-Oxley Act of 2002, many organizations have implemented a whistleblower hotline or an anonymous reporting mechanism; however, often the process implemented is ineffective in encouraging individuals to report instances of misconduct. For example, one organization’s “anonymous” reporting process specifically stated that an individual could either write a confidential and detailed memo to the Audit Committee Chairman or leave an in-depth complaint message on his cell phone. This organization did not receive a single complaint since the mechanism was implemented. An organization should evaluate its reporting method and confirm that it is designed effectively and communicated appropriately throughout the organization to promote its effective use. In addition, although not all complaints should be routed to the Board, the notification process for complaints received through hotlines should be structured so that the Board is aware of the number and types of complaints received and how these complaints were handled.

Once an issue has been identified and a decision has been made to conduct an internal investigation, the organization should make sure that it is managed appropriately and common pitfalls are avoided. An improperly managed investigation can lead investigators to calculate monetary loss inaccurately, fail to identify all the individuals involved in the perpetration of the scheme, inadvertently contaminate or destroy potential evidence, cause additional costs to be incurred due to violation of employee contracts and company policies and increase the possible reputational damage due to harsh public criticism from shareholders. In one such mismanaged internal investigation, an employee accused of misconduct was terminated before completion of the internal investigation and without being offered an opportunity to explain his actions as required by his employment contract.  As a result, in spite of the compelling evidence that this employee was negligent in his fiduciary duties and intended to use the company’s assets for his personal benefit, the company was held liable for breach of the employment contract, the ultimate findings against the employee were inadmissible in court and the company was required to pay severance costs to the individual.
An organization must be aware of—and make appropriate effort to avoid—certain potential missteps when conducting an internal investigation. The following are some of the most common mistakes made in internal investigations:

• improper selection of the investigative team
• inadequate triage of the potential evidence and target
• incorrect gathering, preservation and analysis of evidence
• limited scope of background checks
• inappropriately conducted interviews

The Board and Senior Management should establish policies and procedures to avoid these pitfalls when responding to allegations.

1. Improper Selection of the Investigative Team
After receiving a complaint, one of the first steps that an organization should take is to identify who is best suited to lead the investigation and who will be privy to the resulting information. During this process, one commonly overlooked factor is whether the investigative team is far enough removed from the situation to assure independence. The person(s) conducting the investigation should be qualified, properly trained in conducting investigations and independent of the allegations. When selecting the investigative team, the following should also be considered:

• The investigative team’s relationship with the suspect and/or the whistleblower. A long-standing or reporting relationship with either party can affect the objectivity of the team.
• The investigative team’s position within the organization. Are the individuals conducting the investigation “high” enough within the organization to obtain the required information?
• The role of the suspect’s supervisor in the investigative team. The suspect’s supervisor should not lead the investigation, as the supervisor may be too close to the allegation. Certain information uncovered during the investigation may indicate that the supervisor did not perform his/her duties completely and, therefore, failed to uncover the misconduct on a timely basis.

To ensure independence, the Board should also consider engaging external counsel, forensic accountants and other investigative consultants to conduct the internal investigation.

2. Inadequate Triage of the Potential Evidence and Target
Often, the target of the investigation is not isolated and restricted from accessing potential evidence on a timely basis. As a result, valuable information may be contaminated or lost due to the deletion or destruction of files. Triage of the situation should include placing the target on a leave of absence and restricting his/her access to the organization’s internal computer network and to its books and records during the course of the investigation. By doing so, the company will have protected the integrity of the potential evidence. As this is often a sensitive process, the organization should exercise caution and verify that these steps are taken in accordance with the company’s policies and procedures.

3. Incorrect Gathering, Preservation and Analysis of Evidence
Not surprisingly, some of the significant errors in an investigation occur during the collection and analysis of evidence. Prior to the commencement of the investigation, the investigative team should obtain and review the organization’s privacy policy to confirm that evidence collection is done in accordance with these policies. In addition, if all the documents and facts uncovered are not treated as if they will be subject to applicable rules of evidence, the evidence may be compromised and, therefore, inadmissible in future criminal or civil litigation.

Preservation Order
One of the first actions an organization should take is to determine which documents may be relevant during the investigation. Depending on the scope of the investigation, an organization may need to issue a document preservation order. If an organization neglects to issue a preservation order in a timely manner, a possibility exists that pertinent information and evidence may be destroyed.

Collection of Evidence
A crucial component of evidence gathering is ensuring that the chain of custody is documented. This documentation should include a description of how the information was obtained, when it was collected, who has handled it, where and how it was transported, and where it is stored and maintained. Improper documentation of the chain of custody during the collection process may result in information becoming inadmissible in court.

The individuals responsible for collecting electronic evidence should be aware of the following:

• Hard Drive Image: There are two ways an image of a hard drive can be created—a ghost image and a forensic image. A ghost image creates an exact copy of all files on the hard drive of the computer, excluding the free space. A forensic image, on the other hand, is an exact copy of the hard drive, including the free space. Deleted files, which sometimes can be retrieved using specialized tools and programs, are located in the free space of a hard drive. These files may hold valuable information that can assist in the investigation and may be missed if only a ghost image is obtained.
• Copying of Files: When copying selected files from a target’s hard drive, a common mistake can be to “click and drag” the files to another location. The use of this technique causes the metadata of the copied files to be altered. Metadata maintains and identifies the administrative properties of a file, such as the name of the person who created the file, creation and modification dates, number of revisions made to the file, and the most recent access date for the file. This is especially important because courts may deem evidence where the metadata was changed as inadmissible.
• Comprehensive Collection of Evidence: During the collection phase, some of the possible places from which electronic evidence can be gathered may inadvertently be overlooked. When retrieving electronic data, often only e-mail and documents from the hard drive of the target are collected. In reality, there are many other places where relevant data can be stored, such as flash drives, PDAs, backup files on network drives and servers, additional servers or other computers previously used by the target.

Analysis of Evidence Collected
A common mistake committed by investigators when conducting document review is the use of only a Windows search tool on the files of the target. This tool will not allow searches to be conducted on scanned PDF images and password-protected files. A scanned PDF is merely an image of a document. This file must undergo a process called Optical Character Recognition (OCR) for the file content to be searchable. The use of various computer forensic tools that can facilitate the review of evidence collected should also be considered.

Another common flaw when performing a document review is having an overly narrow focus when developing search terms or search parameters. For example, in one investigation which called for an e-mail review to identify collusion between two employees, the search was limited to e-mail communication between the two targeted employees. This search did not yield any results. After discussions with experienced investigators, the e-mail search was expanded to include all e-mail communication from the targets. This approach identified email that was sent by one of the targets to a third party and then routed from the third party to the second target. As a result of the expanded search, the company was able to prove the collusion between the two employees.

4. Limited Background Checks
Although a background check is often conducted on an alleged perpetrator, investigators often do not inquire about or know the exact parameters of the search. Inexperienced investigators may also limit a background check to an Internet search or to a compilation of raw data obtained from a search engine. A limited search may result in missing pertinent information about the target’s lifestyle or his/her criminal and civil litigation history and can be detrimental to the investigation.
An important consideration is whether a criminal background check is conducted on a local, state or federal level, as well as what specific jurisdictions are included in the search. A background check for civil court records should also be considered because these records can yield information about the criminal conduct of an individual. Criminal proceedings may not always be filed, and an individual who commits a criminal act may only be named as a party in a related civil suit.
In most cases, a background check requires the investigator to review large quantities of data obtained from various public records. This information should be analyzed in the context of the facts surrounding the fraud allegations being investigated so that the investigation stays focused on the allegations at hand.

5. Inappropriately Conducted Interviews
Interviews are one of the most valuable sources of information during an investigation, and interviewers must be experienced and skilled in eliciting information. Inexperienced investigators may act in a combative or unknowledgeable manner that ultimately may undermine the purpose of the interview.

At times, the target of the investigation is interviewed too early in the process. To the extent possible, the investigators should review applicable evidence and interview individuals who may have knowledge related to the allegation prior to interviewing the suspect. This will assist the investigators in asking pertinent questions when they interview the subject and allow them to refer to relevant and potentially incriminating documents during the interview.

It is recommended that two investigators be present during an interview so that one can act as a witness and be responsible for documenting the findings from the interview. The investigative team should also ensure that interview notes are documented in writing, are sufficiently detailed and capture the relevant content of the conversation.

In an era of increasing scrutiny of alleged corporate and employee misconduct, Directors should be aware of potential pitfalls when conducting an internal investigation. The investigative team should make certain that care is taken to avoid these missteps and develop a comprehensive and organized approach to the investigation.

To ensure that allegations are addressed appropriately and in a timely manner, the Board should develop an investigative policy and have a process in place to shorten the response time to a complaint and to mitigate problems encountered during the investigative process.

Tim Mohr is a principal in the New York office of BDO Consulting. He can be contacted at tmohr@bdo.com. Nidhi Rao is a director in the New York office of BDO Consulting. She can be contacted at nrao@bdo.com.