Please enter your email below to subscribe
Compliance is all the rage. Driven by an ever-expanding body of state, national and international regulations, corporations are striving mightily to set up ethical codes, conform to regulations and install programs to monitor compliance with all applicable rules. All that is as it should be; yet, it is not enough. Compliance programs and codes of conduct set forth internal rules designed to bring the corporation into conformity with external rules. These compliance efforts will help identify anomalies, but what of the alleged violation that is not disclosed by the compliance program and is instead reported through an outside medium, such as a call to a regulator or the press?
Suddenly, the urgent need is for a strong internal investigation function separate and distinct from ordinary compliance. The stakes, of course, can be enormous. Whistleblower statutes, qui tam lawsuits and other inducements offering enormous financial rewards can only be offset by a rigorous internal investigation that supplements compliance and audit functions. This idea was recently discussed by Microsoft’s Director of Compliance, Odell Guyton in – Ethiko – Whether that internal investigation function is ongoing or retained as needed is a secondary question. The first determination that organizations should make is that this capability may be critical to corporate survival.
Kenneth Citarella is senior managing director for the Investigations and Cyber Forensics practice at Guidepost Solutions LLC. He has more than 30 years of experience investigating and prosecuting white collar crime and computer crime.