Drilling Down on Documentation
When it comes to documentation, Tom Fox likes to repeat himself — “documentation, documentation and documentation.” Tom and I have repeated this mantra over and over as a critical requirement for any compliance program.
Documentation of decision-making is critical to protecting the company, especially in protecting a company and individuals from criminal liability. In the absence of a contemporaneous record of why a company made a decision, a company can be exposed to allegations of improper actions and intent. Documentation is an insurance policy for the company and individuals.
The documentation process requires several specific steps:
1. A Documentation Protocol — As part of a compliance program, the company needs to define exactly when and what type of documentation is required, and how documents should be created and preserved. This will be an important (but small) part of the company’s document retention policy.
2. When Should A Company Create A Document? — Documentation should be required in two situations: (1) issues identified at the senior management level; and (2) issues which come up vertically through the organization. Some issues will be delegated to legal and compliance officers below the senior management level. These issues should be identified in advance (e.g. gifts, meals, entertainment pre-clearance; hiring of former government officials ore relatives of government officials). Some discretion will reside in the senior management level but this is where the chief compliance officer, general counsel and internal auditing offices need to collaborate and coordinate so that information is shared, and decisions are coordinated.
3. What Type of Documentation is Needed? When addressing a legal issue, the general counsel and chief compliance officer need to develop prescribed formats for describing the circumstances and the specific compliance issue and how the issue was resolved. The basic requirements for such documentation include: (a) a description of the surrounding facts and circumstances; (b) the legal and compliance policy issues; (c) the resolution of the issue(s); and (d) a brief statement as to the analysis and reasons for the decision. A record of review of the memo should identify who was involved in the decision-making process.
The memorandum does not have to be lengthy, and the reasons do not have to be exhaustively explained. Some of the legal background paragraph(s) can be copied into each memorandum. The reasons for a decision are the important part of the memorandum.
By documenting the decisions reached by company officers and employees, a company acts with transparency which is inconsistent with criminal intent. The open consideration of a legal issue demonstrates good faith and negates any claim by prosecutors of corrupt intent.
Documentation of decisions is not an absolute guarantee. If the company fails to record an important decision, or seriously misstates the facts, the government may argue that such conduct was deliberately incorrect and created with the intent to deceive. Such a claim is very hard to level and extremely difficult to prove, especially when the documentation policy, and the other documents themselves can be cited as evidence of the company’s good faith intent to comply. However, there is always a risk that a prosecutor may see conspiracies when none actually exist, especially given some of the recent weak cases prosecutors have been bringing in the last few years.
However, in my view, it is not a close call — the benefits of a documentation policy far outweigh the possible risks and every compliance program should include a specific documentation protocol and program.