I’ve never worked at a law firm. Never. It’s an unusual path to take as a lawyer, I admit. I worked as a research assistant for professors during my summers, and interned at the DOJ. I became a prosecutor, then a regulator, then went in-house. So of course I’m the perfect person to give advice to law firms about how to structure their FCPA practice. Free advice is worth what you pay for it.
All that said, here are three reasons why firms should establish separate FCPA practice areas. I’ve seen several different structures. The worst is no segmentation: lawyers in the “white collar” (or even worse, “litigation”) practice list FCPA in their personal bios. Next are firms who list FCPA as a practice, but combine it with other areas, like internal investigations, still under “litigation” or “white collar” type umbrellas. If you’re going to combine it, I think “corporate compliance” is a good mix. I wouldn’t suggest internal investigations as a combination, because I usually gave internal investigations to firms who were already involved in my program. The best are firms that have distinct practice areas for FCPA.
Why is it more important than ever for firms who want—and have a realistic shot at—FCPA-related business to distinguish themselves? Simple: FCPA work is already huge, but it’s going to get bigger.
What’s the driver of the upcoming significant increase in FCPA practice work? Three reasons, in my opinion.
1. Dodd Frank’s whistleblower provisions.
I don’t know whether there will be a lot of whistleblowers. The latest numbers I’ve heard are 1-2 whistleblower reports are coming in per day to the SEC. On initial view, that doesn’t seem like a lot. But think about it for a minute. That’s about 400-700 new investigations per year. The SEC cannot afford to not investigate one of these. Besides the fact that whistleblowers are coming into the agency with significant packages of documents (two inches thick, according to one very knowledgeable FCPA lawyer), the SEC cannot afford to blow off another whistleblower like they did in the Madoff case. There’s no judgment there, by the way. I blew off my share of crazy people when I was a regulator. The SEC found out—the hard way—that just because someone is foaming at the mouth doesn’t mean they aren’t speaking the truth. So the number of investigations will go up.
But it’s not just that; the new investigations will have two collateral effects that will impact the use of outside counsel.
a. Too many investigations: notice that Congress hasn’t opened up the piggy bank for the SEC. This means that investigative attorneys will have additional investigations handed to them, with no support relief. I think this will translate into an investigative slowdown. And when things drag out, it’s not like the lawyers will stop working.
b. The self-disclosure calculus: perhaps the only math that attorney’s know, the calculus of the self-disclosure decision has dramatically changed. In-house counsel who ignore this are just asking for trouble. The vast majority of internal investigations are never disclosed to the DOJ or the SEC. Cases are closed with “insufficient evidence” all the time. Or there are employees who are internally disciplined, minor process changes adopted, additional training given, and case closed. I would suggest that these kinds of internal closures represent 90%, if not higher, of all internal investigations. The math here is that these cases will never be public. Everyone moves on. And normally they’re right: these kinds of cases never come to the public’s attention. Frankly, I don’t even think the DOJ wants to know about these internal investigations (see “a” above). Maybe these investigations would bear public scrunity, but probably not (the lights are a lot brighter and hotter when you’re in the squared circle). There’s a certain safety, however, when you’re the needle in the haystack. Plus, there’s no immediate downside to not disclosing. It’s a risk, sure. As one person said, “not disclosing is like having a gun with a thousand chambers, putting in one bullet, pointing it at your head, and then pulling the trigger; self-disclosing is like putting six bullets in a six-shooter, pointing it at your leg, and pulling the trigger.” I have yet to find a more succinct statement encapsulating the self-disclose-or-not decision. Thousand-to-one odds against a particular investigation coming back to haunt you. When it does, it’s devastating (see Madoff, above), but it’s so rare.
Those odds have changed.
The funny thing is, we don’t really know how much those odds have changed. After all, one to two whistleblower reports a day isn’t that much. But the confidence level that investigations will remain internal only? Way down. Perception trumps reality. The effect of this perception gap will be that more investigations will be outsourced to outside counsel as companies want more comfort that their investigations will be seen as independent and thorough.
2. Lauren Stevens. Ah, the Lauren Stevens case. Probably my second favorite after the Alcatel/ICE matter. On the one hand, she was acquitted, so what effect can it have? In fact, it’s beyond an acquittal: the Judge threw out the case. But it’s still an important case. Why? Because she was indicted in the first place. Even more important? The reason that Judge Titus gave for granting the motion to dismiss. The Judge including in his reasoning that Stevens had been in constant contact with outside counsel, and had worked with outside counsel on the response to the FDA that got her in trouble. Because her use of outside counsel showed her reasonableness and good-faith, the Judge threw out the case. I can’t imagine any in-house counsel ever responding to a regulatory without input from counsel, but I think that now that same reflexive, of-course-we’ll-use-outside-counsel mindset will seep into the investigations space. I know that if I were a compliance officer tasked with a major internal investigation, especially one where there might possibly be a disclosure (see “b” above), my first call would be to outside counsel. It saved Lauren Stevens, and that’s good enough for me.
3. Internationalization. Sometimes, you don’t need complicated, external reasons for there to be more investigations. Sometimes, there are just simply more people doing the investigating. The UK Bribery Act will lead to some. Not just because there’ll be more investigations to deal with (though there will be), but also because companies will need outside counsel to help structure revamped compliance programs. If they’re smart, they’ll use outside counsel who have in-house experience—and those are few and far between. If they’re really smart, they’ll hire compliance consultants who have worked in-house before. People like Tom Fox. So the initial remediation work will generate more outside counsel work. And by “initial” I’m talking at least three years. This will go in stages. First, companies will hire outside counsel who advertise their expertise in the UK Bribery Act even though they’ve had exactly zero UKBA cases. But an Associate wrote up a comparison with the FCPA, and knows how to spell FCPA, so the Partner who reads it suddenly becomes a UK Bribery Act specialist. Phase one ends when companies realize that the lawyers who they’re working with have no idea how to set up a compliance program. The company then goes looking for a new lawyer to help fix what the first lawyer broke. The lawyers they look at to hire all have the same experience, from Phase 1. So all that actually happens in Phase two is the lawyers from phase 1 all shuffle around. Then comes phase 3, when the SFO starts bringing cases, and companies that haven’t started phase 1 start now. Lather, rinse, repeat. Am I coming off a little cynical? Smart companies will just hire Barry Vitou and be done with it.
The effect of these three circumstances will be increased work for outside counsel. Outside counsel would do well to heed my advice and revamp how they advertise their FCPA expertise. It’s big enough now to be its own category under litigation or white collar or even better, compliance. If I were a law firm managing partner, I’d back up a Brinks truck and hire away Raja Chatterjee from Morgan Stanley, or Noreen Fierro from Prudential, or Sarah DiLorenzo from McDonald’s, or someone like that. Someone who’s spent significant time in-house doing this stuff day to day. As much as two years in a firm followed by six years in a US Attorney’s Office (even the
Sovereign Southern District of NY) followed by another four years in a firm makes you a good lawyer, it makes for a sucky compliance officer. Someone like that has no idea how to get things done inside a company. Raja, Noreen, Sarah, and others like them know what pressures are in-house, to take employees off the line for training, to balance tech spend versus benefit, to think like a businessperson.
With the upcoming increase in work, it’d be good to get someone inside your firm who knows how to get things done. Just my opinion.