Conducting an Effective Internal Corporate Investigation Association of Corporate Counsel – Michigan Chapter June 10, 2014

2Copyright © 2014 Deloitte Development LLC. All rights reserved. Your presentation team Welcome ‏ Rex E. Schlaybaugh, Jr. Member and Chair Emeritus Dykema Gossett LLP Bloomfield Hills, MI ‏ Moderator ‏ Robert T. Biskup Director, Forensics Deloitte Financial Advisory Services LLP Detroit, MI ‏ Speaker ‏ Brian M. Moore Member Dykema Gossett LLP Bloomfield Hills, MI ‏ Speaker

3Copyright © 2014 Deloitte Development LLC. All rights reserved. Why we are here today Introduction Circumstances / issues giving rise to internal investigations −Cyber-attacks on data / network security −Corporate fraud / bribery and corruption −Whistleblower rights −Anti-competition activities −Product safety / quality control −Financial reporting / accounting irregularities Regulatory environment (Dodd-Frank, SEC, DOJ Leniency Programs, SOX) −Invites, if not demands, investigations as part of regulatory response protocol −Credits independent investigations as important part of cooperation and a key element in reducing corporate liability −Regulators and investors expect independent directors and external advisors to lead investigations where circumstances warrant

4Copyright © 2014 Deloitte Development LLC. All rights reserved. Why we are here today Introduction Benefits of an effective internal investigation −Memorialize company’s good-faith response −Trigger remedial action; enhancement to policies, procedures, internal controls −Better to know and, if warranted, voluntarily disclose −Minimize potential consequences, penalties, liabilities, debarments Triggers warranting an investigation −Financial fraud −Misconduct by corporate officers or employees −Ethical issues −Conflicts of interest −Government search warrant, subpoena or CID −Whistleblower complaints −Calls to hotline or anonymous reports −Media report −Regulatory noncompliance −Any allegation creating significant risk or potential for derivative lawsuit

5Copyright © 2014 Deloitte Development LLC. All rights reserved. Why we are here today Introduction All internal investigations are fluid, time-sensitive, and require flexibility Important to develop a collaborative process Key questions / issues to consider at the outset −Who should lead the investigation −Role of external counsel and advisors −Development of a structured and collaborative process −Role of Management and / or Board of Directors −Impact of investigation on attorney-client privilege & work-product privileges −Scope and plan of the investigation −How the investigation should be conducted (document collection, internal interviews, external interviews) −Who should receive the end-product, and in what form

6Copyright © 2014 Deloitte Development LLC. All rights reserved. Higher risk cases – investigation should be under the direction of attorneys −HR, internal audit or compliance officer for matters involving lower risk Office of General Counsel −Isolated and well-defined allegations −Activities of lower-level employees −Advantages: familiar with company; known to management; less disruption to operations; cheaper Outside counsel −Risk of criminal or civil exposure −Inquiries from government agencies / regulators −Activities of board members, management, or senior employees −Investigation led by audit committee or special committee −Advantages: experience and resources; maintain independence (consider new outside counsel); additional safeguards of attorney-client privilege Who should investigate?

7Copyright © 2014 Deloitte Development LLC. All rights reserved. Collaborative Process Role of Management / Board of Directors −Need management support, but independent of management control to ensure credibility −Appoint management point person (OGC for most investigations) −Board oversight may be necessary if management potentially implicated −Independent of board control if activities of board members at issue Need for subject matter experts (SMEs) −Forensic accountant necessary for most investigations −Counsel should retain experts for services in connection with providing legal advice to company (protect privilege) −Counsel should direct their activities

8Copyright © 2014 Deloitte Development LLC. All rights reserved. Developing a Structured Process Develop matrix of incoming report categories −Examples of violations of company policy, laws, regulations ◦Accounting / financial reporting (potential SOX 301) ◦Managerial frauds (potential SOX 302) ◦Employee relations (routine HR vs. significant compliance issues) ◦Asset misappropriation ◦Kickbacks, collusion, bribes, corruption ◦Anti-competition activities ◦Data privacy ◦Cyber attacks and data security ◦Credit card abuse ◦Environmental ◦Product safety ◦Threats to personal safety and security

9Copyright © 2014 Deloitte Development LLC. All rights reserved. Making it Collaborative For each category, develop primary and secondary leads −Legal (OGC and external counsel) −Compliance −Internal Audit −Security −Human Resources −Internal Control −Information Technology −HQ, Regional, and Local leads −Internal Regulatory Groups −Business Operations

10Copyright © 2014 Deloitte Development LLC. All rights reserved. Assembling the Right Team When to involve outside forensic accountants −Accounting irregularities −Financial reporting issues −Asset or money tracing −Large data gathering −Complex structured and unstructured data analytics −IT system implications −International coverage −Other support needed by counsel

11Copyright © 2014 Deloitte Development LLC. All rights reserved. Defining when to Escalate Develop specific criteria and procedures −Allegations against senior management −Allegations involving managerial fraud −Allegations involving accounting improprieties −Allegations involving financial statement fraud −Allegations with legal / regulatory implications −Allegations with reputational implications −Allegations involving bribery or kickbacks −Allegations impacting product quality −Allegations involving potentially material internal control weaknesses

12Copyright © 2014 Deloitte Development LLC. All rights reserved. Defining when to Escalate (continued) Who needs to know? −General Counsel? −CFO? −HR? −CEO? −Business Unit Management? −Board of Directors or Board Committee? −External Auditors? −Exceptions and process for dealing with internal conflicts of interest

13Copyright © 2014 Deloitte Development LLC. All rights reserved. Issues Involving Officers or Board Members Special considerations −Consider who must be informed in each scenario (CEO, CFO, GC, HR, CCO) −Consider special evidence gathering protocols −Consider administrative leave situations −Consider external reporting requirements −Consider involving company auditors −Consider special investigation committee overseen by board when independence is an issue

14Copyright © 2014 Deloitte Development LLC. All rights reserved. Protecting Privileges Investigations conducted by counsel for purposes of the company “obtaining legal advice” are generally protected by attorney-client and work product privileges −Typically applies to both in-house & outside counsel −Underlying facts are not privileged Investigation for business purposes may not be protected Recent federal district court decision raises concerns whether companies can claim privilege over investigations conducted pursuant to a regulatory or corporate policy. United States ex rel. Harry Barko v. Halliburton Company, et al., No. 05-CV-1276 (D.D.C. Mar. 6, 2014) −Impact should be limited as case sufficiently distinguishable from most attorney-led investigations

15Copyright © 2014 Deloitte Development LLC. All rights reserved. Steps of an Internal Investigation Step 1: Define Scope of Investigation Step 2: Prepare Investigation Plan Step 3: Collect / Analyze Data & Documents Step 4: Conduct Witness Interviews Step 5: Prepare Final Report

16Copyright © 2014 Deloitte Development LLC. All rights reserved. Step 1: Define Scope of Investigation Crucial to cost-efficient and effective investigation is defining the proper scope at outset of investigation Defining factors −Precise issues / allegations being investigated −Immediate & potential audience of investigation results −Need for subject-matter expert −Scope of corporate involvement −Time frame of allegations −Identification of sources of potential evidence −Identification of relevant witnesses (informational & target)

17Copyright © 2014 Deloitte Development LLC. All rights reserved. Step 2: Prepare an Investigation Plan Overview of the allegations & investigation scope Timetable for investigation events −Collect / analyze documents −Interview witnesses −Preliminary reporting Timetable for final reporting

18Copyright © 2014 Deloitte Development LLC. All rights reserved. Step 3: Preserve / Collect / Analyze Data & Documents Depending on scope of investigation & involvement of government / regulators Collect key documents immediately −Company rules, controls, policies and procedures −Memoranda or notes regarding allegation −Prior complaints −Contracts −Personnel files Investigation hold memo to identified custodians −Suspend normal document destruction policies −Consider simultaneous imaging computer hard drives & back-up media of key witnesses

19Copyright © 2014 Deloitte Development LLC. All rights reserved. Step 3: Preserve / Collect / Analyze Data & Documents (continued) Document collection −Designate IT point person to coordinate efforts −Consider outside vendor (or retained forensic expert) Document review – balance cost & thoroughness −Consider contract attorneys for large-scale reviews Memorialize document collection and review processes −Formulate search criteria and parameters −Involve government / regulators, if necessary

20Copyright © 2014 Deloitte Development LLC. All rights reserved. Step 3: Preserve / Collect / Analyze Data & Documents (continued) Data preservation − −Hard drives −Personal computers −Mobile devices −Hardcopy documents −Local and central servers −Consider global data protection regulations

21Copyright © 2014 Deloitte Development LLC. All rights reserved. Step 4: Conduct Witness Interviews Prepare interview outline −Explain purpose −Provide Upjohn instruction −Ask witnesses about compliance with P&P −Exhaust memory before reviewing documents Determine order of witnesses −Internal informational witnesses (may define / redefine scope) −External informational witnesses (e.g., outside auditor) −Internal target witnesses (primary alleged target last) Two-person interviews −Accurate note-taking −Second witness to testimony

22Copyright © 2014 Deloitte Development LLC. All rights reserved. Upjohn Warnings Proper Upjohn Warnings −Company requested counsel to gather information in order to provide legal advice to the Company in connection with its investigation of [ __ ] −Counsel represents the Company; not the witness −Interview is protected by the attorney-client privilege −Privilege belongs to and is controlled by the Company; not the witness −Company can decide to waive the privilege and disclose discussion to third- parties without notice to the witness −Keep interview confidential to preserve privilege; witness may not disclose to any third-party, including other employees or anyone outside the Company −Any questions? Willing to proceed?

23Copyright © 2014 Deloitte Development LLC. All rights reserved. Step 5: Final Report Form of report −Written report not always necessary or advisable −PowerPoint presentation or oral report reduces risk of privilege waiver Content of written report or presentation −Only factual findings / observations? −Consider legal conclusions and / or recommendations −Identify non-compliance with established policies & procedures Remedial actions resulting from investigation should be documented (e.g., personnel decisions or policy changes)

24Copyright © 2014 Deloitte Development LLC. All rights reserved. Disclosing Investigation Results – Impact on Privilege Decision for the Client Outside Auditor −May demand disclosure; require additional work −Failure to disclose may delay audit opinion −Disclosure risks waiver of privilege −Split of authority; no waiver is predominate view Board of Directors −Privilege preserved if board is the client −Sharing can result in waiver if board is not the client −Waiver if conduct of board members at issue

25Copyright © 2014 Deloitte Development LLC. All rights reserved. Disclosing Investigation Results – Impact on Privilege (continued) Government / Regulators −Case-by-case analysis −Consider statutory obligations to disclose (e.g., SEC, FDA) −Consider statutory benefits to disclose ◦SEC 2001 “Seaboard Report”: considered in assessing cooperation ◦SEC 2006 ”Statement on Penalties”: considered in assessing penalties Other factors −Government already know? Eventual disclosure likely? −Nature of disclosure; can it be limited? −Anticipate litigation? −Privilege waiver in most cases; assume waiver

26Copyright © 2014 Deloitte Development LLC. All rights reserved. Any Questions? ‏ For further information: Rex E. Schlaybaugh, Jr. Dykema Gossett LLP Woodward Ave., Suite 300 Bloomfield Hills, MI (313) Brian M. Moore Dykema Gossett LLP Woodward Ave., Suite 300 Bloomfield Hills, MI (248) Robert T. Biskup Deloitte Financial Advisory Services LLP 200 Renaissance Center, Suite 3900 Detroit, MI (313)

Copyright © 2014 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited About Deloitte As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright © 2014 Deloitte Development LLC. All rights reserved.