Archive for 'Corporate Investigation'

Maintaining effective cyber security is more important than ever. New threats emerge daily, and attackers are becoming more sophisticated in the ways they leverage attacks to extract what they want from vulnerable companies. Ransomware attacks are no longer the isolated events they used to be (although attacks targeting high-profile companies still make national headlines); and, for companies that do not take adequate measures to protect their networks and data, it is really only a matter of time until something goes very, very wrong.

But, let’s assume that you are already sold on the importance of maintaining an effective cyber security program. What you need to know is: Where do you go for help? Can you purchase a solution from your IT company? Or, are there other (and better) options available?

While many CIOs and CTOs assume that they can rely on their company’s IT vendors to meet their cybersecurity needs, this generally is not the case. In fact, as we discuss in greater detail below, there are several reasons why you should never use your company’s IT vendor for cybersecurity matters.

In most cases, the issue is not that IT vendors have conflicts of interest or present direct risks themselves. Rather, the concern is that IT vendors often don’t know what they don’t know when it comes to cyber security—and this means that they (and their customers) end up making decisions based on incomplete information. With the potential for severe consequences in the event of a breach, this is not a risk that most companies can afford to take.

Here’s Why Not to Trust Your Company’s IT Vendor When It Comes to Cyber Security

So, why shouldn’t you take the easy way out and use your company’s existing IT vendor for cyber security? Here are five key reasons not to trust your company’s IT vendor when it comes to cyber security:

Reason #1: Most IT Vendors Provide Off-the-Shelf Solutions

Whether they are willing to admit it or not, the vast majority of IT vendors simply resell off-the-shelf solutions. Some may repackage white-label products as their own, but ultimately these are the same products that they (and their competitors) sell to companies of all sizes in all different industries.

Is this necessarily a bad thing? In a word, “Yes.” While off-the-shelf products were sufficient for many small to mid-size companies in the 2000s, this is no longer the case today. Companies’ unique operations, systems, networks, and data all present unique risks, and this means companies have unique cyber security needs.

Additionally, companies are increasingly facing legal and regulatory obligations in the area of cyber security as well. These obligations exist at the state, federal, and international levels; and, while some obligations apply broadly (i.e. the European Union’s General Data Protection Regulation (GDPR)—which applies to many U.S. companies), many are industry-specific. If an IT vendor isn’t aware of your company’s obligations, as most IT vendors are not, it simply won’t be capable of recommending a cyber security solution that meets your company’s needs.

This isn’t meant to cast aspersions on IT vendors as an industry. Rather it is simply meant to help CIOs and CTOs understand the limits of their vendors’ capabilities. Cyber security is an area of high specialization, and the vast majority of IT vendors simply do not devote (or do they have) the resources required in order to provide their customers with appropriate custom-tailored cyber security recommendations.

Reason #2: Most IT Vendors Don’t Specialize in Cyber Security

This last point is worth expanding upon a bit more. Most people, including most CIOs and CTOs, lump cyber security under the IT umbrella. While this fundamentally makes sense, it also overlooks the extraordinary pace of innovation in the cyber security arena over the past several years. While cyber security protects companies’ IT systems, it is no longer simply an IT function. Today, cyber security is a function all on its own, and knowing how to recommend and implement effective cyber security protocols requires specialized skills and expertise.

A good IT vendor will be able to tell you everything you need to know about building and maintaining your company’s infrastructure. It will be able to recommend hardware, software, and managed services that are adequate to meet your company’s needs. It will be able to help your company implement appropriate applications on an enterprise-wide scale, and it will be able to assist with installing updates, patches, and expansions on an as-needed basis.

But, what it will not be able to do is help make sure your company’s infrastructure is secure. This simply isn’t your IT vendor’s role. Unfortunately, some IT vendors will try to be “helpful” by going beyond their expertise to recommend cyber security applications. While these efforts are usually well-intentioned (if not a bit self-serving), they are also usually uninformed. This would be a bit like a family medicine doctor providing advice regarding cancer treatment. The advice might be in the right general ballpark, but it will not be adequate or appropriately tailored to the patient’s (or customer’s) needs.

Reason #3: Establishing Cyber Security Involves Much More than Installing an Anti-Malware Application

This brings us to our next point: Contrary to popular belief, establishing cyber security is not simply a matter of installing anti-malware applications on your company’s servers, laptops, and mobile devices. Establishing and maintaining cybersecurity requires a strategic and broad-based approach that includes not only software, but also physical security, access management, training, and the security of employees’ personal devices (which will inevitably be used for business purposes to varying degrees)—among other components. Typically, IT vendors do not provide solutions in these other areas.

Far too many companies place too much trust in their anti-malware applications. In many cases, this is because their owners and executives lack a clear understanding of the risks they face and the solutions they need to implement. Oftentimes, this is because they go to their IT vendors for help. When an IT vendor offers an off-the-shelf product and nothing more, this suggests that the product itself is adequate. This, in turn, creates a false sense of security, and this leads to inaction that puts companies’ networks and data at risk.

Reason #4: You Will Need Advice and Recommendations On an Ongoing Basis

While relying on an IT vendor to provide cyber security advice may be a one-time mistake, it is not a short-term problem. To the contrary, inadequate cyber security is an issue that only gets worse with time. The more outdated a cyber security “program” becomes, or the more a company grows without addressing its growing cyber security needs, the greater the risk becomes of a massive cyber security breach. In fact, given today’s cyber environment, it is likely only a matter of time until something goes catastrophicallywrong.

Maintaining an effective cyber security program requires constant effort. It also requires advice and recommendations from true cyber security professionals on an ongoing basis. While your account manager might check in periodically when your company’s IT vendor has new products to sell, this does not count as “cyber security management.” Instead, CIOs and CTOs need to work with professionals who understand their companies’ needs and risks, and who can provide custom-tailored advice and recommendations in real time.

Reason #5: Most IT Vendors Are Not Equipped to Assist with Breach Response and Ensuing Litigation

Finally, even with an effective cyber security program in place, there is still the possibility that something will go wrong. If companies like T-Mobile and TD Bank experience data breaches, there is no reason for CIOs and CTOs of smaller companies to assume that their networks and data are immune—no matter how much effort they put into protecting them. While it would be nice if this were the case, it simply isn’t realistic.

When a company experiences a cyber security incident, effective breach response is crucial. The company must also immediately begin preparing for the possibility of breach-related litigation. Once again, this falls outside of IT vendors’ wheelhouses (and understandably so). However, if an IT vendor is unaware of the scope of the risks involved, it may attempt to provide assistance not realizing that it is allowing the company to fall farther into a hole. Following a breach, any unnecessary delays can be extremely costly, and they can make it much more difficult to assert a successful defense in federal enforcement litigation and/or in private civil lawsuits seeking damages.

In short, IT vendors simply are not equipped to provide the cyber security solutions companies need in 2021. It is incumbent upon CIOs and CTOs to accept this reality, and to ensure that they are making informed decisions with regard to what is necessary to protect their companies’ technological and financial assets.

Speak with a Senior Cyber Security Consultant at Corporate Investigation Consulting

If you have questions about what it takes to implement an effective cyber security program, we encourage you to get in touch. To speak with a senior cyber security consultant at Corporate Investigation Consulting, please call 866-352-9324 or inquire online today.

From evaluating the sufficiency of compliance policies and procedures to preparing for a federal investigation, there are a variety of reasons why companies might need to perform internal audits. Minimally, companies should conduct internal audits annually to ensure that their compliance policies and procedures are working and up to date. Companies should also conduct internal audits any time they are at risk for facing a government investigation or enforcement action, as knowing what (if anything) the government is going to find is imperative to building an effective legal defense.

But, there are other circumstances in which internal audits will be necessary as well. For example, when a company intends to launch a new product or service line, it needs to know whether its existing policies, procedures, and systems are sufficient. Likewise, if an employee files a complaint of harassment or discrimination, this should also trigger an internal audit focused on determining what additional or revised measures are necessary to protect both the company’s employees and the company itself.

Put our highly experienced team on your side
Roger Bach
Roger Bach

Former Special Agent (OIG)

Timothy E. Allen

Former Senior Special Agent U.S. Secret Service

Chris J. Quick

Former Special Agent (FBI & IRS-CI)

Maura Kelley

Former Special Agent (FBI)

Ray Yuen

Former Supervisory Special Agent (FBI)

Michael S. Koslow

Former Supervisory Special Agent (DOD-OIG)

Marquis D. Pickett

Special Agent U.S. Secret Service (ret.)

Two Main Options for Conducting an Internal Audit

Regardless of why a company needs to conduct an internal audit, it has two main options for doing so: (i) it can rely on in-house personnel to conduct the audit; or, (ii) it can engage an outside consulting firm. As we discuss below, while both options have merits, the limitations of utilizing in-house personnel will weigh in favor of engaging an outside consulting firm for most companies.

Using In-House Personnel to Conduct an Internal Audit

The first option companies have for conducting an internal audit is to rely on their own in-house personnel. If a company has sufficient internal resources to manage an audit in-house, this approach might seem like the most cost-effective option. However, this is not necessarily the case, particularly when you take into consideration the risks involved.

Benefits of Using In-House Personnel

What are the benefits of using in-house personnel to conduct an internal audit? While each company’s circumstances are different, broadly speaking these benefits include:

1. The Company’s In-House Personnel are (or Should Be) Familiar with Its Policies, Procedures, and Operations

The company’s in-house personnel should be familiar with its policies, procedures, and operations, and this should allow them to hit the ground running. However, while this might be the case, what most in-house personnel will lack is knowledge of the processes and protocols involved in conducting an audit and assembling information on which the company’s leadership team can confidently rely.

2. The Company’s In-House Personnel Can Be Diverted from Their Normal Tasks to Work on the Audit Immediately

If a federal investigation or other event has triggered the need for an unanticipated audit, the company’s in-house personnel can be diverted from their normal tasks to begin work on the audit immediately. However, once again, whether and to what extent internal personnel have the capabilities required to conduct an effective internal audit is a concern that cannot be ignored.

3. The Company Isn’t Spending on an Outside Consulting Firm

The third benefit of relying on in-house personnel is that it avoids the additional expense of engaging an outside consulting firm. It is important to keep in mind, however, that there are productivity costs associated with relying on in-house personnel to conduct an internal audit. Additionally, as discussed further below, the costs of an ineffective internal audit can far outweigh the costs of hiring a team of professionals to efficiently gather and assess all pertinent information.

Limitations of Using In-House Personnel

Now, what about the limitations? As we mentioned above, while relying on in-house personnel to conduct an internal audit might seem highly cost-effective, this is not necessarily the case. Consider these limitations:

1. The Company’s In-House Personnel May Lack the Knowledge and Skills Required to Conduct an Effective Internal Audit

Conducting an internal audit requires special knowledge and skills. If your company’s internal personnel are not intimately familiar with contemporary internal auditing processes and protocols, they are not going to be able to collect the data your company needs.

2. The Company’s In-House Personnel May Only Be Available During Normal Business Hours

Even if your company has exempt employees who are not limited to working nine-to-five, your company’s in-house personnel are not going to be available around the clock. This means that there will be delays in the audit process—and these might not be delays your company can afford.

3. Limited Knowledge, Skills, and Time Can Lead to an Inefficient and Incomplete Audit

As we alluded to above, if your company’s in-house personnel are not experts in internal audit processes and protocols, your company will not be able to confidently rely on the outcome of the audit. If they cannot complete the audit efficiently, this will render the audit effectively useless as well.

4. In-House Personnel Who are Focused on Conducting an Internal Audit are Not Focused on Their Normal Job Duties

When in-house personnel are focused on conducting an internal audit, they are not focused on their normal job duties. Also, remember that conducting an internal audit is not a one-time event. Companies should conduct compliance audits annually (if not more frequently), and both expected and unexpected events can trigger the need for ad hoc internal audits. If company personnel are regularly being diverted from their normal job duties to conduct internal audits, the company’s operations and profitability are going to suffer.

5. In-House Personnel May Be Personally Involved in Matters Falling Within the Scope of the Internal Audit

Finally, one of the most-significant limitations associated with utilizing in-house personnel is that those who are assigned to conduct the audit could have a personal interest in the outcome of the process. If in-house personnel believe that the outcome of an internal audit could have an impact on their personal employment status, this will compromise the entire audit.

Engaging a Consulting Firm to Conduct an Internal Audit

What about engaging an outside consulting firm? This is the preferred option in virtually all scenarios. Unlike utilizing in-house personnel, the benefits of engaging an outside consulting firm far outweigh the perceived limitations.

Benefits of Engaging a Consulting Firm

The benefits of engaging an outside consulting firm to conduct an internal audit include:

1. Your Company Can Rely on the Expertise of the Consulting Firm’s Personnel

The consulting firm’s personnel should be experts in auditing protocols and procedures. Additionally, with significant experience conducting internal audits for other companies, the consulting firm’s experts should be able to quickly get up to speed on your company’s policies, procedures, and operations.

2. Your Company Can Rely on the Efficiency of the Consulting Firm’s Personnel

As a result of their experience and expertise, the consulting firm’s experts should be able to conduct the audit efficiently and provide company leadership with timely and actionable data. Additionally, while your company’s in-house personnel will be limited in the number of hours they can devote to an internal audit, a consulting firm should be able to devote the resources necessary to complete the audit as quickly as possible. This includes having personnel work on the audit around the clock if necessary.

3. Your Company’s In-House Personnel Can Stay Focused on Their Normal Job Duties

Since they are not focused on trying to conduct an internal audit, your company’s in-house personnel can stay focused on their normal job duties. Productivity and customer experience will not suffer, and the internal audit will be both more efficient and more effective.

4. The Audit Will Be Comprehensive, Well-Documented, and Devoid of Potential Conflicts of Interest

Expert consultants who have honed their auditing skills over decades of practice will be able to provide comprehensive and well-documented data that your company can use without reservation. Additionally, engaging an outside consulting firm avoids the risk of any conflicts of interest (or perceived conflicts of interest) involving in-house personnel.

5. You Can Move Forward Confidently with the Data You Need to Make Informed Decisions

The purpose of conducting an internal audit is to gather the data your company’s leadership needs in order to make informed decisions. Engaging an outside consulting firm ensures that this purpose will be fulfilled. The consulting firm should not only be able to conduct a comprehensive audit, but also document the audit’s comprehensiveness, and this will give your company’s leaders the confidence they need to move forward.

Limitations of Engaging a Consulting Firm

There is really only one limitation when it comes to engaging a consulting firm: The company will incur an expense that it would not incur if it relied exclusively on in-house personnel to conduct its internal audit. However, this expense is well worth it (and not as great as many company lawyers and executives think) when you consider the risks of the alternative approach.

If an audit is compromised or incomplete, it serves no valid business purpose, and it can leave the company exposed to administrative, civil, or criminal liability. In contrast, a professionally-conducted comprehensive internal audit will allow the company’s leadership team to make informed decisions and execute strategies focused on protecting the company.

Speak with a Former Federal Agent at Corporate Investigation Consulting

Does your company need to conduct an internal audit? If so, we encourage you to get in touch. To speak with one of our former federal agents in confidence, please call 866-352-9324 or inquire online today.

Federal law contains countless provisions that can impose liability on corporations for the failure to comply with relevant laws and regulations.  Federal prosecutors and federal agencies have been especially eager and aggressive in prosecuting corporations that have weak or inferior compliance programs in place, as this is typically a strong indicator of internal corporate misconduct such as bribery, corruption, or fraud.  One of the best ways for a corporation to avoid becoming the subject of a protracted federal investigation is to demonstrate their continued compliance with the law.  Further, the best way to demonstrate compliance with the law is to maintain an effective, robust, and vigorous corporate compliance program.  This article discusses three reasons why an effective compliance program can help avoid or lessen criminal charges.

1. An Effective and Continuous Compliance Program Can Lead to Leniency by the Prosecutors

Prosecutors are responsible for examining a corporation’s compliance program and for determining whether the corporation contained an adequate compliance program at the time of the offense; whether the corporation utilized remedial efforts to improve a prior program; whether the corporation made certain investments and improvements to the program; and whether the program has been tested to demonstrate that it will detect misconduct in the future, as some examples.

Whether the corporation’s compliance program can lead to leniency by the prosecutors depends on the presence, nature, and effectiveness of the compliance program.  For instance, if an employee within the corporation is under investigation for allegedly bribing foreign officials, the question for the prosecutor is whether the corporation was also involved and, if not, whether the corporation had a compliance program in place that was working effectively such that it should have prevented this crime.  If the corporation did not have a compliance program in place, it would be hard for the corporation to argue that it should be exempt from liability for the individual’s crime because it is incumbent on corporations to develop a robust compliance program throughout its busines that promotes full compliance and transparency with the law.

However, if the corporation had a compliance program implemented, the prosecutor’s job would then be to determine whether it was working effectively at the time of the offense.  If it was not working effectively, then the corporation would generally not receive any leniency by the prosecutor.  On the other hand, if the corporation had an active and fully operational compliance program in place and the individual still perpetrated the crime, it is possible for the prosecutor to focus solely on the individual’s misconduct.  In these latter cases, there is not much the corporation can do to prevent a bad actor from taking advantage of their position or the corporation’s resources.

2. An Effective Compliance Program Can Help Reduce the Penalty under the Sentencing Guidelines

A compliance program can reduce the potential liability and penalties of the corporation.  Having said that, the mere fact of having a compliance program is generally not sufficient in and of itself to avoid liability or even to reduce the penalty.  Instead, in order for a corporation’s compliance program to give meaningful credit—or reduction in penalties—it needs to meet certain elements.  As mentioned in the Department of Justice’s June 2020 memo on “Evaluation of Corporate Compliance Programs,” these elements center on whether the compliance program is well designed to prevent and detect wrongdoing; whether the compliance program is adequately resourced and contains the appropriate resources needed for it to function; and whether the compliance program works in practice as well as how the corporation remedies identified instances of misconduct.

Corporations should make it their priority to ensure that their compliance program satisfies these elements.  In other words, there is no standard one-size-fits-all compliance program.  A compliance program must be designed appropriately, implemented correctly, and monitored continuously.  Only then can it be considered when trying to reduce the corporation’s liability and penalty.

3. An Effective Compliance Program Can Avoid Negative Collateral Consequences

A corporation that is actively involved in monitoring, updating, and improving its compliance program will receive less harsh treatment by federal agencies and federal prosecutors compared to corporations that have lax compliance programs or that are indifferent to revising them.  An effective compliance program can lessen the collateral consequences associated with a federal investigation such as the increased media attention and negative public opinion that follows—both of which can have long-lasting and devastating impacts on the corporation’s future.

Federal agencies such as the SEC and DOJ understand that a corporation’s compliance program is not going to detect every single instance of misconduct.  What is important is the effectiveness of the corporation’s compliance program—which can lead the prosecutor to either (1) decline to pursue charges against the corporation or (2) proceed against the corporation with leniency or offer some credit or reward for their assistance.  Both scenarios are possible regardless of whether the compliance program detected the misconduct.

Also, it is important to note that an effective compliance program should be coupled with hiring independent legal and compliance officers and collaborating with external investigations.  Retaining a team of independent legal and compliance officers adds an extra layer of protection against certain acts of misconduct and, critically, also serves as additional evidence of the corporation’s intent to be in full compliance with the law.  Voluntarily reporting violations to federal agencies or willingly cooperating with external investigations will further result in less negative consequences for the corporation.

Conclusion

While maintaining and enforcing an effective compliance program is not a guarantee that federal agencies or federal prosecutors will never go after a corporation, it does meaningfully change the attitude of the agency or prosecutor in three key respects: a compliance program can lead to (1) leniency by the prosecutors; (2) a reduced penalty; and (3) less negative collateral consequences.  The federal government understands that an effective compliance program may not catch all instances of misconduct, as this is not the purpose.  The purpose of a compliance program is to monitor and implement a corporation-wide system that emphasizes due diligence and compliance with the law, promotes whistleblowing, and embraces continuous improvement and updates to the program.

An effective corporate compliance program is an integral component of a business’ operations.  It helps a corporation monitor, identify, remediate, and improve its policies and procedures for handling allegations or suspicions of misconduct.  An effective compliance program mitigates the risk of federal investigations and scrutiny as well demonstrates an attitude of compliance with federal law.  This article will explain what an effective corporate compliance program entails, why is it needed, what prosecutors look for when investigating corporations, and how to craft an effective compliance program.

I. What Is A Corporate Compliance Program and Why Is It Needed?

A corporate compliance program is a company-wide program that administers, enforces, and monitors a corporation for full compliance with federal and state law.  It covers internal policies and procedures to ensure the proper functioning of business operations, personnel, transactions, documentation, etc.  A key component of an effective compliance program is that it is continuous—corporations must constantly monitor, revise, and optimize their compliance programs to acocunt for changes in law, business operations, size of business, or other relevant factors.

Compliance programs are needed within a corporation because they help avoid violations of the law by detecting warning signs of misconduct, which the corporation can then quickly counter.  Further, even if the corporation’s compliance program was unable to detect misconduct, it can nevertheless eliminate or reduce the extent of potential penalties depending on the strength and effectiveness of the program.

II. What are the three “Fundamental Questions” Asked Regarding a Corporation’s Compliance Program?

The U.S. Department of Justice Criminal Division gives detailed information on the means and manners by which prosecutors conduct their investigations of corporations and the factors they use to decide whether to bring charges and negotiate pleas.  In its updated “Evaluation of Corporate Compliance Programs” memo from June 2020, the Criminal Division emphasizes three questions from the Justice Manual that a prosecutor should ask regarding the corporation:

  1. Is the Corporation’s Compliance Program Well Designed?
  2. Is the Corporation’s Compliance Program Adequately Resourced and Empowered to Function Effectively?
  3. Does the Corporation’s Compliance Program Work in Practice?

With respect to the first question, an effective compliance program should be comprehensive and robust.  This means it should adapt its procedures based on the risk profile, business, size, and location of the corporation.  An effective compliance program also embraces modifications in order to make its functioning more effective at identifying, monitoring, and remediating misconduct.

The second question asks how the compliance program is being implemented.  Adequate implementation is essential for the proper functioning of an effective compliance program.  The corporation’s compliance program should be smoothly integrated into its operations and all personnel should be regularly informed about the program.

The last question asks whether the corporation’s compliance program works in practice.  The guidance from the Criminal Division makes clear that the existence of an identified instance of misconduct does not necessarily mean that the corporation’s compliance program was not working effectively; the crucial question instead is how the corporation handles the misconduct after it was detected—investigation, documentation, and revisions to the compliance program.  It is important that corporations have the willingness to improve their compliance program to be more effective in the future.

III. How to Craft an Effective Compliance Programs

There are seven key components of crafting an effective compliance program, all of which ultimately come down to maintaining a healthy and open corporate culture:

  • Commitment by Upper Management: Upper management, the board of directors, executives, and officers must lead by example. It is insufficient for a corporation to merely enact a compliance program and expect all personnel to follow it.  There must be a clear commitment by words and actions by those in charge.
  • Sufficient Resources and Staff: A corporation must have adequate resources and staff for a proper compliance program to be carried out. Compliance should always be a top priority for corporations as it can impact the nature and extent of a federal investigation and the resulting fines and penalties.
  • Personnel Training: All personnel of the corporation—including upper management—should be periodically trained on their corporation’s compliance program. This is important because the laws, regulatory environment, business relationships, and size of the corporation could change.
  • Periodic Evaluation: Compliance programs should be periodically evaluated for the same reasons that personnel need to be trained. The business of a corporation is dynamic and is constantly changing; therefore, the compliance program must be evaluated and modified to account for such changes.
  • Consistent Enforcement: A good compliance program is only as effective as its ability to enforce its provisions when individuals either follow its policies or violate them. For instance, the corporation should set forth clear courses of action that it will follow when individuals follow policies or violate them, and the corporation must act upon these policies.
  • Internal Controls and Due Diligence: A corporation’s system of internal controls must be adequately designed to detect and prevent misconduct. Further, a corporation should regularly employ due diligence policies and procedures for significant business transactions such as mergers and acquisitions or transactions with foreign parties.
  • Updating and Optimizing: A compliance program should be updated as needed. It should also be optimized based on changing busines conditions and the sophistication of technology.
Conclusion

An effective compliance program is a critical component of a corporation’s business operations.  It serves as an indicator that the corporation is following the law.  This is vital because the risks of non-compliance can be devastating, including civil and criminal lawsuits which can lead to significant monetary penalties, loss of license, injunction, reputational harm, and even jail time.  If a corporation is concerned about the effectiveness or strength of its compliance program or has any question regarding the effects of a compliance program on a federal investigation, it should get in contact with an experienced compliance consultant.

At the federal level, civil and criminal penalties for statutory violations and judgments awarded in private civil litigation are almost always substantial. In many cases, individuals can face fines in the hundreds of thousands or millions of dollars, and many federal statutes increase the penalties for corporate entities by a factor of five. Defendants in private civil litigation can face exorbitant financial exposure, and even well-heeled businesses and high-net-worth individuals will often be looking at bankruptcy in the event of an unfavorable judgment.

While the risks in federal civil and criminal proceedings are substantial, there are steps individuals and businesses can take to protect their assets. In addition to asserting a comprehensive and strategic defense during the government’s investigation or the federal district court proceedings, this includes taking proactive steps shield assets from forfeiture and collection. When executed in a timely and lawful manner, asset protection strategies can provide broad protection, and putting asset protection measures in place is a wise choice for business owners, professionals, and anyone else who may be at risk for civil or criminal liability.

10 Reasons Why You (or Your Business) May Need an Asset Protection Strategy

Why might a person or business choose to implement an asset protection strategy? Here are 10 examples of risks that can expose individuals’ personal assets as well as the assets of targeted business entities:

  • Federal Compliance Investigations – For businesses in federally-regulated industries, federal compliance investigations can lead to substantial liability for civil or criminal penalties. Business owners, executives, board members, and other individuals can potentially face personal liability as well.
  • Federal Fraud Investigations – Numerous federal statutes establish civil and criminal penalties for fraud-related offenses. This includes everything from industry-specific offenses such as health care fraud and securities fraud to the general crimes of bank fraud, mail fraud, and wire fraud.
  • Federal Conspiracy Investigations – The federal conspiracy statutes allow prosecutors to pursue charges against multiple individuals and businesses as the result of a single investigation. The penalties for conspiracy can be the same as those for the underlying offense.
  • Professional Liability Claims – Doctors, lawyers, accountants, stock brokers, and other professionals can face substantial exposure due to professional liability claims. While professional liability insurance can provide some protection, it generally is not enough to provide sufficient asset protection.
  • Personal Injury and Wrongful Death Claims – Individuals and businesses of all types can face personal injury and wrongful death claims. Here, too, while you may have insurance coverage, this coverage will not provide the same level of protection as a comprehensive asset protection strategy.
  • Contractual Liability Claims – Contract disputes between individuals and businesses can lead to substantial liability exposure as well. If you or your business is held liable in contract-based litigation or arbitration, having an asset protection strategy in place could be crucial to avoiding personal or corporate bankruptcy.
  • Shareholder, Partner, and Member Disputes – Disputes among shareholders, partners, and members can have a variety of potential outcomes; and, in some cases, business owners can face personal liability for causing financial harm to the business or its other owners.
  • Economic and Business Downturns – Economic and business downturns can create problems when it comes to meeting contractual obligations, and this in turn can lead to civil litigation. With an asset protection strategy in place, you can make sure that unanticipated circumstances do not go from bad to worse.
  • Starting or Expanding a Business – Any time you are starting or expanding a business, it is a good idea to make sure you have adequate liability protections in place. This includes ensuring that you have both a personal and a business asset protection strategy.
  • EmploymentRelated Litigation – Employee lawsuits can involve a host of different issues, and they can target companies as well as individual supervisors, managers, and owners. If an employee accuses your company (or you personally) of wrongdoing, you will need to know that your company’s assets (or your personal assets) are secure.
Answers to FAQs about Asset Protection Strategies for Business Owners, Professionals, and Other High-Net-Work Individuals

Asset protection is an important, and frequently-misunderstood, area of the law. Here, our consultants and former agents answer some frequently-asked questions (FAQs) about asset protection for individuals and businesses that may be at risk for federal penalties or judgment liability:

Q: Are asset protection strategies legal?

Yes, and this gets to the heart of one of the most-common misconceptions about asset protection. Individuals and businesses have every right to protect their assets in accordance with the laws of the United States and other countries, and there are numerous laws in the U.S. and abroad that provide ways to shield assets from judgment liability. While there are certainly illegal ways to attempt to shield assets from the federal government and private parties, there are more than enough legal options to protect personal and corporate assets without violating the law.

Q: How do legal asset protection strategies work?

Legal asset protection strategies work by placing assets beyond the reach of creditors. This includes both debt creditors (i.e. lenders and the Internal Revenue Service (IRS)) and judgment creditors (i.e. plaintiffs in civil litigation and the federal government in civil and criminal law enforcement proceedings). With an effective asset protection plan in place, individuals and businesses can limit the assets that are available to satisfy their debts and judgment liabilities.

Q: Do you need to have an asset protection plan in place before you get taken to court?

Generally speaking, yes. Attempting to move assets beyond the reach of judgment creditors when you or your business is already facing litigation may lead to allegations of making fraudulent transfers. If fraudulent transfers are made in an attempt to avoid satisfying a federal judgment, the transferred assets can be pulled back and then seized for payment to the government or private plaintiff. However, while this is the general rule, there are exceptions, and individuals and business owners should promptly consult with legal counsel about implementing an asset protection strategy.

Fraudulent transfers are generally a civil matter, but they can lead to criminal prosecution in some cases. As a result when putting together an asset protection strategy, it is imperative to work with your (or your company’s) legal counsel to ensure that all components of your strategy comply with the law.

Q: Will an asset protection strategy help protect you from being sued?

Typically, no. Plaintiffs are unlikely to know that you have an asset protection strategy in place, and this may not be something the plaintiff discovers until its lawsuit is underway. This another point that is important to make clear about asset protection strategies as well: They protect assets against judgment liability—they do not protect against judgments themselves. If a plaintiff discovers during the litigation process that insufficient assets are available to satisfy any judgment it may be awarded in court, then this could spur favorable settlement negotiations, or potentially even lead to the lawsuit being dropped. However, in order to mitigate their risk of being sued, individuals and businesses must avoid violating their contractual obligations and all applicable state and federal laws.

Q: What is involved in implementing an asset protection strategy?

Implementing an asset protection strategy begins with conducting a detailed assessment of your (or your company’s) assets and risks. Once we have an understanding of what needs to be protected and what it needs to be protected from, then our consultants can offer recommendations that are specific to your (or your company’s needs).

Broadly speaking, there are a number of asset protection tools and methodologies that will work under varying circumstances. Some examples of more-common tools and methodologies include:

  • Using prenuptial and postnuptial agreements to establish and protect “marital domestic asset protection trust (DAPT) or a foreign asset protection trust (FAPT)
  • Creating an irrevocable spendthrift trust or another type of irrevocable trust
  • Creating a personal residence trust
  • Equity stripping techniques that limit the value available to subordinate creditors
  • Establishing domestic or foreign business entities to hold assets separate from personal assets and operating business entities
  • Selling or exchanging assets for assets that can be better protected
Q: If you have liability insurance (or if your business has a CGL policy), do you still need an asset protection strategy?

Yes. While liability insurance provides a level of protection, it is not sufficient on its own. This is because (i) liability insurance does not cover all types of claims (nor does it cover federal civil and criminal fines); and, (ii) under most liability insurance policies, the policy limits are insufficient to cover significant judgments.

Discuss Your Asset Protection Strategy with a Consultant from Corporate Investigation Consulting

Do you have questions about putting together a personal or business asset protection strategy? If so, we encourage you to get in touch. One of our consultants will be happy to speak with you one-on-one. To schedule a confidential and complimentary consultation at your convenience, please call (866) 352-9324 or inquire online today.

Instances of Intellectual Property (IP) and Non-Compete Infringement Require an Immediate and Effective Response. If Your Company’s Proprietary Assets are at Risk, You Need to Engage a Firm that Can Help You Appropriate Action to Protect Them.

Among the various types of crises that can impact companies’ operations, instances of intellectual property (IP) infringement and non-compete infringement are fairly unique. Not only can they be incredibly disruptive and cause confusion in the marketplace; but, if not combatted aggressively, they can also lead to the loss of intangible value – in some cases permanently. If a former employee, competitor, or other third party is infringing your company’s IP or using its proprietary data to your company’s disadvantage, you need to take responsive action immediately.

There are a number of keys to responding effectively to instances of trademark, copyright, patent, and non-compete infringement. However, the most-important key is undoubtedly to respond as quickly as possible. The longer infringement is allowed to continue, the more damage it can cause, and the greater the risk becomes of the company suffering permanent intangible losses.

Our Former FBI Agents are Highly-Skilled Investigators and Savvy Business Advisors

We help companies nationwide combat domestic and international IP and non-compete infringement. In order to do so, we rely heavily on the experience of the former high-ranking federal agents on our corporate crisis management team. These agents, including former Supervisory Special Agents with the Federal Bureau of Investigation (FBI), have decades of experience investigating instances of infringement and other similar types of wrongs, and we have a proven track record of helping companies make informed decisions based on actionable intelligence.

We Assist Companies in Matters Involving All Types of IP and Non-Compete Infringement

Our experience encompasses conducting investigations and advising companies with respect to all types of intellectual property infringement and non-compete violations. In addition to our consultants’ extensive experience, we also rely on state-of-the-art technological resources to identify instances of infringement and the individuals and companies behind them. By taking a systematic, yet diligent and unrelenting, approach to helping our clients combat IP infringement, we are able to effectively assist in terminating improper uses of intangible assets (and restoring the value of those assets) in situations involving:

  • Trademark and Service Mark Infringement – Misappropriation of your company’s brand, name, and logo can leave current and prospective customers confused. It can also leave them believing that products or services offered by another entity (which may be grossly inferior) originated with your company.
  • Trade Dress Infringement – Trade dress is the design, or “overall look and feel,” of a company’s retail locations. Trade dress protections apply to more than just the company’s trademarks and service marks, and terminating instances of trade dress infringement can be crucial to protecting your company’s hard-earned customer loyalty.
  • Copyright Infringement – Federal copyright protections apply to everything from menus and websites to software code and entertainment media. Copyright infringement can be extraordinarily costly. But, the protections afforded to copyright owners are clear; and, once an infringer has been identified, a company’s enforcement efforts can be swift and severe.
  • Patent Infringement – We assist companies that own all types of patents with the enforcement of their exclusive rights. Whether a customer or licensee has exceeded the scope of its permitted use or your company is facing a threat from a third-party infringer, we can gather the evidence you need to pursue appropriate legal remedies.
  • Misappropriation of Proprietary Information – Your company’s propriety information could be among its most-valuable assets. As a result, when facing theft or infringement, your company needs to execute a proportionate response. We assist companies nationwide in all aspects of responding to data theft, from forensic evidence gathering to enforcement strategizing and future risk mitigation.
  • NonCompete Violations – Knowing that a vendor, employee, licensee, or franchisee has violated a non-compete covenant is one thing. Proving it is another. We have the skills, insights, and resources required in order to efficiently gather the evidence needed to prove non-compete violations.
  • NonSolicit Violations – Violations of non-solicitation covenants can have significant negative consequences as well. We approach non-solicit violations in the same manner that we approach all other instances of infringement and misappropriation—with a systematic strategy and an unrelenting commitment to providing our clients with the information they need to protect their assets as quickly as possible.
A National Consulting Firm with Global Capabilities

We work with companies of all sizes and in all industries on a nationwide basis, and we have the resources and capabilities required to protect our clients’ intangible assets on a global scale. By delivering actional intelligence in easily-digestible formats, by providing custom-tailored consulting, and by providing ongoing advice in real-time, we help our clients make smart decisions focused on preserving (or restoring) maximum value in their IP and proprietary information.

Our former federal agents and other consultants are available to investigate and advise companies with respect to all types of IP and non-compete infringement matters. This includes, but is not limited to:

1. Third-Party Infringement and Misappropriation

Instances of third-party infringement and misappropriation can run the gamut from unintentional trademark violations to copyright theft and reverse-engineering of patented inventions. Regardless of the specific issue involved, if a third party has infringed or misappropriated your company’s trademark, copyright, patent, or proprietary information, you must react immediately. Our former federal agents can initiate a forensic investigation right away, and we can advise you regarding the steps your company should be taking to mitigate its resulting losses.

There are different ways to approach instances of third-party infringement and misappropriation, and deciding on the best approach requires a clear understanding of the circumstances involved. Was the infringement inadvertent? If so, then a forceful but non-litigious approach may produce the most advantageous result. Is the infringer claiming that it actually owns the IP rights and your company is infringing? If this is the case, then this is a different situation that requires a different approach entirely.

2. Fiduciary Duty Breaches

Intellectual property and non-compete infringement resulting from fiduciary breaches require their own unique approach as well. If a corporate insider or advisor has misappropriated your company’s IP in order to advance his or her own financial interests (or the interests of another company), your company may have additional grounds for seeking redress, and this means that the investigation will need a broader scope.

At the same time, however, the investigation will most likely need to be kept confidential, and this also entails unique considerations. With our former federal agents’ broad and extensive experience handling covert corporate investigations, we can effectively gather the evidence your company needs while also preserving confidentiality and maintaining maximum leverage over the infringer.

3. Cybersecurity Breaches

Misappropriation of intangible property through cybersecurity breaches and data theft is a concern for companies of all sizes and in all industries. If a third party has gained unauthorized access to your company’s information technology (IT) platform and misappropriated its IP, our team can work to quickly identify the vulnerability exploited in the intrusion as well as the scope of the information obtained. We can then work to trace the breach back to its source, and we can assist your company in taking all appropriate responsive and remedial action.

4. Contract Disputes with Employees, Vendors, and Licensees

Many cases of intellectual property and non-compete infringement arise out of contract disputes with employees, vendors, and licensees. Disagreements over everything from the scope of software licenses to licensees’ and franchisees’ post-termination rights can lead to costly and litigious disputes.

In these situations, we work with our clients to confirm infringement through various investigative means, and we advise our clients regarding their best courses of action. Will your company need to file a lawsuit? Or, is there a more efficient and less confrontational alternative available? In many cases, intent can be a major factor, and by helping our clients understand whether or not a violation was intentional, we can help them make strategic decisions focused on preserving key relationships while also undertaking appropriate measures to preserve the value of their intangible property.

5. Large-Scale Online, Manufacturing, and Retail Infringement

We also assist companies in cases of large-scale online, manufacturing, and retail infringement. While no situation involving IP or non-compete infringement is ideal, in these situations, the best-case scenario is to catch the infringer before it invests substantial resources in the infringing activity. Once an infringer initiates an online marketing campaign, begins manufacturing infringing products, or starts placing infringing products or packaging on retail shelves, the stakes become much higher for all parties involved.

Despite this, there are still various paths toward a favorable result. Our former federal agents and other consultants have significant experience in cases involving extremely high stakes, and we can use the knowledge and strategic insights gained from this experience to help your company protect its IP. We can also assist with matters such as:

  • Social media infringement monitoring
  • Digital Millennium Copyright Act (DMCA) takedowns and compliance
  • Supply chain investigations
  • Sublicense investigations
  • Secret shopper investigations
  • Coordinating with law enforcement
  • Providing expert testimony in IP and non-compete infringement litigation
Contact Our Corporate Crisis Management Team about Your Company’s NeedsContact Our Corporate Crisis Management Team about Your Company’s Needs

For more information about how our former federal agents and the other members of our corporate crisis management team help companies protect their intellectual property and proprietary information, contact us today. You can reach us by phone 24/7 at 214-692-2171; or, tell us how we can reach you and a member of our team will be in contact shortly.

Theft of Data (Data Breach)

Data Breach Incidents Can Cause Substantial Exposure, and an Immediate and Effective Response is Required. If Your Company’s Data Security Protocols Have Been Compromised, You Must Begin Making Informed Decisions Immediately In Order to Prevent Unnecessary Losses.

If your company has experienced a data breach, or if you don’t know whether your company has experienced a data breach, your response needs to be swift and decisive. While a significant amount of damage may have already been done, your company’s situation could get far worse if it does not respond to the breach appropriately. From uncovering the source of the intrusion to seeking immediate relief in the courts, there are many critical steps that may need to be taken right away.

While corporate data breaches have become far more common in recent years, this does not serve as an excuse for companies that experience intrusions. If anything, the prevalence of data breaches in recent years has heightened scrutiny of companies that do not do enough to protect their employees’, customers’, and vendors’ data. When breaches occur, companies will typically have legal obligations at the federal and state levels (and potentially the international level as well). Failure to comply with all applicable breach notification and other laws can increase companies’ liability exposure, and failure to remediate intrusion threats can lead to enhanced exposure in the event of a recurrence.

Of course, companies have their own data to worry about as well. If hackers have gained access to your company’s systems and stolen your company’s confidential and proprietary data, this too is a crisis event that requires an immediate response. At Corporate Investigation Consulting, we have extensive experience advising companies in the aftermath of data breaches and information theft, and we can work quickly to help your company recover.

The 5 Key Components of Effective Data Breach Response

Responding to a data breach incident requires a multifaceted response focused on legal compliance and risk mitigation. With this in mind, we break down our data breach response protocol into five key components:

1. Identifying the Source of the Intrusion

First, and in many respects most importantly, it is necessary to identify the source of the intrusion as soon as possible. Until you know what vulnerability the intruders exploited and how they exploited it, you simply have no way of ensuring that any of your company’s data are secure.

When looking for the source of an intrusion, it is necessary to consider all potential contributing factors. This includes factors that are both internal and external to your company’s information technology (IT) infrastructure. Did hackers independently find a way to breach your company’s (or one of its vendors’) logical data security measures? Or, did an employee either intentionally or inadvertently supply information that offered a way in?

Our team of crisis management consultants includes several former high-ranking federal investigative agents who have extensive experience handling large-scale data breaches. We rely on the knowledge gained from this experience and industry-leading technological capabilities to quickly and definitively identify the source of our clients’ intrusions. When you do not have time to waste, you can rely on Corporate Investigation Consulting to make sure you have access to the information you need as soon as possible.

2. Assessing Ongoing Vulnerabilities

In addition to identifying the source of the intrusion, it is also imperative to assess any other ongoing vulnerabilities. While not always the case, oftentimes, if there is one shortcoming in a company’s data security infrastructure, there will be others as well. In order to ensure that your company is not unduly exposed to the risk of similar crisis events in the future, you must be confident that there are zero outstanding vulnerabilities that are capable of exploitation.

For this reason, when seeking to identify the source of an intrusion, it is important not to stop looking once the source has been identified. While this is an event that should trigger subsequent steps in the process, unless and until all possible vulnerabilities have been assessed, the examination of your company’s IT infrastructure and security measures should continue. At Corporate Investigation Consulting, we have the team and capabilities required to assist our clients with breach notification and other subsequent steps while also simultaneously continuing to scrutinize and stress test our clients’ data security systems.

3. Complying with Breach Notification Laws

Data breach notification compliance presents a significant undertaking even in the event of a relatively “minor” security failure. When hundreds of thousands or millions of consumers are affected, the burden of compliance can be extraordinary. At Corporate Investigation Consulting, we manage the data breach notification process for our clients, including the Federal Trade Commission’s (FTC) recommended steps of:

  • Assembling a team of experts that includes independent forensic investigators and legal counsel with privacy and data security expertise;
  • Securing physical areas potentially related to the breach, including taking steps such as changing locks and access codes as necessary;
  • Preventing additional data loss through all available means, including taking affected equipment offline if necessary;
  • Removing any information that has been improperly posted online, including on your company’s website and any third-party websites;
  • Interviewing the personnel who discovered the breach and anyone else who may potentially have information that is useful to assessing the source of the intrusion and the company’s ongoing cybersecurity risk;
  • Fixing all vulnerabilities, including internal and external ones, and working with the company’s forensic experts to identify and preserve all relevant data and evidence; and,
  • Notifying law enforcement, affected businesses, affected consumers, and the credit bureaus (if necessary), all as required by law.

When issuing data breach notifications, messaging is extremely important, and companies must have a cohesive communications strategy that addresses all pertinent legal, public relations (PR), and practical considerations. Our consultants can work with your company and its communications team to craft compliant data breach notifications that send the right message, and we can assist with matters such as establishing data breach call centers, offering credit monitoring and identity theft monitoring services, and responding to negative publicity as well.

4. Remediation and Restoration

In tandem with their breach notification compliance efforts, companies must also undertake adequate measures to remediate the breach and restore their databases’ security. We offer comprehensive services in this area as well, from assisting with IT vendor due diligence and contract negotiations to implementing new data security protocols on a company-wide scale. Our consultants can provide thorough recommendations for your company’s remediation and restoration efforts, and we can manage the entire process while you restore your focus on managing your company’s customer relationships and day-to-day operations.

5. Auditing, Stress Testing, and Monitoring to Prevent Future Intrusions

Once appropriate breach notification, remediation, and restoration efforts have been completed, companies must continue to assess their data security risks in real-time. New risks will continue to arise, and this means that preventing theft of company data needs to be a proactive and ongoing process.

In addition to handing the crisis management aspects of data breaches, we also assist our clients with ongoing data breach prevention. This includes conducting audits, stress testing, and monitoring our clients’ data security programs in order to ensure that our clients are equipped to prevent intrusions to the fullest extent of their capabilities. As with all of our consulting services, we tailor these ongoing data protection services to each client’s business, industry, and needs, and we maintain close contact with our clients’ data security personnel to ensure that they have the insights and resources they need in order to do their jobs effectively.

Litigation Risk and Loss Assessments Following Data Security Breaches

When data breaches occur, the costs can be substantial. This includes intangible costs such as loss of goodwill, direct financial costs such as loss of customers, and judgment liability due to ensuing litigation. For many companies, managing – and mitigating – these costs effectively can be absolutely essential.

As a full-service risk management consulting firm, we assist our clients in these areas as well. We can help you understand the direct and indirect financial impacts of a data security breach, and we can assess your company’s risk of liability in breach-related litigation. As with all matters, we take an efficient and cost-conscious approach, and our former federal agents offer extensive insights backed by decades of experience in investigations, compliance, and risk management.

Has Your Company Experienced a Data Breach or Possible Intrusion? You Need to Act Right Away

When faced with the possibility of a substantial data breach or theft of your company’s proprietary information, an immediate response is required. There is no time to waste, and any unnecessary delays can increase your company’s potential liability exposure – perhaps significantly. You need to make smart decisions based on accurate information, and you need to execute a strategy founded upon deep expertise. At Corporate Investigation Consulting, we know data security, and we know what it takes for companies to meet their obligations, exceed their customers’ expectations, and protect their bottom lines.

Discuss Your Company’s Needs with a Member of Our Corporate Crisis Management Team

For more information about our firm’s data breach response and notification services, please contact us to arrange a complimentary initial consultation. Member of our corporate crisis management team are available 24/7. Call 214-692-2171 to speak with one of our former federal agents in confidence, or tell us how we can help online now.

All practicing doctors must register with the Drug Enforcement Administration (DEA) in order to handle and prescribe controlled substances. The DEA, through authority promulgated by the Controlled Substances Act, oversees doctors’ practices with regard to prescribing this medication. If the DEA has cause to believe a doctor has engaged in conduct detrimental to the practice of medicine, then the DEA can take action against a doctor in attempt to revoke his or her prescribing authority. Any action asserted against a doctor by the DEA must be taken seriously as a successful action by the DEA can have serious impact on a doctor’s ability to practice medicine.

If the DEA suspects a doctor is abusing his or her prescribing abilities, the DEA will issue a “show cause order” against the doctor. The show cause order is not a criminal action, but rather an administrative one – meaning the doctor is not being charged with any crime. The show cause order outlines the legal grounds for which the DEA is attempting to revoke or suspend a doctor’s prescribing ability. In this outline, the show cause order must state the reason for the suspected violation on behalf of the doctor. Under the Controlled Substances, there are only certain reasons the DEA may revoke a doctor’s ability to prescribe medication. These reasons are:

  • The doctor has been excluded from participation in federally funded heath care program.
  • The doctor falsified material information in his or her DEA registration application.
  • The doctor has been convicted of either a state or federal violation relating to controlled substances.
  • The doctor is engaged in a state action involving controlled substance law and
  • The doctor has engaged in any sort of activity that goes against the public interest for prescribing medication.

Once a show cause order is received, the doctor has thirty days to decide whether to fight the accusations or accept them as described. If a doctor disagrees with the reasons for potential registration revocation in the show cause order, the doctor must either request a hearing before an Administrative Law Judge (ALJ) or waive an ALJ hearing and submit a written statement disputing the show cause order instead. Requesting a hearing in front of an ALJ usually proves to be the most beneficial way of discrediting the show cause order. Technically, a doctor also has the right to ignore the show cause order. However, if a doctor does in fact ignore the show cause order, the DEA will issue a final finding based completely on the DEA’s evidence. If a show cause order is ignored, the accusations in the order will usually become final and the doctor must deal with certain revocation of his or her DEA registration.

Sometimes, if the DEA believes a doctor’s conduct is egregious in nature, the DEA can issue an “immediate suspension order” in conjunction with the show cause order. The immediate suspension order, as it sounds, immediately suspends a doctor’s prescribing ability upon receipt. If a doctor just receives a show cause order, the doctor’s prescribing ability is not affected pending the outcome of the hearing. The DEA will issue an immediate suspension order if the DEA feels the doctor’s conduct is an “imminent danger to public health and safety.”

As stated above, most doctors will choose to fight the show cause order by requesting a hearing before an ALJ. If the request for a hearing is timely made within the 30-day deadline, the hearing request will be placed on the docket of an ALJ. Most often, once the hearing is placed on the docket a telephonic conference between the ALJ and counsel for the doctor (should he or she choose to have counsel) will occur. During this pre-hearing conference nothing of substance regarding the merits of the case are discussed, but rather simply scheduling of the hearing is done and scheduling of pre-hearing motion practice is discussed, if needed.

Before the hearing occurs, the doctor must gather evidence to refute the allegations laid out in the show cause order. The evidence needing to be gathered depends on the circumstances and nature of the allegations and experienced defense counsel can guide a doctor as to what evidence is necessary. Also, before the hearing, the doctor and counsel must confer on an appropriate defense strategy to be presented during the hearing. There is usually ample time between requesting a hearing and the actual hearing date. Doctors will not usually be forced to prepare for an ALJ hearing in a condensed amount of time.

On the day of the ALJ hearing, the doctor with his or her counsel along with counsel for the DEA will be present. Although the hearing will resemble a trial, the Administrative Law Judge is the trier of fact. There are no juries for these kinds of hearings. During the hearing, the doctor’s counsel will be able to present his or her defense to the allegations in the show cause order. Evidence, should there be any, may be entered into the record. The counsel for the DEA will also be able to present the DEA’s case as to why the allegations in the show cause order are substantiated and should be made final. Counsel for the DEA may admit evidence as well. Live witnesses (again, should there be any) are allowed and can offer testimony relevant to either side of the case.Once all testimony and evidence has been presented by both sides, the hearing is over and the ALJ takes what has been presented under advisement. A decision on the hearing is not rendered immediately following the end of hearing. Sometimes, though not required, both parties (the doctor and the DEA) submit post hearing written briefs. The purpose of these post-hearing briefs is to highlight and further explain why each side should prevail.

After the ALJ has reviewed all evidence presented at the hearing and post-hearing briefs (if any), the ALJ will render a recommended decision on how the case should be disposed of (whether the doctor or the DEA should prevail). This recommended decision is not final. Once the recommended decision is given, both the doctor and the DEA may file what are called “exceptions” to the decision. These exceptions are filed when one side, or both sides believes the ALJ made a legal or factual error when rendering the recommended decision. No new evidence may be incorporated into the drafted exceptions document. Once the recommended decision has been given and each party has had time to file exceptions to that decision, the decision and exceptions is presented for review to a DEA administrator. The administrator looks at the decision in conjunction with the parties’ exceptions and decides whether to confirm the recommended decision issued by the ALJ or rejecting the ALJ’s decision. At this stage, the decision of the DEA administrator is final. If it is the DEA administrator’s final ruling that the doctor’s DEA registration be revoked, then the registration is in fact, revoked.

Though not advisable, doctors do have the option of waiving an ALJ hearing. If a hearing is waived, then the DEA will present its evidence to the DEA administrator, skipping the step of presenting to the ALJ. No recommended decision is issued by the DEA administrator, only a final decision. If a hearing is waived, the DEA administrator will only hear the DEA’s side regarding the show cause order and most often, the DEA administrator will find in favor of the DEA.

In certain cases, doctors may be able to settle and avoid further show cause ALJ proceedings by engaging in what’s called a “corrective action plan.” Engaging in a corrective action plan is a new addition to DEA administrative proceedings. Only since 2016 have doctors who had this option. A corrective action plan is a detailed plan submitted by the doctor, usually through counsel to the DEA that states how the doctor will address and remediate the issues laid out in the show cause order. The best corrective action plans (the ones most likely to succeed) are the ones that lay out the remedial steps the doctor has already taken to address the show cause issues. The corrective plan, if accepted by the DEA will affirmatory dismiss any further proceedings against the doctor and the case will not proceed to a hearing. If a doctor received an immediate suspension order with his show cause order, he or she is not eligible to submit a corrective action plan and the only way to dispute the allegations is to proceed to a hearing.

Due to the intricacies involved in the ALJ process, any doctor who is served with a show cause order should hire experienced defense counsel to represent his or her interests. A doctor who loses his or her ability to prescribe medication will be severely limited in the practice of medicine. Although the DEA administrative process does allow for doctors to represent themselves (“pro se”), this self-representation is never advisable when your career is on the line.

Get an experienced Corporate Investigation Consulting consultant on your side to advise you on how to proceed regarding the DEA’s administrative law procedures.

Call us at (866) 352-9324 or contact our office for a free consultation.

National Security & Espionage

If Your Company Has Been Implicated in a Threat to National Security or is the Target of Espionage, There is No Time to Waste. The Risks in These Situations Can Be Substantial, and Indecisiveness Can Be Extraordinarily Costly.

Among all of the federal government’s top law enforcement priorities, none are higher on the list than combatting threats to national security. For most companies most of the time, this is of little practical importance when it comes to their internal management and day-to-day operations. Most companies’ business operations do not touch on issues of national importance; and, even among those that do, their compliance policies and security protocols will usually keep them safe from federal scrutiny. But, when issues arise, the stakes can be extremely high, and immediate responsive action is required.

What happens when you receive a federal subpoena? What happens when federal agents show up at your company’s offices, demanding information in relation to a matter of national security? If this is the situation in which you find yourself, you need to consult with a team of experienced professionals immediately.

Our Former Federal Agents have Deep Experience in Matters of National Security

At Corporate Investigation Consulting, our corporate crisis management team is led by former federal agents who have deep experience in matters of national security. This includes experience in both the public and private sectors, and it includes matters ranging from domestic corporate investigations to protecting the United States against terrorism overseas. As a result, we have a unique perspective on what is at stake for corporations in matters of national security, and we know what corporate leaders need to say and do in order to mitigate their – and the country’s – risk in these extraordinarily complex and high-stakes matters.

Corporate Crisis Management Consultants Helping Companies Make the Right Decisions Regarding National Security Threats and Espionage

With regard to matters of national security and cases of espionage targeting corporate assets, our corporate crisis management team offers a full suite of consulting services focused on helping our clients appropriately engage with federal authorities while also protecting their own interests. Relying on our former federal agents’ decades of experience handling national security issues, we provide actionable advice and defense strategy recommendations designed to mitigate our clients’ risk and favorably resolve federal inquiries as efficiently as possible.

With our former federal agents’ national security backgrounds, we are able to consult with clients in all types of scenarios. This includes scenarios such as:

  • Cyberattacks that Result in Sensitive Corporate Data Being Compromised – From government contractors to biopharmaceutical research and development companies, many different types of corporate entities possess sensitive data which foreign interests may try to exploit. If your company has been targeted in a cross-border cyberattack seeking access to government or military-related information or novel research, our corporate crisis management team can help you respond appropriately.
  • Cyberattacks Targeting Government Contractors that Possess Classified Information – Government contractors that possess classified information, or that possess credentials for accessing classified information, are prime targets for foreign entities seeking to gain access to national secrets. As foreign entities are increasingly becoming more sophisticated in their cyberattacks, government contractors are constantly having to upgrade their cybersecurity measures in order to mitigate their risk of infiltration.
  • Physical Theft of Sensitive Corporate Data and Classified Government Information – While many threats to national security come in the form of cyberattacks, physical theft is also an issue for companies that possess sensitive and classified information. From employees to unaffiliated foreign nationals who are in the United States to target vulnerabilities in companies’ security protocols, risks for physical theft can present themselves in various was as well.
  • Foreign Government and Corporate Espionage Targeting U.S. Government Contractors – Espionage conducted by and on behalf of foreign governments and other foreign entities is a risk that few companies actively plan against. Yet, it is a very real concern for many corporations, and even those that undertake reasonable efforts to prevent espionage can find themselves implicated in situations involving threats to national security.
  • Import and Export Issues with National Security Implications – Companies that import and export raw materials, products, and data are vulnerable to attack by foreign entities with nefarious intentions. From exporting (or reexporting) assets or information to organizations in watchlist countries to importing goods that have been compromised by foreign entities, importing and exporting are activities that the federal government heavily scrutinizes for potential threats to national security.
  • Business Dealings with Specially Designated Nationals and Other Blocked Entities – Doing business with specially designated nationals (SDNs) and other blocked entities can raise national security concerns as well. The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) is one of the primary federal enforcement authorities in this area, but various other agencies and departments investigate suspect transactions as well.
  • Attacks Targeting U.S. Companies’ Overseas Operations and Facilities – In addition to domestic attacks, companies with overseas operations and facilities must also adequately protect against the risk of attacks targeting their foreign assets. With our global capabilities, we are able to effectively assist companies with matters of national security in countries around the world.
What We Do: Helping Companies Respond to Espionage and Other Threats to National Security

In the areas of national security and espionage defense, we offer comprehensive assistance with all aspects of emergency response and corporate risk mitigation. This includes conducting investigations and advising corporate executives and boards of directors with regard to:

1. Identifying the Point and Means of Intrusion

Unless the circumstances dictate otherwise, our first priority will be to identify both the point and the means of intrusion. Once we determine how and where your company’s security systems failed, we can then assess what steps are necessary in order to reestablish your company’s secure physical or logical perimeter. This is an area in which our former federal agents specialize, and we have the technological tools and resources required to understand even the most complex of foreign infiltration schemes.

2. Assessing the Information that has Been Compromised

In addition to determine how your company’s security was compromised, we will also determine what information was compromised. This is absolutely critical in order to assess the full scope of the threat to your company and to the nation’s security. Once again, we have the capabilities required in order to do this efficiently, effectively, and without any questions being left unanswered.

3. Interfacing with Federal Law Enforcement Authorities

Our former federal agents can advise your company’s leadership and key personnel with regard to any direct communications with federal law enforcement authorities, and we can handle much, if not all, of this communication on your company’s behalf. While it is important for your company to be forthcoming, it is also important that your company not unnecessarily share any information that could enhance its risk of litigation.

4. Establishing Defenses to Individual and Corporate Liability

If there are indications that the government may be implicating your company in the national security threat due to inadequate security or other compliance failures, our corporate crisis management team can gather the evidence needed to defend against any allegations that may be forthcoming. We can also strategize with your company’s leadership and legal counsel in order to resolve any inquiries prior to enforcement action being taken.

5. Mitigating Risk Due to Security and Compliance Failures

If our investigation uncovers a security flaw or other compliance failure that either directly or indirectly contributed to the national security threat at issue, we can advise your company regarding the steps that are necessary to mitigate any potential resultant risk exposure. Our former federal agents have extensive experience on both sides of federal law enforcement matters in this area, and we can use this experience to help you develop and execute a strategy focused on protecting your company’s assets and personnel.

6. Establishing and Implementing Appropriate Safeguards Against National Security Threats

Regardless of whether and to what extent any security flaws or other compliance failures may or may not have contributed to the breach, at this point, your company needs to make security and compliance top priorities. In addition to advising companies with regard to corporate crisis management, we also consult with companies nationwide with regard to all aspects of data security implementation and federal statutory and regulatory compliance.

7. Continuous Monitoring for Vulnerabilities and Enhanced Security Needs

Once your company’s security protocols and compliance policies and procedures have been fully implemented, we can provide ongoing monitoring, stress testing, and auditing services to ensure that they retain their effectiveness. We can also advise you when new developments necessitate upgrades and updates; and, in doing so, we can give you confidence that your company is taking the steps necessary to appropriately mitigate its risk of being targeted by foreign influences seeking to compromise the United States’ national security.

Contact Corporate Investigation Consulting Today

If you need to speak with one of our former federal agents about a security breach with national security implications, we encourage you to contact us immediately. Members of our corporate crisis management team are available to respond 24/7. Call 214-692-2171 to reach us by phone, or tell us how we can reach you and a member of our team will be in touch shortly.

Litigation Threats

When Litigation Threatens Your Business, All Options Need to Be On the Table. An Immediate and Effective Response is Required, and You Must Be Prepared to Fight to Protect Your Company if Necessary.

Litigation is a part of doing business, but companies can – and should – control their risk when litigation threats arise. At Corporate Investigation Consulting, we help companies control their risk by investigating and evaluating internal and external litigation threats swiftly, cost effectively, and discretely. If your company is facing a potential lawsuit or government enforcement action, you need to act prudently, and you do not have time to be indecisive. We can help you make informed decisions focused on protecting your company and its shareholders by all means available.

Our team of former federal agents, including former Supervisory Special Agents with the Federal Bureau of Investigation (FBI), brings unparalleled experience to helping our clients uncover and assess litigation threats in real time. Relying on decades of federal investigative experience, our litigation consultants are able to quickly identify issues and assess both the likelihood of litigation and the likelihood of a lawsuit being successful given the evidence that is available.

We Help Companies Avoid Unnecessary Risk When Litigation Threats Arise

When facing the prospect of litigation, companies must focus their efforts on avoiding any and all unnecessary risks. This means identifying the issues that are at play in the litigation, identifying any issues that might come into play, and promptly assembling an effective pre-litigation defense strategy. Our former federal agents help our clients gather the intelligence they need and then help them develop strategies for fending off potential liability due to matters including:

Shareholder Derivative Litigation

Discontent among small or large groups of shareholders can breed contentious disputes that eventually lead to shareholder derivative litigation. If you have concerns that a group of your company’s shareholders – even a small minority – may be considering a derivative action, you must gain the insights required in order to address their concerns before they resort to the judicial process. While it may ultimately prove impossible to dissuade them from moving forward, your company owes an obligation to its other shareholders to protect its financial interests in the most cost-effective way possible.

Breach of Fiduciary Duty and Other Internal Matters

Breaches of fiduciary duty by executives, board members, and other corporate insiders can cause significant financial losses and place a stain on the company’s reputation with vendors, customers, and the public at large. In order to prevent the situation from worsening, and in order to protect any corporate opportunities that may be at risk of being lost, companies must promptly investigate instances of possible fiduciary breaches and take appropriate remedial action immediately. The same holds true for other similar types of internal litigation threats as well.

License, Franchise, and Distributorship Disputes

Disputes with licensees, franchisees, and distributors can present a number of different risks depending upon the specific issue (or issues) involved. Our litigation consultants can determine the underlying cause of licensees’, franchisees’, and distributors’ issues, and we can determine whether these issues are isolated to a particular subset of entities or present a litigation threat on a system-wide basis.

IP Infringement and Breach of Confidentiality

Instances of intellectual property (IP) infringement and breaches of confidentiality can present immediate and substantial risks to companies’ valuations. On the same token, allegations of IP infringement or failure to protect another company’s confidential information can create the risk for substantial civil liability. We help our clients quickly get their arms around issues involving third-party infringement and confidentiality breaches; and, when necessary, we help our clients gather the evidence needed in order to build strong cases against allegations of IP infringement or breach of confidentiality.

Vendor Disputes

Disputes with vendors can not only be costly in terms of direct expenditures on litigation, but they can also threaten to disrupt companies’ day-to-day operations and prevent them from meeting their obligations to their customers. If your company is facing a potential dispute with a vendor, our former federal agents can work to quickly gather the information you need to assess the vendor’s claims as well as any potential counterclaims that your company may be able to leverage in order to achieve an efficient pre-litigation resolution.

Customer Complaints

Customer complaints present obvious risks for companies of all sizes, but they present some not-so-obvious risks as well. These litigation threats require a unique and particularly-sensitive approach, and companies must gather intelligence and make strategic decisions without engendering unnecessary hostility that could unduly threaten the customer relationship.

At Corporate Investigation Consulting, we are sensitive to the unique aspects of customer-related litigation, and our litigation consultants are skilled at helping companies protect their bottom lines while also protecting their relationships with their customers. Whether your company is facing a complaint from a single high-value customer or you are facing the prospect of multiple claims in multiple jurisdictions across the country (or around the world), we have the tools you need to make the right decisions moving forward.

Employment Litigation

Employment-related litigation presents particular challenges for companies as well. While companies must protect themselves, they must also take adequate steps to demonstrate that they are taking their employees’ complaints seriously. While they must investigate and arrive at a substantiated conclusion regarding the merits of employees’ allegations, they must also be prepared to put the full weight of their resources behind defending against allegations of harassment, discrimination, wage and hour violations, contract breaches, and other alleged corporate wrongs. Our former federal agents utilize their vast investigative experience to assess the veracity of employee complaints and then help our clients strategize accordingly.

Contract and Deal Disputes

Disputes arising out of mergers, acquisitions, and other business deals can present risks for substantial exposure, and these disputes also require a unique, strategic, and nuanced approach. We represent companies facing litigation threats as buyers, sellers, financiers, third-party service providers, and in other capacities in relation to large-scale transactions with the potential for significant financial losses. As with all types of litigation threats, prompt investigation and assessment are critical, and our former federal agents can make themselves available immediately if a failed transaction is threatening your company’s viability as a going concern.

Product Defect and Consumer Claims

Product defect, consumer fraud, premises liability, personal injury, and wrongful death claims can present significant liability risks; and, although these claims will generally be covered under companies’ insurance policies, companies must still defend against them in order to protect their finances and maintain their standing in the marketplace. If your company is facing potential litigation due to an alleged product defect or other consumer-level claim, our former FBI agents can examine the facts involved and determine to what extent your company’s leadership needs to be concerned about the prospect of facing judgment liability.

Class Action Litigation

Consumer and employee class action litigation can threaten the viability of companies of all sizes and in all industries. We help our clients assess class action litigation risks through intensive, detail-oriented investigations and effective risk management consulting. If your company is facing the potential for class action or multi-district litigation, you have no choice but to respond to the threat immediately. At Corporate Investigation Consulting, we can help you assess the threat from all angles and choose the best path forward.

Whistleblower Claims

Whistleblower claims under the False Claims Act (FCA) and other federal statutes present two litigation threats: The government can choose to intervene in the case and prosecute directly; and, if the government declines to intervene, the whistleblower can proceed with its case independently in federal district court. As former federal agents, our consultants have deep experience in federal whistleblower matters, and we can utilize this experience to your company’s advantage.

Civil Enforcement Litigation

With prior federal government experience, our consultants also offer unique insights for civil and criminal enforcement matters. On the civil side, we advise companies in all industries facing civil monetary penalties (CMP), treble damages, government attorneys’ fees, loss of registration, loss of federal program eligibility, and other penalties due to alleged violations of the FCA and other statutes. When our clients are targeted in federal investigations, we take a proactive approach focused on achieving a favorable result prior to the commencement of formal civil enforcement proceedings.

Criminal Enforcement Litigation

We advise corporate clients, company owners, company executives, and board members that are facing criminal federal investigations as well. For obvious reasons, criminal enforcement matters require an immediate and highly-strategic response, and our former federal agents have the knowledge and insights our clients need in order to make informed decisions from day one of the government’s investigation. We can help you regardless of the specific allegations at hand, and we can utilize our consultants’ past federal government experience to ensure that your company’s (and your personal) risk of facing criminal enforcement litigation is as minimal as possible.

Speak with a Litigation Consultant at Corporate Investigation Consulting

Regardless of the specific threat against your company, if you are facing the prospect of costly litigation, you must respond appropriately. At Corporate Investigation Consulting, we have the experience, insights, acumen, and business savvy your company needs in order to make informed decisions focused on cost-effective litigation avoidance. To discuss your situation in confidence, call 214-692-2171 or tell us how we can help online now.

WordPress Lightbox