If you are a director or a board committee or special committee member, and you are relying on an internal investigation, or you are involved in or exercising oversight of an internal investigation, have you thought about the desired qualifications and characteristics of the investigator or of the people who are involved in or helping with the investigation?

If you are a director or a board committee or special committee member pursuant to the business judgment doctrine and various statutes you may rely on other people including information provided by other people (1) only if you believe those people are reliable and competent in the matters that they are addressing, (2) only if your reliance is in good faith, after reasonable inquiry as warranted by the circumstances, and (3) you do not have knowledge that would cause reliance to be unwarranted.

So what are the qualifications and characteristics that you might look for in a person who is going to perform an internal investigation on which you are going to rely? I say, what qualifications and characteristics you might look for, because no legal bright line or mandatory list exists. And, of course, no two internal investigations are identical.

The following are the initial questions that I would be asking, and the initial qualifications and characteristics that I would be evaluating. What do you think?

1. What is being investigated? What issues and factual situation or situations?
2. Why is it being investigated? What has prompted or required the investigation?
3. Who will use or be relying on the investigation?
4. Should the investigation be legally confidential, such as protected by the attorney client and/or work product privileges?
5. Is it possible that you will want or be required to disclose the investigation to the public or outside sources, and its processes, results and report?
6. What is the investigation process? Is there a specific required investigation process. Is the proposed investigation process reliable? How will other people who are skeptical of the investigation view the process and its reliability?
7. Is the proposed investigator independent? Will the proposed investigator be viewed as having a conflict or bias?
8. Is the proposed investigator sufficiently experienced in the subject matter area such as employment, FCPA, accounting, internal controls, product liability, fraud, securities, and the product, service or occurrence at issue?
9. Is the proposed investigator sufficiently experienced in doing investigations and questioning people?
10. Does the proposed investigator have the appropriate demeanor and approach?
11. Can the investigator write well?
12. Is the investigator knowledgeable about the pertinent burdens of proof and standards of care for the occurrence being investigated?
13. Will the investigator be able to comment about additional facts or evidence that might be needed?
14. Presumably an end result or opinion will be required – is the investigator qualified to not only collect but also to analyze, evaluate and quantify the facts and evidence obtained and still unknown?

* * * * *

In its April 9, 2014, the SEC announced charges and a settlement with HP for alleged FCPA violations by foreign subsidiaries. Not much to say here – the list of SEC FCPA actions for alleged foreign violations is getting long. CEO’s, CFO’s, management, employees, internal audit, and boards/audit committees, get your house in order.  But let’s also acknowledge that if there is an intent by an employee, agent, affiliate, etc. to engage in bribery or kickbacks it cannot be said that it is always possible to prevent those actions – the actions, events and allegations need to be investigated and evaluated on a case by case basis.  Simply because a violation might have occurred does not and should not automatically determine liability or that risk management, internal controls, oversight, etc. were improper, i.e., below the standards of care. I say “standards” of care, because there are different standards depending on the different positions and functions and access to information of the various different people involved.  And, of course, a violation or liability by itself does not establish damages or the amount of damages.

That having been said, the following is a quote from the SEC’s press release – and this quote certainly is correct.

“The company’s books and records reflected the payments as legitimate commissions and expenses,” said Kara Brockmeyer, chief of the SEC Enforcement Division’s FCPA Unit.  “Companies have a fundamental obligation to ensure that their internal controls are both reasonably designed and appropriately implemented across their entire business operations, and they should take a hard look at the agents conducting business on their behalf.”

Working to ensure that FCPA violations don’t occur needs to be an ongoing, well thought out, designed, implemented and monitored process.

The following is the link to the SEC’s press release, click here.

Dave Tate, Esq. (San Francisco and California)

The following is a link to an article by A2L Consulting about using silence in litigation – at depositions, in voir dire, and more, click here.  And another approach – sometimes at deposition a client deponent needs time to think before answering – it is important that he or she is comfortable with the silence and knows that it is okay.

Dave Tate, Esq. (San Francisco)

I hope you were able to see some of GM’s Mary Barra’s televised congressional testimony this week. From a legal defense perspective her testimony was acceptable except possibly for one statement – when she said that GM was moving or had moved from a cost culture to a consumer culture.  I would not have advised that approach or statement.

But Ms. Barra’s testimony was a missed opportunity as she was unable or unwilling to discuss even the most elementary facts relating to the number of vehicles sold compared to the number of vehicles with alleged or actual problems, some information about what is being done to evaluate and determine causation and damages and to resolve cases as each case must be looked at separately, and perhaps new risk management, quality and safety processes that are now in place.  And certainly I must believe that GM did have some risk management, quality and safety processes in place originally, even if they were inadequate.

Clearly there are issues and facts that Ms. Barra could not discuss either because she did not know or because further evaluation and investigation were needed or because of legal and liability consequences. But there should have been sufficient time to prepare Ms. Barra for more testimony than she gave.  And her unwillingness or inability to discuss even elementary facts that aren’t in dispute, even facts that could be seen as helpful to GM or helpful in getting GM out of this mess, risk leaving Ms. Barra looking ineffective and un-executive and arguably may further arguments of possible coverup or at least lack of transparency.

I will have more to say on resolving this mess in later posts.  For now, you can find additional discussions and videos on the internet.  And here are two links to articles following Ms. Barra’s testimony: click here, and click here.  And click here for an article about an unscientific test of the ignition switch – perhaps explaining the issue in a better perspective with information that might have also been available to Ms. Barra and her advisors.

Dave Tate, Esq. (San Francisco)

The following is a link to a new discussion by Norman Marks about risk appetite and risk tolerance that you should read, click here.

People who have read my prior posts know that I do not like the terms risk appetite and risk tolerance as they are evaluations that plaintiff attorneys might use to imply that the executives, board and company determined that an injury or accident level, number or severity was acceptable.  That having been said, the terms risk appetite and risk tolerance are the terms that currently have become accepted.

If you would like to connect on LinkedIn, the following is my LinkedIn page, http://www.linkedin.com/in/davetateesq  (click on the down arrow to the right of the box for sending an email and you should see a link to connect).

Thank you, Dave Tate, Esq., San Francisco, http://tatetalk.com

Audit Committee Self-Evaluation – click on the following: Audit Committee Annual Self-Evaluation Form David Tate Esq 10112013

Dave Tate, Esq. (San Francisco)

This is part two of two discussions about California trustee investment and management responsibilities. This is a complicated topic. Each situation needs to be evaluated on its own. Most likely no two situations are the same. You should consult legal counsel.

Unless the trust states otherwise, the trustee should invest the trust property, preserve it, and make it productive. You can refer to Probate Code §§16000, 16006-16007 and 16046(b).

Unless the trust states otherwise, the trustee should diversify the trust investments unless, under the circumstances, it is prudent not to do so. You can refer to Probate Code §§16046(b) and 16048.

If a trust has two or more beneficiaries, the trustee should deal impartially with them and should act impartially in investing and managing the trust property, taking into account any differing interests of the beneficiaries. You can refer to Probate Code §16003.

Sometimes beneficiaries may have conflicting interests. When two or more income beneficiaries have different personal income tax brackets, generally the trustee should strike a balance between them when determining how much to invest in certain assets. However, the trustee might be allowed to prefer one class of beneficiaries over another if the trust terms direct—this can be a difficult area and cause litigation concerns. You can refer to Probate Code §16000.

Subject to the terms, intent and purposes of the trust, the trustee should follow the Prudent Investor Rule and make the trust property as productive as possible under the circumstances. You can refer to Probate Code §§16007 and 16046. Compliance with the Prudent Investor Rule is determined in light of the facts and circumstances existing at the time of a trustee’s decision or action and not by hindsight. You can refer to Probate Code §16051.

A trustee has the authority to make investment decisions as provided by the intent and wording of the trust, as provided by statute, and as required by the trustee’s legal standards of care, the interests of the beneficiaries, and the Prudent Investor Rule. You can refer to Probate Code §§16200, 16202, 16220-16244, 16040, 16046 and 16047.

Whether the trustee should use the services of a professional investment advisor is another issue to consider. It depends on the facts and circumstances. This topic also gets into prudent delegation of duties and how hiring an investment advisor could help protect the trustee from investment decision liability. This is a topic covered in other discussions. You can refer to Probate Code §16012.

Part one contains the remaining discussion.

Dave Tate, Esq., http://tatetalk.com

CALIFORNIA TRUSTEE INVESTMENT AND MANAGEMENT RESPONSIBILITIES
(Part 1 of 2)

This is part one of two discussions about California trustee investment and management responsibilities. This is a complicated topic. Each situation needs to be evaluated on its own. Most likely no two situations are the same. You should consult legal counsel.

The trustee has the duty to invest trust property for the benefit of the beneficiaries, subject to restrictions or limitations stated in the trust. The trustee’s investment powers are provided by the terms of the trust. Always read the complete terms of the trust first. If not derived from the trust, the investment powers are also derived by statute, case law and the factual circumstances. You can refer to Probate Code §§16200(a) and (b) and 16047. Generally, the trustee has the duty to make trust assets economically productive.

The trustee is subject to the Uniform Prudent Investor Act, unless the trust provides for a greater or lesser standard of care. You can refer to Probate Code §§16045 through 16054. The trustee should carefully read the trust terms and the Uniform Prudent Investor Act.

A trustee should invest and manage the trust assets as a prudent investor would, by considering the purposes, terms, distribution requirements, and other circumstances of the trust. The trustee should exercise reasonable care, skill, and caution.

A trustee’s investment and management decisions relating to individual assets and courses of action are evaluated in the context of the trust’s portfolio as a whole and as a part of an overall investment strategy reasonably suited to the trust’s risk and return objectives.

Pursuant to Probate Code §16047 the trustee should or may consider such matters as economic conditions, inflation or deflation, tax consequences, the role of each investment or action within the overall trust portfolio, the expected rate of return from income and appreciation, other financial resources of the beneficiaries known to the trustee, needs for liquidity, regularity of income, preservation and appreciation of principal, and asset special value or relationship to the purpose of the trust or the beneficiaries.

The trustee should locate and take possession of the trust assets, and develop an investment strategy suited to the purpose of the trust. You can refer to Probate Code §§16006 and 16049.

Part two contains the remaining discussion and will be posted shortly.

Dave Tate, Esq., http://tatetalk.com

This post is about the new Ninth Circuit Obsidian Finance Group v. Cox defamation/blogger case that people and businesses should know about as it is possible these days for almost everyone to widely broadcast statements and opinions.  You can also see the text version of this discussion posted below the following video.

Generally defamation is defined as a false statement of fact not opinion that is negligently made or that the person making the statement knew was false or had or should have had serious doubts about the truth of the statement.

This is a private alleged defamation case –meaning that Cox was not a journalist or a member of the institutionalized news media or press. You might be aware that different standards of proof may apply when the traditional news media or press is alleged to have committed defamation.

Importantly, the court held that it is the public-figure status of the plaintiff and the public importance of the statement at issue – not the identity of the speaker – that provides the First Amendment free speech protections.

The rights of the institutional media are no greater and no less than those enjoyed by other individuals engaged in the same activities.

The Court found that Cox’s alleged statements were of public concern essentially because they alleged a crime or defrauding investors, and the post was not solely in the interests of the speaker or her business audience, was published to the public at large, and was not like advertising.

This is important because the jury should have been instructed that it could not find Cox liable unless it also found that Cox acted negligently.

The Court further held that the trial court should have instructed the jury that it could not award presumed damages unless it found that Cox had acted with actual malice.

Finally, using a three-part test the Court determined that viewed as a whole the statements were not actionable assertions or impressions of objective fact as compared to opinions, figurative or hyperbolic language, or sufficiently factual in nature or susceptible of being proved true or false.

Thus, the Ninth Circuit confirmed some defenses and benefits for bloggers. But of course many of these types of cases present questions of fact to be determined by the jury where the outcome can be different in each case.

Cases involving alleged defamation are on the rise. You need to be careful with what you say.

That’s it for now.

Dave Tate, Esq.

Blog posts and videos emphasizing new developments, people’s actions, the crossover in legal, risk, governance, business, accounting and other topic areas, and what it means. Please follow this blog by clicking “Follow” to the left, and you can find my LinkedIn, Twitter and other connections by clicking on the “About This Blog, Me, And My Connections” link above and to the left. Enjoy. Dave Tate, Esq. (and inactive CPA).

This post discusses new lessons from data breach shareholder derivative litigation including the actions against Target, and in particular allegations that the defendants breached internal control and risk management processes in the retail business. You can also see the text version of this discussion posted below the following video.

The January 29, 2014, complaint against Target for example is against Target, the CEO, CFO, CIO, Directors, and Audit and Corporate Responsibility Committee members for alleged breach of fiduciary duty, gross mismanagement, waste of assets, and abuse of control and ability to influence.  You can find links for a couple of the derivative complaints on the February 3, 2014 post at dandodiary.com.

Although it is 46 pages long the complaint is primarily just a long compilation of general, broad conclusory, and unsupported allegations that should be dismissed on a FRCP 12(b)(6) motion to dismiss for failure to state a claim.

Essentially what plaintiff alleges is that since there was a data breach,and everyone knows that all companies are at risk these days for data breaches, due to their positions of authority and control, including internal controls, and also based on Target statements and internal charter wording, such as the audit committee charter, defendants thus of course just naturally ipso facto must have breached their duties and responsibilities.

This of course isn’t a legally recognized standard of care. Nor do the allegations negate the defendants’ business judgment rule protections or establish breach of a community standard.

On the other hand, the complaint admits that there are at least 19 different standards for data security, and even the primary PCI standard cited by plaintiff is broad, vague and lacks specifics.

Plaintiff also fails to plead specific factual evidence of the data security that Target did have in place, or specific required security actions that it failed to satisfy, or that the individual defendants were specifically responsible for the tasks.

Allegations that internal controls and risk management weren’t sufficient can be made in every situation, but don’t establish breach of a specific community standard. The new COSO internal controls for example contain 17 broad principles that could be alleged to cover almost everything.

Of course it isn’t possible to stop all data breaches. And a data breach isn’t proof of a standard or a breach of duty. The sufficiency of post-breach consumer notification is more of a specific evaluation.

Plaintiff’s complaint does remind us that companies, officers, directors and board committees should be careful about the things that they say that they will do, and in their charters, as those statements might be alleged against them later.

That’s it for now.

Dave Tate, Esq.

Blog posts and videos emphasizing new developments, people’s actions, the crossover in legal, risk, governance, business, accounting and other topic areas, and what it means. Please follow this blog by clicking “Follow” to the left, and you can find my LinkedIn, Twitter and other connections by clicking on the “About This Blog, Me, And My Connections” link above and to the left. Enjoy. Dave Tate, Esq. (and inactive CPA).