Investigations by industry regulators can be highly complex, especially in a pan-African context involving multiple jurisdictions. It is vital that organisations plan how to best manage their response to an investigation to limit the negative consequences on the business.
Regulators tend to become involved for 2 main reasons:
- Self-reporting An organisation may have self-reported, perhaps on legal advice following an internal whistleblowing event. In this case, the organisation is in control. The alternative scenario is that regulators have become aware of an issue through an external party – often the losing bidders in a tender process or disgruntled former employees. Greater harm can potentially arise out of these scenarios, as they often come as a surprise. Sometimes, information emerges regarding issues in an entire sector, such as finance or pharmaceuticals, causing a widespread investigation.
- Competitor tactics Rivals in some sectors may seek to put competitors into a damaging position. The tactic can divert attention away from a business that is up to no good or is attracting negative press – making it look as if they are the good guys, co-operating with the regulators by whistleblowing on everybody else. This trend, which can be seen across Africa, has been accompanied by a number of governments (e.g. Nigeria, Kenya, Senegal) taking a strong public stance on bribery and corruption issues. The combination of these factors, and in particular the need for these vocal governments to back up their words with actions, clearly creates a situation where the investigation of large corporates is not only likely, but a politically motivated certainty.
Mismanaging a regulator investigation can cause harm to a business not only in terms of financial or other penalties, but also in relation to business continuity, reputation and share price. A co-ordinated approach is essential to manage this, as the different regulatory environments across African countries can result in the involvement of multiple national agencies.
How an organisation first responds to an investigation can affect what it may end up being prosecuted for, or whether the regulator is satisfied there is no case to answer. Organisations need to be able to show they acted appropriately from the start. Shifting immediately from standard management processes to crisis management is vital, as standard processes are likely to be too cumbersome to enable a timely response.
Some organisations are alerted to a corruption investigation only when law enforcement authorities arrive unannounced. Often a team of lawyers, policemen and accountants make a dawn raid. Organisations can be left exposed if company directors are not present and if nobody knows how to manage the situation.
Clearly defined roles and responsibilities are therefore pivotal, ensuring staff know:
- What they need to do
- Who to call
- Legalities – what they can and cannot do
Dawn raids are a growing concern for African businesses, as there have been at least 6 so far this year in South Africa alone – predominately in relation to cartel investigations.
Good governance and an effective crisis management plan staffed by the right team will enable an organisation to address scenarios ranging from evacuating staff from a war zone to dealing with potential exposure to regulators. Whilst the expertise needed for each scenario is different, both should be addressed through a shared crisis management framework.
All organisations with proper governance should have crisis management plans. Surprisingly however, some large enterprises will admit to having either no crisis management plan in place or one that has been rendered outdated by events such as mergers and acquisitions.
Not only must crisis plans be kept current, it is also best practice to regularly exercise the crisis management team with realistic scenarios relevant to the organisation. It is one thing sitting in a room and doing a workshop about an event, yet quite another to simulate a real life raid with an element of panic and immediacy.
It is pointless managing a crisis successfully if no business is left at the end of it. Crisis management must be separated from ongoing business management if both are to operate effectively. A crisis can strike at any level and regulators could descend on any office. It is possible that regulators could be in the building that houses the people who would normally run the crisis management, meaning organisations must look for alternatives and build resilience into their plans.
Resources – what organisations need in place
The crisis management team for each organisation is best placed to determine what resources their particular organisation will need once faced with a live investigation, which may include external resources. In any investigation, most organisations will be able to tap into established external legal support. Technical support may be required however for: crisis communications, forensic accounting and forensic computing.
Investigations tend to generate numerous documents, emails and accounting records. It is essential to have a structure in place for storing, searching and managing all the data and documents generated in the investigation. Companies often do not have the internal capacity to do the necessary e-discovery on this amount of documentation.
Local law, culture and language skills may be required. This may have to be outsourced if employees who could otherwise help are themselves under investigation. If the organisation does not have framework agreements in place for that type of support, this will cause unwanted delays in responding to the regulators, which is potentially harmful. Political and security risks may also arise during an investigation. In certain countries, the business community, including third parties that may be implicated in an investigation, is closely associated with the political establishment. As a result, it is important to ensure that while the regulators are kept happy, the company does not do lasting damage to its future operations in the country.
Communicating good decisions
Crisis management is about applying expertise effectively and making good decisions, but if the organisation does not communicate these well, its reputation may still be damaged. An organisation’s Corporate Communications team should work hand-in-hand with the crisis management team, who will be making decisions about what to do, and then communicate those decisions honestly with appropriate messaging to internal and external stakeholders locally and to the wider world. With the correct preparation and communication, a corruption investigation need not become a crisis.
Advice for investigation readiness:
- Business analysis – start with a thorough business analysis to inform the crisis management plan.
- Roles & responsibilities – ensure everyone in the company knows about the plan and their role within it in the event of a corruption investigation.
- Data – know where your data is and who has custody of it. Ensure people are clear about the legal implications of securing, destroying or moving documents and data.
- Audit – once the plan is in place, keep it up to date through scheduled audit and review.
- Training – keep your crisis management team prepared with regular training exercises.