May 21, 2019
This article addresses best practices for responding to investigations by the USAID Office of Inspector General (OIG) and conducting internal investigations when there have been allegations of non-compliance. It follows and builds upon another article published in the May 2019 issue of NGO Financial Newsletter: Getting Disclosures Right: Navigating Risks and Inconsistencies Between Regulations and Agency Expectations.
Why is this important? We were called in as counsel for the Academy for Educational Development after its internal investigation and relationship with the OIG had irreparably soured. We saw first-hand how a situation, which started with relatively minor bad facts, transformed into a crisis due to the handling of the investigation and coordination with the OIG.
Since then, we have seen other circumstances – far too many – where a USAID contractor or award recipient (collectively “implementing partners”) were similarly mishandling an OIG investigation and heading toward a potentially-catastrophic outcome. In most of those matters, a change of approach to was able to save the implementing partner time, money, and reputational damage.
This paper highlights some of the considerations that – in our experience as investigators, auditors, and lawyers working with USAID – are of paramount importance for cooperating with the OIG while conducting an internal investigation to protect the organization.
For most sophisticated defense contractors, OIG and internal investigations are a routine and necessary part of business. Most implementing partners, however, are not as accustomed to these stressful circumstances. Some entities are not even aware why an investigation is needed and the purposes they are designed to achieve.
As explained in our first article, Federal regulations mandate disclosures in certain circumstances and anticipate some level of investigation before those disclosures occur. Indeed, the Federal Acquisition Regulations require that contractors have procedures to detect, process, investigate and assess possible violations. See FAR 52.203-13. So, investigations are built right into the regulatory standards for being an implementing partner.
Implementing partners and the OIG share some of the same objectives in investigating, but their respective purposes and perspectives are not coterminous.
The government’s responsibility, specifically the Office of Inspector General (OIG), is to combat fraud, waste, and abuse on government programs. When the OIG receives an allegation, its investigators must evaluate every complaint received and make an initial determination: take no action or open a complaint for further inquiry, or initiate investigative activity and formally escalate a complaint to an opened case matter.
Where the OIG finds that wrongdoing has occurred, it refers the matter to the appropriate authority/authorities:
- To the Department of Justice to bring a criminal or False Claims Act case;
- To USAID’s Compliance Division in the Office of Management Policy, Budget and Performance to consider suspension and/or debarment action;
- To the contracts or grants official to disallow costs, terminate an award or funding, or other administrative relief;
- To domestic or international local law enforcement offices for prosecutorial action.
Together, the end goals of the OIG’s investigations and referrals are to identify wrongdoing, punish wrongdoers, make the government whole, and deter future misconduct.
Implementing partners facing an allegation of wrongdoing may share these same end goals but also have their own objectives and perspectives. Putting aside whether implementing partners are required to investigate, they should conduct their own investigations for good reasons:
- The amount of disallowances due to non-compliance can continue to grow while an OIG conducts its investigation, and failure to take reasonable steps to detect and stop ongoing violations can increase the chances of a False Claims Act case. An implementing partner wants to identify any wrongdoing as quickly as possible and put an end to it, to contain the financial and reputational harm to the government and the organization.
- Short of criminal or civil liability, or in conjunction with it, partners could also face potential suspension and debarment action for not operating as a responsible partner.
- An implementing partner needs to understand where its internal controls failed and identify remedial and corrective measures to preclude future violations.
- The complaint to the OIG may be meritless, and an early internal investigation by the implementing partner may establish this, saving resources for both the government and the implementing partner.
- An implementing partner that independently gathers and analyzes the facts inspires more trust from the government.
- A credible internal investigation can put the implementing partner on more solid factual ground to help counter incomplete assertions made by the government. It can also provide stronger defenses to mitigate liability when the matter is referred to the Justice Department, USAID’s Compliance Division, and/or the contracting or grant official.
While an internal investigation can be costly, a typical Directors & Officers Insurance policy will often pay for reasonable costs – particularly when conducted in coordination with an ongoing OIG investigation.
Dealing with an OIG Investigation
If the OIG decides to initiate an investigation, it will expect cooperation and communication from the implementing partner. This is also usually in the best interest of the implementing partner. At the same time, different agency OIGs sometimes have varying expectations of what cooperation entails and press implementing partners beyond accepted norms of reasonableness. Implementers sometimes too readily accommodate every OIG request, regardless of reasonableness. Understanding the legal requirements and generally accepted standards across agencies helps put this into context.
When faced with an OIG request for interviews or documents, implementing partners first should ask themselves two questions: (1) what am I legally required to provide; and (2) what should I provide. For example, if the OIG serves a subpoena duces tecum asking for certain documents relating to a particular procurement but the OIG agent asks for production of entire hard drives, implementing partners must provide the particular documents response to the request relating to the particular. Whether the entity should provide more – e.g., the entire hard drive, which would include many non-responsive documents – is a decision that should be made only after consideration of a myriad of factors, such as including cost, burden, likelihood that the hard drive contains other sensitive but otherwise non-responsive documents, and whether future overly broad requests will be harder to resist if this request is granted.
With respect to dealing with the OIG in an investigation, our top 5 “tips” are as follows.
- Maintain credibility. Maintaining credibility by acting with unimpeachable integrity is perhaps the most important rule in dealing with the OIG. OIG agents will not, and frankly should not, tolerate misrepresentations, obstructive behavior, and the like.
- Negotiate to narrow the scope of document requests. In our experience, OIGs often request far more documents than they need – or even will be able to review effectively. The OIG and DOJ may not fully understand the breadth of documentation being requested, or it may purposefully draft broad requests to avoid missing topics and knowing that the implementing partner will seek to narrow the scope appropriately. Implementing partners should not be afraid to negotiate the scope of a document request. In our experience, OIG agents will almost always be amenable to tailoring their requests, so as not to waste time and resources. This, of course, presumes that the implementing partner can credibly convey how the narrowing is designed to still get the government what it needs.
- Review the documents being produced. Reviewing the documents before handing them over to the government is important for several reasons. First, it is the only way to identify what documents are actually responsive and need to be turned over. Second, it enables the implementing partner to identify documents that should be withheld or otherwise protected, g., for HIPAA protections, GDPR protections, or attorney-client privilege. In addition, review of the documents is part of the factual investigation that companies should be conducting to understand the nature of the government’s investigation and the facts relevant to determination of liability and defenses.
- Prepare for and attend witness interviews. Implementing partners not only should have a representative (preferably a lawyer) attend interviews of their employees but also should prepare those witnesses to understand the process and their role. Witnesses must answer questions as truthfully and precisely as possible and not speculate as to facts. Incorrect and imprecise answers do not serve anybody’s interests, including the government’s. The representative can also take notes of the interviews, as most OIG interviews are not transcribed, to be able to refute any inaccurate OIG summaries. This is important in all cases, but especially with local national, non-native English-speaking staff, as it increases the chances that responses can be muddled in translation and interpretations.
- Keep a record of communications with the OIG. It is important to keep records of what has been represented to the OIG to help avoid or resolve misunderstandings down the road. For example, did an implementing partner representative assure the OIG that specific five witnesses are the only relevant witnesses or the most relevant witnesses? Or did the representative state that, to the best of their knowledge, there are five individuals who would likely be the most relevant witnesses? Did the representative assure the OIG that documents being produced are the only relevant documents? Did someone commit to document productions on a certain time frame? With turnover of staff and the length of time many investigations last, a log or other record of communications to identify requests already made and confirm promises made will likely be a significant time and resource saver in the future. Similarly, it is important to maintaining a log of documents provided and relevant information extracted from those documents.
Conducting an Internal Investigation
Responding to the OIG’s requests, alone, is not enough – an implementing partner is always well-advised to conduct its own internal investigation for the reasons discussed above. While most effective internal investigations share many common characteristics, there is no one single magical roadmap to be followed, as the best path is dependent on the circumstances surrounding each matter. Here are our top 5 “tips”:
- Think carefully about who will conduct the investigation. Many investigations can be handled in-house, while others should be conducted by outside experts. Deciding between the two routes depends on factors such as the complexity of the investigation, the seriousness of the allegations, the job positions of any suspected wrongdoers, whether “independent” investigators are advisable, whether the investigation should be conducted under the attorney-client privilege, and in-house capabilities. In our experience, most federal agencies expect that an implementing partner will select a person with the qualifications and expertise to identify fraud indicators and run them to ground, stay clear of potentially obstructing with a government investigation, and understand how the violations occurred and what changes or improvements could be made to tighten up controls.
- Decide early whether to conduct the investigation under the attorney-client privilege. Some implementing partners have told us that OIG agents do not like it when they assert privilege and may make false assumptions that the entity is hiding something or otherwise making the OIG agent’s jobs more difficult. Not surprisingly, we disagree and believe that all internal investigations should be conducted under privilege for three reasons. First, it is the accepted view of compliance experts that that protecting privilege encourages corporate compliance and does not hinder the search for truth. Second, the OIG agents will almost never turn over their investigative findings before the end of the investigation (if ever), and an internal investigator should have the same discretion when seeking the truth and protecting the organization. Third, as a practical matter, the implementing partner can waive privilege later, but cannot reinstate it once it is waived.
- Keep records of all investigation activities. This saves time and effort and may be needed to demonstrate reasonableness of the investigation. Additionally, some OIG investigations go on for years and outlast the internal investigation and perhaps the original investigators for the OIG or the implementing partner (or quite possibly, the implementing partner entity itself). An incomplete investigative record can lead to confusion or worse.
- Take care not to obstruct a potential or ongoing government investigation. There is an important sequence to investigations conducted by law enforcement so as to not “taint” evidence. If the implementing partner confronts the subject of an allegation (or close friend of the subject) prematurely with the accusation, this may hinder the OIG’s ability to effectively build a case. There is a risk that an internal investigation, even if done with sincerity and seriousness, can be seen as ineffective, and, worse yet, damaging to the government’s investigation. In turn, this could develop distrust from the OIG and DOJ which may take moving mountains to overcome. In some instances, it is this distrust and skepticism from the government that suspension and termination of award decisions are based upon.
- Do not jump to conclusions until all the facts are in. And in this same vein, do not report negative findings if they have not been confirmed and the investigation is not complete. If updates are provided to the OIG on where findings are likely heading in an investigation, provide complete context about what investigative activities have yet to be conducted and limitations the entity may face in reaching definitive conclusions so that the OIG understands that the facts may change.
* * *
Investigations can be stressful and, if not done right (or at all), can present many risks. When done right, in contrast, there are rewards. By implementing best practices in conducting investigations, implementing partners can best protect their organizations and maximize the chances that an investigation will lead to a just result. Further, effective investigations and improved international controls can help instill confidence from agencies and OIGs that they are working with a responsible partner.
 See Brian Miller and Andy Liu, “How Privilege Fits into the Compliance Puzzle,” HQ Investigations Quarterly, V.1, Issue 17 (2014). https://nicholsliu.com/wp-content/uploads/2019/05/How-Privilege-Fits-into-the-Compliance-Puzzle-1.pdf