Ellen Zimiles – “You can’t manage every single person’s behaviour, but you can manage oversight” – Lawyer Monthly | Legal News Magazine

Ellen Zimiles – “You can’t manage every single person’s behaviour, but you can manage oversight”

There is an increasing awareness of liability and fault when it comes to an organization, institution or a business falling into financial jeopardy, but it is often unclear who is liable for what, and what protections exist against liability. Is a company guilty of poor management? Should the individuals be held accountable for the fall-shorts of a company?

Here to answer some of these questions, and shed light on the matter of individual liability, is Ellen Zimiles, Head of Navigant’s Global Investigations and Compliance and the Financial Services Advisory and Compliance segment leader. at Navigant.

Ellen talks to Lawyer Monthly about the establishment of the Yates Memo, and the impact that has had in this legal segment in the US so far, but also touches on the foundations of what makes a both a business and its individuals accountable.


Currently, who is liable in a company when something goes wrong financially?

It isn’t uncommon to see third party shareholder suits against directors and officers, and this is mainly due to the fact that the role of the director is to provide oversight, and if there is no oversight, or a lack thereof, then that is a breach of their fiduciary duty.

There is also such thing as a shareholder derivative suit, but the issue would have to meet a very high standard” to hold a director liable.

The question is how systemic, or how rampant is the issue in question? Is it one rogue issue that the director or officer wouldn’t see, or is it a systemic and consistent issue that the director or officer should be aware of, or should have made efforts to enquire about?

From a civil point of view, liability will often fall on the company itself, but it is becoming more and more normal for the Department of Justice and other authorities to want to hold individuals accountable.

For example, in 2014 in the UK, the banking regulators set forth rules for the first time that allow firms to claw back any compensation due to managers if they find the manager accountable for inappropriate activity or inadequate supervision. The US has had more flexibility in this area. Pensions, however, cannot be clawed back, as there are many specific restrictions and protections therefor.


How is the evaluation of appropriate sanctions logistically investigated and measured?

In September 2015 Deputy Attorney General Sally Quillian Yates issued a memorandum, called the ‘Yates Memo’. This predominantly involves individual liability legislation, and in relation to criminal or civil procedures, has now allowed the Department of Justice to adopt the following position: a corporation cannot have their financial issues resolved until they have given all evidence required and all cooperation they can relating to individuals involved.

The only way that a corporation can now resolve an issue, whether through prosecution, settlement, or otherwise, is by fully cooperating and handing over all requested information about their managers and employees.

Prior to the Yates Memo, there was a sense that the US government wanted to distinguish between criminal and civil liability, because they didn’t want anyone to accuse the United States Department of Justice (DOJ) of using a criminal case to impact a civil case inappropriately. What then took precedence was the idea that all pieces should be working together, with a lot more coordination and collaboration on liability issues in question.

There is now a team in DOJ dedicated entirely to ‘kleptocracy’, which focuses on the US assets of corrupt foreign government officials. The team uses civil asset forfeiture in addition criminal remedies and coordinates the criminal and civil sides.


In March 2016, a Senior Managers Regime was introduced in the UK (CMA), allowing the FCA to hold senior management more accountable. What similar legislation exists in the US?

Financial regulators in the US, whether it’s the Options Clearing Corporation (OCC), the Federal Reserve, or the Department of Financial Services (DFS) want to see much more individual accountability. If you look at the steps that have been taken over the last several years, there have been calls for the terminations of employees, and increasingly, actions against compliance officers.


What are the challenges and fall shorts of such regimes in holding management accountable?

Sometimes the issues cut across so many different parts of the organization that it’s more a problem of silos, or one hand not knowing what the other hand is doing, rather than one person being the sole evil genius behind the issue.

So understanding accountability, and making sure that senior managers know that they are liable for a process or an issue, is very important. At times, in matrixed organizations people don’t see the end to end process, or maybe they don’t have authority or supervision over the end to end process; they just see a piece of it. This makes it hard for them to be accountable, especially when they have no control over other parts of the business process.

That is now the oversight governance challenge, whereby an entity is dedicated to oversee the A to Z trail of operations and identify and understand where there may be a flaw.


On the other hand, is it possible that individuals could be sanctioned unfairly following an investigation that concluded by the successful defence/avoidance strategies of the corporate entity?

Often times, depending on the status of the individual, there is director and Individual Liability officer liability insurance that covers them. In addition, there has been a great deal of back and forth also regarding the payments of fees when individuals have been held liable, for example one of the questions that has arisen has been whether the institution or company is permitted to pay the legal fees of an individual held liable or whether it is appropriate for the company to do so.

The problem now is who gets indemnified? Can the organization indemnify the individual if they are found liable? But also, can the individual come against the organization, on the grounds that they were simply doing their job and acting according to their role or instructions. One way of resolving this is to identify whether the actions of the individual held liable were in furtherance of the company’s interest, or in furtherance of their own interest.

There are also usually contract clauses that include the indemnification of the individual for acts taken in their official capacity. Still the question remains, when is an act outside of said capacity, and not just part of the individual’s job?

So if you have a rogue employee that is clearly doing things illicitly or hiding behaviour from the organization, it may be difficult to understand where the fine line is, and it may not be down to the organization to indemnify the employee for those actions. But if the actions are part of a company’s plan, and go to further the interest of the company, then it’s a different story. Scrutinizing the actions taken and differentiating between the two is the key.


In the way criminal investigations are carried out in regards to individuals vs corporate entities, what do you believe needs to be further improved on?

One step that needs to be taken is establishing a way of clarifying whether an individual’s actions have been taken in their official capacity or individual capacity. Another step would be to determine what the oversight governance looks like in an organization and how the individuals and the end to end process are monitored. US authorities also need to determine whether an organization has taken all the necessary measures to ensure the oversight governance has been proper.

Individuals will still often seek to beat the system, outsmart the government, or de-fraud their employer; that happens. You can’t protect against every wrong doer, but you can establish a foundation of protection with thorough oversight across the organization. You can’t manage every single person’s behaviour, but you can manage oversight.


Do you have a mantra or motto you live by when it comes to helping your clients on white collar crime?

Things will go wrong. It is how you address and remediate that wrong doing that matters most.

Leave A Reply