Narrator: Robertson Park is a shareholder in the Washington office of Murphy & McGonigle, where his practice focuses on white collar criminal matters, enforcement defense, internal corporate investigations and compliance counseling. He is a founding member of the firm's White Collar Defense Investigations and Compliance Counseling Group. How will the U.S. Department of Justice treat companies that have been certified ISO 37001 in the event of an allegation?
Robertson Park: I think it's safe to say that the Department of Justice, any enforcement authority, will consider ISO Certification a pretty clear indication that a company has taken very seriously its compliance responsibilities and that they have done more than the minimal necessary. It's still a fact that the Department of Justice does not look at any one or series of steps as a defense. They don't consider any one or a series of third party assessments as a basis for concluding that a company's got the kind of compliance program you want. But ISO Certification, because of its international standards because of its scope and because it is geared specifically to compliance, is very likely to have a very favorable impact on a company's position, when an allegation is received. Now, I think I would have a different perspective currently, as an external counsel for a company then what I might have had when I was at the Department of Justice. At the Department of Justice, certainly as an assistant chief and as a senior prosecutor, I was very interested in third party assessments of compliance programs. We often wanted to hear from companies. "What is it that you've done to be sure that you've benchmarked and you've assessed your compliance program, to be sure that it is not just in word good but working." And the third party assessment is often the way to do that. It would've been relevant to me. But as an advocate externally, the most valuable pieces that you can bring to the table when you're discussing what's happened to a company, the problems they've had, and you're an advocate on behalf of the company. Hey, it's a problem, but we're taking care of it. What can you say about your compliance program? And one of the most important things you can say is it has been assessed by third parties, neutral, independent and according to standards like the ISO, which are acknowledged internationally.