Today I want to circle back to that crazy case from Georgia, of a corporate lawyer disbarred for fabricating employee complaints so he could then draw up phony settlements and embezzle the money. The misconduct alone is astonishing, but we should also ask: what are the internal control failures that would allow something like this to happen in the first place?
First let’s recap what happened. The Georgia Supreme Court disbarred Glen Ray Fagan, who worked as associate general counsel at $1.7 billion trucking business U.S. Xpress from 2015 to 2019. As described in the court order, Fagan oversaw complaints and allegations of employee misconduct, as well as employment-related lawsuits — and while in that role, on two occasions Fagan falsified employee discrimination complaints to the Equal Employment Opportunity Commission.
Fagan then created a sham law firm named Kirk James & Associates; told his supervisors that he had attended mediation sessions with Kirk James and reached confidential settlements worth a total of $41,000; had the company’s finance team issue checks to execute the settlement agreements; and then forged the employees’ signatures to divert the money into his own bank account.
Eventually the EEOC and U.S. Xpress discovered the scam. Fagan, who by then had quit the company, repaid the stolen funds and has been disbarred in two states. Why he hasn’t also faced criminal charges remains a mystery, but anyway, here we are.
Once the shock of his misconduct fades, however, we’re still left with numerous internal control weaknesses that a corporate organization shouldn’t allow. So let’s examine what those failures are and how a company can prevent them.
Segregation of (Compliance) Duties
A good way to start this analysis is to think through how Fagan’s misconduct would look if it happened elsewhere in your organization. For example, in the accounting function, such misconduct would be analogous to the chief accounting officer…
- Onboarding a new vendor;
- Issuing a purchase order to that vendor;
- Processing the invoice from that vendor;
- Issuing payment to the vendor.
A financial process designed like that violates good segregation of duties in multiple ways. An external auditor would flag it as a material weakness immediately, and the board’s audit committee would probably have the chief accounting officer hanged in the office parking lot as a warning to everyone else.
OK — but why, exactly, is this such a terrible financial process? Because it exists as a closed loop, with no natural point for someone else to observe the process in action and confirm whether the transaction is legitimate.
That’s what segregation of duties does: it creates points in the business process for others to participate and verify a transaction’s legitimacy.
So for a compliance officer trying to design a strong complaints and case management process, or for an auditor wondering how to audit the complaints program, that would be one place to start. Ask yourself, “Does this process need more people participating in it, to generate more transparency and create an easier way to bring fraud to the surface?”
For example, one could construct a system where the compliance function should handle the intake of employee complaints, the legal team investigates, and then HR recommends any necessary disciplinary action. Each group should have some level of visibility into what the other two do, and perhaps one group should have final approval over a complaint’s disposition. (Probably legal, since they always think they should have final say over everything.)
But that’s not the same as one function handling all those duties directly. That is what Fagan did, to deleterious effect.
Other Compliance Considerations
Compliance officers also need to beware that poor segregation of duties could lead to other types of misconduct as well — some with much more serious consequences for a corporation than embarrassing headlines about someone on the legal team embezzling $41,000.
For example, a poorly designed due diligence and investigations process could also allow a compliance officer to cover up bribes and kickbacks. The corporate lawyer or compliance officer might onboard a corrupt overseas agent, and then bury any complaints that arrive over the hotline about that agent’s behavior. Or the compliance officer could run Fagan’s same scheme, but rather than put the swindled funds into his pocket, that money goes into a bribery slush fund. Or maybe the compliance officer participates in some other corrupt act; the list of possible schemes is long.
My point is that we’re all appalled at Fagan’s conduct because it’s such an egregious betrayal of loyalty to your employer — but really, U.S. Xpress dodged a bullet here. Fagan was exploiting poorly designed controls and weak segregation of duties simply to embezzle an immaterial amount of money for personal gain. Some other executive could have exploited those same weaknesses to do something much worse for the company, such as engage in FCPA violations or deeper accounting fraud that might result in the company needing to restate financials.
That’s why segregation of duties matters so much, and why Fagan’s misconduct is such an interesting example to study.