Avoiding minefields: managing cross-border investigations
July 2015 | SPECIAL REPORT: WHITE-COLLAR CRIME
Financier Worldwide Magazine
As global business increases, so too does global enforcement and the corresponding need to conduct cross-border investigations. These investigations present many challenges, including varying, and at times competing, laws and regulator expectations. Companies must navigate different approaches to privilege, data protection and labour laws, while at the same time ensuring the integrity of their review, and satisfying regulator expectations. This is easier said than done, particularly when the US and UK, two of the most active enforcers of cross-border violations, seemingly disagree on the role of an internal investigation and what it means to cooperate.
Varying roles of internal investigations
Companies typically undertake some sort of internal review before contemplating any type of disclosure to a regulator. Regulators emphasise the importance of timely disclosure, but at the same time expect companies to sufficiently understand the underlying facts to allow for an informed disclosure. The challenge is that US and UK regulators take differing views as to the role of a company’s investigation. The Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) often judge a company’s cooperation, at least in part, based on the scale of the company-led investigation and related disclosure. On the other hand, David Green, director of the Serious Fraud Office (SFO), recently warned that it is the SFO’s job to investigate a company, not the company’s job. As a result, the SFO may prefer companies to preserve the first account of a witness in order to ensure the integrity of their review. This distinction presents practical challenges in that simply pursuing a robust investigation to satisfy cooperation standards in the US could frustrate the review in the UK by the SFO if not properly sequenced or coordinated.
Conflicting privilege, data protection and labour laws
When scoping a cross-border investigation, companies would be prudent to consider all potentially applicable privilege, data protection and labour laws. Potentially applicable laws include those in the jurisdiction where the misconduct allegedly occurred, as well any jurisdiction that prosecutes extra-territorial conduct, such as the US and UK, particularly with regard to corruption, money laundering and sanctions violations. Unfortunately, a quick analysis of these laws reveals several irreconcilable differences.
First, with regard to privilege, some countries do not recognise any attorney-client privilege, and other countries like the US and UK take differing views on what aspects of an internal investigation may be deemed privileged. The US and UK also take opposite approaches to whether waiving privilege reflects on a company’s level of cooperation. The DOJ’s US Attorney Manual affirmatively states that “[e]ligibility for cooperation credit is not predicated upon the waiver of attorney-client privilege or work product protection”. On the other hand, the SFO does not regard itself “as in any way constrained from inviting (not requiring) waiver”, and taking such waiver into account when assessing degree of cooperation. Furthermore, recent news reports suggest that the SFO believes lawyers are obstructing investigations by invoking privilege. Understanding these nuances is critical, especially given that while it may make sense to waive privilege for cooperation purposes with the SFO, the resulting impact in the US could be disastrous. Waiver clearly impacts government negotiations, but it potentially also requires disclosure of sensitive internal investigation documents to would-be plaintiffs, exponentially increasing civil litigation risks and perhaps discouraging companies from conducting such reviews.
Similarly, countries around the world have varying data protection laws. Companies must carefully assess what data can move in and out of any particular country, while at the same time satisfying regulator demands for information. The DOJ recently warned that companies should not hide behind technicalities and unenforced local data protection laws, noting that this type of behaviour will potentially be viewed as non-cooperative.
Finally, local labour laws often play a critical role in a company’s ability to remediate. For example, the level and type of proof required to successfully defend the dismissal of an employee in China differs greatly from that in the US or UK. Employees in China often succeed in wrongful dismissal suits absent unequivocal proof of wrongdoing, such as a recorded admission or a signed witness statement from the employee. There are two resulting challenges. First, companies may be reluctant to terminate those employees that admit wrongdoing, feeling that these are the very individuals most likely to be rehabilitated. Second, a signed witness statement that may prove useful in China also risks waiving attorney-client privilege in other jurisdictions. To further complicate things, regulators may take differing views as to when remediation is implemented to preserve access to potentially key witnesses. These realities should be considered from the start of an investigation, as they may impact the scope of review, type of evidence collected, or remediation decisions.
Navigating conflicting laws and expectations of regulators
So, how do you navigate competing laws, expectations and demands from regulators? There is no easy answer. Early consideration of applicable differences and engagement with regulators is important. Where one regulator does not want you to conduct an investigation at all, and the other expects a full investigation, the best you are likely to be able to do is engage both regulators early and do the most professional job possible. This means conducting an investigation in an effective and efficient manner, and ensuring that you are in a position to prevent further misconduct.
Ultimately though, prevention is better than cure. This means strong internal policies and controls, and internal reviews which are robust enough to reveal business and compliance weaknesses. To be in the strongest possible position, companies need to find issues, remediate them and prevent future occurrences before regulators are involved.
Finally, it is worth remembering that internal investigations are just a tool to assist the company in understanding the problem. Once the business truly understands the facts at issue, they regain control, and, with experienced advisers, can work towards dealing with the issues above.
Amanda Raad and Marcus Thompson are government enforcement partners, and Jeremy Kanarek is a government enforcement associate, at Ropes & Gray LLP. Ms Raad can be contacted on +44 (0)20 7822 2415 or by email: firstname.lastname@example.org. Mr Thompson can be contacted on +44 (0)20 7822 2419 or by email: email@example.com. Mr Kanarek can be contacted on +44 (0)20 3122 1247 or by email firstname.lastname@example.org.
© Financier Worldwide
Amanda Raad, Marcus Thompson and Jeremy Kanarek
Ropes & Gray LLP