With more countries applying their anti-corruption laws extraterritorially and stepping up their enforcement of those laws domestically, companies and their counsel are having to navigate an increasingly more complex web of legal regimes when conducting an internal investigation.

“Laws relating to issues such as privilege, work product, data protection, and employee rights can vary considerably across jurisdictions. What is protected or permitted in one jurisdiction may not be in another,” said Brian Rabbitt, a partner at Jones Day and formerly acting assistant attorney general for the Department of Justice Criminal Division.

“Similarly, regulators in different jurisdictions frequently have different authorities to investigate conduct or to impose sanctions,” Rabbitt added. “Enforcement agencies may accordingly take differing — and sometimes conflicting — views as to what a company must produce to the government or do to cooperate with an investigation.”

In some ways, greater cooperation among enforcement agencies benefits companies and their counsel, because it brings some order to the dialogue, said Adam Siegel, co-head of the global investigations group at Freshfields. “Sometimes, it’s actually worse if they’re not cooperating, if they’re competing, because then you’re trying to satisfy different regulators who have different perspectives,” he said.

To tackle challenges posed by a multijurisdictional investigation, the first step should be for counsel to triage the situation at the outset of any cross-border investigation. Figure out which jurisdictions and regulators may be implicated in the conduct at issue, which is an especially critical step in avoiding inadvertent waivers of privilege.

“Privilege is one of the most complex areas in cross-border investigations,” Rabbitt said. “What may be privileged or protected in one country may be only partially protected, or not protected at all, in another. This can be particularly true when it comes to communications with in-house counsel, who can sometimes wear multiple hats within a company.”

To reduce the risk of privilege waivers, and when collecting documents outside the United States for purposes of an internal investigation, be mindful of local laws and regulations concerning data privacy and employee privacy rights, advised Robert Johnston, a partner at law firm Lowenstein Sandler. “In my experience, the best way to do that is engage local counsel and have local counsel review and approve investigation protocols and procedures,” he said.

“Privileged communications and documents, especially those involving in-house counsel, should be clearly labeled,” Rabbit said. And employees should receive clear “Upjohn” warnings at the beginning of all interviews, he said, reminding employees during an investigation that corporate counsel works in the interest of the company, not the employee personally.

In some European countries, employees are protected under robust labor regimes that make it difficult for the company to terminate employees if they don’t elect to cooperate in an investigation. In other countries, an internal investigation can trigger works council or union participation rights. All these considerations need to be weighed carefully.

Anti-Corruption | FCPA Global Series

Self-disclosure considerations

Self-disclosing potential misconduct is another critical consideration. “Whether, when, and how to self-report potential misconduct can be a difficult issue in cross-border investigations,” Rabbitt said.

“Countries frequently have different laws and practices relating to self-disclosure,” Rabbitt added. “Even within the same country, different regulators often have their own written policies or informal expectations as to when and how a company should self-report.”

Rabbitt advised, “Before making any disclosure, companies need to consider what impact a disclosure to one jurisdiction or regulator will have in other jurisdictions, whether on related investigations or parallel civil litigation.”

All this is to say if the company is going to self-disclose, prepare for a lengthy investigation and be prepared to cooperate with potentially multiple regulators. Johnston said that means providing all information and facts, including facts that might implicate senior management; disciplining or possibly terminating culpable employees; investing in legal, compliance, and internal audit; and being prepared to compensate any victims.

With more enforcement agencies around the world increasingly coordinating with one another and sharing information, “companies considering self-disclosure need to assess whether there is a benefit to making simultaneous disclosures to interested agencies, or whether there are instead advantages to sequencing disclosures where multiple agencies may have an interest in a particular matter,” Rabbitt said.

Questions to consider when deciding whether to self-disclose include:

  • Is the misconduct a systemic cultural issue, or was it a one-off issue?
  • Did the misconduct involve senior management and/or happen across business lines?
  • What is the dollar value of the alleged violations?
  • If the problem was uncovered internally, how quickly was it discovered?
  • How likely is it that an enforcement agency will uncover the activity on its own? For example, are there any enforcement agencies currently investigating competitors for similar conduct in the same jurisdiction?

Another important consideration is whether external parties were involved in the potential misconduct, Johnston said. The risk that there could be both an internal and external whistleblower makes it, perhaps, more likely that a regulator will find out on its own, he said.

The timeliness of the self-report to the government, especially in the United States, also plays a role in how much cooperation credit a company will or will not receive. If the company is being prompted — for example, by an adverse media report exposing corrupt acts by the company — a self-disclosure at that point is “probably too late,” Johnston said.

Deciding where to self-disclose first is a “dangerous game of arbitrage,” Siegel noted. “You do not want to offend any regulator by suggesting they’re not important enough to be part of the disclosure, if you are making a disclosure.”

Once a company proceeds down the road of self-disclosure, as you’re producing documents and sharing information, it’s “extremely important…to keep the regulators feeling as though they are being treated equally,” Siegel said, “because unless they direct you and say, ‘the rest of us are going to take a back seat,’ there is great risk in upsetting one regulator over another.”

Self-disclosure or not, the most important step is remediation, Siegel said. The last thing a company wants to do, he said, is self-disclose to the government without part of the self-disclosure being, “‘Here is our plan to remediate.'”

ACI will be holding a session, “Internal Investigations and Crisis Management: Behind the Scenes of Strategic and Effective Response,” at its “39th International Conference on the FCPA,” taking place Nov. 30-Dec. 1, 2022, at the Gaylord National Resort and Convention Center in Washington D.C. | www.FCPAconference.com

For questions, concerns or more information about ACI Insights, please contact:
Chris Corbin
Associate Director of Marketing
American Conference Institute | The Canadian Institute | C5
E: [email protected]