Gary DiBianco, Matthew Cowie and Caroline Wojtylak of Skadden Arps Slate Meagher & Flom outline best practices for multi-jurisdictional investigations.
"The standard investigational issues to be addressed throughout the course of an investigation – data preservation and collection, interviews of relevant individuals, fact analysis and reporting, disclosure obligations and settlement negotiations – present particular risks that must be evaluated at each step of the investigation."
The number and scope of truly multi-jurisdictional investigations has drastically increased in recent years, with the increasing cooperation of European and US prosecutors in some of the most serious and complex fraud and corruption cases. Regulators have continued to streamline formal methods of cooperation and develop informal lines of communication, including in the LIBOR investigations, tax investigations and anti-corruption investigations. When advising a corporation in a multi-jurisdictional regulatory/criminal investigation a standard, single-jurisdiction investigation plan will not suffice. The standard investigational issues to be addressed throughout the course of an investigation – data preservation and collection, interviews of relevant individuals, fact analysis and reporting, disclosure obligations, and settlement negotiations – present particular risks that must be evaluated at each step of the investigation.
Data Preservation and Collection
Single jurisdiction investigations generally follow a familiar practice to ensure data preservation and collection. Often, preliminary interviews are conducted with a company’s information technology personnel to understand how and where the company maintains its data. It is generally considered best practice to issue a written document preservation notice to appropriate employees to maintain potentially relevant data and to abstain from altering or deleting the data. Following efforts to preserve data, collection is accomplished either through notices to employees to provide data, active collection process by a forensic specialist or lawyers, or a combination of procedures.
In multinational preservation and collection exercises, it is crucial to ensure compliance with data protection and data privacy restrictions, including bank secrecy laws and blocking statutes. Specific company policies regarding data collection and protection as well as employee contracts, may also affect the ability to transport the data from one jurisdiction to another. For example, inter-company data-sharing agreements exist that would allow transfer among entities for purposes of internal investigations.
Additionally, access to data in certain jurisdictions may require specific notice to or consent from employees than is needed to preserve or transfer the data. In jurisdictions following the EU’s data protection directive (or similar directives), an employee must freely give unambiguous consent to the transfer of his or her data to a jurisdiction that the EU has determined does not have adequate data privacy and protection laws, such as the US. The consent must specifically list the categories of data to be transferred and the purpose for transferring the data to another jurisdiction. Indeed, certain jurisdictions may require that data protection authorities be notified of collection efforts. If such notice is required, it will raise strategic issues about maintaining the confidentiality of the investigation and present a certain level of risk, even if the regulators that must be notified are not the same regulators who would enforce the issues under investigation. Information-sharing and cooperation by regulators nationally and internationally is an enforcement reality. US and European regulators have entered into various mutual legal assistance treaties, memoranda of understanding and informal sharing arrangements whereby information sharing is facilitated. For example, the Treaty on Mutual Legal Assistance in Criminal Matters between the governments of the UK and the US (6 January 1994), the Convention on Mutual Assistance in Criminal Matters between the member states of the European Union (29 May 2000) and the Memorandum of Understanding Concerning Consultation, Cooperation and the Exchange of Information between members of the International Organization of Securities Commissions (May 2002). In December 2010, the World Bank entered into a memorandum of understanding in support of parallel investigations, asset recovery and information sharing with, among others, the UK Serious Fraud Office.
Governing data protection and privacy laws also affect whether and how data may be transferred. Even where transfer is contemplated between EU jurisdictions that provide similar levels of protection and security, some notice (and possibly consent) may be required before data may be transferred. If transfer is contemplated to a jurisdiction without adequate data protection laws, transfer of the data may not be permitted without the consent of the individuals whose data is to be transferred and of the local data protection authority. There is no “one size fits all” approach, but there are several practical considerations that the investigative team should take into account before transferring data from one jurisdiction to another. First, consideration should be given to collecting and conducting the initial review of the data within the original jurisdiction. This may allow for a narrowing of the data volume to be transferred to satisfy “proportionality” requirements that govern data transfer. Second, there should be an assessment of the nature of the proceeding for which the data will be used. The EU data protection directive allows transfer of data in connection with legal claims and defences, but in some circumstances an internal investigation may not be sufficient to allow a company to utilise this data transfer exception. Finally, if the transfer of a proportionate amount of data is permissible, the recipient may be required to maintain the data’s confidentiality.
Evolving best practices in the UK and Germany include employee interviews as a standard step in internal investigations, but the legal issues surrounding such interviews must be considered, in advance, to ensure compliance with employee rights and laws prohibiting private investigations. These protections govern not only how the information from an interview may be used, but also whether certain interview practices are permissible.
First, a company and its lawyers should confirm the basic threshold issues: that it is legal and permissible under local law to conduct an employee interview. In some jurisdictions it is illegal to conduct a private investigation. In other jurisdictions, official approval may be needed to conduct an investigation, audit, or to engage in compliance monitoring activities.
Second, the interviewer should determine whether local law requires that labour unions or works councils be notified of an employee interview, and whether the presence of a union or works council representative during an employee interview is preferred or required.
Third, the interviewer should consider how to address an individual’s refusal to consent to an interview. Depending on local law and employment agreements, an employer may not be able to compel the employee to agree to an interview, and the employee’s refusal to do so may not be actionable as a disciplinary violation.
Fourth, the interviewer may need to make preparations for the interviewee to have legal representation available for the interview. Some jurisdictions require, or prefer, that an employee be allowed to be represented by a lawyer during an interview. This can also be advantageous to the company if, for example, there is no privilege in the interview product or the company has determined to waive privilege over the interview content. Issues of admissibility, which might follow in a contested criminal trial, will be reduced if the interviewee was permitted access to representation throughout the process.
Fifth, the interviewer must be cognisant of local restrictions on the use of facts developed during an employee interview. Certain jurisdictions may prohibit the use of facts developed during an interview in connection with employment or disciplinary actions. Finally, the interviewer should consider, in advance of employee interviews, whether local law or practice requires that the interviewee be provided with access to notes taken during the interview or of a memorandum or protocol of the interview.
Fact Analysis and Reporting
As with each stage of a multi-jurisdictional investigation, the investigative team needs to consider applicable local privilege law when reporting to an entity’s management and in-house lawyers. Many jurisdictions do not recognise privilege between in-house lawyers or external legal advisers and company executives. Thus, it is critical that the investigative team understands all applicable laws governing privilege issues and plans written and oral reporting accordingly. When reporting to a board or board committee, the investigative team should consider whether reports will be privileged and how the report will be minuted. Similarly, the investigative team must assess local requirements and practices with respect to external independent auditors.
In multi-jurisdictional investigations, whether and how a company discloses information to a regulator or private litigants can affect its position with other regulators and litigants. The investigative team needs to assess the company’s disclosure obligations in the various jurisdictions involved and develop a comprehensive strategy so that a disclosure made in one jurisdiction does not negatively affect the company in another jurisdiction.
To develop a credible disclosure strategy, the investigative team must consider mandatory disclosure obligations in the jurisdictions where a company is based, where the conduct occurred and where relevant employees are located. Certain jurisdictions have positive disclosure requirements of certain improper conduct, although most do not. In addition to considering substantive disclosure requirements, the investigation team must also be cognisant of disclosure obligations imposed by anti-money laundering laws. While there might not be a positive duty to disclose substantive offences to the authorities, the European Directives on Money Laundering impose a wide range of obligations upon companies and professionals where there is knowledge or suspicion of a transaction involving the proceeds of illegal activity. Additionally, there may be other collateral disclosure obligations, such as the identification of tax deficiencies.
Where there is no legally required disclosure obligation, the investigative team should evaluate the benefits of a voluntary disclosure. For instance, in jurisdictions where amnesty is provided for “first in the door” reporting of anti-competitive behaviour, there may be a sense of urgency to make a multi-jurisdictional disclosure to the appropriate authorities before such a disclosure is made by a competitor. The team should also analyse the potential risks of making a voluntary disclosure in one relevant jurisdiction but not in another.
Finally, where a company is listed, the investigative team must understand any financial statement obligations. Such requirements may require disclosure of potential regulatory risks and liabilities if they rise to the level of being market-sensitive.
Resolving multi-jurisdictional investigations raises issues that are significantly different to an investigation in any single jurisdiction. The nature of the charges and settlements in multiple jurisdictions can vary, and admissions in one jurisdiction will affect legal rights in other jurisdictions.
Coordinated settlements militate against a series of satellite prosecutions and minimise the risk of multiple fines, disgorgement and other sanctions for the same course of conduct, while also minimising the likelihood of follow-on investigations with regulators. This is particularly true where one jurisdiction – such as the US – may not recognise another sovereign’s judgments for purposes of double jeopardy. If a US settlement is likely to occur first, an entity may consider negotiating for a deferred payment schedule or “holding back” for money that may be paid to another regulator. In 2006, Norwegian oil and gas company Statoil settled with the US Department of Justice (DoJ) and other US regulators for alleged violations of the Foreign Corrupt Practices Act regarding improper payments to an Iranian official. In its deferred prosecution agreement with the DoJ, Statoil agreed to pay a criminal penalty of $10.5 million, which was to be reduced by the $3 million fine Statoil paid to the Norwegian government to settle an inquiry regarding the same conduct. In other instances, because the UK and EU jurisdictions do recognise parallel judgments, it may be appropriate to ensure negotiation with the regulator with “primacy” to a resolution so that other jurisdictions are bound by the appropriate resolution.
Finally, the investigative team must consider that the structure of a settlement in one jurisdiction will have collateral consequences in other related jurisdictions. As a result, it is important to assess the relevant debarment risks across jurisdictions if the company is going to admit to a substantive corruption or government contracting fraud offence. Additionally, the investigative team should assess whether the factual findings or admissions that are part of a settlement will be binding in parallel litigation commenced by shareholders or competitors or could be relied upon by other regulators.
Multi-jurisdictional investigations raise a complex array of issues for the investigative team throughout the course of the investigation. The investigative team should carefully consider these issues from the outset and understand how local requirements in one jurisdiction may affect the investigation in another. With such knowledge and understanding, coupled with the assistance of experienced counsel, an investigative team can develop a comprehensive strategy for handling the issues that arise in multi-jurisdictional investigations.