Font Size:

Against the backdrop of the recent banking and financial markets crisis, enforcement agencies around the world are increasingly collaborating to investigate allegations of accounting and financial fraud, insider trading, Ponzi schemes, bribery of foreign government officials, other securities law violations, tax evasion, money laundering and antitrust violations. Accordingly, multinational and domestic companies with substantial overseas footprints are conducting more multijurisdictional and cross-border internal investigations in an effort to respond to the enforcement agencies' investigations.

These multijurisdictional and cross-border investigations tend to multiply the magnitude of complex investigatory issues that a company faces in government investigations by the Department of Justice, the Securities and Exchange Commission, the New York State Attorney General or other U.S. federal or state enforcement agencies. Among many others, these issues include data privacy laws or other blocking statutes (e.g., state secret laws), employee-friendly labor laws, attorney-client privilege issues, language and cultural barriers, conflicting information technology platforms, document retention policies and practices that fall short of U.S. standards, and improper application by U.S. government agencies of Mutual Legal Assistance in Criminal Matters Treaties or Memoranda of Understanding. Counsel conducting internal investigations either for purposes of self-reporting or in response to government-initiated investigations or enforcement actions must pay close attention to these pitfalls.

RULES OF THE ROAD

First, secure the relevant documents. While this may seem an obvious point, securing documents from a joint venture or a fifth-tier subsidiary in China, Russia or Turkey may not be as simple or straightforward as securing documents from a plant in Omaha, Nebraska. In any investigation, a large part of the labor and resources are devoted to collecting information. Whether this consists of rummaging through warehouses, interviewing employees, and/or imaging electronic devices, collecting information is often a daunting task. This is especially true in the context of cross-border investigations, where the ever-present logistical complexities are heightened by different document retention policies, language barriers, technological challenges and variations in legal standards from country to country.

In anticipation of the collection of documents and electronic data in foreign jurisdictions, counsel should be familiar with the applicable data privacy laws. Approaches to data privacy vary widely across the globe. Some jurisdictions, most notably the European Union, have data privacy laws that are far more stringent than those in the United States. In contrast, jurisdictions such as Singapore and Indonesia, have limited or no data privacy laws.

Under the European Union Directive on Data Protection, transferring employee data to any country with insufficient protections is restricted. Violations of the EU Directive can lead to significant fines. Nevertheless, U.S. courts and enforcement agencies are typically reluctant to honor the data privacy laws of foreign countries if such laws operate to prevent access to information, documents or witnesses relevant to an investigation. See Societe Nationale Industrielle Aerospatiale v. United States Dist. Court for So. Dist. of Iowa, 482 U.S. 522, 544 n.29 (1987) ("It is well settled that [foreign] statutes do not deprive an American court of the power to order a party subject to its jurisdiction to produce evidence even though the act of production may violate that statute."); see e.g., IRS Press Release No. IR-2009-75, "IRS to Receive Unprecedented Amount of Information in UBS Agreement," (Aug. 19, 2009) (Swiss government asked, via IRS treaty request, to direct UBS to turn over private information). Therefore, counsel must find a way to work through the relevant legal framework to find the applicable exception (including in-country review) or obtain consent from the employee whose data is in question. Of course, these decisions should be made with the guidance of local counsel who understands the local laws and applicable customs.

Second, because employees enjoy heightened protections in certain countries, be aware of local rules when interviewing employees abroad. Some countries have labor or privacy laws that permit employees to decline interviews with their employer's counsel or entitle employees to bring their own representative to company-conducted interviews. Moreover, language barriers and cultural differences may present stumbling blocks to the free flow of critical information.

Given these concerns, it is advisable that counsel consider retaining the services of a reliable interpreter, preferably one not only fluent in the local language but also the intricacies of the local cultural norms, in order to assist with interviews. Although the interview is conducted in a foreign country, counsel must not forget to give a witness the same Upjohn warning that would be given to an employee in the United States. Essentially, an Upjohn warning makes clear that the attorney represents the company, and not any individual employee, and that any privilege lies with the company alone. See Upjohn Co. v. United States, 449 U.S. 383, 386-396 (1981).

Third, conduct the investigation with the understanding that the American concept of attorney-client privilege is not universally accepted. While most nations recognize some sort of confidentiality attaches to communications between attorney and client, in perhaps no other nation is the attorney-client privilege so expansive as in the United States. These international differences are significant when conducting a cross-border investigation, and counsel must be aware of how the privilege works, if at all, in the relevant countries.

An important consideration is whether communications between in-house counsel and company employees are covered by the attorney-client or comparable privilege. Only about 13 of 39 European countries recognize the concept of attorney-client privilege for in-house counsel. See Robert J. Anello, "Preserving the Corporate Attorney-Client Privilege: Here and Abroad," 27 Penn St. Int'l L. Rev. 291, 304-05 (2008). For example, under European Union law, the protected communication must be between a client and an "independent" lawyer who is admitted to the bar of the relevant member state for the privilege to attach.

In-house counsel have been deemed insufficiently independent to qualify for the privilege. See Joined Cases T-125 & T-253/03, Akzo Nobel Chemicals, Ltd., Akcros Chemicals Ltd. v Comm'n, 2007 E.C.R. II-4471 (holding that "communications with in-house lawyers ... are expressly excluded from protection under legal professional privilege"). Thus, conversations between an employee and the employer's in-house counsel during an investigation are not protected under European Union law, which is in contrast to the American rule. For this reason, using in-house counsel to conduct any part of an investigation should be considered carefully to avoid waiver arguments.

Even in jurisdictions where the privilege attaches in a given situation, the definition of what is "confidential" varies widely. This is especially true for China, Russia and certain other Eastern Europe countries. In China, for example, a lawyer's duty to the state has traditionally been placed above loyalty to an individual client. See King & Wood, "Attorney-Client Privilege: Extended to Foreign Lawyers in China?" China Law Insight, (April 1, 2009). Generally speaking, privilege laws in countries like these are novel and the scope of the protection remains unclear.

Counsel should also be aware of the penalties associated with violating these rules. Whereas in the United States a breach of the attorney-client privilege is unethical and can result in civil penalties, in France, for example, a violation is punishable by 1 year in prison and a 15,000 Euro fine. Code Pénal art. 226-13 (Fr.).

Fourth, where there are multiple countries showing an interest in the matters under investigation, consider global coordination with the various interested governments. As the United States seeks to increase its efforts to combat corporate misdeeds, numerous other countries have passed and are enforcing tighter controls over corporate behavior. As a result, there is an increase in mechanisms for these countries to work together toward a common goal.

The formal process of cooperation between foreign countries primarily consists of MLATs and MOUs. MLATs, used by the Justice Department, and MOUs, used by the SEC, are powerful tools at the government's disposal in cross-border investigations. The United States has MLATs with over 60 countries which allow the Justice Department to obtain and share evidence for use in criminal proceedings. The SEC has signed MOUs with over 35 of its foreign counterparts, covering most major securities markets. Though MOUs are non-binding and are not formal treaties between nations, the practical effect is the same -- namely that the SEC can obtain evidence from a foreign jurisdiction.

CONTRASTING APPROACHES

In 2002, the International Organization of Securities Commissions adopted the first multilateral MOU which has been the framework for much international cooperation to date. See International Organization of Securities Commission, "Multilateral Memorandum of Understanding, Concerning Consultation and Cooperation and the Exchange of Information," (May 2002). Fifty-five securities and derivatives regulators across the globe have signed on to the Multilateral MOU to date. Counsel conducting a cross-border investigation should be aware of the extent and applicability of any MLAT or MOU that might be in effect with the countries where the investigation is focused.

For example, evidence of increased international cooperation can be seen in investigations involving allegations of violations of the Foreign Corrupt Practices Act and other global anti-bribery laws. Both the Justice Department's and the SEC's press releases in the Siemens investigation took pains to emphasize the extensive international cooperation, particularly between American and German government officials, that underlay both the investigation and the coordinated settlement of charges with the Office of the Prosecutor General in Munich. See U.S. Dep't of Justice Press Release No. 08-1105, "Siemens AG and Three Subsidiaries Plead Guilty to Foreign Corrupt Practices Act Violations and Agree to Pay $450 Million in Combined Criminal Fines," (Dec. 15, 2008). The SEC's press release also singled out United Kingdom and Hong Kong enforcement authorities as having rendered important assistance to the investigation. See id.

Although cooperation among foreign agencies provides a minefield of issues for counsel handling cross-border investigations, such arrangements can also provide avenues to otherwise undiscoverable information. As discussed above, data privacy laws and employee protections can limit the information U.S. counsel may be able to gather during their investigation. However, through cooperation with the Justice Department and the SEC, the government agencies may be able to use the MLAT or MOU process to coordinate with their foreign counterparts to gain access to protected information that might be crucial to completing the investigation.

To the extent that there is the possibility that enforcement action is likely in multiple jurisdictions, it is often good practice to address the issues on a global scale, rather than engage in piecemeal negotiations with individual countries. Siemens presented such a coordinated response when faced with joint efforts by the United States and Germany to investigate Siemens' bribery of government officials in multiple countries. Once officials in Munich conducted searches of the homes and offices of the company's employees, Siemens decided to self-report to the Justice Department and the SEC, conduct a thorough investigation into the allegations, and cooperate with the government's investigation. Indeed, Siemens settled in both countries on the same day. See id. By coordinating its response in both countries, Siemens was able to manage its exposure by, in part, achieving a global settlement with the Justice Department, the SEC and the Office of the Prosecutor General in Munich rather than dealing with each agency on an individual basis.

Contrast the approach of Siemens with that of Norwegian company, Statoil, ASA. Statoil settled with Norwegian officials in October 2004 for a fine of $3 million over alleged bribes paid to an Iranian official in return for oil and natural gas rights. See SEC Press Release No. 2006-174, "SEC Sanctions Statoil for Bribes to Iranian Government Official," (Oct. 13, 2006). Since it did not work to settle with the Justice Department and the SEC at the same time, Statoil was the subject of a second investigation resulting in settlements with the Justice Department and the commission in October 2006. To settle with the Justice Department and the SEC, Statoil paid $10.5 million in disgorgement and a $10.5 million criminal penalty (which was reduced by $3 million on account of the Norwegian fine).

A Statoil-type approach of responding separately to multiple investigations instead of one coordinated global investigation runs a number of risks. Once a government investigation begins in one country, failing to inform officials in other interested jurisdictions can leave those officials with the impression that the company is hoping that the other authorities will not discover the investigation. Officials in other jurisdictions may be embarrassed if a resolution in another country is announced, and those officials may impose more stringent fines to demonstrate "toughness." The presumption should always be that in every jurisdiction where a client does business, regulators in each of those jurisdictions will likely be in contact with each other. With that in mind, a response that addresses all relevant jurisdictions will better avoid multiple and uncoordinated enforcement actions.

SELF-REPORTING

Fifth, decide whether self-reporting the result of an internal investigation is appropriate. Under U.S. guidelines, there are powerful incentives to self-report because voluntary disclosure is supposed to be taken into account in the assessment of a penalty. Both the SEC and the Justice Department have publicly issued guidelines in connection with factors they consider when deciding whether, and how much, to credit self-reporting and other forms of cooperation. Briefly, in 2001, the SEC issued the so-called Seaboard Report, which sets forth 13 criteria for assessing a company's response to learning of potential misconduct. Exchange Act Release No. 34-44969, "Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions," (Oct. 23, 2001). Those criteria can be distilled into four broad factors: "(1) self-policing prior to discovery of misconduct; (2) self-reporting misconduct upon discovery; (3) remediation; and (4) cooperation with law enforcement agencies." See Gideon Mark & Thomas C. Pearson, "Corporate Cooperation During Investigations and Audits," 13 Stan. J.L. Bus. & Fin. 1, 14 (2007).

The Justice Department, through various publicly disclosed memoranda, has also indicated that it will credit voluntary disclosure. Beginning with the so-called Holder Memorandum and culminating in the Filip Memorandum, the Justice Department instructed its prosecutors to factor into their charging decisions whether a corporation chose to self-report. These guidelines were formally adopted in the United States Attorneys' Manual, which states, "[i]n gauging the extent of the corporation's cooperation, the prosecutor may consider, among other things, whether the corporation made a voluntary and timely disclosure ... ." U.S. Department of Justice, U.S. Attorneys' Manual §9-28.700(A) (2008). The Federal Sentencing Guidelines provide similar instruction regarding factoring in voluntary disclosures. A corporation that self-reports will receive credit at the time of sentencing. See U.S. Sentencing Commission, Federal Sentencing Guidelines Manual §8C2.5(g)(2) (2008).

In the context of cross-border internal investigations, self-reporting in the United States could lead to self-reporting in other countries where the company does business. For example, the United Kingdom's Serious Fraud Office issued a report, in the bribery context, in which it indicated that "if the case is also within our jurisdiction we would expect to be notified at the same time as the [Justice Department]." See U.K. Serious Fraud Office, "Approach of the Serious Fraud Office to Dealing With Overseas Corruption," (July 21, 2009). Other Organization for Economic Cooperation and Development countries have also indicated an interest in hearing about matters that are self-reported to the Justice Department and the SEC. In fact, it is not unusual when self-reporting to the Justice Department and the SEC for there to be a discussion about what other jurisdictions should be informed, if any, of the investigation. Settlements in the United States with Siemens, Akzo Nobel, and Flowserve illustrate how cross-border cooperation is working among various countries. Indeed, the OECD recently suggested, in its 2009 Progress Report, that bribery often fits into larger anti-competitive activities (price-fixing and market-sharing cartels, for example), which suggests a need for anti-corruption and antitrust agencies to cooperate.

CONCLUSION

The fact that government agencies around the world are beginning to coordinate their efforts when investigating potential violations of local laws does not bode well for companies facing them. The ability to manage cross-border investigations can test even the most experienced of lawyers and, therefore, great care should be taken to fully understand the jurisprudence and cultural idiosyncrasies in each jurisdiction in which they may be held accountable for their actions. To the extent possible, these issues should be discussed and fully vetted before a call is made to the Justice Department or the SEC.

Claudius O. Sokenu is a partner in the securities enforcement and litigation and white collar practice groups at Arnold & Porter, resident in the New York and Washington, D.C., offices; he is a former senior counsel with the Securities and Exchange Commission, Division of Enforcement, in Washington, D.C. Jessica L. Medina and Tiffany A. Archer are associates in the firm's litigation group, resident in the D.C. office.

Subscribe to New York Law Journal