After years of successful Foreign Corrupt Practices Act (FCPA) investigations by the U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC), signals are strongly pointing to new levels of cooperation by foreign regulators with U.S. authorities and an increase in parallel enforcement actions abroad. The broad implementation of anti-corruption laws worldwide led to several significant developments during 2013 in Europe, Latin America, and Asia. This included the United Kingdom’s first-ever charges under the U.K. Bribery Act since its 2011 enactment, Brazil’s passage of the sweeping Clean Companies Act, and large anti-corruption investigations by Chinese authorities. In a keynote address in November 2013, the SEC’s then-Co-Director of the Division of Enforcement, Andrew Ceresney, lauded “the tremendous increase in cooperation that we have received from other governments” and the “transformation in our ability to get meaningful and timely assistance from our international partners.”
The increased involvement by foreign regulators in U.S.-led investigations, in addition to the inherent risk of parallel actions, not only raises the stakes for corporations undergoing FCPA investigations but also creates several pitfalls related to the conduct of an investigation and the handling of information that corporate counsel should recognize.
With a broad range of countries poised to combat corruption, once allegations of foreign corporate bribery come to public light through corporate disclosures or otherwise, it is safe to assume that foreign regulators in affected countries will take note. Corporate counsel should therefore assess the risk of potential foreign parallel or follow-on investigations, as well as law governing data disclosure and privilege in each jurisdiction, and guide their investigations accordingly.
Foreign restrictions on the review and transfer of data for internal investigations
Corporations facing anti-corruption investigations in both the U.S. and abroad should evaluate any applicable foreign restrictions on the collection and transfer of data. Many countries have adopted data protection laws that restrict access to email records, chats or other electronically stored information. In some jurisdictions, strong data protection laws not only prevent corporations from reviewing certain information without an employee’s consent, but may require corporations to provide the affected employee with access to the targeted information and an opportunity to correct any inaccuracies.
For example, the European Union’s Data Protection Directive, which serves as the primary legislation on data protection in Europe, severely limits the permissible circumstances in which an employee’s communications can be collected and reviewed, even when electronic data has been transferred out of the EU. Pursuant to the EU Directive, each member country has enacted data protection laws that are at least as protective as the Directive itself. Several countries, including Germany, Italy and France, have enacted more stringent data protection laws. Many countries have also enacted blocking statutes to restrict significantly or even prevent the transfer of data to other jurisdictions where the data may be subject to foreign subpoena power. From the earliest stages of an investigation, corporate counsel must observe applicable foreign data protection laws and blocking statues when responding to U.S. enforcement authorities.
Important considerations to prevent a waiver of applicable privileges
The investigation of corruption allegations abroad also raises important risks concerning both the creation and handling of privileged materials. Corporations with an international footprint often have experienced in-house litigation and regulatory counsel who, at first glance, would seem well equipped to conduct an internal investigation. Indeed, in-house counsel may work out of the foreign office where the alleged conduct occurred, have intimate knowledge of the business at issue and perhaps even know the individuals at the center of the investigation.
Even so, corporate counsel managing an investigation should warn in-house counsel that their communications with employees during the course of an investigation may be subject to disclosure in one or more of the potentially investigating jurisdictions. Although it is well established in the U.S. that the attorney-client privilege applies to a corporation’s internal investigation (so long as the usual elements of the privilege are otherwise satisfied), communications with in-house counsel often lack protection in other jurisdictions. This fundamental difference should not only guide a corporation’s internal investigation, but should also inform the manner in which in-house counsel assist outside counsel for all activities conducted outside the U.S. Where counsel could previously rely upon the broad protections afforded to privileged communications in U.S. courts, increased enforcement abroad now requires careful attention to all in-house work related to a foreign investigation in order to shield privileged investigatory work from foreign regulators.
In the wake of escalating FCPA recoveries in the U.S., other countries have increasingly joined the anti-corruption effort. As a result, corporate counsel navigating today’s anti-corruption investigations must not only consider potential exposure to domestic and foreign enforcement authorities, but must appreciate the significant differences in how foreign jurisdictions regulate the disclosure of data and the protection afforded privileged communications. By accounting for these risks, corporate counsel will place their clients in the best position to respond to anti-corruption inquiries spanning multiple jurisdictions.