David DiBari, Clifford Chance’s Americas Head of the Litigation & Dispute Resolution practice, shares his game plan for approaching cross-border investigations. He is joined by colleagues from international offices of the firm, including London and Hong Kong, who provide their region-specific perspectives. His remarks have been edited for length and style.
MCC: What are the unique challenges of conducting cross-border versus domestic internal investigations? Can you provide some specific examples?
DiBari: Every internal investigation should begin with an end game – the ultimate objective – and a plan to get there along the most efficient path. The more you can anticipate potential issues you may encounter along the way, the better you can prepare for them in the investigation plan and achieve a successful outcome for the client. And the need to see the potential issues increases exponentially in a cross-border investigation. You effectively need eyes in the back of your head – and sometimes on the sides and the top as well. The failure to see, anticipate, identify and take into account the myriad potential local issues – for example, legal, linguistic, logistical, cultural, political and practical – in each affected jurisdiction can be disastrous for your client. These issues affect the investigation process, timing, efficiency and ultimately substance. Ignoring local rules can create further liability as well as serious reputational harm for your client.
For example, when working in the People’s Republic of China, you need to be mindful that the law on protection of state secrets can severely restrict the ability to transfer information and documents outside the country. But you may still be able to secure approval from the proper government authorities if you have the right arguments and have managed the issue properly from the beginning. It can be very difficult to secure complete and accurate information from employees who are actually trying to be cooperative without understanding the language, local practices and culture.
For investigations in the EU, most people are generally familiar with the restrictions of data protection on the processing and transfer of personal data. The catch, however, is that those restrictions and the exceptions thereto can differ greatly from one country to the next, and can turn on which entity in which jurisdiction is the “data controller.” European labor and employment laws, and the roles of the Works Councils – unions on steroids – can all impact the investigation process, the ability and manner of accessing data, and what you can do with it. And yes, those vary by jurisdiction as well.
Of course, bank secrecy in Switzerland and Singapore is strict, but so too is bank secrecy in certain South American countries. Finally, in contrast to most situations in a domestic U.S. internal investigation, employees located outside the U.S. don’t necessarily need to fully cooperate in order to retain their jobs.
Planning is important for both domestic U.S. and cross-border investigations. But the added complexity of cross-border investigations underscores the need to have the right team with the right expertise to achieve your end game.
MCC: I would imagine there always are ancillary risks tied to any investigation – and depending on the countries involved, I would think they could be huge. What are some of the most important considerations companies should be aware of?
DiBari: A growing risk today in cross-border investigations arises from the increase in countries that can – and will – pursue corporate criminal liability, combined with increased international cooperation among regulators and criminal authorities. Having to anticipate issues, and simultaneously manage and defend the risk of local and U.S. enforcement actions, also has changed the game.
The strategies for dealing with a U.S. criminal or regulatory authority can differ materially from those used to defend a company in an investigation by a non-U.S. authority. The U.S. concepts of cooperation and voluntary disclosure may serve a company’s best interests in the U.S. but could be a tactical error in a non-U.S. jurisdiction where prosecutorial discretion is limited at best. Further complicating the situation, rules governing privilege, as well as what constitutes a waiver of privilege, can differ widely. Local disclosure obligations by company affiliates also need to be considered when deciding which entity retains the external firm and what information is shared even within a company group. You need to develop a single strategy that works across the jurisdictions, since taking a materially different position in one jurisdiction can come back to be used against you by another authority.
In short, U.S. authorities now have plenty of company in the cross-border investigation sandbox, and they all get along much better than before. Organizations require a global defensive strategy to manage this risk.
MCC: After the Foreign Corrupt Practices Act (FCPA) was enacted in 1977, it largely stood on its own for a long time. With other countries increasingly enacting their own anti-corruption statutes, how has the legal landscape changed?
DiBari: For a long time after the enactment of the FCPA, U.S. companies were operating internationally at a severe competitive disadvantage against their non-U.S. counterparts. In some jurisdictions, companies took a tax deduction for payments that were illegal for U.S. companies to make. This began to change after 1997 with the OECD Convention on Combating Bribery of Foreign Public Officials. As part of the convention, the signatories agreed to implement legislation approximating the prohibitions of the FCPA. Still, non-U.S. anti-public-corruption enforcement outside the U.S. was slow to take root; it’s one thing to have a statute on the books and quite another to investigate and to enforce it.
Today, the landscape is quite different, and foreign public corruption investigations are by definition cross-border, with all of the complexities previously discussed. The best example of how things have changed is playing out in Brazil, where Brazilian prosecutors, armed with a new anti-corruption law with real teeth, have been pursuing both companies and government officials in so-called Operation Car Wash, or Lavo Jato. At the center of the scandal are a number of Brazilian companies that are listed on U.S. exchanges and thus subject to the FCPA. While public information indicates that the SEC and DOJ are very much involved and coordinating with their Brazilian counterparts, it seems clear that the local Brazilian prosecutors are taking the lead, at least for now. This apparent deference by U.S. authorities to local authorities is a new development.
MCC: How much of a learning curve is there when an investigation requires you to work with a new jurisdiction for the first time? What role does culture play? And how important is it to have a presence in local markets when conducting multijurisdictional investigations?
DiBari: It is essential to appreciate that an investigation outside your home jurisdiction is an away game, and different tactics and considerations can come into play. You need to respect the importance of local expertise and experience to achieve your objectives, and typically there is no time for on-the-job training. We’ve already talked about the importance of understanding the culture for purposes of gathering information from local employees, but it’s also important to understand the local enforcement authorities and regulators. Having relationships with the local enforcement authorities, understanding how they work, what their priorities and pressures can be, and what tactics are most effective, can be the difference between success and failure. At the same time, the local advice needs to be consistent with the global strategy, so optimally you are working with a firm that also has an established local presence in the key relevant jurisdictions.
MCC: Looking ahead, what are the critical compliance areas you think companies should focus on over the next 5 to 10 years?
DiBari: Companies across the globe, and at the board level, are increasingly focused on risk management. And this is not limited to the regulated industries, like financial services. More than ever, risk management is at the center of corporate governance, and when done right, it empowers senior management to make smarter decisions. There are several risks I see on the horizon in the next 5 to 10 years. Perhaps the most significant is the ubiquitous risk from so-called big data, i.e., information electronically generated by a company and retained. If I were a general counsel, I’d spend many sleepless nights worrying about potential risks buried in my data and how to mitigate them before being served with a subpoena to search it … or before a hacker, whether commercially or politically motivated, dumps it on the internet. Cybersecurity measures are intended to prevent access but unfortunately are imperfect. In the next decade, I expect companies to be far more focused on understanding what data they have, what risks are contained therein and implementing more effective data-retention measures.
United States: Multilateral Cooperation Heightens Risk
Today's global compliance landscape finds U.S. and foreign authorities increasingly cooperating on cross-border matters. Because U.S. authorities have powerful statutory and prosecutorial tools – and take a broad view of their jurisdiction – companies must always keep a sharp eye on U.S. exposure. Any company that is based in the U.S., accesses the U.S. capital markets, conducts business in U.S. dollars or through the U.S. financial system, or has substantial operations or sales in the U.S. may find itself subject to inquiry here as well as overseas. Multijurisdictional participation creates complex management challenges, which now extend to addressing expectations of not only the U.S. authorities, but also foreign regulators and prosecutors. Cross-border cooperation also means that all agencies have access to documents and witnesses, increasing the need to understand exposure and risk in any jurisdiction and under any applicable law. Meanwhile, the DOJ's enhanced policy on individual accountability, reflected in the Yates Memorandum, has complicated the dynamic of internal investigations. It has reduced cooperation and trust between companies and their employees, making it harder to determine the facts and mount a defense – especially where local employment law does not allow employers to compel employees to cooperate.
Steve Nickelsburg, a partner in Clifford Chance’s Litigation and Dispute Resolution practice in Washington D.C. can be reached at Steve.Nickelsburg@CliffordChance.com.
Europe: Jurisdictions Muscling Up
European authorities have closely watched the high-profile actions taken by U.S. authorities over the years, and since the financial crisis, now have a growing mandate and incentive to be active themselves in enforcing the laws available to them. At the same time, European jurisdictions have, in many cases, sought to strengthen those laws. This combination has made for an increase in European criminal, regulatory and administrative enforcement activity in matters ranging from market misconduct to antitrust and white-collar issues, such as bribery. Often, this activity is marked by increased degrees of not just cooperation but coordination across European and continental borders – including with U.S. authorities – on evidence gathering, intelligence exchange and investigative primacy. As a result, a multinational caught in the crosshairs will be defending itself on multiple fronts, many times facing authorities who will want to levy a sanction whether the matter is of marginal relevance to their jurisdictions or not.
Luke Tolaini, a partner in Clifford Chance’s Litigation & Dispute Resolution practice in London, can be reached at Luke.Tolaini@CliffordChance.com.
Asia: Think Globally, Act Locally
The diverse regulatory regimes and enforcement practices of Asia-Pacific countries, from China to Australia, require multinational companies to think globally and act locally when developing their internal investigation plans. There is a vast difference between the strength and focus of regulations concerning financial crimes, such as countries in which only individuals can be charged and those in which corporate misconduct is targeted. Enforcement appetite also varies, even within countries and their particular agencies. An internal investigation must consider that there is no unified position on privilege and immunity, employment laws, data privacy and state secrets, local language and culture, and the availability of local external litigation support resources. The highly publicized three-year Chinese anti-corruption crackdown has gone viral throughout Asia as nearby countries have been asked to cooperate with China’s efforts to repatriate “tigers and flies” and their offshore funds.
Wendy Wysong, a partner in Clifford Chance’s Litigation & Dispute Resolution practice in the Hong Kong and Washington, D.C. offices, can be reached at Wendy.Wysong@CliffordChance.com.
Published October 4, 2016.