Presentation is loading. Please wait.

Presentation is loading. Please wait.

Avoiding and Untangling Knots in Company Internal Investigations in Today’s Age Presented by: Washington State Chapter - ACC March 27, 2018 5:00 pm.

Published byἸώβ Βαρνακιώτης Modified over 6 years ago

Similar presentations

Presentation on theme: "Avoiding and Untangling Knots in Company Internal Investigations in Today’s Age Presented by: Washington State Chapter - ACC March 27, 2018 5:00 pm."— Presentation transcript:

1 Avoiding and Untangling Knots in Company Internal Investigations in Today’s Age
Presented by: Washington State Chapter - ACC March 27, 2018 5:00 pm

2 Introduction What is an internal investigation?

3 Introduction So why do an internal investigation?
Assess substance of claim or report. Assess or minimize potential liability or criminal exposure. Assess or minimize reputational damage. Respond to whistleblowers. Help clients strengthen business and compliance practices. Identify appropriate internal control weaknesses. Avoid otherwise even longer, even more expensive, and even more disruptive regulatory investigation.

4 Common Issues Whistleblower Allegations Accounting Fraud
Discrimination/Retaliation Money Laundering Theft Anti-bribery (FCPA, UKBA, etc.)

5 Life Cycle of an Internal Investigation
Pre-work (ESI, personnel files, T & E reports, restructurings) Consider carefully who should conduct the investigation Develop an investigation plan Consider retaining separate counsel for officers and employees Create a witness interview plan Post investigation reporting, management, action planning, and personnel actions

6 Privilege Concerns Mary O’Connor

7 Privilege Concerns Mary O’Connor
New decisions emphasize the limits of privilege at home … Release of public report waives privilege for underlying interview memos No anticipation of litigation at time = no work product Banneker Ventures, LLC v. Graham, 253 F. Supp. 3d 64 (D.D.C. 2017) Oral download of interviews to SEC waives privilege for underlying memos Few options to disclose “facts” without effecting a waiver SEC v. Herrera, No CIV, 2017 U.S. Dist. LEXIS (S.D. Fla. Dec. 5, 2017)

8 Privilege Concerns Mary O’Connor
…and abroad. No privilege for interview memos from internal investigation conducted while cooperating with Serious Frauds Office No anticipation of litigation at time = no “litigation privilege” “Legal advice privilege” limited to control group SFO v. Eurasian Natural Resources Corporation Ltd [2017] EWHC 1017 (QB) (May 8, 2017)

9 Best Practices to Preserve Privilege Mary O’Connor
Investigation must be for purpose of legal advice Emphasize in engagement letter, witness instructions Role of non-lawyers and who engages them Know who the client is, communicate accordingly Work product requires anticipation of litigation What is the claim you anticipate Document it, update as things develop

10 Best Practices to Preserve Privilege Mary O’Connor
Sharing what you found Identify the internal and external constituencies who may need to know Are they “adversaries” – auditors, regulators, others Format of report may influence scope of waiver Negotiate confidentiality, non-waiver agreements where possible

11 Anti-Bribery Anthony Schumann *Leah Mayersohn of Mayersohn Law Group, P.A. contributed to this presentation.

12 The Anti-Bribery Act is Serious Business - Anthony Schumann
Last year alone, the US Treasury collected $2.43 billion in fines and penalties from over 20 firms that had violated provisions of the FCPA. The SEC and the Department of Justice are jointly responsible for enforcing the FCPA. The sanctions for FCPA violations are serious. The SEC may bring civil enforcement actions against companies and their officers, directors, employees, stockholders, and agents for violations of the anti-bribery or accounting provisions of the FCPA. Violators of the FCPA may have to disgorge their ill-gotten gains plus pay prejudgment interest and substantial civil penalties. Companies may also be subject to oversight by an independent consultant.

13 Updates: the Revised FCPA Corporate Enforcement Policy - Anthony Schumann
1) Presumption of Declination When a company satisfies the standards of voluntary self-disclosure, full cooperation, and timely and appropriate remediation, there will be a presumption that the Department will resolve the company’s case through a declination.  Presumption will not apply if there are aggravating circumstances regarding the nature and seriousness of the offense, or if the offender is a criminal recidivist. Treat corporations different than individuals May not impose compliance monitor if company has adopted an effective compliance program Will still be required to pay all disgorgement, forfeiture, and/or restitution from misconduct.

14 Updates: the Revised FCPA Corporate Enforcement Policy - Anthony Schumann
2) Sentencing Recommendation If company voluntarily discloses wrongdoing and satisfies all other requirements, but DOJ decides aggravating circumstances warrant filing an enforcement action, DOJ will recommend a 50% reduction off the low end of the Sentencing Guidelines fine range.   Criminal recidivists may not be eligible for such credit.   Incentive for good conduct with scrutiny of repeat offenders. Reduces incentive for repeat offenders to disclose.

15 Updates: the Revised FCPA Corporate Enforcement Policy - Anthony Schumann
3) Appropriate Compliance Program Provides details about how DOJ evaluates an appropriate compliance program, which will vary depending on the size and resources of a business.  The Policy therefore specifies some of the hallmarks of an effective compliance and ethics program.  Examples include fostering a culture of compliance; dedicating sufficient resources to compliance activities; and ensuring that experienced compliance personnel have appropriate access to management and to the board. 4) Limited Credit for Full Cooperation If company didn’t voluntarily disclose and comply, but later cooperates and remediates, 25% reduction off of the low end of the sentencing guidelines fine range

16 Updates: the Revised FCPA Corporate Enforcement Policy
Definitions of Key Terms as Updated - Anthony Schumann Voluntary Self-Disclosure: In evaluating the self-disclosure, DOJ will consider circumstances surrounding self-disclosure. • The voluntary disclosure qualifies under U.S.S.G. § 8C2.5(g)(1) as occurring, “prior to an imminent threat of disclosure or government investigation;” • The company discloses the conduct to the Department, “within a reasonably prompt time after becoming aware of the offense,” with the burden being on the company to demonstrate timeliness; and • The company discloses all relevant facts known to it, including all relevant facts about all individuals involved in the violation of law.

17 Updates: the Revised FCPA Corporate Enforcement Policy
Definitions of Key Terms as Updated - Anthony Schumann Full Cooperation on FCPA Matters: Baseline includes provisions contained in the Principles of Federal Prosecution of Business Organizations, see USAM To receive credit for full cooperation for purposes of USAM (1) (beyond the credit available under the U.S.S.G.): USAM § , disclosure on a timely basis of all facts relevant to the wrongdoing at issue, including: all relevant facts gathered during a company’s independent investigation; attribution of facts to specific sources where such attribution does not violate the attorney-client privilege, rather than a general narrative of the facts; timely updates on a company’s internal investigation, including but not limited to rolling disclosures of information; all facts related to

18 Updates: the Revised FCPA Corporate Enforcement Policy
Definitions of Key Terms as Updated - Anthony Schumann Full Cooperation on FCPA Matters (continued): involvement in the criminal activity by the company’s officers, employees, or agents; and all facts known or that become known to the company regarding potential criminal conduct by all third-party companies (including their officers, employees, or agents); • Proactive cooperation, rather than reactive; that is, the company must timely disclose facts that are relevant to the investigation, even when not specifically asked to do so, and, where the company is or should be aware of opportunities for the Department to obtain relevant evidence not in the company’s possession and not otherwise known to the Department, it must identify those opportunities to the Department;

19 Updates: the Revised FCPA Corporate Enforcement Policy
Definitions of Key Terms as Updated - Anthony Schumann Full Cooperation on FCPA Matters (continued): • Timely preservation, collection, and disclosure of relevant documents and information relating to their provenance, including disclosure of overseas documents, the locations in which such documents were found, and who found the documents, facilitation of third-party production of documents, and

20 Updates: the Revised FCPA Corporate Enforcement Policy
Definitions of Key Terms as Updated - Anthony Schumann Full Cooperation on FCPA Matters (continued): where requested and appropriate, provision of translations of relevant documents in foreign languages; Note: Where a company claims that disclosure of overseas documents is prohibited due to data privacy, blocking statutes, or other reasons related to foreign law, the company bears the burden of establishing the prohibition. Moreover, a company should work diligently to identify all available legal bases to provide such documents.

21 Updates: the Revised FCPA Corporate Enforcement Policy
Definitions of Key Terms as Updated - Anthony Schumann Full Cooperation on FCPA Matters (continued): • Where requested, de-confliction of witness interviews and other investigative steps that a company intends to take as part of its internal investigation with steps that the Department intends to take as part of its investigation; and • Where requested, making available for interviews by the Department those company officers and employees who possess relevant information; this includes, where appropriate and possible, officers, employees, and agents located overseas as well as former officers and employees (subject to the individuals’ Fifth Amendment rights), and, where possible, the facilitation of third-party production of witnesses.

22 Updates: the Revised FCPA Corporate Enforcement Policy
Definitions of Key Terms as Updated - Anthony Schumann Timely and Appropriate Remediation: The following items will be required for a company to receive full credit for timely and appropriate remediation for purposes of USAM (1) (beyond the credit available under the U.S.S.G.): • Demonstration of thorough analysis of causes of underlying conduct (i.e., a root cause analysis) and, where appropriate, remediation to address the root causes; • Implementation of an effective compliance and ethics program, the criteria for which will be periodically updated and which may vary based on the size and resources of the organization, but may include:

23 Updates: the Revised FCPA Corporate Enforcement Policy
Definitions of Key Terms as Updated - Anthony Schumann Timely and Appropriate Remediation (continued): o The company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated; o The resources the company has dedicated to compliance; o The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk; o The authority and independence of the compliance function and the availability of compliance expertise to the board;

24 Updates: the Revised FCPA Corporate Enforcement Policy
Definitions of Key Terms as Updated - Anthony Schumann Timely and Appropriate Remediation (continued): o The effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment; o The compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors; o The auditing of the compliance program to assure its effectiveness; and o The reporting structure of any compliance personnel employed or contracted by the company.

25 Updates: the Revised FCPA Corporate Enforcement Policy
Definitions of Key Terms as Updated - Anthony Schumann Timely and Appropriate Remediation (continued): • Appropriate discipline of employees, including those identified by the company as responsible for the misconduct, either through direct participation or failure in oversight, as well as those with supervisory authority over the area in which the criminal conduct occurred; • Appropriate retention of business records, and prohibiting the improper destruction or deletion of business records, including prohibiting employees from using software that generates but does not appropriately retain business records or communications; and

26 Updates: the Revised FCPA Corporate Enforcement Policy
Definitions of Key Terms as Updated - Anthony Schumann Timely and Appropriate Remediation (continued): • Any additional steps that demonstrate recognition of the seriousness of the company’s misconduct, acceptance of responsibility for it, and the implementation of measures to reduce the risk of repetition of such misconduct, including measures to identify future risks.

27 Conflicts and Tensions in Multi-Jurisdictional Investigations Don Tellock

28 Preparing for Investigation – Factual Footprint
Conflicts and Tensions in Multi-Jurisdictional Investigations Don Tellock Preparing for Investigation – Factual Footprint Internal investigations are typically triggered by one of the following scenarios: a data breach, a request for an audit, or during the course of litigation. In each scenario, the first step is to map and inventory the company’s data storage and retrieval methods in order to determine its factual posture. Some key questions to ask during this stage are: Where was the disconnect that led to the breach? Where are the company’s data servers located? Where and how does the data flow? What laws are implicated by the location of the breach?

29 Conflicts and Tensions in Multi-Jurisdictional Investigations Don Tellock
Key Legal Concerns Long-Arm Jurisdiction (state & international) Location of the data-controller Source of the data Location of the incident sparking the investigation The company’s contacts with and the location of the data subjects

30 Conflicts and Tensions in Multi-Jurisdictional Investigations Don Tellock
Key Legal Concerns B. Applicable Laws: Sarbanes-Oxley HIPAA Gramm-Leach-Bliley Act

31 Conflicts and Tensions in Multi-Jurisdictional Investigations Don Tellock
Key Legal Concerns C. Notification Requirements Does the incident qualify as a data breach in this jurisdiction? Is the notification obligation triggered by the exposed information? Is the entity subject to the jurisdiction of foreign law? What are the potential ramifications? Fines? Imprisonment? Litigation?

32 Conflicts and Tensions in Multi-Jurisdictional Investigations Don Tellock
Key Legal Concerns C. Notification Requirements (continued) Which notification laws apply when a multi-national corporation is involved? At minimum, the laws of all jurisdictions where affected employees are based (personal jurisdiction analysis) Ex: Uber In addition, a multinational corporation may also be subject to jurisdiction in each location that it has servers The GDPR will broaden this further by availing jurisdiction to wherever a company offers good and services to EU “data subjects”

33 Conflicts and Tensions in Multi-Jurisdictional Investigations Don Tellock
Key Legal Concerns D. Data Exportation The data protection laws of the jurisdiction where the data is located may not permit the data to be collected and sent to, or viewed in, any other country. Even where the laws of the country hosting the data permit export, there may be limitations regarding the countries to which data may be exported. Ex: Increasing global resistance to permitting access from the U.S. and U.K. Ex: Germany pushing the EU to build a separate and “Walled off” version of the internet to eliminate U.S. dominated infrastructure.

34 Board Entanglements/Concurrent Government and Internal Investigations – Considerations Asha Muldro

35 Board Entanglements/Concurrent Government and Internal Investigations – Considerations Asha Muldro
5 Key Features: Thoroughness Objectivity Accuracy Timeliness Credibility

36 Board Entanglements/Concurrent Government and Internal Investigations – Considerations Asha Muldro
5 Key Considerations: Independent Outside Counsel Experienced Investigator Outside Experts Potential Conflicts of Interest Forms of Communication

37 Thank you. Questions?

Download ppt "Avoiding and Untangling Knots in Company Internal Investigations in Today’s Age Presented by: Washington State Chapter - ACC March 27, 2018 5:00 pm."

Similar presentations

Association of Corporate Counsel Houston Chapter Meeting of June 8, 2010 What to Do When the Feds Come Knocking In-House Responsibilities for Criminal.

Association of Corporate Counsel Houston Chapter Meeting of June 8, 2010 What to Do When the Feds Come Knocking In-House Responsibilities for Criminal.
Contractor Code of Business Ethics and Conduct Laura K. Kennedy Senior Vice President, Ethics and Compliance SAIC.

Contractor Code of Business Ethics and Conduct Laura K. Kennedy Senior Vice President, Ethics and Compliance SAIC.
Chapter 6 The Role of Government Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written.

Chapter 6 The Role of Government Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written.
Ethical Issues in Data Security Breach Cases www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
FEDERAL SENTENCING GUIDELINES AND THEIR EFFCT ON CORPORATE ENVIRONMENTAL LIABILITY Gary A. Jones, Senior Environmental Counsel Siemens Corporation Franco.

FEDERAL SENTENCING GUIDELINES AND THEIR EFFCT ON CORPORATE ENVIRONMENTAL LIABILITY Gary A. Jones, Senior Environmental Counsel Siemens Corporation Franco.
ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.

ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.
Cross Border Internal Investigations Roger Best 06 July 2011.

Cross Border Internal Investigations Roger Best 06 July 2011.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
IS Audit Function Knowledge

IS Audit Function Knowledge
Purpose of the Standards

Purpose of the Standards
Supplier Ethics: Program Checklist

Supplier Ethics: Program Checklist
Per Anders Eriksson

Per Anders Eriksson
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Investigating & Preserving Evidence in Data Security Incidents www.ScottandScottllp.com Robert J. Scott Scott & Scott, LLP 214-999-2902.

Investigating & Preserving Evidence in Data Security Incidents Robert J. Scott Scott & Scott, LLP
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
Risk Management Reconstructed Implementing fraud risk intelligence practices July 2011 KPMG FORENSIC SM.

Risk Management Reconstructed Implementing fraud risk intelligence practices July 2011 KPMG FORENSIC SM.
Planning an Audit The Audit Process consists of the following phases:

Planning an Audit The Audit Process consists of the following phases:
Institutional Research Compliance Juliann Tenney, JD Research Compliance and Privacy Officer Director, Institutional Research Compliance Program.

Institutional Research Compliance Juliann Tenney, JD Research Compliance and Privacy Officer Director, Institutional Research Compliance Program.
Compliance and Ethics Training Overview

Compliance and Ethics Training Overview
Attorney-Client Privilege and Privacy Considerations Between US Corporations & Foreign Affiliates General Counsel Conference, Washington, D.C. October.

Attorney-Client Privilege and Privacy Considerations Between US Corporations & Foreign Affiliates General Counsel Conference, Washington, D.C. October.

Similar presentations

Ads by Google