Investigation Process Issues

Earlier this year, we wrote about a decision from the Fourth Circuit[1] that seemed to cast doubt on the legality of taint teams. Since then, two recent district court cases affirmed the legality of the practice, but emphasized limitations on government review of privileged material. These cases, together, suggest that the days of courts rubber-stamping whatever privilege review protocol the government proposes may be over, and provide a preview for how courts will handle privilege review in the future. In both, courts set limits on filter team review, ruling that sending non-privileged material straight to the prosecution without prior review by the privilege-holder fails to adequately protect the privilege-holder’s interests.

Continue Reading DOJ ‘Taint Team’ Practice Affirmed but Protocols Questioned

One of the most difficult questions faced by any management team is whether, absent a legal, regulatory or statutory duty to do so, its company should commence an internal investigation. The answer is simpler when a law enforcement agency is knocking at the company’s door, when the company receives a request for information to which it is compelled to respond or when it is the subject of a whistleblower or adverse press report. However, it is perhaps far less simple when an investigation is being voluntarily contemplated to assess the general health of the company. What happens if an issue is identified that might otherwise have remained undetected, that leads to significant costs, demands on management time, adverse press and, perhaps worse still, regulatory sanction or criminal prosecution? Might it be better to let sleeping dogs lie?

The question as to whether to undertake a voluntary investigation is one that, for many years, has caused management teams to scratch their collective heads. Given the issues that have affected many companies as a result of the worldwide COVID-19 pandemic, the question is increasingly being raised. As a result of the effects of COVID-19, some companies were rushed into decisions that they might otherwise have spent more time considering, compliance processes were shortened or even overlooked, and employees were afforded more opportunity to take autonomous decisions, often within the less supervised confines of a remote environment. Is 2021 the time to revisit some of the decisions that were made over the past year and to lift up the floorboards?

In this article, we suggest some of the advantages and disadvantages of undertaking a proactive, voluntary internal investigation. We also consider some of the ways in which a company could mitigate those potential disadvantages.


Continue Reading The Benefits and Risks of Conducting an Internal Investigation: Is it Better to Let Sleeping Dogs Lie?

Increasingly frequent cross-border investigations have raised difficult questions of privilege and work product protection over the last few years. In the United States, attorney-client privilege protects confidential communications between attorneys and clients for the purpose of seeking or rendering legal advice, and the work product doctrine protects documents or materials prepared in anticipation of litigation

In a recent roundtable as part of the World Bank Office of Suspension and Debarment’s Fifth International Debarment Colloquium, panelist Joseph Mauro (an Integrity Compliance Specialist with the Bank’s Integrity Vice Presidency (INT)) discussed efforts to move from a “stick” to a “carrot” approach with respect to corporate compliance programs.

Under the Bank’s current system, while implementation of a compliance program is a remedial measure for which mitigating credit may apply, individuals within the Integrity Compliance Office were rarely involved in reviewing a compliance program to any significant extent until after a company has already been sanctioned. Under this process, a company’s compliance program was typically reviewed in-depth only as a condition for release from sanction.


Continue Reading World Bank Purports to Move From “Stick” to “Carrot” Approach on Compliance

On 21 October 2020, Her Majesty’s Revenue and Customs (HMRC) – the UK’s tax authority – released updated figures regarding the number of investigations that it has open into potential offences under Part 3 of the Criminal Finances Act 2017 (the Act). Part 3 of the Act makes it a criminal offence for businesses to fail to put in place reasonable procedures to prevent their employees and associated persons – i.e. those who act for or on behalf of them – from criminally facilitating tax evasion.

According to the information released by HMRC, as at 13 October 2020, HMRC had 13 investigations into potential offences under the Act and a further 18 cases currently under review. HMRC also report that its investigations span 10 different business sectors, including financial services, oils, construction, labour provision and software development, and that those investigations span all HMRC customer groups from small business through to some of the UK’s largest businesses.

The number and range of investigations appear to show that HMRC is actively enforcing the Act across businesses of all shapes and sizes, even despite the pressures on workload and resources caused by the COVID-19 pandemic. This reach, together with potentially unlimited fines for businesses found guilty of the offences, is a salutary reminder that businesses must take their responsibilities seriously and put in place reasonable procedures to stop the facilitation of tax evasion.


Continue Reading The Future of the Facilitation of Tax Evasion Offences in the UK

The DC Circuit issued an opinion in late August that could significantly disrupt decades of Congressional investigations practice. In Comm. on the Judiciary of United States House of Representatives v. McGahn, No. 19-5331, 2020 WL 5104869 (D.C. Cir. Aug. 31, 2020), the DC Circuit effectively put an end to the US House Judiciary Committee’s

Federal prosecutors recently brought new indictments against U.S. academics in two separate cases involving alleged unreported ties to China. The Department of Justice moved forward its cases against the Harvard and University of Arkansas-affiliated professors as part of a broader push to combat what Assistant Attorney General for National Security John C. Demers referred to as “China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.”[1]

Both professors had ties to the Thousand Talents Program, a Chinese government program started in 2008 with the goal of improving China’s access to talent, research, and technology that the Department of Justice has been particularly focused on.[2]


Continue Reading DOJ Continues Its Aggressive Approach in Cases Involving Academics with China Ties

The following article was originally published in Law360 on July 29.

To address the issues surrounding the incidental seizure of privileged communications within a broader seizure of electronic data, the U.S. Department of Justice recently created a new Special Matters Unit within
the Fraud Section.

The unit will function as a specialized team to address

Companies that operate in more than one jurisdiction that are either carrying out an internal investigation or are subject to a criminal or regulatory investigation by U.S. law enforcement agencies will almost certainly need to consider the legality of trans-Atlantic data transfers.  Under European law, in particular, companies falling short in compliance with data protection laws could face fines of up to the higher of €20 million or 4% of annual global turnover.

With the introduction, in 2018, of the General Data Protection Regulation (“GDPR”) which generally prohibits (with some exceptions) the transfer of EU-based personal data outside of the European Economic Area (“EEA”) and other legislation, the overhaul of the EU data protection framework often leaves companies under investigation by U.S. law enforcement with tough decisions to make between complying with their obligations – or their wish – to meet U.S. prosecutors’ demands and abiding by relevant data protection laws.  In particular, some EU-based companies have found themselves at the receiving end of U.S. prosecutors’ requests or subpoenas for documents, in circumstances where compliance with them could potentially risk hefty domestic fines for breaching data protection laws.  There may also be other considerations to be borne in mind, such as relevant bank secrecy laws and common law rights to privacy, where a failure to comply with the relevant law could result in criminal sanctions including imprisonment.

Developments in U.S. and U.K. law, however, have introduced a framework for the legal cross-border transfer of data via cooperation between international authorities.  In addition to ensuring compliance with the GDPR and other privacy obligations in conducting data transfers,  U.S.- and U.K.-based communication service providers (“CSPs”)[1] should familiarize themselves with the recently signed U.K.-U.S. Bilateral Data Access Agreement (the “Agreement”).  The Agreement facilitates the objectives of the U.S. Clarifying Lawful Overseas Use of Data Act (the “CLOUD Act”) and the U.K. Crime (Overseas Production Orders) Act 2019 (the “COPOA”).  According to a communication by U.S. Attorney General William Barr to Congress earlier this year, the Agreement was scheduled to become effective on July 8, 2020, but there has been no official announcement from either the U.S. or U.K. governments on the status of the Agreement.  Indeed, earlier this month, the U.K. government anticipated that the Agreement would “come[] into use later this year[.]”  We discuss the implications of these developments and considerations for U.S.- and U.K.-based companies needing to transfer personal data[2] across the Atlantic to facilitate investigations.


Continue Reading Data Transfer Considerations in Investigations

This third post in our parallel proceedings series discusses how to reconcile the conflicting requirements of making voluntary self-disclosures (VSDs) to multiple agencies. We listed the relevant agencies in our first post, all of whom may be interested in a VSD, depending on the potential violations. In our second post, we discussed how to structure an investigation that involves those agencies. While none of these agencies imposes an absolute requirement to voluntarily disclose a violation (with limited exceptions where disclosure is required), they all offer significant benefits for doing so.

Where more than one agency is involved, disclosure of violations to each of the relevant agencies should be done simultaneously, including the Department of Justice (DOJ) if there is or appears to be potential willfulness or intent. When making the decision to disclose, the company should also consider any potential violations in related subject areas (i.e., anti-money laundering, customs, or anti-bribery and corruption laws).


Continue Reading US Export Controls and Economic Sanctions Investigations: The Perils of Parallel Proceedings (Part 3, Voluntary Disclosures)