Senn on 10 Best Practices in a Cross-Border Investigation – Part II

Today we celebrate Texas Letters. I know that might sound counter-intuitive for a state that is bunkering down for the anticipated Jade Helm invasion but there is a literary tradition that is certainly well known. On this day 79 years ago in 1936 Larry McMurtry was born in Wichita Falls, Texas. He has many accomplishments over the years, starting at 25 when he published his first novel, Horseman, Pass By (1961), in 1966 he explored small-town society isolation in The Last Picture Show, . In 1983 Terms of Endearment became an award-winning movie and in 1986. He won the Pulitzer Prize for Lonesome Dove, his 1985 bestseller about a 19^th century cattle drive.

Today I conclude a two-part series on how to formulate an effective best practices cross-border investigation based upon an interview I did with Mara Senn, a partner at Arnold & Porter LLP, who specializes in white collar defense and cases brought under the Foreign Corrupt Practices Act (FCPA). The interview was based on an article that Senn and a colleague, Michelle Albert, published in the FCPA Report, Volume 3, Number 1, entitled “Internal Investigations, How to Conduct an Anti-Corruption Investigation: Developing and Implementing the Investigation Plan”. Today I will review practices six through ten.

6. Put Form in Native Translations

Senn noted that in the countries that have strict data privacy laws, there are times that the only way an investigation can collect an employee’s personal information is to obtain affirmative assent. Such information might include work documents, work emails, or similar information. However she cautioned that in this situation it is even more important to put the consent form in the native language. She said that you do not want the employee to later claim they did not understand the consent form or thought they were executing something different. It can be critical that you have informed consent, because if you do not have informed consent, that consent could well turn out to be void.

7. Preserve the Attorney Client Privilege

I first asked Senn to briefly describe the attorney-client privilege. She responded that the attorney-client privilege is a communication between an attorney and a client for the purpose of seeking legal advice. The reason they have this privilege is to make sure that people are not afraid to go their lawyer. Further, the purpose of attorney-client privilege is set up so that you will be encouraged to have protected conversations with counsel, to make sure you understand the law so you can follow it. The US rule is relatively straightforward. It applies to both in-house and outside counsel.

However the rules outside the US can be quite different and perhaps a little bewildering. In many European countries there is no privilege from an in-house counsel, so if a General Counsel (GC) of a company speaks to the President or Chief Executive Officer (CEO) there is absolutely no privilege under basically any circumstances in Europe. Senn then noted that other jurisdictions have other kinds of laws, each with a slightly different parameter, leading to different attorney-client expectations. She gave one such example; where your client is headquartered in Germany and your in-house client is the GC, you cannot really use them as a point person to help you conduct the interview the way you would with the US in-house counsel, because they do not have the attorney-client privilege.

8. Prepare for Local Enforcement Actions

Most American lawyers are aware that increasingly, as we have seen other jurisdictions, other countries are becoming more aggressive in their enforcement actions for bribery and corruption, sometimes based upon local and domestic anti-bribery laws. Senn pointed out that information which one government knows, whichever government that is, you should expect and assume that multiple governments are cooperating in some way. This then makes it more likely that there could well be some sort of local enforcement action against your client while you are investigating matters around a FCPA claim or potential FCPA claim.

Senn believes this is another area where your local counsel can be helpful in that they should be aware of the different enforcement agencies in different countries that have different ways of doing things. For instance some countries, such as China, like to perform dawn raids; where essentially they come, they get people when they are asleep or when they are just waking up, and they just arrest them or they come in and seize documents.

Yet there are other countries where that is extremely unlikely to happen and so again, local counsel can give you an idea of what the typical raid would look like. Sometimes they just very politely call you and say, “Can we make an appointment? We’d like you to come by.” While this might not occur if the local government officials are concerned that there is the potential for the destruction of evidence, also different countries have different traditions of what they do, so you must ensure that your client is prepared for whatever may come to pass.

9. Prepare for Security Risks 

In this situation Senn was referring to personal security, physical and health safety. She gave a couple of examples that sometimes you may be going into situations or countries where it may be war torn. Or consider the recent situation when Ebola was going around Western Africa or Central Africa. If you are conducting an investigation in such ravaged areas you should not send your employees to Liberia at that time to interview people. The same can be true in worn-turn areas like Syria or similar locales.

Senn articulated that the better plan would be to remove the people you are interviewing and bring them to you or to a local hub outside of the impacted areas. That avoids a whole host of issues, as you do not want to have to pay for extra security, for example you do not want your employees to have to walk around with loaded machine guns protecting them; you have to make a judgment call as to where and whether these potential threats need to be addressed in some way.

10. Protect Whistleblowers

Here Senn had some very practical advice, which while it might seem counter-intuitive on the surface due to certain legal decisions, it might actually provide more protections for companies in the long run. Senn began by noting the 2^nd Circuit Court of Appeals ruling in the Liu case, which essentially found that the Dodd-Frank retaliation provisions that protect whistleblowers in the US do not apply abroad, so in other words, a foreign whistleblower brought a case saying, “I was retaliated against and I bring a case under the retaliation provisions of Dodd-Frank,” and they said, “No way, you can’t bring it.”

Senn believes that companies that use the Liu decision as a basis to retaliate against whistleblowers outside the US are wrong for several reasons. First, is that the Securities and Exchange Commission (SEC) has announced they will still pay whistleblower outside the US, who come forward and meet the requirements, the Dodd-Frank bounty of up to 30% of the penalty. This means that even if courts determine that the Dodd-Frank provisions do not apply for retaliation for foreign nationals, the SEC can still honor the communication and compensate the foreign whistleblower.

The second reason Senn listed is that the US Sentencing Guidelines make clear that part of an effective compliance and ethics program includes having a publicized system for employees or agents to report potential or actual criminal conduct without fear of retaliation. These Sentencing Guidelines apply to all US companies, both domestic and internationally. Senn believes that if your company retaliates against foreign whistleblowers, the US government can take that into account, which could be viewed in a negative way, meaning that you don’t have an effective compliance and ethics program.

Senn’s best practices around the issue of cross-border investigations are excellent points for you to review if you have to consider such an investigation. Further, if you retain outside counsel to lead your investigation, you can use her best practices as guideposts to scope, plan and assist your outside counsel going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Senn on 10 Best Practices in a Cross-Border Investigation – Part I

Today we celebrate a closure for it was on this day in 1935 that probably the best-known baseball player in the history of the game, George Herman ‘Babe’ Ruth, retired. While many of his records were broken with the march of history, his career slugging percentage of .690 remains the highest in Major League history. He was an oversized character in every way, from the mammoth home runs that he hit, to his ingestion of hot dogs. While his lifestyle may not be considered best practices for today’s major leaguer to emulate, his name, nicknames and legend will live on as long as baseball is remembered.

I thought about Ruth as I begin a two-part series on how to formulate an effective best practices cross-border investigation based upon an interview I did with Mara Senn, a partner at Arnold & Porter LLP, who specializes in white collar defense and cases brought under the Foreign Corrupt Practices Act (FCPA). The interview was based on an article that Senn and a colleague, Michelle Albert, published in the FCPA Report, Volume 3, Number 1, entitled “Internal Investigations, How to Conduct an Anti-Corruption Investigation: Developing and Implementing the Investigation Plan”. Today I will review practices one through five.

1. Offer Interview Translations

Senn believes that most people know English to a certain extent and that it is a very universal language nowadays. While many people outside the US have various levels of capabilities in a non-native language, when you get into the very detailed questions in an interview, they may have enough English skills that you assume they understand everything, but in fact, they do not. You may ask a key question, for example, about expense reports, maybe they understand conversational English, but there’s no reason for them to know expense reports. This makes it important to have someone present in the interview that speaks the witness’s native language, and just assume that there are going to be times where you’re going to need to call on that person. She cautioned that you should make it clear to the witness at the outset of the interview that you do not perceive a problem with their English and they understand the reason for the translator.

2. Avoid Cultural Pitfalls

Here Senn noted that cultural pitfalls are really truly pitfalls and, unfortunately, they can be big deep holes that you do not know anything about, but you can fall into pretty easily. She provided the issue of personal privacy as an example, where most countries have a different concept of privacy, particularly about whether your work area is your own versus what really belongs to the company. In most states in the US, employees fully understand that your employer can come in and take anything from your office at any time, even if it is personal, because you’ve brought it to work. Yet in many other countries, this is not the case. Things at your desk generally are never touched or looked at by anybody else and that’s considered your sanctum where no one else can come. If you go in and do a regular document sweep, the way that you would do in the US, that could be perceived as horribly offensive. She cautioned you should seek local counsel guidance to understand what needs to be done and also explain to you the best way to do it without offending people.

She explained that you do not want witnesses to begin the interview process with a negative view of you and you want them to be cooperative in the interview. This makes it in your best interest to follow local cultural norms. Otherwise, interviews can become embarrassing and awkward at times, if you do fall into one of these cultural pitfalls.

3. Observe Data Privacy Restrictions

Most American lawyers are aware of different data privacy restrictions and requirements in countries governed by the European Union (EU) and the US. Senn mentioned that some of that is related to employee and employment law; whether or not they have ownership of certain information, and then other parts of the law that really do have to do with data privacy, which means personal information that no matter what form it is in, it cannot be disseminated. But here the point under this best practice is that your analysis and response must go much further to satisfy the US Department of Justice (DOJ) if you want to claim that you cannot get certain information out of a country because of data privacy restrictions.

For instance if you have personal data that you are routinely sending cross-border yet when an investigation begins you claim that you cannot take it out of that same country, for instance Germany; the DOJ will take a dim view of that claim. Further, even if there is a data privacy law on the books, yet the country does not enforce the law, that could work against any data privacy claim as well. So you will need to be prepared to fully present persuasive evidence on this issue if you try and make such a claim.

4. Comply with Labor Requirements

Similar to the long-standing Weingarten right of unionized employees in the US to have a representative present for interviews, in many countries outside the US there are Works Council and similar analogs in other countries, where, basically, the Works Council is responsible for the interactions between the employers and the employees. Moreover, employees have certain statutory or labor code based rights as employees, regardless of whether they are members of a labor union or not. These rights can drill down into the types of questions that you can ask or even prevent you from meeting with or interviewing certain employees.

Senn noted that you may well have to work through Works Council to make sure that the way you ask the questions, and those present for the company, are acceptable to Works Council. If you do not have this pre-approval it may be that the Works Council prevents you from meeting with certain employees. For each area that you operate in, you must engage the local legal counsel to determine what is the best way to work with the Works Council, or similar types of organizations, to ensure that you can get done what needs to get done in your investigation.

5. Be Aware of Other Local Requirements

Points three and four certainly lead into Senn best practice No. 5. She believes it is incumbent that you work with local counsel in the country you are performing the interviews to garner an understanding of the witnesses rights and your obligations during any investigation. She explained that many ways a US lawyer would think about doing an investigation could be problematic in other jurisdictions. She gave the examples of taking pictures or physically removing documents from a location, which could be issues that you might face. You certainly need advice and counsel on what is legal and what might not be going forward.

Ruth and Senn; Senn and Ruth? Even if you do not immediately associate them, Mara Senn has once again provided the compliance practitioner with concrete steps to take around international investigations and their protocol. Tomorrow, I will consider her practices six through ten.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Senn Interview, Part III – Post Incident Remediation

I conclude my three-part series based upon my podcast interview of noted white-collar defense lawyer and Foreign Corrupt Practices Act (FCPA) practitioner Mara Senn, a partner at Arnold & Porter LLP. In Part I, I considered Senn’s thoughts on conducting internal investigations. In Part II, I looked at Senn’s decision-making calculus around the decision to self-disclose if you have determined that a potential FCPA violation existed. Today, I consider her thoughts on what steps a company should take if it comes to the decision not to self-report a potential FCPA violation. These include the remediation of potential or actual conduct that might arguably violate the FCPA and the actions you should take on an ongoing basis.

One of the things Senn made clear is that whether you decide to self-disclose or not, your company must fully remediate the issue which led to that. She suggested that a company should act as if they will draw government scrutiny. She said, “the best way to go about it is to assume, act as if, the government is breathing down their necks on this very issue and fully remediate. The nice thing is they can decide what that means, fully remediate.”

I inquired as to whether that meant a systemic look at the company’s operations on a global, worldwide basis, particularly in view of Assistant Attorney General Leslie Caldwell’s recent admonition not to ‘boil the ocean’ in the context of your FCPA internal investigation. Senn replied, “It used to be that in the government’s view, fully remediating meant go to 10 different countries, even if there’s no suspicion of any activity going on, just to make sure that everything’s okay. They’re now backing away from that, and in fact, they’re saying that the private sector is the one who started that whole trend, which is not quite consistent with history.”

Recognizing that there is always a risk that the government will come knocking, either via a whistleblower or other mechanism, Senn replied, “you want to be squeaky clean, so that when the government comes to you, if in the future, like a year down the line, you have another problem or the government has a whistleblower or whatever, that you can say, look, in our opinion, we did an analysis, and we thought it was not necessary to self-disclose. On the other hand, we were horrified and very upset by the fact that this potential infraction happened on our watch, and we’ve done the following 5 things, and we’ve remediated.”

She went on to explain, “What you want to do is show to the government, “We understand the problems that caused this, and we got to the root of it. Either it’s a bad apple, and we got rid of that bad apple, or it was really a failure of compliance structures, and we’ve fixed that part of the compliance structures. In fact, we’ve added more, just to double check and make sure that in this particular area or similar areas, depending on what it is, we will detect, prevent, and if we detect something, we will remediate.” They, the government, can feel comfortable that you did what they would have asked you to do anyways. That doesn’t always have to be onerous, sometimes it is depending on the scope of the issue, but that’s what I would say about that.”

Senn listed several actions that a company could engage in to demonstrate that it had taken solid remediation steps. Obviously, a company can “bulk up its compliance program.” But she added that it is important that a company demonstrate action taken against the nefarious party or parties. A company can discipline up to and including discharge. But do not forget lesser forms of discipline including docking pay or suspension without pay or other steps short of termination. I would add that you should consider the FCPA Guidance on this final point where it notes, “A compliance program should apply from the board room to the supply room—no one should be beyond its reach. DOJ and SEC will thus consider whether, when enforcing a compliance program, a company has appropriate and clear disciplinary procedures, whether those procedures are applied reliably and promptly, and whether they are commensurate with the violation.” [emphasis supplied]

Yet more than simply remediating an issue or even violation, Senn believes that a company should work to stay on top of its program thereafter. Certainly if you agree to a Deferred Prosecution Agreement (DPA) or Non-Prosecution Agreement (NPA), your company will either have an external monitor or reporting obligation to the Department of Justice (DOJ) going forward.

I asked her about ongoing monitoring of your compliance program; both the enhancements you might put in place to remedy generally and the specific issues that caused the problem initially. Senn agreed that is an important step going forward, she stated, “Absolutely, but I think that the monitoring requirement has now essentially expanded to the whole program. The government really expects you now to be having ongoing improvement and ongoing monitoring, so it’s not like you put in a policy 3 years ago and don’t do anything and then assume it’s okay. I think maybe you would put in a special extra audit or something like that on that particular situation, but really you should have in your compliance program an overall monitoring function that allows you to do that for all of your programs to various levels and various degrees. Yes, I think so, but it may not be as intensive as your typical external monitor, because you’re going to be integrating that into a program that’s really more holistic than just checking on that one thing. You’re going to be checking on a system-wide basis.”

Clearly this position was articulated in the FCPA Guidance as Hallmark Nine of an Effective Compliance Program. The Guidance states, “An organization should take the time to review and test its controls, and it should think critically about its potential weaknesses and risk areas.” The Guidance ended this Hallmark by stating, “Although the nature and the frequency of proactive evaluations may vary depending on the size and complexity of an organization, the idea behind such efforts is the same: continuous improvement and sustainability.”

To listen to the full Mara Senn interview, go to the FCPA Compliance and Ethics Report, by clicking here, or download it from iTunes.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Senn Interview, Part II – A Discussion of the Decision to Self-Disclosure

In today’s post, I continue to explore my recent interview of Mara Senn, a partner at Arnold & Porter LLP in Washington DC. Senn is a white-collar practitioner who whose practice includes representing companies in investigations of the Foreign Corrupt Practices Act (FCPA). In Part I, we reviewed Senn’s thought on how to prepare and deal with a FCPA investigation. Today I review her thoughts on the decision to self-disclose if a potential FCPA violation arises.

One of the things that has always been difficult is to quantify the benefits of self-disclosure of a potential FCPA violation by a company to the Department of Justice (DOJ) or Securities and Exchange Commission (SEC). At least for the DOJ, its base line analysis for calculating penalties comes from the US Sentencing Guidelines. As stated in the FCPA Guidance, “To determine the appropriate penalty, the “offense level” is first calculated by examining both the severity of the crime and facts specific to the crime, with appropriate reductions for cooperation and acceptance of responsibility, and, for business entities, addi­tional factors such as voluntary disclosure, cooperation, pre-existing compliance programs, and remediation.”

The Sentencing Guidelines, §8C2.5(g) states that an overall fine can be reduced through the following:

(g)       Self-Reporting, Cooperation, and Acceptance of Responsibility  

If more than one applies, use the greatest:

• If the organization (A) prior to an imminent threat of disclosure or government investigation; and (B) within a reasonably prompt time after becoming aware of the offense, reported the offense to appropriate governmental authorities, fully cooperated in the investigation, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 5 points; or
• If the organization fully cooperated in the investigation and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 2 points; or
• If the organization clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 1 point. 

Both the DOJ and SEC representatives consistently state in speeches and other public commentary on the benefits of self-disclosure. Some commentators, notably Mike Volkov in his blog, caution that any decision to self-disclose should be well thought through and that if an issue can be resolved through an internal investigation, subsequent remediation and ongoing monitoring to make sure it does not happen again, self-disclosure many not be warranted. In my podcast interview with Mara Senn I ask her how she might help a client work through this most difficult issue.

While self-reporting has in many ways become the norm in many situations where a company uncovers what might arguably be a FCPA violation; Senn comes down that self-reporting should be “the exception and not the rule.” She first pointed to the “structure of self-reporting, the thing that I think gets lost in the shuffle is there’s absolutely no legal obligation to self-disclose in FCPA cases, at all. There may be other disclosure obligations, because of a public company or what have you, but under the law of the FCPA, and under criminal law, no company has an affirmative duty to self-disclose.”

She went on to explain unlike in anti-trust or cartel cases, “where the first company who’s the first in to self-report gets immunity. It’s a totally different structure in the FCPA area for many reasons, most of which are appropriate, but you don’t get immunity, you get cooperation credit”. This cooperation credit is based on the Sentencing Guidelines cited above but Senn explained that, from her perspective, “The problem is, a lot of these calculations are very very opaque. Under the sentencing guidelines, you get a 5-point decrease if you self-report, cooperate, and accept responsibility. You get 2 points off if you cooperate and accept responsibility, and then just 1 point for accepting responsibility. Under this system, supposedly, self-disclosure standing alone is worth 3 points, and each of the other ones are worth 1.” This leads her to believe that “in my experience, you get almost as much credit, if not as much credit, for cooperating with the government once they come to you, even if you didn’t disclose in the first place. The myth is that self-disclosure is some kind of really big bump in cooperation credit. I think, in practice, that really doesn’t bear water.” This leads her to believe that “This idea of credibility by self-disclosing is so intangible, and it’s not quantifiable.”

I posed the question of credibility with the government. One of things that I consistently advocate is that you need to have credibility with the DOJ or SEC when you sit across the table at any point during a FCPA investigation. I had thought that self-disclosure would add to that credibility. However Senn explained that it is the lawyer or law firm representing the company that can go a long way towards establishing credibility. She said, “For those of us who regularly appear before the government, we already have credibility, and they understand that the client may or may not agree with recommendations we make, and they know that we’ll be a straight shooter once we’re in front of them, however we get in front of them.” But is more than the lawyer or law firm that brings credibility; it is actions of the company as well. Of course this means the steps the company has taken and its cooperation with the government during the pendency of the FCPA investigation.

Senn even described a visual way to think through this by describing an X and Y-axis that creates four squares. She articulated it as follows, “On one axis, you have the seriousness of the potential violation, and then the likelihood of discovery on the other axis. In both of these areas, both the seriousness and the likelihood of discovery, I draw the line to be in a more rational, but it may be different, than the traditional norm.”

I asked Senn about the plethora of ways that a FCPA violation or issue can be reported now and if that should play a role the calculus to self-disclose or not. I found her response very interesting. She said, “I think that the likelihood of discovery issue is really really important if you think that companies get a lot of credit for self-reporting. If you don’t think that, which I don’t think that they do particularly, then really the focus is on cooperation and not so much on the self-reporting itself.” Even with the wide spread knowledge of Dodd-Frank whistleblower awards and protections Senn believes that “most employees really don’t realize they can get money from the government if they are whistleblowers on these sorts of things. I don’t think it’s been particularly well publicized, and obviously employers are not training their employees to explain to them that they can be whistleblowers.” She even pointed to the recent statistics from the SEC report on whistleblowers, stating, “If you look at the latest SEC whistleblower report, only 4.3% of the tips reported were FCPA cases. It’s not like people are hitting down their door with all these FCPA cases.”

I found Senn thoughts on the issue of self-disclosure certainly an interesting way to consider this most complex and significant issue. For all the criticism of FCPA Inc. and the FCPA Paparazzi, it also demonstrates the importance of having counsel well versed in both the legal issues of the FCPA and representing a company before the government in the event your company is in an investigation.

In Part III of my series on Senn’s interview, I will focus on her thoughts on remediation of any FCPA violation and steps going forward.

To listen to the full Mara Senn interview, go to the FCPA Compliance and Ethics Report, by clicking here, or download it from iTunes.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Senn Interview, Part I – Investigations Under the FCPA

One of the things that I am questioned on is when to bring in outside counsel for a Foreign Corrupt Practices Act (FCPA) investigation or simply to take a look at an issue that may have raised a Red Flag but is not yet a FCPA violation. Clearly a reason is retain the attorney client privilege and I think most Chief Compliance Officers (CCOs) and compliance practitioners understand that reason, but one of the things I learned as a trial lawyer is that you need to understand who your ultimate audience will be in work you do as a lawyer. If you draft a contract, you need to think through how it will play out in front of a judge or jury. If you start an FCPA investigation, your ultimate audience may well be the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). I recently had the opportunity to visit with white-collar practitioner Mara Senn, a partner at Arnold & Porter LLP, on this issue. She had several insights that I thought were insightful to assist a CCO or compliance practitioner to think through these issues. Today, I begin a three-part blog post on some of Senn’s thoughts on investigations for potential FCPA violations; tomorrow we will look at the decision (or not) to self-disclose and, finally, remediation if you discover a FCPA violation.

Unfortunately, many investigations being in a crisis situation, where a company may have discovered something that they know is bad but they do not know how bad that particular problem might be or they are not aware just how widespread the problem is. Senn indicated that the first thing she would note is that not every single incident requires outside counsel. There are all kinds of issues that can be handled very efficiently and effectively by in-house counsel. Moreover, there will be other issues and corporate disciplines involved such as the Human Resources (HR) Department. She explained that for a typical compliance blip that may happen, you do not need to call in an outside counsel right away, but if you do have these indicia of larger problems, particularly if you are a public company, it is a good idea to call outside counsel because you may be involved in reporting obligations. She cautioned that even at this early stage, outside counsel does not have to be boots on the ground and may not be required to be intimately involved if it is not a very complicated case.

Even with the above information, I asked Senn if there were any advantages she might see from bringing in outside counsel from the get-go rather than waiting. She articulated a number of things. First, there is more credibility if it is an independent review. If you are working for the company in whatever capacity, the government is not going to believe, as much, that it’s an independent investigation. From the government’s perspective, DOJ and/or SEC, they do not typically know the company involved in the investigation. Further, government regulators and enforcement officials are typically suspicious that a company is going to try to do what is right for the company. Of course there have been documented enforcement actions where companies have either destroyed documents or tried to hide things, such as witnesses or other evidence. In certain situations, an employee may look the other way, either purposefully or not really realizing what they’re seeing, and may take the investigation in the wrong direction. You want to just inoculate against that kind of problem.

Second, Senn said that there are very complicated issues that come up in cross-border situations. She provided four quick examples: privacy laws; labor laws; cultural issues and language issues. It can be very helpful, more cost effective and important from a legal compliance perspective to have somebody who is experienced in those kinds of issues.

Finally, and what I found most interesting, was Senn’s perspective on document preservation. She believes that “probably from the government’s perspective, the most important aspect of setting up an investigation in a way that makes them feel comfortable, is ensuring that all data is locked down.” Some questions that she believes counsel needs to ask are: “Do you have hand held devices? Where are all of your servers? What is your back-up tape situation? Are you trained in forensically retaining information?” Basically you need to get into the technical nitty gritty and if you do not, you could end up having a situation where either information is lost or there’s a possibility or suspicion that information is lost. Unfortunately, that is the situation that leads to a prosecutor’s imagination going wild. Senn ended her thoughts on this key point with the following, “the thing you want to do is just lock down that information, so if it ever comes to a point where the government says, “Well, we want to kick the tires,” you can say, “Okay, don’t worry. We’ve got everything you would have gotten otherwise.”

All of these steps can lead your company, through its investigation counsel, to having credibility with the DOJ and SEC. She made clear that the government will not only put you through your paces but also test the vibrancy of your investigation protocol and steps you might take as an independent assessor. She said that “if they realize, or they think, that all you’re doing is parroting what they consider to be the company line, and you haven’t gone in and independently really taken a look for yourself, you’re just going to come off as less credible, as somebody that they can’t really trust. That is definitely something that a company wants to avoid at all costs.”

I really liked the way Senn phrased the next step, “You don’t want to go too crazy” around scoping out the investigation. After getting the documents and technology locked down you should try and figure out the bad actor(s). Depending on the situation of whether the investigation target is aware of their status, you may be forced into “somewhat of a stealth investigation, where instead of going full bore and sending out document holds and things like that, you first want to essentially get that person’s information and make sure that they’re not going to do anything to their information. If there are a number of people you know are at issue, you want to lock that down, as well.”

The next step is to collect the documents forensically and use the information gleaned from this step in the process to do what Senn called “lay of the land interviews” where you try and obtain enough information to have a basic understanding of the situation, who the key players and who may be involved in the incident. Senn also believes you can garner quite a bit of information from working with your client before the actual interviews begin. You can look at organizational charts; see the number of employees who could have touched the transaction(s) at issue and also the countries involved. Also a review of the company’s financial accounting systems is critical so that you can assess how much will have to be done manually and in-country. (Think Avon)

One of the questions that I have struggled with is at what point in the investigation process is it appropriate to discipline employees, up to and including termination? I was gratified when Senn said this not only was a difficult question but also required a case-by-case analysis. You should begin by taking any persons out of the responsible situation. Paid leave pending an investigation is one option. If you terminate them, they will be gone and you will have zero control over them for initial interviews, follow-up interviews or assistance. She explained, “the government might want to interview that person. If you fired them, and that person has moved away or is now inaccessible to the government, it’s actually worse. My tendency is to keep them around, but just prevent them from continuing to do any of the harm that they may have previously done.”

In my next post, I will review Senn’s thoughts on the subject of self-disclosure.

To listen to the full interview with Mara Senn, go to the FCPA Compliance and Ethics Report, by clicking here, or download it from iTunes.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015