What’s New in the Toolbox for Australian Regulators?
Companies and individuals are increasingly the targets of regulatory investigations in Australia. Local regulators have long expressed frustration at the disparity between the options available to them when compared to their overseas counterparts. However, recent developments indicate a broadening of the suite of tools available to Australian regulators and the importance for companies to stay abreast of the changes.
In September 2017, three individuals were convicted in Australia’s first public sentence of conspiracy to bribe a foreign public official following a guilty plea shortly before trial. The defendants were not the original targets of the investigation; investigators were looking into their business associate when they happened upon intercepted telephone conversations involving the planned bribing of Iraqi officials. These intercepts provided much of the evidence gathered by prosecutors.
The initial basis for the intercepts was not entirely clear as the Telecommunications (Interception and Access) Act 1979 (Cth) requires a “serious offense” for an intercept warrant. Once calls are lawfully intercepted, however, they are generally admissible in other proceedings. The individuals involved were sentenced to imprisonment of up to four years and two were fined.
This decision is a timely reminder of the permissible use of telephone intercepts and other telecommunications data in identifying criminal activity.
In Australia, regulators are able to access certain customer information required to be kept by telecommunication companies for a period of two years. Recent legislative amendments mandate the dataset that must be stored. Regulators are able to access this information through a variety of methods to assist in investigations including stored communications warrants, which can provide access to the content of emails and SMS messages. Regulators can also use telecommunications data authorizations, for access to metadata.
Metadata access is available to enforcement agencies if it is “reasonably necessary” and authorized, without even requiring a warrant. Whilst metadata won’t give away the content of conversations, it does indicate individual phone numbers of the parties to the conversation, the timing, and the length. Call logs will also disclose the frequency of contact. This information can be particularly important to investigators as a fundamental building block of their case.
Will it Soon Be Safer to Blow the Whistle?
Regulators are assisted by whistleblowers, particularly in situations where detection of wrongdoing is notoriously difficult. Australian lawmakers have long been criticized for the lack of protection in place for private sector whistleblowers, which creates a culture of silence (see our previous publication.)
In October 2017, draft legislation was released which aims to address the current inadequacies together with a public consultation. The proposed legislation creates a defined “whistleblower regulated entity”, expands on the class of persons covered (to include family members) and the types of disclosures that can be made. Confidentiality protections are also expanded with greater financial sanctions. The proposed legislation does not yet include U.S. style rewards for whistleblowers whose information yields results for regulators.
Preparation and Training
Up-to-date staff training is essential to ensure compliance with the changing landscape. If your company has operations outside Australia, common role-playing scenarios should involve money laundering or bribery to help employees appreciate the real risks involved.
Staff should understand that phone calls, texts and emails create a permanent record. Staff may not realize that their personal activity on company email may be subjected to production to a regulator if it falls within the terms of a search warrant or production notice. An email to a friend about a development at work, something the individual never intended to amount to tipping off, may lead to an investigation of insider trading.
Often front-of-house staff are not trained in how to react when a regulator comes knocking. Consider training for all front-of-house staff as to what to look out for, who to call and what to do if a warrant is served. Consideration should be given to protect legal professional privilege and material not within the scope of the warrant. Records should be kept of everything removed from the office.
Increasingly, companies need to separate the legal representation of the company from that of key individuals. Companies often have a law firm or panel of firms available to them if a crisis occurs but neglect to have a plan for their staff. Consider preparing a list of preferred law firms that senior members of staff can access if independent legal representation is required when they are approached by a regulator. While these law firms do not owe any obligation to the company, competent and adequate employee representation protects not only their rights but may also prevent inadvertent and unnecessary disclosures against the company’s interests.
In an increasingly regulated world, corporate bodies must ensure compliance practices are up-to-date and relevant. With regulators showcasing their new and expanded investigative tools, companies must ensure that a culture of compliance is established and emphasized throughout the company.