with contributing authors Michelle Mizutani and Michelle Williams
It is now more than half a year since the U.S. Department of Justice (DOJ) formally announced a policy of pursuing the prosecution of individuals responsible for corporate wrongdoing. The memorandum of Deputy Attorney General Sally Quillian Yates (the Memo) was issued on September 9, 2015. But what of its impact seven months later? Have practices and procedures changed and, if so, to what extent?
The Memo started from the assumption that “one of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing.” So-called “cooperation credit” enables an organization to mitigate the impact of corporate misdeeds. Earning it can help to ensure the entity’s very survival when faced with a DOJ civil or criminal investigation. Corporations that show outstanding cooperation are eligible for a deferred prosecution agreement (DPA) or non-prosecution agreement (NPA), as well as lower civil or criminal fines.
In order to be eligible for cooperation credit however, the Memo stated that a company had to:
- “Identify all individuals involved in or responsible for the misconduct at issue, regardless of their position, status or seniority” and
- “Provide to the [DOJ] all facts relating to that misconduct.”
The Memo therefore sets out an all-or-nothing prerequisite for an entity in cooperating with the DOJ. If companies choose to cooperate, they commit themselves to seeking out facts and evidence that will establish the culpability of particular individuals. They also commit themselves to doing this in a timely fashion, showing they are being proactive in getting to the bottom of the wrongdoing. By focusing on individuals, the DOJ hopes to increase the possibility that lower-level staff will cooperate in providing evidence against those who are more senior to them in the company.
Unintended Consequences
Judging by the experience of defense counsel, it appears the Memo has had some unintended consequences. Instead of encouraging and facilitating the reporting of wrongdoing, it appears it has in fact deterred companies from divulging information about its employees, potentially including senior executives.
The approach of the Memo, where companies have to provide all relevant facts in order to be eligible for any cooperation credit, means that companies have to provide information about employees even when they cannot be certain whether those employees are in fact involved in the wrongdoing. Generally, companies appear reluctant to do this.
In addition, such requests for information about individuals leads to potential conflicts of interest between the company and its employees, as employees are now more keen to seek independent legal advice during internal investigations. This can complicate procedures and significantly increase the costs for the company as they recognize the need for individuals to have separate representation.
In addition, it would not be surprising if independent legal counsel were to advise their clients not to cooperate with their respective employer on the grounds that evidence provided could be used by the company to obtain cooperation credit from the government to the detriment of the individual.
The UK Experience
In the past, DPAs and NPAs were viewed as one of the most desirable options for companies, but beginning a process that may lead to personal exposure on the part of company executives may not be favored in the same way.
In light of the Memo, companies may now be deterred from reporting corporate misconduct in the United States. In contrast, the appetite for companies to self-report in the UK may be on the rise in light of the approval of the UK’s first DPA towards the end of last year.
On November 30, 2015, Lord Justice Leveson approved a DPA with ICBC Standard Bank plc (Standard Bank). The early reporting of the conduct in question, was central to the decision on the part of the Serious Fraud Office (SFO) to offer Standard Bank a DPA rather than prosecute, as was the cooperation offered to the SFO. Further, Lord Justice Leveson, who approved the DPA, confirmed that this held “considerable weight” in his own assessment of whether to approve the DPA.[1]
DPAs have been available in the UK since February of 2013, but this was the first occasion on which one has been approved. This could signal a new trend within the SFO to offer companies DPAs and escape prosecution. Consequently, there is now more of an incentive for companies to self-report in the UK.
Impact for Companies in Asia
For companies in Asia, the impact of the Memo and the UK’s DPA regime highlights the importance of carefully considering the decision of whether and when to report corporate wrongdoing.
Local law advice as to whether and when to self-report should be sought in each jurisdiction to which the company is subject. This will enable companies to assess the advantages and disadvantages of reporting in individual jurisdictions.
Local law advice should also consider the impact of self-reporting on the following:
- Data Protection Laws. Data protection laws in certain countries restrict data being transferred overseas, but typically the DOJ does not excuse companies from providing information on the basis of data privacy concerns.
- Legal Professional Privilege. Certain countries do not recognize the concept of legal professional privilege. However, if privileged communications are disclosed to the authorities in one country (that does not recognize the concept of privilege), this may constitute a waiver of privilege in other counties (where typically privileged communications would be protected from disclosure).
- Employment Law. Certain jurisdictions impose requirements on employers that could hinder or significantly delay the ability of the employer to identify to the DOJ the employees engaged in wrongdoing. Likewise, in many jurisdictions outside the United States, terminating employees is subject to strict procedural requirements that grant many rights to the employee for recourse, including to local labor. Further, even where an employer could provide the names of its employees, the employer would be unable to compel the employee to subject him/herself to U.S. jurisdiction through extradition (where available).
With the growing trend for international cooperation between authorities, if a company voluntarily reports to the authorities in one country, authorities in other countries may be automatically alerted. Consequently, the decision of whether or not to self-report warrants careful consideration with targeted advice provided across jurisdictions.
[1] https://www.sfo.gov.uk/2015/11/30/sfo-agrees-first-uk-dpa-with-standard-bank/