Introduction
The more countries and jurisdictions are involved in a matter, the harder it becomes to run and complete an investigation quickly, efficiently, and comprehensively. Various issues arise like language barriers, different cultural perceptions, local laws, data privacy provisions, and blocking statutes. All of those have to be coordinated at the same time. Such investigations are therefore, not only difficult to complete, but also bear the risk that the investigation itself may lead to cases on non-compliance. As a consequence, those in charge of such investigations have to be mindful to avoid generating such risks – also for themselves personally.
While it is no substitute for individually tailored legal advice, this Guide aims to reduce those very risks. It provides a general overview of investigations on the European continent to help orient those leading or involved with such investigations. The following article provides an overview of the most important questions and considerations that arise during the various stages of an investigation – from the beginning to the end.
Start of a cross-border investigation
Various issues have to be considered after an initial assessment of which countries are implicated in the investigation.
The first question is often whether local support is needed. The answer will often be yes. Mostly, local in-house legal capabilities will be sufficient. However, outside counsel or other external resources will sometimes have to be consulted. In this regard, it has to be noted that it may prove difficult to find the right experts in certain countries. In many locations there is seldom an abundance of white-collar crime or compliance experts. It is therefore advisable to build and maintain a network of experts in the most important countries, even before an investigation starts. In crisis situations (like dawn raids or cyber-attacks) there may not be time to search for local support. Even if there is time, if competitors or other companies are faced with the same problem, the best counsel may already have been taken or may already be conflicted once they are approached. Working with non-expert counsel, especially in smaller legal markets, can bear risks and create inefficiencies.
Once the team has been assembled, the next question is whether one is even allowed to investigate in the respective country. This question must be answered with the help of dedicated local counsel. In this regard, one has to differentiate between blocking statutes and data privacy considerations. A blocking statute will often mean that all or certain investigative measures may not be allowed or may only be allowed with special permission. Data privacy concerns relate to the treatment of data containing personal information, but rarely present an absolute obstacle to any investigative step. To provide a simple example, a blocking statute may prevent an interview, while data privacy laws may simply limit the use of information gathered from an interview or call for special measures for the collection and treatment of that data.
Once the question of blocking statutes has been addressed, one may have to clarify whether specific bodies like trade unions, works councils, corporate supervisory boards, financial stakeholders and shareholders have to be informed of the start of the investigation or the information that led to the investigation. Some local laws have very rigid and detailed disclosure requirements. The violation of any such requirements might hinder the investigation or even lead to civil or criminal liability of the company or the individual actors.
In addition, it must be carefully assessed whether early disclosures to local law enforcement agencies are necessary or would be helpful from a strategic standpoint. In some countries, certain situations call for such disclosure under the applicable local laws. In other countries it is culturally necessary to involve the authorities to maintain a cooperative atmosphere. In other countries, however, such disclosures are uncommon and may create more problems than they solve. In cross-border cases, where many authorities may be involved, there may be a strategic advantage to disclosing information in a certain order or having one authority take the lead. Especially at this stage, local expertise – legally and culturally – is very helpful to avoid making the wrong decisions.
The investigative phase
Once all obstacles that may hinder the start of an investigation have been cleared, the company can start the investigation.
An investigation often begins with so-called immediate measures. Normally, the first task is to ensure that any potentially on-going criminal or unlawful conduct is stopped. This frequently means monitoring certain payment streams or putting certain individuals at least under close monitoring to make sure that all their actions are appropriate going forward. It may also mean checking whether certain products can still be sold on the market.
Another early step is to ensure that all data potentially relevant to the investigation is preserved. This may entail a wide range of measures, from issuing a data hold to suspending auto-delete functions to immediately imaging data carriers. These measures play an important role in dissuading local prosecutors from performing dawn raids. If one can demonstrate that all relevant data has been stored securely, it may even be disproportionate for prosecutors to raid companies.
The investigation team then has to decide who will formally lead the investigation. The question often comes down to whether this is done by in-house counsel or external lawyers. In this regard, the sensitivity of the matter and privilege protection will often be decisive factors. The rule of thumb is that countries in Continental Europe often award very little privilege protection to in-house counsel. This can even mean that work product of outside counsel in the custody of in-house counsel of the company could be confiscated and reviewed by the authorities in some jurisdictions. Therefore, the decision is not only who runs the investigation, but also where to generate and store sensitive work product.
When collecting and reviewing information, data privacy laws have to be considered. The good news is that a uniform European Data Privacy Regulation came into force in 2018. This reduced the impact of local law specifics. On the other hand, local law specifics are not completely abolished as for example certain labor laws or criminal laws may contain stricter provisions on data handling. In addition, potential penalties substantially increased and rules became more stringent. Given the potential legal exposure and the complexity of the issue, it is strongly recommended that expert data privacy counsel be part of any cross-border investigation team in all phases. Another specific issue in cross-border cases is the "export" of data to other countries. This can be particularly problematic if such countries do not have an equivalent level of data privacy protection compared to the European Union. This may necessitate a case-by-case analysis and may also call for additional protective measures like reducing data amounts or redacting personal information before any data transfer.
The right of participation of works councils and/or trade unions during an investigation may also need to be considered. Local laws will have different views in this regard. A mistake in this area can have serious consequences. It cannot only damage the relationship between the company and its employees, but can also lead to the end or at least to an interruption of the investigation itself. Disregarding the rights of a works council may allow this body to obtain a cease-and-desist order against the investigation.
Interviews often also raise various legal issues, such as the need for data privacy waivers and the need for special instructions on the right to not self-incriminate or the right to legal counsel. Each jurisdiction has its own rules and best practices in this regard. If an interviewee is not properly instructed or the interview is otherwise not done correctly, these issues can lead to evidence being deemed inadmissible down the road.
The end of the investigation
Questions arising at the end of an investigation may also vary from one jurisdiction to the other. However, some issues are frequently in focus in many countries.
The first question, which comes up rather frequently, is whether a detailed investigation report should be produced or not. This is, again, linked to the question of privilege. If in-house counsel produces an investigation report, this report may not be privileged in many countries on the European continent. Even if outside counsel produces the report, it may have only limited protection if it enters into the custody of the company. In some countries, authorities may view the waiver of privilege and production of the report as necessary to demonstrate good will and cooperation. There may then be pressure to produce such a report.
Another step at the end of the life cycle of an investigation is remediation. Firstly, this may make an update of internal processes necessary. What is legally possible and state of the art with respect to internal guidelines may differ greatly, especially throughout Europe. For companies operating in multiple jurisdictions, it may be necessary to conform worldwide internal guidelines to the higher legal standard in the home jurisdiction, even though a lower standard may be permissible in local jurisdictions. In the end, it is often in the home jurisdiction where the biggest risks lie. Secondly, personnel measures like warning letters, trainings and terminations will play an important role in any remediation. In this regard, it is important to note that countries may have different deadlines for implementing personnel measures. If the deadlines are missed, personnel measures may not be taken for that reason alone. Furthermore, it may again be necessary to involve works councils or trade unions in such processes. The prerequisites for termination will also differ greatly among countries. For example, it may be much easier to terminate an employee in the United Kingdom than in France or Germany.
Finally, a step that is sometimes missed at the end of an investigation is recovery. In many countries, board members are responsible for compliance in companies. If a major compliance failure arises, board members may be liable to the company if they had knowledge of the conduct or if they had responsibility for the respective compliance topic and failed to implement an appropriate compliance system. The company may then even be under a duty to assess such claims against its own board members and – if there is substance to such claims – pursue them. This may even mean that, if the company or the management of the company fail to assess and pursue such claims, those responsible for the assessment may themselves be liable for the omission. In Germany, for example, this can even lead to the criminal liability of the supervisory board for breach of fiduciary duties.
Conclusion
Many steps have to be kept in mind when doing a cross-border investigation in or involving Europe. Issues can arise at every stage in the life cycle of an investigation. It is not necessary to know all the answers from the beginning, but important to ask the right questions. Once a potential issue has been identified, the investigative process can be set up and managed in a way that minimizes risks.
Dr. Sebastian Lach
Partner
Hogan Lovells Munich
T +49 89 29012 187
sebastian.lach@hoganlovells.com
|
Sebastian Lach is partner at Hogan Lovells Munich and head of the German IWCF practice. Sebastian handles compliance and investigation issues, as well as complex product safety and liability cases. In the field of compliance and investigations, he has advised various clients on the creation of global compliance systems. Sebastian has successfully advised on criminal matters (e.g. bribery, fraud, embezzlement) and internal investigations relating to more than 50 countries worldwide, including FCPA, SEC/DOJ implications. Throughout his career, he has handled more than 20 multi-jurisdictional investigations, most of them for Fortune 500 and DAX 30 clients. |
|
|
Désirée Maier
Partner
Hogan Lovells Munich
T +49 89 29012 289
desiree.maier@hoganlovells.com
|
Désirée Maier focuses on white-collar, compliance and internal investigations. She advises national and international clients from various industries, in particular life sciences, on all issues of compliance. One focus of her work lies in the set-up and management of internal compliance investigations. She has particular experience in advising during dawn raids, conducting cross-border compliance investigations, as well as in communicating with German, U.S., and other authorities. Désirée also advises clients on the establishment and enforcement of global compliance systems. Moreover, she has expertise in supporting clients in the defense against criminal law charges and providing advice on recovery issues in relation to claims arising from compliance matters. Désirée also worked in the U.S. legal department of a world-leading U.S. pharmaceutical company (Fortune 500) with a global responsibility for investigations. |