Experts on FCPA law and technology discuss what exactly cooperation means during an anti-corruption investigation and whether or not it can contribute to reduced penalties and fines.

Transcript

Angela Navarro: [2:43] Thank you, Aarti, and welcome everyone to our presentation today. After we meet our panel of experts, we will set the stage by providing an overview of the Foreign Corrupt Practices Act, and the current landscape surrounding it.

[2:56] Next, we'll take on the issue of cooperation in the context of a government FCPA investigation and dive into the e-discovery and data privacy components of handling a cooperative investigation.

[3:10] Following that discussion, we'll introduce some guidelines that we've compiled from the government on these topics. Finally, we'll conclude by summarizing top tips to keep in mind and we'll answer questions that our audience members have submitted in the Q&A feature on the console.

[3:27] Now, let's meet our speakers.

[3:31] We are pleased to welcome Phil Bezanson, a partner with Bracewell & Giuliani. Mr. Bezanson's practice focuses on white collar criminal defense, internal investigations, securities enforcement and regulatory matters.

[3:45] He is a member of the Bracewell & Giuliani team that represented corporate and individual clients in recent high profile and complex cases, and a variety of matters involving the Foreign Corrupt Practices Act, accounting practices at publicly traded companies and trading desks at financial institutions.

[4:03] Welcome, Phil, and thank you for joining us.

[4:08] Next, we are please to welcome Amy Schuller, our senior associate with Orrick, Herrington & Sutcliffe. Ms. Schuller's practice focuses on the Foreign Corrupt Practices Act and criminal antitrust matters. She regularly represents Fortune 500 companies conducting FCPA internal investigations in connection with inquiries by the DOJ and SEC and has conducted over 75 global investigations in Asia, Central America, South America, and Africa. She has also developed tailored FCPA policies, global codes of ethics and trading materials designed to fit the needs of the client and market and we are very pleased that she is joining us today.

[4:49] Welcome, Amy.

[4:52] Rounding out our panel from the technology side is Chris Sitter, Head of Global eDiscovery, Digital Forensics and Incident Response Technology at Juniper Networks. Chris is a leading innovator in the ediscovery technology space, and is well known for developing custom defensible solutions to execute on large scale discovery request and federal investigations for Fortune 1000 companies.

[5:16] As a forensic expert, Chris has assisted federal and local government as well as many private law firms with their cases.

[5:23] Welcome, Chris. Thank you for sharing your expertise with us today.

[5:28] Finally, our moderator today is Craig Earnshaw, Senior Managing Director in FTI Consulting's Technology segment. Craig has worked in the electronic evidence field for over 15 years, and has considerable experience in both the technical and strategic application of forensic technology. He provides advice to clients in the areas of European Union based evidence collection and disclosure, computer-based forensics and electronic data hosting for litigation and regulatory increase.

[5:58] Welcome, Craig. Thank you for moderating the presentation today. I'd now like to turn the call over to you. Please go ahead.

Craig Earnshaw: [6:06] That's great. Thank you very much, Angela. Phil, to open up our session today, whilst I'm sure that many of our attendees will have at least a rudimentary of the Foreign Corrupt Practices Act, could I ask you to just spend a few minutes giving the group today an overview of the law and its primary objectives?

Philip Bezanson: [6:25] Sure, I'm happy to. Hello, everybody. The Foreign Corrupt Practices Act really has two main components to it. It has anti-bribery provisions, and it has accounting provisions.

[6:38] The anti-bribery provisions were designed to prohibit companies and individuals from providing, and then the phrase is anything of value to foreign officials in order to obtain business, to retain business, or to obtain a business advantage. The accounting provisions address the need to keep accurate books and records, to establish internal controls, and importantly to have those internal controls followed.

Craig: [7:13] That's great, Phil, thanks. Looking at, obviously, the other side to this, which is the enforcement and penalties, how has that landscape changed over the years? In what ways have people started getting more, should we say, creative with the bribe side of things in recent times?

Philip: [7:32] On the enforcement and penalties side, the FCPA is enforced by both the Department of Justice in the United States and the SEC. For Department of Justice enforcement, that includes possibilities of fines, other financial penalties, up to an including prison sentences for individuals.

[7:53] On the SEC side, it can include fines, penalties, restrictions on the ability to participate in activities of a public company, and other accounting problems that a public company could face when getting punished by the SEC.

[8:13] The size of penalties has really spiked, I think, in the last 10 or 15 years. The FCPA was established in the late 1970s and remained largely unenforced and fairly quiet for maybe the first 15 or 20 years of its existence. In the last '90s and early 2000s, it became a popular enforcement mechanism.

[8:44] That's just steamrolled to more cases, more investigations, and as a wider range of questionable conduct has been uncovered and investigated, the kinds of fines and penalties that have followed those investigations have really exploded.

[9:06] As the number of cases increased, the numbers of investigations increased, the types of conduct uncovered are fairly pedestrian infractions to incredibly blatant out-and-out infractions. When you have those variations, both the Department of Justice and the SEC looks to punish in a way that's commensurate to the misconduct.

[9:35] On the substantive legal side, there have been two really important evolutions in how the FCPA is interpreted and how cases and investigations are brought. Those are two terms in the anti-bribery provisions that deal with the phrase anything of value and what it means to be a foreign official.

[10:00] For example, the concept of anything of value is much greater than the proverbial bag of cash delivered to a member of a foreign government in the dark of night in an underground parking lot.

[10:14] Anything of value includes things like gifts, travel, meals, lodgings, loans, or other non-arm's length transactions that are off-market or at favorable rates, charitable or political donations, certain business or employment or investment opportunities.

[10:37] There are investigations that deal with scholarships or internships for others or professional opportunities provided to relatives of government officials. Also things like public or quasi-public projects that could benefit the local foreign official in some way, like building a park in someone's home district and having that elected official take credit for that park as part of a reelection campaign.

[11:13] Also, as I mentioned, the definition of foreign official is a somewhat elastic one. It's not just an officer or elected official in a foreign government. It includes employees of a government or employees of a department of a government, officers or employees of a company or a business that's owned in whole or in part by a foreign government, officers or employees of public international organizations, political parties and their officials, candidates for political office, members of royal families or other aristocratic families that have political or economic influence.

[11:58] I think the takeaway is that in the investigations that have been brought and the cases that have been brought in the last 10 or 15 years, that value and foreign official can very much be in the eye of the beholder when it comes to the investigator.

Craig: [12:17] Completely understood, Phil. Let's bring in Amy Schuller at this point. Amy, given the nature and the potential implications of a breach of the legislation, what kind of an impact can an FCPA investigation have on the corporation whilst it's being undertaken, and then potentially afterwards if it's found guilty?

Amy Schuller: [12:37] Thank you, Craig. The impact can be quite significant, obviously, but in the both short and long-term perspective. During the investigation, a corporation can expect very high legal costs. It's just the nature of the beast. There has to be a lot of work done both with documents and with interviewing personnel and interacting with the government.

[12:59] There's also a great disruption to the business as the inside and outside counsel are doing their work, but also there needs to be some garnering of resources in finance and to collect the documents and some time taken as this investigation is going on.

[13:19] Depending on the findings of the investigation, it can also disrupt operations because certain management needs to be replaced or put on leave. In general, it makes running your business a little bit more difficult.

[13:34] If you get to a point where there's a fine, a fine is obviously very costly, and the resolution might involve something more long-term, such as an FCPA monitorship, in which case a corporate monitor is appointed to assess and review the business' operations for several years. Those fees are expected to be paid by the corporation as well, so that can also be costly.

[13:58] In other areas, the compliance program for the corporation might also need to be overhauled, which takes a fair amount of cost and resources. There can also be some public impact in the press and media coverage, damage to the brand. There can be lowering of share price and derivative lawsuits from shareholders resulting from the investigation and resolution. Obviously, it can be quite significant.

Craig: [14:30] Indeed it can, indeed it can. Moving on to the concept of cooperation, which is really our main theme of the day today, Amy, do you want to just talk for a few moments on what cooperation is in the context of an FCPA investigation?

Amy: [14:47] Yes. Cooperation in the context of FCPA can be both a very simple concept and a very complex concept. Simply it's a decision to self-report an FCPA violation or assist with an existing government investigation in the hopes of reaching a favorable resolution.

[15:11] It can be a bit complex to describe, because it looks different in every case. It's very fact-specific, as Leslie Caldwell has provided guidance regarding in a recent speech. It really is going to look different in every single case, depending on the type of corporation, the type of conduct, and the timing of the cooperation.

[15:35] But I think it's somewhat simple as well, because I think people know when they're cooperating. You know it when you see it. It's a decision to be helpful as opposed to adversarial. Once a corporation truly commits to be cooperative, I don't think finding your way into cooperation is actually that difficult.

[15:55] But essentially it's a posture. It's a posture to be helpful. It does involve action. In the context of an FCPA action, it's usually an internal investigation conducted by the corporation with assistance of outside counsel. The scope of that investigation will vary depending on the context. It usually involves quite a bit of document collection, review, preservation, usually translation.

[16:23] It also involves, as Leslie Caldwell has also pointed out, identifying individuals within the corporation that have been involved in the misconduct. That can be a very difficult thing for a corporation to do, particularly when it goes up to senior management.

[16:38] Then being willing to act on the individuals that you've identified and take other remediation efforts as well, whether that be reworking structures and processes, third-party audits, but willing to take remedial action.

[16:55] In my perspective, cooperation is synonymous with transparency. When you decide to cooperate with the government, you're deciding to be transparent about what you do know and what you don't know at all stages in the investigation. That lends credibility as well.

[17:15] Another factor that's really significant in cooperation in the context of FCPA is timing. Timing is absolutely critical. One avenue a corporation can take if they identify the misconduct themselves is to self-report. That might be a whole another webinar on that decision, but that can be a difficult one. Or you can cooperate with a government investigation that's been initiated by the government based on their investigation or a third-party whistleblower.

[17:43] At which point in that investigation you decide to cooperate will have a significant effect on the credit that you will get for cooperating.

[17:55] The benefits of cooperation...There are a lot of benefits for cooperation. [laughs] In addition to reduced penalties, perhaps a deferred prosecution agreement, or a decision not to prosecute by the government, there are a lot of other less tangible or quantifiable benefits to cooperation.

[18:13] One is predictability. A corporation gains more control over the process. When you decide to cooperate, you become a participant in the investigation. Then you can help determine the speed, and hopefully the resolution.

[18:29] It can be very valuable in terms of the press coverage that you'll get. Obviously, there's a more favorable presentation of a corporation that's identified a problem and is willing to take action on it.

[18:44] It can also be really important for internal messaging and perhaps preventing future violations. If you are sending the cultural message that you are a company that, when it sees a problem, wants to take care of it, that can be really important in terms of the future compliance efforts that your company will take.

[19:03] Finally, a corporation can, by cooperating, begin to work towards a remediation. You're essentially front-loading the costs of the violation. Instead of waiting for a fine, you're starting to spend some of that money as you're cleaning up some of the problem areas in the corporation.

[19:22] But there are, obviously, downsides as well to cooperating. It's really, really expensive, and it's really disruptive, as I talked about earlier. Another downside is that when you go in to cooperate with the government, you're essentially going open-kimono. You can't hide certain bits, because that will somehow be detected, usually, and you'll lose credibility, but also it'll undermine your efforts to get towards a favorable resolution.

Craig: [19:53] Just one thing, just to make sure everybody is up to speed, do you want to just let our audience know about Leslie Caldwell, who she is, and why her opinions are relevant? Given that she's had a couple of mentions so far in the session.

Amy: [20:10] Yeah, absolutely. Leslie Caldwell is the current Assistant Attorney General, and she has recently spoken in April specifically on this topic and tried to give some guidance on what cooperation means in the context of the FCPA.

[20:27] Her remarks were very helpful. She tried to outline the scope of an investigation as essentially being something that's reasonable and targeted and within the control of the corporation to determine. But that it has to be reasonable.

[20:41] That goes back to my earlier comments about...You know as a corporation whether you're trying to be helpful or not. But if you have a problem in China, you need to look at China, obviously, but you might not need to look at India, unless you have a reason, unless you know something that directs you in that attention. It's scoping it in a reasonable way.

[21:04] She also highlighted something that I mentioned. It's important to the government that a corporation is willing to identify individuals, individual wrongdoers, whether they be executives or lower-level employees who are involved in the misconduct. Instead of just calling it a corporate misconduct and trying to get out of the situation without there being any individual consequences.

Craig: [21:35] Understood. Thanks, Amy. Just in terms of the decision-making process that a corporation would potentially go through when considering, should they be cooperating, shouldn't they be cooperating with the prosecutor, what might that decision-making process look like?

Amy: [21:53] It's a difficult one. It's essentially a business decision. It's a cost-benefit analysis. But before you can get to that decision-making process, you have to get your arms around the problem. The company needs to be willing to do some sort of an internal investigation, whether or not the government is involved at that point, to figure out what the problem is.

[22:14] An internal investigation is usually best-served with the assistance of outside counsel who can offer some independent and also some added benefits of privilege, privilege protection. Once you have an idea of the size of the problem, meaning the nature of the actual violation, how big, how much money, or the geographical problem, it could be something that's fairly widespread.

[22:39] Once you have a sense of that you can begin to determine the costs and the benefits. If you know you have a problem and it's pretty big, you might want to go in and just take care of it. If it's fairly minimal or the government doesn't know about it yet or -- and notice that I said yet. With the rise of the whistleblower culture, it's becoming more and more likely that significant misconduct will somehow see the light of day.

[23:14] There's also another consideration of what kind of company do you want to be? I've had some clients who decide to cooperate because they want to send that internal messaging that when we see that we have a problem, we're going to go ahead and take care of it.

Craig: [23:34] That makes a lot of sense. Phil, just bringing you back in here, in terms of cooperation with a prosecutor's investigation, what are the ways that you've seen corporations cooperating?

Philip: [23:53] The first point which is the starting point for any exercise in cooperation is something that Amy hit squarely between the eyes, which is establishing credibility and maintaining credibility throughout the time period where you're working with the government through its investigation and whatever follows.

[24:16] To keep that credibility involves having an ongoing dialog, to understanding what the government is interested in and being able to convey to the government enough information to satisfy its inquiry and also to make sure that you're not collecting all kinds of unnecessary information that would prolong the investigation.

[24:41] Unfortunately, many FCPA investigations are where you think you are at day one isn't where you're going to be on day 50 or 100 or 365, because fact evolve.

[25:01] You really want to be sure that when you're reporting facts to the government and sharing those facts, that it's done in the context of where you are with your investigation, that things might not be final, things may change. There may be outside sources that the company or investigating counsel may not have access to.

[25:26] One of the things that is a very practical, difficult hurdle to overcome is nearly all FCPA investigations involve witnesses located abroad who aren't company employees who may not want to cooperate with the company, may not want to talk to the company's lawyers, and may have their own agendas for raising issues with the US government, with their local government, with your client's competitors in the local market.

[26:01] They can provide information or misinformation that you as an investigator aren't expecting and may have a hard time overcoming in terms of communicating with the US government if you don't have credibility.

[26:20] The government, in my experience, tries to keep a fairly blank page that it populates with facts that it learns from the company, from the company's counsel, and from other sources. When there are discrepancies in the facts coming from the company and the facts coming from external sources, that adds levels of difficulty to maintaining credibility and demonstrating that the company is being transparent or the company is being cooperative.

[26:57] That is, as we've talked about, a company that has a good corporate culture this is deserving of a less dramatic resolution to the investigation, however it plays out.

Craig: [27:17] Just thinking about the decisions that a corporation and its counsel will take in respect of the cooperation process, have you ever seen any unintended consequences of making some of those decisions that might be beneficial for our audience to know about?

Philip: [27:36] Sure. The unintended consequences go hand in hand with the fact that there are facts out there that you don't know and that you won't be able to learn on your own.

[27:47] That witnesses may emerge in an investigation that started involving conduct in China that refer to similar conduct going on in other regions where all of a sudden after cooperating and providing access to people and information, someone remembers and blurts out in the moment, "Oh yeah, did this thing in China, just because that's the way we had done it in India and in Brazil and in Argentina."

[28:18] Then all of a sudden, the scope of an investigation that you think is limited to one area gets dramatically expanded at the blink of an eye to include one or other areas. It may also come to pass that there are witnesses who have clear memories about 15 different events and then at the last minute remembers a 16th or 17th event that, "Oh yeah, the company's global head of business development actually gave me this idea."

[28:54] The potential misconduct isn't something that's local, but that could go all the way up to much higher levels in the home corporate office, in which case, when there is a home office component to an investigation, that changes the landscape dramatically.

[29:15] Because it's no longer mid or low level employees acting largely for themselves in far-flung, hard-to-monitor areas abroad, it's conduct that may have been, if not tacitly approved, potentially directly sponsored by senior-level employees, which throw into question exactly what is the company's culture? Is this something that's spread throughout its global operations, or is it something that really just took place with the mid- or low-level employees operating in one far-flung region?

Craig: [29:57] Amy, let's pivot this whole concept of cooperation trough 180 degrees. Let's think about the situations why a corporation may make a decision that it doesn't want to cooperate. Have you come across any situations where that's been the case? Any particular circumstances where a company may choose not to cooperate with an investigation?

Amy: [30:22] Yeah, absolutely. There are situations where that might be the right decision. One might be if you don't think that there is a problem or you don't think that the government has it right. I guess there are two times to look at before you self-report.

[30:41] If you decide not to self-report, it might be because you don't think that the problem is significant. Or if the government has already instituted an investigation, you could disagree with the government that there's a problem. You could disagree that there's proof that a violation occurred, in which case you wouldn't want to cooperate.

[31:01] You might also have a corporation that has a very high tolerance for risk, who's willing to let the chips fall where they will and gamble on the fact that the government won't be able to put the together the evidence for a strong case.

[31:17] That can be very risky, because the government can often fall back on the books and records violations that Phil talked about earlier, in which a corporation can be charged simply for not keeping accurate books and records, which is a much easier charge to prove.

[31:37] You might also find or believe that the government is overstepping its bounds. As Phil mentioned earlier in the webcast, the FCPA is an incredibly, incredibly broad statute. It continues to expand in its interpretation. At a certain point, I think there are people who have the view that a line should be drawn. So you could take the position that you don't want to cooperate because you believe that the government is overstepping the bounds in the statute.

Craig: [32:03] Let's look at a scenario where a company decides it's not going to cooperate. What might the implications of that be?

Amy: [32:13] It's just risk. [laughs] It's all risk. The implications might be, in the end, the government finds the evidence, and puts together a case, and it's much more aggressive in their prosecution, much higher fines, more individual consequences.

[32:31] In the speech that I referred to earlier by the Assistant Attorney General, Leslie Caldwell, she talked about that. She gave a specific example of the Alstom case. Her point of view was that the Alstom result was much harsher because Alstom did not cooperate. Four individual executives were charged. Three pleaded guilty. A partner was also charged and pleaded guilty, and they ultimately paid a $772 million penalty.

Craig: [33:04] Phil, you earlier, you were referencing corporate culture. In your view, are there aspects of the culture of a corporation such as taking an internally and externally strong anti-corruption stance, or the implementation of a strong compliance culture that contains employee, guidance, training, enforcement, those types of things, that are likely to have an impact on the ways in which the prosecutor views the cooperation?

Philip: [33:33] Certainly. Both the SEC and the Department of Justice has put out considerable guidance on what its expectations are, particularly from compliance programs and how compliance programs are created, monitored, and enforced.

[33:52] I think any company that takes that kind of work seriously will be in better stead to establish or demonstrate its good corporate culture as opposed to a company that takes compliance lightly or has a lengthy, strong-looking policy, but it just keeps the policy on the shelf and doesn't really put it into practice.

[34:21] Looking at the end of the road to a resolution of investigations, there are a number of different options for a company, for what the government can do with a company. It can, in the worst, least cooperative or non-cooperative sense, the Department of Justice can indict a company, that is, bring it before a judge and jury for a federal criminal trial.

[34:50] The government can compel a company to plead guilty to a federal crime to avoid indictment. It can reach a deferred prosecution agreement, that is, an agreement with a company that it will not prosecute the company as long as the company undertakes any number of specifically-tailored remedial measures.

[35:14] It can enter into a non-prosecution agreement, which is different from a deferred prosecution. A non-prosecution agreement is an agreement that the government will not prosecute, as long as the company had made improvements, and will go on to establish a stronger sense of compliance.

[35:36] Or the government can decline to bring an action altogether.

[35:41] The decisions about whether to enter into a deferred prosecution agreement, non-prosecution agreement, or to decline altogether can weigh in part on how strong the companies' compliance programs are, how early the company detected misconduct was an issue, what the company did to mitigate misconduct, what it did to bring things to the government's attention, what it did to do a better job going forward and helping the government with its investigation.

[36:20] That, I think, is an important thing for the corporate culture of a company and for how that corporate culture can be demonstrated to the government.

Craig: [36:35] Taking the corporate elements and moving on to our other panelist today, who is Chris from Juniper Networks.

[36:46] Chris, as you know, a significant part of performing any investigation and understanding the events that have occurred is going to be the collection and review of electronic documents, the emails the word documents, maybe the finance systems.

[37:00] Could I ask you to give our audience today an overview of the procedures that you've implemented at Juniper to perform these processes?

Chris Sitter: [37:12] Definitely, Craig. One of the goals we strive for is to execute a collection of what we refer to as all non-physical items within 30 minutes of receiving a notice. The goal, obviously, is cooperation, and we do our best to show the government that we've done these preservations as soon as we are capable of doing so.

[37:33] What we refer to as non-physical is, for instance, cloud-based items, email, backups of work stations are an excellent source of data, network shares, any financial data that sits inside an application like SAP, and then many corporations like our own have the ability to collect data off of workstations without the custodian's knowledge.

[37:53] One of the [indecipherable 0:37:55] issue [indecipherable 0:37:57] in the field in the collection of physical devices. Everyone is well aware of laptops. However, phones, tablets, and wearables are now here to stay in the FCPA world, so now we're collecting these as well and then identifying what applications there are, on those applications based on the region that would have relevant information.

[38:18] An excellent example of this is in India, all communications are done through an application called WhatsApp, so if you're looking through emails and text messages, you may not find the information that you're looking for.

[38:29] One of the key things as well in preparing this type of strategy is to know the location of the data inside your organization, know how to access your email servers, know who owned that email server, and sit down with them, and discuss, in a crisis situation, what's the fastest way to preserve that data and assure that there's not an automated deletion process in play that could lead to potential exploitation.

[38:55] What we do is a step-by-step process. We'll receive our initial notification. My team will then instantly go out, place all mailboxes on hold to prevent deletion of email. We'll then go into the backup servers, grab all backups, and then begin to pre-process them for user-created content as well as to preserve them in place.

[39:15] The next thing we'll do is we will go out to all the network shares, grab the data, and then do that silent collection that I mentioned earlier. After that's done, we will notify outside counsel that we have these. Typically, they say, "Sit on it."

[39:30] If we need to, what we'll do after that is do a post-process. We'll just review all the noise in these files and then we have a third-party vendor that will then host all of this data in one [indecipherable 0:39:41] point of contact for outside council going forward.

[39:47] The collection of keys for a corporation is very easy to do and be defensible because the tools themselves have an [indecipherable 0:39:52] documentation process that show what was collected, if anything was modified in the process, and then how it got to the vendor, and then once it's out of our hands, the vendor and outside counsel can interact and come up with a game plan, do key terms, criteria-based searching without Juniper being involved.

Craig: [40:16] It's really quite an impressive set of processes that you've put in place in there, Chris. What benefits have you seen putting this, both technology and procedures, in place? What benefits has that brought to Juniper?

Chris: [40:33] Great benefits. Most companies, before they have anything in-house, typically engage outside counsel, and outside counsel will then go engage their own vendors, do the process, and hand a bill over at the end of the day with the attorneys not necessarily knowing what they're getting billed for. So, it gives you a lot of oversight into your cost.

[40:51] When I came to Juniper, we actually had 17 vendors that were being engaged, and we reduced that to 2. We created a process with these two vendors. One of them does hosting and then works with outside counsel, and then the second vendor does all the review at a blended rate. They can also do, I'm trying to say, secret reviews. That's very beneficial.

[41:11] When you set up this process, we're talking about FCPA, but they also translate into civil litigation internal investigations, so there's one process that can bend and stretch into the rest of your legal practice internal, saving you a substantial amount of money.

[41:28] The first year we put this into place, Juniper Networks saved in excess of $15 million on year one.

Craig: [41:35] That's some fairly significant savings. Just picking up on one of the threads there, you referenced about China and data privacy issues, and one of the things that we're seeing at FTI is that in regions where the strong data privacy and other protections in place, that our clients are looking to conduct their document reviews in-country, either in local data centers or in mobile review platforms.

[41:59] Given that you've got facilities in China, in Juniper, and given that China has its notoriously challenging state secret legislation, how have you been responding to those challenges and the investigations that you've been involved with?

Chris: [42:13] We have two systems that we can use. The first one is an entirely cloud-based ediscovery system where, from America, when we've identified custodians, we can collect their data with a push of a button and have it sit in-country. So, it never actually gets transported to the United States. We're just basically sending a command over there.

[42:32] Then we have outside counsel and reviewers go on-site, and they will review that data in-house at Juniper Networks where it's completely contained. They'll do a first-pass review for [indecipherable 0:42:43] secret. They'll get it signed off on by the governments, and then they'll start getting their review of the other piece.

[42:50] Another thing that we do to try to avoid reviewing our data in China as well as state [indecipherable 0:42:55] is there is something you can do. It's called a hash comparison. Simply put, what you do is you take your data that's in China, and you run a process that gives you the fingerprint of the files. You can tell if it's unique.

[43:10] You take those fingerprints, you bring them back to the United States, and then you compare it to all the data that you have in-house, in the United States. If you have that data already existing in the United States, you don't have to worry about doing a review in China. You can just manage everything local, domestic.

Craig: [43:29] Let's stay on the topic of data privacy just for a moment, whilst we move into the next part of this, which is some of the guidance that we've seen from the government. I appreciate some of the quotes on this slide are a little bit small, but let's have a little talk about some things.

[43:48] From a data privacy perspective, it's one of the areas where Leslie Caldwell has been expressing her views, and they are, I would imagine, views that may not be agreed with by the legislature in some of the international jurisdictions where corporations may be required to undertake investigations.

[44:05] As we know, many international jurisdictions have got strong data privacy legislation. We referenced previously China's state secret laws. We've got the Data Protection Directive from the European side. All of these results in challenges in respect to the movement in certain categories of information and documents from their original locations of the United States.

[44:29] Phil, what are your views on the commentary that's coming from different quarters in relation to issues such as data privacy, where the expectation of the Department of Justice or the SEC might differ from local legislation?

Phil: [44:46] Well, you're certainly right. The Department of Justice and the SEC does take an aggressive position that may on its face seem inconsistent with a legislation that's in place in different areas around the world, and I think the DOJ is using courts in the United States to try to further its goal to get data abroad.

[45:14] There's currently litigation pending in New York and other places where the government is actively seeking data and other electronic records that companies have in jurisdictions where they think that they're really outside the reach of the US government, and the government is pushing to get that data.

[45:35] It's also making the point, as part of it, a full list of criteria that it examines for cooperation, to what degree companies are going the extra mile to creatively come up with ways to get information out of areas that may not want to turn that data over.

[46:00] Certainly there are different creative ways to do it, to approach it. At the end of the day, what the government and the SEC is looking for are the facts. If there are ways that companies can demonstrate that they are trying to get the facts from foreign jurisdictions to the US, that's a strong indicator of cooperation.

[46:28] But, if a company's response is, "Yes, government. We know you want the data that's in a secure, data privacy focused country, and you know what? We just can't get it, can't get it for you, and it's stuck there, and you're not going to get anything," I think that tactic is one that is viewed very dimly by the Department of Justice and the SEC.

[46:54] That to some degree, perhaps to a great degree, the DOJ and the SEC has put the burden on companies that if they want to really demonstrate that they are good companies, that they are going the extra mile to cooperate, that those companies will act as the intermediary to figure out how to satisfy the data privacy laws abroad, and get the information that the government wants in the US, and bring that information back to the US.

Craig: [47:33] Taking a slightly different turn, Amy, could I posit a question to you? Kara Brockmeyer, who's the head of the SEC's FCPA unit, she said that she's not a fan of a company undertaking an investigation and then presenting the results, she said, all wrapped up with a bow on the top, because the chances are we're going to untie that bow.

[47:59] How does that balance against the points that we've been discussing so far in respect to performing the investigation and then self-reporting the results?

Amy: [48:10] I think that's a difficult one, and it actually touches a bit on what Phil was talking about, about credibility. Her statement appears to me to come from a place of not trusting necessarily where the corporation is coming from. I don't think that the statement means that you don't do the investigation thoroughly and well. I don't even think it means that you don't tie it in a bow.

[48:32] I think it means that you're not going to be able to limit the scope of what the government's going to look like by artificially tying something up in a package and saying, "Here. This is it."

[48:48] In my experience, it's been very helpful to provide a smart summary of the investigation, but also be willing to turn over everything, and I think that that would avoid Kara Brockmeyer's concerns.

[49:05] Again, I think it just goes to credibility. If the government believes that you are in good faith providing transparent information and facts on what you're finding, I think you're going to run into these problems a lot less.

Craig: [49:21] Thanks, Amy. Let's just go around our panelists before we move on to the Q and A section. Talk tips. Phil, do you want to start it off? You are to talk to things that you think our audience today should take away from the session in respect of cooperating with FCPA investigations.

Phil: [49:46] I think the two things that are really most important are things that we've touched on a couple of times already, and one is that the most important beginning, middle, and end of all of it is to establish credibility and to maintain credibility.

[50:02] The second piece to that is that no matter how thorough an investigation is, or how thoroughly you investigate, and how much you think you know, there are limits on what you know and what you can find out, and that the government will always have tools that a law firm or a company just don't have at its disposal.

[50:27] It's being prepared for facts to emerge that you didn't contemplate or couldn't work around, and that you'll have to react to those facts. That's really the two most basic, core, important things to always keep in mind.

Craig: [50:51] Let's break up our two lawyers and I'll insert our technologist in the middle. Chris, what would be your two key points for our audience today to take away?

Chris: [51:03] The most important of the two is definitely don't disregard mobile devices. They are now a default data source. The SEC actually has a checklist of how to collect the mobile device on what they consider is dependable evidence, so be sure you're including those.

[51:21] Also keep your eyes on wearables. Wearables now contain more data than ever before. My watch is containing six gigs of data, and that's quite a few emails. Also, make sure that you're well aware of the data sources inside of the organization well in advance of any potential FCPA matters.

[51:40] Having the knowledge where you can jump in there, and grab data, and preserve it rapidly will be one of the biggest benefits to cooperation.

Craig: [51:51] OK. Thanks, Chris. Amy, what would you say your top two are?

Amy: [51:57] Well, prevention is the best medicine. This is something that Phil talked on, but the strength of the compliance, and corporate culture, and continuous training will not only help prevent getting in the situation to begin with, but it will actually serve as a really important tool if you do find yourself in a situation.

[52:21] It establishes credibility, your company trying to do the right thing, put the right measures in place, seek appropriate remediation, but also it's somewhat, not an explicit defense, but you can also point to the fact that you had these measures in place, and the problem occurred anyway, and now you're doing your best to clean it up. I found that that results in much more favorable results.

[52:47] In terms of how to establish credibility, in addition to having these kind of programs, transparency is a buzzword for me, and that means telling the government what you know but also what you don't know.

[52:59] I've often been really surprised about how a company is saying to the government, "Look, we know this, but we don't know this, this, and this yet. This is what we're planning on doing," how far that goes in establishing a relationship with the government.

Craig: [53:15] That's great. It sounds like credibility is certainly one of our key takeaways from the session today. Whilst we've been going through our session today, we've had a whole series of great questions that have come in. I'll turn the floor over to Aarti from Compliance Week, who will take us through some of the Q&A questions.

Aarti: [53:39] Thank you, Craig. Again, that was Phil Bezanson, Partner White Collar Defense, Internal Investigations, and Regulatory Enforcement at Bracewell & Giuliani, Amy Schuller, Senior Associate, White Collar and Corporate Investigations at Orrick, Herrington & Sutcliffe, Chris Sitter, Head of Global eDiscovery, Digital Forensics and Incident Response Technology at Juniper Networks, and Craig Earnshaw, Managing Director at FTI Technology.

[54:08] If you would like a copy of the slideshow presented, you can download it from the drop-down menu on the bottom left-hand side of your frame.

[54:15] Let's move into the Q&A part of our session. Our first question, and a very good one as well, which I will direct to Amy, "Is there a way, other than in non-cooperation that a firm can address what is genuinely believed is investigation overreach?"

Amy: [54:31] That's a great question. At the risk of sounding redundant, I think it goes back to our theme of the day, which is credibility. It actually can be very effective to address what might be investigation overreach or expansion of the statute too far from within the cooperative stance.

[54:51] If you've established credibility as a cooperator, you have a fair amount of room to negotiate with the prosecutors and say, "Look, we agree on this, but this is too far. We've agreed that this is a problem, but this really isn't, and this is why." I've found that to be very effective.

[55:13] It actually can be effective for attorneys who appear in front of the same prosecutors over and over again. If you've been credible in front of them in past matters, you can sometimes successfully argue a favorable result or a non-prosecution agreement, or, not even an agreement at all, just making the investigation go away by saying, "Look, I've agreed with you in the past, but this really is not a problem." or, "This is really too far."

Aarti: [55:47] Phil, would you like to weigh in on this as well?

Philip: [55:50] I think that the one slight step beyond that is that you're not going to really get a good hearing to explain why an investigation is going too far, without having some agreement about what the underlying facts actually are.

[56:09] I think it's much easier to have real defense lawyer-advocacy discussions about what the outcome of an investigation should be once the company, its lawyers, and the government have as close to a common understanding of the facts as possible.

[56:32] That actually counsels in favor of consistent, transparent, cooperation on developing the facts, so you're in a position with credibility to say, "Look, we all understand what happened here. The defense says this is not a violation at all, and here's why."

[56:54] You can have that common understanding, based on the facts, with the government, to make strong, legal arguments as to why enforcement isn't necessary.

Aarti: [57:08] Thank you, Phil, and thank you all for a very informative session. Since we are at the top of the hour, the questions that were not answered, the speakers will follow up via email.

[57:18] Again, everyone, our speakers today were Phil Bezanson, Partner, White Collar Defense, Internal Investigations and Regulatory Enforcement at Bracewell & Giuliani, LLP, Amy Schuller, Senior Associate, White Collar and Corporate Investigations, Orrick, Herrington and Sutcliffe, Christopher Sitter, head of Global eDiscovery, Digital Forensics, and Incident Response Technology at Juniper Networks, and Craig Earnshaw, Senior Managing Director at FTI Technology.

[57:47] A special thanks to FTI Technology for making this webcast possible. This webcast has been recorded, and will be available some time in the next hour or so. CPE credit is now available to all subscribers for archived webcasts. Please check out our on-demand CPE library under the webcast head at www.complianceweek.com.

[58:09] Once again, to obtain your CPE credit after the presentation, wait until I finish this wrap-up and please disable your pop-up blockers to access the exam. The webcast will close automatically, and the final examination will be presented in a separate window.

[58:22] If you have trouble viewing the CPE test or receiving the CPE certificate, please send an email to info@complianceweek.com to request a copy. Again, that's info@complianceweek.com

[58:36] This concludes our webcast forum for today. Thank you again for joining us, and good-bye.

Show full transcript