Designing an Effective Global Investigation
The globalization of business has had a profound impact on companies when they face allegations of wrongdoing. In today's business environment, a U.S.-headquartered company often has operations in dozens or more countries, some of which may have a reputation of being more susceptible to corrupt business practices. When allegations of possible misconduct or concerns surface, they often give rise to the need to conduct an investigation. In the current environment, the trail of evidence in those investigations can extend around the globe. Moreover, in recent years scrutiny by regulators and stakeholders into the propriety of business practices has intensified and broadened. Interactions with government officials, potential collaboration with competitors in violation of antitrust regulations, global tax minimization strategies and financial reporting practices are just some of the areas that can require investigation. Regardless of the type of alleged misdeed, investigations involving overseas operations can be particularly challenging.
Identifying the Risks
Investigating specific corruption allegations in a particular country is one thing. Addressing the inevitable board member or regulator question of, "Where else in the global operations might there be a similar problem?" poses substantial additional challenges. Usually, a comprehensive investigation into transactions across all geographies is neither practical, nor necessary.
Thus, before embarking on an unfocused and costly across-the-globe investigation exercise, it is important to identify those subsidiaries that need to be reviewed with additional scrutiny, the number and type of transactions that need to be analyzed, and the time period to analyze. Preparation of a risk assessment matrix tailored to the company's operations can lead to a more focused and efficient investigation. A risk assessment matrix can help pinpoint the operations that present the greatest risks by evaluating numerous factors, including the relative size and growth of each subsidiary, the country's corruption index rating, the company's dealings with third parties, the extent and nature of foreign government regulation, and the overall level of government interaction.
Transparency International's Corruption Perception Index can serve as a useful resource as it provides rankings for countries and territories according to their perceived levels of public sector corruption, but it is by no means the only consideration. Certain business practices and markets can present legitimate risks that may need to be addressed in a potential investigation. For example: Has a subsidiary conducted business in China, where doing business with state-owned entities (SOEs) is commonplace? Does the company conduct business in Mexico, using "gestores" (individuals who act as facilitators or errand runners) which and have often been used to make potentially improper payments to government officials?
Additionally, the investigation plan should evaluate an organization's internal controls and recordkeeping practices. Even within the same corporate organization, business units may have widely disparate levels of regulatory compliance controls in place. Moreover, a company's internal audit department may have already subjected the operations to varying degrees of relevant audit procedures. Thoughtful consideration of these differences during the planning process can lead to a credible, efficient investigation plan. In any case, an effective work plan should have the flexibility to allow the investigation to extend to where the facts may lead, as a "one size fits all" approach may hinder an investigation.
Data Collection and Privacy Issues
One matter that increasingly adds complexity to any multi-jurisdictional investigation plan involves electronic data collection and analysis. Before the investigation approach is finalized and data reviews begin, it is important to recognize and address local data and privacy protection laws in each involved country, as these vary widely and violations carry heavy sanctions, including fines, cease-and-desist orders, and criminal penalties.
Many countries outside of the United States have comprehensive data protection laws enacted to protect individuals' privacy or state secrets. The European Union Data Protection Directive and China's State Standard on Information Technology Security, for example, provide guidelines and strict limitations on collecting, using, disclosing, and storing personal information. Personal information is broadly defined by the EU as "any information relating to an individual, whether it relates to his or her private, professional, or public life" and can be anything from a name, email address, or a computer's IP address.1 Other countries have increasingly promulgated European-style data privacy laws, including Singapore, Vietnam, India and certain South American countries. These developments are in stark contrast to the United States, where data obtained from an employee's desktop computer or mobile device may be collected and used as evidence.
Data privacy concerns will continue to carry increased weight in conducting global investigations, especially given the varying global regulations around data protection. For instance, the debate over the EU's recent proposal to compel global technology companies to obey EU standards worldwide highlights both the evolving nature of data privacy laws and the contrasting viewpoints held by the United States and the EU.
Sophisticated approaches to analyze a company's transactions will enable a review that more accurately pinpoints transactions of the highest risk for detailed examination. Oftentimes, this analysis is undertaken at the beginning of an investigation and allows for a more focused review of transactions, which may increase the speed of the review. If appropriate, it can more easily be applied uniformly across various geographies' data, often minimizing the cost and burden of investigators conducting procedures on-site across the globe. Such analysis could include frequency and size of payments to specific vendors, review of high risk expense types, text analytics on description fields to identify frequency and amount of disbursements.
Multi-Jurisdiction Regulatory Considerations
Regulatory agencies in the United States and abroad are watching corporations and foreign nationals more closely than ever before. Recent enforcement actions and regulatory guidance have revealed that the SEC and DOJ are extending the boundaries of their reach overseas. Cooperation of U.S. regulators with their counterparts in other countries appears to be increasing. For example, recently a U.S.-based multinational technology company announced a joint probe between Polish investigators and U.S. regulators into potential violations of the FCPA. Similarly, after a coordinated action by U.S. and French law enforcement, a French oil and gas conglomerate announced it had agreed to the fourth largest FCPA settlement ever.
In addition, the DOJ is working closely with the Organization for Economic Cooperation and Development and coordinating with officials from more than 30 countries for training and an exchange of ideas in enhancing anti-corruption efforts, further supporting the notion that multi-jurisdictional enforcement may be on the rise. This dynamic may increase both U.S. and local regulators' understanding of underlying facts and access to relevant information. In this regulatory environment a "hear no evil; see no evil" cursory investigation approach is unlikely to be credited, leading to even more protracted regulatory reviews and uncertainty. Conversely, a thoughtful, risk-based investigation method can contribute to an expedited uncovering of relevant facts and more timely resolution of regulatory investigations.
Global Enforcement Efforts
U.S. regulators are also increasingly cooperating with overseas authorities in investigations involving tax compliance issues. Earlier this year, the DOJ and Swiss government reached an agreement that called for Swiss banks to avoid prosecution and pay billions of dollars in fines related to alleged tax evasion by U.S. taxpayers. As part of the agreement, announced in conjunction with the Swiss Federal Department of Finance, Swiss banks will be required to cooperate with treaty requests for account information, disclose detailed information on other transfers of funds into secret accounts, and identify other banks that accepted funds from accounts that the institution had closed. Also, these banks will be required to close accounts held by Americans who fail to comply with reporting obligations. Switzerland's government will encourage its banks to cooperate in ongoing investigations of foreign bank accounts that are used to allegedly commit tax evasion.
The resolution follows lengthy negotiations with Swiss authorities and culminates an investigation into bank activities there that commenced in 2009. That same year, the Internal Revenue Service launched the Offshore Compliance Initiative, designed to encourage taxpayers to voluntarily disclose offshore income and assets in exchange for reduced penalties. Since that time, the Department's Tax Division's efforts to curb tax evasion have intensified, as it has launched investigations in Luxembourg, India, Israel, and the Caribbean.??In April 2013, for example, the IRS requested information from a Barbados-based bank with branches throughout the Caribbean as part of an investigation into offshore accounts allegedly used by U.S. taxpayers to avoid paying taxes.
Another priority for the DOJ has been cooperation in international antitrust enforcement. The Department works closely with competition agencies outside the United States in situations involving international cartels, merger reviews, and civil enforcement matters. Certainly, this is in large part due to the globalization of business. More and more the mergers that U.S. antitrust regulators must evaluate involve companies that are either based outside of the United States or have significant operations overseas. Products are sold in markets all over the world, so antitrust regulators such as the DOJ and Federal Trade Commission (FTC) must work with their foreign counterparts to ensure that relevant global competitive issues are addressed. To do so, U.S. regulators have any one of a number of tools in their enforcement arsenal. The DOJ coordinates its activities with foreign agencies on antitrust via participation in organizations such as the OECD's Competition Committee and the International Competition Network.
In recent years, U.S. regulators have worked with foreign authorities on a number of significant antitrust enforcement matters. In 2012, for example, the DOJ worked with the European Commission in litigation against e-book publishers related to alleged price fixing. Also that year, the DOJ's Antitrust Division conducted joint reviews with the European Commission and Canadian Competition Bureau in the coordinated review of the largest merger in the history of the aircraft industry. The DOJ filed a complaint, claiming that the deal would have harmed competition and held joint discussions with competition agencies in Mexico and Brazil. For its part, the FTC had more than 50 substantive case-related contacts with foreign counterparts in the last year. In that period, the Commission cooperated with such agencies on more than 26 antitrust investigations.2 As these numbers show, it is important for companies to recognize that when they face an antitrust matter it should be treated as a global enforcement matter.