Communication problems, language differences, and above all, different laws: These are some of the obstacles compliance professionals face when conducting internal investigations across borders. In Part 1 of this blog series, we explored the rise of cross-border investigations and the unique issues they represent. In this article, we discuss six steps your compliance team can take to address these challenges and improve the effectiveness of internal investigations.
6 Steps for Successful Cross-Border Investigations
- Before you have a specific investigation: Develop a detailed plan or investigation protocol that sets forth the structures of investigations and names the responsible departments or individuals (e.g. an audit committee) to investigate. Having this blueprint in place may clarify any potential uncertainties regarding the procedure of a cross-border investigation.
- Once you know that there has to be an investigation: Immediately check your investigation plan or protocol and tailor it to the specific investigation. Clearly define the issue to be investigated and identify which national laws may apply; if you have doubts, ask a local council for help. In particular, check the scope of the applicable client-attorney privilege and decide whether an internal counsel or an outside lawyer should lead the investigation.
When deciding whether or not to hire outside counsel, think about whether this investigation is likely to be examined by an external party. If you’re likely to present this file to the Department of Justice at some point, it’s probably smart to involve outside counsel, if possible.
- While gathering documents during fact-finding: Be sensitive about differences in data protection laws when collecting or processing your employees’ personal data. Personal data includes names, contact details, job titles -- any information that relates to an identified or identifiable individual. Some data protection laws may be more restrictive than others; for example, the EU’s upcoming General Data Protection Regulation will require a higher level of data protection than in the US.
International transfer of data within a global company may also present difficulties because some jurisdictions have additional requirements for transferring data to another country. For example, the EU-US Privacy Shield regulations make it difficult to transfer human resources data from the EU to the US.
- While interviewing employees during fact-finding: Be aware that employees in most jurisdictions (the US is a notable exception) have the right to refuse to cooperate in investigations, even if they themselves are not the actual target. In some jurisdictions, an employee representative or union committee must be consulted before an interview. Always be aware of cultural differences and be sensitive in using language in interviews or other communication.
If your company is not waiving the client-attorney privilege, it’s important to clearly state at the outset of each interview that they are being conducted to provide legal advice to the company. Clarify that any information gathered will remain under privilege and should be kept confidential.
- After you gathered all the facts and you want to create a final report: Before sending a report within your company, consider the relevant data protection laws. If you send the report to another country, check the requirements for international data transfer. Sometimes, the people whose data you used (the targets or witnesses) have the right to access the investigation’s reports. Also, be sensitive about the client-attorney privilege, as the national laws involved may differ on whether the information in your report is protected.
- During remedial actions: Take local laws into consideration when punishing employees. Different countries have different labor laws that must be considered. In Germany, for example, there may be laws that require notice before termination of employment; in some countries, an employee’s contract may not be terminated solely because the employee refused to cooperate.
Record-Keeping Throughout Cross-Border Investigations
Internal investigations that cross borders are complex; make sure to organize and save all of your evidence and other information in one place, such as in a unified case management system. Consistency and uniformity in recordkeeping is critical for internal investigations: If you do unexpectedly end up dealing with an external party or enforcement agency, you want to make sure the file on this particular incident or issue has been created to the same standards as your other investigations.
The Perils of a Weak Speak-Up Culture
Adapting Your TPRM Program to Internal and External Change
How an Ethical Culture Can Drive Better Business Performance