Planning for FCPA e-discovery challenges
Since 2007, the surge in Foreign Corrupt Practices Act (FCPA) cases has been among the most dramatic international enforcement storylines.
July 06, 2012 at 08:05 AM
10 minute read
The original version of this story was published on Law.com
Since 2007, the surge in Foreign Corrupt Practices Act (FCPA) cases has been among the most dramatic international enforcement storylines. In addition to the sharp increase in the number of FCPA cases filed each year—and the resulting fines—the Justice Department and the Securities and Exchange Commission now employ increasingly aggressive tactics in corruption investigations, including wiretaps and sting operations. These trends show no signs of abating. Assistant Attorney General Lanny Breuer recently indicated that he expects FCPA actions to expand and intensify in the years to come.
Whenever corruption allegations arise, companies must act fast to determine the veracity of the claims and the scope of the behavior in question. Time is of the essence, because self-reporting FCPA violations to the U.S. government has the potential to reduce any eventual penalties. But speedy investigations are often thwarted by foreign data protection laws that govern data privacy, corporate confidentiality and state secrets. In other words, companies can't access or transfer regulated data to the U.S. that could either vindicate them or help ameliorate the consequences of violations.
In Europe, data privacy laws can be a significant challenge. Individual countries have statutes that control personally identifiable information, and some of these statutes are particularly strict. In France, for example, criminal data violations can result in corporate fines approaching $2 million and prison terms up to five years for individuals. Although European privacy laws generally are the most well known, similar data-protection regulations exist in throughout Asia, Brazil, Latin America and the Commonwealth of Independent States nations that can have a high level of FCPA risk.
In China, where the vast majority of enterprises are partially state-owned, the government itself can be a barrier. Companies conducting investigations need the cooperation of the Chinese government for the release of any substantive information. Because the enterprises' interests don't necessarily align with the revelation of wrongdoing, that relationship can be complicated at best.
Such obstacles can significantly challenge the e-discovery process in corruption investigations. Failure to fully appreciate the subjective data restrictions in each relevant jurisdiction can result in new layers of liability for the company, its outside counsel and other third parties involved. Moreover, U.S. regulators and prosecutors are largely unsympathetic to these foreign pressures, and they still expect companies to present a prompt, thorough and accurate assessment of alleged FCPA violations. Failure to do so invites deeper government scrutiny and harsher penalties.
Fortunately, there are steps companies can take to comply with foreign data restrictions that keep them in compliance with local laws, yet still allow swift reporting to the U.S. government. First and foremost, it's essential to have local counsel—whether in-house or outside—who understand local regulations and can anticipate potential problems at the outset of internal investigations and be prepared with a local e-discovery plan.
Some large or high-risk companies have hired a dedicated data privacy counsel—a lawyer tasked with understanding the data laws in each of the countries in which the business operates. The best way to minimize regulatory entanglements is to understand the legal landscape and have a discovery plan prepared ahead of time. Companies that have prepared local discovery plans can move faster and more effectively to avoid local compliance violations and work around data restrictions where possible.
Such plans may require that e-discovery related document review occurs on-site to limit data transfer in line with local data protection laws. Performing document review on-site necessitates additional travel and logistical expenses but offers many advantages. Companies can quickly identify critical documents and determine which ones may require special treatment. In some cases, documents may be removed from the country with user consent. In other cases, companies may be able to file special applications with local governments to release documents. When obtaining the complete document is not possible, a local team can work with to perform redactions of regulated personal data while preserving information material to the case.
On-site data collection and review can be efficiently scheduled to occur with employee interviews. This starts the discovery process early, providing as much time as possible to navigate local legal issues, and also allows the company to deal with all travel and scheduling issues at once.
Finally, companies must rigorously prioritize and focus their international investigations on the electronic information that is most critical to the case. This helps to limit the number of documents slated for potential transfer across the border. This stands in contrast to domestic e-discovery procedures, in which the aim is often to collect and process vast amounts of data in an effort to identify everything potentially relevant, and then perform a comprehensive search across the data corpus. By narrowing the data collection to the only those data sources that are known to be potentially relevant, investigators can identify crucial documents faster, limit the number of irrelevant documents that undergo review and begin the process of reviewing and redacting as soon as possible.
Companies that anticipate and plan for data protection challenges ahead of time fare far better over the course of an investigation. They don't have to backtrack on timelines with the U.S. government—a common occurrence that never helps companies' cases—and they place themselves in the best position to limit penalties even in the event a violation is revealed.
Since 2007, the surge in Foreign Corrupt Practices Act (FCPA) cases has been among the most dramatic international enforcement storylines. In addition to the sharp increase in the number of FCPA cases filed each year—and the resulting fines—the Justice Department and the Securities and Exchange Commission now employ increasingly aggressive tactics in corruption investigations, including wiretaps and sting operations. These trends show no signs of abating. Assistant Attorney General Lanny Breuer recently indicated that he expects FCPA actions to expand and intensify in the years to come.
Whenever corruption allegations arise, companies must act fast to determine the veracity of the claims and the scope of the behavior in question. Time is of the essence, because self-reporting FCPA violations to the U.S. government has the potential to reduce any eventual penalties. But speedy investigations are often thwarted by foreign data protection laws that govern data privacy, corporate confidentiality and state secrets. In other words, companies can't access or transfer regulated data to the U.S. that could either vindicate them or help ameliorate the consequences of violations.
In Europe, data privacy laws can be a significant challenge. Individual countries have statutes that control personally identifiable information, and some of these statutes are particularly strict. In France, for example, criminal data violations can result in corporate fines approaching $2 million and prison terms up to five years for individuals. Although European privacy laws generally are the most well known, similar data-protection regulations exist in throughout Asia, Brazil, Latin America and the Commonwealth of Independent States nations that can have a high level of FCPA risk.
In China, where the vast majority of enterprises are partially state-owned, the government itself can be a barrier. Companies conducting investigations need the cooperation of the Chinese government for the release of any substantive information. Because the enterprises' interests don't necessarily align with the revelation of wrongdoing, that relationship can be complicated at best.
Such obstacles can significantly challenge the e-discovery process in corruption investigations. Failure to fully appreciate the subjective data restrictions in each relevant jurisdiction can result in new layers of liability for the company, its outside counsel and other third parties involved. Moreover, U.S. regulators and prosecutors are largely unsympathetic to these foreign pressures, and they still expect companies to present a prompt, thorough and accurate assessment of alleged FCPA violations. Failure to do so invites deeper government scrutiny and harsher penalties.
Fortunately, there are steps companies can take to comply with foreign data restrictions that keep them in compliance with local laws, yet still allow swift reporting to the U.S. government. First and foremost, it's essential to have local counsel—whether in-house or outside—who understand local regulations and can anticipate potential problems at the outset of internal investigations and be prepared with a local e-discovery plan.
Some large or high-risk companies have hired a dedicated data privacy counsel—a lawyer tasked with understanding the data laws in each of the countries in which the business operates. The best way to minimize regulatory entanglements is to understand the legal landscape and have a discovery plan prepared ahead of time. Companies that have prepared local discovery plans can move faster and more effectively to avoid local compliance violations and work around data restrictions where possible.
Such plans may require that e-discovery related document review occurs on-site to limit data transfer in line with local data protection laws. Performing document review on-site necessitates additional travel and logistical expenses but offers many advantages. Companies can quickly identify critical documents and determine which ones may require special treatment. In some cases, documents may be removed from the country with user consent. In other cases, companies may be able to file special applications with local governments to release documents. When obtaining the complete document is not possible, a local team can work with to perform redactions of regulated personal data while preserving information material to the case.
On-site data collection and review can be efficiently scheduled to occur with employee interviews. This starts the discovery process early, providing as much time as possible to navigate local legal issues, and also allows the company to deal with all travel and scheduling issues at once.
Finally, companies must rigorously prioritize and focus their international investigations on the electronic information that is most critical to the case. This helps to limit the number of documents slated for potential transfer across the border. This stands in contrast to domestic e-discovery procedures, in which the aim is often to collect and process vast amounts of data in an effort to identify everything potentially relevant, and then perform a comprehensive search across the data corpus. By narrowing the data collection to the only those data sources that are known to be potentially relevant, investigators can identify crucial documents faster, limit the number of irrelevant documents that undergo review and begin the process of reviewing and redacting as soon as possible.
Companies that anticipate and plan for data protection challenges ahead of time fare far better over the course of an investigation. They don't have to backtrack on timelines with the U.S. government—a common occurrence that never helps companies' cases—and they place themselves in the best position to limit penalties even in the event a violation is revealed.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
From Reluctant Lawyer to Legal Trailblazer: Agiloft's GC on Redefining In-House Counsel With Innovation and Tech
7 minute read
Legal Tech's Predictions for Legal Ops & In-House in 2025
Lawyers Drowning in Cases Are Embracing AI Fastest—and Say It's Yielding Better Outcomes for Clients
Trending Stories
- 1Uber Files RICO Suit Against Plaintiff-Side Firms Alleging Fraudulent Injury Claims
- 2The Law Firm Disrupted: Scrutinizing the Elephant More Than the Mouse
- 3Inherent Diminished Value Damages Unavailable to 3rd-Party Claimants, Court Says
- 4Pa. Defense Firm Sued by Client Over Ex-Eagles Player's $43.5M Med Mal Win
- 5Losses Mount at Morris Manning, but Departing Ex-Chair Stays Bullish About His Old Firm's Future
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
