The impact of government enquiries and investigations remains one of the key concerns of businesses globally. Companies and individuals in the commodities and agri-business sector are no strangers to appearing on the regulators’ radar. In recent years, government agencies in the United States, UK and Switzerland, in particular, have examined closely allegations of conduct which breached rules on anti-competitive conduct, manipulation of the markets, corruption and economic sanctions. In some cases, the outcome has been a significant fine and reputational damage.
The global investigations landscape
In the commodities and agri-business sector, market abuse will remain a key issue of focus. The UK Financial Conduct Authority’s (‘FCA’) issued a warning in September 2015 stating that commodity-trading firms had ‘learned little’ from recent and highprofile market abuse cases. This is a very clear warning to the sector. The FCA found that generally awareness of market abuse risk was poor within the firms it assessed.
In April 2015, the US Commodity Futures Trading Commission charged two significant global commodities and agri-business sector businesses with manipulating wheat futures and cash wheat prices. The regulator sought a permanent injunction from future violations by the two companies, as well as disgorgement and civil monetary penalties.
Global companies in the commodities and agri-business sector face continuing challenges in co-ordination and strategy when investigations involve multiple regulators. Crossborder co-operation between international regulators is now the norm, underpinned by formal agreements in many cases. However, we see examples of tensions between regulators in connection with seeking to achieve global settlements, as each regulator has their own priorities and political pressures. This increased enforcement activity around the globe means that it has become increasingly complex for business to navigate their way to multi-jurisdictional settlements.
Across the globe, governments and regulatory agencies continue to focus on bringing senior executives to account for their conduct in the context of regulatory failures by corporates under their control. The UK FCA is introducing significant changes in 2016 which will place greater accountability on senior management authorised by the regulator. In Singapore two high-profile decisions recently convicted senior managers of multi-national corporations of criminal corruption for procuring secret profits through intricate schemes. It also held that a director’s duties include an active duty to exercise reasonable diligence to ensure that the company did not engage in corrupt practices.
Significant enforcement is clearly no longer solely the preserve of the United States regulators. Recent activity against global corporates by government agencies in China, the Netherlands and Brazil, for example, indicates that businesses and senior management must be aware of the changing political and regulatory dynamics in the counties in which they do business. We expect this trend to continue.
The economic sanctions framework is complex and fast-moving in response to political change. Businesses in the commodities and agri-business sector will continue to work through complex issues such as the impact of Russian sanctions, including establishing and enhancing relevant compliance frameworks. We may see investigations and enforcement in connection with breaches of this complex framework. Also, proposed changes in relation to the United States’ relationship with Cuba may also bring challenges.
Investigations trigger
It is increasingly common for businesses to consider how they will respond to a raid or ‘unexpected visit’ by a government agency. Businesses should implement procedures which engage key decision-makers, key IT staff, and legal advisors at the earliest available opportunity to limit the impact of a raid. The initial response to a raid may impact significantly on the course of a broader investigation which follows. A number of global businesses hold ‘mock’ dawn raids to ensure that all key responders, from reception staff to executives, are familiar with their roles and responsibilities.
A company may fall under the spotlight when sector peers are subject to investigation, when regulators focus on the sector as a whole in an ‘industry-wide sweep’, or when press or campaign-group pressure leads to an investigation. Sometimes, businesses find the issues themselves, through risk assessment or audit functions. Whistleblowers are an increasing driver of investigations, particularly given the rewards on offer from US authorities to individuals globally. In a variety of investigations, including insider trading and anti-corruption, the US Department of Justice has increasingly used investigatory methods that were once generally reserved for non-‘white collar’ crimes, including the use of undercover witnesses and wiretapping - although the prevailing pressure is on companies to bring issues to the regulator through self-reporting.
Whatever the trigger, if your business is subject to an inquiry, (internal or government-led, domestically or on a cross-border basis) spending some time developing protocols to manage investigations before they arise can make a big difference to the ability of the business to respond in a strategic and considered way.
An effective Investigation Protocol
Businesses often develop clear guidance on how investigations should be conducted. These protocols can prove invaluable in demonstrating the integrity of the decision-making process. If the decision is that an investigation should be commenced, a further, specific protocol should be prepared.
The following key considerations should inform the preparation of an effective protocol at the outset of any corporate investigation:
Initial response and immediate remedial steps: set out who within the organisation will make key initial decisions and control the actions needed to neutralise the targets of the investigation. It is imperative that steps are taken to limit the company’s potential liability and mitigate risks going forward. In multi-national businesses, a documented protocol should set out thresholds at which matters should be raised to company headquarters.
Identification of the investigation team and key decision-makers: the team must be independent and uninvolved with the matters under investigation. The team must have access to the appropriate resources including legal, accounting, IT, and HR, as well as relevant expertise in the affected business or product area. An effective Investigations Protocol will identify the scope of the team receiving legal advice in order to protect privilege. Third party support services should be identified as necessary.
Issues and scope of the investigation: defining the issues and scope of an investigation sets the initial tone for the investigation. These concepts should be re-evaluated as the investigation progresses and facts are better understood.
Jurisdictions at issue: consider and identify which jurisdictions should be covered by the investigation, and in which jurisdictions there could be exposure, including company headquarters, location of registered office, branches or offices, and jurisdictions in which the company is listed.
Targets of the investigation: identify a preliminary list of target individuals. Custodians of information: develop a list of custodians for data preservation and collection purposes.
Preserve documents: instruct your IT teams to suspend deletion policies and freeze servers; issue document preservation notices.
Collect data: the Investigation Protocol should set out who will collect data and the types of data needed. It will provide a framework for effective and efficient review. Businesses should take local law advice concerning data privacy and employment rights that may be applicable in advance of any collection.
Consider employment law issues: relevant laws and regulations vary significantly by jurisdiction; businesses should consult with counsel from the jurisdiction of the employee at issue before proceeding with any action related to the employee, by reference to internal policies, employment contracts, disciplinary action, whistleblower protections, employee representation and internal PR.
The interviews: an Investigation Protocol will identify, select and prioritise interviewees. Key considerations include whether initial interviews to obtain background information are required, and whether the company will offer legal assistance to the employee throughout the various stages of the investigation.
Maintain privilege: the protection of legal advice from disclosure to regulators, both domestically and internationally, is critical. Businesses should consult with external counsel in relation to the protection of privilege, including explaining to all those involved in the investigation to ensure that everyone understands the position. It is important that actions in one jurisdiction do not affect privilege claims in another jurisdiction, and that actions in the investigation do not impact privilege claims in other forums such as an investigation by a regulatory authority or during the course of civil litigation.
Data privacy: comply with data protection and privacy laws, and other laws and regulations (e.g. state secrecy laws) that apply to data collected during the investigation. Consider carefully potential transfers of data outside of the European Union. The relevant laws and regulations vary by jurisdiction depending on the location of the employees, location of the servers, and location of any hard-copy materials. Agreements with workers’ representatives or unions may also impact an employee’s rights concerning data privacy.
Approach to dealing with regulatory authorities: Whether to disclose the conduct under investigation to enforcement and/or regulatory authorities in relevant jurisdictions is an ongoing consideration that must be assessed throughout the course of the investigation. The expectations of regulators across the globe in relation to co-operation continue to evolve. The US Securities and Exchange Commission recently indicated that a company must self-report misconduct in order to be eligible for the Enforcement Division to recommend a Deferred Prosecution or Non-Prosecution Agreement in an anti-corruption case under the Foreign Corrupt Practices Act (FCPA). The UK Serious Fraud Office continues to push an agenda of self-reporting and cooperation, recently commenting that ‘you don’t have to cooperate, but if you say you want to - back it up, really do it; don’t say one thing, but really work to a different agenda.’ The approach to regulators, prosecutors and issues of disclosure and co-operation are critical.
Approach to individuals: In September 2015, the US Department of Justice issued a memorandum entitled ‘Individual Accountability For Corporate Wrongdoing’ (known as the ‘Yates Memo’) outlining specific policy measures intended to empower US prosecutors further in their pursuit of individuals alleged to be involved in corporate wrongdoing. The Yates Memo appears to set out clear directives to federal prosecutors and, as a practical matter, adds several weapons to the arsenal that the US government can use to flush out and prosecute individual wrongdoers implicated in corporate misconduct. For example, to qualify for any cooperation credit, corporations must provide the US government with all relevant facts relating to the individuals responsible for the misconduct. Conditions which may apply to a Deferred Prosecution Agreements in the UK may include cooperation in any prosecution of individuals.
Media and PR strategy: internal and external communications must be handled effectively from the outset. An Investigation Protocol should set out who within the Company will be in charge of regulating what is said to press, staff and other stakeholders. Businesses should consider how to maintain consistency in any public statements that are made by all parties, taking into account legal or regulatory requirements in all relevant jurisdictions. The adoption of different disclosure practices in different jurisdictions may be appropriate. A relatively small amount of time spent developing and reviewing a suitable and bespoke protocol for a business can prove invaluable in responding to government enquiries and investigations and mitigating the damage that can result.