New DOJ Policies Relieve "Catch-22" Pressure on Companies Conducting Cross-Border Investigations

New DOJ policies on corporate-cooperation credit should help companies manage conflicts between the investigatory demands of U.S. prosecutors and the data-protection and sovereign-protection laws of other jurisdictions. Deputy Attorney General Rod Rosenstein announced the policy changes on November 29 in a speech that we covered here. In criminal cases, companies will now be eligible for cooperation credit when they seek in “good faith” to identify those who were “substantially involved in or responsible for wrongdoing”—instead of the prior requirement to disclose “all relevant facts” for “every person involved.” In civil cases, prosecutors will focus more on monetary recovery and make credit available on a sliding scale, depending on how far beyond senior officials the company goes in disclosing misconduct. Although the Deputy Attorney General suggested that these policies simply reflect common DOJ practice, the announcement was followed by changes to the Justice Manual (formerly the U.S. Attorney’s Manual) that suggest the government’s willingness to soften its hard line on disclosing information protected by foreign data-protection laws.

Most importantly, Section 9-28.700 of the Justice Manual has been amended to acknowledge that “there may be circumstances where, despite its best efforts to conduct a thorough investigation, a company genuinely cannot get access to certain evidence or is legally prohibited from disclosing it to the government.” It explains that “[u]nder such circumstances, the company seeking cooperation will bear the burden of explaining the restrictions it is facing to the prosecutor.”

DOJ’s relaxed cooperation standards and its recognition of legal restrictions as a potential good-faith reason not to disclose information may provide welcome relief to companies that have struggled to earn cooperation credit from U.S. prosecutors while complying with other jurisdictions’ laws.

DOJ’s Past Demands

In recent years, DOJ’s interest in white-collar crimes committed overseas has led to an increasing number of cross-border investigations and disclosures. Then-Assistant Attorney General Leslie R. Caldwell chronicled DOJ’s “efforts to combat corruption around the world” in a November 2014 speech. As Assistant Attorney General, she led DOJ’s Criminal Division, which, among other things, spearheads enforcement actions involving the Foreign Corrupt Practices Act, securities fraud, and the Anti-Money Laundering statutes. She promised to intensify these efforts, working “shoulder-to-shoulder with law enforcement and regulatory authorities in other countries.” DOJ has delivered on that promise with numerous international investigations, including high-profile scandals involving FOREX, Volkswagen, the Panama Papers, FIFA, and the hiring practices of financial companies in Asia.

DOJ has made extensive demands on companies involved in such international investigations. Before DOJ’s policy change, the Justice Manual required companies to disclose “all relevant facts” about “every person involved” in misconduct in order to get cooperation credit in criminal cases and, in civil cases, to identify all individuals who were responsible for or substantially involved in misconduct. Companies often argued that foreign data-protection laws hindered such cooperation. But DOJ was skeptical, asserting that those laws existed “to protect individual privacy, not to shield companies that purport to be cooperating in criminal investigations.” Thus, DOJ warned that it would not give full cooperation credit to companies “that hide behind foreign data privacy laws instead of providing overseas documents when they can.”

DOJ made clear that the stakes were high. On one hand, to illustrate the value of cooperation, it cited Petro-Tiger—a company that it had declined to prosecute. It made clear under the Foreign Corrupt Practices Act Pilot Program and subsequent policies that have continued application in criminal cases more broadly, that a company will enjoy a presumption in favor of declination if it self-discloses and cooperates. On the other hand, to illustrate the costs of noncooperation, it cited Marubeni, which paid an $88 million fine after pleading guilty to violations of the Foreign Corrupt Practices Act, and BNP Paribas, which paid an $8.9 billion fine after pleading guilty to violations of U.S. economic sanctions. An important difference between these outcomes, DOJ explained, was the “quality and timeliness” of cooperation. Companies that cooperated “too little and too late” would face the consequences.

Thus, DOJ has exerted tremendous pressure on companies to rapidly disclose “all relevant facts” about “every person involved” in misconduct, no matter the source of the information. Although the Deputy Attorney General’s speech noted that DOJ has not “strictly enforced” its cooperation credit policy “in some cases,” strict enforcement has been a very real threat for companies to consider. Prosecutors have wielded such broad discretion and communicated such varying expectations that it has been difficult to predict whether efforts at cooperation will be rewarded or criticized as inadequate.

The Demands of Other Jurisdictions

Companies have faced competing governmental pressures that have sometimes made cooperation difficult. A few important examples include Switzerland’s banking-confidentiality, business-secrets, and sovereignty laws, and China’s sovereignty and state-secrets laws. Failure to comply with these laws can lead to steep civil penalties, regulatory repercussions, and even criminal liability.

In Switzerland, disclosures can implicate a variety of laws designed not only to protect personal privacy but also to protect banking-customer confidentiality, business-competitive information, and Swiss sovereignty. For example, Article 47 of the Swiss Federal Act on Banks and Savings Banks criminalizes disclosure of customer-identifying information except under specified circumstances, such as to comply with Switzerland’s agreements with other countries.

Even where a disclosure is otherwise permissible, it may violate Article 271 of the Swiss Criminal Code, which prohibits the performance of an “official act” on behalf of a foreign authority on Swiss soil. Companies faced with a DOJ investigation could violate this law in a variety of ways, including by collecting evidence in Switzerland in response to a subpoena or by interviewing a witness in Switzerland and using that information in a proffer.

In China, too, disclosures to DOJ can implicate sovereignty concerns. For example, under the International Criminal Judicial Assistance Law, which took effect in October, all companies and individuals in China, including subsidiaries of companies outside China, are prohibited from providing evidentiary material or other assistance to a foreign country in connection with a criminal investigation without the Chinese government’s approval. The law does not set any timeline for government decisions on whether to approve disclosure. And approvals have been rare under other laws designed to protect Chinese judicial sovereignty.

Disclosures from China can also trip over another concern—state secrets. Under Article 2 of China’s Guarding State Secrets Law, state secrets are defined as “matters that have a vital bearing on state security and national interests.” Under Article 8, state secrets include a wide range of information, including secrets about national economic and social development, secrets about science and technology, secrets about criminal investigations, and “other matters that are classified as state secrets by the state secret-guarding department.” Particularly in a country with numerous state-owned enterprises, these broad definitions present serious challenges for companies seeking to cooperate with DOJ without exposing themselves to criminal liability in China.

In short, companies conducting cross-border investigations face a wide array of restrictions on what information they can obtain and disclose to DOJ. These restrictions reflect other nations’ concerns about a range of interests, including the integrity of local industry, business secrets, state sovereignty, and state secrets. And these restrictions carry significant penalties, including potential imprisonment.

Thus, “full” cooperation with DOJ could mean liability under the laws of other jurisdictions.

Navigating Competing Demands

There are various strategies for navigating the treacherous waters between the demands of DOJ and the conflicting laws of other jurisdictions. When compliance with a subpoena would violate another country’s laws about sovereignty, for example, companies may request that DOJ withdraw the subpoena and rely on voluntary requests for information. By doing so, DOJ avoids compulsory investigation techniques that raise sovereignty concerns while enabling more fulsome cooperation.

Context matters, of course. 

In some contexts, companies seeking to cooperate can invoke statutory exceptions that allow disclosure, seek consents that waive a legal right to protection, or obtain waivers from authorities of otherwise disabling restrictions. But these options may require a significant amount of time and cost and may not provide full protection to the company. Alternatively, companies can propose to redact restricted information. But this, too, can be extremely time-consuming. And proposed redactions may cover the very information—particularly identifying information—that DOJ stresses in assessing the quality of a company’s cooperation.

Another strategy that companies have sometimes adopted is to work with DOJ to produce directly to the company’s home regulator through the use of mutual legal assistance treaties, also known as MLATs. The regulator would then in turn disclose to DOJ. This process allows the regulator to oversee the foreign entity under investigation and to regulate the management of restricted information. The regulator may negotiate with DOJ as to the types of information sought and may require the company to redact certain information before disclosure. Where DOJ trusts the regulator and is not concerned that it has been corrupted or otherwise unduly influenced, the regulator’s involvement in negotiations and redactions can go a long way toward assuring DOJ of an objection’s merits and add needed context to explain the difficulties of meeting government timelines. 

The Path Forward

In criminal investigations, DOJ’s new good-faith standard no longer requires all relevant information about all individuals involved in misconduct. That standard also expressly accommodates the laws of other jurisdictions. In civil investigations, DOJ’s increased emphasis on recovery potential gives the government additional reason to not insist on disproportionately lengthy, broad, and costly cross-border investigations into potential misconduct by low-level employees.

But this does not suggest that a company can simply point to a data-protection law and close the file. To earn credit for good-faith cooperation, a company bears the burden of satisfying prosecutors that, “despite its best efforts to conduct a thorough investigation, [it] genuinely cannot get access to certain evidence or is legally prohibited from disclosing it to the government.” To make this showing of good faith and maximize the chance of receiving credit, companies should consider the following steps:

• Discuss legal barriers to disclosure from the outset. DOJ has stressed, “Companies that want to cooperate in exchange for credit are encouraged to have full and frank discussions with prosecutors about how to gather the relevant facts.” Do that. Companies should discuss potential obstacles, suggest potential strategies for surmounting them, and most importantly, discuss expectations for good-faith cooperation.
• Discuss the timing of productions from the start. Companies should work with DOJ toward establishing a realistic production schedule, accounting for statutory exceptions and leaving time to obtain consents, obtain waivers, and navigate the MLAT process.
• Discuss the scope and possible staging of productions. Companies should learn whether DOJ considers all the information that is protected by the laws of another jurisdiction necessary to the investigation and whether DOJ is willing to reassess its need for protected information after an initial production of data that is readily accessible.

We expect that DOJ’s new policies will help avoid misunderstandings and misplaced suspicion while increasing the availability of cooperation credit in cross-border investigations. Those measures may motivate more meaningful cooperation and result in speedier resolutions.