The UK Parliament Should Broaden and Sharpen the Legal Advice Privilege in Order to Encourage More Internal Investigations into Corruption

On September 5, 2018, the compliance departments and outside counsel of large corporations operating in the UK breathed a collective sigh of relief. In a much anticipated ruling, the Court of Appeal of England and Wales overturned a trial judge’s order that would have compelled a London-based international mining company, Eurasian Natural Resources Corporation Limited (ENRC), to hand over documents to UK prosecutors investigating the enterprise for bribery in Kazakhstan and Africa. Those documents were the product of an investigation that ENRC’s outside legal counsel had conducted following an internal whistleblower report that surfaced in late 2010. In conducting that internal investigation, lawyers from the law firm interviewed witnesses, reviewed financial records, and advised ENRC’s management on the company’s possible criminal exposure. Though the company tried to keep everything quiet, the UK’s Serious Fraud Office (SFO) came knocking in mid-2011. The SFO agreed to let ENRC and its lawyers continue to investigate on their own, periodically updating the SFO on their progress. In 2013, ENRC’s legal counsel submitted its findings to the SFO in a report arguing that, on the basis of the facts presented, the company should not be charged. The SFO disagreed and launched a formal criminal investigation. But the SFO then also demanded that ENRC turn over all of the files and documents underpinning its report—including presentations given by the lawyers to ENRC’s management and the lawyers’ notes from their interviews with 184 potential witnesses.

ENRC refused to comply, claiming that these documents were covered by two legal privileges under UK law: the “litigation privilege,” which guarantees the confidentiality of documents created by lawyers for the “dominant purpose” of adversarial litigation (including prosecution) that is “in reasonable contemplation,” and the “legal advice privilege,” which protects communications between lawyers and clients exchanged for legal advice. The trial court rejected ENRC’s privilege claims, a decision that sent shockwaves through the English defense bar and spurred much criticism on legal and policy grounds. But the Court of Appeal reversed, holding that ENRC’s lawyers didn’t have to share the documents. The Court’s ruling relied on the litigation privilege, holding, first, that documents created to help avoid criminal prosecution counted as those created for the “dominant purpose” of litigation, and, second, that criminal legal proceedings were in “reasonable contemplation” for ENRC once the SFO contacted the company in 2011.

Many commentators have hailed the Appeal Court’s decision (which the SFO declined to appeal) as a “landmark ruling” and a “decisive victory” for defense lawyers. The reality is a bit more nuanced. The Court of Appeal’s fact-specific ruling was very conservative in its legal conclusions, and it’s unlikely that its holding regarding the litigation privilege is sufficient to create the right incentives for companies and their lawyers. It’s also unlikely that further judicial tinkering with the scope of the litigation privilege will resolve the problem promptly or satisfactorily. The better solution would involve a different institutional actor and a different privilege: Parliament should step in and expand the scope of the legal advice privilege to cover all communications between a company’s lawyers and the company’s current and former employees. Continue reading

Vietnam Enlists the Private Sector in the Fight Against Corruption

Last November Vietnam approved a new anticorruption law.  Initial reports in the English language press recounted the measures cracking down on public officials: the closing of loopholes in the conflict of interest rules, the increased information officials must provide about their personal finances, stiffer penalties for engaging in corruption, and so forth.  The recent publication of an English translation of the law reveals these early reports failed to mention a critical provision. As of July 1, all firms doing business in Vietnam, whether domestic or foreign, must:

  • determine if any employee or officer has engaged in corruption and if so promptly report him or her to the competent authority;
  • train employees on the anti-corruption laws; and
  • implement a code of business conduct that must include a rule barring conflicts of interest.

By my count (nations with anticorruption compliance laws january 2019), Vietnam is now the 25th nation to require some or all of the companies that do business in its territory to have some type of anticorruption compliance program.  Like every other anticorruption policy, requiring the private sector to join the fight against corruption is not a panacea.  But it surely is a part of the solution.

What are the rest of the world’s nations waiting for?  Do they think they can win the fight on their own?  Don’t they think the private sector has something to do with corruption?  Why aren’t they enlisting it in struggle?

The New Frontier: Using Artificial Intelligence To Help Fight Corruption

In January 2018, scientists from Valladolid, Spain brought a piece of inspiring news to anticorruption advocates: they created an artificial intelligence (AI) system that can predict in which Spanish provinces are at higher risk for corruption, and also identifies the variables that are associated with greater corruption (including the real estate tax, inflated housing prices, the opening of bank branches, and the establishment of new companies, among others). This is hardly the first example of computer technology being used in the fight against corruption. Governments, international organizations, and civil society organizations have already been mining “big data” (see, for example, here and here) and using mobile apps to encourage reporting (see, for example, here and here). What makes the recent Spanish innovation notable is its use of AI.

AI is a cluster of technologies that are distinct in their ability to “learn,” rather than relying solely on the instructions specified in advance by human programmers. AI systems come in several types, including “machine learning” (in which a computer analyzes large quantities of data to identify patterns, which in turn enables the machine to perform tasks and make predictions when confronted with new information) and more advanced “deep learning” systems that can find patterns in unstructured data – in hundreds of thousands of dimensions – and can obtain something resembling human cognitive capabilities, though capable of making predictions beyond normal human capacity.

AI is a potentially transformative technology in many fields, including anticorruption. Consider three examples of the anticorruption potential of AI systems:

Continue reading

Corporate Liability for Corruption in India: Some Notes on Reform

Last month, the Indian legislature passed sweeping amendments to the Prevention of Corruption Act. If accepted in their present form, those amendments portend a major shift in India’s antiquated legal regime pursuing corporate criminal liability, making it much easier to go after corporations on corruption charges. (The amendments make other changes as well, which I have discussed elsewhere. Here, I only focus on the changes that would pertain to corporate liability for corruption offenses.) The amendments do make some welcome changes, but they do not go far enough to update India’s antiquated legal regime for corporate criminal liability. I’ll touch on three features of this regime and discuss how the new amendments do or do not effect significant changes. Continue reading

India and Ireland Enact Anticorruption Compliance Program Laws

Legislation just approved in both Ireland and India create a powerful incentive for businesses to establish anticorruption compliance programs.  Both give firms a defense to criminal charges if one of their employees or agents is caught paying a bribe. Section 18 of the Irish Criminal Justice (Corruption Offences) Act 2018 provides that a “body corporate” can avoid liability if it can prove that “it took all reasonable steps and exercised all due diligence to avoid the commission of the offence.”  Under section 9 of India’s Prevention of Corruption (Amendment) Bill 2018, a “commercial organization” escapes liability if it proves it “had in place adequate procedures in compliance of such guidelines as may be prescribed [by the Attorney General] to prevent persons associated with it from undertaking such conduct.”

The compliance provisions differ, as the quoted language shows, in two respects.  India imposes liability on any “commercial organization,” which includes not only corporations but partnerships and business associations “of any kind,” whereas the Irish law is limited to corporations alone.  Second, while the Irish Minister for Justice and Equality has the discretion to issue guidance on what constitutes “all reasonable steps” and “all due diligence” to prevent employee bribery, the Indian Central Government must, “in consultation with the concerned stakeholders . . .  prescribe such guidelines as may be considered necessary which can be put in place for compliance by [commercial] organizations.”

The Indian requirement follows a report of the Indian Law Commission on an earlier version of the bill.  Noting the “immediate and significant impact” the bill would have on corporations, particularly smaller ones, and that both the U.K. Bribery Act and the U.S. Foreign Corrupt Practices Act require law enforcement authorities to issue compliance guidance, the Commission recommended that the liability provision cum compliance defense be effective only once the Central Government published guidance on what was expected of companies wanting to assert a compliance defense.  An earlier post noted the burgeoning literature on compliance programs by governments, international organizations, and commentators alike evidences a broad consensus on what constitutes an effective compliance program.  Hence in practice the requirement shouldn’t lead to any real difference between what will be required under Indian law and what other nations with a compliance law already require.

The Nations with Anticorruption Compliance Laws table shows Ireland and India are now the fourteenth and fifteenth nations to enact legislation creating a defense to a criminal charge for businesses that have a compliance program.  (Readers are asked to submit a comment if I missed any country.)  With the six countries plus Quebec that require certain firms to have a compliance program, and with the United States, which both tempers corporate liability for firms with an “effective” compliance program and requires those winning public contracts of any appreciable size or duration to have one, the number of jurisdictions with some type of compliance program law now stands at 23.

What are the other 163 parties to UNCAC waiting for?  Why aren’t they enlisting their private sector in the fight against corruption?  Do they really think they can win the fight on their own?

Why DOJ’s New FCPA Corporate Enforcement Policy May Be a Step Backwards

At the end of last year, the U.S. Department of Justice announced a new Corporate Enforcement Policy to guide prosecutors charged with overseeing Foreign Corrupt Practices Act (FCPA) violations. This new policy codifies, and builds on, the DOJ’s FCPA Pilot Program, which had been in place since mid-2016. Under the Pilot Program, the DOJ announced that it would consider mitigated penalties for companies that voluntarily disclosed FCPA violations, fully cooperated with the government investigation, and agreed to remediation measures. Those mitigated penalties included a reduction in penalties by 50% below the low end of the U.S. Sentencing Guidelines range, or in some cases outright declination of prosecution.

The new Corporate Enforcement Policy goes further, stating that when a company voluntarily self-discloses an FCPA violation, fully cooperates, and adopts timely and appropriate remediation measures (including disgorgement of any gains from the violation), there is a presumption that the DOJ will offer the company a declination, absent aggravating circumstances (such as a particularly severe offense). This presumption of a declination is stronger than the Pilot Program, which only said that the DOJ would “consider” a declination. Additionally, while Pilot Program gave prosecutors the discretion to reduce requested fines, the new policy directs prosecutors to ask for lower fines as long as companies meet the requirements noted above. The new policy also gives favorable terms even to companies that do not voluntarily disclose misconduct, so long as they later fully cooperate and implement a remediation program. For these companies, the DOJ will recommend a sentence reduction of up to 25% off of the low end of the U.S. Sentencing Guidelines. (The DOJ also recently announced that it’s expanding this beyond the FCPA, applying it also to crimes such as securities fraud.)

One way to understand the new FCPA Corporate Enforcement Policy is as a response to concerns that the U.S. government’s traditional approach to enforcing the FCPA has over-emphasized corporate settlements at the expense of prosecuting individual wrongdoers. In that sense the new policy, and the Pilot Program before it, can be seen as consistent with the Yates Memo, which declared that the DOJ would focus more on individual liability. A related but distinct justification for the new Corporate Enforcement Policy is the idea that it will improve overall FCPA enforcement by encouraging more voluntary self-disclosures. The rationale is that there are likely a large number of low-level corporate bribery cases that companies learn about but don’t report, for fear of the expected penalties. The DOJ would prefer that companies disclose these transgressions, and the Department appears to have concluded that the benefits of encouraging such disclosures outweighs concerns about reducing punishments for FCPA violations. Indeed, in justifying the new enforcement policy, U.S. Deputy Attorney General Rod Rosenstein emphasized that under the Pilot Program, the number of voluntary disclosures during the program doubled to 30.

These justifications for the new policy at first seem plausible, but they suffer from an important flaw: They overlook the impact of DOJ’s enforcement posture on corporate culture. The new policy may increase incentives for voluntary self-disclosure and post hoc remediation, but at the same time the new policy weakens incentives for companies to actively work to promote a pro-integrity corporate culture. For that reason, the new policy may end up worsening overall foreign bribery activity, even if both corporate self-disclosures and prosecutions of individuals increase.

Continue reading

Enlisting the Private Sector in the Fight Against Corruption — Part 2

Part 1 of this post lists 21 countries plus the Canadian province of Quebec that have taken measures to get corporations to join the fight against corruption.  Thanks to a bad case of jet lag, the post’s author ran out of steam before explaining what he meant by a company’s “joining the fight” or how countries got them to join it.  Herewith an explanation of both along with my apologies to readers puzzled by part 1.

To begin, a table summarizing the laws to which part 1 referred along with summaries of bills pending in the Irish and Vietnamese legislatures appears here: National Compliance Rules.  (Thanks to readers who caught errors in the part 1 list; similar scrutiny of the table solicited.)

As the table shows, the laws referenced require — or provide incentives for — companies under their jurisdiction to prevent their employees from paying bribes or engaging in other forms of corrupt conduct.  Some laws prescribe in detail the elements such an anticorruption compliance program should contain; others leave it to regulations or the courts to decide what companies must do.  With the October 2016 publication of ISO 37001 setting standards for corporate antibribery programs, most authorities will likely converge around the elements it recommends.   The recommendations are sensible and quite consciously track the experience of those countries that required corporate compliance programs, especially the United States, where guidelines on what constitutes an “effective” compliance program, drafted to help courts when deciding the culpability of corporations for the corrupt acts of employees and agents, have been in force since 2004.

Where national corporate compliance laws differ is in how countries “encourage” companies subject to their laws to institute a compliance program. The table reveals several approaches. Continue reading