The Anti-Corruption Report

The definitive source of actionable intelligence covering anti-corruption laws around the globe

Articles By Topic

By Topic: Data Privacy

  • From Vol. 6 No.21 (Nov. 1, 2017)

    Privacy Shield Survives First Annual Review

    The E.U.-U.S. Privacy Shield has survived its first annual review. The E.U. Commission’s Report emphasized the need for active monitoring of the framework for data transfer. We analyze the Report’s findings and provide insight on the implications of those findings, and the pros and cons of self-certification under the framework from AvePoint’s chief compliance and risk officer Dana Simberkoff. She told The Anti-Corruption Report that there are “certainly a lot of companies using Privacy Shield and that’s a testament to the fact that it is a viable framework from the perspective of U.S. companies.” See “Key Requirements of the Newly Approved Privacy Shield” (Jul. 27, 2016).

    Read Full Article …
  • From Vol. 6 No.20 (Oct. 18, 2017)

    New Criteria for Employee Monitoring Practices in Light of ECHR Decision

    The Grand Chamber of the European Court of Human Rights has laid out new criteria for national courts to consider when evaluating whether companies have safeguarded employees’ right to privacy. The court sided with an employee who claimed his privacy rights were violated when his messages were recorded. Some companies operating in the 47 member states may want to revisit their policies on monitoring communications, experts told The Anti-Corruption Report. We analyze the implications of the decision and how it aligns with other national laws. See “Balancing Employment Law Considerations During Corruption Investigations” (Sep. 20, 2017).

    Read Full Article …
  • From Vol. 6 No.20 (Oct. 18, 2017)

    Reconciling Data Localization Laws and the Global Flow of Information

    Data localization is the most contentious issue for privacy regulators and the increasingly data-driven global business community, data privacy professionals said in Hong Kong at the Conference of Data Protection and Privacy Commissioners. Our sister publication PaRR provides insights from Apple and Microsoft executives, as well as Chinese data privacy experts, on the state of “data nationalism” in the global business place. See “The Sword of Damocles in the Information Age: How to Face the New Challenges Under the Chinese Cybersecurity Law” (Feb. 15, 2017).

    Read Full Article …
  • From Vol. 6 No.15 (Aug. 2, 2017)

    Nestlé Employee Convictions Highlight Interconnectivity of Chinese Data Privacy and Bribery Laws 

    Six Nestlé employees and three employees of state-run Chinese hospitals were recently convicted for crimes relating to the illegal distribution of personal information. At the Lanzhou Intermediary People’s Court, the Nestlé employees were found guilty of illicitly obtaining personal information by providing bribes to foreign officials. Members of the hospital staff were found guilty of providing that information. Notably, the charges were brought under laws relating to the distribution of breast milk substitutes, not anti-bribery, data privacy or cybersecurity laws. The Anti-Corruption Report’s sister publication, PaRR, discussed the case with local experts who explained how Nestlé escaped liability and how the decision highlights the complicated nature of risk in China. See “Practitioners Take the Pulse of Anti-Corruption Compliance and Enforcement in China” (Mar. 15, 2017).

    Read Full Article …
  • From Vol. 6 No.9 (May 10, 2017)

    Navigating Privilege and Data-Privacy Challenges in a Cross-Border Bribery and Corruption Investigation

    Governments are increasingly cooperating with each other in investigations and companies are cooperating more with governments, incentivized by cooperation credit. Both of these developments create challenges for companies with regard to preserving attorney-client privilege and compliance with data privacy laws. In a guest article, Lillian S. Hardy, a partner at Hogan Lovells, compares the laws of privilege and enforcement expectations in the U.S., U.K. and Brazil to illustrate how companies can navigate these challenges during cross-border investigations. See The FCPA Report’s three-part series on protecting attorney-client privilege and work product while cooperating with the U.S. government: “Establishing Privilege and Work Product in an Investigation” (Feb. 1, 2017); “Cooperation Benefits and Risks” (Feb. 15, 2017); and “Implications for Collateral Litigation” (Mar. 1, 2017).

    Read Full Article …
  • From Vol. 6 No.4 (Mar. 1, 2017)

    A Guide to Enforcing Audit Rights, the Next Third-Party Frontier: Forestalling Problems, Documenting the Audit and Responding Appropriately (Part Three of Three)

    Although third-party audit rights are only effective if the company designs and implements a solid plan for exercising them on a periodic basis, many companies still struggle with enforcing those rights and how, once an audit cycle is concluded, to respond to information the audit uncovered. The FCPA Report’s Guide to Enforcing Audit Rights provides practical guidance for every step of the audit-right enforcement process, from drafting a policy to remediation. This, the third article in our three-part series, discusses how companies can address common auditing challenges, how they should document the audit process and how they might respond to an audit’s results. The first article in the series discussed, in detail, drafting the company’s policy and outlined six steps a company should take prior to conducting an onsite audit of a third party. The second laid out a plan for conducting the actual onsite audit. See also “When and How Should Companies Include Audit Rights in Third-Party Contracts? (Part One of Three)” (Jul. 23, 2014); Part Two (Aug. 6, 2014); and Part Three (Aug. 20, 2014).

    Read Full Article …
  • From Vol. 6 No.3 (Feb. 15, 2017)

    The Sword of Damocles in the Information Age: How to Face the New Challenges Under the Chinese Cybersecurity Law 

    A monumental legal change will be taking place in China later this year that will have far-reaching implications not only for companies performing internal investigations in China, but for all companies doing business there. In this guest article about China’s Cybersecurity Law, attorneys Kate Yin, Yanjun Zhuang, and Nan Zheng from the Chinese firm Fangda Partners bring clarity to the most critical aspects of these onerous but vague regulations. See our two-part series on data privacy and cybersecurity in China: “Crossing the River by Feeling the Stones” (Sep. 14, 2016) and “Performing Due Diligence and Internal Investigations in China” (Sep. 28, 2016).

    Read Full Article …
  • From Vol. 6 No.2 (Feb. 1, 2017)

    A New Era in FCPA Disclosure

    In the past few years, U.S. enforcement authorities have heightened their rhetoric surrounding voluntary and complete self-disclosure. New policies and rules issued by the government strongly encourage and incentivize disclosure in unprecedented ways. At the same time, an alarming increase in data leaks and the ever-present danger of whistleblowers threaten to reveal or force the disclosure of company information and secrets at every turn. In a guest article, Lara A. Covington, a partner in the Washington, D.C., office of Holland & Knight, and Lisa A. Prager, a partner in the firm’s New York office, explain that the net effect of these internal and external pressures is that U.S. companies have never faced more inducements to disclose potential FCPA violations nor higher risks of inadvertently disclosing them. See The FCPA Report’s three-part series on the DOJ’s Pilot Program: “Going Deep on the Fraud Section’s FCPA Pilot Program” (Apr. 20, 2016); “How Will the Fraud Section’s Pilot Program Change Voluntary Self-Reporting?” (May 4, 2016); and “Earning Cooperation Credit Under the Fraud Section’s FCPA Pilot Program” (May 18, 2016).

    Read Full Article …
  • From Vol. 5 No.25 (Dec. 21, 2016)

    Navigating Data Privacy Laws in Cross-Border Investigations

    Conducting a cross-border investigation or performing global due diligence each has its own set of unique challenges, which only become more formidable when coupled with a formal anti-corruption inquiry. In the E.U. in particular, issues range from confusing and often conflicting privacy laws, to language and cultural barriers, to custodian access and local coordination. In a guest article, Deena Coffman and Nina Gross, managing directors at BDO, provide insight on the data privacy landscape in the E.U. and how to comply with competing demands during a cross-border investigation. See “Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part One of Three)” (Jan. 9, 2013); Part Two (Jan. 23, 2013); Part Three (Feb. 6, 2013).

    Read Full Article …
  • From Vol. 5 No.22 (Nov. 9, 2016)

    Employee Discipline and Internal Investigations After the Yates Memo

    Over the past year, the Department of Justice has reiterated and re-emphasized its focus on holding individuals accountable for corporate wrongdoing. For companies investigating potential FCPA violations, these mandates raise the stakes on the already complex issue of employee discipline. In a guest article, Paul Hastings partner Palmina M. Fava and her associate Mor Wetzler explain how companies must balance the need to promptly remediate and discipline wrongdoing with not depriving the company of access to employees before obtaining all of the facts needed to fully understand the issues. See “How Will the Yates Memo Change DOJ Enforcement? (Part One of Two)” (Sep. 23, 2015); Part Two (Oct. 7, 2015).

    Read Full Article …
  • From Vol. 5 No.19 (Sep. 28, 2016)

    Managing Data Privacy Challenges in Performing Due Diligence and Internal Investigations in China (Part Two of Two)

    For companies doing business in China, understanding data privacy and cybersecurity requirements under Chinese law is critical. But once a company is familiar with the basic legal contours, more practical concerns move to the forefront. In this article, the second in a two-part series on China’s data privacy and cybersecurity laws, we share insights from practitioners working in China on how companies can manage the practical challenges of running their businesses while staying on the right side of the law. The first article in the series explained the basic structure of the data compliance regime in China, including the criminal law, civil law, industry regulations and the draft Cybersecurity Law. See also “The Emperor Is Far Away: The Evolving Nature of Third-Party Risk in China” (Sep. 9, 2015).

    Read Full Article …
  • From Vol. 5 No.19 (Sep. 28, 2016)

    Regional Risk Spotlight: Argentinian Attorney Pedro Serrano Espelta Explains the Country’s Complicated History and Its Effect on Corruption Risk Today

    Argentina’s complicated political history is marked by a pattern of alternating nationalization and privatization of industries. As a result, the government plays a role in almost all business transactions, leading to significant corruption risks for companies doing business there. Meanwhile, the country’s own laws rarely result in convictions and, in fact, do not meet the OECD’s recommendations for preventing corruption. The FCPA Report recently spoke with Pedro Serrano Espelta, a partner at Marval, O’Farrell & Mairal in Buenos Aires, about Argentina’s corruption risks and what companies can do to avoid them. Serrano Espelta will also be discussing the topic at the Global Regulatory & Enforcement Update Seminar at ACI’s 33rd International Conference on the FCPA to be held in Washington, D.C., in December. See “Regional Risk Spotlight: Livia Zamfiropol of DLA Piper Discusses Recent Trends in Romania’s Anti-Corruption Enforcement” (Aug. 31, 2016).

    Read Full Article …
  • From Vol. 5 No.18 (Sep. 14, 2016)

    Data Privacy and Cybersecurity in China: Crossing the River by Feeling the Stones (Part One of Two)

    The Chinese National People’s Congress is currently considering a new law on cybersecurity that could have a far-reaching impact on data management in China. While the legislation is not yet in effect, it highlights the need for companies to familiarize themselves with China’s varied data privacy and cybersecurity laws as they currently are, and how they may be in the near future. This, the first part of a two-part series, provides insight from practitioners in China explaining the various sources of law governing data management in China and what types of information are covered by the law. In the second part, we will explore practical implications of these laws with regard to employee relations, particularly during internal investigations and due diligence. See our two-part series on China’s State Secrets Law: “A Primer for Anti-Corruption Practitioners (Part One)” (Jun. 29, 2016); and “Six Things to Consider When Engaging in Internal Investigations in China (Part Two)” (Jul. 13, 2016).

    Read Full Article …
  • From Vol. 5 No.16 (Aug. 10, 2016)

    Second Circuit Quashes Warrant for Microsoft to Produce Email Content Stored Overseas 

    A federal appeals court ruling has made it more difficult for the DOJ to obtain electronic content stored overseas, creating implications for an array of government investigations. The Second Circuit Court of Appeals agreed with Microsoft that a request to produce customer content it stored in Ireland was beyond the scope of the Stored Communications Act. “It’s an extremely significant decision [that the Act] does not authorize a U.S. district court to issue a search warrant to seize data being held by ISPs or remote computing services (cloud services) outside the territorial U.S.,” Edward McAndrew, a partner at Ballard Spahr, told The FCPA Report. “It is the first ruling of its kind on that issue from the U.S. Court of Appeals. See “Foreign Attorneys Share Insight on Data Privacy and Privilege in Multinational Investigations” (Jun. 28, 2016)

    Read Full Article …
  • From Vol. 5 No.15 (Jul. 27, 2016)

    Regional Risk Spotlight: What Companies Need to Know About Internal Investigations in South Africa

    Japanese conglomerate Hitachi recently paid a $19 million penalty for corruption related to its work with a local partner in South Africa. That case highlighted the FCPA risks associated with South Africa’s local content requirements, but the country also has rigorous anti-corruption, anti-terrorism and data privacy laws that can further influence a company’s assessment of corruption risk and how it performs internal investigations. The FCPA Report recently spoke with Vlad Movshovich and Meluleki Nzimande of South African law firm Webber Wentzel to learn more about South Africa’s current enforcement environment and what companies need to know in order to manage their anti-corruption risk. See “Lack of Training and Due Diligence Leads to $19 Million Penalty for Hitachi” (Oct. 7, 2015).

    Read Full Article …
  • From Vol. 5 No.15 (Jul. 27, 2016)

    Key Requirements of the Newly Approved Privacy Shield

    The European Union has formally adopted the long-awaited Privacy Shield, which replaces the Safe Harbor framework as a mechanism to comply with E.U. data protection requirements for the E.U.-U.S. transfer of personal data. Companies can begin to self-certify compliance with the framework on August 1, 2016. “Companies cannot take the Privacy Shield lightly. It’s a much more detailed framework with more accountability” than Safe Harbor, Sidley Austin senior counsel Cam Kerry told The Law Report Group. We review the Privacy Shield’s background, its key requirements and examine whether, when and how to join. See also “Foreign Attorneys Share Insight on Data Privacy and Privilege in Multinational Investigations” (Jun. 28, 2016).

    Read Full Article …
  • From Vol. 5 No.13 (Jun. 29, 2016)

    Foreign Attorneys Share Insight on Data Privacy and Privilege in Multinational Investigations

    Multi-jurisdictional anti-corruption investigations are proliferating and subject companies must manage competing requests and competing legal regimes. At the recent White Collar Crime Institute presented by the New York City Bar Association, a panel of foreign lawyers delved into the challenges faced by counsel confronting multinational regulatory actions, including coordinating requests from multiple jurisdictions, preserving attorney-client privilege, conducting witness interviews and navigating data privacy laws. The panel featured attorneys based in London, Geneva, Hong Kong and Sao Paulo. See “How the Expanding Petrobras Scandal May Spark a New Era of Multi-Lateral Enforcement” (Dec. 2, 2015).

    Read Full Article …
  • From Vol. 5 No.4 (Feb. 24, 2016)

    Deal Struck to Keep Transatlantic Data Flowing

    Two days after the expiration of a deadline set by Europe’s data protection authorities, and after months of negotiations, the European Commission and U.S. Department of Commerce reached an understanding that intends to allow transatlantic transfer of digital data by thousands of companies to continue, including the data flowing in cross-border anti-corruption investigations. The so-called “Privacy Shield” agreement “makes existing cooperation between the FTC and E.U. DPAs [data protection authorities] more robust, with better enforcement mechanisms and means of redress for E.U. citizens whose privacy rights may have been infringed by E.U.-U.S. cross-border transfers,” Davina Garrod, a London-based Akin Gump partner, said. However, she added that “the shield is by no means a panacea, and does not fix all of the problems identified by the [E.U. Court of Justice] in the Schrems judgment” that invalidated the previous Safe Harbor data transfer pact. We discuss the agreement, important steps that remain before the Privacy Shield can be finalized, and the immediate impact on cross-border investigations and other data exchanges with the E.U. See “Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part One of Three)” (Jan. 9, 2013); Part Two (Jan. 23, 2013); Part Three (Feb. 6, 2013).

    Read Full Article …
  • From Vol. 5 No.2 (Jan. 27, 2016)

    Regional Risk Spotlight: Samuel Nam of Kim & Chang Discusses a South Korean Anti-Corruption Landscape in Flux

    By all measures, South Korea is one of the world’s most advanced economies. With a GDP of more than $1 trillion and Asia’s highest median income and average wage, it is one of the wealthiest countries in the world. That economic strength, combined with a free trade agreement that came into effect in 2012 and incredible expertise in technological research and development, make South Korean companies attractive partners for foreign companies. However, in recent years South Korea has been rocked by a number of corruption scandals that have led to significant shifts in its anti-bribery and anti-corruption landscape. In this installment of the Regional Risk Spotlight, The FCPA Report spoke with Samuel Nam, a senior foreign attorney at Kim & Chang, about aspects of Korea’s culture that can create corruption risk, recent changes in South Korea’s anti-corruption laws and its broad definition of who is a foreign official. See previously “Regional Risk Spotlight: Michael Farhang of Gibson Dunn Discusses Colombia’s Troubled Corruption History and Recent Reforms” (Dec. 16, 2015).

    Read Full Article …
  • From Vol. 4 No.21 (Oct. 21, 2015)

    A Dangerous Harbor?  Analyzing the European Court of Justice Ruling

    An Austrian graduate student’s lawsuit against Facebook has resulted in the invalidation of a 15-year old data privacy treaty relied upon by thousands of multi-national companies.  On October 6, 2015, the Court of Justice of the European Union (ECJ), the highest court in the E.U., held that the Safe Harbor framework that allowed companies to transfer personal data from the E.U. to the U.S., including data for cross-border investigations and discovery, is invalid.  The ECJ found that the U.S. does not ensure adequate protection for personal data, primarily because of the access rights that the ECJ said U.S. agencies have.  Although the ruling is immediate, the “sky is not falling,” said Harriet Pearson, a partner at Hogan Lovells.  On October 16, 2015, a group of E.U. member state privacy regulators, the Article 29 Working Party, called for renewed negotiations on a treaty and recommended interim actions for companies.  There will need to be a “transition to a more complex and perhaps a more work-intensive compliance strategy than Safe Harbor had previously afforded companies,” Pearson said.  See “Checklist of Actions to Take and Issues to Consider When Navigating Data Privacy and Anti-Corruption Issues,” The FCPA Report, Vol. 2, No. 21 (Oct. 23, 2013).

    Read Full Article …
  • From Vol. 4 No.17 (Aug. 19, 2015)

    James Tillen of Miller & Chevalier Talks 2015 Enforcement Trends and Predictions

    The first half of 2015 is behind us, providing an opportunity to reflect on new trends in anti-corruption enforcement and what companies can expect going forward.  A number of FCPA actions have made the news this year, but identifying trends and making predictions requires a more careful look at the numbers.  As part of its FCPA Summer Review 2015, Miller & Chevalier has analyzed enforcement data and identified several trends in the first half of 2015, including a noticeable increase in the number of declinations by the DOJ.  The FCPA Report spoke with James Tillen, a member of M&C and vice chair of the firm’s international department, about these trends, how companies should use them to improve their compliance programs and their negotiating strategies with the government and his predictions for the second half of 2015.  See also “Government Officials and Defense Bar Offer Insights on FCPA Enforcement, Voluntary Disclosure and Cooperation,” The FCPA Report, Vol. 4, No. 14 (Jul. 8, 2015).

    Read Full Article …
  • From Vol. 4 No.16 (Aug. 5, 2015)

    Regional Risk Spotlight:  Thomas Firestone of Baker & McKenzie Explains How to Navigate Corruption Risks in Russia

    When conducting business in Russia, multi-national companies often find themselves in the precarious position of trying to comply with local laws or traditions that conflict with international anti-corruption obligations.  Implementing policies that address this conflict in today’s political climate is a daunting task.  In this installment of The FCPA Report’s Regional Risk Spotlight series, we talk to Thomas Firestone, a partner at Baker & McKenzie, about the most pressing corruption issues in Russia and how companies doing business there can mitigate those risks using their compliance programs.  See also “Regional Risk Spotlight: William McGovern of Kobre & Kim Advises on How to Handle Corruption Risk When Doing Business in China,” The FCPA Report, Vol. 4, No. 14 (Jul. 8, 2015).

    Read Full Article …
  • From Vol. 4 No.15 (Jul. 22, 2015)

    Addressing E-Discovery Challenges When Conducting International Investigations

    Conducting e-discovery in a cross-border investigation – a task difficult to avoid in an FCPA probe – presents an array of challenges including compliance with data privacy and other local laws; language and cultural barriers; and data collection issues.  In a guest article, e-discovery experts at Epiq Systems Martin Bonney and Melinda Kunjasich detail those challenges and explain best practices for conducting thorough and cost efficient e-discovery in international investigations.  See also “How to Manage a Multi-National Anti-Corruption Investigation,” The FCPA Report, Vol. 2, No. 6 (Mar. 20, 2013).

    Read Full Article …
  • From Vol. 4 No.14 (Jul. 8, 2015)

    Regional Risk Spotlight: William McGovern of Kobre & Kim Advises on How to Handle Corruption Risk When Doing Business in China

    China has long been plagued with high corruption risk.  However, the recent uptick in China’s own anti-corruption enforcement – evidenced recently by the fine the Chinese government levied on GSK – is changing the corruption landscape there, as is the steady focus on China by U.S. regulators.  In this installment of The FCPA Report’s Regional Risk Spotlight series, we talk to William McGovern, a partner in Kobre & Kim’s Hong Kong office, about the most pressing corruption issues in China and how companies doing business there can handle them.  See also “Understanding and Tackling China’s Corruption Challenges,” The FCPA Report, Vol. 3, No. 5 (Mar. 5, 2014).

    Read Full Article …
  • From Vol. 4 No.10 (May 13, 2015)

    Former Prosecutor Nathaniel Edmonds Shares His Internal Anti-Corruption Investigation Strategies

    At the first sign of a red flag that points to possible bribery, a multi-national company must consider whether to initiate an internal investigation, which can deter any nefarious activity, demonstrate an independent commitment to good compliance, and if the wrongdoing has already occurred, prevent or mitigate any potential charges.  However, if not conducted properly, internal investigations can present their own risks, including inadvertent disclosure of the investigation, waiver of the attorney-client privilege, and accusations of improper handling or even obstruction of justice.  To mitigate these risks, a company should adopt a carefully-conceived plan for conducting internal investigations.  In an interview with The FCPA Report, Nathaniel Edmonds, a partner at Paul Hastings and a former FCPA prosecutor, discusses best practices for preparing for, conducting and concluding an investigation, including the appropriate way to handle data, and reveals the biggest mistakes he has witnessed companies make during the investigative process.  See also “How to Handle a Government Investigation: Insight from PwC, Covington, Booz Allen and FINRA,” The FCPA Report, Vol. 3, No. 21 (Oct. 22, 2014). 

    Read Full Article …
  • From Vol. 4 No.6 (Mar. 18, 2015)

    Taking Third Party Diligence Beyond the FCPA and the U.K. Bribery Act

    An active third-party due diligence program protects a company from a host of dangers, including anti-corruption violations, sanctions issues and forming relationships with destructive business partners.  A recent program presented by the Society of Corporate Compliance and Ethics highlighted the continued importance of third-party due diligence for anti-corruption compliance and the impact of economic sanctions regimes on that due diligence.  The program featured Candice D. Tal, founder and Chief Executive Officer of security and risk management consulting firm Infortal Worldwide Inc.; and Cordery Compliance Limited’s principal adviser André Bywater and partner Jonathan P. Armstrong.  See also “Risk-Based Solutions to Complying with Anti-Money Laundering, Export Controls, Economic Sanctions and the FCPA,” The FCPA Report, Vol. 3, No. 2 (Jan. 22, 2014).

    Read Full Article …
  • From Vol. 3 No.25 (Dec. 17, 2014)

    Weil Attorneys Address Six Key U.S. and E.U. Cybersecurity Risks

    The extensive cybersecurity breaches at major public companies such as Target, Home Depot and JPMorgan Chase have placed cybersecurity issues on the radar of both regulators and the private sector.  Cyber breaches can give rise to regulatory, reputational and enterprise risk.  A recent panel discussion sponsored by the Cross-Border Group considered the current regulatory climate on cybersecurity in both the U.S. and the E.U., and six ways to handle cybersecurity risks.  The discussion was moderated by J.P. Wilson, head of the Cross-Border Group and the speakers included Weil, Gotshal & Manges partners Barry Fishley and Kyle C. Krpata, and counsel Paul A. Ferrillo.  See also “Seven Steps the Legal Department Can Take to Decrease Cybersecurity Risk,” The FCPA Report, Vol. 3, No. 22 (Nov. 5, 2014).

    Read Full Article …
  • From Vol. 3 No.22 (Nov. 5, 2014)

    Seven Steps the Legal Department Can Take to Decrease Cybersecurity Risk

    Every GC and legal department should be thinking about cybersecurity, Suzanne Folsom, General Counsel and Senior Vice President, Governmental Affairs at U.S. Steel said during a recent panel at the 2014 Women, Influence and Power in the Law Conference.  Yet, many companies are slow to address cybersecurity issues, Folsom observed.  The real leaders in the cybersecurity space are thinking about those kinds of issues, they’re running training exercises and they’re developing partnerships, she said.  To assist legal departments in addressing cyber risk, Folsom along with Harriet Pearson, a partner at Hogan Lovells and Jane Storero, Vice President, Corporate Governance and Secretary at Pepco Holdings, presented seven concrete actions they can take to protect their companies.  See also “Strategies for Preserving Data Before and During an FCPA Investigation,” The FCPA Report, Vol. 1, No. 12 (Nov. 14, 2012).

    Read Full Article …
  • From Vol. 3 No.11 (May 28, 2014)

    Practical Guidance for Obtaining Evidence from Abroad: An Interview with T. Markus Funk of Perkins Coie

    A perennial challenge in FCPA cases is obtaining evidence that resides outside the U.S., both during the investigation and during administrative and court proceedings. T. Markus Funk, a partner at Perkins Coie and former federal prosecutor, DOJ Legal Advisor in Kosovo and Oxford law lecturer, discussed with The FCPA Report the details of, and differences between, the two formal mechanisms for obtaining evidence from abroad, mutual legal assistance treaties and letters rogatory.  He also gave expert insight on informal channels for obtaining evidence overseas, and strategies for handling the challenges that attorneys may encounter when seeking such evidence.  Funk recently authored Mutual Legal Assistance Treaties and Letters Rogatory: A Guide for Judges (Federal Judicial Center, 2014).  For more analysis from Funk, see “Assessing the Year in FCPA Enforcement and Looking Ahead,” The FCPA Report, Vol. 3, No. 2 (Jan. 22, 2014) and “The New Landscape of Corporate Social Responsibility Regulation and Its Overlap with FCPA Compliance,” The FCPA Report, Vol. 1, No. 11 (Nov. 7, 2012).  Funk also represented Joel Esquenazi in the challenge to the definition of “instrumentality,” decided on May 16.  See “What the Eleventh Circuit's 'Instrumentality' Decision Means for FCPA Practitioners,” above, in this issue of The FCPA Report.

    Read Full Article …
  • From Vol. 3 No.10 (May 14, 2014)

    FCPA Compliance in Non-Controlled Joint Ventures

    Transnational joint ventures – especially where the company owns a minority stake and does not control the venture – are fraught with corruption risk because the company is “on the hook” for the actions of the joint venture abroad.  At a recent panel, FCPA experts noted that companies are increasingly aware of this risk and are acting on it.  Mark Mendelsohn, a partner at Paul Weiss, moderated the discussion about joint venture corruption risks and compliance strategies at Practising Law Institute’s Foreign Corrupt Practices Act and International Anti-Corruption Developments 2014 program.  The panel featured James Bamford, a Founder and Managing Director at joint venture advisory firm Water Street Partners; Timothy Dickinson, a partner at Paul Hastings; and Kathryn Cameron Atkinson, a member of Miller & Chevalier.  See also “Strategies for Mitigating the FCPA Risk of Entering Into Joint Ventures,” The FCPA Report, Vol. 2, No. 9 (May 1, 2013).

    Read Full Article …
  • From Vol. 3 No.8 (Apr. 16, 2014)

    Compliance Strategies in Advance of the Sweeping New E.U. Data Protection Regulation

    The current fragmented system of data protection laws in the E.U., so often a complicating factor in cross-border anti-corruption investigations, is on the verge of a significant overhaul.  The European Parliament voted overwhelmingly in support of proposing the General Data Protection Regulation last month with a vote of 621-10.  The Regulation outlines a data protection framework that would replace the existing framework of Member State-specific laws.  This article analyzes the new Regulation with insights derived from a recent webinar hosted by the Society of Corporate Compliance and Ethics and led by Robert Bond, a partner and Head of Data Protection & Information Security at Speechlys Bircham in London.  Bond’s program focused on the potential timeline of the proposed Regulation as well as four practical changes that companies should consider if the Regulation is enacted within the E.U.  For an in-depth analysis of the current E.U. data protection framework and FCPA compliance, see “Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part One of Three),” The FCPA Report, Vol. 2, No. 1 (Jan. 9, 2013); Part Two of Three, Vol. 2, No. 2 (Jan. 23, 2013); Part Three of Three, Vol. 2, No. 3 (Feb. 6, 2013).

    Read Full Article …
  • From Vol. 2 No.25 (Dec. 18, 2013)

    Charles Duross and Kara Brockmeyer Discuss What Matters to Regulators When Negotiating FCPA Settlements (Part Two of Two)

    What are FCPA regulators and prosecutors looking for during company presentations?  How can a company shorten the time from its first meeting with the government to the resolution of its FCPA issues?  Charles Duross, Deputy Chief of the Fraud Section of the Criminal Division of the DOJ, and Kara Brockmeyer, Chief of the FCPA Unit of the Division of Enforcement of the SEC, provided detailed insight at a recent ACI International Conference in Washington, D.C. on what regulators are looking for, discussing the government’s FCPA charging philosophies, investigative techniques and enforcement priorities, and dispensing advice about how companies can avoid or decrease FCPA penalties.  Among other things, the regulators highlighted the government’s continued focus on problematic travel and entertainment, warned that the DOJ and SEC will pursue matters involving charitable donations and commercial bribery, and provided tips for expediting government investigations and conducting effective settlement negotiations.  The first part of this article series contained insight from Duross and Brockmeyer about five micro trends within the overarching trend of increased FCPA enforcement: prosecution of individuals, SEC administrative proceedings focused on FCPA violations, increasing coordination between global regulators on anti-corruption matters, the persistence of use of corporate monitors following FCPA settlements and the continued FCPA risk posed by use of third parties.  See also “Top Government and Private FCPA Practitioners Discuss Global Enforcement, Self-Reporting, Facilitation Payments, M&A Due Diligence, Jurisdiction and NPAs,” The FCPA Report, Vol. 2, No. 11 (May 29, 2013).

    Read Full Article …
  • From Vol. 2 No.21 (Oct. 23, 2013)

    Checklist of Actions to Take and Issues to Consider When Navigating Data Privacy and Anti-Corruption Issues

    Investigating a potential FCPA violation almost invariably entails cross-border discovery because U.S. companies need data housed overseas.  While trying to please U.S. regulators in obtaining information relevant to suspected bribes both in the context of internal investigations and due diligence of another company, however, companies often find themselves at the risk of violating the strong data privacy laws enacted in many countries across the globe.  To minimize conflicts, companies must educate themselves about data privacy, plan ahead and act strategically.  This checklist can serve as a guide to help companies comply with data privacy laws when conducting cross-border anti-corruption or other investigations, and when engaging in common compliance activities.  The checklist highlights data privacy issues that companies should consider and actions they should take prior to the development of an FCPA issue, during an investigation and during due diligence.  For more on the interaction between data privacy and anti-corruption laws, see The FCPA Report’s Data Privacy Series: "Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part One of Three),” The FCPA Report, Vol. 2, No. 1 (Jan. 9, 2013); Part Two Of Three, Vol. 2, No. 2 (Jan. 23, 2013); Part Three of Three, Vol. 2, No. 3 (Feb. 6, 2013).

    Read Full Article …
  • From Vol. 2 No.13 (Jun. 26, 2013)

    Preserving the Attorney-Client Privilege in Cross-Border Internal Investigations

    Under pressure to quickly formulate an investigation plan, attorneys conducting an internal investigation on behalf of a company or board committee can easily overlook the importance of establishing procedures at the outset to ensure the preservation of applicable privileges.  That is a mistake.  In a guest article, James Walker, a partner at Richards Kibbe & Orbe LLP, examines the difficult privilege issues faced by both in-house and outside counsel conducting cross-border internal investigations, including (1) the complexities that arise in connection with conducting witness interviews in cross-border investigations; (2) the difference between the law of privilege in the U.S. and other jurisdictions; (3) the considerations involved when communicating with foreign in-house counsel; and (4) pitfalls associated with ignoring data privacy rules.  See also “Representing Foreign Companies in Criminal FCPA Actions: Strategies for Handling the Legal, Practical and Cultural Challenges,” The FCPA Report, Vol. 2, No. 8 (Apr. 17, 2013).

    Read Full Article …
  • From Vol. 2 No.9 (May 1, 2013)

    Handling the Challenges of Overseas Anti-Corruption Investigations: Forensic Accountants, Government Expectations, Translators, Upjohn Warnings, Privilege Issues and Recording Interviews

    Internal FCPA investigations do not respect jurisdictional boundaries, and varying customs and laws of different areas critically impact not only internal investigations, but also prosecutions and litigations for multi-national companies that may follow.  Failing to identify and address the specific issues relevant to an anti-corruption investigation can have significant legal and financial consequences.  A recent panel of experts at the American Bar Association’s Institute on Internal Investigations and Forum for In-House Counsel discussed the complexities of internal investigations, sharing their advice on best practices starting with actions to take during the first 72 hours of the investigation.  From both government and private sector perspectives, the panel addressed how to handle language and cultural differences, as well as how to navigate varying legal regimes that affect privilege and complicate the collection of documents.  They also provided insight on interviewing witnesses and how best to deal with the U.S. government when it comes to disclosing an investigation.

    Read Full Article …
  • From Vol. 2 No.8 (Apr. 17, 2013)

    Representing Foreign Companies in Criminal FCPA Actions: Strategies for Handling the Legal, Practical and Cultural Challenges

    Many FCPA investigations and prosecutions involve foreign companies or foreign subsidiaries of U.S. companies.  When the DOJ investigates or commences a criminal enforcement action against a foreign company, local laws, customs and practices can create challenges for unwary U.S. counsel in areas such as discovery and attorney-client privilege.  A recent event shed light on the topics that frequently come up when dealing with a foreign company client: attorney-client privilege, cross-border discovery, data privacy, obstruction of justice and extradition.  The event participants, all partners at Kaye Scholer LLP, also shared advice on working with in-house counsel in Japan and China and addressed other practical issues specific to the European Union, China and Japan.

    Read Full Article …
  • From Vol. 2 No.7 (Apr. 3, 2013)

    How to Maintain an Anti-Corruption Reporting Hotline That Complies with Data Privacy Laws

    The November 2012 FCPA Resource Guide emphasized that a confidential reporting hotline is one of the hallmarks of an effective FCPA compliance program.  However, operating such a hotline requires a company to collect personal data about employees.  Accordingly, maintaining a reporting hotline may conflict with applicable data privacy laws, particularly in non-U.S. jurisdictions.  How can companies both abide by data privacy laws and maintain a reporting hotline, consistent with best compliance practices?  This article addresses this question and, in doing so, offers guidance on setting up a hotline; processing and investigating complaints; and post-investigation procedures.

    Read Full Article …
  • From Vol. 2 No.6 (Mar. 20, 2013)

    How to Manage a Multi-National Anti-Corruption Investigation

    Managing a single internal anti-bribery investigation that spans multiple jurisdictions requires forethought, coordination, creativity and preparation.  When leading an investigatory team, counsel must consider both the laws and customs of the United States and the laws and customs of the multiple jurisdictions where its client maintains operations.  Counsel also must be mindful of the relationships between various jurisdictions.  Failing to identify and address the specific issues relevant to an investigation can have significant legal and financial consequences.  A panel of experts at the New York City Bar recently shared their insights on how to successfully run a complex international investigation.  The panelists offered advice on, among other things, navigating data privacy laws; protecting the attorney-client privilege; addressing employee rights; and determining whether to voluntarily disclose the results of an internal investigation.

    Read Full Article …
  • From Vol. 2 No.3 (Feb. 6, 2013)

    Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part Three of Three)

    To comply with the FCPA, companies must exercise decisive control – they must act quickly and effectively to investigate potential corrupt actions and conduct thorough due diligence.  These actions, coupled with the inevitable time pressure, can put a company in direct conflict with foreign data privacy laws.  Carefully crafting compliance policies and investigation plans can minimize this conflict.  This article, the third in a three-part series, details six steps companies should take at the beginning of an investigation; delves into the issues facing companies that perform internal investigations and conduct due diligence; and offers concrete advice from top practitioners about conducting those activities in a way that minimizes the risk of violating data privacy laws.  The first article in this series discussed the application of data privacy laws to FCPA compliance and the specifics of the E.U. data privacy regime, including: data processing principles; restrictions on data transfer; data transfer mechanisms, including the meaning of “safe harbor status,” binding corporate rules and European model clause agreements; as well as how potential new regulation can affect data collection.  See “Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part One of Three),” The FCPA Report, Vol. 2, No. 1 (Jan. 9, 2013).  The second article in this series discussed how France applies the relevant E.U. Directive; best practices for due diligence in France; and six specific steps a company should take before a need to investigate arises in France as well as other E.U. member states and other jurisdictions with similar data privacy regimes.  See “Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part Two of Three),” The FCPA Report, Vol. 2, No. 2 (Jan. 23, 2013).

    Read Full Article …
  • From Vol. 2 No.2 (Jan. 23, 2013)

    Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part Two of Three)

    As companies strengthen their anti-corruption compliance programs in response to the domestic enforcement climate, they face an increasing risk of violating data privacy laws across the globe.  With law enforcement and regulators demanding information, companies find themselves trying to please two masters.  Understanding foreign data privacy laws, which often conflict with American notions of privacy, and anticipating problems before they materialize, are key to minimizing conflicts.  France in particular has a strict data privacy regime, and its laws are actively enforced.  This article, the second in a three-part series, discusses how France applies the relevant E.U. Directive; best practices for due diligence in France; and six specific steps a company should take before a need to investigate arises in France as well as other E.U. member states and other jurisdictions with similar data privacy regimes.  The third article in this series will tackle: internal investigation considerations; best practices for reviewing documents and conducting interviews; strategies for transferring data outside the E.U.; data privacy concerns when performing due diligence in the E.U.; and effective techniques for running an anti-corruption hotline in the E.U.  The first article in this series discussed data privacy laws generally and specifically as they relate to FCPA compliance, and provided information about the specifics of the E.U. data privacy regime, including: data processing principles; restrictions on data transfer; data transfer mechanisms, including the meaning of “safe harbor status,” binding corporate rules and European model clause agreements; as well as how potential new regulation can affect data collection.  See “Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part One of Three),” The FCPA Report, Vol. 2, No. 1 (Jan. 9, 2013).

    Read Full Article …
  • From Vol. 2 No.2 (Jan. 23, 2013)

    Specific Strategies from Goldman Sachs, Société Générale and Leading Law Firms on Conducting Cross-Border FCPA Investigations

    The considerable challenges posed by an internal FCPA investigation are compounded when that investigation involves a cross-border component – as it almost invariably does.  In-house and outside counsel in cross-border investigations must navigate legal regimes that often conflict (notably in the area of data privacy); divergent approaches to the attorney-client privilege; varying business and governance structures; and different languages and cultural mores.  Moreover, best practices in the area of cross-border investigations are not codified or neatly packaged; rather, they are a function of long and often arduous experience.  In an effort to identify and communicate some of those best practices, a seasoned panel of in-house and law firm lawyers convened in New York on January 15, 2013 for a panel hosted by Catalyst, an e-discovery services provider.  The panel was moderated by Vasu Muthyala, counsel at O’Melveny & Meyers LLP.  He was joined by Greg Andres, partner at Davis Polk & Wardell LLP; John Driscoll, Managing Director and Director of Litigation and Regulatory Affairs at Société Générale; Justin Shur, partner at Molo Lamken LLP; John Tredennick, Chief Executive Officer of Catalyst; and Christine Chi, Global Head of the Anti-Bribery Group at Goldman Sachs.  The panelists discussed, among other issues: major challenges facing companies performing cross-border investigations, including the differing notions of data privacy and attorney-client privilege in different regions and strategies for coordinating with multiple jurisdictions; tips for conducting a cross-border investigation, including when to retain outside counsel; and the dynamics of reporting, both obligatory reporting via a Suspicious Activity Report and voluntary disclosure, especially in the current whistleblower climate.

    Read Full Article …
  • From Vol. 2 No.1 (Jan. 9, 2013)

    Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part One of Three)

    Vigorous anti-corruption compliance – as undertaken by many companies in the wake of the recent uptick in FCPA prosecutions – may endear a company to the DOJ and SEC, but could also put it at risk of violating data privacy laws across the globe.  In Europe, where privacy is considered a fundamental right, this is a particularly thorny problem.  It is difficult for companies operating in both the U.S. and E.U., if not impossible, to comply with both U.S. law and E.U. data privacy legislation.  To minimize conflicts, companies must educate themselves about data privacy, plan ahead and act strategically.  This article series helps companies do just that, delving into the details of E.U. privacy regulations and the challenges they pose during all the stages of an anti-corruption internal investigation, as well as during due diligence on third parties and for mergers and acquisitions and when creating and maintaining an anti-corruption hotline.  Through discussions with numerous data privacy and FCPA experts as well as secondary research, this article series provides a valuable framework for understanding data privacy laws in the E.U. and applying them to anti-corruption compliance.  This first part of the article series discusses data privacy laws generally and specifically as they relate to FCPA compliance and provides information about the specifics of the E.U. data privacy regime, including: data processing principles; restrictions on data transfer; data transfer mechanisms, including the meaning of “safe harbor status,” binding corporate rules and European model clause agreements; as well as how potential new regulation can affect data collection.  The second part of this article series will discuss how France specifically applies the relevant E.U. Directive; best practices for due diligence in France; and specific steps a company should take before a need to investigate arises in the E.U. and other jurisdictions with similar data privacy regimes.  The third part will tackle internal investigation considerations; best practices for reviewing documents and conducting interviews; strategies for transferring data outside the E.U.; data privacy concerns when performing due diligence in the E.U.; and effective techniques for running an anti-corruption hotline in the E.U.  See also “Strategies for Preserving Data Before and During an FCPA Investigation,” The FCPA Report, Vol. 1, No. 12 (Nov. 14, 2012).

    Read Full Article …
  • From Vol. 1 No.12 (Nov. 14, 2012)

    Alan Kartashkin and Dmitri Nikiforov of Debevoise & Plimpton LLP Discuss the Ins and Outs of Russian Bribery Law

    Russia and Ukraine are rich in business opportunities but rife with business challenges, especially for foreign companies operating there or considering entering those markets.  Both countries recently passed anti-bribery laws, thereby adding new layers of complexity to the global patchwork of domestic anti-bribery regimes.  In an effort to understand how the new Russian and Ukrainian laws are similar to and different from the FCPA and the U.K Bribery Act, and what companies and compliance professionals should do to navigate the new laws, The FCPA Report recently interviewed two prominent partners in Debevoise & Plimpton LLP’s Moscow office, Alan Kartashkin and Dmitri Nikiforov.  Specific topics covered in our interview included, among other things, the key differences between the FCPA, the U.K. Bribery Act and the new Russian and Ukrainian laws; how Russia or Ukraine can obtain jurisdiction over an American company; how Russian and Ukrainian enforcement agencies operate; key steps companies should take when entering the Russian and Ukrainian markets; data privacy laws in Russia and Ukraine; the implications of the Novo Nordisk case; and the future of Russian anti-corruption enforcement under the leadership of Vladimir Putin.

    Read Full Article …