It is no secret that the Securities and Exchange Commission and Department of Justice stepped up investigation and prosecution of corporate wrongdoing. In fact the Yates Memo, issued by the DOJ in 2015, put the business world on notice that its enforcement focus will more aggressively target wrongdoers in their individual capacity.
The Yates Memo specifically states that for a company under investigation to even be considered for cooperation credit (i.e. a lesser penalty or punishment for cooperating with the government investigation), the company must completely disclose all relevant facts about individual misconduct within their organization.
Without proactive preparation, policies, and protocols, being able to determine and disclose all relevant facts about corporate misconduct may prove difficult. To help prepare your company for the prospect of an investigation, consider the suggestions below.
The first step in being prepared for an investigation is to have a plan. The plan should detail the steps and workflow to be followed upon notice of an investigation or receipt of a tip alleging wrongdoing. The plan should also detail investigation protocols and procedures to efficiently identify relevant information and documents. Also helpful is the creation of a team prepared to deal with investigations that includes attorneys, members of human resources, and IT (among other departments).
As discussed below, one of the first steps a company must take when hit with a government inquiry is implement appropriate legal hold measures. To accomplish this, companies need to know where their data is so that it may be locked down. One way to understand network and data storage is to create a data map. Data maps are visual depictions mapping a company’s IT structure and data storage so that when the time comes to collect data, they know where to look.
To prevent against oversight or destruction of relevant information, understanding all locations of potentially relevant information is imperative. For instance in the Delta/Air Tran Baggage Fee Litigation, the court sanctioned the company for failing to timely turn over back up tapes containing potentially relevant information. The oversight, although likely unintentional, happened because the company did not have a handle on the location of all its data.
A company’s duty preserve information is triggered when legal action is “reasonably anticipated.” The test for “reasonable anticipation” varies by jurisdiction, but generally, reasonable anticipation arises when a party knows there is a credible threat of a legal proceeding. Zubulake v. UBS Warburg LLC, 220 F.R.D. 212, 217 (S.D.N.Y. 2003). Events rising to the level of a credible threat of legal action may include receipt of a demand letter, formal complaint, records subpoena, or the occurrence of an event that typically results in litigation.
Once the duty to preserve relevant evidence arises, lawyers should issue a legal hold letter. Legal hold letters instruct recipients to preserve relevant documents and other information. The letter should describe the legal matter, offer examples of relevant information requiring preservation, and explain the recipient’s legal obligation to preserve the information. The letter should also provide contact information for questions about the legal hold.
Implementation of a legal hold may also require suspension of document destruction protocols. As exemplified by whistleblower litigation against Volkswagen, failing to suspend document retention policies may result in legal liability or sanctions. In that case, the whistleblower claimed company failed to suspend document destruction policies and deleted information after it knew the company was the target of an EPA investigation.
Also important to note is that Software as a Service (“SaaS”) applications such as popular customer relationship management platforms may also contain records that need to be preserved.
Using the right software greatly helps investigation preparedness. For instance, software may be used to implement and monitor legal holds to prevent against the destruction of relevant documents.
Use of e-discovery (electronic discovery) software is also helpful. Using the search capabilities of e-discovery software enables in-house compliance teams to quickly identify key documents and comply with investigatory document requests.
Certain e-discovery programs offer email threading tools and also permit users to view email paths visually. Specifically, the software creates diagrams or clusters of email communications to visually display communication routes and detail who is talking to whom. For instance, if an email is sent to one person and that person forwards the email to a different person, certain e-discovery platforms “connect the dots” by showing the email trail graphically. Identifying communication patterns will help focus investigation efforts and identify the players. Using e-discovery software to export relevant information makes production to the government easier too.
Companies may also consider use of case management software to track investigation activities and organize findings and relevant information.
It is also advisable for companies to have a BYOD policy (Bring Your Own Device). This is true not only for investigation preparedness, but as a data management practice in general. Employees in the digital age use multiple devices to conduct their business, including personal devices. As a result, information relating to the subject of an investigation may reside on personal devices and likely subject to collection and production to the government. This is why companies should institute policies addressing the appropriate use of personal devices for work related activities. Instituting and enforcing and BYOD plan will help keep collection efforts in check when the government comes knocking.
Lao Tzu is still right: the journey of a thousand miles begins with a single step. Taking the first step in creation of an investigation action plan will make your company more prepared to deal with a government inquiry if it arises. So, get started today.