Recently, the American Bar Association’s Criminal Justice Committee’s 2014 International CLE Program was presented at the law office of NautaDutilh in Amsterdam, The Netherlands. The theme of this year’s program was “White Collar Crime and Regulatory Trends in the EU and U.S.” Mary Mack attended the session as a panelist to discuss “Recent Trends Regarding the Globalization of Enforcement Actions and Cross-Border Internal Investigations in the EU and U.S.”
Editor: Please describe the session on which you served as panelist at the ABA program in Amsterdam.
Mack: In the rapidly changing field of cross-border enforcement, regulation and litigation, this session offered top-level practitioners the opportunity to share real world experiences. Judges, prosecutors, defense attorneys, NGOs and in-house professionals offered perspectives on U.S. and EU trends.
Editor: What were some of the key surprises?
Mack: Legal professionals in Europe were surprised to hear that eight out of the ten largest Foreign Corrupt Practices Act (FCPA) cases in history were brought against European companies. Europol brings over 14,000 cross-border cases per year. One of the U.S. panelists mentioned that the “EU data laws are the fraudster’s best friend.”
Editor: Please elaborate on this comment.
Mack: It’s not always easy in the EU to get immediate access to an employee’s individual email box or documents on his or her computer. It may be that the employee has a privacy interest. Depending on the jurisdiction, certain steps may need to be taken. In places like Germany, the trade union may need to be informed. In the United States, employers have the ability to get to the heart of a matter quickly by examining corporate data, whereas that’s not necessarily true in the EU.
Editor: Is there a different standard in Europe as to what constitutes an invasion of privacy?
Mack: Yes. In the United States, our private data is saleable to advertisers and marketing people. We give up our privacy fairly readily. There’s very little expectation of data privacy in the United States, whereas in Europe there is a long history, especially after World War II, when government lists were used to find and kill people.
Editor: What were your takeaways with respect to enforcement priorities in the EU and the U.S.?
Mack: In the EU, fraud and anticompetitive behavior are priorities. In the U.S., insider trading, cartels, sanctions and export controls are priorities. In addition, the SEC has a new program to seek out lesser violations as a deterrent, much like New York City did with graffiti and street crime. There is more of an emphasis on admissions of guilt in settlements, which can have an impact on insurance coverage, stock price and executive compensation and retention.
Editor: Do the various countries in the EU cooperate with each other during investigations?
Mack: Yes. Before this conference, I knew there was some cooperation. In my view now, there is an extraordinary amount of cooperation, not only among EU authorities and those in EU countries, but also with their counterparts in other countries around the world, and especially in the U.S. The collaboration has become systematized. There are well-worn pathways about how to share data, about who should take the lead in investigations, and about how to coordinate settlements. The collaboration is only interrupted by the fear of regulators being “one-upped” by other regulators. Various inside and outside counsel panelists discussed best practices when conducting cross-border internal investigations, with a particular focus on the unique complexities presented when such investigations involve simultaneous inquiries in both the EU and the U.S.
Editor: Another issue that was discussed at the conference was “dawn raids” by EU authorities. What is a dawn raid?
Mack: A dawn raid is an unscheduled raid by the authorities to see whether competition violations are taking place even though there is no evidence that they are occurring. It is a shocking concept when you contrast the process of the U.S., where a search can only be undertaken if there’s some basis for getting a warrant from a judge. Entire servers can be seized, and anything found is fair game to the enforcers.
Editor: Should U.S. companies be worried about dawn raids?
Mack: Those companies with headquarters or subsidiaries in the EU should definitely include dawn raids in their legal risk assessments.
Editor: How does a company get ready for a dawn raid? At what point can ZyLAB be helpful? First of all, you might describe ZyLAB’s international reach.
Mack: ZyLAB is dual-headquartered in Amsterdam and McLean, Virginia. We have offices all over the world.
Editor: What can ZyLAB do to help a company prepare itself for a dawn raid?
Mack: ZyLAB’s software is often part of crisis management planning for a dawn raid. Our software can be used to identify suspicious circumstances relating to geographic location, state of mind, travel, meetings with particular individuals, etc. We use something called computational linguistics to search the structure of a sentence that might identify a particular state of mind or emotion. This, too, is a valuable tool in identifying a person who might be breaking company rules against foreign payments or committing other violations of company rules. Prior to a dawn raid, a monitoring strategy can be developed working with ZyLAB to determine if there are any potential violations that should be remedied before they blossom into trouble. This should be done before a dawn raid occurs because once it begins, you are in a reactive situation. Since the key data is searchable, and if your dawn raid plan has been tested, your counsel may be able to persuade the regulators to take a subset of your data and not all of it.
Editor: Would penalties be mitigated if such a process were undertaken before a dawn raid and the company took steps to end any violations?
Mack: Monitoring programs are regarded as a sign of good faith, good corporate governance. Compliance programs by themselves, without monitoring, are not seen as particularly helpful for mitigation, but programs that are practiced with oversight, accountabilities and monitoring are seen as helpful for mitigation.
Editor: I would think this would set the stage for a company to take remedial steps to end whatever situation might get it into trouble.
Mack: That’s very true. Once potential incidents are identified, it’s very important to have counsel in the jurisdiction to demonstrate future compliance and to handle any situation with rogue employees. There are certain jurisdictions where you can’t put somebody on administrative leave even with pay. Employment laws vary by jurisdiction. Not only the privacy laws, but also the employment laws of the EU throw another wrinkle into being compliant.
Editor: My recollection is that ZyLAB is knowledgeable about many of the local laws that might trip a company up in that regard.
Mack: We’ve been working in this area for decades. We have an extensive network of local counsel, and we are very skilled at issue-spotting to support our attorney clients.
Editor: I gather that ZyLAB’s machine translation and computational linguistics capabilities are able to check not only emails, but also documentation with respect to travel, meals, lodging, etc.
Mack: Exactly. They are very useful in these incidents because it’s important to get to the heart of the matter very quickly, and having manual translations takes more time and generates more expense. Computational linguistics greatly speeds up the process. Imagine terabytes of data being taken in a 24- to 72-hour period in a dawn raid that you need to sift through very quickly to get to the salient facts. Computational linguistics helps to do exactly that.
Editor: So it becomes a tremendous compliance tool.
Mack: It is a very wonderful compliance tool. It helps to identify hot spots. There are any number of ways to do it, either through something as simple as an electronic interview form that gets put into a database to verify understanding, or mining IP addresses and email addresses to glean what countries employees are communicating and doing business with. This is in addition to the investigations into the normal financial databases that are on-book. Many off-book activities can be monitored using our software. We are living in interesting times where, on the one hand, we do want some semblance of privacy, and then, on the other hand, we want to prevent the commission of crimes and protect our national security.
Editor: If the regulators are at the door, can ZyLAB still help?
Mack: Yes. We have been able to receive copies of the material seized by regulators and quickly mine it so that the company’s attorneys were well prepared for negotiations to settle the matter. We have also helped mark documents for privilege, with the specific requirements for the various jurisdictions. This is especially important in cross-border investigations where some jurisdictions allow in-house privilege and other jurisdictions do not. It is also important when agencies are collaborating, since some will allow privilege and others require waiver or clawbacks.
Editor: Is there anything I haven’t covered?
Mack: There is a tension between limiting the scope of search warrants and getting more international data here in the U.S. Some magistrate judges, like Judges Facciola and Waxse, are limiting the scope of U.S. government warrants, for example, not to include the whole computer or the whole email box, or to mandate a third-party search and produce the results to the government to avoid overreaching. Around international data, over the last couple years, there has been increased understanding by judges about the difficulties of getting cross-border data. However in a recent criminal case, a U.S. magistrate judge (Francis) issued a warrant in a government case permitting it to search a mailbox in Dublin. Since this decision will be appealed, we will likely get some guidance from the Second Circuit within the next few months relating to the reach of warrants for search of email boxes in foreign countries.