Mobile Communication Practices have Reshaped the Technical Requirements of an FCPA Investigation
After relatively modest enforcement levels for many years, enforcement activity of the Foreign Corrupt Practices Act (FCPA) increased steadily through the 2000s and peaked in 2016. Under the new US administration, it’s possible that these investigations will again pick up steam. US policies governed by the FCPA generally relate to corporate activities to bribe or coerce foreign government agents through the use of:
• charitable donations and sponsorships
• gifts and free merchandise
• use of cash
• travel and entertainment reimbursement
• licensing and other regulatory payments
• payments to vendors and third parties
• commissions or other service fees
• discounts and rebates
At the start of the COVID 19 pandemic in 2020, there was an international rush to identify PPE, along with a spike in purchases from non-US manufacturers. There remains a risk of FCPA actions on firms that used bribery and coercion to obtain those products. The financial delivery mechanisms associated with FCPA allegations are often not adequately or appropriately captured within the financial books and records of an organization. Employees offering bribes to foreign government agents often have to disguise these activities to bypass corporate control mechanisms. As a result, it's important to augment an investigation of accounting records with employee interviews and a review of communications, receipts, contracts, and other documents that can provide context and color associated with financial transactions that appear within the corporate ledger. Email is no longer the sole source of electronic communication in these investigations. Encrypted mobile phone messaging services including WhatsApp, Signal, and Telegram are becoming more common communication methods among those looking to hide their activities. With the inclusion of additional communication methods comes the added difficulty associated with accessing these sources. Global data privacy regulations, corporate bring your own device (BYOD) policies, multiple languages, and an increasing number available mobile messaging services present challenges to investigators as they maneuver their way through the process.
In addition to enforcing the FCPA against companies headquartered within the Unites States, consistent with its name, US authorities charged with the enforcement of the FCPA may pursue violations against non-US entities that may only have limited operations within the United States based on alleged corruption. The Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) pursue the majority of enforcement actions against corporate defendants in FCPA cases. In many cases, companies that are subject to enforcement actions hire outside legal representation and forensic consultants to aid their ability to independently investigate FCPA allegations, define the scope and breadth of the issues encountered, and report those findings to the enforcement agencies pursuing the investigation. The presentation of investigative findings is often a defendant’s opportunity to share findings with the government and show that a good faith effort is underway to uncover and remediate potentially illegal activities. The Government may determine that the efforts of a defendant warrant considerations related to sanctions relief associated with any alleged illegal activities.
Investigators working for multinational corporations undertaking an FCPA investigation must consider regional data privacy restrictions when developing their strategy for dealing with electronic evidence residing outside of the United States. Because different regions of the world have enacted varying privacy restrictions, it is often necessary to work with local privacy counsel to ensure that the investigative effort appropriately accounts for local regulations. This may mean that before information can leave a local jurisdiction, a review must occur to limit documents to only those related to the investigation – and in some cases, those documents require redactions to remove personally identifiable information. Technology can aid this process by instituting multiple regionally located review environments, leveraging document hash values to filter out and deduplicate documents across regions, locally located review teams, and document redaction capabilities that will enable documents to be cleared for exfiltration to the United States. Similarly, documentation and written consents may also be required from regionally located employees – particularly as it related to personal mobile devices utilizing messaging applications. In all cases, legal representation familiar with local data privacy regulations should be consulted when developing the data collection, review, and transfer strategy.
Although not the authority on number of languages you might encounter around the world, Microsoft Office currently supports 102 languages within its applications. While that may be a reasonable benchmark to try and set limits on what the investigative team might need to plan for, colloquial usage of language can greatly impact the meaning of a word or phrase. So much so, that automated translation services alone are often not an effective tool to gain an understanding of the meaning of communications in multiple languages. To demonstrate how automated translations fail, take a look at some of the videos you can find online poking fun at Google Translates ability to translate song lyrics in multiple languages. A common solution to this issue is to identify fluent native language document reviewers who can 1) develop keyword alternatives in a foreign language; 2) review documents for relevance; 3) and aid in the translation of relevant documents - either by QCing automated translations or manually translating key documents. Technologies used through these processes need to be Unicode compliant – to allow for the widest possible number of foreign languages, and the consultants aiding the investigation need to take special care to manage the keyword search and translation processes.
New mobile communication applications continue to make the news. By now, we’ve all heard of Parlor, which recently lost its hosting provider due to its user’s alleged use of the application during the lead up to the raid on the US Capital. Other alternative mobile communication applications have also become mainstream in recent days. Gab, Telegram, and Signal are somewhat newcomers to the scene with more common names like WhatsApp, Twitter, iChat, Facebook Messenger, and others remaining as steadily utilized mobile communication services. As a result, it’s important to understand the limitations of the document review technology that is deployed on an FCPA investigation to ensure the investigative team is provided as many forms of communication possible while maintaining the look and feel of the original mobile messaging application during the review. In addition to strictly mobile messaging applications, multi-platform collaboration tools are also becoming more mainstream. Slack, Trello, Microsoft Teams, Bloomberg Chat, and Yammer are a few of the collaboration applications that are being used often in corporate environments where communications might be housed that can aid an investigation.
A critical component of any factual presentation to the government is the necessity to rely upon electronic evidence produced to the Government and presented as exhibits. Electronic evidence must be preserved and handled according to the requirements and standards of the enforcement agency that is requesting it. The processes of preparing forensic images needs to include appropriate acquisition records and documentation. Additional processes like search, review, and document productions need to be performed in a way that is repeatable, complete, and auditable. This allows the US enforcement agencies an opportunity to validate and verify the findings of the independent review. As the cost of these investigations can increase exponentially with time, you never want to be in a situation where the review needs to be redone due to an inadequate collection effort. Take the time to ensure the collection is done correctly and completely and make sure you are working with consultants who will defend their processes when challenged.
In summary, email is no longer the total universe of electronic communications that need to be considered when addressing an international FCPA investigation. Encrypted mobile phone messaging services are becoming more commonplace within organizations. With the inclusion of these additional communication methods comes the added difficulty associated with accessing and reviewing the communications for potentially illegal activities. Global data privacy regulations, corporate BYOD policies, multiple languages, and an increasing number of available mobile messaging services present challenges to investigators as they maneuver their way through the process. Spend the time at the start of an investigation to outline as many as possible of the considerations that the investigation team will need to address and make sure you are working with a consulting organization and a robust set of technical solutions that will guide you through the process.
Bình luận