Under starter’s orders: Considerations in commencing internal investigations

In the first of our series of blog posts looking at challenging issues relating to internal investigations, we look at key points firms should keep in mind at the outset of an internal investigation.

The commencement of an internal investigation gives rise to a series of questions, including around scope, resourcing and process. The answers to these questions are driven by many factors but the purpose of the investigation is an important starting point. Internal investigations could arise in a number of ways: out of regulatory requests or dawn raids, the identification of an issue by a firm’s compliance function, a whistleblower, press comment, or something else. What, whether and how to investigate are questions of degree that will depend on context.

With that in mind, we consider some key issues that firms might consider at the start of an investigation.

Threshold questions: what is the issue, what are we required to do, what is the conduct we’re talking about and how will we deal with relevant agencies?

The first matter to consider is what is being investigated. A narrow regulatory request for the production of identified documents may be adequately dealt with by a limited investigation to respond to the request. More general requests, which hint at a broader underlying concern, may merit a broader investigation. It is important to properly consider, and frame, what it is that is being looked for and what the objectives for the investigation are.

Before we consider investigative scope, what follows is a consideration of some threshold issues that will influence whether and how an investigation is conducted.

Nature of the conduct

The nature of the conduct in question will impact the steps taken in response to any identified issue.

Conduct with criminal implications, for individuals or the firm, is likely to require rigorous investigation, but the firm will have to consider whether it needs to get approval from the relevant criminal authority to conduct its own investigation. Potential antitrust violations throw up difficult considerations. The prospect of being the first to report anti-competitive behaviour and so obtaining immunity from fines or prosecution can be a powerful incentive to make a large initial investment in a substantial expedited investigation. In other cases, a more targeted iterative process may be appropriate.

Regulatory expectations

The regulator’s expectations about how a firm would respond to indications of potential misconduct will also be an important consideration as firms’ responses to issues are coming under growing scrutiny. In some contexts, rigorous investigation of all potential breaches of the law will be expected, and necessary. It may also feed into a firm’s self-reporting obligations and be an important element in providing assurance to regulators that a firm is responding appropriately to a potential issue.

Regulatory strategy

A related issue is how a firm plans to deal with its regulators on the issue after any initial notifications to them. A key consideration in many investigations now is cooperation, and what is being required from firms to receive cooperation credit. Firms will often need to cooperate very proactively in order to qualify for antitrust immunity or to be eligible for a deferred prosecution agreement. With the bar for cooperation seemingly rising ever higher, that can lead to a need to investigate more extensively than might otherwise be the case. In those cases, maintaining an open dialogue with the authorities about the investigative steps taken and the reasons for them is key to managing the scope of the investigation.

All of these factors are important to consider in framing the initial response to an investigative trigger, and preparing the firm to conduct any necessary investigation.

Scope considerations: proportionality, read-across risk and regulatory involvement

Once the firm considers whether and how it might wish to respond to a potential issue, it is important to adequately scope any investigation.

Proportionate but robust

Any investigation undertaken must be proportionate to respond to the trigger which gave rise to it, but it must also be robust in the sense that the process adopted is defensible to the firm’s regulators.

While many matters can be dealt with in-house, the need to review large volumes of potentially relevant documents can dictate a need to involve external counsel. A separate matter is the perceived independence of the investigation or its output (a matter touched on by Jamie Symington in his November speech on internal investigations (available here)). A wish to avoid any perception of conflicts of interest may militate in favour of the engagement of external lawyers or other investigators.

Read across risk

A robust investigation will take into account any read across risk. That is, risk that the identified conduct or concern might impact other individuals or business areas.

Read across risk might justify investigating further than into a particular individual or issue. In the UK, the FCA has been increasingly critical of firms for not considering whether misconduct or failings identified in one part of its business also existed in another part. Determining the scope of review into read across risk can be difficult, but a common sense approach should be taken by the firm having regard to regulators’ increased expectations in this area

Regulatory involvement

As touched on above, depending on the concern identified, it may be necessary or appropriate to involve regulators to appropriately scope an investigation. Mr Symington has publicly said the FCA expects a firm to consider the appropriateness of notifying it of a decision to investigate internally at the earliest opportunity (see his November speech referred to above). Other regulators may have similar requirements or expectations in certain contexts. There are many practical and legal factors to consider. Some of those include the following:

• A regulatory investigation into the same conduct or individuals may be already underway, or inevitable. Early engagement with regulators, as Mr Symington alludes to, may avoid the need for a regulator to re-investigate matters for their own purposes.
• If criminal sanctions could be imposed, proposed investigative steps should be discussed with the criminal authorities first and it is likely to be necessary to investigate in a way that preserves or captures evidence in a way that criminal authorities can rely on at a later stage.

Are there ongoing risks?

Another important consideration is whether there is a risk that the misconduct in question is potentially continuing. This should be considered early on as there may be, for example, ongoing customer detriment. In an antitrust context, it is a condition to obtaining immunity from the European Commission that the violating conduct has stopped. Where there is a concern about a continuing breach, the internal investigation should be structured to focus on that as a key issue at an early stage.

Litigation risks and the product of investigation

Whether the conduct for investigation gives rise to a litigation risk will be a relevant factor in deciding whether to investigate and, if so, how. A further and related issue is what documents will be generated by the investigation process.

A particular issue is discovery or disclosure of investigation work product in subsequent litigation. If material is intended to be produced to regulators in a way that waives legal privilege (where it exists in the first place), the consequences of discovery of that material in any follow on litigation must be considered. Some regulators have sophisticated apparatus in place for the disclosure of information to them to address this concern, while others are not as accommodating.

Conclusion

Each investigative trigger needs to be dealt in a considered way. However, consideration of these issues will hopefully assist in scoping and organising matters at an initial stage.

Series of blog posts on internal investigations

Next up in our series of blog posts focusing on challenging issues relating to internal investigations will be managing internal and external communications.

If you have any questions about this blog post please contact Investigations.Insight@AllenOvery.com