As embodied in the now-famous Yates Memorandum issued by Deputy Attorney-General Sally Yates, the US Department of Justice has recently concentrated more than ever on prosecuting individuals for the misdeeds of the corporations for which they work. A similar trend is in progress in Latin America.

Companies that become aware that their staff might have acted fraudulently in their name or on their behalf can escape damaging prosecutions by launching internal investigations and co-operating with the authorities. These days, they need to be more diligent than ever in planning and executing truly independent internal investigations in a manner that will anticipate regulatory questions about the larger business relationship between external counsel and managers.  

The American trend towards investigating individuals

Issued on 9 September, the Yates Memorandum has become the guide for prosecutors throughout the DOJ. It say that in order for a company to “be eligible for any credit for co-operation, the company must identify all individuals involved in or responsible for the misconduct at issue, regardless of their position, status or seniority, and provide to the department all facts relating to that misconduct.” In other words, the DOJ now follows an “all or nothing” policy with respect to co-operation. In the past, “co-operation credit was a sliding scale of sorts and companies could still receive at least some credit for co-operation, even if they failed to fully disclose all facts about individuals.” Under the new policy, “providing complete information about individuals’ involvement in wrongdoing is a threshold hurdle that must be crossed before [the DOJ will] consider any co-operation credit.”

In early February 2016, the Fraud Section of the DOJ took the additional step of stating that, as a condition for finalising a settlement agreement, it would now require a formal confirmation from a co-operating company that it has “turned over all non-privileged information about individuals” involved in the underlying misconduct. This newly-announced process is still being developed and may (or may not) take the form of a written certification of co-operation.  

Addressing people's concerns that the new co-operation policy would result in unnecessarily broad, costly and time-consuming internal investigations, Yates has been insisting that the DOJ merely expects “investigations to be tailored to the scope of the wrongdoing” and that defence attorneys should discuss any questions of scope directly with the DOJ. Although these remarks should offer some comfort to companies that are worried about the costs of internal investigations, there is no question that the new co-operation policy puts pressure on investigations to be more extensive than ever before. Indeed, the Yates Memorandum instructs prosecutors to “vigorously review any information provided by companies and compare it to the results of their own investigation, in order to best ensure that the information provided is indeed complete and does not seek to minimise the behavior or role of any individual or group of individuals.” The consequences of a finding that a company has not provided “complete” information are as yet unknown, but no company will want to be the first to find out.

A similar trend in Latin America

In Latin America, regulatory attention has also turned to individuals at companies. Recently, public outrage at corruption scandals throughout the continent has led to massive governmental efforts to quell corruption and to prosecute the government officials and corporate executives involved. This even holds true in countries without a tradition of holding individuals personally liable for acts of corporate corruption.

The continuing Petrobras scandal in Brazil is a telling example. In March 2014, news broke that Petrobras, the state-owned oil company, had allegedly accepted massive bribes from private firms in return for signing inflated contracts. Dubbed “Operation Car Wash,” the investigation launched by Brazilian authorities has resulted in more than one hundred arrests, indictments and convictions. Some of Brazil’s most prominent construction and engineering companies, along with high-ranking executives, have been ensnared. For instance, on 14 December the CEO of Engevix, one of Brazil’s largest construction companies, was sentenced to 19 years' imprisonment for his role in steering bribes to a top Petrobras official.

Prominent government officials have not been immune. On 4th March investigators detained Luiz Inácio Lula da Silva, the popular former President, for questioning. They alleged that Lula owned certain properties on which construction companies linked to the Petrobras scandal did work in exchange for political favours. On 9 March, Brazilian prosecutors pressed money-laundering and misrepresentation charges against the former president in a related but separate case that involved executives from one of the main companies involved in the Petrobras investigation.    

As has been publicly reported, both the DOJ and the US Securities and Exchange Commission (SEC), with help from Brazil's authorities, have launched their own investigations into Petrobras. They seem to be looking for violations of the Foreign Corrupt Practices Act (FCPA), whose jurisdiction extends to foreign companies that list shares on US stock exchanges (Petrobras is listed on the New York Stock Exchange). Although Petrobras has reportedly not yet begun formal settlement talks with the DOJ or the SEC, at least one source has indicated that the company may face a fine of US$1.6 billion or more, representing the largest penalty ever paid to settle corporate corruption charges.

The case of PetroTiger Limited, a British Virgin Islands oil and gas company, is a further indication of the risks that companies face in Latin America. On 15th June last year, the DOJ announced that the former CEO of PetroTiger had pled guilty to conspiring to pay bribes to an employee of the Colombian national oil company, Ecopetrol, in exchange for help in securing a large oil services contract, in contravention of the FCPA. The DOJ noted that it had received significant assistance from various Colombian law enforcement agencies and other government bodies. Strikingly, it also explicitly stated that it was declining to prosecute PetroTiger, instead praising the company for its “voluntary disclosure, cooperation, and remediation, among other factors.” This marked the second time in FCPA history that the DOJ has announced publicly that it is not going to prosecute a company because of its co-operation in building a case against a former employee.

The co-operation of governments with the US authorities’ investigations of Petrobras and PetroTiger is proof of another phenomenon that companies that operate in Latin American must face: cross-border enforcement is on the rise. In June last year, the DOJ stated that the US was “part of a formidable and growing coalition of international enforcement partners who together combat corruption around the world.” Likewise, in November, the SEC’s Enforcement Division said that cross-border investigations and co-ordination with foreign governments in FCPA cases were on the increase.

These recent developments represent a broader trend all over Latin America: a focus on individual liability for corporate corruption. For example, in early 2015, President Otto Perez Molina and Vice President Roxana Baldetti of Guatemala faced allegations of having run a customs fraud operation in which importers paid bribes in exchange for discounted tariffs. Later that year, Baldetti resigned and was subsequently arrested and charged with corruption; Molina followed suit. Similar protests against corruption have buffeted governments in Chile, Colombia, Ecuador, Honduras, Mexico and Peru. As this trend continues, driven by a wave of popular anger against corruption, companies operating in Latin America can expect to see an increase in both local and US enforcement efforts.   

How to plan an investigation

In this changing regulatory environment, companies (and especially companies with a jurisdictional nexus with the US) are likely in future to want to co-operate with investigating authorities. Every co-operating company – or its board of directors – must plan its investigation carefully from the beginning to ensure that outside counsel will be in a position to assess the involvement of managers in corporate wrongdoing dispassionately. Although details about misconduct may be scant during the opening stages of an investigation, every company must anticipate the issues as clearly and as early as possible. As more facts come to light, it should adapt gradually. In addition, it should provide regular reports to regulators about the substance and scope of the investigation and solicit feedback on the issues and individuals that are worthiest of investigation. Along the way, it should document each step of the investigation, including every discussion with the regulators, carefully. A clear record of the investigation will help to demonstrate full co-operation, should any disagreement with regulators arise later.            

The DOJ’s new certification requirement must, therefore, be considered during the planning and execution stages of the investigation. The company should appoint a managing investigation team, such that any member of the team can act as signatory for the certification. The DOJ has not said whether any particular officer or director should sign the certification, but the ultimate signatory should ideally be someone who is able to assess the involvement of all relevant parties and to be engaged in privileged and confidential dialogue with outside counsel. To ensure an accurate certification, all members of the team should be involved in the investigation from its earliest stages and should be kept regularly apprised of its status. While this is going on, companies should review and update their 'directors and officers' ('D&O') liability insurance policies.    

Data privacy complications

One open issue under the new policy is whether companies must provide information protected by foreign data privacy laws in order to receive co-operation credit. These laws frequently raise issues regarding key individual managers outside the US who may be required, under the new policy, to provide certifications or to be the subjects of certifications. On 17 November last year, while making remarks to the American Conference Institute’s 32nd Annual International Conference on the Foreign Corrupt Practices Act, Assistant Attorney General Leslie Caldwell stated that co-operating companies must engage in “proactive document production, especially for evidence located in foreign countries.” Assistant Attorney General Caldwell also alluded in those same remarks to instances where a company may be “legally prohibited” from providing certain evidence, though she cautioned that the company carried the burden of proving such an assertion. It is too early to tell whether the DOJ will orient its new co-operation policy towards an aggressive quest for evidence located overseas, but the issue is definitely likely to arise in the future. Accordingly, companies should assess early on whether relevant evidence is located in jurisdictions outside the US and whether those jurisdictions' data privacy laws might complicate its efforts to collect that evidence. By engaging in thoughtful investigation planning, potentially with the use of independent outside counsel, companies can execute investigations that successfully lead to settlements with the DOJ.

* John Couriel is a partner and Andrew Wang is an associate at Kobre & Kim LLP. John Couriel is available on +1 305 967 6115.