Home > Insights & news > Incident response map > Investigation issues
3 Investigation issues
3.1 The decision to investigate
Once a company is on notice that it may be exposed to an incident (eg bribery and corruption), there are many reasons to properly investigate. They include:
- Understanding the facts – you will want to understand the facts as quickly as possible to appreciate what happened and why. This will form the basis for any necessary remediation.
- Containment – You also need understand fairly quickly whether this is a one-off event, or whether the issue is systemic.
- Law enforcement and regulatory exposure – companies have various obligations to report serious indictable offences, licence breaches and material information to law enforcement and regulators (see more on this topic in Section 4).
- Money laundering – continuing to make and receive payments or property once on notice that they might be associated with serious misconduct can itself be an offence (see more on this topic in Section 6).
- Leniency – thoroughly investigating concerns and dealing with them appropriately can significantly reduce the likelihood of being prosecuted and the penalty imposed if there is a prosecution.
- Counterparties – corruption and other serious misconduct often involves two or more parties. If you do not investigate, then the other party may (and may report your conduct to authorities).
- Directors' duties – directors and officers may breach their duties if they do not investigate once suspicions of misconduct are awakened (see below).
- Commercial reputation – when allegations of serious misconduct or other serious misconduct become known to the public or to commercial partners, how a company responds will often be seen as a sign of the company's culture and tolerance for the conduct at issue. The company's commercial reputation will be much better protected if you can say you promptly and thoroughly investigated the concerns as soon as they were brought to your attention.
- Reducing future risk – it is only by investigating, identifying the root causes and remediating them that the company can reduce its risk of more incidents occurring in the future.
An investigation necessarily risks uncovering facts that will create an exposure for the company and for individuals – however, it is imperative to ensure the scope of the misconduct has been properly identified and addressed. It is important to have 'buy-in' from the senior management and Board for an investigation to be conducted and to be properly scoped and resourced.
3.2 Preparing an investigation plan
Prior to commencing an investigation it is important to consider how it should be executed and by whom.
There will be heightened interest from all parties involved in the findings of the investigation, including those being investigated, any law enforcement officials, parties to any current or future legal proceedings and other stakeholders (eg shareholders, insurers, financiers, business partners etc, amongst others). Accordingly, it is important that strict protocols are in place to protect the confidentiality of the investigation. You should also give careful consideration to whether it should be undertaken by external lawyers who have specific expertise in advising companies on, and handling, investigations of this nature and are further removed from the individuals who may be the subject of the investigation.
An investigation plan should consider the following issues:
1
SCOPE
Define the specific allegations the investigation will cover and then carefully delineate what is in-scope and what is out-of-scope for the investigation. Who will be interviewed? What documents will be reviewed? While it is important to understand the facts, a core part of the investigation should also be understanding what compliance frameworks the company has in place and how those apply to the facts. In doing so, a company may (for example) identify a basis for an affirmative defence to allegations of misconduct.
2
INVESTIGATOR
Who will undertake the investigation? Will it be done internally or externally? Will it be undertaken by lawyers? If so, will external counsel be involved?
3
CONFIDENTIALITY & WHISTLEBLOWERS
Have appropriate restrictions been put in place, and communicated to those involved in the investigation (eg witnesses, investigators etc) regarding the confidentiality of the investigation, including locking down document access to the report and any witness interview notes if it is being done internally? Is there an 'eligible whistleblower' for the purposes of the Part 9.4AAA of the Corporations Act or Part IVD of the Taxation Administration Act 1953 (Cth)? Does the plan address the need to ensure that whistleblowers are not the subject of retaliation? See further on that obligation below.
4
GOVERNANCE
Who at the company will be the primary instructing person? Is that person sufficiently independent of the facts? To whom will the findings be reported as the investigation progresses?
5
OUTCOME
To whom will the ultimate findings of the report be communicated? For example, if it involves an allegation of senior executive misconduct, consider whether the findings must be communicated directly to the Board. When will the findings be communicated and what interim updates will be provided?
3.3 Legal professional privilege and investigations
Legal professional privilege applies to confidential communications between a lawyer and a client for the dominant purpose of the client receiving legal advice (and there is a slightly broader privilege where legal proceedings are anticipated or under way). Privileged documents do not need to be produced to courts and regulators. The privilege exists so that people and companies can give their lawyers a candid account of the facts in order to receive legal advice without fear that those communications will be used against them.
This privilege could cover various aspects of an investigation and can be an important protection to have in place.
However, it is also important to recognise that there are limitations to the privilege:
- Confidentiality – communications must be kept confidential for the privilege to apply.
- Dominant purpose – the company will need to provide that its dominant purpose was obtaining legal advice. This is a high threshold to meet.
- Waiver – the privilege will cease to exist if the company does anything that is inconsistent with maintaining the privilege, eg referring to conclusions of the legal advice or providing the advice to third parties (without certain protections in place).
When considering the scope of the investigation, who will conduct it and the governance put in place around it, legal professional privilege should be considered at every step.
3.4 Protecting and managing whistleblowers
Part 9.4AAA of the Corporations Act and Part IVD of the Taxation Administration Act 1953 (Cth) contain significant protections for whistleblowers. The protections in the Corporations Act were expanded in 2019 to provide greater protection for those who report misconduct about companies and company officers. Some key issues to consider are:
- Who could be considered an 'eligible whistleblower' and thus, subject to protection? – this now includes a wide range of people, including former employees, contractors, employees of contractors, associates of the company, and spouses, dependents and other relatives of such individuals.
- Protection of identity – a whistleblower's identity and any information likely to lead to their identification is protected where the information the whistleblower discloses concerns misconduct or an improper state of affairs about a company and the disclosure is made to officers, senior managers or someone authorised to receive the information in the company (amongst others).
- Very limited exceptions to disclosure of identity – it is an offence to disclose the whistleblower's identity, or information likely to lead to their identification, save for in particular circumstances such as:
- if the whistleblower consents to their identity being disclosed or it is being disclosed to ASIC, APRA, the AFP or to a lawyer to seek legal advice; or
- where information is disclosed which is likely to lead to the identification of the whistleblower, it is because it is reasonably necessary for the purpose of investigating the matter and all reasonable steps have been taken to reduce the risk that the whistleblower will be identified.
- Public interest disclosure – Whistleblowers can make a 'public interest disclosure' in limited circumstances:
- to journalists or parliamentarians in certain circumstances where the whistleblower has already made a protected disclosure to ASIC or APRA and where the whistleblower provides written notice to the original recipient of the information that they intend to make the disclosure; and
- where they have reasonable grounds to believe it would be in the public interest.
- Emergency disclosure – whistleblowers can make an 'emergency disclosure' in limited circumstances where they have reasonable grounds to believe the information concerns a substantial and imminent danger to a person's health or safety, or to the natural environment.
- Policy – under the new whistleblower laws, public companies and large proprietary companies must have, and comply with, a whistleblower policy that addresses prescribed issues.
3.5 Confidentiality of investigations
You may need to have strict protocols in place to keep an investigation confidential internally (as well as externally), particularly if it relates to serious misconduct.
- Tipping off – you can be exposed to offences for 'tipping off' people involved in offences, particularly if they destroy documents or other evidence relevant to the investigation (see below).
- Impacts on employees – there could be significant reputational implications for employees who are, or who are perceived to be, involved in the misconduct and their reputations may be tarnished if untested allegations are inadvertently disclosed.
- Organisational risks – if allegations become known outside of the organisation, this may have commercial, reputational and legal consequences, eg triggering ASX disclosure obligations, inquiries from commercial partners and potential media coverage.
3.6 Document preservation
There are significant penalties for destroying or concealing documents or other evidence that may be relevant to legal proceedings or investigations by a regulator (eg section 39 of the Crimes Act 1914 (Cth) and section 67 of the ASIC Act 2001 (Cth)).
To avoid any suggestion that documents have been destroyed inappropriately, an important first step in an investigation is to take positive steps to 'lock down' all potentially relevant documents and evidence. This might involve suspending routine document destruction processes, taking forensic images of relevant file and email servers and copying laptops and mobile devices of relevant employees. Subject to any confidentiality restrictions you have imposed, it may also be appropriate to send a formal notice to staff that they should not destroy documents.
3.7 Document collection
A plan should also be put in place regarding how the documents will be collected. This should include:
- Official records – what official records are relevant, including Board and committee papers, project files and archives?
- Custodians – which people may have relevant documents and how are their documents kept? This will guide email accounts to be collected, devices to be imaged and hardcopy documents to be found.
- Forensic soundness – are specialised techniques required to collect information in a forensically sound manner that preserves metadata and can verify the authenticity of the documents?
- Record keeping – how will the document collection be recorded? The collection records themselves may be sought by law enforcement and tendered in court.
- Third party providers – do you need assistance from a third party provider of electronic and/or hardcopy collection services? Or do you have capacity to do this in-house?
There are further issues to consider as to how the documents will be searched and reviewed after collection to get to the key facts as efficiently as possible.
It is important to have procedures in place so that you and your staff know what to do if a warrant is executed, particularly if it is executed unexpectedly in a 'dawn raid'.
3.8 Responding to dawn raids
Law enforcement agencies can obtain a warrant to enter your premises and search for and seize documents and information (and entire information systems) that they reasonably suspect are on the premises and are relevant to a serious offence.
It is important to have procedures in place so that you and your staff know what to do if a warrant is executed, particularly if it is executed unexpectedly in a 'dawn raid'. Staff will need to know who to contact, what they can (and can't) ask of the executing officers and what steps to take straight away. There also need to be clear procedures to protect the company and its staff and to ensure there is no inappropriate interference with the execution of the warrant (obstructing the execution of a warrant is an offence).
Relevant staff (in particular, reception and front-of-house staff) may need to be trained and to have a 'dawn raid manual' on hand.
3.9 Dealing with witnesses
An investigation will almost inevitably involve interviewing witnesses to hear their explanation of facts and documents. This evidence is invaluable for the internal investigation. The records of the interviews may also be sought by law enforcement. Some key issues to consider in relation to interviews include:
- Transparency – it must be clear throughout the interview and in any records of the interview that the company is listening to the witness's account and is not seen as tainting his or her evidence or colluding with the witness by suggesting explanations or asking leading questions.
- Privilege – the ability to make claims of legal professional privilege over witness interview notes varies in different countries.
- Procedural fairness – the witness should also be treated fairly (even where they are believed to have engaged in serious misconduct) and should have a clear understanding of the purpose of the interview and what their rights and responsibilities are.
3.10 Dealing with employees who are implicated
If an employee is implicated in serious misconduct, a number of steps should be taken promptly by the company to ensure the conduct can be appropriately investigated and to mitigate the risk of cross-contamination of evidence amongst any employees involved. Those steps should generally include:
- determining whether an industrial instrument or contract contains terms that limit how the company may investigate the conduct;
- conducting an investigation promptly, including one or more interviews (and, in most cases, providing the employee with reasonable notice);
- allowing an employee reasonable time to respond to any allegations;
- considering whether the employee's access to systems should be restricted (noting that this may put them on notice there is an issue);
- considering whether the employee can and should be suspended for a period of time while the investigation is conducted; and
- if the investigation report makes a finding of serious misconduct, considering what consequences this will have for both the employee and the company, and how that should be communicated to the employee.
In Australia, a company is generally entitled to give a reasonable direction to an employee to answer questions (this includes in an investigation). In other jurisdictions this right may be different, and the right might not arise in the same way in respect of an independent contractor.
A finding of fact that an employee may have engaged in serious misconduct (that in some circumstances may amount to illegal conduct) can have significant consequences for an employee, including criminal liability, impacts on future employment and reputation. Such findings should not be made lightly. Before they are communicated to an employee, a company may wish to seek legal advice on any implications it might have, as well as what support it should consider offering an employee (including whether independent legal advice for the employee is appropriate).
3.11 Director and officer duties concerning investigations
Directors and officers of a company have duties under the Corporations Act and at general law, one of which is that they must exercise their powers and discharge their duties with the degree of care and diligence that a reasonable person in the same position as that director would have exercised. A breach of that section carries with it significant penalties and potential disqualification from managing corporations.
In relation to investigations, that duty requires that a director or officer must:
- make reasonable inquiries when suspicions are awakened, or would be awakened, in a prudent director. A director is not excused from making his or her own inquiries relying on a simple assurance from management. This duty is a continuing obligation; and
- consider the nature and extent of the foreseeable risk of harm to the company that would arise if the director failed to exercise reasonable care and diligence.
Failing to investigate 'red flags' for foreign bribery and sanctions compliance has been found to amount to a breach of director duties (see ASIC v Flugge and Geary [2016] VSC 779).
Get in touch
Connect
Allens is an independent partnership operating in alliance with Linklaters LLP. © 2021 Allens, Australia