These days, companies are investing more effort in conducting thorough internal investigations to root out and resolve issues of misconduct and prevent their recurrence. There are many factors behind this trend. With the rise of remote working, many companies are seeing an increase in data theft, fraud, and other illegal activity. These activities may also be easier to conceal when bad actors—and their colleagues who might otherwise catch them in the act—are working in separate locations.
Additionally, a greater awareness of the consequences of corporate misbehavior means that companies have become more proactive in their efforts to identify misconduct in their ranks before it damages their reputation.
Government agencies have also become more thorough in their forensic investigations and more stringent in their enforcement efforts, to the point of holding board members and senior officers responsible with individual fines and even criminal liability for violations. As a result, companies are increasingly turning to internal investigations to identify and correct misconduct and potentially illegal activities before they suffer debilitating penalties.
But with today’s global economy, more companies are operating in multiple locations, each of which has its own methodology for internal investigations. In particular, internal investigations in the US have greater latitude in terms of what data can be uncovered, largely because the US legal system favors prosecution as a goal.
By contrast, internal investigations in the UK work more closely with government agencies to limit and direct the scope of an inquiry. Companies may receive credit for cooperation in both the US and the UK, but in the UK, that credit may be conditional, depending on when the corporation waived legal privilege. In the UK, there’s clear guidance about how a company can earn cooperation credit, while in the US, credit is often left in the hands of individual agencies.
In short, even though there are many similarities between internal investigations in the US and those in the UK, the differences can lead to very different results—which is what we’ll discuss in this article. At the end, we’ll suggest a few best practices for investigators.
Let’s get started with a quick overview of internal investigations.
- Notification obligations
- Privilege issues
- Data privacy and documentation issues
- Employee rights and whistleblowing
- Disciplinary actions
What are the common features of internal investigations in general?
An organization or company may launch an internal investigation when it suspects that someone within its ranks is committing illegal activity, violating a regulation or internal policy, or otherwise engaging in misconduct. The purpose of an internal investigation is to discover the truth of the matter so that the organization can resolve any issues it uncovers. Investigations are also used to get ahead of negative publicity and speculation. During an investigation, an investigator might interview employees, take a deep dive into the organization’s finances, and thoroughly evaluate any relevant data to uncover the scope and breadth of the issues.
An organization might conduct an internal investigation to:
- uncover facts that must be disclosed to a governmental agency;
- identify the company’s liability for any misconduct or illegal activity committed by its employees or corporate officers;
- prepare for and mitigate damage to the brand and public image of the company if and when evidence of wrongdoing is revealed;
- provide evidence that the board and corporate officers have acted with due diligence and appropriate business judgment with regard to serious problems;
- reduce possible penalties or establish an affirmative defense in an ensuing regulatory inquiry or prosecution, or
- gather information that will give the public and investors continued confidence in the company’s finances and ethics.
Internal investigations can vary widely in their scope and impact. Investigations involving individual harassment claims may be straightforward and narrow, while those involving criminal actions or regulatory violations can be complex and far-reaching. While budgets for internal investigations tend to be lower than those for potential litigation or eDiscovery, investigations can become very expensive without proper management.
For more background information about internal investigations, please check out our comprehensive beginner’s guide. Part one explains the risks and benefits of conducting internal investigations, while part two sets out five steps to completing an internal investigation, along with best practices.
How do internal investigations in the US compare to the ones in the UK?
Now, let’s turn to some of the factors that set investigations in the US apart from those in the UK.
One significant difference between internal investigations in the US and the UK deals with the requirements for notifying witnesses and employees. In the US, the counsel conducting the investigation, whether in-house or from an external firm, must give what’s known as an Upjohn warning. That warning must clarify that:
- the attorney represents the company, not the witness, such that attorney-client privilege applies only to the company, and
- the company may choose to waive the privilege and disclose the employee’s statements to a third party.
In the UK, no such notification is required. However, it’s a best practice to provide these warnings in an internal investigation.
When does attorney-client privilege apply to an investigation? As a starting point, in both the US and the UK, documents are only protected by attorney-client privilege when an attorney is involved. While that may seem obvious, it’s worth remembering that documents created by non-attorneys, such as financial audits, compliance documents, or human resources employment files, are not covered by legal privilege.
In the same vein, oral and written communications between clients and their attorneys and any documents created by attorneys on behalf of their clients in anticipation of litigation are legally protected in both the US and the UK. By contrast, documents and material created by in-house counsel in the ordinary course of business are not considered privileged in either country.
However, while many privilege issues are similar in both the US and the UK, there is one notable difference concerning the definition of who or what can be considered a “client.” In the US, a client includes the company and many of its employees. However, in the UK, the term “client” is limited to the company and those employees who are authorized to seek and/or receive legal advice.
Data privacy and documentation issues
In the US, both federal and state laws govern issues of data privacy and data collection. Therefore, the actual provisions can vary from state to state. Generally, US investigators have greater access to employee records and corporate information than UK investigators.
By contrast, the UK’s data protection rules have extraterritorial reach, so they can be applied to US corporations with a business presence in the UK.
However, in the UK, transcripts of interviews conducted during an internal investigation with current and former employees are not protected by privilege in civil litigation. Therefore, UK entities are often more cautious regarding data protection, given that during an internal investigation, these documents are not protected by the same privilege they would have in the US. This creates difficulties for US multinationals operating in the UK as to how much data they should preserve when facing potential litigation. Failure to preserve data can lead to serious penalties in both the US and the UK.
Employee rights and whistleblowing
When it comes to cooperating with an internal investigation, employees in the US have little choice. The duty to cooperate is often discussed in an employment contract or company handbook, and most private employers make it clear that employees must cooperate in any internal investigation where they might be directly or indirectly involved. Courts have upheld an employer’s right to fire an employee who does not cooperate fully in these investigations.
In the UK, an employee has a duty to cooperate and a duty of fidelity to their employer that encourages full cooperation with an internal investigation. Failure to comply can result in disciplinary action. While the right to fire an employee who does not comply with an internal investigation is less clear in the UK than in the US, it can often be compelled by contract.
With regard to whistleblowing, US law differs from UK law in one significant way: the US whistleblower is often entitled to compensation. While there is no clear federal law regarding whistleblowing, US whistleblowers in both private and publicly traded companies are protected by provisions found in both the Dodd-Frank Act and the Sarbanes-Oxley Act. Furthermore, both the Securities and Exchange Commission as well as the Commodities Futures Trading Commission offer rewards to whistleblowers that equal anywhere from 10% to 30% of the amount that all government agencies recover, so long as the whistleblower’s information leads to a recovery of more than $1 million. And the False Claims Act also permits whistleblowers to receive anywhere from 15% to 25% of recovered proceeds.
There are no provisions for financially rewarding whistleblowers under UK law.
When determining what disciplinary actions can be imposed in cases where wrongdoing is found, US investigators have far greater latitude. US internal investigations often provide conclusions that advise on discipline, and employers do not have a right to attend hearings or appeal the results. If governmental agencies are involved and evidence of a crime is unearthed, criminal charges may be filed at the investigator’s discretion.
In the UK, however, the Code for Crown Prosecutors states that criminal charges should only be filed against a corporate entity or individual in cases where there is a “realistic prospect of conviction.” Furthermore, the prosecution must be in the public interest. The Code discourages prosecution in cases where corporate management teams have been proactive in self-reporting and enforcing remedies.
What are the best practices for conducting internal investigations in the US and the UK?
Given the similarities and crucial differences between US and UK law, companies looking to embark on internal investigations should follow certain best practices.
The first and perhaps most important best practice is to recognize how and when internal investigations and the evidence produced can be used or limited by differing legal safeguards or frameworks. Companies may wish to retain outside counsel specifically to advise them during the investigation to ensure that attorney-client privilege applies. Companies should also understand how cooperation can mitigate penalties or discipline from governmental agencies and how that mitigation varies from country to country.
In the US, companies should determine when individual state laws influence federal laws governing internal investigations. Additionally, creating detailed procedures for complaints and whistleblowing can improve transparency and overall compliance with the company’s standards of conduct.
In the UK, corporations starting an internal investigation should understand when liability can lead to civil litigation or criminal penalties. They must also recognize when and how legal privilege can offer protection to certain documents or employees and when a refusal to waive that protection can result in a loss of cooperation credit.
Wherever they are, investigators must grapple with a significant volume of data under tight timelines and sometimes intense pressure. Fortunately, there’s a secret weapon that can help manage that data..
How can legal technology help manage investigations —anywhere in the world?
Investigations are hard enough on their own. Add in regulatory requirements in a foreign jurisdiction, like the UK, and they take on a new level of complexity.
But investigations don’t have to cause headaches. Using advanced eDiscovery technology can make the collection and analysis of data simpler and faster.