A Guide to Conducting Internal Investigations 9781526506085, 9781526506115, 9781526506108

DELETE

184 17 3MB

English Pages [235] Year 2021

Report DMCA / Copyright

DOWNLOAD PDF FILE

Table of contents :
Preface
Table of Cases
Table of Statutes
Table of Statutory Instruments
1 Introduction
The increasing importance of investigations to healthy corporate cultures
The benefits of an effective internal investigations
Addendum
2 The investigation process
Introduction
Purpose and overall approach
The key stages of an investigation
3 Immediate priorities
Introduction
Where the behaviour is ongoing
Dealing with employees who are potentially involved in ongoing behaviour
Risk of destruction of evidence
Other immediate priorities
Identification of relevant stakeholders
External stakeholders
Internal stakeholders
Maintaining a record of individuals briefed about the investigation
Different levels of clearance
Maintaining confidentiality over the investigation
Non-disclosure memorandum
Confidentiality obligations
Other legal or regulatory obligations
Description of consequences of a breach
Timing of issuance of non-disclosure memo
Maintaining confidentiality and third parties
Maintaining the confidentiality list
Maintaining key contacts in critical departments
Managing Communications Risk
Mitigating risks associated with management reporting
Document hold notices
Making notifications to insurers
General insurers
Directors and Officers liability insurance
4 Governance and decision-making
Introduction
The benefits of good governance
The role of the decision-maker
Independence and objectivity
Ensuring appropriate independence and objectivity
Ensuring appropriate levels of authority and accountability
The investigation governance should be distinct from the board or executive
Selecting decision-makers
Legal privilege
Timing for establishing governance
Ensuring that remedial actions are completed
Meeting external expectations for regulated firms
5 Who should investigate?
Introduction
Assessing independence
Establishing requisite expertise
Identifying and utilising internal expertise
Key considerations for determining whether to use external expertise
Whether that party is independently regulated
Whether legal privilege is required
Whether specific technical expertise is required
Conclusion
6 Scoping and planning
Introduction
The nature and extent of the authority for the investigation
Who will the investigator report to?
Timing and deadlines
Approving the scope of the investigation
Monitoring and reviewing the scope of the investigation
Producing the scoping document to a third party
Reviewing the scope post-completion of investigation
Preparing the investigation plan
Reviewing the plan before executing it
Be prepared for the unpredictable
Typical steps to include in an action plan
Project management tools and good processes
7 Preserving evidence
Identifying relevant evidence
What evidence to preserve
Sources of material for preservation
Digital material on company network
Digital material off network
Hard copy documents
Considerations around personal property and data privacy
Personal property
Employee correspondence and personal information
Data protection regulations in the UK
8 Tools and techniques for reviewing digital and documentary evidence
Introduction
Defining the review population
Taking an iterative approach
Documents to consider for inclusion in review populations
Options when the review population appears excessive in size for the matter under review
Applying search terms
Using Technology Assisted Review
Engaging specialist expertise to support a document review
Data preparation and culling
Third party document review specialists
Reviewing audio files
Reviewing instant messaging and chatrooms
Advanced analytics
Digital forensic analysis
Ensuring the review team has the appropriate subject matter expertise
Conducting the review
Review platforms
Drafting and maintaining a review protocol
Oversight of the review
Prioritisation within the review
Inadvertent disclosure of legally privileged material in the context of document reviews
9 Interviews and witness handling
Introduction – the purpose of witness interviews
Who to interview?
Witness of fact or the subject of investigation?
Preliminary interviews
Where Preliminary interview with a subject of investigation
Document interviews
Attendees other than the interviewer
Attendees on behalf of the company/employer
Attendees on behalf of the employee
Timing for conducting interviews
Location of interview
Order in which interviews are conducted
Number of interviews per witness
Time taken per interview
Interview preparation
General duty to co-operate
Interview bundles
Sharing evidence with the witness in advance of an interview
Prepare an interview outline
Prepare a list of core questions which are specific to each witness
Should an interview be audio-recorded?
10 Conducting an interview
Opening statements before asking any questions
Legally privileged interviews
Acceptance of interview terms
Representation of a witness at an interview
Interviews in an internal investigation vs disciplinary interviews
Co-workers and trade union representatives
HR representatives – a special category of co-worker
Legal representation – the general rule
Exceptions to the general rule
Contractual entitlement
Company precedent
Risk of investigation by an external authority
The right against self-incrimination
Whistleblowing investigations and interviews
Interviews with a whistleblower
Interviews in whistleblowing investigations (but not with the whistleblower)
Interviewing former employees and other third parties
Interviewing employees based abroad
11 Taking notes and asking questions
Interview notes – best practice
Preparing a note in a timely manner
Relying on the interview note for purposes other than the investigation
Asking questions in an interview – the 10 golden rules
Putting others’ evidence to the witness
Closing statements
Post-interview steps
Additional reviews of relevant evidence
Additional witness interviews
Expert reviews of witness evidence
Keeping witnesses updated following the interview
12 Documenting the work and preparing reports
Documenting the investigation’s findings
Chronologies
Dramatis personae
Interview notes
Preparing an investigation report – preliminary issues to consider
Review the investigation scope and objectives
A suggested practical structure to use when preparing investigation reports
Style
Key issues to consider before finalising
Closing the investigation
Approval of the report and its recommendations
Next steps
Retention of records
Use of the investigation findings for additional purposes
Security of documents generated
Project management documentation
Documents prepared by third parties
Disclosing the investigation report to an authority or regulator
13 Regulatory liaison and disclosure obligations
Introduction
Initial disclosure to the authorities and regulators
Benefits of a proactive approach to disclosure
Where an obligation to disclose arises
What to include in an initial disclosure
How to make the initial disclosure
Ongoing Liaison with a regulator
Influencing the scope of the investigation
Updating regulators throughout the investigation
Provision of underlying evidence to a regulator
Witness interviews and investigation reports
Whether to include opinions of liability and regulatory breach
Dealing with a related investigation by regulator or prosecuting agency
Co-operation credit
14 Cooperating with Authorities and Corporate Liability
Introduction
Introduction to cooperation agreements
Defining co-operation
Timely self-reporting
Genuine co-operation
UK DPAs
How DPAs work
The DPA Code of Practice
Continuous Co-operation
Status of the corporate
Rewards and risks of cooperation
Reduced Penalties
Reputation
Further benefits
Loss of Control
Future impact
Penalties
Conclusion
15 Confidentiality and Legal Privilege
General duty of confidentiality
Company confidential or proprietary information
Personal data
What is personal data?
The UK data protection regime
Client confidentiality
Inside information
Disclosure of client confidential information to regulators
Other jurisdictions
The law of legal professional privilege
Background
What is privilege?
Privileged communications
Who can claim privilege?
The importance of confidentiality
Legal advice privilege
Litigation privilege
Joint interest privilege
Common interest privilege
Without prejudice privilege
Waiver or loss of privilege
Privilege in regulatory investigations
Competition investigations involving the European Commission
Privilege outside of England and Wales
16 Employees under investigation
Introduction
Internal investigation vs disciplinary procedure
Acas Code of Practice on Disciplinary and Grievance Procedures
Risks associated with disciplinary hearings
Suspension of employee
Freezing deferred awards
A brief introduction to malus and clawback
PRA and FCA-regulated firms
Who decides whether to make a performance adjustment?
Indemnification and insurance coverage
17 Investigating senior staff
Senior management involvement in the investigation
Key considerations when investigating senior staff
Conduct investigations
Accountability investigations
Relevant evidence for senior manager investigations
Corporate criminal liability for employee conduct
The identity doctrine
Statutory liability – the ‘failure to prevent’ offences
18 Whistleblowing and raising concerns
The legal framework
Legal Protection for Whistleblowers
Qualifying Disclosures
Protected Disclosures
Is an investigation needed?
The Financial Services Regulatory Framework
Requirements under SYSC 18
Additional rules
Firm systems and controls – other best practice for whistleblowing policies and procedures
Confidentiality
Status of disclosures made in witness interviews
Feedback to whistleblowers and escalation beyond the firm
19 Press, PR and Corporate Communications strategy
The importance of a good corporate communications strategy
First steps
Identify who you need to communicate with
Additional considerations
Regularly communicate with employees
Leak strategy
Prepare a playbook
Communications with employees under investigation, former employees and their independent legal counsel
Whistleblowers
Parliamentary enquiries, commissions and committees
Listing Rules and obligation to disclose
20 Customer complaints, the Financial Ombudsman Service and litigation risk
Introduction
Impact on the investigation
Impact on company’s response to claims
Practical steps for investigators in relation to complaints risk
Managing litigation risk
Delaying the progress of complaints or litigation
Index
Recommend Papers

A Guide to Conducting Internal Investigations
 9781526506085, 9781526506115, 9781526506108

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Citation preview

A Guide to Conducting Internal Investigations

A Guide to Conducting Internal Investigations

Jake McQuitty

BLOOMSBURY PROFESSIONAL Bloomsbury Publishing Plc 50 Bedford Square, London, WC1B 3DP, UK 1385 Broadway, New York, NY 10018, USA 29 Earlsfort Terrace, Dublin 2, Ireland BLOOMSBURY and the Diana logo are trademarks of Bloomsbury Publishing Plc © Bloomsbury Professional Ltd 2021 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage or retrieval system, without prior permission in writing from the publishers. While every care has been taken to ensure the accuracy of this work, no responsibility for loss or damage occasioned to any person acting or refraining from action as a result of any statement in it can be accepted by the authors, editors or publishers. All UK Government legislation and other public sector information used in the work is Crown Copyright ©. All House of Lords and House of Commons information used in the work is Parliamentary Copyright ©. This information is reused under the terms of the Open Government Licence v3.0 (http://www.nationalarchives.gov.uk/doc/open-governmentlicence/version/3) except where otherwise stated. All Eur-lex material used in the work is © European Union, http://eur-lex.europa.eu/, 1998-2021. British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. ISBN: PB: 978-1-52650-608-5 ePDF: 978-1-52650-610-8 ePub: 978-1-52650-609-2 Typeset by Evolution Design & Digital Ltd (Kent) To find out more about our authors and books visit www.bloomsburyprofessional.com. Here you will find extracts, author information, details of forthcoming events and the option to sign up for our newsletters

Preface

Definition of investigation1 noun 1 The action of investigating something or someone; formal or systematic examination or research. Synonyms examination, enquiry, study, inspection, exploration, consideration, analysis, appraisal Example sentences ‘he is under investigation for receiving illicit funds’ ‘an investigation into fresh allegations of malpractice’ ‘a murder investigation’ Origin Late Middle English: from Latin investigatio(n-), from the verb investigare. Pronunciation investigation/ɪnˌvɛstɪˈɡeɪʃ(ə)n/

In this age of transparency, internal or corporate investigations2 have proliferated at a significant rate across a wide range of industry sectors – financial services, automotive, pharmaceutical, retail and many others. Since the turn of the century, most if not all of the major scandals in the UK have initially involved a corporate investigation. For instance, the rigging of the LIBOR and foreign exchange market benchmarks by traders, illegal phone-hacking by newspaper staff, parliamentary enquiries into the sexing up of reports on Saddam’s capability to launch weapons of mass destruction. Handled poorly, these investigations arguably led to much more far-reaching implications for the individuals and companies involved: for benchmark rigging, regulatory fines were magnified by the failure to properly investigate whistleblowing concerns; for phone-hacking, attempts to destroy evidence and a failure to learn lessons early on were significant contributing factors to the collapse of the News of the World; and, saddest of all, a poorly handled enquiry

1 Source: OED online. 2 The terms ‘internal’ and ‘corporate’ when applied to an investigation are fundamentally interchangeable.

v

Preface into a leak concerning the WMD reports may have led in part to the suicide of David Kelly, a scientist, in July 2003. At the same time as there has been increase in internal investigations, the desire for public scrutiny of those investigations has intensified – including formal enquiries by multiple regulators competing globally, appearances before governmental committees and trial by press. It is no surprise therefore that what was previously a fairly niche pursuit, has industrialised on a global scale. This has resulted in demand frequently outstripping supply of good, experienced in-house investigators – particularly in the private sector. Perhaps inevitably then, internal investigations are frequently conducted by someone with limited experience or without the necessary understanding of how to achieve best results. And on many occasions those investigations are conducted on an urgent basis with intense stakeholder pressure and, too frequently, in a prevailing atmosphere of internal tension and unhelpful speculation. More seasoned practitioners will no doubt have encountered suggestions that an investigation has gone into a ‘black box’, meaning the internal workings of investigators are hidden or not readily understood. This characterisation is often driven by a lack of transparency about the investigation process itself or a failure to ensure there is an appropriate level of information shared with stakeholders about the status of the investigation. Perceptions of this nature are not helped by external processes, such as Maxwellisation, which can lead to significant delays in the publication of the findings of an investigation, and slow the process of effecting meaningful changes to an organisation and its culture. This book is an attempt to tackle some of the regular misconceptions that arise, to shed some light on what a good investigation looks like and to help guide the investigator through the myriad, complex issues that may (and frequently do) arise. As such, this is intended to be a practical guide. What this book is not is a legal text book. Whilst this guide does tackle legal issues and highlights areas of particular difficulty, it is not prescriptive and it is intended to be used by legal and non-legal practitioners alike. Similarly, although many of the examples in this guide involve internal investigations in the financial services sector (where corporate investigations have occurred most frequently in the recent past decade), the principles and approach can and do apply to investigations in any regulated sector – the core elements of a good investigation are transferable and similar issues tend to arise, regardless of subject matter. In summary, using the culmination of nearly 20 years’ legal, regulatory and investigations experience, this book should provide the reader with a structure which can easily be adopted, adapted and developed to get best results in frequently challenging circumstances. Finally, throughout this guide, I  have sought to highlight the touch-points where expert legal advice may be needed. If, having read this guide, you are in any doubt on the appropriate course of action then it is always prudent to seek expert opinion, whether from a lawyer or another expert discipline, before making a decision. Jake McQuitty December 2020

vi

Contents Prefacev Table of Cases xv Table of Statutes xvii Table of Statutory Instruments xix

1 Introduction

The increasing importance of investigations to healthy corporate cultures 1 The benefits of an effective internal investigations 2 Addendum 2

2  The investigation process

Introduction 3 Purpose and overall approach 5 The key stages of an investigation 6

3  Immediate priorities

Introduction 7 Where the behaviour is ongoing 8 Dealing with employees who are potentially involved in ongoing behaviour 8 Risk of destruction of evidence 9 Other immediate priorities 10 Identification of relevant stakeholders 11 External stakeholders 11 Internal stakeholders 13 Maintaining a record of individuals briefed about the investigation 13 Different levels of clearance 14 Maintaining confidentiality over the investigation 16 Non-disclosure memorandum 16 Confidentiality obligations 16 Other legal or regulatory obligations 17 Description of consequences of a breach 17 Timing of issuance of non-disclosure memo 17 Maintaining confidentiality and third parties 18 Maintaining the confidentiality list 18 Maintaining key contacts in critical departments 18 Managing Communications Risk 19 Mitigating risks associated with management reporting 20 Document hold notices 21 Making notifications to insurers 22 General insurers 22 Directors and Officers liability insurance 23 vii

Contents

4  Governance and decision-making

Introduction 25 The benefits of good governance 25 The role of the decision-maker 26 Independence and objectivity 26 Ensuring appropriate independence and objectivity 27 Ensuring appropriate levels of authority and accountability 28 The investigation governance should be distinct from the board or executive 28 Selecting decision-makers 28 Legal privilege 29 Timing for establishing governance 30 Ensuring that remedial actions are completed 30 Meeting external expectations for regulated firms 30

5  Who should investigate?

Introduction 33 Assessing independence 33 Establishing requisite expertise 34 Identifying and utilising internal expertise 35 Key considerations for determining whether to use external expertise 36 Whether that party is independently regulated 36 Whether legal privilege is required 36 Whether specific technical expertise is required 36 Conclusion 37

6  Scoping and planning

Introduction 39 The nature and extent of the authority for the investigation 40 Who will the investigator report to? 40 Timing and deadlines 41 Approving the scope of the investigation 41 Monitoring and reviewing the scope of the investigation 41 Producing the scoping document to a third party 42 Reviewing the scope post-completion of investigation 42 Preparing the investigation plan 43 Reviewing the plan before executing it 43 Be prepared for the unpredictable 44 Typical steps to include in an action plan 44 Project management tools and good processes 45

7  Preserving evidence

Identifying relevant evidence What evidence to preserve Sources of material for preservation Digital material on company network Digital material off network Hard copy documents Considerations around personal property and data privacy Personal property viii

47 48 48 49 49 50 51 51

Contents Employee correspondence and personal information Data protection regulations in the UK

52 53

8  Tools and techniques for reviewing digital and documentary evidence Introduction 55 Defining the review population 55 Taking an iterative approach 56 Documents to consider for inclusion in review populations 56 Options when the review population appears excessive in size for the matter under review 57 Applying search terms 57 Using Technology Assisted Review 58 Engaging specialist expertise to support a document review 59 Data preparation and culling 59 Third party document review specialists 59 Reviewing audio files 60 Reviewing instant messaging and chatrooms 60 Advanced analytics 60 Digital forensic analysis 61 Ensuring the review team has the appropriate subject matter expertise 61 Conducting the review 62 Review platforms 62 Drafting and maintaining a review protocol 63 Oversight of the review 63 Prioritisation within the review 64 Inadvertent disclosure of legally privileged material in the context of document reviews 64

9  Interviews and witness handling

Introduction – the purpose of witness interviews Who to interview? Witness of fact or the subject of investigation? Preliminary interviews Where Preliminary interview with a subject of investigation Document interviews Attendees other than the interviewer Attendees on behalf of the company/employer Attendees on behalf of the employee Timing for conducting interviews Location of interview Order in which interviews are conducted Number of interviews per witness Time taken per interview Interview preparation General duty to co-operate Interview bundles Sharing evidence with the witness in advance of an interview Prepare an interview outline Prepare a list of core questions which are specific to each witness Should an interview be audio-recorded? ix

67 68 70 71 72 73 75 75 77 78 79 79 80 80 81 81 82 83 83 85 86

Contents

10  Conducting an interview

Opening statements before asking any questions 87 Legally privileged interviews 87 Acceptance of interview terms 88 Representation of a witness at an interview 90 Interviews in an internal investigation vs disciplinary interviews 92 Co-workers and trade union representatives 92 HR representatives – a special category of co-worker 93 Legal representation – the general rule 94 Exceptions to the general rule 94 Contractual entitlement 94 Company precedent 95 Risk of investigation by an external authority 95 The right against self-incrimination 96 Whistleblowing investigations and interviews 97 Interviews with a whistleblower 97 Interviews in whistleblowing investigations (but not with the whistleblower) 98 Interviewing former employees and other third parties 99 Interviewing employees based abroad 100

11  Taking notes and asking questions

Interview notes – best practice Preparing a note in a timely manner Relying on the interview note for purposes other than the investigation Asking questions in an interview – the 10 golden rules Putting others’ evidence to the witness Closing statements Post-interview steps Additional reviews of relevant evidence Additional witness interviews Expert reviews of witness evidence Keeping witnesses updated following the interview

12  Documenting the work and preparing reports

101 103 104 105 106 107 109 110 110 111 111

Documenting the investigation’s findings 113 Chronologies 113 Dramatis personae 114 Interview notes 115 Preparing an investigation report – preliminary issues to consider 115 Review the investigation scope and objectives 115 A suggested practical structure to use when preparing investigation reports 117 Style119 Key issues to consider before finalising 120 Closing the investigation 120 Approval of the report and its recommendations 120 Next steps 121 Retention of records 121 Use of the investigation findings for additional purposes 121 x

Contents Security of documents generated Project management documentation Documents prepared by third parties Disclosing the investigation report to an authority or regulator

122 122 122 123

13  Regulatory liaison and disclosure obligations

Introduction 125 Initial disclosure to the authorities and regulators 125 Benefits of a proactive approach to disclosure 126 Where an obligation to disclose arises 127 What to include in an initial disclosure 128 How to make the initial disclosure 128 Ongoing Liaison with a regulator 129 Influencing the scope of the investigation 129 Updating regulators throughout the investigation 130 Provision of underlying evidence to a regulator 130 Witness interviews and investigation reports 131 Whether to include opinions of liability and regulatory breach 132 Dealing with a related investigation by regulator or prosecuting agency 132 Co-operation credit 132

14  Cooperating with Authorities and Corporate Liability

Introduction 133 Introduction to cooperation agreements 133 Defining co-operation 134 Timely self-reporting 135 Genuine co-operation 135 UK DPAs 136 How DPAs work 136 The DPA Code of Practice 137 Continuous Co-operation 137 Status of the corporate 137 Rewards and risks of cooperation 138 Reduced Penalties 138 Reputation 139 Further benefits 140 Loss of Control 140 Future impact 141 Penalties 141 Conclusion 141

15  Confidentiality and Legal Privilege

General duty of confidentiality Company confidential or proprietary information Personal data What is personal data? The UK data protection regime Client confidentiality Inside information xi

143 144 145 145 145 147 148

Contents Disclosure of client confidential information to regulators 148 Other jurisdictions 148 The law of legal professional privilege 149 Background 149 What is privilege? 149 Privileged communications 149 Who can claim privilege? 149 The importance of confidentiality 150 Legal advice privilege 151 Litigation privilege 152 Joint interest privilege 153 Common interest privilege 154 Without prejudice privilege 155 Waiver or loss of privilege 155 Privilege in regulatory investigations 156 Competition investigations involving the European Commission 156 Privilege outside of England and Wales 156

16  Employees under investigation

Introduction 159 Internal investigation vs disciplinary procedure 160 Acas Code of Practice on Disciplinary and Grievance Procedures 160 Risks associated with disciplinary hearings 161 Suspension of employee 163 Freezing deferred awards 164 A brief introduction to malus and clawback 165 PRA and FCA-regulated firms 165 Who decides whether to make a performance adjustment? 166 Indemnification and insurance coverage 167

17  Investigating senior staff

Senior management involvement in the investigation Key considerations when investigating senior staff Conduct investigations Accountability investigations Relevant evidence for senior manager investigations Corporate criminal liability for employee conduct The identity doctrine Statutory liability – the ‘failure to prevent’ offences

18  Whistleblowing and raising concerns

The legal framework Legal Protection for Whistleblowers Qualifying Disclosures Protected Disclosures Is an investigation needed? The Financial Services Regulatory Framework Requirements under SYSC 18 Additional rules xii

169 169 170 170 171 174 174 175 177 177 178 179 180 180 181 182

Contents Firm systems and controls – other best practice for whistleblowing policies and procedures 182 Confidentiality 184 Status of disclosures made in witness interviews 184 Feedback to whistleblowers and escalation beyond the firm 184

19  Press, PR and Corporate Communications strategy

The importance of a good corporate communications strategy 185 First steps 186 Identify who you need to communicate with 186 Additional considerations 186 Regularly communicate with employees 187 Leak strategy 188 Prepare a playbook 189 Communications with employees under investigation, former employees and their independent legal counsel 190 Whistleblowers 190 Parliamentary enquiries, commissions and committees 191 Listing Rules and obligation to disclose 191

20  Customer complaints, the Financial Ombudsman Service and litigation risk

Introduction 193 Impact on the investigation 194 Impact on company’s response to claims 195 Practical steps for investigators in relation to complaints risk 196 Managing litigation risk 196 Delaying the progress of complaints or litigation 197

Index199

xiii

Table of Cases A Anderson v Bank of British Columbia (1876) 2 Ch D 644, [1876] 3 WLUK 105......... 15.44 B Babula v Waltham Forest College [2007]  EWCA  Civ 174, [2007] 3  WLUK  159, [2007] IRLR 346..................................................................................................... 18.06 Balabel v Air India [1988] Ch 317, [1988] 2 WLR 1036, [1988] 2 All ER 246............. 15.43 Behague v R  & C  Comrs [2013]  UKFTT  596 (TC), [2013] 10  WLUK  622, [2014] WTLR 187................................................................................................... 15.43 Berkeley Administration Incorporated v McClelland (unreported, 2 March 1994)....... 15.53 Buttes Gas & Oil Co v Hammer (No 3) [1981] QB 223, [1980] 3 WLR 668, [1980] 3 All ER 475.................................................................................................... 15.50, 15.53 C Chesterton Global Ltd (t/a Chestertons) v Nurmohamed [2017]  EWCA  Civ 979, [2018] 1 All ER 947, [2017] 7 WLUK 174............................................................ 18.06 G Guinness Peat Properties Ltd v Fitzroy Robinson Partnership [1987] 1 WLR 1027, [1987] 2 All ER 716, [1987] 4 WLUK 145............................................................ 15.53 H Hellenic Mutual War Risks Association (Bermuda) Ltd v Harrison (The Sagheera) [1997] 1 Lloyd’s Rep 160, [1996] 10 WLUK 293.................................................. 15.47 Hibbins v Hesters Way Neighbourhood Project (UKEAT 0275/08/1710) [2009] 1 All ER 949, [2008] 10 WLUK 383, [2009] ICR 319.................................................... 18.06 K Kousouros v O’Halloran [2014]  EWHC  2294 (Ch), [2014] 7  WLUK  360, [2015] WTLR 1023................................................................................................. 15.48 L Leif Hoegh & Co A/S v Petrolsea Inc (The World Era) (No 2) [1993] 1 Lloyd’s Rep 363, [1992] 12 WLUK 334..................................................................................... 15.54 P Property Alliance Group Ltd v Royal Bank of Scotland plc [2015] EWHC 1557 (Ch), [2016] 1 WLR 361, [2015] 6 WLUK 229............................................................... 15.55 R R  (on the application of Ford) v Financial Services Authority [2011]  EWHC  2583 (Admin), [2012] 1 All ER 1238, [2011] 10 WLUK 206..................... 15.46, 15.47, 15.49 R  (on the application of Prudential plc) v Special Comrs of Income Tax [2010] EWCA Civ 1094, [2011] QB 669, [2011] 2 WLR 50................................. 15.39 RBS (Rights Issue Litigation), Re [2016] EWHC 3161 (Ch), [2017] 1 WLR 1991, [2016] 12 WLUK 201............................................................................................. 15.43

xv

Table of cases S Sagheera, The see Hellenic Mutual War Risks Association (Bermuda) Ltd v Harrison (The Sagheera)........................................................................................................ 15.48 Sainsbury’s Supermarkets Ltd v Hitt [2002] EWCA Civ 1588, [2002] 10 WLUK 539, [2003] ICR 111....................................................................................................... 16.12 Director of the Serious Fraud Office v Eurasian Natural Resources Corpn Ltd [2017] EWHC 1017 (QB), [2017] 1 WLR 4205, [2017] 5 WLUK 159................. 15.44 Starbev GP  Ltd v Interbrew Central European Holding BV  [2013]  EWHC  4038 (Comm), [2013] 12 WLUK 600............................................................................. 15.44 Svenska Handelsbanken v Sun Alliance & London Insurance plc (No  1) [1995] 2 Lloyd’s Rep 84, [1995] 1 WLUK 358.................................................................... 15.50 T Tchenguiz v Director of the Serious Fraud Office (Non-Party Disclosure) [2014] EWCA Civ 136, [2014] 4 All ER 627, [2014] 2 All ER (Comm) 571....... 15.44 Tesco Supermarkets Ltd v Nattrass [1972] AC 153, [1971] 2 WLR 1166, [1971] 2 All ER 127........................................................................................................... 17.24, 17.25 Three Rivers District Council v Bank of England [2003]  EWHC  2565 (Comm), [2003] 11  WLUK  34; aff’d [2004]  EWCA  Civ 218, [2004]  QB  916, [2004] 2 WLR 1065; rev’sd [2004] UKHL 48, [2005] 1 AC 610, [2004] 3 WLR 1274.... 15.43 Three Rivers District Council v Bank of England (No  5) [2003]  EWCA  Civ 474, [2003] QB 1556, [2003] 3 WLR 667...................................................................... 15.43 U Waugh v British Railways Board [1980] AC 521, [1979] 3 WLR 150, [1979] 2 All ER 1169.................................................................................................................. 15.44 Westminster International BV  v Dornoch BV  [2009]  EWCA  Civ 1323, [2009] 9 WLUK 75............................................................................................................. 15.44 World Era (No  2), Re see Leif Hoegh & Co A/S  v Petrolsea Inc (The World Era) (No 2)...................................................................................................................... 15.53

xvi

Table of Statutes Bribery Act 2010............. 17.27, 17.30, 17.31 s 7.................................................. 17.28 Companies Act 1985......................... 15.44 Crime and Courts Act 2013............... 14.07 Sch 17............................................ 14.20 Criminal Finances Act 2017....... 17.27, 17.31 s 45, 46.......................................... 17.30 Criminal Justice Act 2003 s 2(8), s 2(8AA)............................ 14.09 Data Protection Act 1998........... 15.19; 18.06 Data Protection Act 2018......... 15.18, 15.19, 15.20 Employment Rights Act 1996........... 16.09 s 43A............................................. 18.03 43B...................................... 18.03, 18.06 (1), (2).................................. 18.06 43C-43G............................. 18.03, 18.07 43H..................................... 18.03, 18.10 43I-43K...................................... 18.03 43L.............................................. 18.03

Employment Rights Act 1996 – contd s 43L(3)......................................... 18.06 Enterprise and Regulatory Reform Act 2013.................................... 18.06 Finance Act 2008.............................. 15.44 Financial Services and Markets Act 2000.......................................... 15.44 s 174.............................................. 14.09 s 413.............................................. 15.36 Pensions Act 2004............................. 15.44 Public Interest Disclosure Act 1998... 10.61, 18.03, 18.04, 18.05 Serious Organised Crime and Police Act 2005.................................... 14.38 s 65................................................ 14.09 Solicitors Act 1974 Sch 1 para 9......................................... 15.38 Trade Descriptions Act 1968............. 17.24 s 24................................................ 17.24

xvii

Table of Statutory Instruments Public Interest Disclosure (Prescribed Persons) Order 2014, SI  2014/ 2418........................................... 18.08

xix

Chapter 1

Introduction 1.01 Several years ago, a very experienced lawyer, with whom I  worked, memorably described the course and relevance of an investigation to a corporate institution as equivalent to the process which a doctor will undertake with a patient, namely: • • •

to identify and assess the symptoms, through independent and objective observation and questioning; to diagnose the issue and then recommend a course of treatment, and finally to monitor the effect of that treatment, adapting it as necessary in response to its effect, until you are satisfied the patient is well again.

1.02 Whilst this may not be an original observation, it is by far the best analogy I  can think of to describe the importance of a well-conducted investigation to the health of an organisation and its culture. In short, any investigation should be a critical part of an organisation’s risk management framework, designed to identify areas of potential weakness or risk, to deliver recommendations for managing or mitigating that weakness or risk and be a part of the process for effecting meaningful change. What an investigation should never be is a witch-hunt. Nor should it be a cynical PR exercise designed to placate shareholders or mollify public opinion. 1.03 Instead, every investigation – however minor the issue concerned – should be seen as an opportunity to self-diagnose, to reflect on why an issue has arisen which requires scrutiny and enquiry, and to respond to the investigative findings with positive steps aimed at improving culture and mitigate risk.

The increasing importance of investigations to healthy corporate cultures 1.04 Over recent years, internal investigations have increasingly become recognised as a key element of good corporate governance. As well as providing a means to swiftly identify and limit exposure to a ‘live issue’, a well-scoped and executed investigation usually identifies numerous opportunities for improvements to internal processes and controls in the affected area and in the business more widely, reducing the risk of future incidents. For really significant matters, a proactive approach to establishing the facts will put you on the front foot in terms of preparing for related litigation, potentially preventing regulatory enforcement or criminal prosecution, managing reputational risk and shaping public messaging in the media and beyond. An effective and visible investigation function also reinforces conduct and cultural standards, demonstrating that employees will be held accountable for their actions. 1

1.05  Introduction

The benefits of an effective internal investigations 1.05 It is perhaps unsurprising that regulators have in the past been vocal in their support for the in-house investigation process. In 2015, the Financial Conduct Authority (FCA) recognised and encouraged firms to investigate proactively when there are concerns1 whilst the Director of Enforcement at the US Securities Exchange Commission (SEC) commented that in-house investigations are a common, clear best practice where a company encounters misconduct.2 1.06 Whilst some of the more recent pronouncements from these same authorities have suggested that the findings from internal investigations may not be relied on when making decisions whether to take action against the company, there is no doubt that conducting your own enquiries to assess the root cause of an incident will place the company in a better position when negotiating a resolution with authorities, in the event there has been a breach of the rules. This may include obtaining a discount on any penalty imposed, if the company’s findings are shared with the enforcing authority. 1.07 In some circumstances, an appropriately scoped internal investigation can lead regulators to conclude that no additional investigation of their own is necessary. That said, you should note that there are some circumstances where firms may need to step aside to avoid frustrating a regulatory investigation, something which is discussed in Chapter 13 on Disclosure and Regulatory Liaison. 1.08 In summary, there are many good reasons to conduct an effective investigation but very few for not doing so. The question of what constitutes an effective investigation is explored in the chapters that follow.

Addendum 1.09 This book was written before the impact of the global pandemic on office working had fully taken hold. Nevertheless, all of the guidance and techniques outlined in this book are applicable regardless of whether an employee is working remotely or whether company documents are stored in a home office location. The only significant distinction is that remote working adds a further dimension to the evidence gathering and witness interview phases of an investigation, which means they involve an additional technical and logistical consideration when planning and undertaking an investigation.

1 2

Jamie Symington, Director in Enforcement (Wholesale, Unauthorised Business and Intelligence), speech on 5 November 2015: www.fca.org.uk/news/speeches/internal-investigations-firms. Andrew Ceresney, Director, Division of Enforcement, 13  May 2015: www.sec.gov/news/speech/ sec-cooperation-program.html.

2

Chapter 2

The investigation process 2.01

This chapter considers: The purpose and overall approach to an investigation. The key stages of an investigation.

▶ ▶

Introduction 2.02 Good planning is central to an investigation and the steps taken to investigate an issue or incident can be, and often are, predictable and generally straightforward, provided that you have the right structure in place. 2.03 At its heart, an investigation is an exercise in gathering facts to establish what happened and to put an organisation in a position where it can make informed decisions as to how to respond to the investigator’s findings, including any recommendations made. 2.04 The objective of an investigation is therefore to make findings of fact based on the evidence in the round but it does not need to be an attempt to arrive at complete certainty. An investigator should resist the temptation to turn over every single stone, but rather cease the fact-gathering process when it is reasonable and proportionate to do so. 2.05 In the same vein, an investigation should not be an opportunity to play judge and jury – ie  to point the finger of blame and recommend the appropriate sentence. Typically, it will be for others – such as a disciplinary hearing manager or a regulator – to decide as to individual culpability and disciplinary action. In short, the investigator is first and foremost responsible for establishing the facts. Inevitably, the facts will emerge from a variety of sources and the evidence to support those facts will be of differing quality. 2.06 Whilst the legal rules governing the admissibility and reliability of evidence are often important to an internal investigation, it is not crucial to have a legal understanding of those rules. Instead, an investigator will need to apply a common sense approach when weighing up the evidence in order to reach a conclusion as to which facts can be relied upon. 2.07

For example, consider these two scenarios:

Scenario A – in an interview, two years after the events under investigation, Mrs Orange gives you information about an individual’s conduct, which Mrs Orange 3

2.08  The investigation process says she overheard from a conversation between two colleagues (Mr Red and Mr Yellow) in a lift. Scenario B – you identify an email sent two years ago by Mr Red to Mr Yellow which refers to the same individual’s conduct the day before the email was sent. 2.08 Obviously, the evidence given in Scenario A will have less evidential value because it is both stale – Mrs Orange was recalling events which occurred two years ago and therefore her recollection may be affected by the passage of time – and it is hearsay, meaning it refers to conduct to which she was not a direct witness – she heard about the conduct second-hand and possibly from a conversation in the lift to which she was not privy. 2.09 On the other hand, Scenario B would appear to be of much greater evidential value – it is a contemporaneous note of what Mr Red saw and heard relating to the individual’s conduct, recorded in an email the following day. As such, it is likely to be a much better indicator of what happened. 2.10 Not to overly confuse matters but Scenario B is also helpful for an investigator when assessing the reliability of the witness evidence given by Mrs Orange because it suggests she has a good recall for events (or in this example, conversations) and therefore her evidence may be relied on more generally in this case. 2.11 By developing a better understanding of the facts and evidence available, informed decisions can then be made about next steps in the investigation. For example, in Scenario A above, the reference to a conversation between Mr Red and Mr Yellow may well inform the next step in the investigation, such as examining their emails to corroborate what the witness heard. 2.12 By placing the right structure around the investigation, an investigator will be able to show that he or she took all reasonable steps to investigate and that there is a solid evidential foundation for his or her findings to support the decisions made in response. 2.13 In this regard, the process of making informed decisions should be the mainstay of the investigation – it starts at the beginning and continues regularly throughout. An investigator should always be ready and able to answer the question: ‘why did you decide to do that?’. It is critical that, after the investigation, the investigator(s) can account for each of their actions and the reasons why they took each step along the way. 2.14 For instance, in a case involving potential breaches of civil regulations, if an investigation concludes that the facts do not support such a breach, a regulator will most likely want to understand: • • • •

how the investigator reached that conclusion; what evidence was considered by the investigation; which individuals were interviewed, and why the investigation has interpreted certain evidence in the way that it did. 4

Purpose and overall approach 2.20 2.15 Armed with that explanation, the regulator will then be in a better position to determine whether to accept the investigation’s conclusions and, therefore: (1) whether there is a reliable basis for the regulator not to commence its own investigation; and (2) whether any programme of remediation or changes to internal processes and controls is sufficient to mitigate a risk of similar incident in the future.

Purpose and overall approach 2.16 If the purpose of an internal investigation is to answer the question ‘what happened?’ then the objective of an investigation should be to gather the facts which are most likely to assist in answering this question. These facts may be located in a wide range of locations and in the knowledge and experience of a variety of witnesses. 2.17 The skill of an investigator is therefore to frame the scope of the work required in order to gather sufficient evidence to report a finding on the facts. As a general rule, however, an investigator should not seek to reach conclusions on liability or claim. (This issue is tackled in more detail in the chapter on Regulatory Liaison and Disclosures – Chapter 13.) 2.18 In determining the scope of an investigation, it is important that the steps identified to gather the evidence are proportionate to the scale of the issues which need to be scrutinised. To use the vernacular, there is no need to ‘boil the ocean’ to complete your enquiries. Instead, an investigation should clarify at the outset the reason why it is being undertaken and carefully identify its objectives and aims based on what the investigator believes to be the reasonable steps necessary to reach a finding, and to constantly keep those steps under review as the investigation progresses. Whilst the objective of an investigation should be to gather the facts, its aims often vary according to the stakeholders involved, being those with an interest or concern in the outcome of the investigation. 2.19 For example, the investigation may be in response to a complaint or concern raised by an outside party such as an investor or shareholder. It may be prompted by an employee raising concerns or an internal function identifying possible misconduct. It may also be necessary to investigate in order to discharge obligations owed to the regulator or to pre-empt an enquiry by an external authority with a view to reporting results and seeking immunity from action. Each of these types of investigation will prompt differing approaches to the way findings are reported, the protections placed over those findings (such as whether there are confidentiality restrictions placed on them) and the nature of a company’s response to those findings (for instance, whether it announces a compensation scheme or issues a public apology). 2.20 Regardless of the aim, the fundamental structure of an investigation enquiry is unlikely to vary significantly. However, what may vary significantly is the personnel engaged to investigate, the nature and type of evidence reviewed, and the parties interested in the outcome. It is these variations which form the main focus of the analysis and guidance in this book. 5

2.21  The investigation process

The key stages of an investigation 2.21 With the investigation’s objectives and aims in mind, the core structure of an investigation usually looks like this: • • • • •

scoping and planning the enquiry; preserving and reviewing evidence; conducting interviews; documenting work and preparing findings, and reporting results and making recommendations in response to your findings.

2.22 Whilst this is a relatively straightforward framework, before an investigation can commence, there are critical factors which need to be considered and processes put in place in response to those factors, assuming they do not already exist within an organisation. These processes are tackled in the first few chapters of this book. In brief, those factors are as follows. –





Assessing the immediate priorities in response to the issues which will be the subject of an investigation and taking steps to manage existing or imminent risks. For instance, is there an ongoing risk to the organisation which needs to be managed, such as continuing contraventions by staff of relevant laws or regulations? Are relevant internal stakeholders aware of the issues and able to respond appropriately to questions from staff or journalists? And has the organisation discharged its responsibilities to make reports to its regulator or other public authorities? The task of answering questions like these at the outset can consume considerable amounts of an investigator’s time, at the expense of early identification of evidence and swift management of risks. Establishing an appropriate governance framework for the oversight of the investigation and its output. This is critical to the success of the investigation and will ensure the appropriate degree of responsibility and accountability for decisions made as the investigation progresses. Identifying the relevant personnel who will conduct the investigation, along with any subject matter experts required to support the investigators and assist them in understanding the relevant context in which events occurred or to provide relevant expertise to interpret the evidence.

2.23 The more the investigator has anticipated these factors by putting in place, in advance, the appropriate framework and team for conducting an internal investigation the more effectively they can respond when an issue does arise which requires investigating.

6

Chapter 3

Immediate priorities 3.01 This chapter considers the immediate priorities when starting an investigation including:

▶ ▶



▶ ▶













What to do where the behaviour under investigation is on-going. An overview of circumstances where a company may need to notify external parties about the issues under investigation. Identifying the individuals within an organisation who need to be briefed. Best practices for notifying internal staff and how to appropriately maintain confidentiality. Managing the risks around internal communications during the course of an investigation. Mitigating risks associated with reporting of the investigation status and results to internal stakeholders, particularly senior management. Issuing notices internally for the purposes of preserving evidence.

Introduction 3.02 Prioritising actions is fundamental to good investigations management. When an issue is escalated for investigation, the first step is to establish what is currently known, assess the situation and determine the order of priorities. The more serious the issue, the more likely there will be certain immediate priorities to tackle. 3.03 For instance, if your information suggests there is a serious on-going risk of market abuse by an employee then an immediate priority is likely to involve taking steps to prevent or mitigate against the impact of further potential abuse, such as suspending the employee concerned. 3.04 Conversely, less pressing issues may not merit the involvement of an investigator in the first instance if there are appropriate, less formal alternatives in place – such as preliminary enquiries led by a compliance officer covering the affected business area. The investigator may choose to rely on those enquiries to provide him with more meaningful information to assess the seriousness of the issue and to determine whether to initiate a formal internal investigative process. 3.05 It is equally important to consider at the start whether a matter would be better handled throughout by another expert altogether, such as Human Resources (HR) personnel in the case of a harassment or bullying complaint. In that regard, particularly in larger firms, it is advisable to establish a framework for the escalation and allocation of investigative work to ensure clear demarcations of jurisdiction of investigative functions so as to avoid unnecessary and distracting debate over who should conduct the investigation. 7

3.06  Immediate priorities 3.06 The remainder of this chapter focuses on matters which are not exclusively the domain of HR and the issues to be considered are sufficiently pressing to require the immediate involvement of an in-house investigator, or commencement of a formal internal investigative process.

Where the behaviour is ongoing 3.07 There will be times when the investigator is faced with a ‘live’ concern involving allegations of individual misconduct that is serious, ongoing and unchecked. 3.08 The priority at this point will be to establish swiftly whether there is sufficient substance to the concerns to suggest that the individual in question presents a current risk to the business, its customers or markets. Where this is the case and the individual is an employee of the company then a suspension of the individual may be necessary, where possible, to ensure that the misconduct is immediately curtailed. 3.09 Alternatively, if the individual is not an employee then other steps may be required, such as denying a contractor access to business premises or reporting concerns to the relevant authorities so they can take appropriate action. A decision to take any steps of this nature ought best to involve legal advice because the risk to the organisation can be magnified, if done improperly or unlawfully. For example, denying a contractor access to premises may constitute an actionable breach of contract for which the company may be liable to pay compensation.

Dealing with employees who are potentially involved in ongoing behaviour 3.10 In rare cases, the initial evidence presented to an investigator will be so overwhelming that HR can be engaged immediately to advise on and initiate a suspension or disciplinary process.1 Ordinarily, this process will also involve the individual’s line manager or, where there is a risk the line manager may be compromised, someone more senior in the affected business area. 3.11 However, even in this situation an interview with the employee may be necessary to present the evidence to the individual concerned so that he or she can provide their account of what happened and respond to any allegations that have been made against them. Armed with the employee’s responses, an investigator will then be in a better position to determine, with advice and guidance from the company’s HR team (and possibly the company’s lawyers), whether the individual presents an ongoing material risk to the company such that he or she should be suspended or immediately dismissed.

1

Chapter  16 tackles in more depth the question of whether to suspend an employee and the considerations for doing so.

8

Where the behaviour is ongoing 3.14

PRACTICAL TIP Sharing information with human resources personnel It is worth noting here that if an investigation has been designated as legally privileged then an investigator will need to give careful thought as to how to share information with HR. Where that information is contained in a legally privileged document (such as a note of legal advice to the Board of Directors) then certain steps may be required before that information can be shared – for instance, providing HR with access to some of the evidence gathered and delivering an oral briefing of the investigation findings, rather than handing over the investigation report itself. This is because the right to privilege may be lost if the privileged document is subsequently used for a different purpose to the one for which it was created. For example, the Board commissions its lawyers to investigate an incident and report their findings to the Board, along with their legal advice, so it can make a decision on how to manage the company’s risk of prosecution. If that same report is then given to the HR team to advise on whether to suspend or dismiss an employee then it may not be privileged in the hands of the HR team, because it was provided for a different purpose to the one for which it was commissioned. (The subject of legal privilege is dealt with in more detail in this book at Chapter 15.) 3.12 In other situations, individuals under investigation may not present an ongoing risk to the business or its customers, but investigators should consider whether they present a risk to the investigation itself. For example, an individual might seek to destroy evidence, influence witnesses, or otherwise frustrate the investigation. In these cases, a suspension of the employee or termination of a third party contract may be appropriate, but an alternative option may be to temporarily move the individual concerned to another role. Again, such a step would normally be taken in consultation with HR and the affected individual’s line manager. 3.13 Even where the risk of staff destroying or tampering with evidence is not immediate, this does not diminish the importance of taking actions at the outset of an investigation to preserve documents and implement measures designed to manage the risk of destruction. These actions can range from issuing document preservation notices to coordinating with relevant functions within the company, such as the IT department, to arrange the retention of data and the suspension of automated document destruction cycles. The topic of document preservation notices is dealt with immediately below and in more detail later in this chapter.

Risk of destruction of evidence 3.14 If a company fails to take appropriate steps in a timely manner to preserve evidence then it can risk damaging the credibility and integrity of the investigation, because it exposes the investigation to allegations of manipulating or destroying relevant evidence to suit the company’s findings. In certain circumstances, a failure 9

3.15  Immediate priorities to take appropriate steps can also expose the company to risk of criminal prosecution for the destruction of evidence and, potentially, proceedings for the obstruction of justice. 3.15 Where there is perceived to be an immediate risk of destruction of evidence then it is critical for the investigator to get an initial, and accurate, understanding of the identity and location of the sources of potentially relevant evidence. Using this information, the investigator should then identify the reasonable measures required to preserve this evidence. This can be an iterative process and, as explained in Chapter  7 (Preserving Evidence), the measures required to preserve evidence may need to be adapted as further knowledge is gathered about the sources of that evidence. 3.16 Nevertheless, there are certain initial steps which an investigator can take to manage the risk – both of destruction but also the risk of prejudice to the investigation and the company outlined above. These steps are likely to include, but are not limited to the following: (a) Issuing a written notice to the appropriate individuals within the company, and any connected parties, who may have relevant information or documents. Ordinarily, this notice will comprise a series of instructions to the recipient to preserve all types of document and information which is relevant to the issue under investigation. (b) Coordinating with relevant personnel within the company for the purposes of securing and safely storing relevant evidence, pending review by the investigation. This will most likely include working with the IT function to identify relevant electronic data held on the company’s servers and establishing a means by which this data can be imaged or copied without compromising its integrity, before storing securely for future analysis and review. (c) Ensuring the suspension, where appropriate, of any regular company document destruction cycles and other automatic deletion or overwriting functions on company servers and systems which store relevant electronic information. (d) Taking steps to secure electronic information on portable electronic devices, such as mobile phones, tablets and laptops, as well as on local drives on individual’s company PC’s. 3.17 Depending on the complexity and urgency of the exercise required, it may be appropriate to instruct external forensic IT or other electronic document specialists to assist with these measures, particularly where there is a need to ensure appropriate procedures are in place to demonstrate an unbroken chain of custody of the evidence and/or the preservation of metadata. Additional guidance on the subject of preserving evidence is contained in Chapter 7.

Other immediate priorities 3.18 It is important to take certain initial procedural steps before commencing any fact-finding investigation. Larger organisations will typically have an investigative framework in place that codifies these steps. In broad terms, these are: 10

Identification of relevant stakeholders 3.23 • • • • • • • •

identifying relevant stakeholders; making notifications to external stakeholders, where appropriate; making initial notifications to internal stakeholders; taking steps to ensure an appropriate level of confidentiality is maintained; managing communications risk; mitigating risks associated with internal management reporting; issuing document preservation or non-destruction notices; and making notifications to insurers, such as Directors’ and Officers’ insurers, where necessary.

We touch on each of these steps in more detail immediately below.

Identification of relevant stakeholders 3.19 At the outset of an investigation it is important to identify the range of internal and external stakeholders involved and settle on an approach for managing and notifying each stakeholder.

External stakeholders 3.20 A company will have a wide range of external stakeholders to manage on a daily basis but an investigation can trigger particularly acute interests or concerns on the part of certain external parties, including public bodies and authorities with whom the company may have limited regular contact. For instance, HM Treasury for reporting of potential breaches of international sanctions laws. 3.21 In general experience, the key external stakeholders who will be most interested in the progress and outcome of any internal investigation will be those who have some jurisdiction over the issue under investigation and who may wish to act on the outcome. So, for example, the Information Commissioners Office (ICO) will be concerned in the outcome of an investigation into a potential breach of the data protection regulations and the Financial Conduct Authority (FCA) will be interested in an enquiry into potential misconduct by a senior individual in a regulated financial services firm. 3.22 There may also be external parties to whom the organisation has an obligation to report a potential breach, such as the FCA and ICO, or to whom they owe a legal duty to make a public announcement, such as a regulated stock exchange. Many of these obligations and duties contain prescribed timing for when the report or announcement must be made. For instance, significant breaches of the data protection regulations must be reported to the ICO within 72 hours of discovery. 3.23 It is critical therefore that, at the very outset of an investigation, the investigating team analyses which external parties have an immediate interest or concern in the matter, and particularly whether there are any regulators or other public bodies and authorities to whom the organisation owes a duty to report which must be discharged swiftly. Further details concerning regulatory notifications and disclosures, as well as practical guidance for cooperating with authorities, is contained in Chapters 13 and 14 of this book. 11

3.24  Immediate priorities 3.24 More widely, external stakeholders can include the public, press and government – all of whom may have an interest in the issue under investigation and the findings of the investigation. Most notably, in the UK and the US, there has been a significant increase in the number of public enquiries led by sub-committees of Parliament, Congress and the Senate, which often act early demanding to know what happened and who’s to blame. These can be particularly challenging because they often happen in a public arena at an early stage in the investigation, when facts are still limited and potentially uncertain. By sharing information with these sub-committees, whilst investigative enquiries are still ongoing, it can materially prejudice the investigator’s ability to obtain an objective and unadulterated account of events from witnesses, who may already have seen some of the evidence produced to those committees and, consciously or otherwise, have revised their recollection and understanding of events as a result.

PRACTICAL TIP When considering notification to an external authority or regulator, ask the company to confirm whether there is a specific function responsible for communicating with that authority or regulator (for example compliance or a regulatory relations team) and utilise the knowledge and relationship of any existing function or individual to make a notification. Not only does this demonstrate that the firm is joined up internally, it will also give the investigative team an opportunity to test with internal experts the tone and content of any notification or briefing before it is made. This can be particularly beneficial where a relationship of trust and confidence already exists between that function or individual and the authority. Before making a notification to an external authority or regulator, ensure you have identified within the regulated firm or company which individual or individuals comprise the key stakeholders so far as the external authority is concerned. Once identified, take steps to brief those individuals before you make a notification so they can best help maintain a good relationship with the regulator or authority in potentially challenging circumstances – particularly where the organisation may be under investigation itself. This will help avoid a situation where an employee or member of the Board is blind-sided by the authority, meaning they are ill-equipped to deal with questions from the authority and/or they provide the authority with an inconsistent account of the situation which could potentially create embarrassment or prejudice for the company. Conversely, ensure you have identified those individuals who may have a legal or regulatory obligation to discharge which is affected by knowledge of the issues under investigation. For instance, in investigations into potential financial crime the company’s Money Laundering Reporting Officer (MLRO) may need to know so he or she can decide whether to file a Suspicious Activity Report (SAR). Finally, where there are circumstances which make it inappropriate to brief key individuals within the company (for example the CEO is the subject of a whistleblower allegation concerning potentially criminal misconduct), ensure the authority or regulator is aware you have not done so, and the reasons why. 12

Maintaining a record of individuals briefed about the investigation 3.30

Internal stakeholders 3.25 ‘Internal stakeholder’ generally refers to staff of the affected organisation as well as connected persons, including non-executive directors. At the outset, identify the range of internal stakeholders involved and settle on an approach for managing and notifying each stakeholder. 3.26 Depending on the significance of the issue to be investigated, the following should be considered as potential internal stakeholders on each occasion an issue arises for investigation: • • • • • • •

General Counsel, Head of Legal or relevant lead in-house legal personnel. Senior Compliance and MLRO staff. Any internal governance committees responsible for oversight of investigations or risk (for example Internal Audit, Operational Risk). Compliance and Legal staff covering the affected business area. Senior management from the affected business area. Human Resources staff. The designated whistleblowing reporting officer or equivalent individual within an organisation.

If the investigation has cross-divisional or multi-jurisdictional aspects, then similar individuals and groups in other businesses and/or jurisdictions should also be considered. 3.27 Where an investigation is conducted by a third party, for example the company’s lawyers or forensic accountants, it is important that the third party consults with the person or entity within the company responsible for the investigation. In legal parlance, this will be the ‘instructing client’. This is because the investigator will need to understand, from the instructing client’s perspective, which individuals and groups within the company they consider to be the most important stakeholders for the matter in hand.

Maintaining a record of individuals briefed about the investigation 3.28 As part of the process for notifying internal stakeholders, it is often helpful to establish a protocol for recording which stakeholders should be briefed on the facts and issues under investigation or made aware that an investigation has commenced, along with establishing a process for providing any subsequent updates on progress as the evidence develops. 3.29 As part of any protocol or process it is also prudent to ensure appropriate briefings are given to each individual about the need to maintain confidentiality over the investigation and that the names of each briefed individual are maintained in a confidentiality list. 3.30 parts:

In practice, a protocol for briefing stakeholders should ideally comprise two 13

3.31  Immediate priorities (a)

(b)

An agreed set of criteria which must be met if an individual is to be included on the confidentiality list. This will ensure that decisions on when to include someone are made consistently and that only those with a genuine need for information are included in the list. An agreed governance structure setting out who will be the person responsible for deciding whether to include an individual on the list. If the decisionmaker is sufficiently senior, this will reduce the risk of the investigator being pressured for briefings from other senior staff who have no such need to know.

3.31 When identifying appropriate stakeholders for notification, an investigator should be aware of the risk of ‘tipping of’ (in the non-legal sense of the words), ie  that a stakeholder may intentionally or inadvertently alert the relevant people or business area that they are under investigation. These considerations may affect the composition of the stakeholder group. For instance, an investigator may choose not to brief the line manager of an individual under investigation, in order to avoid putting the line manager in a potentially difficult situation where their oversight and management of the individual is infected with knowledge of the investigation or knowledge of certain allegations about the individual which are being investigated (but are not yet proven).

PRACTICAL TIP Before any investigation is required by a company, establish and maintain a decision tree or escalation protocol for the initial investigative steps. For example, establish a notification protocol to alert senior stakeholders of certain pre-determined types of case that require investigation. This will enable swift, efficient escalation to appropriate decision-makers and mitigate against the risk that senior management are unfamiliar with the issues and unable to adequately respond to them when challenged by an external party (for example by a regulatory supervisor).

Different levels of clearance 3.32 In large investigations, where there is a wide range of stakeholders and investigative personnel, it is important to sub-divide stakeholders into different confidentiality or clearance levels to manage risks associated with internal communications concerning the investigation. 3.33 The guiding principle is that access to information should be on a ‘need to know’ basis. Those within the immediate investigative team and the accountable executive will need ‘full’ clearance, ie  full knowledge of the facts and issues, to enable fully informed and best decision making. A different level of clearance might be appropriate for staff with a more peripheral interest in the investigation and its output. 14

Maintaining a record of individuals briefed about the investigation 3.37 3.34 For example, often a control weakness identified in an investigation will be present in other business areas. In these situations, the management of those departments will need to understand enough of the investigation and any subsequent findings to address any similar risks in their area. Typically, in these situations, management will also consult with relevant support staff for their business – in regulatory terms, these are often the personnel within an organisation’s second or third lines of defence, such as the compliance function – who in turn will need to have some access to the investigation findings. However, in this scenario, a full knowledge of the facts and issues would be unnecessary and a more limited briefing of the issues and findings may be more appropriate. 3.35 In order to strike the right balance, the key is to establish a lower (or ‘limited’) level of clearance to provide relevant management and their support functions with enough information to allow them to discharge their responsibilities adequately, but no more than that. 3.36 By limiting the circle of knowledge in this way, an investigator can mitigate a number of risks, including: • • •

the risk of employees acting in a way that prejudices an ongoing investigation or any subsequent regulatory or court proceedings; the risk of leaks, which can have a wide range of potential impacts, including reputational harm and the infringement of legal rights in areas such as data privacy and employment; and the risk of employees creating unhelpful communications, especially speculation and gossip on the matters under investigation, which may prejudice a firm’s legitimate defence of litigation or enforcement proceedings if those communications are subsequently disclosed in those proceedings.

3.37 Additionally, by ensuring that certain limited information is available to key stakeholders, and providing them with a clear point of contact for queries, an investigator can provide reassurance that the matter is being investigated by appropriate personnel. This will reduce the risk of a stakeholder initiating their own review of the matter and potentially prejudicing the investigation.

PRACTICAL TIP Maintain a list of stakeholders throughout the investigation who have been briefed on the matter. For internal stakeholders, it is recommended you refer to that list as the ‘confidentiality list’. In a publicly listed firm, it is best to avoid the term ‘insider list’ because this can imply that the facts under investigation constitute ‘inside information’ under UK law, for example the Financial Services and Markets Act 2000 (as amended). This is a separate legal test and where information is deemed ‘inside’, specific regulatory notification obligations may arise, including the duty to make that information public. To avoid any confusion, therefore, it is prudent to use instead the term ‘confidentiality list’ or something similar.

15

3.38  Immediate priorities

Maintaining confidentiality over the investigation Non-disclosure memorandum 3.38 Once an investigator has determined which internal stakeholders to notify, it is prudent to issue each individual stakeholder with a written note (which can be in the form of an email or letter) informing them of their confidentiality obligations. In this book, this note is referred to as a ‘non-disclosure memo’. This memo may need to address a number of issues, including providing guidance on the preservation of evidence.

Confidentiality obligations 3.39 Where a stakeholder is an employee, they are likely to be already subject to certain confidentiality obligations under the terms of their employment contract. If those terms are adequate for the purposes of the investigation, then the non-disclosure memo can just remind the employee of their existing obligations. 3.40 Generally, to be adequate for the purposes of an investigation, an individual’s employment terms would need to include: (1) restrictions on the use of company information except for legitimate business purposes; and (2) wording in the form of an undertaking, or similar, that the employee will keep the employer company’s information confidential and not breach any confidentiality requirements imposed by the company. Where these terms appear, it would not be necessary in the context of the investigation to ask the employee to ‘agree’ to them because they will already have done so by signing their employment contract. 3.41 However, if these terms are not present then it may be necessary to take additional steps to secure an employee’s agreement to them. For example, by describing the memo as an “agreement” and asking the employee to return a signed copy (or provide confirmation by email that they have read and understood its terms). This will ensure there is a clear understanding between employer and employee as to the nature of the employee’s obligations and there is no ambiguity in the event the employee breaches those terms, and the employer chooses to take disciplinary action for that breach.

PRACTICAL TIP Where the confidentiality terms of the non-disclosure memo go beyond the requirements in an employee’s contract, those terms must not seek to fetter the employee’s right or obligation to make an independent report to a regulator or investigating authority. Banking regulators in both the US and the UK have been keen to stress the importance of this point.2

2

See, eg, SEC Order against KBR Inc. for breach of Rule 21F-17F of the SEC Exchange Act 1934.

16

Maintaining confidentiality over the investigation 3.47

Other legal or regulatory obligations 3.42 Depending on the case, the non-disclosure memo may also need to contain information about any relevant legal or regulatory confidentiality obligations that derive from sources other than the individual’s employment contract. Additional obligations may arise, for example, where an authority has initiated an investigation and has requested that this be kept confidential. Whilst some employment contracts require an employee to observe those obligations, it is important to ensure the employee is made aware of any specific obligations that apply in an individual case. 3.43 For example, when a regulator such as the FCA uses a statutory power to compel a company or individual to produce documents or information, it will often state in its formal requirement letter that the request and/or the fact of the regulator’s investigation must be kept confidential. An authority may even go so far as to state that the request must be restricted to a specific list of individuals within the company and that no individual may be informed about the request unless the regulator has first given its consent. Great care should be taken therefore when issuing a non-disclosure memo to ensure the recipient individual understands the restrictions on discussing or sharing confidential information when an external investigation is underway.

Description of consequences of a breach 3.44 Ideally, a non-disclosure memo or agreement should contain a description of the action available to the employer in the event there is a breach of the terms of the agreement. This might be the right to take immediate disciplinary action, up to and including dismissal. 3.45 By describing the consequences, an investigator, on behalf of the employer, will establish a clear basis for an employee’s awareness of their obligations, should it become necessary to take disciplinary action for a breach of confidentiality. This is generally preferable to relying solely on the terms of the original employment contract which can often be insufficient for the purposes of taking action in response to a potential breach. 3.46 Upon issuing a non-disclosure memo or agreement, an investigator should record the date on which it was issued along with any record of confirmation or agreement to its terms, including a note of the date and time received.

Timing of issuance of non-disclosure memo 3.47 Ideally, it is best to issue a non-disclosure memo before sharing any information with the relevant individual. However, this is not always practicable and, on occasion, an employee will become aware of the relevant incident, issue or investigation before the investigator contacts him or her. In those circumstances, it is still important to issue the non-disclosure memo as soon as possible to the person concerned and ensure the terms include a retrospective confirmation of no breach (ie a statement to the effect that they have not shared the information with any other 17

3.48  Immediate priorities person or, if they have, a list of the recipients of that information so the investigator can take steps to obtain their agreement, as well, to keep the information confidential).

Maintaining confidentiality and third parties 3.48 Generally, third parties instructed to support the investigation, such as lawyers, accountants and document management firms, will have standard terms of engagement that include appropriate confidentiality undertakings addressed to their client (normally the company involved). Ordinarily, therefore, an investigator should not need to issue separate non-disclosure memos to those persons or firms. However, it is always advisable to check those terms are in place and are fit for purpose – in case they do not go far enough for the purposes of a particular investigation. 3.49 There may also be circumstances where a third party, such as a contractor or agent, has a ‘need to know’ about the investigation and/or its findings. Where that is the case, a similar process to the one described above ought to be initiated to contractually bind the relevant third party – by appraising them of the fact the matter is confidential, establishing the terms on which they are required to maintain confidentiality and describing the penalty or action which may flow from a breach.

Maintaining the confidentiality list 3.50 For larger cases involving multiple stakeholders, it is important to appoint a designated individual responsible for managing and maintaining the confidentiality list, responding to requests to add stakeholders to the list, issuing non-disclosure memoranda, and providing regular reports to the investigative team on the composition of the list. This is particularly helpful where investigators are regularly engaging with a wide range of individuals and need an efficient way of confirming whether a particular stakeholder is briefed and, if so, the level of clearance.

Maintaining key contacts in critical departments 3.51 For larger internal investigations, and particularly in a regulated firm, investigators may find they deal frequently with certain critical departments (for example Internal Audit, Operational Risk, HR). Indeed, a pre-existing stakeholder notification protocol may place certain staff from these departments on the confidentiality list automatically. For these departments, it is useful to establish a key point of contact in the department for the investigations team. 3.52 This establishes a channel for escalation of concerns and resolution of any roadblocks. This works particularly well if the key contact’s departmental colleagues understand his or her role, so that the key contact can be the first port of call on investigation matters, rather than them approach the investigation team in the first instance. In such situations, it is important to ensure the key contact in each department is adequately briefed as to their role, so they understand in particular the limitations on the sharing of confidential information and their responsibility to notify the investigation team expeditiously of any material issues that arise. 18

Managing Communications Risk 3.60

Managing Communications Risk 3.53 As well as reminding internal stakeholders of their confidentiality obligations, it is often necessary to provide guidance to them, and others who may be aware of the investigation, on communicating ‘in the right way’. 3.54 Whilst it may seem obvious, many an investigation has been prejudiced by idle gossip recorded on a firm’s electronic communications – for instance, when a staff member speculates on email about the relative guilt or innocence of one of their colleagues. Indeed, in an age of constant social media and the blurring of lines between an employee’s personal and company mobile devices, there is a constant and ever-increasing risk that staff will communicate their opinions and thoughts on events well before any conclusions have been reached as to the cause of an event or, for that matter, published. Plainly this is unhelpful, but it can be managed effectively by distributing appropriate guidance at the outset and throughout an investigation. 3.55 Typically, this guidance will explain the importance of keeping communications confidential and should also discourage speculation, or any other commentary around events which might subsequently be misconstrued or prejudice an organisation’s ability to defend itself from subsequent litigation or enforcement. 3.56 Where the event under investigation is likely to be the subject of public scrutiny, the guidance should emphasise the need to refer any press enquiries to a designated contact, such as the company’s press office. 3.57 Where lawyers are involved in advising on, assisting in, or conducting the investigation, it may also be necessary to distribute guidance concerning legal privilege and the handling of legally privileged communications. Further guidance on the subject of privilege in internal investigations is set out in Chapter 15. 3.58 If the event under investigation is well known within an organisation then it may be prudent to distribute more widely some generic guidance, for example via the company’s intranet site. For less well known events, a more discrete, communication targeted at individuals on the confidentiality list may be preferable. 3.59 Where there is a risk that staff included in the communication are not yet aware of the investigation, an investigator should bear in mind the tipping off risks. These will be most acute where there is an external criminal investigation underway, because it can result in a prosecutable offence of tipping off. Even where there is no such investigation underway, it is still important to consider whether there is a risk that if staff are made aware of an investigation they may destroy or otherwise alter evidence, or collude over their respective accounts of events. 3.60 Finally, in preparing and distributing guidance, great care should be taken to avoid any suggestion that the company or the investigating team, on behalf of the company, is trying to fetter any employee’s ability to make an independent report to the regulator concerning the issues under investigation. This is particularly important in the context of the FCA’s Senior Managers and Certification regime which includes 19

3.61  Immediate priorities individual obligations on regulated staff to make notification to the regulator in certain circumstances.

Mitigating risks associated with management reporting 3.61 A particularly thorny topic which varies considerably from one organisation to the next is the question of how to manage information about the investigation within the company’s standard internal management and regulatory reporting cycle. 3.62 By way of example, many financial services firms have risk reporting frameworks which form part of their regular updates to the regulators on overall risk profile, including whether the firm can meet relevant capital adequacy requirements. An investigation into wide-scale customer mis-selling, for example, where the firm is considering whether to set aside funds for a potential redress scheme, is likely to be a material risk event and included in regular reports to prudential regulators. This information will therefore need to be managed carefully within the firm’s reporting framework so the relevant authorities are appropriately briefed and there is a high degree of coordination with the investigation team, to ensure reports to management remain accurate and consistent with the investigation’s findings. 3.63 In addition, in briefing one regulator it is important a company ensures that the content is consistent with any reports or findings delivered to other regulators or authorities by the investigating team. A high degree of coordination within a company over the content and timing of delivery of reports may be necessary therefore to manage the risk of either omitting relevant information from a regulatory report, or including inaccurate information, for example because it is out-of-date when compared to a report to a different authority. Given the increasing coordination between authorities both in the UK and internationally, these risks have multiplied over time and require close monitoring if a company wishes to avoid unnecessary scrutiny, for example for a failure to comply with its regulatory notification obligations. 3.64 Additionally, where an investigation is conducted by a lawyer, commentary on the matter which is created by individuals outside the investigation team and contained in reports generated elsewhere within the business may not enjoy the same protections from disclosure as the report prepared by the lawyer. If the company is subsequently required to produce these reports in response to a court order for disclosure of documents then a potentially unnecessary risk is created, particularly where the commentary is inconsistent with the company’s own views of the evidence. 3.65 Invariably, therefore, creating internal briefings and reports is an area where legal advice can be particularly useful to help manage risk whilst ensuring a company continues to manage its reporting cycle. This is particularly important for a regulated firm where it is obliged to meet certain external reporting requirements, such as recording data on the volume of conduct investigations and their outcomes. 3.66 With this in mind, here are some basic steps which can mitigate some of the risks in this area: 20

Document hold notices 3.69 (a) Distribute guidance to the investigation team for preparing regular reports to management and any updates on the status of investigations. This will help avoid creating separate, ad hoc reporting outside of the regular reporting cycle. (b) Where the content of other management reports generated elsewhere includes information concerning the investigation, establish a process for the investigations team to approve that content for consistency and accuracy, and to reduce the risk of a waiver of legal privilege, where applicable. (c) Agree procedures with other support functions, such as Operational Risk and Compliance, for them to notify the investigating team when there is an intention to provide information to internal or external stakeholders who are outside the circle of confidentiality. This will help with managing risk of inadvertent disclosure and allow the investigating team to issue guidance, where appropriate, for the handling of that information.

Document hold notices 3.67 In addition to a non-disclosure memo or agreement, it is important to consider at the outset of each case whether a ‘document hold notice’ should be issued in order to preserve documents or secure evidence. Such a notice is designed to be pre-emptive and is distinct from more formal hold notices, such as those that may arise in the context of formal court proceedings against a company where it is required to preserve documents that are relevant to the legal claims in those proceedings. 3.68 When deciding whether to use a document hold notice, it is important to consider whether issuing the notice is likely to ‘tip off’ the recipient that you are conducting an investigation which involves them and whether they might take steps to destroy or manipulate evidence. If this risk exists then it is prudent to ascertain whether there are other, available routes for securing the evidence: for instance, relying on any pre-existing company retention policy requiring data to be held for a defined period of time before destruction, or instructing the company’s IT department to image electronic data so it can be stored in a separate, secure database pending review. If no such routes exist, then there may be no alternative but to issue a notice despite the risk of tipping off. 3.69 These considerations are particularly pertinent and important where the investigator perceives a risk of a breach of law or regulation which could be the subject of subsequent (or parallel) enquiry by an external authority. Typically, a document hold notice should include the following information: (a)

a brief description of the matter, so the recipient has a sufficient understanding as to what the request to preserve relates; (b) a clear explanation of the basis for issuing the notice, for instance whether it is issued for the purposes of complying with a particular legal or regulatory requirement; (c) a description of what must be preserved, for instance whether it includes information recorded in emails, text messages, hand written notes, calendars, videos, voice recordings and other electronic records etc; (d) an explanation of how the individual should preserve the information or evidence – for instance, by creating a separate and secure electronic folder for the relevant data; 21

3.70  Immediate priorities (e) confirmation of the timing for preservation – for instance, that it is required with immediate effect and that it applies to all future records created, which fall within the scope of the notice, until the recipient is notified otherwise; (f) an illustration of what behaviours are likely to constitute a breach of the preservation requirements, such as deleting, altering, re-arranging, adjusting or tampering with information and documents which fall within the scope of the preservation notice; (g) contact details for the individual or individuals who have authority to consent to the destruction of information or documents, as well as who to contact in the event the recipient becomes aware that another individual is in possession of information which is covered by the preservation notice; and, finally (f) details of the steps the company may take in the event of a breach of the requirements in the notice. 3.70 As with the non-disclosure memo, it is prudent to also require the recipient to provide a confirmation, by reply, that he or she has read and understood the contents of the preservation notice and that the investigation team then keeps a record of that confirmation. This is critically important in the event the company needs to commence a disciplinary proceeding and impose an appropriate sanction in response to a breach of the requirement to preserve evidence, because it will form part of the core evidence to demonstrate the employee was aware of his or her responsibilities. A  record of confirmation is equally important to the company in the event it is required to account to a regulator or other enforcement authority and demonstrate that the company took reasonable steps to preserve relevant evidence.

Making notifications to insurers 3.71 As well as the stakeholders described above, in many situations, it will be important to consider whether a company and/or a directors and officer of the company needs to notify insurers about the issue or issues under investigation. Detailed below are some of the factors to consider in relation to a company’s insurance policies, including Directors and Officers (D&O) insurance, and when it may be prudent to notify insurers about an event or the fact of an internal investigation.

General insurers 3.72 There may be specific terms in an insurance contract requiring the company to notify insurers when there are circumstances to suggest certain events have occurred. For instance, if it has been the subject of a cyberattack such as a Denial of Service (DDoS) event or the victim of ransomware. A failure to notify may void the policy such that the company is not entitled to make a recovery for any losses incurred and caused by the event. In the event a company does notify under the policy then it may find its choice of investigator is dictated by the insurer – for example where the insurer maintains a panel of preferred experts for handling certain types of event such as cyberattacks. 3.73 On each occasion that an investigation is commenced, therefore, careful thought should be given as to whether an applicable insurance policy might be 22

Making notifications to insurers 3.77 engaged and enquiries made with the company to confirm whether any applicable policies are in place. Armed with this information, an investigator can then establish if and when notifications may be required, based on the facts known at that time. The position will then need to be kept under review as the investigation progresses and the evidential picture develops.

Directors and Officers liability insurance 3.74 Most, if not all, regulated firms will have D&O liability insurance cover for their key management. Put simply, the insurance indemnifies the insured company, its directors and officers for losses in the event a legal action (including, ordinarily, investigations by regulators or other authorities) is brought for alleged wrongful acts by a director or officer. ‘Wrongful acts’ include breach of trust, breach of duty, neglect, error, misleading statements and wrongful trading. Losses may include the legal costs of defending any action or regulatory proceedings. The D&O insurance policy document will normally include specific requirements for when the insurer needs to be notified of any event which could trigger the insurance cover. 3.75 Typically, D&O insurance cover will be available for senior managers in a company and sometimes for the management level below. As a matter of good practice, in advance of conducting investigative activity, it is worthwhile understanding from the company’s insurance broker or relevant contact within the company what level of D&O insurance cover is available and broadly what level of employee is covered. Armed with this information, an investigator will quickly be able to gauge for any future event whether insurance cover is likely to be available and, therefore, whether notification to insurers needs to be considered. 3.76 Similarly, an investigator should familiarise himself with the notification requirements under the D&O insurance policy, particularly because a failure to make timely notification to insurers with the correct information could nullify cover. 3.77 Equally importantly, an investigator should take care to ensure any notification to insurers does not cut across any competing obligations to notify an authority or regulator. Given these sensitivities, it is always prudent to seek expert advice when dealing with a potential D&O insurance notification.

23

Chapter 4

Governance and decision-making 4.01

▶ ▶





▶ ▶ ▶ ▶ ▶

This chapter considers: The importance of independence and objectivity in an investigation. Techniques and methods for ensuring appropriate levels of authority and accountability for the investigation and its findings. The key distinctions between investigations governance and corporate governance. How to select appropriate decision-makers. Identifying the ‘instructing client’ and managing legal privilege. The timing for establishing an appropriate governance framework. Assessing whether an internal investigation is necessary. Identifying and establishing appropriate responsibility for any remedial actions and the response to an investigation’s findings.

Introduction 4.02 A surprising number of internal investigations are criticised – by regulators, the judiciary and journalists alike – for lacking the necessary degree of independence. This is even so where a company has taken what it is likely to consider reasonable steps to appoint a third party, such as a firm of lawyers or accountants, to conduct the investigation on its behalf. This chapter considers steps which a company can reasonably take to deflect and counter those criticisms, as well as other practical guidance for the good governance of investigations.

The benefits of good governance 4.03 Good governance and oversight will ensure there is an appropriate level of check and challenge for the investigation. It also provides the investigation with the necessary mandate to require the production of documents and information by individuals within the company, as well as the authority to request staff attend and give evidence at interview. 4.04 Ideally, the governance framework and mandate will be underpinned by an internal policy so that staff are aware of, and familiar with their company’s expectations and requirements in the event there is an investigation. Such a policy can also help to distinguish an investigation from a disciplinary process – which can be a necessary distinction in the event any employee rights issues arise. 25

4.05  Governance and decision-making 4.05 A  secondary, but increasingly important consideration is the question of whether the investigation should be conducted under the cover of legal privilege. This is explored further in Chapter 15 on Legal Privilege.

The role of the decision-maker 4.06 The person or group of persons tasked with governance and oversight of an internal investigation, from now on referred to as ‘the decision-maker’, will need to make decisions critical to the direction, scope and outcome of the investigation. These include decisions on whether to broaden, narrow or stop the investigation, whether to refer issues to separate functions such as Human Resources (HR) for further action, or whether to report findings to an external agency. 4.07 The decision-maker will need to operate general oversight to ensure that the investigation is being conducted in a reasonable, proportionate and timely manner. They may also need to consider whether the investigation is being conducted lawfully. For instance, an investigation to establish the identity of a whistleblower could be unlawful. 4.08 The decision-maker can be a single person, or a body, such as a committee. Regardless of who is appointed or how a committee is constituted, the decisionmaker needs to be sufficiently senior to be accountable for the conduct of the investigation and able to make sensible, responsible decisions. They need to ensure that the investigation has been adequately scoped to scrutinise all of the key issues and areas of risk that have been identified, and that the investigation has robustly and proportionately considered all relevant evidence before reporting any findings. It is crucial that the decision-maker is independent and objective, and seen to be so.

Independence and objectivity 4.09 The need to operate independently and objectively is key to ensuring the investigation adequately considers all the issues necessary to reach a finding, and that any findings stand up to internal and external scrutiny. This is particularly important where the company Board or its executive committee relies on those findings to determine a course of action in response, such as diverting significant sums to a customer remediation exercise, or where those findings are to be reported to an external authority or regulator for a decision whether to impose restrictions on the conduct of the company’s business. 4.10 The greater the confidence an interested party has in the independence and objectivity of the investigation, and its oversight, the greater the company’s prospects are of persuading that party that its findings are reliable. This will also ensure the risk of follow-on or parallel investigation by an external authority is reduced and will greatly improve the chances of a swift resolution with authorities and potential claimants, in the event there has been a breach of law or regulation. 4.11 Whilst much has been made recently by the Financial Conduct Authority (FCA) and the Serious Fraud Office (SFO) of the diminished value to them of 26

Ensuring appropriate independence and objectivity 4.16 internal investigation reports, realistically those authorities do not have the resources to independently investigate every potential infringement of law or regulation within their jurisdiction. Consequently, the majority of investigations will continue to be internal ones and there will only be a minority of occasions where an authority will not rely on the company’s own enquiries as part of its methodology for reaching a decision whether to take any action against the company. Nevertheless, the risk of an external authority commencing its own investigation is considerably magnified where a company cannot give a robust and defensible account of how it plans to or how it has investigated the matter. 4.12 Similarly, by demonstrating the appropriate levels of independent and objective oversight of an investigation, a company can significantly improve its prospects of convincing an authority or regulator that it has taken adequate steps in response to the investigation’s findings. For instance, a proposed plan for improving systems and controls for the prevention of financial crime is more likely to be accepted by a regulator if it is confident the plan has been based on a robust investigation with sufficient oversight, checks and challenges along the way.

Ensuring appropriate independence and objectivity 4.13 ‘Independent’ means that the decision-maker is sufficiently separate from the individuals and issues under investigation to ensure that no conflicts of interest arise. It is critical that there is no perception of any conflict of interest as well as no actual conflict. This may mean that the person or people constituting the decisionmaker will be selected from a business area one or more steps removed from the area under investigation. In most cases, the decision-maker should also be distinct from the investigation team itself. 4.14 Where a conflict of interest arises for an individual decision-maker on a particular matter, then it will generally be necessary for them to recuse themselves from the decision-making process for that matter and an alternative be appointed in their place. This is necessary to avoid the risk of potentially inappropriate influence over the conduct of the investigation and its findings. Where this risk crystallises, the company may be exposed to an investigation into its handling of the investigation, in addition to a potential enquiry into the issues that gave rise to the investigation in the first place. 4.15 ‘Objective’ means the decision-maker demonstrates the ability to reach decisions, on the information provided, free from bias and uninfluenced by personal feelings or opinions. Ensuring that the decision-maker is sufficiently independent will of course increase the likelihood that they make decisions objectively. 4.16 Observing the overarching principles of independence and objectivity can be challenging where allegations are made against a senior individual in a firm, such as the chief executive. This is particularly the case where that individual is ordinarily part of the investigation governance structure. In those circumstances, given the actual or perceived influence the chief executive may exercise over other staff within the organisation, it is normally sensible to appoint one of the company’s NonExecutive Directors to act in the place of the chief executive within the investigation governance structure until the investigation has concluded. 27

4.17  Governance and decision-making

Ensuring appropriate levels of authority and accountability 4.17 Ideally, the decision-maker should be formally appointed by the firm’s board or a sufficiently senior executive or executive committee. This is for three fundamental reasons: (1) To ensure that there is adequate accountability at a senior level of the organisation for the decision to investigate and the subsequent findings of the investigation. (2) To ensure that the investigators have sufficient authority and support to conduct enquiries with the expectation of co-operation, without fear of undue influence or retribution. (3) To give the investigators the necessary authority to be able to require the production of information and evidence from employees and any third party with whom the company contracts. 4.18 It is important to define and document the role and responsibility of the decision-maker. Where the decision-maker is a committee, this is normally detailed in a Terms of Reference or similar document, ideally approved by the firm’s board or executive, thereby giving it the necessary authority. The Terms of Reference should follow standard company secretariat protocols, including recording the standing attendees and the process for recording minutes, as well as any other materials presented to the committee.

The investigation governance should be distinct from the board or executive 4.19 As a rule of thumb, the investigation governance should operate separately from the existing board or executive governance framework. This is partly to ensure that the decision-maker is unencumbered by a company’s existing regular management schedules, allowing for more fluid and considered decision making in relation to investigations. 4.20 By creating distinct governance for investigations, an investigator can also better manage potential conflicts of interest that might arise, such as where a member of the board or executive committee is responsible for the business area that is under investigation.

Selecting decision-makers 4.21 If the company opts to create a decision-making body to oversee an investigation or a portfolio of ongoing investigations, then it is best to form one that includes a cross-section of the company. Representatives from HR and Legal teams will be useful as they will bring important relevant expertise. Staff from support functions in the second and third lines of defence can also be helpful, partly because they are well-accustomed to analysing risk and planning remedial steps in response, 28

Legal privilege 4.27 but also because they are usually one step removed from the business where the conduct under investigation has occurred. 4.22 That said, it is generally advisable to include some representation from the first line, ie the business itself. This is important for two reasons: one, because external stakeholders, such as the FCA, normally expect accountability to rest in the hands of a designated business person or persons; and two, because the investigation will benefit from the subject-matter expertise and insight provided by the first line. Any business representative must of course have been in no way involved in the matters under investigation.

Legal privilege 4.23 Regardless of whether the investigation itself is considered to be legally privileged, it is prudent to ensure that the investigation governance structure includes a mechanism whereby both in-house and external legal counsel can provide legal advice to the company regarding the output from the investigation without inadvertently prejudicing the company’s right to keep that information confidential from a third party, such as an investigating authority. 4.24 This can be achieved by including in the terms of reference of the decisionmaking body some guidance on how to handle legally privileged material in a way that preserves its protected status. Consideration should also be given in the terms of reference as to how best to deliver and document briefings by lawyers from or on behalf of the investigation team. Minutes should also be prepared in a way that ensures that, where appropriate, legally privileged content is protected, along with the minutes of any related discussions. 4.25 These are all important considerations because a company has a fundamental right to conduct conversations with its lawyers in a confidential environment, without fear of being required to disclose those conversations to a third party at some later date. This right is enshrined in law and is universally recognised by investigating agencies and authorities in the UK, the US and many other common law jurisdictions. 4.26 Where this becomes particularly important is in relation to the appointment of a governing body or decision maker, because – at least under English law – this is the person or group of persons who will most likely be the ‘client’ for the purposes of deciding on which communications are protected for the purposes of the rule of privilege. In the majority of cases, communications between the company’s lawyers and the client, including reports and briefings on the legal risks arising from the investigation, will be legally privileged. 4.27 However, for those individuals within a company who are not part of the governing body or decision maker, great care needs to be taken not to inadvertently disclose to them information which may be legally privileged because this can result in a waiver of the right to privilege and increase the risk of the information becoming disclosable in response to any subsequent court order or statutory request to produce documents. Further guidance on navigating legal privilege issues is contained in Chapter 15. 29

4.28  Governance and decision-making

Timing for establishing governance 4.28 Ideally, a company will have an established governance framework in place, ready to ‘go live’ in the event an incident occurs that requires investigation. Even if no such framework exists on day one of an investigation, it is important to establish one as soon as possible, and then document it for future reference (particularly in the event of a regulatory request or challenge to a company’s claim of legal privilege, for example). In smaller organisations, this does not need to be unduly onerous – a written record of the names of those tasked with decision-making along, with their roles and responsibilities will suffice. However, in these circumstances, always take care to ensure those names have been given the requisite authority by the company to make decisions (as explained above).

Ensuring that remedial actions are completed 4.29 Once the investigation has concluded, the affected business may need to respond to the investigation’s findings. This might include fixing weaknesses in a company’s processes, systems and controls, or compensating customers. It is generally important, particularly from a regulatory perspective, to ensure a designated business person or entity is accountable for the delivery of remediation plans. This is more likely to guarantee the successful implementation of those plans and, where there are delays, that there is a clear articulation of responsibility so that the company can exert pressure on relevant individuals responsible with a view to expediting delivery. 4.30 Ideally, the governance to oversee the remedial response should be separate from the investigation governance. This will mitigate the risk of suggestions that the course of the investigation has been subject to influence from the area of the business that stands to be impacted by the investigation’s findings. However, it is sensible to ensure there is sufficient interplay between the investigation governance and the remedial response so that meaningful discussion can take place over how best to fix problems and that any questions about the investigative findings, which impact on the scope of the remediation plan, can be effectively answered by those with the requisite knowledge of the case.

Meeting external expectations for regulated firms 4.31 It is often the case that issues which are investigated can be powerful cultural indicators, pointing at areas of risk for a company. Equally, the findings of and any lessons learned from an investigation can provide a company with invaluable information about how best to manage risk and improve behaviour. This information is also important to a regulator because it forms part of the overall risk profile of the regulated firm and, therefore, indicates where a regulatory should focus its attention in order to effectively supervise the firm. 4.32 Within the financial services sector, there are also certain regulatory requirements which overlay these factors and will influence the way a regulated firm structures its investigations governance. For example, firms which are within the 30

Meeting external expectations for regulated firms 4.33 scope of the FCA’s Senior Managers and Certification Regime (SMCR) are required to report annually on volumes of breaches of the Code of Conduct within their organisation. The FCA expects these reports to include details of the breach and the firm’s response. With good investigations governance, a firm will more effectively ensure consistency in its approach and response to potential rule breaches. 4.33 As a matter of good practice, therefore, a regulated firm will have a defined structure for the oversight and management of internal investigations. Whilst this structure is often varied, there are certain key components that a regulator will expect to see and that are fundamental to ensure the right level of governance for decisionmaking including establishing appropriate levels of accountability for decisions made. These key components are also critical to a regulated firm in the effective management of risk. They include the considerations of independence, objectivity and accountability described above, along with appropriate governance frameworks and record-keeping measures.

31

Chapter 5

Who should investigate? 5.01 ▶ ▶ ▶ ▶ ▶ ▶ ▶

This chapter considers the following: The importance of assessing the independence of an investigator. Establishing whether an investigator has the requisite expertise. How to effectively identify and utilise internal expertise. Key considerations for determining whether to use external expertise. The relevance of being independently regulated. The relevance of legal privilege to your selection of investigator. Determining whether and when specific technical expertise is required.

Introduction 5.02 The introduction to this book explained that this was a practical guide and not a legal textbook. This is because internal investigations are invariably conducted by a wide variety of personnel, ranging from compliance, legal and HR professionals, to auditors, risk officers and forensic experts. Investigations are not therefore exclusively the domain of lawyers. 5.03 Some larger organisations also have their own, dedicated investigations teams and these often comprise of a mix of backgrounds, particularly compliance professionals and former law enforcement officers. 5.04 This variety can be a boon to investigations because it provides a good mix of skills, expertise and knowledge. However, it can also create a risk of inconsistent approaches and outcomes. This chapter therefore focuses on the critical factors of independence and expertise that should drive a company’s decision as to who should be appointed to investigate. 5.05 Appointing investigators with these principles in mind will help to maximise the effectiveness of a company’s investigation and also its defensibility – one of the most important outcomes for an investigation is that it meets the anticipated standards set by external investigating authorities that may seek to rely on a company’s findings when deciding whether to initiate an enquiry of their own.

Assessing independence 5.06 In selecting an investigator or investigative team, the starting point is that they must be sufficiently independent. This does not necessarily mean the investigator should be a third party, such as an independent consultant. However, it 33

5.07  Who should investigate? does mean they should be sufficiently separate from the issues and individuals under investigation. This will minimise the risk of conflicts of interest occurring. 5.07 So, for instance, an HR representative responsible for providing ongoing pastoral support to personnel in the affected business area could find themselves compromised if they also investigate a conduct breach by an employee from the same area. It is important to note here that in larger investigations it may be possible to keep a compromised individual in the investigation team, so long as they work only on those parts of the investigation where it has been determined there is no conflict. 5.08 An investigator that is independent from the business is also less likely to make unwarranted assumptions about the facts. Whilst it is important that the investigator has a sufficient understanding of the business to evaluate risk and any breaches, over-familiarity with a business’ personnel, products and clients can lead to unintended bias. 5.09 There will be times where, even though a company can appoint internal investigators that seem sufficiently independent, it may wish to reinforce the perception of independence by appointing external parties instead. This is particularly so for investigations where the company will be presenting findings to a regulator or other authority and there is a strong need to demonstrate that the firm is committed to an objective determination of the facts. An external authority is generally less likely to be sceptical of the reliability of the investigation findings where external investigators are involved, although this cannot (and should not) be assumed. 5.10 A  good example of where it may be desirable to appoint an external investigator, such as a law firm or forensic accountant, is where a company needs to investigate a member of its senior management team or one of its Board of Directors. By appointing an independent third party to investigate, the company can more effectively manage any perception, and subsequently deflect any allegation, that the individual under investigation might have unduly influenced any findings and/or the investigative outcome.

Establishing requisite expertise 5.11 Whether using internal or external resources, it is always important to ask – does that person or firm have the requisite expertise? Expertise will ultimately depend on the skills and knowledge required to complete the investigation, such as a developed understanding of interview techniques, or knowledge of the relevant law and regulations. 5.12 At the outset and throughout an investigation it is important to consider the core competencies required to complete tasks and gather evidence. These may include: • • • •

legal skills; analytical and reporting skills; forensic interview skills; subject matter expertise; 34

Identifying and utilising internal expertise 5.16 • •

electronic document management skills (for the extraction, processing and review of electronic evidence), sometimes known as ‘eDiscovery’ skills; and forensic accountancy expertise.

Obviously, a company can draw this expertise both from its internal resources and its external service providers.

Identifying and utilising internal expertise 5.13 The following factors and considerations are likely to militate in favour of engaging internal resources: (1) A  company’s HR, compliance, legal and internal audit teams between them will usually have most of the requisite skills. (2) A company will naturally have the relevant subject matter expertise internally – ie  the knowledge, experience and expertise necessary to understand the product, business or service which is likely to be scrutinised as part of the investigation. A company should not assume that an external party has such expertise and, as part of any appointment process, it is important to probe and challenge in this area before selecting external expertise. (3) Organising and mobilising an internal team will typically be a significantly nimbler solution than engaging an external team (and speed is often of the essence). (4) An internal team is likely to get to the facts more quickly due to the familiarity with staff, organisational structure, processes and systems. 5.14 In larger organisations, particularly in the regulated sectors, staff in the legal and compliance functions are often seen as core resources due to their obvious regulatory and internal policy knowledge and expertise, and their ability to recognise and deal with legal issues as they arise. Internal auditors can also bring useful analytical, evidence gathering and reporting skills as well as operational knowledge to assist with an investigation. 5.15 It is also important to keep in mind those who should not be involved in the investigation, namely: (1) Those whose independence may be compromised (as discussed above). (2) Witnesses, ie people who were or may have been involved in the events which are the subject of the investigation. (3) Where a disciplinary process is likely to arise, HR personnel who may be required to run that process. This is necessary to manage the risk that HR’s involvement in an internal investigation is subsequently said to have prejudiced the ‘fairness’ of any subsequent disciplinary process. This topic is covered in more depth in Chapter  16 in relation to managing investigations into employees. 5.16 In the UK, firms regulated by the FCA and the Prudential Regulatory Authority (PRA) should also be aware of certain requirements of the Senior Managers and Certification Regime (SMCR). These rules state that it would be unreasonable to delegate a complex or unusual matter to a department that ‘only has sufficient 35

5.17  Who should investigate? resources to deal with day-to-day issues’.1 This suggests a regulatory expectation that senior staff should allocate distinct and appropriately skilled resources to internal investigations, rather than try to absorb them into departments that have other pressing objectives and priorities.

Key considerations for determining whether to use external expertise 5.17 There are a range of external experts who are often called upon to conduct internal investigations. Traditionally, these tend to be either forensic accountants, lawyers, compliance consultants, investigation specialists, e-discovery service providers, or a mix of some or all of these. There are certain points which are worth bearing in mind when selecting an external party, most notably as follows.

Whether that party is independently regulated 5.18 Lawyers and accountants are both accountable to and regulated by independent professional bodies with established rules of conduct, which can be enforced in the event a professional falls below the standards set. This accountability can provide additional credibility and reassure a regulator or authority that the professional person or firm has the necessary degree of independence from the company for the purposes of delivering a sufficiently robust, reliable report.

Whether legal privilege is required 5.19 As is explained in more detail in Chapter 15, legal professional privilege will only apply in certain circumstances. It should also be exercised in a way that is sensitive to the risk of creating an unhelpful perception that it is being employed to frustrate a regulator or authority. That said, the right to claim legal privilege over confidential communications between a lawyer and client is a fundamental right and often a critical factor in the decision whether to instruct a lawyer to conduct an investigation.

Whether specific technical expertise is required 5.20 By way of example, it may be important to use an external party with key forensic, analytical or e-discovery skills, such as the ability to analyse financial patterns, interrogate very large data sets, or rebuild data from damaged hardware. Alternatively, specialist lawyers may be required to respond to evidence and advise on legal and regulatory issues as they develop. This is particularly important where

1

See the FCA Handbook – Code of Conduct (COCON) rr 4.2.17 and 4.2.18.

36

Key considerations for determining whether to use external expertise 5.21 there is a risk of a criminal investigation and the investigator may require a good understanding of the rules of criminal evidence.

Conclusion 5.21 By drawing together the right level of expertise and independence a company can build an investigation that is both effective and defensible. The next step in that overall objective is to ensure that the project is appropriately scoped and planned. This topic is examined in the next chapter.

37

Chapter 6

Scoping and planning 6.01 ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶

▶ ▶ ▶

This chapter considers the following matters: The concepts of scoping and planning. The nature and extent of the authority for the investigation. Reporting and decision-making. Determining the terms of reference / scope of the investigation. Timing and deadlines. Approving the scope. Monitoring and reviewing scope. Requests for production of scoping document / liaison with regulators and third parties in relation to scope. Planning and project management techniques. Typical steps to include in investigation plan. The importance of reviewing and monitoring the plan pre-execution, during investigation and post-completion.

Introduction 6.02

Scoping and planning are the first two critical steps in any investigation.

‘Scoping’ means identifying: • • •

the issues which need to be investigated; the period of time which the investigation needs to cover (for instance, is the investigation concerned with a specific incident, and does it include the events leading up to, or after, an incident?); and the objectives of the investigation – for instance, to establish whether certain allegations are substantiated on the evidence.

6.03 Although the appointed investigator may be responsible for determining the scope of an investigation based on his or her assessment of the above factors, the scope can also often be influenced by other internal and external considerations. These could include: • a request from the company’s Board to look at specific issues which fall outside the allegations identified for investigation; or • a request from a public body, such as a cross-party governmental committee, asking the company to urgently identify who was accountable for a particular incident. 6.04 Whilst it will doubtless be important to incorporate these requests into the overall scope, it is important these do not inappropriately or unnecessarily influence the investigation approach, for example by forcing the investigation to prioritise 39

6.05  Scoping and planning the gathering of certain evidence over other steps, and thereby risk inadvertently prejudicing the independence and objectivity of the investigation. Once the scope of the investigation has been established, a meaningful plan of action can be prepared which sets out the steps the investigation intends to take in order to meet its objectives.

The nature and extent of the authority for the investigation 6.05 As explained in Chapter 4 on investigations governance, it is important that an investigator has established at the outset the nature of their authority to conduct an investigation. 6.06 If an investigator’s authority is not derived from any previous agreement, policy or other written record then this is the opportunity to make that record in the scoping document. 6.07 By defining the origin and nature of the authority in the scoping document, an investigator addresses two critical issues: • •

who has approved or authorised the investigation, which will be important in the event the firm or a senior manager is called to account for the output of the investigation, including any remedial response; and the extent or limit of the investigator’s authority, which is important in the event the investigation meets any challenges to its authority or where there are limitations placed on the information, documents or people which the investigation is able to consider before recording its findings.

6.08 For instance, if the approval to investigate was given by the Head of Compliance then the investigator may say she has authority to consider all compliancerelated issues, which may include regulatory considerations. However, this could leave out of scope the authority to look at HR-related issues such as grievances or discrimination. This could hinder an investigation where the allegations concern the effectiveness of senior management and the investigator lacks the authority to require HR to deliver employee files relating to allegations, for example, of bullying or unfair preferment of staff. 6.09 Ordinarily, this type of issue can be resolved through internal dialogue within a firm but nevertheless it highlights the significance of understanding and recording up front any limitations on authority.

Who will the investigator report to? 6.10 It is also important to identify at the outset who the investigator will be reporting to and identify that person or, where it is a committee or similar, the relevant reporting body in the scoping document. 40

Monitoring and reviewing the scope of the investigation 6.14 6.11 This information will also assist the investigator or any legal counsel instructed to support the investigation in identifying whether there is a legitimate claim to legal privilege over any written material, including communications, generated by the investigation. (For a more detailed analysis of legal privilege in internal investigations, see Chapter 15.)

Timing and deadlines 6.12 Finally, the scoping document should record any critical timing issues or deadlines which need to be met, particularly for the purposes of reporting any findings. This may assist in either narrowing the scope of the investigation, for example where deadlines are tight, or providing context in the event the investigation chooses to prioritise certain issues for scrutiny ahead of others. For instance, if an employee has resigned then the investigation may prioritise a review of their conduct to secure an interview with that individual before their employment termination date, ahead of considering the conduct of other employees who are not considered a flight risk.

PRACTICAL TIP – SCOPING DOCUMENTS AND ACTION PLANS As a minimum, it is recommended that the scoping document addresses the following areas: – – – –

the factual background to the investigation; the issues to be investigated, including any specific systems, controls or management issues that have been identified for enquiry; where known, identifying any relevant laws, regulations or internal policies or procedures which may have been engaged by virtue of the issues identified; the objectives of the investigation.

An action plan should be appended to the scoping document setting out the proposed next steps for the investigation and anticipated timing for completion. This may involve identifying relevant custodians for any data extraction as well as potential witnesses, to the extent these details are known at the time of drafting the plan. (See also Chapter 9 on witnesses.)

Approving the scope of the investigation 6.13 As a matter of good governance, it is important that the initial scope of the investigation is approved by an accountable individual and an appropriate record is kept of the scope and approval. (For a more detailed discussion on the governance of investigations, see Chapter 4.)

Monitoring and reviewing the scope of the investigation 6.14 It is good practice to keep the investigation scope constantly under review as the investigation progresses and to ensure any substantive changes are approved and 41

6.15  Scoping and planning recorded contemporaneously (along with a record of the approver). Equally, where changes are proposed but rejected, this should also be recorded. 6.15 As well as monitoring scope, it is important that the investigation plan (see below) is updated regularly to reflect any substantive steps taken by the investigation, as well as any significant steps which have been considered but rejected. In both cases, any updates should be recorded contemporaneously with dates of any key decisions. 6.16 These simple controls are fundamental to managing any future risk of criticism from a regulator, court or tribunal that the investigation was flawed or failed to meet any applicable regulatory standards, such as the requirement for regulated financial services firms to conduct their business with due skill, care and diligence. 6.17 In addition, by including an accountable individual and approvals process, the investigation will also likely satisfy the regulatory expectations of any senior manager tasked with ultimate oversight and responsibility for the investigation and any subsequent response to the issues under investigation (for example a remediation programme).

Producing the scoping document to a third party 6.18 On occasion, it may be strategically important to share the scope and plan with a regulator or other authority before commencing an investigation. For instance, this may be necessary to reassure the company’s designated regulator that it is taking the matter seriously or because the company wishes to ensure there is clarity at the outset as to the scope and extent of its enquiries into a matter which has been notified to the regulator. 6.19 Although it is not commonplace for a regulator to ‘approve’ a scoping document, it may probe the proposed scope in order to understand why certain matters have been included or left out. This can be a useful indicator of either a misunderstanding between the company and its regulator as to the factual position or it may help point the investigation towards the area of most concern for the regulator, potentially highlighting an area of priority for the company’s enquiries. 6.20 Where the scoping document is shared with a regulator or any other third party, careful consideration should be given to the possible consequences of doing so and, in particular, whether the disclosure could affect any claim that the document is legally privileged. (See also Chapter 13 on dealing with regulators and Chapter 15 on legal professional privilege.)

Reviewing the scope post-completion of investigation 6.21 Upon completing an investigation, it is good practice to review the scoping document and investigation plan to determine: (a)

whether the investigation has adequately met the objectives of the investigation, including covering all of the areas identified for consideration; and 42

Reviewing the plan before executing it 6.28 (b) whether there are any lessons that have been learnt from the investigation which may be relevant to future investigations – for example, identifying where changes could be made to the investigation process or approach which may produce improved results. 6.22 If an investigation has not adequately met its objectives or covered key areas then either it may need to continue to complete those areas omitted or, alternatively, it will be important to ensure there is a record of the reasons why those areas have been omitted and that this was approved by the individual or body accountable for the investigation outcome.

Preparing the investigation plan 6.23 As explained above, the scoping document should include a detailed investigative plan. This plan should be maintained throughout the investigation as a record of key steps taken and decisions made, including any decisions not to take potentially significant steps. 6.24 An investigator should start an investigation with a clear understanding of the scope of the investigation and then carefully prepare a plan. This is essential to ensure that the investigation is carried out methodically and professionally, resources are used to best effect, sources of evidence are accurately identified and the investigation has minimised any risk of removal, destruction or alteration of evidence, inadvertent or otherwise. 6.25 An investigation plan will also assist in the effective supervision and oversight of an investigation by providing in advance a documented account of the proposed plan, including any proposed strategies and timetable of investigative steps. 6.26 As explained above, the scoping document will set out the objectives and rationale for the investigative plan, as well as any deadlines. The investigative plan should therefore set out in detail the steps proposed to meet those objectives and the timing for completing those steps. 6.27 As a matter of good practice, an investigative plan will work best if it starts with a general outline and then works towards specifics. For example, a general step might be to conduct witness interviews. The specific steps would then follow in the form of witness names, the order in which the investigation proposes to interview them and the proposed dates for each interview, including amount of time allocated per interview etc. (For further guidance on witness handling and conducting interviews, see Chapter 9.)

Reviewing the plan before executing it 6.28 As with the scoping document, it will be important to consider the plan with the individual or body appointed to oversee the investigation. Not only will this ensure it accurately reflects their instructions to the investigator but also it provides 43

6.29  Scoping and planning an opportunity to reconfirm the extent of the investigator’s authority. For instance, if the plan included a proposal to interview the CEO of the firm, it may be important to verify that the investigation has sufficient authority to conduct that interview.

Be prepared for the unpredictable 6.29 Whilst this chapter has highlighted the importance of good planning, as the reader will recognise, investigations can be unpredictable with new facts emerging that alter a company’s understanding of the issues and the evidence. It is important therefore to be flexible and responsive to any new or emerging evidence as the investigation develops, and update the investigation plan accordingly. An investigator will also need to be sensitive to any impact this evidence may have on the investigation timetable. Where there is a significant deviation in the plan, it is important therefore to record the reasons why that is the case so there is a good audit trail for future reference and to meet any subsequent challenge from an internal or external party.

Typical steps to include in an action plan 6.30 Ordinarily, the scoping document will have identified the issues that need to be investigated and the requirements of each relevant law, rule, policy or procedure which needs to be considered. By identifying these requirements, the investigator can better establish each of the steps that need to be taken. 6.31 For example, if the investigation concerns a breach of the firm’s anti-money laundering policy by an employee then one of the key facts to establish is likely to be whether the employee was aware of and received training on the policy. To establish this fact a key investigative step will be to retrieve a copy of the employee’s training record. (In a regulated firm, this is normally maintained by the compliance function.) 6.32 Even if it is not possible to be this specific, an investigator should be able to identify the key sources of information which need to be considered for the investigation to meet its objectives and report its findings. 6.33 Put simply, the key sources of information comprise documents and data (both electronic and hard copy), and people. Chapters  7 and 9 tackle these three sources with particular focus on the location of documentary evidence and witness handling. 6.34 For the avoidance of doubt ‘data’ includes more intangible sources of information such as CCTV footage, security logs and remote access log-in records, as well as trading data and other financial data. 6.35 For the purposes of this chapter, the critical point to note is that the action plan should identify: – –

what evidence may be required and where it is located, if known; who are the potential witnesses; and 44

Project management tools and good processes 6.38 –

who are the potential custodians (which include but are not limited to potential witnesses) for the purposes of retrieving relevant evidence

In this context, ‘custodians’ also includes individuals who could assist the enquiry because they have information or have created documents and data which relates to the subject of the investigation. 6.36 For example, a compliance officer might have no awareness of or involvement in a potential expenses fraud perpetrated by another employee but they may be able to identify where the bank’s gifts and entertainments records are kept (which will be relevant to establishing whether particular expenses were authorised). Consequently, the investigator may include in the action plan a proposal to meet with or interview the compliance officer to establish the process for authorising expenses and the location of the relevant records, before conducting an interview with the employee concerned.

Project management tools and good processes 6.37 Finally, for larger investigations, it will be important to consider whether to engage qualified project managers and whether to utilise appropriate project management tools such as GANT charts and secure extranet portals (similar to collaboration sites used on M&A deals). The latter can be a very useful tool for a variety of reasons, not least where a company has instructed an external party to investigate because: •





a secure portal can provide a secure means for sharing company confidential materials whilst at the same time minimising the risk of inadvertent disclosure (for example where an email is sent to the wrong recipient – a frequent occurrence in day to day corporate communications); it ensures there is a single repository of information and records relating to the investigation – which avoids a multiplicity of electronic storage areas and manages the risk of undue delay in identifying historic materials generated by the investigation – which is a commonplace occurrence during the course of lengthy investigations, particularly where there changes in company personnel during that time; it can assist in more effective version control over crucial investigation documents generated where this is the main repository for working drafts and there are multiple parties working on those drafts.

6.38 In the same vein, a secure document management platform may also be necessary to assist investigators in conducting efficient reviews of electronic evidence. This is explored in more depth in the next chapter on preserving evidence.

45

Chapter 7

Preserving evidence 7.01 ▶ ▶ ▶ ▶ ▶ ▶





This chapter considers: The general principles for identifying evidence for preservation. The different types of evidence to preserve. Securing and preserving digital material on company network. Securing and preserving digital material off network. Securing and preserving hard copy documents. Key considerations around the preservation of personal property and managing data privacy. Issues associated with preserving documents located abroad.

Identifying relevant evidence 7.02 Once the investigation has addressed the immediate priority of protecting evidence at risk from intentional destruction by custodians (see Chapter  3 on immediate priorities) then the next step will be to identify wider sources of potentially relevant evidence for preservation. 7.03 Taking steps to preserve evidence at the earliest opportunity is important because material which is relevant to determining the outcome of the investigation may otherwise be at risk of destruction. For example, most companies will have some form of policy for the retention and destruction of documents which involves regular cycles for the disposal of documents. These may need to be suspended or moderated for the duration of the investigation. 7.04 Equally, there is always an ongoing risk that evidence may be inadvertently destroyed by an individual who is unaware of the relevance of that evidence to the investigation. Making staff aware they need to preserve certain types of document may be necessary to manage this risk. 7.05 By taking early steps to preserve evidence, the company will best ensure that relevant material is available to investigators and, consequently, it will protect the credibility and integrity of an investigation. The preservation of evidence is also important for avoiding any suggestion or perception that a company has been complicit in the destruction of evidence. Such allegations are not only harmful to a company’s reputation but, in certain circumstances, they can also justify grounds for an authority to commence criminal proceedings against the company or its staff for offences associated with interfering with critical evidence. 7.06 Consistent with the comments in the last chapter concerning record-keeping and the investigation plan, all steps taken to secure material should be documented so 47

7.07  Preserving evidence that they can later be explained to those within the company tasked with overseeing the investigation, as well as to regulators and prosecuting authorities, should the need arise.

What evidence to preserve 7.07 It is normally the task of the investigator to decide what evidence is to be protected, based on his or her knowledge of the issues that need to be investigated and the scope of the investigation (as described in the investigation scoping document). 7.08 The guiding principles for identifying evidence for preservation is that the exercise should be reasonable and proportionate. Put another way, it is normally only necessary to preserve those materials which are reasonably likely to be relevant to determine, on the balance of probabilities, what happened. However, where there is a doubt or ambiguity with regards to the relevance of a particular piece of evidence, it is best to err on the side of caution and preserve too much rather than too little. 7.09 • •

The typical approach to preserving evidence is a twofold process: first, identify the relevant ‘custodians’ – ie  the potential witnesses and any individuals who are or may be the subject of investigation – and ensure that material held by them is preserved; and second, identify the evidence or types of evidence that may exist beyond the custodians’ immediate areas of access, but which may include information pertinent to the investigation.

7.10 For the first category, material for preservation will include both electronic and hard copy data. As is explained in more detail below, this may include electronic data held on both the company network as well as on an individual’s personal devices. Examples of the types of material which fall within the second category will include: • • • • •

company documents, for example minutes of Board meetings and committee papers; business records, including sales and marketing literature, contractual documents (such as standard supplier terms of engagement), client or customer records, and project files; materials held by business support functions, such as reports created by internal audit, risk and compliance; internal policies and procedures, as well as corporate governance materials; and HR and personnel records, including organisation charts and any descriptions of the roles and responsibilities of relevant individuals in scope.

The methods for preserving evidence for these types of material is explored in more detail immediately below.

Sources of material for preservation 7.11 There are three broad sources of material to consider for preservation, each bringing with them different challenges. 48

Sources of material for preservation 7.16 (1) Digital material on company network. (2) Digital material off network. (3) Hard copy documents.

Digital material on company network 7.12 Where a company stores digital material on an internal or external system or servers (described here as a ‘network’) then it will be important for the investigation to seek information from the company’s IT staff to understand where that data is stored, the range of data involved and the steps required to preserve each type of data. These enquiries may also need to involve third party suppliers which are providing storage solutions or system hosting for the company’s data. 7.13 Before engaging in any third party discussions, it may also be necessary to consider the terms of any third party supplier contract to confirm the company’s rights to the relevant data, particularly its rights to direct the third party to take steps on the company’s behalf to secure or preserve that data. In addition, careful thought will need to be given as to how to communicate any request to preserve where there are concerns about maintaining confidentiality over the investigation. These challenges can be exacerbated where data is stored outside the jurisdiction, making it difficult for the company to enforce its rights in the event a supplier refuses to take any requested steps to preserve or subsequently produce data to the company. 7.14 The investigation will also need to verify whether any auto-delete or overwrite functions exist on the company servers and back-up systems. Where these exist, it will be important that the company’s IT staff and/or its third party service providers have been asked to initiate stoppage of that process, where it could impact relevant evidence, and that steps are taken to verify any process stoppage has been effective. 7.15 The following is a non-exhaustive list of data types and repositories which an investigator may need to consider when determining which sources of data to preserve on a company network: • emails; • Bloomberg chat, Skype and other instant messaging systems; • voice recordings and phone logs; • shared drives/‘personal’ network drives (ie areas of shared network where an employee has exclusive access); • database access logs; • trade data/profit & loss data from trading or back-office platforms; • security system logs; and • CCTV recordings. Not all of this material will necessarily be relevant or require review, but steps should be taken to secure and preserve it where relevance is a possibility.

Digital material off network 7.16 There may also be considerable material stored away from company network systems. Sources for this material may include: 49

7.17  Preserving evidence • • • • •

hard drives of desktop computers; laptop hard drives; flash drives; company-issued mobile devices such as mobile phones, Blackberries and tablets; and personal devices (where these have been used for company purposes, but note the special considerations around personal property and data privacy below).

7.17 For many of these items, it may be advisable to take forensic copies. This will allow a copy of the data to be analysed on a secure system, eliminate the risk of loss of data in the original devices, and allay any concerns over data integrity and tampering. Where there is no appropriate in-house expertise to take the copies, then it will be necessary to engage a third party e-discovery or forensic specialist who will be able to ensure that preservation is carried out appropriately with correct chain-ofcustody procedures. Engagement of a specialist may also be necessary to manipulate and convert data to a reviewable format whilst maintaining its underlying integrity. This can be a particular problem in cases where data is obtained from disparate sources, particularly legacy or unusual databases. 7.18 Investigators should be alert to the potential personal use of third party messaging systems on company phones and tablets, such as WhatsApp and Facebook Messenger. Care must be taken to remain compliant with data privacy laws and other regulations protecting personal communications. This issue is addressed in more detail later in Chapter 15 on confidentiality and legal privilege.

Hard copy documents 7.19 Examples of hard copy evidence to consider for identification and preservation include: • • •

employee notebooks; hard copies of presentations or board/committee papers (these may well have manuscript notes on them taken during the relevant meeting); and other manuscript notes of meetings (often those tasked with preparing minutes make notes at the meeting which are retained after the drafting of the formal minutes).

7.20 Certain types of record, such as minutes of board meetings, are likely to be the subject of specific regulatory requirements for safekeeping of records and will be protected from destruction for a fixed period of time. In those circumstances, it is advisable to note the destruction date so that the company is prepared to request preservation should an external investigation or regulatory scrutiny into the matter materialise. 7.21 Where an investigator takes possession of hard copy documents, it is important to ensure that a chain-of-custody is maintained, meaning the investigator keeps a record of where the item was found, by whom and at what time, a brief description of the item and details of where the item has been stored. This record should be preserved with the other investigation work product for future reference 50

Considerations around personal property and data privacy 7.28 and utilised in the event there are any challenges to the provenance of evidential material. 7.22 In addition, once hard copy materials have been recovered, it is best practice to keep these materials in a locked room or cabinet with a record kept of what has been logged and what has been removed, when it was removed and returned, and by whom. 7.23 If the materials are contained in specific files then it is also good practice to ensure the structure of those files is maintained and not re-arranged. In the same vein, unless it is impractical to do so, an investigator should try to work from copies of the files, rather than originals, so as to avoid the risk the integrity of the files is inadvertently compromised.

Considerations around personal property and data privacy 7.24 Access to personal property and information is governed and restricted by a number of different laws and regulations that vary from jurisdiction to jurisdiction. Investigators should therefore take great care to ensure the gathering and review of evidence does not inadvertently, or otherwise, result in a breach of an individual’s rights. 7.25 In many jurisdictions, there are circumstances where accessing an individual’s communications or personal data without proper consent may constitute a criminal offence. Consequently, in retrieving evidence it is important to give sufficient thought and consideration to the legal framework before embarking on an exercise to recover personal property or personal data. Where there is ambiguity or uncertainty then it is highly recommended that expert legal advice is taken in advance of any steps. Subject to that caveat, highlighted below are some of the key areas where care should be taken in reviewing and handling personal property and information.

Personal property 7.26 Typically, a company has no authority to seize personal property that belongs to an employee. Examples of such property are personal devices such as phones, tablets and laptops, as well as diaries, letters and other hard copy documents that have been purchased by, or otherwise belong to, the employee. 7.27 In a situation where an employee has made business records on personal property, for example notes of a business meeting made in a notebook purchased by the employee, then the employer may need the individual’s consent to obtain the records. 7.28 Electronic files held on a business-owned system but containing personal information, for example spreadsheets containing personal financial information, are 51

7.29  Preserving evidence unlikely to be classified as exclusively personal property, instead these are usually regarded as company property containing personal information – see below for further information on how to treat this kind of material.

Employee correspondence and personal information 7.29 Employee correspondence is an area where particular care should be exercised, even where the correspondence is held on business systems. Most jurisdictions have specific legislation aimed at limiting the circumstances where correspondence can be accessed. The consequences of breaching these laws can be very serious. 7.30 In the UK, for example, it can constitute a criminal offence to access personal correspondence held on a device owned by an employee without the proper authorisation. Even where a firm intends to access an employees’ business correspondence on business systems, there are circumstances where this may constitute an offence. The exception to these rules are where the following three factors are all present: – – –

the communications are relevant to the business; the purpose is to establish the existence of facts or to ascertain compliance with regulatory or self-regulatory standards, and employees have been informed that interceptions may be made.

7.31 However, note that this exception does not automatically extend to personal internet email accounts, such as Yahoo, Hotmail, and third party messaging systems such as WhatsApp, even where those accounts were used on hardware owned by the business. 7.32 In addition to laws specifically controlling access to correspondence, most jurisdictions have regulations that seek to protect privacy more broadly. Investigators are likely to need to consider whether the access of correspondence or other personal information on a business system intrudes unnecessarily on the employee’s privacy (remember that the firm has no right of access at all to any information held on personal systems and devices). 7.33 The following are examples of material that is not correspondence but which may be affected by data privacy laws: • • •

documents residing on company systems that contain personal information for example drafts of personal letters, spreadsheets containing personal financial information, lists of personal passwords, photographs; calendar entries relating to personal matters on electronic systems for example Microsoft Outlook; handwritten notes relating to personal matters on company property (for example notebooks, daybooks or diaries).

Particular care should be taken before accessing any file or folder marked as ‘personal’ or where the investigator has other good reason to believe that it may contain solely personal information. 52

Considerations around personal property and data privacy 7.37

Data protection regulations in the UK 7.34 In the UK, the Data Protection Act 2018 (UK DPA) provides the framework for protection of personal data. Under the ‘lawful basis’ principle of the UK DPA the gathering of personal data for the purposes of an investigation will most likely be acceptable where it is necessary for legal proceedings, legal advice or to establish or defend legal rights. 7.35 However, investigators still do not have unrestricted right of access to all information about workers under investigation and the UK data privacy regulator – the Information Commissioners Officer – has previously issued specific guidance for employers on this topic.1 Nor does the overarching lawful basis principle ordinarily justify access to sensitive personal data such as medical health records. 7.36 As a general guide, the risks of a breach of UK data protection laws will be minimised if all access is demonstrably fair, necessary, proportionate, reasonable and transparent (insofar as possible). 7.37 With these factors in mind, it is generally unlikely that a company will have grounds to access communications or other material which relates solely to an individual’s personal life, even where the information exists on business equipment, unless it is the individual’s personal conduct or behaviour which is the subject of the investigation – for example, where it is alleged an employee has engaged in personal account dealing in contravention of a company’s trading policy.

1

See, eg, the ICO employment practices code – para 2.13.2.

53

Chapter 8

Tools and techniques for reviewing digital and documentary evidence 8.01 ▶ ▶ ▶

This chapter considers: How to define the population of data and documents for review. Key considerations when deciding on the composition of the review team. The key stages of a review, including best practices for managing large-scale electronic data reviews.

Introduction 8.02 Once potentially relevant evidence has been preserved, the next step in the process is to define the scope of the review. Due to the enormous growth in data generation that has been seen in recent times, a key challenge for all but the smallest investigations will be determining how to keep the review population of data within reasonable and proportionate limits whilst also ensuring that the investigation is sufficiently thorough. 8.03 This chapter sets out the key considerations in determining the scope of the review and the various options available to ensure that the review is conducted efficiently with appropriately skilled resources and technology.

Defining the review population 8.04 The first task is to define the population of evidence within the preserved material that needs to be reviewed in order to answer the questions posed in the investigation scoping document. Creating an investigative perimeter in this way is essential as it will enable an investigator to estimate and contain the costs of the review. It is also vital for proper project planning and resourcing of the review. 8.05 Unless an investigating agency has prescribed the review population, the decision of what material to review, and how much, will be a matter of judgement for the investigator. In making that judgment, an investigator must balance: (1) the need to review an amount of data that is sufficient to achieve the investigation’s objectives (and, where relevant, satisfy external interested parties that an adequate investigation has been conducted) with; (2) the need to keep the size of the review within reasonable and achievable limits.

55

8.06  Tools and techniques for reviewing digital and documentary evidence

PRACTICAL TIP Consider at the outset whether more information is required in order to define the review population. For instance, a ‘document interview’ with a relevant member of staff is often an invaluable source of information to help identify the type of evidence available (digital, hard copy etc), where that evidence is stored and how to retrieve it. A relevant individual for these purposes may comprise someone from the affected business area or a member of support staff for that area, eg a compliance officer, who can describe where and how relevant material is stored. For more information about document interviews, see Chapter 9 on interviews and witness handling.

Taking an iterative approach 8.06 For most investigations, it is usually beneficial to take an iterative approach to reviewing evidence. This will mean defining an initial population that is limited in size, and focusing on the material that the investigator considers most likely to contain the relevant information, based on his or her understanding of the facts at that time. 8.07 Often this will involve a review of the immediate correspondence of the individual under investigation, during a narrow period around the time of the alleged misconduct in question, and then an examination of the evidence responsive to those enquiries to better understand the factual matrix. The learnings from that review can then be used to inform the next phase of review – for example, did the initial review identify a new witness of interest, or another communication system containing relevant evidential material? 8.08 Armed with the information gleaned from an initial review, an investigator will be in a better position to identify the next population of evidence to review. 8.09 The important point here is to ensure that the population of evidence for each phase is defined so that the investigation continues to focus on the material which it is reasonably proportionate and necessary to review, in light of the scope of the investigation. By taking a phased approach, an investigation can also manage more effectively the allocation of resources and contain costs.

Documents to consider for inclusion in review populations 8.10 Clearly, correspondence and documents generated or held by individuals under investigation will need to be considered for review. An investigator should also consider those documents that may not be directly associated with the individual under investigation but which provide important contextual information. Documents of this kind may include: 56

Options when the review population appears excessive in size 8.16 • • •

those that frame the rules within which the individual operates (eg company policies, manuals, guides, job descriptions); those that comment on the individual’s compliance with those rules (eg disciplinary records, details of appraisals and performance reviews, logs of compliance breaches etc); or internal and external reviews of the business area in question (eg internal audit reports, reviews of internal processes and controls, external auditor or other third party reports and correspondence with external authorities, such as the company’s primary regulator).

Information generated or held by witnesses to the matters under investigation (rather than under investigation themselves) may also need to be considered for review. 8.11 More broadly, investigators will need to exercise judgement when determining which custodians should be included for the purposes of a review and what should be the appropriate range of dates for a review. This will come down to what is reasonable and proportionate in the circumstances and, where relevant, whether the scope of the review meets the expectations of external interested parties. 8.12 When an external authority or regulator has expressed an interest in the internal investigation then it may be preferable or even necessary to agree the scope with them. This situation is considered in more detail in Chapter 13 on Regulatory Liaison and Disclosure.

Options when the review population appears excessive in size for the matter under review 8.13 Where the size of the review population seems unreasonable or disproportionate to the matters under investigation, there are a number of options that a company may consider to reduce the size.

Applying search terms 8.14 The well-known option is to apply search terms to the data to identify a narrower subset of data for review. 8.15 Search terms can be used to define an initial review population, targeting particular words or phrases, individuals or topics of interest. The intention here is to take investigators swiftly to documents likely to be relevant whilst vastly reducing the amount of data for review. 8.16 As the use of search terms may inevitably exclude some relevant documents from review, the use of search terms and the actual terms themselves are something that may need to be discussed and agreed with the relevant decision-maker in the company. It may also be necessary to discuss the search approach with the company’s regulator or an investigating authority, where they have expressed an interest in the outcome of the investigation. 57

8.17  Tools and techniques for reviewing digital and documentary evidence 8.17 This can be a prudent strategy where it is important to manage the risk an authority may subsequently raise concerns that the investigative approach has been too restrictive or it failed to identify material which was later deemed relevant. 8.18 Where a regulator has asked a firm to search for evidence responsive to a particular issue, then it is doubly important to share the approach to the review and provide regular updates to manage the regulator’s expectations in the event results are unsatisfactory. This will also allow for an ongoing dialogue and early variation in the approach, if appropriate.

Using Technology Assisted Review 8.19 Technology Assisted Review (TAR), or predictive coding, is a form of advanced analytics for use in large data sets. TAR can be used in conjunction with or as an alternative to the application of search terms. 8.20 In concept, TAR seeks to achieve the same outcome as the use of search terms, ie to identify relevant documents within a large data set, allowing for a review that is both more manageable and more fruitful. However, TAR is generally much more successful in achieving these objectives than the use of search terms. 8.21 At its heart, TAR seeks to emulate the decision-making process of a human reviewer through machine learning. The process starts with an experienced member of the investigation team extracting a ‘seed set’ of un-reviewed documents from the review population and then reviewing and tagging them for relevance. The TAR system ingests the seed set and uses algorithms to analyse the characteristics of these documents. Through this analysis, it derives systematic rules intended to replicate the reviewer’s judgements and applies these rules to the un-reviewed population to return documents likely to be relevant to the reviewer. The process will generally incorporate statistical models to guide the process and to measure overall system effectiveness. There are two key variables that measure the success of these techniques: (1) recall; and (2) precision.

Recall 8.22 This is the percentage of the actual population of relevant documents that the analytical technique identifies. So, if within a population of 1,000,000 documents there exist 100,000 relevant documents, and the analytics identify 60,000 of those relevant documents, then the rate of recall is 60%.

Precision 8.23 This is the percentage of the documents identified by the analytical technique that are in fact relevant. So, continuing with the example above, if the technique returned 120,000 documents (of which 60,000 were in fact relevant, as above), then the rate of precision would be 50%. 58

Engaging specialist expertise to support a document review 8.30 8.24 In large-scale reviews of electronic data, the rates of recall and precision from the use of TAR are typically far superior to those achieved by using search terms. However, for matters involving smaller volumes of data (normally below 10,000 documents), the costs can be potentially prohibitive. Consequently, TAR should be considered as part of the overall investigator’s toolkit, to be deployed where the circumstances suggest it is appropriate.

Engaging specialist expertise to support a document review 8.25 For reviews with large and complex data sets, it may be helpful to engage a third-party supplier to assist with e-discovery and document review tasks. Areas where specialist expertise can be particularly helpful include the following.

Data preparation and culling 8.26 Specialist expertise may be required to ensure that data is converted to the appropriate format for upload to a review platform. For example, hardcopy data will need to be scanned and then ingested for subsequent conversion to digital text for review. Other data may have been extracted from multiple sources in varying data formats, which may create difficulties, or extracted from legacy databases that yield unusual data formats requiring bespoke conversion. 8.27 Service providers can also assist with culling of data to strip out duplicative or clearly irrelevant material. An example would be the use of ‘email threading’, an automated process that gathers all emails within a conversation together to reduce greatly the complexity and duplication within the review. ‘Near-duplication’ detection can bring together almost identical documents so that they can be reviewed and coded together, whilst ‘de-duplication’ can identify and remove documents that are completely identical. 8.28 More bespoke strategies can be employed depending on the data in question, such as recognising and removing emails that are part of an ‘email blast’, or removing calendar associated emails (such as notifications of acceptance of a meeting invitation).

Third party document review specialists 8.29 Where there are insufficient internal resources to perform the document review, all or some of the review can potentially be outsourced to a service provider. Companies may also separately consider whether they wish to engage external lawyers to advise on the findings of the documentation review. 8.30 The third-party review could be confined to a ‘first level’ review where focus is on tagging evidence as per a protocol drafted by the company or its lawyers. Alternatively, the service provider may conduct a fuller review including a conclusion on the factual narrative. 59

8.31  Tools and techniques for reviewing digital and documentary evidence 8.31 Whenever review work is outsourced to a third party careful thought needs to be given to the framework for the review, and what the output will look like. For example: whether the review will be conducted under the umbrella of legal professional privilege; how the reviewer will handle client confidential information; whether there will be a written summary of the review results; and how the data will be stored and ultimately produced to the company and, potentially, any external authority.

Reviewing audio files 8.32 Most companies outside the regulated sectors will not record or maintain the capability to record phone calls. However, within the financial services sector there are specific rules governing when an employee’s call should be recorded, including rules governing the length of time for which that recording should be preserved. These call records can be a crucial limb of the evidence gathered, being a contemporaneous record of what was said by the employee. However, the process for reviewing these recordings can take a considerable amount of time – whilst relevant conversations are often only a matter of minutes, some recorded lines remain open for several hours or more each day, meaning an investigator would potentially need to listen to the entire recording to find the portion where a conversation occurred. 8.33 Consequently, reviewing audio files of phone calls can present particular difficulties. Helpfully, some third-party specialists employ bespoke audio review systems that enable them to review audio files at far greater speeds than traditional methods. These systems may also replicate the functionality of email review platforms, allowing for key word searches, tagging, and the organisation of audio files by user, date and other characteristics. Where call volumes are considerable then it is particularly worthwhile seeking out a specialist to assist with the review.

Reviewing instant messaging and chatrooms 8.34 Evidence on certain chat and messaging systems, such as those provided by Bloomberg and Reuters, can also present difficulties for investigators. Material can often be duplicative and key evidence obscured within large amounts of ‘noise’ that includes disclaimers and information about who has entered or left a chat room. Some tools allow reviewers to search across chat files, target discussions between particular people at specified times, and strip out irrelevant noise. Again, when dealing with large volumes of this data it is sensible to seek out a specialist or specialist technology to aid the review.

Advanced analytics 8.35 In addition to TAR, firms are increasingly using another emerging technology, ‘associative analytics’, to search and interrogate large data sets. This form of analytics is designed to make searches for relevant material much more productive and efficient. 60

Ensuring the review team has the appropriate subject matter expertise 8.40 8.36 For example, ‘concept searches’ find documents that are conceptually linked but which do not necessarily contain the same words. So, for example, a concept search using the words ‘sales pitch’ would return documents containing those words, but also – through identifying and learning from the characteristics of those documents – the concept search would return other documents that do not contain those words but which are in fact documents used in a sales pitch. 8.37 A  related analytic is ‘clustering’, which organises the data into groups of documents that the software believes are logically related through instances of common language. This provides an instant map of the document universe, allowing the reviewer to target the cluster of most interest and de-prioritise those likely to be irrelevant. For example, if clustering was applied to a population of emails gathered from a securities trading desk, clusters of documents under headings of ‘Christmas’ and ‘Party’ are unlikely to be a priority in a review aimed at identifying trading misconduct.

Digital forensic analysis 8.38 Finally, there may be circumstances where specialist forensic analysis is required to examine an electronic audit trail. This might arise where there is a need to establish the provenance of a document, identify who may have accessed a document or system, or where there is suspicion that digital evidence has been tampered with.

Ensuring the review team has the appropriate subject matter expertise 8.39 It is critical that the review team, regardless of whether they are assembled in-house or from a third-party provider, understands the environment and context in which the alleged misconduct or other issues under investigation occurred. For instance, does the review team have a broad understanding of the regulatory framework for conduct, such as the need for a designated Senior Manager in a regulated financial institution to create and maintain a statement of responsibilities? Armed with the requisite background knowledge, the review team will be more effective in conducting its review. Establishing the necessary degree of background knowledge will be more of a challenge for some cases than others but can be achieved through appropriate training and guidance. 8.40 Typical topics to cover in reviewer training sessions might include the following. •

• •

The product type relating to the matter under investigation. An investigation into alleged misconduct in the foreign exchange (FX) market, for example, may require an understanding of how clients use the market, the different FX products traded, pricing mechanisms, and trader jargon. The regulatory environment. The key here is to understand what behaviour is permitted and what is not. A briefing on the operational area where the misconduct has occurred. This might include details about the trading desk involved, how it is overseen, 61

8.41  Tools and techniques for reviewing digital and documentary evidence the internal management reporting lines, its client base, communication channels used, the roles of operational support staff and risk management functions. 8.41 In briefing the review team, an investigator may also need to describe nature of the allegations which are being investigated, the basis for those allegations, and any overarching objectives of the investigation.

Conducting the review Review platforms 8.42 For reviews involving a significant number of documents, an electronic review platform can be enormously beneficial. The key benefits of a platform will normally include the following. • • •





Processing functionality that converts native data files into searchable information whilst preserving the underlying data integrity. Maintaining confidentiality and preserving the security of the review data. Access controls can be employed to ensure that evidence is only accessible to those who have a need to be involved. Analytical functions designed to assist investigators and increase the efficiency of the investigation-gathering process. For example, a review platform typically provides the ability to: – tag documents according to different levels of relevancy, eg ‘not relevant’, ‘relevant’ or ‘hot’, and also how evidence pertains to specific issues, eg  ‘evidence of misleading a customer’ – (a ‘hot’ document indicates an item of evidence which appears on its face to be critical or highly significant to the issues under investigation); – group documents for analysis or production, according to these tags – examples might be grouping all documents relating to a particular custodian, or all hot documents, or all privileged documents, or all documents supporting a specific aspect of the allegations; – conduct key word searches across the evidence; – employ email threading, near duplication and de-duplication functionality; and – perform TAR and other advanced analytics. Project management and work flow capabilities. Platforms typically have functionality to organise work flow, for example assigning certain documents to particular reviewers. It will also provide the project manager with statistics to help monitor the progress of the investigation, eg by identifying the number of documents reviewed in total and by user. These will indicate the rate or speed of review – important data for the investigation team when it is seeking to manage expectations around the timing for delivery of results. An audit trail that logs the actions performed by users in the system. This can become critical where deficiencies are identified in the review and the investigation team needs to understand where errors were made which may impact a population of documents, so these can be swiftly corrected. 62

Conducting the review 8.46

Drafting and maintaining a review protocol 8.43 For reviews involving higher numbers of custodians or more complex lines of enquiry, it is advisable to prepare a review protocol, codifying the objectives and methodology of the review. This will help to ensure a consistency of understanding and approach amongst the review team. The protocol will also serve as a record of the rationale behind the approach taken in the review, should this ever be subject to scrutiny or challenge. 8.44 Issues to cover in the review protocol, depending on the complexity and size of the review (and the sensitivity of the information involved), may include: • • • • • • •



• •

background information relevant to the conduct or issue in question, eg  an explanation of the business activity in which the suspected misconduct occurred; common acronyms, abbreviations and industry terms; the names of the custodians under review and/or a dramatis personae; an explanation of the different methods of communication by those under investigation, particularly where this is unusual or unfamiliar to the reviewers (eg Bloomberg chatrooms and instant messaging systems); the particular regulations that are in play and the suspected misconduct; the standards of behaviour generally expected in that business; the lines of enquiry pursued – these should break down into a series of questions that the investigation is seeking to answer – for example, an investigation into front-running in securities markets might seek to answer these questions, amongst others: – Did the employee under investigation trade before any customer orders on these dates in the same securities as the customer? – Did the employee have knowledge of any such orders in advance of trading? – Did the employee’s supervisor know that the employee traded before particular customer orders on particular dates? – What training or other guidance did the trader receive on acceptable market conduct? a definition of what would constitute relevant or irrelevant information, and reviewer guidance for the associated system of tagging each document within the review platform – this ‘tagging’ is to denote the designation of each document, eg relevant or irrelevant, privileged or not privileged; a definition of what would constitute a ‘hot’ document (see above); and instructions on how to identify and treat legally privileged material.

Oversight of the review 8.45 It will be a critical component of any large scale review that there is ongoing oversight and management of the review team by a member of the investigation team familiar with the facts and issues under investigation. 8.46 Ideally, the responsible individual will conduct an ongoing quality control and quality assurance process to regularly assess the output from the review team 63

8.47  Tools and techniques for reviewing digital and documentary evidence to verify that documents are being appropriately identified and categorised, in accordance with the reviewer guidance and protocols. A  similar exercise can be conducted at the end of the review. 8.47 As well as monitoring the review output, the responsible individual will be on hand to train new reviewers and answer ad hoc questions as the review teams understanding of the evidence develops. 8.48 Any key developments in the review and any anomalous results identified should then be logged for further consideration by the investigation team, with any key changes or additional guidance in response recorded in the review protocol so reviewers are made aware of them. 8.49 By maintaining this level of oversight, the investigation team will also be best placed to manage the reviewer resource and monitor the prospects of delivery to any predetermined deadlines, proactively taking action where these may not be met.

Prioritisation within the review 8.50 Once the review of evidence begins, it is sensible to start with the evidence that is most likely to take an investigator to the heart of the matter. Findings from the initial prioritisation will often significantly inform the scope and direction of the ongoing investigation. As explained above, typically, investigators will start by targeting the correspondence of the individual under investigation and focusing on narrow time periods around the suspected misconduct in question. 8.51 For larger reviews, the use of key word searches can also help to take investigators swiftly to matters of interest. For very large data populations, TAR can also be used to prioritise review material.

Inadvertent disclosure of legally privileged material in the context of document reviews 8.52 In most common law jurisdictions (eg  the UK and the US), no litigant, regulator or prosecuting agency has the right to review material subject to legal professional privilege. However, legal privilege may be lost where material is inadvertently disclosed to a third party, such as a regulator. This can potentially prejudice a firm’s ability to defend itself in the event of litigation or enforcement action, as well as causing potential embarrassment where the contents of confidential lawyer-client communications are exposed, ‘warts and all’. 8.53

There are two common manifestations of this risk to legal privilege:

(1) Investigators inadvertently include legally privileged material in nonconfidential reports or in non-confidential communications. (2) Legally privileged material is mistakenly included in a production of documents to a regulator or prosecuting agency. 64

Inadvertent disclosure of legally privileged material 8.60 8.54 A  process for identifying and segmenting legally privileged material is therefore critical to mitigating both of these risks. The investigation review protocol should include guidance on this subject and reviewers who are not lawyers may need detailed instructions on how to assess documents for legal privilege. 8.55 Where there is a decision to perform an analysis of legally privileged material identified during the course of a review then it is best to record the results of the analysis in work-papers separate from the core review materials, to avoid any inadvertent waiver of privilege. 8.56 Similarly, the documents identified by the review as legally privileged should be secured in a way which ensures they are ring-fenced from any subsequent document production, eg  to an external authority. Appropriate security measures might include encryption of the data and/or restrictions on IT access controls. 8.57 Where a company is subject to a large production request from an investigating authority, it may not be possible to review all the data for legal professional privilege prior to handing it over. In these situations, the company will need to agree in advance with the authority a method for minimising the risk of inclusion of protected material in the production. 8.58 These methods will be systematic and computer driven. They typically include the use of search terms to identify and exclude documents from the production that contain words indicative of legally privileged content, such ‘privilege’, ‘legal’ and ‘attorney’. Communications to and from lawyers can also be easily excluded. 8.59 Such an approach will tend to cast the net overly wide and result in the exclusion from the initial production of some documents that are not in fact legally privileged. However, reviews can be performed of the withheld material to extract any non-privileged documents and these can be provided to the investigating authority subsequently. 8.60 Companies should remember that the investigating authority has no right to legally privileged information and therefore it is perfectly acceptable for a company to take a cautious approach.

PRACTICAL TIP As a matter of good practice, productions of evidence to an investigating authority should be accompanied with a letter explaining that all information is disclosed on a confidential basis and that any accidental inclusion of legally privileged material does not constitute a waiver. The company should also request that it will be informed if the investigating authority identifies any legally privileged material in the production. Any such material should be eliminated from the scope of the authority’s enquiry.

65

Chapter 9

Interviews and witness handling 9.01 ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶

The next three chapters consider the following matters: The purpose of witness interviews. Who to interview. Categories of interviewee/types of interview. Use of preliminary interviews. Use of ‘document interviews’. Deciding whether authorities should be consulted. Providing details of the interviews to the authorities. Identifying witnesses and the order of interviews. When to interview and in what order. Planning for an interview. Attendees at interviews. Conducting the interview. Employee cooperation. The privilege against self-incrimination. Considerations when interviewing former employees. Handling whistleblowers and risk of whistleblowing in interviews. Considerations when interviewing employees based abroad. Post-interview considerations.

Introduction – the purpose of witness interviews 9.02 Witness interviews are an essential part of the evidence-gathering stage of most investigations. They also frequently consume the greatest amount of an investigator’s time and involve balancing some of the most complex procedural and legal issues. Consequently, great care needs to be taken to ensure that interviews are conducted at a time and in a manner which is of most assistance to the investigative process. This involves giving sufficient time and thought at the earliest opportunity to determine: • • • • • • • • •

Who should be interviewed and why? Is the individual being interviewed as a witness of fact or as a subject of the investigation? Should there be a preliminary interview or document interviews? Who will conduct the interview? Who will attend (other than the witness/subject). When should the interview take place? And where should it take place? How will the interview be recorded? Is it a formal interview – ‘on the record’ – or informal (and is there really a distinction)? 67

9.03  Interviews and witness handling • • • • • •

How long is required for an interview? Should advance notice be given of the interview? If not, why not? Will the interviewee be asked to consider/comment on any evidence at the interview? If so, will they have an opportunity to consider the evidence in advance and how will the evidence be provided to them? Will there be more than one interview with an individual? What are the individual’s rights at interview and do you need to take any steps to make them aware of those rights?1 Is a ‘document interview’ required?

9.03 There is a good deal of benefit and no discernible detriment in trying to answer these questions at the start of an investigation. At the very least, the answers will tell the investigator where there are current knowledge gaps which will help him or her plan more effectively for the time when they need to conduct interviews. In addition, the answers should help the investigator to reach a view on whether to conduct preliminary interviews, and assist in focussing on the key issues that need to be investigated and the evidence which needs to be interrogated to determine those issues.

Who to interview? 9.04 As highlighted in Chapter  7 on preserving evidence, at the outset of an investigation it is critical to identify relevant custodians for the purpose of identifying and retrieving any relevant evidence for review. Often, these same individuals may need to be interviewed as well. 9.05 In addition, it is important to consider whether there are other individuals or groups of individuals who ought to be interviewed to assist in reaching an understanding of the facts and matters under investigation, and to determine whether some breach has occurred. 9.06 To manage the competing interests on time and resource, it is good practice to categorise individuals according to their relevance to the investigation. That way the volume of interviews, and witnesses, can be more effectively managed to reach a proportionate but reliable conclusion on the evidence. Broadly, the key categories of interviewee are: • • •

core witness of fact; non-core or peripheral witness of fact; subject matter expert or background witness.

9.07 There is then a further group of individuals whom the investigation may wish to speak to, to better understand the wider context (such as the overall business, service or product) but who are not formally interviewed. Invariably, information gathered from individuals in this group will be done on a more ad hoc basis and 1

For example, in the financial services sector a regulated firm should always take care to avoid infringing an employee’s right to make a report to the regulator where he or she has concerns about conduct within the regulated firm.

68

Introduction – the purpose of witness interviews 9.13 should be thought of as more in the nature of meetings than interviews. (The format of an interview and whether it is a ‘formal’ interview is discussed in more detail below.) For the purposes of simplicity, individuals in this group fall outside the definition of witness or witnesses, where that term is used in this book. 9.08 A brief definition of each of the three key categories of witness is set out below. By categorising witnesses, it will assist the investigation in determining the overall interview strategy including timing and order of interviews.

Core witness 9.09 •

An individual whose evidence is likely to be central to the facts and matters under investigation. It includes any person who might be considered the subject of investigation. (See 9.14 below)

Non-core or peripheral witness 9.10 •

An individual whose evidence is not central but may nevertheless be necessary either to: (1) corroborate evidence given by a core witness; or (2) provide relevant context to better understand the evidence: for example, because the individual’s evidence is necessary to confirm that a particular conversation on a telephone call took place because they were in the room at the time with one of the individuals on the call, but they were not directly participating in that call.

Subject matter expert or background witness 9.11 •

An individual who has relevant subject matter expertise or background who can assist the investigator in understanding the facts and matters under investigation, and who can provide informed comment on them: for instance, a senior member of staff in a different part of the business with expertise of the affected customer group who can comment on the potential impact of a conduct incident on those customers.

9.12 Often, in internal investigations it will be disproportionate to conduct a formal interview, ‘on the record’, to take the evidence of a subject matter expert (an SME). Nevertheless, there will be occasions where it is important that the investigation has formally gathered the SME’s evidence and has a note of what they said. For instance, where the company is later asked by an external authority to provide the evidence it relied on to make its findings. 9.13 Generally, when commenting on the facts under investigation, an individual in the SME group should be sufficiently independent of the affected business, service or product to avoid any potential conflicts of interest. This will be important to ensure the investigation is able to maintain a sufficient degree of independence 69

9.14  Interviews and witness handling and objectivity. It will also mean the investigation’s findings will be reasonably defensible, in the event the SME subsequently comes under scrutiny for their role in the matters under investigation.

PRACTICAL TIP Using a spreadsheet, create a list of potential witnesses at the outset of the investigation, including a record of the category of each witness and brief reasons why the individual falls within that category. Ideally, also include a column to insert the date(s) of any interviews and date of any documents provided to the witness (including a brief summary of the document provided). Maintain and update the list throughout, recording where and when a witness moves from one category to another. This helps to ensure consistency in approach and will provide a useful audit trail, in the event the investigation is challenged as to why a particular individual was or was not interviewed. NB – any list of witnesses is likely to contain personal data. Consequently an investigator will also need to be cognisant of the UK data protection rules and maintain appropriate security measures, such as using passwords, to protect that data.

Witness of fact or the subject of investigation? 9.14 In deciding whether to interview an individual, it is important to decide whether the individual is a witness of fact or is the subject of investigation. This distinction can be crucial to the employee/employer relationship because it may affect the rights of the employee. For example, the rationale for that decision may form the basis for initiating a decision to suspend the individual or freeze the payment of deferred awards (for example an outstanding financial bonus). 9.15 A failure to make this distinction can also lead to increased litigation risk (in the form of an employment claim) in the event the employer fails to clearly explain the basis on which an interview is conducted. For instance, it may be important to explain at the outset of an interview that the employer intends to use the evidence given by the witness to reach a decision whether to suspend them. 9.16 A  ‘witness of fact’ is a person who has been identified as an individual who may have knowledge of certain facts and matters which are relevant to the issues under investigation. This can extend beyond the immediate fact pattern under investigation and it includes subject matter experts and other individuals who can provide relevant context or background. 9.17 • •

In this book, the term ‘subject of investigation’ is used to mean: a person who has been identified by the investigation as a witness; and there is sufficient evidence to conclude that person’s conduct or behaviour may have fallen below the company’s expected standards, and therefore needs to be investigated. 70

Introduction – the purpose of witness interviews 9.23 The standards expected of an employee will vary according to relevant laws, regulations and the company’s internal policies and procedures. 9.18 Once the decision is made as to the individual’s status, it is important to continually monitor and test that decision as evidence emerges and the investigation develops to ensure there has been no change in status.

PRACTICAL TIP In preparing for an interview with an employee, identify the evidence which most likely could result in a re-assessment of the individual’s status. For example, if the contents of an email raise concerns that there has been a breach of conduct then, in an interview, the employee’s explanation of that conduct will be relevant to the employer’s decision whether to act on the contents of the email. Such action might include suspension or withdrawal of certain responsibilities, following the interview and pending conclusion of the investigation.

Preliminary interviews 9.19 A  ‘preliminary interview’ means an interview conducted early in an investigation before any substantive document review has been undertaken. Such interviews might take place after a small sample of documents or a few critical documents have been considered by the investigator. 9.20 The key distinguishing factor for a preliminary interview is that it is conducted at a stage when the investigator has yet to see any large volumes of communications which shed light on an individual’s conduct or course of dealing over a defined period of time. 9.21 Ordinarily, a preliminary interview should be for fact-gathering purposes, for example to develop an understanding of the context in which events occurred, rather than as a basis to put any allegations to the witness. As such, the preliminary interview is best suited for more complex investigations where there is ambiguity as to the seriousness of the conduct or breach in question, and the investigator requires further information from the witness, in order to determine the best course of action. 9.22 A typical example of the type of person to interview at a preliminary stage is a subject matter expert, such as a senior employee who is sufficiently distant from the affected business area but who has experience of the affected business, service or product and, therefore, is well placed to ‘educate’ the investigating team on how it operated and the individuals involved in that business. 9.23 If there is little doubt that a breach event occurred, for instance initial trading records corroborate an attempt to manipulate financial markets, then it may be more appropriate to conduct an interview for the purposes of providing the company with 71

9.24  Interviews and witness handling information sufficient to determine whether to suspend the employee. This is still a fact-gathering interview as well but in addition the interviewer should put the allegations to the employee to allow them an opportunity to explain their behaviour. For further guidance on suspension of employees, see Chapter 16. 9.24 Preliminary interviews are a useful tool to aid the investigator in better understanding the facts, for instance to build a picture of the nature of a product or business. They also help to narrow the issues for investigation at the earliest opportunity. 9.25 Often, a preliminary interview can quickly identify there has been a misunderstanding as to events and that, cast in the light of the evidence gathered at a preliminary interview, the investigation can be quickly closed down. 9.26 That does not mean the investigation should deviate from the template described in this book. Quite the contrary: if an investigation is closed immediately after preliminary interviews have been conducted it is all the more important that an accurate record is kept of what was said at interview and the basis for concluding that no further investigation was required, and that an appropriate level of authorisation is given to close the case. (For further details about record-keeping, see Chapter 12.) 9.27 Without a robust and accurate record detailing the investigation’s conclusions and the basis for them, an investigator will create unnecessary risk of criticism and potentially censure from an external authority in the event subsequent evidence comes to light which alters the position and the matter is the subject of external scrutiny. For instance, the financial services regulator – the FCA – can challenge the quality of an investigation by a regulated firm on the basis that it fell below expected standards, such as the requirement to conduct business with due skill, care and diligence. Where such a finding is made out, a firm may be liable to pay a financial penalty. 9.28 The challenge with preliminary interviews is treading the fine line between developing a better understanding of the facts and tipping off a witness (in the nonlegal sense). 9.29 For instance, if allegations have been made against an individual and he is interviewed at a preliminary stage then he will be on notice that an investigation is under way and he may take steps designed to prejudice the investigation, such as deliberately destroying evidence or inadvertently creating harmful written communications which may subsequently be disclosed to a regulator or a court. (The risk of destruction of evidence and how to manage this is described in Chapter 7 on preserving evidence.)

Where Preliminary interview with a subject of investigation 9.30 A preliminary interview with a subject of investigation may be necessary or important where a company has an obligation to make a report to an external authority, such as the obligation on FCA-regulated firms to make appropriate notifications to the regulator where potentially serious or significant misconduct is identified. 72

Introduction – the purpose of witness interviews 9.36 9.31 In these circumstances, the purpose of the interview will be to obtain an account from the investigation subject as to what happened and to put any allegations to them at the earliest opportunity so they can provide a response. Armed with this information, a company can form a better view as to whether any legal or regulatory threshold has been crossed for the purposes of making a report and ensure that it has discharged its obligations to the authority to provide a full and proper account of the evidence. 9.32 A company may also elect to conduct an early interview where there is some time pressure – for example, the subject of investigation is imminently leaving the company’s employment – or there are concerns about an employee’s integrity which a company wishes to gauge before it makes a decision about whether to maintain the individual’s existing responsibilities and/or whether to introduce enhanced monitoring and oversight of the individual whilst the investigation is ongoing. 9.33 Although it can be an effective strategy, there are a number of risks associated with preliminary interviews with the subject of an investigation, not least: • •





the risk of a claim for constructive dismissal (see also Chapter 16 on handling employees under investigation); the risk of inconsistent accounts being given by an individual, in the event he or she is interviewed at a later date and their recollection of events has improved owing to further reflection and consideration of contemporaneous documentary evidence (a common occurrence where the issues under investigation pre-date the interview by several months or years); the risk of prejudice to the company, in the event the notes of this preliminary interview are requested by an authority because the company may struggle to withhold these on the basis the notes are covered by legal professional privilege (see Chapter 15 for further commentary on this topic); and the risk of collusion or coordination of evidence amongst individuals because they are on notice of the company’s investigation and the nature of its enquiries.

Document interviews 9.34 A  ‘document interview’ generally describes an interview with a person who can assist the investigator in identifying the source of relevant information and evidence. This may go wider than merely documents and includes the location of electronic data and other types of evidence which may be material, such as CCTV footage or audio recordings. 9.35 Similarly to preliminary interviews, document interviews are particularly useful in helping narrow the issues which need to be investigated because they give the investigator an opportunity to understand the inter-relationship between different types of evidence. 9.36 For instance, the interview may be focussed on the different types of communication used by a particular individual or business team, whether the company holds records of those communications, where those records are located and for how long they are held. 73

9.37  Interviews and witness handling 9.37 Document interviews are particularly recommended for investigations involving large volumes of electronic data where it is important to understand the type and format of data concerned, the extent to which that data is available, how to access it and whether a company has specific retention policies for that data. This information will also help inform whether and when the investigator should issue a document preservation notice to affected individuals within the company. (The topic of document preservation notices is covered in Chapter 3 on immediate priorities for the investigation.)

Who should conduct the interview? 9.38 Typically, interviews tend to be conducted by either: (1) someone from a company’s support function or back office, such as an HR representative, compliance officer, in-house lawyer or internal auditor; or (2) an external party, such as a lawyer, consultant or forensic accountant instructed by the company or individual. All of these are valid choices for an interviewer. However, as is explained in more detail in Chapter 15 on Legal Professional Privilege, there may be good reasons why it is best the interview is conducted by a lawyer. 9.39 The important point to bear in mind in selecting the interviewer is that they must be sufficiently independent of the affected business or individual. This will minimise any actual or perceived bias or conflict of interest. It will also reassure the recipient of any subsequent investigation report (including any regulator or authority) that interviews have been conducted by an independent person who can be objective about the evidence. 9.40 Examples of interviewers who may not be sufficiently independent or objective include: the affected individual’s line manager; the head of the affected business area; the HR business partner responsible for the affected individual; or the compliance officer covering that business. 9.41 Equally, it is important the interviewer is not one of: the governing body tasked with deciding on outcomes once the investigation reports its findings; or any individual accountable for implementing the recommendations of any investigation report or remedial activity identified by the investigation. As well as mitigating the risk of any potential bias or conflict, this will also ensure decisions regarding the investigation and the company’s response are made on an objective basis, balancing all the evidence in the round. 9.42 Although the interviewer needs to be independent, they may lack the necessary industry knowledge or technical expertise to fully understand the answers given in interview. This can affect the quality and robustness of interview questions and make it harder to assess the validity or veracity of answers given by the interviewee. Where this is a risk, it is advisable to ensure an independent expert attends the interview to support the interviewer. 9.43 Such an expert does not need to be an external party – it can be an individual within the company who has sufficient knowledge or technical expertise to assist the investigation. If it is the latter then it will be important to show that, at least at the 74

Introduction – the purpose of witness interviews 9.50 time, they were sufficiently independent of the events under investigation and the parties involved such that they could be said to be objective. 9.44 Alternatively, where it is not appropriate for an expert to attend then the interviewer should ensure there is an opportunity both pre- and post-interview to consult with the expert – in order to better understand the evidence and contextualise the events which are the focus of the interview. 9.45 Post-interview, a meeting will provide the interviewer with an opportunity to review and test the witness’s answers with the expert. In these circumstances, it is important for the interviewer to make the witness aware at the start of the interview that they plan to consider the witness’ evidence with an expert and that they may wish the witness to attend another, subsequent interview to revisit some of their answers and ensure their answers have been accurately understood (in light of the expert’s opinion). This is in both the company’s and the witness’ interests because it avoids confusion and ensures the investigation’s findings are based on a sound understanding of the evidence. 9.46 In addition to having the requisite subject matter expertise, interviews are best conducted by someone with experience of handling witnesses, and with a firm knowledge and understanding of core interview techniques. In particular, it is important for an interviewer to understand how to use open and closed questions effectively, and how to avoid ‘leading the witness’ (ie putting words into a witness’ mouth). Some of these techniques are explored in Chapter 10 – conducting an interview. 9.47 That said, there will be many occasions when a company may not wish to or be able to afford to contract a third party expert, such as a lawyer, to conduct an interview. With that in mind, the remainder of this chapter provides further guidance for companies on the considerations for conducting an effective interview.

Attendees other than the interviewer 9.48 This is often an area of controversy in organisations and a source of concern for witnesses. Significantly, the question of who attends cuts both ways and it is important to consider the position from the perspective of the witness, and whether they have any specific rights that need to be observed: for instance, the right to bring a union representative or colleague with them. (See also the next chapter on conducting the interview.)

Attendees on behalf of the company/employer 9.49 Potential individuals from a company who may seek to attend an interview include representatives from HR, compliance, audit, line managers and senior executives or Board members. This is particularly true where the witness is also potentially under investigation. 9.50 Where more serious allegations have been alleged, there is often considerable pressure on the investigator to accommodate multiple requests to attend an interview and hear the evidence first hand. This needs to be resisted. 75

9.51  Interviews and witness handling 9.51 Most significantly, it is important to keep attendees to a minimum because of the risk the witness may feel intimidated and this can affect the quality of their evidence. The majority of witnesses will never have been involved in an investigation before and the experience of being interviewed can be a daunting one. This can be made doubly worse if the attendees include senior staff within the employer organisation with whom the witness has little or no dealing. 9.52 A small number of attendees at interview therefore will help create a more intimate atmosphere where the witness should feel more comfortable answering questions openly and truthfully. This should also empower the witness to ask questions or raise concerns if they feel uncomfortable. 9.53 To manage some of these sensitivities, a company may choose to have an HR representative in the room as a form of monitor, ready to intervene should they feel the interview is not being conducted in an appropriate way. If an investigator adopts this approach it is important to ensure that the HR representative is sufficiently independent of the affected business or individual. If they have a day-to-day relationship with that business or individual then their presence at interview can lead to difficulties afterwards, such as placing undue pressure on the HR representative to discuss the case with their stakeholders in the business or causing embarrassment for the witness if they were to disclose in interview information which implicates colleagues with whom the HR representative routinely deals with. 9.54 In addition, it is important that the HR representative is not responsible for or likely to be involved in initiating a firm’s disciplinary process, given the frequent risk that such a process may follow the completion of an investigation. In those circumstances, the HR representative may find they put themselves in a difficult position – for example: • •

because they have been influenced by evidence they heard during the original interview and it could be argued this affects their judgment when advising a disciplinary hearing manager, or because they run the risk of becoming a witness themselves, potentially being called to give evidence at an employment tribunal of what was said during the course of the witness interview.

9.55 Finally, if an attendee from the company is not a member of the core investigation team, it is important to ensure they are adequately briefed in advance on both the issues under investigation and, significantly, the scope of the questions which the interviewer is likely to ask. This will minimise the risk of intervention by the attendee, ensure they listen objectively and help them to maintain a neutral demeanour during the course of the interview. (It is obviously unhelpful when attendees ‘react’ to witness evidence because this can affect the content and way the witness gives their answers subsequently.) 9.56 Unsurprisingly, there is a balance to be struck in investigations between the employment rights of the individual(s) concerned and the obligations imposed on a firm to complete a sufficiently independent, thorough and robust investigation. This means the interviewer may need to ask difficult questions of a witness which may cause upset. Whilst a good interviewer will always be careful to avoid offence, it is 76

Introduction – the purpose of witness interviews 9.60 often necessary to challenge a witness’s recollection of events or probe why they failed to do something which was expected of them, such as adhere to an internal policy or procedure. Again, by briefing other attendees in advance about this risk the interviewer will assist in maintaining an orderly, composed interview.

Attendees on behalf of the employee 9.57 Before requesting an interview, it is always important to check a witness’s employment contract and a company’s employment policy to ascertain whether the employee has any specific rights which need to be observed, such as the right to union representation or a lawyer at an interview. Although an internal investigation will normally precede any disciplinary process, the boundaries can be blurred and some employment policies make no distinction between the two. This can have a bearing on the rights of an employee when asked to attend an interview, including a right to representation and a right to be made aware in advance of any allegations that may be made against them. It is equally important to bear in mind any precedent already set by the company on other investigations in the past which may affect your response to an employee’s request for representation or information. 9.58 If there are no specific policies or precedent covering this situation then it is best not to agree to any request for representation at interview. This is because an investigation is intended to be a fact-gathering exercise (often for the purposes of advising the employer on what steps to take in response to the facts discovered) and, although a witness may need to respond to specific allegations, it is not designed to form part of any formal disciplinary process (which might otherwise trigger a right to representation). 9.59 However, if a formal disciplinary process has commenced in respect of a particular witness then it will be important to take expert advice from the company’s HR or employee relations team, or – failing that – from the company’s lawyers, before proceeding to request an interview. 9.60 The subject of representation of a witness is considered in more detail in the next chapter on conducting an interview.

PRACTICAL TIP Before conducting an investigation into potential employee misconduct it is very important to consult with a company’s relevant HR team to ensure the investigative approach is consistent with the company’s policies and procedures, as well as its standard terms of employment. It is also often important to get buy-in from the HR team to the approach to conducting interviews. For example, it is advisable to: •

agree in advance with HR the company’s position in response to a witness’s request for representation at interview and have a pre-agreed statement in response ready which can be used consistently throughout the investigation; 77

9.61  Interviews and witness handling •





agree a process for notifying HR of proposed witnesses and intended interviews – this will also help HR to manage their stakeholders, such as senior managers who are responsible for the affected business area and who may need to be consulted in advance, eg to approve the witness’ time off to attend an interview; consult with HR on the approach to attendance at interviews, and where there are areas of potential controversy, assist HR in understanding why it is proposed to adopt a particular approach – this can also help manage risk later on in the event there is an employment dispute; establish a protocol for briefing HR following an interview – this may not involve disclosing the substance of the interview but it is important that HR is aware of any intended next steps, such as a further interview, so they can manage their stakeholders effectively (including the witness). This may be especially important where there are potential issues of employee welfare and well-being which need to be monitored.

Timing for conducting interviews 9.61 The timing of an interview will depend in part on the evidence which needs to be covered in the interview. For instance, as mentioned above, a document interview may be required at the outset to assist the investigator in identifying where and how evidence is stored. By contrast, an interview with the subject of an investigation will invariably be best left until the investigator is confident they have a good grasp of the facts and underlying evidence. This is so as to ensure the interviewer is able to ask informed, probing questions and so that they may more fully understand the answers given. This will also make it more likely the evidence is properly tested in the interview and that any findings as to the employee’s conduct, for example, are robust. 9.62 Where the investigation includes a phase for completing a document or data review and where there is time, it is good and prudent investigative practice to complete that review first, before commencing any interviews. This will allow the investigating team to identify key documents to put to witnesses, as well as assimilating a better understanding of the chronology of events, the relationships between individuals and the nature of the business and customers concerned – all of which will provide helpful context to the evidence given in interview. 9.63 Additional witness interviews may also be required following a first round of interviews, for instance where: • •

the investigator needs to put to a witness the account given by another, because there is a need to either corroborate or clarify evidence, or a subsequent review of the evidence suggests an alternative interpretation of events which then needs to be put to the witness to clarify their recollection of or provide additional context to those events.

9.64 An investigator should also consider in advance whether there is a risk of collusion or coordination between witnesses in advance of any interview. Where that 78

Introduction – the purpose of witness interviews 9.71 is the case, the investigator should consider conducting interviews simultaneously to mitigate this risk. In addition, it may be prudent in these circumstances to interview at an early stage in the investigation to secure a first-hand account of the evidence before any potentially collusive account has been fully settled between the witnesses.

Location of interview 9.65 Location is often seen as an important psychological factor when conducting interviews. For example, a whistleblower may prefer to meet away from their place of employment to mitigate the risk of being seen with the investigating team. Equally, an interviewer can use location to their advantage to convey the weight and strength of their authority. These are factors which are probably beyond the scope of this book. 9.66 That said, there is a golden rule which, in my experience, is critical to conducting an interview and that is to ensure the witness is able to give as clear and accurate an account as possible. This might mean consulting the witness in advance as to where they would most like to be interviewed or organising a meeting room away from their office so they are not distracted or interrupted. 9.67 Obviously, each witness will be different and the key is to have given sufficient thought to the location so that an investigator can be confident that, wherever they choose, they will have done their best to put the witness at ease. 9.68 That said, it is crucial to observe the witness’ reactions during an interview and if they are not or do not appear to be comfortable then it is important to note this and, where possible, ascertain whether the location is the cause. (In which case and where possible, it may be worth moving to another location to continue the interview.)

Order in which interviews are conducted 9.69 Where more than one interview is required, it is important to conduct them in the order which is most effective to enable the investigator to understand the evidence. 9.70 The traditional approach is to start with the most junior individual or a peripheral witness and work your way up to the most senior or most significant core witness (eg the subject of the investigation). This will ensure that the investigator has a sufficient understanding of the facts and personalities involved before proceeding to interview what may prove to be the most complex and challenging of witnesses. 9.71 There are however certain limitations to this approach and an investigator should be alive to these risks, including the possibility that a more junior employee will either sensationalise evidence or fundamentally misunderstand the nature of a business or product, eg  because of a level of inexperience. Obviously, this can unnecessarily skew an investigator’s perception of the case and create the perception of a serious issue which is not subsequently corroborated by the evidence. 79

9.72  Interviews and witness handling 9.72 Nevertheless, where an interviewer navigates these risks effectively then the traditional approach tends to be the better one. In short, in dealing with witnesses, forewarned is forearmed. 9.73 In other words, the benefit of the traditional approach is that it allows a process whereby the investigator is educated and better informed, and has an opportunity to test the evidence carefully, before interviewing more senior personnel who are more likely to be experts in their business, as well as more confident in their answers. The classic example of this situation is where a witness uses jargon, slang or expert language to obfuscate or, worse, mislead an interviewer as to the nature of events and documents. A well-informed interviewer will be in a better position to dissect this type of evidence and conduct a productive interview. 9.74 Of course, not all investigations are suited to the traditional approach and the practical point to note here is that the nature of the investigation may drive the order of interviews. For a typical conduct investigation involving a regulated person, the traditional approach may be most appropriate. However, for an investigation into an allegation of bribery by a senior manager the sensitivity of this allegation may mean it is best to interview the senior manager first – this could mitigate any potential reputational damage to that individual which might arise if multiple interviews were conducted with staff who were then aware of the issue in circumstances where it later transpired from the interview with the senior manager that there had been a misunderstanding. 9.75 As well as structuring interviews in chronological order it is also important to consider whether any interviews should be conducted simultaneously, for instance where there is a risk of collusion between witnesses.

Number of interviews per witness 9.76 Ideally, an investigation will only need to interview a witness once but obviously this is not always practicable, particularly where the evidence is complex or voluminous. Where that is the case, an investigator may require more than one bite at the cherry to ensure they understand the witness’ evidence. If it is probable that a further interview is required then this should be factored into the investigation plan and, as soon as it is practicable or appropriate, the relevant witness should be informed so they are prepared for a possible further invitation to interview. 9.77 More generally, it is best practice not to commit to a witness that their first interview is going to be their only interview, in case new or further evidence comes to light which means an investigator needs to ask further questions or revisit the witness’ account. This should be explained to the witness at the end of an interview.

Time taken per interview 9.78 As a good rule of thumb, it is best to take no more than three hours per interview and to ensure that the interview is broken up into 45-minute sections, to avoid unnecessarily exhausting the witness – tiredness will invariably effect the 80

Introduction – the purpose of witness interviews 9.84 clarity of their answers and recollection of events. If it is likely an interview will last more than three hours in total – for example because of a large volume of evidence that needs to be covered – then break it up over two or more days. That way, the witness has a chance to be thoughtful and measured in their responses to questions, which will invariably improve the accuracy of the answers given (partly because it allows adequate time for the interviewer to fully and properly test the answers). 9.79 In the interview plan, always allow time for the opening and closing statements which can often use up to 15 minutes or more if the witness has questions about the process, such as whether the investigator plans to share with others the contents of the interview.

Interview preparation Subject matter expertise 9.80 As mentioned earlier in this chapter, prior to conducting an interview it is important to have a good understanding of the subject matter to be covered with a witness, such as knowledge of the relevant business, service or product concerned. This will be critical to ensure a good quality interview. 9.81 If an investigator lacks the requisite knowledge or expertise then they should consider finding help from an expert who can provide advice and support in advance of the interview, as well as: • •

potentially attending the interview as an expert to hear the evidence first hand and assist the investigative teams in asking appropriate, focussed questions; and reviewing the interview record afterwards to assist the investigative team in identifying any areas for further enquiry or which require clarity, where the evidence is confused or ambiguous.

9.82 An expert could be another employee of the firm – it is not always necessary to look externally for this type of support. The critical point is that the expert is sufficiently independent of the issues and area under investigation. 9.83 If no expert is available then it is good practice to include in the interview plan additional time for the investigation to revisit the evidence given by each witness and seek clarification from the witness, where necessary. As an investigator’s knowledge develops of the case, the issues and the evidence, an additional interview may prove critical to ensure they have properly understood the account given by a witness and to fully test the witness’ evidence.

General duty to co-operate 9.84 As mentioned above, an investigator should always check an individual’s terms of employment to confirm whether they have a general duty to co-operate with an internal or external investigation (a common term in employment contracts). Where this term is absent, an investigator will need to identify in advance the basis 81

9.85  Interviews and witness handling on which an employee is expected to answer questions and accurately articulate the position to the employee at the start of the interview so there is no misunderstanding as to their obligations and rights. 9.85 If there is any doubt as to whether an employee is expected to answer questions then it is advisable to take appropriate legal advice first. (See also the comments about opening statements in the next chapter.)

Interview bundles 9.86 Where there are documents an interviewer wishes to put to the witness it is good practice to prepare a bundle in advance with an index. It is also useful to paginate the documents. Not only will this make note-taking more easier but it is also a prudent step in order to avoid misunderstandings later as to which document the witness was asked to consider and comment on. 9.87 If a document has been accurately identified in the interview and in the notes of the interview by page number or, in more complex cases, by a document ID then there is less risk of an inaccurate record of the evidence. This can be particularly important in the event a witness subsequently disagrees with the investigator’s note of the evidence.

PRACTICAL TIP It is generally good practice to prepare a master bundle of documents to be used in all interviews. An investigator can then prepare individual bundles for each interview, with documents included according to the witness and topics to be covered. In an investigation into employee conduct, a master bundle should ordinarily contain: •

• • •

the company’s internal policies and procedures, as well as extracts of any applicable laws or regulations (such as the FCA’s Conduct Rules for individuals), which have been identified as relevant to the issues under investigation, and organisation charts describing the structures of the relevant teams or business areas; descriptions of roles and responsibilities for each of the key individuals involved; any relevant evidence which is common to all witnesses, such as key internal or external communications, key financial data or key client files.

9.88 Finally, the interviewer should always be familiar with the contents of the bundle in advance to ensure the interview is conducted smoothly and efficiently. This particularly avoids delays to the interview whilst an interviewer searches for relevant documents – a common problem! 82

Introduction – the purpose of witness interviews 9.94

Sharing evidence with the witness in advance of an interview 9.89 For a witness of fact, the best course of action is to give them time to consider the evidence in advance and be prepared to answer questions on the documents. In a fast-moving investigation this is not always possible and so, where that is the case, it is good practice to give the witness as much notice as possible of the likely topics to be covered. 9.90 Where the witness is or is likely to be a potential subject of investigation then it may be important to see their reaction to a document, put to them for the first time in interview. Whether to take this approach will need to be assessed on a case by case basis, and often depends on the circumstances and the nature of the allegations to be investigated. 9.91 For example, say the contents of an email communication suggest there is some doubt as to the truthfulness of a previous account given by the witness to their line manager (which account has been relayed by the line manager to the investigative team before the interview). In that case, the interviewer may wish to present the email communication to the witness for the first time in the interview to establish whether, at the first time of asking, they present a credible explanation for the disparity between the document and the previous account they gave to their line manager.

Prepare an interview outline 9.92 It is always good practice to prepare an outline of the questions the investigator intends to ask in interview. In fact, in most cases the investigator should be able to work off a template, prepared some time before any investigation has commenced. This is because, in practice, most interviews will cover certain standard topics or areas of information which a witness is normally expected to provide to establish the parameters of their evidence and ‘set the scene’”. 9.93 Furthermore, by starting with more generic questions an investigator will more likely put a witness at ease, focussing on uncontroversial, more familiar areas before homing in on the evidence relevant to the key issues in the case. 9.94 In terms of the content for an interview outline, the standard topics tend to be broken down into two parts: (1) information that concerns the witness’ role, their experience and their competence; and (2) information concerning the company, its people, processes, technology and customers. Generally, it is good practice in an interview to start with these two areas, and in that order (information concerning the individual and then the company). This will not only provide helpful context to the witness’ evidence, it will also put them more at ease and consequently they are more likely to give a clearer account of events. However, it is important to note that as the interview progresses it may be important to revisit the evidence given in respect of the first part. For example, to understand how a witness’ role and responsibilities fits within the context of the team or business in which they work. 83

9.95  Interviews and witness handling 9.95 Within the first part (witness’ role, experience and competence) the topics to cover will normally include: • • •



the individual’s employment history, including time spent with the company, and any previous relevant experience; their roles and responsibilities within the company and dates of any changes to their role/responsibilities; their regulated status (where applicable) – for example whether they are authorised to perform a particular role within the company which is independently regulated, such as an in-house lawyer, authorised financial services professional or internal auditor; any relevant areas of expertise or qualifications;

9.96 Armed with this information, an investigator can better determine: (1) how effective and capable the witness may have been in discharging their role and responsibilities – where this is an issue relevant to the investigation; and/or (2) how credible and reliable is the witness’ observations and assessment of events – which will be important when the investigation proceeds to consider all the evidence gathered and needs to decide what weight or significance to give to each piece of evidence, before making findings. 9.97 Within the second part (information concerning the company and its business), the key areas to cover will normally include: •

• •

the individual’s working environment, such as preferred methods of communication (which may be relevant to identifying where evidence is located) and desk or office location (often an important consideration in cases involving the handling of company confidential or ‘insider’ information); the organisational structure of their team and their network of business relationships, such as key customers and stakeholders, and the nature of their employer’s business, including describing the market, and the structure and key elements of any relevant service, product or business line which falls within the scope of the investigation.

9.98 These topics will be relevant to understanding how the events under investigation fit within the overall picture of the company’s business. For instance, in determining the significance to the company of an event which causes customers to lose money it will be important to understand the size of the company’s customer base, the types of customer and the nature of the services provided to them. If that information suggests the group of customers affected was a relatively small one then this will assist the company’s management when making decisions about potential compensation costs and the extent of the risk of follow-on litigation or investigation by a regulator. 9.99 Of course, where there are multiple witnesses all working within the same team or the company is a relatively small one then it may be possible to curtail some of the questions concerning the company and its business, once the investigator is confident this information has been sufficiently covered in the initial interview(s). (See also the comments above concerning background or preliminary interviews which may assist in providing relevant context, prior to interviews with core witnesses or subjects of investigation.) 84

Introduction – the purpose of witness interviews 9.103

Prepare a list of core questions which are specific to each witness 9.100 As well as including the broader questions such as those contemplated in the interview outline described above, it is also important to identify the core questions which need to be answered by each witness. Generally, these should track the issues identified in the investigation scoping document. However, care should be taken to ensure that the questions are limited to those which are most likely to be within the witness’ knowledge and understanding. It is generally unwise to invite a witness to speculate as to what ‘might’ have happened. This type of evidence is often unreliable and can potentially distort an investigator’s view of the evidence. 9.101 •



The following example illustrates how to develop a list of core questions:

In the context of an investigation into an individual in the financial services sector, one of the issues to be determined is whether the subject of the investigation acted with due skill, care and diligence in performing their authorised role (or ‘function’) in the company. In this scenario, some of the core questions that will need to be put to the individual in an interview are: – Were they approved to perform an authorised function at the time of the incident in question? – What was their normal practice in performing that function and did they deviate from their normal practice at the time of the incident? – If they did not deviate from normal practice, what was the basis for that practice? For example, were they trained to perform their role in a certain way? (This is relevant to determining whether there are mitigating circumstances for any potential breach of the requirement to act with due care and skill.) – If they did deviate from normal practice, why and was this the result of any direction, instruction or other external influencing factor? (Again, factors which may suggest there are mitigating circumstances.) – Is there anyone else who performs the same or a similar function and, if so, is the witness aware of any differences in approach? (An important question in conduct cases is whether the authorised individual fell below normal industry standards. If they adhered to an accepted or recognised industry standard then there will be a stronger basis to conclude that the individual satisfied the relevant regulatory requirements.)

9.102 This is a non-exhaustive list of potential questions but, hopefully, it is a useful example of the importance of good interview planning and how this may assist the company in its assessment of the evidence and what steps it may be required to take in response to a witness’ evidence. 9.103 In the above example, the answers elicited will aid the company in determining whether there is a risk of a regulatory breach and, therefore, whether a report needs to be made to its regulator (the FCA). Note, however, that a company should be careful when making statements to the effect that a rule or law has been breached – that is normally for the relevant regulator or authority to establish (as explained more fully in Chapter 13 on Regulatory Disclosure and Liaison). 85

9.104  Interviews and witness handling 9.104 The approach suggested above will ensure an investigator gets the most out of an interview and minimises any duplication of effort – such as the need to conduct multiple interviews with the same witness because key areas for questions were omitted from the initial interview.

Should an interview be audio-recorded? 9.105 This is a potentially controversial topic and there’s no doubt that certain sections of the enforcement community would greatly prefer interviews to be recorded, given that it could potentially alleviate some of the difficulties that arise where the interview notes are said to be subject to legal privilege.2 9.106 Nevertheless, there are good reasons militating against audio-recording. Most notably of these is the effect it has on a witness: •



In internal investigations the production of a recording device can immediately send the wrong message to a witness. For instance, it can suggest to a witness of fact that their conduct is under scrutiny or, more broadly, an escalation in the level of seriousness of the issues which may be unjustified on the evidence and cause undue stress for a witness (which in turn can affect the quality of what they say in the interview). Even in an interview with a subject of investigation, audio-recording is likely to inflame the situation at a stage when the chief purpose of the investigation is to gather the evidence and establish the facts. Rightly or wrongly, audiorecording is often perceived as an indication that the interviewer has concerns regarding the credibility, motives or intentions of a witness and, therefore, that it is better to have the interview ‘on the record’. In reality, all interviews will be on the record where they are conducted for the purposes of reporting findings to the company. However, audio-recording the interview in an internal investigation appears to have a material adverse impact on a witness and the evidence they give.

9.107 By conveying these types of message or impression a witness may attempt to limit any perceived personal risk to themselves, for example by withholding certain information which they fear might result in a disciplinary action. Worse still, a witness could refuse to answer questions or demand legal representation where none is merited. These are all disruptive events which are best avoided by resisting the temptation to audio-record.

2

For more details concerning waiving legal privilege over documents produced in the course of an investigation, see Chapter 15 on legal privilege.

86

Chapter 10

Conducting an interview This chapter considers the following: ▶ ▶ ▶ ▶ ▶ ▶

Opening statements. Representation of a witness. The right against self-incrimination. Whistleblower interviews. Interviews with former employees. Interviewing employees based abroad.

Opening statements before asking any questions 10.01 As outlined in the previous chapter, it is imperative the witness understands at the outset the basis for the interview and their rights. As a matter of best practice, therefore, an investigator should prepare an opening statement which can be used at the start of every interview to describe the nature and purpose of the interview, along with an outline of the individual’s rights. The witness should also be given an opportunity to ask questions on the matters covered in the opening statement and to expressly assent to the basis on which the interview will be conducted, before the interview proceeds. 10.02 • •

As a minimum, the opening statement ought to explain:

that the fact of the interview and the information provided and/or obtained during the interview is confidential to the company, and where the witness is an employee of the company, that they must not discuss the interview or its contents with any other employees or third parties (except the witness’ representative or legal counsel – if one has been appointed).

Legally privileged interviews 10.03 Where the interview is conducted on a legally privileged basis (a ‘legally privileged interview’) then further information should be included in the opening statement to assist the interviewee in understanding what this means. This information should include an explanation to the effect that: • • • •

the interviewer represents the company and not the employee; the interview and its contents are confidential to the company and subject to legal professional privilege; this privilege belongs to the company, and only the company can waive privilege, meaning it is exclusively the company’s decision whether to waive that right and disclose the contents of the interview to a third party, such as an investigating authority or a regulator. 87

10.04  Conducting an interview 10.04 Normally, for a legally privileged interview, the interviewer will be the company’s lawyer or, at least, a person directed by the company’s lawyer to conduct the interview. More information concerning when and how legal privilege applies to investigations is contained in Chapter 15. 10.05 Where a lawyer is conducting the interview, it is also advisable to include a statement to make it clear to the witness that the lawyer acts for the company and therefore is not able to advise them in a personal capacity and that if the witness has any concerns about their personal position then they should consult independent legal counsel. 10.06 To minimise the risk of any subsequent inadvertent waiver of privilege, it is recommended the opening statement is incorporated into the interview notes so any subsequent recipient of the notes is on notice of the company’s claim of legal privilege.

Acceptance of interview terms 10.07 Once the statement has been given, the witness should be asked to confirm their understanding of, and agreement to the terms on which the interview will be conducted. This is also the witness’ opportunity to ask any questions about or seek clarification of those terms. 10.08 If the witness refuses to accept the terms then it will be important to explore with them the basis for their refusal, and whether this is derived from any misunderstandings that the interviewer can clarify there and then – or which can be quickly resolved by a call to the company’s lawyers or HR department (assuming they are on hand to support). 10.09 If, after clarifying the position, the witness continues to refuse to accept the terms on which the interview is conducted then there are several courses of action open to an investigator, including: • • •

carrying on regardless; postponing the interview, or cancelling the interview altogether.

10.10 The first option – carrying on regardless – is not advisable. Any evidence taken in this scenario would run the risk that the witness considered they were not bound to keep the interview confidential, meaning they might discuss its contents with other witnesses (potentially prejudicing the evidence given by others) and/or there would be a clear danger the interview was not covered by legal privilege, where this applies. (The foundation of all claims for legal privilege is that the ‘communication’ – in this scenario, the communication may be the interviewer’s notes of what was said at the interview – must be confidential.) In addition, this approach could place the company at risk of a potential employment claim, for example the witness alleges that the interview amounted to harassment or that it undermined the employer/ employee relationship of trust and confidence. 10.11 Cancellation is obviously an extreme step but if the witness is peripheral to the issues under investigation then that may be the most practicable option, assuming 88

Opening statements before asking any questions 10.16 it is possible for the investigator to conclude their enquiries without relying on the witness’ evidence. Similarly, if there is some other evidence available on which the investigation could rely that might obviate the need for the witness’ evidence then cancellation may also be appropriate. 10.12 In terms of best practice, the most prudent course of action is likely to be to postpone the interview to allow the witness time to reflect on the contents of the opening statement and to take advice (if necessary). Once the witness has had sufficient time to reflect (which should realistically only involve a few days, at most) then either: (1) the interview can proceed as planned; or (2) the investigator will need to agree with the witness an alternative, mutually agreeable basis on which the interview could be conducted (such as providing the individual with representation from a co-worker or independent legal counsel). 10.13 It is also worth noting here that a refusal by an employee to agree to the terms on which the interview is proposed to be conducted may amount to a disciplinary issue because of the general duty on an employee to reasonably cooperate with their employer. This duty is often expressly stated in an employment contract and on occasions will extend to a duty to cooperate in relation to investigations conducted both internally by the company and externally by an authority or other third party. 10.14 On most occasions, it will be heavy-handed of an interviewer to suggest to an employee that a refusal is unreasonable and constitutes a breach of their duty to cooperate. Any such suggestion is best avoided – particularly because it is likely to negatively affect the interviewer/witness dynamic and cause the witness to be more guarded in their answers. Nevertheless, there will be times when it is important to remind an employee of their duty if they are prevaricating or being difficult without good reason, and this is the only means by which to ensure the interview proceeds. 10.15 On occasion, it may be appropriate to circulate the opening statement to a witness in advance of the interview to allow them time to reflect on the terms on which the interview will be conducted, and for the interviewer to answer any questions before the interview itself. Whilst this can mitigate the risk of refusal to agree to those terms, in practice taking this approach tends to alarm a witness – conveying an impression of significance or seriousness which the interview might not otherwise merit – and often prompts them to request representation at the interview which, for the reasons outlined later in this chapter, can be an unwelcome distraction where the individual is not or is not likely to be the subject of investigation. 10.16 Following the initial opening statement described above and the witness’ confirmation of their agreement to the terms on which the interview is conducted, the interviewer may wish to provide the witness with some additional guidance and information about the format of the interview and the way it will be conducted. In particular, it may be important to provide the witness with the following guidance: •

a brief description of the format of the interview, for example anticipated length of time, whether there will be breaks, the roles of each party in the room, the fact that someone will be taking notes and whether those notes will be made available to the witness (for example in draft for their comments, following the 89

10.17  Conducting an interview

• • • •

interview) – see also the guidance in the next chapter in relation to note-taking and key steps post-interview; simple guidance on how to answer questions effectively – for example restricting their answers to one question at a time and not rushing answers so an accurate note can be taken; where there is a witness bundle, guidance on the use of those materials and how to refer to them during the course of the interview; an outline of the topics intended to be covered during the course of the interview (if these have not already been provided in advance to the witness); if relevant, advance notice that the investigator plans to consider the witness’ evidence with an expert and that they may wish the witness to attend another, subsequent interview to revisit some of their answers and to ensure their answers have been accurately understood (in light of the expert’s opinion). This is in both the company’s and the witness’ interests because it avoids confusion and ensures the investigation’s findings are based on a sound understanding of the evidence given in the interview.

Representation of a witness at an interview 10.17 There are several different types of representation that a witness may request and/or be entitled to when interviewed as part of a company internal investigation. Generally, these are likely to comprise one or more of the following: a co-worker (including a member of the company’s HR team); a trade union representative; and a lawyer or legal representative. 10.18 The primary purposes of witness representation is: (1) to ensure an interview is conducted appropriately – for instance to ensure the appropriate company process is observed and that the well-being of the witness is managed throughout; and (2) to provide the witness with an opportunity to seek appropriate advice before answering a question – for example legal advice concerning their own personal liability if their answers may tend to incriminate them or raise a risk of dismissal from their employment. 10.19 A witness representative may also take notes of the interview if the witness has concerns about the accuracy of the record or wishes to keep their own record of what was said, in the event the interviewer declines to share their notes postinterview. 10.20 The attendance of a representative therefore presents an investigator with several challenges and potential pitfalls, as well as possible advantages, which are described in more detail below. 10.21 Most critically, the presence of another non-investigative party in the interview can cause disruption to the way the witness gives their evidence – for instance, because the witness becomes more inhibited and therefore gives a moderated account of what happened, which may leave out crucial details. 10.22 Conversely, the presence of a representative can be played to the interviewer’s advantage, for example: 90

Representation of a witness at an interview 10.25 • •

by emphasising the seriousness of the situation and the importance of giving an open and truthful account, or by providing an independent party who can corroborate what the witness said, in the event there is a subsequent dispute over the evidence given in interview.

10.23 Whatever the situation, it is crucial that the investigator takes steps in advance to ascertain whether a representative will be present and, if so, what their role is likely to be both before, during and after the interview. If a representative will be present, or it is likely that the witness will request their presence, then the investigator will need to give careful consideration to the question of how to manage the situation and what steps to take in advance. 10.24 Obviously, the steps will vary according to the type of representative and the nature of their role (which is considered further in the section below) but there are certain fundamental considerations that will arise in almost all instances where representation is requested or anticipated, namely: •



• •



Do you need to brief the representative in advance about the nature of the investigation and the evidence likely to be covered in interview, including any documents you may put to the witness? This may assist them in better understanding the context for the evidence given by the witness and ensure they are appropriately briefed for the purposes of discharging their role, which may be to advise the witness or to take notes (which are more likely to be accurate if they have some familiarity with the case). Do you need to agree some ground rules for the representative to avoid any unnecessary interruptions during the interview itself? For instance, are they attending purely in an observatory capacity or are they mandated to speak on the witness’ behalf? Do you need to brief the witness about the role of the representative and/or any ground rules agreed? And should that briefing take place in advance or can you/should you incorporate it into your opening statement? For a legally privileged interview, do you need to agree the basis on which notes of the interview will be produced, including an agreement that the representative will not take any notes? This is important because the company’s claim of legal privilege – which can protect the interview note from being disclosed to a third party – can be undermined if the representative, who is not part of the company’s legal team, creates a separate note that is capable of being disclosed. Further details concerning the production of interview notes is contained in the next chapter on post-interview steps. Following the interview, what steps do you need to take to update the representative about developments and the status of the witness? For instance, if a decision is made on the basis of the witness’ evidence to notify them that they are now the subject of investigation then should you make that notification with the representative present?

10.25 Once the investigator has answers to these questions then they can devise a plan on how to manage the representative and the witness through the process from notice of an intention to conduct an interview through to confirmation of closure of the investigation. 91

10.26  Conducting an interview

Interviews in an internal investigation vs disciplinary interviews 10.26 Many company policies will expressly refer to an employee’s entitlement to representation in the event they are the subject of an interview for the purposes of a disciplinary process. In other cases, the company may have set a precedent by permitting staff to be accompanied by a co-worker or trade union representative when interviewed for the purposes of either a disciplinary process or an enquiry which is a pre-cursor to a disciplinary process, such as an internal investigation. 10.27 As explained earlier in this book, an internal investigation does not normally constitute a disciplinary investigation (and an investigator should take care to ensure this distinction is clearly drawn when commencing their investigation). 10.28 However, not all company policies will be sufficiently clear to draw the same distinction and therefore there will be occasions where there is no clear basis on which to agree or decline a request. In those circumstances, it will be doubly important to make clear at the outset of the interview the terms on which a representative is entitled to attend. 10.29 Whatever the position, it is important for an investigator to make enquiries before conducting interviews to ascertain whether a contractual entitlement or established precedent of representation exists. Assuming it does, then the company may be obliged to offer the witness an opportunity in advance of the interview to arrange their own representation. With this in mind, detailed below are some non-exhaustive considerations for the types of representative most frequently encountered in internal investigations.

Co-workers and trade union representatives 10.30 Most commonly, a co-worker will attend in an observational capacity to provide pastoral care and moral support for the witness. In other words, they will have no entitlement to intervene – save for the purposes of safeguarding the wellbeing of the witness – and they cannot (and should not) give evidence on behalf of the witness. 10.31 A  trade union representative will either be a workplace representative who is also a co-worker (as is often the case in larger companies) or a trade union official from outside of the company (as is often the case for small and medium enterprises). A trade union official must be an officer of a trade union, or someone who has been properly elected or appointed to be a representative of its members. If there is any doubt, the appointment of a trade union official can be verified by written confirmation from the relevant trade union. 10.32 If the witness is a member of a trade union then they will have a right to be accompanied by a trade union representative at a disciplinary or grievance hearing. Ordinarily, the witness will have no right to be accompanied to an interview in the context of an internal investigation. Nevertheless, on occasion, the witness may assert they have such a right and/or the company may have previously agreed with the trade 92

Co-workers and trade union representatives 10.36 union that the witness may be accompanied to an interview. If that is the case then establishing the ground rules for the conduct of the interview will be fundamental. This is because, in ordinary circumstances – ie  a disciplinary hearing – the trade union representative is authorised to make representations on behalf of the employee, which might include making statements on their behalf about the evidence. This is obviously unhelpful where the investigator is trying to obtain a first-hand account of the witness’ evidence and the witness is influenced by their representative or the flow of evidence is interrupted by their representative. 10.33 In view of this, where a trade union representative is appointed it is prudent for an investigator to move swiftly to agree the basis for their attendance at the interview and, ideally, establish they will attend: • • •

in an observational capacity to provide pastoral care and moral support for the witness; and to ensure that any relevant trade union policies and procedures are appropriately observed, but they are not entitled to give evidence or put words in the witness’ mouth. (This is surprisingly common – it is human nature to want to help and often a representative will repeat the witness’ evidence in a way which they think better articulates what the witness is trying to say, if their evidence is unclear. The classic indicator of this behaviour is when someone says ‘I think what [x] is trying to say is…’.)

10.34 It will also be important in these circumstances to have considered the fundamental questions outlined above (for example concerning the taking of notes) and established in advance a clear understanding of the format and process for the interview, including any required steps following the interview, to avoid the investigation inadvertently breaching a trade union rule.

HR representatives – a special category of co-worker 10.35 Whilst a representative of the HR function is invariably a co-worker, they are normally in a special category of representative, attending the interview both for the purposes of ensuring the company’s HR policies and procedures are appropriately observed and also to provide the pastoral care and moral support mentioned above. However, as explained in the previous chapter  (9.26), the presence of an HR representative can present difficulties where the witness is subsequently the subject of a disciplinary process. For instance, because of the risk the HR representative may subsequently find themself compromised or conflicted. 10.36 This risk of conflict often arises where the HR representative is later required to advise a disciplinary hearing manager in the context of a disciplinary process involving the witness/employee or the HR representative is subsequently called as a witness at an employment tribunal proceedings brought by the witness/employee to give evidence about what they said in the interview. In both instances, (in very simple terms) it could be alleged that the HR representative’s view of the witness has been coloured by what they heard during the interview and therefore the witness/employee has been deprived of a fair hearing. 93

10.37  Conducting an interview

Legal representation – the general rule 10.37 It is rare that legal representation of an individual at an interview will be appropriate or necessary during an internal corporate investigation. 10.38 As emphasised throughout this chapter, the purpose of a witness interview is to gather facts and establish an individual’s account of events. It is not designed to be an adversarial or interrogatory process. Nor is it designed to replace a firm’s disciplinary process. 10.39 Consequently, unless there are exceptional reasons, it will normally be appropriate to politely reject any request for legal representation to attend the interview on behalf of the witness. This is the general rule when conducting interviews and will normally apply regardless of whether the individual is a witness of fact or a subject of investigation. However, as one would expect, there are certain exceptions to the general rule which the investigator will need to consider in advance of an interview so that either: (1) appropriate arrangements are made in advance for a legal representative to be present; or (2) the investigator is prepared to appropriately respond to any request made during the interview for legal representation. These exceptions are considered further below. 10.40 If a witness is still unsure, or requires convincing that legal representation is not necessary then, if the investigator has not already done so, it may be helpful to share with them an outline of the topics for interview and explain the basis on which the interview will take place. In particular, it may assist the witness to understand whether they are the subject of investigation and for the investigator to confirm that any notes of the interview will be kept confidential, and only shared with a narrow group of individuals within the company. Information such as this can assist the individual in better understanding the risk to them personally of answering the company’s questions and may alleviate their concerns or desire for independent legal representation.

Exceptions to the general rule 10.41 • • •

Exceptions to the general rule fall broadly within three categories:

contractual entitlement; company precedent, and circumstances where the individual is at risk of investigation by an external authority.

Contractual entitlement 10.42 Although rare, where the witness is an employee of the company or a contractor, there may be terms in their contract which expressly require the company to provide legal representation in certain circumstances – such as in the context of an internal investigation. Such terms are more likely to appear in employment contracts of senior management and directors of the company’s board. It is always important therefore to check the employment contract before interviewing a witness. 94

Exceptions to the general rule 10.47

Company precedent 10.43 On occasion, a company may have set a precedent for providing legal representation in previous cases and the employee may therefore argue they should be afforded a similar benefit. This is most likely to be the case for subjects of investigation. Drawing the distinction between a witness of fact and a subject of investigation may assist to quickly close down any suggestion of similar entitlement. However, where there is a clear precedent then the company may be obliged to provide independent legal representation or it may run the risk that an employee will say they have been treated unfairly.

Risk of investigation by an external authority 10.44 If the company is aware the individual to be interviewed is already the subject of investigation by an external authority (an ‘external investigation’) then it is inadvisable to proceed with the interview until external legal advice has been given as to the implications of doing so and, if the interview proceeds, how it should be conducted in those circumstances. It is common in this situation for the company to give the individual an opportunity to take independent legal advice and, potentially, agree that their independent legal representative may also attend the interview. 10.45 However, the position is more complex where the company is unaware of any external investigation into the individual but there is a risk the individual might be or might subsequently be the subject of external investigation. This is often a risk where the company itself is a potential target of an external investigation – particularly in the financial services sector where the regulator will often commence concurrently an investigation into the company and its senior management, where it is alleged there have been significant controls failings. 10.46 Again, it is important in these circumstances to seek legal advice before proceeding to interview the individual concerned. This is so that the company can manage its own risk, such as the risk an interview might prejudice an authority’s investigation into the company or the risk an investigating authority subsequently compels the company to produce its notes of the interview for the purposes of making a case against the company for breach or against the individual. 10.47 It is also advisable in these circumstances to consider whether to provide the individual with an opportunity to seek independent legal advice and consult with their lawyer in advance. This has the benefit of ensuring that the individual is properly prepared, by their lawyer, for an interview with the result that their evidence is likely to be more comprehensive and more clearly articulated (although it may be more polished than would otherwise be the case). This is also important if the company subsequently chooses to brief its regulator or an investigating authority about the contents of the interview, or chooses to share its interview note with the authority. By providing the witness with an opportunity to take legal advice, they are more likely to take care in their use of language (for example they avoid sensational or generalised statements), they will ensure their answers are framed with appropriate evidential context and they are less likely to inadvertently suggest failings on their or the company’s part which are unsubstantiated. 95

10.48  Conducting an interview 10.48 Having taken legal advice, if the individual wishes for their lawyer to attend then they will be in a better position to make representations as to why that would be appropriate. Nevertheless, given this is the company’s own investigation, the company can still refuse to permit the lawyer’s attendance – and it can still insist on an employee’s attendance under the duty of cooperation principle. Obviously, the danger in refusing a request for legal representation at this point is that the employee chooses not to attend (on the basis they would rather risk a disciplinary process than give evidence without representation where that evidence could end up in the hands of an investigating authority). The company will then need to explore other avenues for obtaining the witness’ evidence – for instance, putting a series of written questions to the individual and/or their lawyer to answer – although the available options may be limited and not as valuable as a first-hand witness account. 10.49 As is apparent from the above, the matter of independent legal representation and the attendance at interview of an individual’s lawyer are delicate situations which will require careful thought. The key to these situations is engaging in a dialogue with the individual concerned to find a middle ground between the company’s interests in gathering sufficient facts and information to conclude its investigation and the individual’s interests. For instance, it may transpire from discussions with the witness, before they have agreed to an interview, that they are willing to share certain relevant documents which may assist the investigation whilst minimising the need to conduct an interview with them. 10.50 This act of balancing competing interests also extends to consideration of the employer/employee relationship and it is always important – particularly in the context of conducting interviews which can be highly emotional situations – for the investigator to ensure the steps they take do not adversely affect that relationship. If the company is too overbearing, heavy-handed or inflexible in its approach to interviewing its employees then this can strike at the heart of the relationship of trust and confidence, with the consequential risk of an employment claim against the company. This risk is best managed by giving careful thought at an early stage to the approach and the framework for conducting interviews, and then ensuring ongoing support for the witness following the interview. (This is more fully explored in the next chapter.)

The right against self-incrimination 10.51 On rare occasions, a witness may refuse to answer the interviewer’s questions on the basis they believe to do so might result in self-incrimination, ie their answers may lead to incrimination or may lead to the discovery of real evidence of an incriminating character. This is known as the privilege against self-incrimination and has long been enshrined in English law. It also features in many other common law jurisdictions and is enshrined in the US Constitution – commonly referred to as ‘pleading the fifth’. 10.52 In practice, this right is normally invoked by a person during legal proceedings, other than criminal proceedings, where they refuse to answer any question or produce any document if to do so would tend to expose that person to proceedings for a criminal offence or for the recovery of a penalty. Given an internal 96

Whistleblowing investigations and interviews 10.58 investigation is not a legal proceeding, it should be the case that the right against selfincrimination does not technically apply. 10.53 Nevertheless, given company or corporate investigations often subsequently lead to legal proceedings, including investigations by regulatory enforcement and criminal authorities, it is understandable that a witness may be reluctant to share information in the interview which they perceive might ultimately be shared with an external party (and thereby expose the witness to the risk of prosecution). 10.54 In the event an interviewer is faced with this scenario then the practical response is to suggest a pause in the interview to allow the witness to reflect on their answer before proceeding further. This will also allow the interviewer an opportunity to reflect and take legal advice, if appropriate. It is also worth considering, in this scenario, whether to offer the witness an opportunity to take legal advice in the event they have not already done so on this particular issue. 10.55 Following the break, it will be important to re-establish the basis on which the interview will progress, assuming the witness agrees to proceed, and that the witness confirms his or her understanding of the position. In particular, where the witness is an employee, it will be important that they understand their refusal to answer questions may constitute a breach of their duty to cooperate with their employer and therefore it could be a factor taken into account in determining whether to take disciplinary action against them. (This needs to be framed carefully so that the interviewer is not perceived to have coerced the witness into giving evidence against their will, particularly in circumstances where they are concerned about self-incrimination.) 10.56 If, following reflection, the witness is not willing to share more information to assist the interviewer in understanding their concerns then it is advisable to move on to any other questions the interviewer may have – continuing to note where the witness refuses to answer but not placing undue pressure on the witness to give answers where this might re-engage the issue of self-incrimination. 10.57 Following an interview of this nature, it will then be necessary to consider the legal position with regards to the witness’ answers and determine whether to invite the witness and/or their legal adviser to provide a written explanation of their position so the company can better assess whether the basis for refusing to answer is a reasonable one in the circumstances. The company may also need to make its own independent enquiries, such as reviewing documentary evidence (as described in Chapter 8) to better understand the risks and how this might affect the company’s position.

Whistleblowing investigations and interviews Interviews with a whistleblower 10.58 Interviews with a whistleblower are a special category of case which require careful handling and a good deal of caution. In particular, it will be important to ensure that the way an interview is conducted does not in any way compromise the whistleblower or their identity. In practice, this means ensuring the following: 97

10.59  Conducting an interview • •

The interview is conducted at a place and time least likely to expose the whistleblower to discovery. For instance, an interview out of office hours in a hotel may be preferable to the whistleblower’s workplace. The way the interview is conducted is best designed to avoid identifying the whistleblower. In extreme examples, this may mean the investigation team and interviewer are not provided with the whistleblower’s identity (even though they are conducting the interview). In other examples, it may mean the investigator ensures that all notes of the interview are anonymised so the whistleblower’s identity is not compromised. For instance, the investigator and note-taker may use a code name for the individual so that any future record of the content of the interview does not identify the individual. Similarly, the notes of the interview may need to be adapted so that any salient details about the individual’s employment – such as their role and responsibilities – are recorded separately or not recorded at all (although that may be challenging). That way, if the interview notes are subsequently circulated to other parties or external authorities, the whistleblower’s identity can be protected from discovery.

10.59 There are also softer lines that may need to be followed when handling a whistleblower interview, such as the need to take particular care around ‘challenge’ questions that might suggest the company does not take the whistleblowing allegations seriously. For example, a question that appears to challenge the whistleblowers account of events.

Interviews in whistleblowing investigations (but not with the whistleblower) 10.60 The most important rule of any interview involving whistleblowing allegations is that it must always be conducted in a manner such that the identity of the whistleblower is not revealed. Where this is not possible – for instance, because the line of questions is likely to reveal the identity of the whistleblower – then it may be necessary to inform the whistleblower in advance so they are aware of this risk and so strategies can be devised for how best to mitigate the risks that will arise, most notably the risk of retaliation against the whistleblower. 10.61 The fact there is a risk the whistleblower may be identified does not mean that the company should cease its investigation. In cases where a whistleblower has made a report it is nearly always the case that a company must investigate in order to discharge its legal obligations (which exist often as a result of specific legislation, eg in the UK, the Public Interest Disclosure Act 1998) and, where applicable, the company’s regulatory obligations as well. 10.62 Whether the identity of the whistleblower is or is not revealed, it will always be necessary for the investigator to put in place appropriate measures to adequately mitigate the risk of retaliation against the whistleblower. A  failure to do so may result in a legal liability for the company – for example, as a result of a claim by the employee – or an investigation by an external authority or regulator, which could also lead to legal consequences, such as a public censure and a financial penalty. 98

Interviewing former employees and other third parties 10.68 10.63 Where there is a risk of retaliation then it is prudent to engage a company’s HR representative or whistleblowing champion (where one exists) at the earliest opportunity to help support the whistleblower and actively monitor any behaviour or conduct by other company employees which might be construed as retaliatory in nature. Further details concerning the handling of whistleblowers can be found at Chapter 18.

Interviewing former employees and other third parties 10.64 This chapter has predominantly focused on the situation where an interview is with a current employee or other person who is somehow contracted to provide services to the company and owes obligations to assist the company in its investigation. Nevertheless, on occasion it may be necessary to request an interview with a former employee or a person who is not contractually bound to the company. An interview of this nature should really only be considered as a last resort, when other relevant avenues of enquiry have been exhausted and it is apparent to the investigator that the individual’s evidence is likely to be a determining factor in concluding the investigation and making findings. 10.65 Whilst the guidance outlined in this chapter is equally applicable to former employees and other third parties, conducting interviews with individuals within this group also presents some obvious logistical difficulties that will need to be overcome – such as obtaining the witness’ personal contact details and then securing their cooperation with the investigation. 10.66 A  former employee or other third party also presents certain legal and regulatory difficulties, not least the need to secure the individual’s agreement to keep the investigation confidential and to protect from disclosure to a third party any information provided to the individual by the investigator which might be company confidential or covered by legal professional privilege. Such an agreement may also need to be framed in a way which avoids causing the individual to breach any current terms of employment with their new employer or, where the individual is a regulated person, avoids a suggestion the company is seeking to restrict the individual from making their own separate notification to a regulator. 10.67 As has been stressed throughout this book, invariably these types of difficulty can be effectively managed by good planning. In the case of former employees, this might include, for example, having a template confidentiality agreement ready for this type of eventuality, which the individual is asked to sign confirming their acceptance of any restrictions on discussing the investigation with third parties. 10.68 Alongside confidentiality, the other key consideration will be whether the individual requires representation. This has already been considered earlier in this chapter. Needless to say, independent representation is more likely to be required where the individual is no longer employed by the company and there is a need to ensure they are appropriately supported and (where necessary) advised before, during and after the interview. 99

10.69  Conducting an interview 10.69 As well as considering the information needs of the former employee, the investigation may also need to consider what information it should share with the individual’s current employer. This may be necessary to avoid any confusion over the individual’s status – for instance, by confirming they are a witness of fact and not a subject of investigation. Or it may be necessary in order to persuade the current employer to grant the individual sufficient time away from their employment to prepare for and attend the interview. 10.70 Finally, in order to maintain the goodwill of a witness, it may also be appropriate to share information with a view to assisting their current employer in understanding there is no issue with the individual’s conduct during his previous employment.

Interviewing employees based abroad 10.71 As with former employees, interviews with a witness/employee based abroad will require a high degree of logistical planning and thought, particularly with regards to the matter of confidentiality. The legal frameworks for confidentiality in jurisdictions other than the UK is beyond the scope of this book but, needless to say, these can differ significantly and great care needs to be taken to avoid inadvertently causing a witness to breach local laws. 10.72 For instance, in certain jurisdictions there are laws in support of banking secrecy which make it a criminal offence to disclose confidential information about a bank’s customer. If an employee of a bank (which is subject to these laws) was asked to give evidence in interview about one of the bank’s customers they could potentially commit a criminal offence and the interviewer might also be guilty for participating in the breach. An interviewer will therefore need to be alive to the local law and potential risks arising from taking evidence of an individual based abroad, and where necessary take local advice before taking steps to provide evidence or conduct interviews. 10.73 Similar considerations may come into play in the event there is an exchange of documents, if this involves the transfer of documentary evidence (whether electronic or hard copy) from one jurisdiction to another. This might include consideration as to whether the evidence contains personal data, in which case the investigation may need to ensure the data transfer complies with data protection legislation such as the EU General Data Privacy Regulations (GDPR).

100

Chapter 11

Taking notes and asking questions 11.01 ▶ ▶ ▶ ▶

This chapter considers:

Best practice for taking interview notes. Guidance on asking questions in an interview. Closing statements. Post-interview steps.

Interview notes – best practice 11.02 An investigator’s note of an interview, particularly with a core witness, is likely to be one of the most significant documents produced in the course of the investigation. It will normally be the foundation for a range of crucial decisions, including further areas of focus for the investigation – such as additional document searches or witness interviews to undertake – and decisions whether to refer an individual to a disciplinary process or take steps to freeze any deferred financial awards due to them. The contents of the interview note will also form a key part of the materials relied upon to prepare the investigation report. 11.03 Consequently, it is imperative the note is an accurate and reliable record of the witness’ evidence. That does not mean it needs to be a verbatim note. As explained below, a good note will incorporate both the questions asked and the answered delivered – so it is unlikely to be a word-for-word record. 11.04 The importance of accuracy and reliability is further compounded by the stance taken by external authorities and regulators which will often look upon interview notes as the ‘golden source’ of evidence. This is especially so where the company’s interviews of witnesses have been conducted at an early stage after an incident has occurred or been identified, meaning the witness’ account will be relatively unadulterated and potentially free from the influence of lawyers (whether the company’s or the individual’s own lawyers) who may seek to steer the evidence in a particular direction or frame it within additional context so as to better manage their client’s legal risk. 11.05 The significance of this stance has not been lost on companies that have undertaken major and serious internal investigations and the notes of a company’s witness interviews have been the subject of several significant court proceedings in recent years where authorities have sought their disclosure. This is invariably in the context of an investigation which the company has asserted took place under the banner of legal professional privilege.1 1

This topic is tackled in more depth in Chapter 15 on Legal Privilege and confidentiality.

101

11.06  Taking notes and asking questions 11.06 Producing an accurate and reliable note will invariably depend on the personal approach of the interviewer. However, there are certain key techniques which are worth considering to deliver the best possible result, most notably: • •





Preparing the interview questions in advance – see also the guidance in Chapter 9. Bringing a note-taker to the interview and ensuring they are adequately briefed so they can make accurate notes. In particular, it will be important to: – ensure the note-taker has the requisite expertise for this work and they have been briefed on the key issues in the case so they understand the context for questions asked in the interview; – provide the note-taker in advance with details of any acronyms, names of relevant personnel and/or customers, and at least a basic outline of the relevant business areas and their services/products etc. If there is a working draft of a chronology of key events and/or a dramatis personae then these will be useful tools to share with the note-taker as part of this familiarisation process, and so they have them to hand during the course of the interview. All of this will aid the accuracy of any notes taken and avoid potential confusion in the notes; – provide the note-taker in advance with a copy of your interview questions and any witness bundle so they can familiarise themselves with the materials beforehand. This will make it easier for them to navigate the content swiftly during the interview, whilst taking a note; and – ensure the note-taker understands in advance the format of the document they are expected to produce, following the interview. For instance, will it follow a specific company format, will it be a summary or will it be a detailed account of each response. This is discussed further below. If a note-taker is unavailable or it is not appropriate for one to attend the interview then the interviewer will need to ensure they have sufficient time during the course of the interview to make accurate notes. In these circumstances, it is important to take certain steps to manage the risk of inaccuracy, including observing the 10 golden rules for asking questions – for which, see further below. Where there is a witness bundle, it is critical that the documents are clearly marked with a document ID number or consecutive page numbers so the relevant ID/page(s) can be noted every time they are referred to in the course of the interview. This principle applies whether or not the bundle is in hard copy or electronic. Using document ID numbers or pagination will obviate the need for the interviewer/note-taker to make a written description of each document, and will allow them simply to refer to the document ID or page(s). (Obviously, if there are multiple witness bundles, it will also be important that the interview note records which bundle was produced to the witness, ideally using an identifying marker such as the witness’ initials and a volume number, where there is more than one bundle per witness. For example, ‘JM1’.) With witness bundles, it is also important for the witness to be made aware at the outset, and throughout the interview, that each time they refer to a document in the bundle they should recite the document ID or page number(s) so there are no ambiguities as to which document they have referred.

102

Preparing a note in a timely manner 11.07

PRACTICAL TIP – NOTE-TAKING IN INTERVIEWS As a matter of best practice, it is always worth writing out your core questions in advance. This will make it easier to make notes during the interview as you can mark the answer against each question. Old-school types will probably use a note book with questions down one column and then hand-write the corresponding answers in another column. However, you can easily replicate this process using a laptop in the interview. In situations where there’s no time to prepare questions in advance, a useful technique to reduce the amount of writing required is to incorporate the question into your note of the answer. Most note-takers instinctively do this anyway. Here is an example: The witness’ answer to the question ‘how did you get here this morning?’ will most likely elicit a contemporaneous note which reads something like ‘I took the train to London Bridge’. It is obvious from this answer that the witness was asked how they ‘got here’. A  good note-taker will add ‘this morning’ to the witness’ answer so it reads: ‘I  took the train to London Bridge this morning’. This is not imputing the witness with evidence they had not given because it is implicit in their answer to this particular question that they have incorporated the timing component of the question (’this morning’) into their evidence.

Preparing a note in a timely manner 11.07 Once the interview has concluded, it will be important to prepare the final version of the interview note as soon as possible whilst the evidence is still fresh in the mind. The final version of the note may comprise a full note or a summary of the evidence. Whichever approach an investigator adopts in preparing the note will depend on several factors, including the following: •





The internal audience for the note – does the company and/or the person overseeing the investigation expect to see a detailed record of what the witness said or are they comfortable with a summary? Alternatively, are they expecting a verbal briefing or a written record? In the case of a verbal briefing, it may be satisfactory for the investigator to rely on the notes taken at interview and not take any further steps to formalise their notes. The external audience for the note – for instance, will the evidence be provided verbally or in written form to an investigating authority or regulator? Often, these parties will expect the note to be in writing. However, if that is the case then the investigation may wish to adopt a particular format, such as a summary of the facts, rather than delivering a warts-and-all record of the evidence. This may be important to manage the risk of inadvertent prejudice caused to the company by a poorly drafted or potentially inaccurate note. How the note will be recorded and logged – will it be stored electronically and if so is there a particular format required? Is the note subject to specific 103

11.08  Taking notes and asking questions



company policies or regulatory requirements concerning the retention of documents? What is standard practice and company precedent? What access requirements will there be and how legible is it, if it is handwritten? Whether the witness will have an opportunity to review the note and provide any comments or clarification prior to the note being finalised. This is often critical if the investigation wants to be confident that the interview note accurately reflects the witness’ evidence.

11.08 Where the investigation intends to create a formal, written record of the witness’ evidence in interview then it is generally good practice to provide the witness with an opportunity to review and comment on the note before it is finalised. That does not mean however that an investigator is obliged to adopt all amendments proposed by a witness. 11.09 If there is a dispute over what was said in interview then the best course of action is to place a comment in the margin of the note to record where the witness disputes the content of a note. If, subsequently, that particular part of the note is relevant to determining the outcome of the investigation then it will be important to note the witness’ objection and, where possible, the investigation should find other, reliable evidence to support its interpretation of what was said at the interview on the disputed point.

Relying on the interview note for purposes other than the investigation 11.10 The range of uses to which the note could be put also creates unique challenges – particularly where the company has purported to claim the interview was conducted under the auspices of legal professional privilege and therefore the note of the interview is protected from disclosure to any third party. If the note is then used for a different purpose to the one for which it was created – namely to assist in providing legal advice to the company – then this may prejudice the company’s privilege claim. 11.11 A typical situation where this issue arises is where a disciplinary proceeding is started against the individual concerned and that individual then says something during the course of those proceedings which is materially inconsistent with the evidence they gave in interview. In that situation, the hearing manager may wish to see the note of that interview to determine whether the individual has misled their employer, either in the original interview or in the subsequent disciplinary hearing. Given the requirement for a disciplinary hearing to be a fair hearing, it will be difficult for the hearing manager to make a finding about this issue unless they have either received a copy of the note, or taken a formal account from the investigator of what they heard during the original interview (which would doubtless involve the investigator relying on their note of the interview). 11.12 •

In practice this type of situation is often resolved by one of two ways, either:

by providing the hearing manager with a copy of the note under what is known as a limited waiver of privilege – meaning the company does not abandon its 104

Asking questions in an interview – the 10 golden rules 11.15



legal right to claim the document is protected from disclosure to a third party on the grounds it is subject to legal professional privilege, or by preparing a separate non-privileged note summarising the witness’ evidence, which should be limited, so far as possible, to a short statement of the facts as given by the witness.

Whilst these are both acceptable approaches, they are not without risk and both may still be open to legal challenge by a third party seeking disclosure of the interview notes. 11.13 As well as the tensions around legally privileged notes, the company may subsequently be asked by a third party, such as a court or investigating authority, to produce a copy of the interview note. As outlined in the previous chapter, it will be important that the witness is informed at the outset of an interview that the company intends to share its notes of the interview with a third party or that it may share those notes, where particular circumstances arise – such as in order to meet a regulatory reporting obligation. That way, the company will ensure it is managing appropriately the witness’ expectations and mitigating any risk of legal action by the witness in the event the notes are produced to a third party.

Asking questions in an interview – the 10 golden rules 11.14 There is no single, perfect way of conducting interviews and many investigators differ in style and approach. However, there are some fundamental principles – my 10 golden rules – which are worth observing in order to give the interviewer the best chance of obtaining a reliable and accurate account from the witness. 11.15

These are as follows:

Rule 1 – take your time. This is particularly relevant when asking questions – a carefully considered question is likely to elicit a better quality response than a rushed or poorly-formulated question. However, it also applies more generally – this is your interview and you should take the time you need to ensure you have covered all of the relevant topics in sufficient detail for the purposes of your investigation. And don’t be afraid of silence – this can be a highly effective interview tool for eliciting evidence which a witness might otherwise have forgotten or withheld because they decided it was not relevant or, worse, they were concerned might be harmful to their position. Rule 2 – ask one question at a time and keep your questions to the point – avoid the temptation to ask multiple questions because it will create confusion as to which question the witness is in fact seeking to answer and the subsequent notes of which question answered are likely to be unclear. Equally, avoid the temptation to make long statements ahead of each question. (In your opening statement, you should also inform the witness that if a question is unclear then they should say so, in order to give the interviewer an opportunity to rephrase the question.) Rule 3 – listen to the answers and take time to reflect on each answer – although ideally you will be relying on a prepared set of questions, the witness’ answers may influence your line of questioning and how subsequent questions are put. You will therefore need to be flexible. 105

11.16  Taking notes and asking questions Rule 4 – try to put the witness at ease and monitor their wellbeing throughout the interview and, in longer interviews (ie more than 45 minutes) ensure there are sufficient breaks and refreshments available to keep the witness comfortable. The more a witness is at ease in this potentially alien environment the better chance they have of accurately recalling events, and taking time to compose themselves so they can clearly describe events. Rule 5 – maintain a neutral demeanour during the interview – avoid ‘reacting’ to statements made by the witness which might encourage them to embellish their evidence or discourage them to talk in more detail about a particular topic. Rule 6 – avoid making judgments about the witness’ evidence. However, if you have formed a judgment then don’t let this infect the way a question is asked – keep the questions neutral. Rule 7 – where the witness expresses an opinion, always provide them with an opportunity to explain the basis on which they hold that opinion. This will allow the investigator to reach an objective view as to whether the opinion is reasonably held and whether it is based on sound empirical evidence or merely speculative, and therefore may hold limited evidential value. Rule 8 – similarly, ensure the witness has provided a sound foundation for each statement of fact and where a statement of fact is particularly stark or simplistic, invite the witness to explain the basis on which he or she believes that fact to be accurate. For example, if the witness says (as they often do) ‘I was always saying this might happen’ then the interviewer should ask the witness to clarify when they said this in the past, whom they said it to, when they said it and how (for example verbally or in writing and if the latter in what format, email, text, letter etc.) This last question is obviously helpful because it may identify a contemporaneous record which corroborates the witness’ evidence. Rule 9 – at the end of the interview, check over your list of questions and make sure these have all been answered satisfactorily. (You may need to take a short break to allow you to do this, rather than rush it under the gaze of a witness who may be desperately keen for the interview to conclude.) Rule 10 – before concluding the interview, always ask the witness whether there is anything else they wish to add which you have not already covered in the interview. You may be surprised by what the witness says and even the best interviewers/ investigators can miss key areas of evidence that a witness may then disclose in answer to this question.

Putting others’ evidence to the witness 11.16 Often an investigator will receive evidence from one witness that is relevant in a subsequent interview with a different witness. For instance, where a witness (Witness A) says they told their line manager (Witness B) that there was a problem with the customer product and the investigator then interviews the line manager about the same issue. In this scenario, the investigator may feel obliged to put to Witness B what his direct report (Witness A) said about the problem. 106

Closing statements 11.21 11.17 Ordinarily, the best way to handle this type of scenario is to ensure that the first witness (Witness A) is made aware – ideally during the course of their own interview – that the investigator may put their evidence to Witness B and that they are comfortable with the investigator doing so. This is important for several reasons, not least because of the following: •





Witness A  may be rightly concerned about retaliation, should their remarks come to the attention of their line manager (Witness B). There is also a possibility in this scenario that Witness A  could claim the status of a whistleblower, meaning they could be entitled to certain legal protections, including the right to anonymity. (See the Chapter 18 on whistleblowers for further information.) It may prompt Witness A to provide further context to their remarks. This may assist the investigator to identify other hard copy or electronic evidence which corroborates what Witness A says about events. Armed with the corroborating evidence, the investigator may not need to put Witness A’s account to Witness B  (because the investigator can instead use the corroborating evidence to support their questions). This could prove useful if there are concerns about retaliation. It may also be helpful in refreshing Witness B’s memory of events if the corroborating evidence is presented to them either before or during their interview to aid their recollection. Witness A  (realising the significance of what they have said) may instantly moderate their response and provide a more objective (and potentially less sensational) version of the same events. This is a quite commonplace occurrence and is often the result of a lack of thoughtfulness in the language used by the witness, rather than the result of any malicious intent.

11.18 Where the type of scenario described above is not present then it is generally prudent to conduct an interview on the basis that the interviewer does not put another’s evidence to the witness. This will minimise the risk of tainting or influencing the account given by each witness in interview. 11.19 Adopting this approach as the standard starting point for interviews is also prudent where there is a risk of investigation by an external authority or regulator, or where an external investigation is already underway. By limiting what each witness is told about another’s evidence the company can better avoid any subsequent allegation by the investigating authority that the company has facilitated the coordination of witness evidence or collusion between witnesses. 11.20 Given the sensitivities around this particular issue, it will be imperative that any note taken accurately records when another witness’ evidence was put to a witness and what was said in response.

Closing statements 11.21 As with the opening statement, it is good practice for the interviewer to prepare in advance a closing statement to use at the end of each interview. The closing statement should aim to cover the question which is most likely to be at the front of the witness’ mind when the interview concludes, namely: what happens next? 107

11.22  Taking notes and asking questions 11.22 Of course, the answer to this question will vary according to the investigation but as a minimum it should cover the following: •









The anticipated timing for completion of the investigation. It is always helpful to manage a witness’ expectations by providing them with an indication of the likely timing for concluding the investigation or, failing that, what steps (in broad terms) the investigator expects to take before they can conclude the investigation. That way, the witness is less likely to badger the investigator for updates and they can manage the expectations of the people around them, such as their line manager, who might have an interest in the outcome. Details of the person(s) to contact for any questions or concerns that might arise after the interview. Often, a witness will recall information later on that they would like to share with the investigator or they may have been asked during the course of the interview to provide copies of documents referred to, but missing from any bundle of material provided at interview. As well as confirming the details for the key contact in these circumstances, the interviewer may also need to remind the witness of the need to maintain confidentiality and, where necessary, the importance of ensuring any documents provided postinterview are securely transmitted, for example by password protecting any electronic documents or ensuring that hard copy documents are hand-delivered personally to the investigator to avoid any inadvertent disclosure to a person who is not on the confidentiality list. Guidance on who the witness can and cannot speak to about the investigation and their interview. This is especially important where there are potential sensitivities around the issues under investigation or there is a risk the investigation might be potentially prejudiced, for instance because there might otherwise be coordination between witnesses or tampering with evidence. In these instances, it is usually helpful for the investigator to have to hand the relevant information about who is within the circle of knowledge (ie  on the confidentiality list, where one exists) in case it becomes necessary to share any names with the witness, so they don’t inadvertently divulge information about the investigation or the fact it is underway. In a similar vein, it may be important to clarify with the witness what they can or cannot say to their colleagues about the interview. For instance, the investigator may wish to remind the witness they should not discuss the fact of or contents of the interview with any other person, save for their legal or other representative (where applicable). An explanation of what happens to the interview note. As explained in Chapter  10, it is often sensible to provide the witness with a draft of the note for their comments and/or approval. In concluding the interview, it will be important that the witness understands they will be expected to set aside time to consider the note and provide their feedback. It will also be important to remind them of the matters covered in the opening statement concerning disclosure (or not) of the note to a third party and what use may be made of the note – for instance, whether it will be shared with the company’s senior management or an individual tasked with deciding whether there are grounds to commence a disciplinary process against the individual. Details of any reporting protocols or processes which the investigator may need to (or choose to) observe following the interview, such as providing a briefing to the person or decision-making body tasked with governance and oversight of the investigation. This is important because the witness may 108

Post-interview steps 11.27



have concerns about certain persons becoming aware of their evidence – for instance, if the witness has criticised the company’s management or other colleagues. This in turn could potentially prejudice the relationship of trust and confidence between the employee/witness and the employer/company. If this issue arises, it may be necessary to agree with the witness an appropriate way to present the evidence to their employer which best manages the risk of any potential prejudice. Confirmation of whether the witness will be required to attend another interview. As outlined in the previous chapter, unless the investigator is confident the witness will not be required again to provide evidence then it is normally prudent to give a holding response – particularly where there is a risk further evidence is likely to come to light and the investigation may need to re-interview the witness for their observations on that evidence.

11.23 In addition to these considerations, the investigator may also need to give the witness instructions with regards to: (1) any notes the witness or their representative has taken during the course of the interview; and (2) any documents provided to the witness before or during the interview. 11.24 In the case of documents, it may be prudent to request their immediate return – unless the witness requires them in order to provide their comments on the interview note. Where a witness holds on to documents provided for the purposes of the interview then it will be important to verify with them the arrangements for keeping those documents secure and for returning them at the conclusion of the investigation. Where appropriate, these arrangements will need to be recorded in the investigation log along with a note of the witness’ agreement to those arrangements. 11.25 For notes taken by the witness (or their representative), similar principles apply and it will be important to use the time at the end of the interview to verify the arrangements for the preservation of the witness’ notes of the interview. Without verifying these arrangements the investigator will likely find they have limited control over the storage, distribution and destruction of the notes. For instance, the notes could be inadvertently destroyed as part of a routine company retention policy programme unless appropriate alternative arrangements are put in place for their preservation. 11.26 Ensuring there is a clear understanding of the arrangements for interview notes – and particularly agreeing the company has a right to request copies of the witness’ notes – will be doubly important where there is a risk that a third party, such as a claimant or an investigating authority, will seek disclosure of the interview notes. Any ambiguity or inconsistency between the investigator’s note and the witness’ note could potentially result in a muddled or inconsistent picture of the witness’ evidence, which a third party might use to their advantage to suggest their own interpretation of the evidence and potentially prejudice the company’s defence to any case brought against it.

Post-interview steps 11.27 Once the interview has concluded, there will be certain additional steps the investigator/interviewer will need to complete and certain matters the investigator 109

11.28  Taking notes and asking questions will need to consider in light of the witness’ evidence given at interview. These are likely to comprise some or all of the following: • • • •

the preparation of a note of the interview; additional reviews of relevant evidence; additional witness interviews, and input and advice from a specialist or subject matter expert, such as a legal opinion from external counsel.

11.28 In a regulatory context, the investigator may also need to consider whether the witness’ evidence suggests there is a need to make a formal notification to an external authority – such as the Financial Conduct Authority or the National Crime Agency. The considerations for preparing a note of the interview have already been covered earlier in this chapter. There are the following additional considerations to be aware of.

Additional reviews of relevant evidence 11.29 Most interviews will likely prompt an investigator to consider existing evidence afresh, based on the account given by a witness in interview. It is always good practice therefore to reconsider, with the benefit of the witness’ account of events, the documents and information gathered so far. This may prompt further enquiries or alternative interpretations of the evidence which lead to different conclusions. Alternatively, it may lead the investigator to consider additional evidence, already gathered, which did not fall within the scope of documents and information previously considered relevant for the purposes of the investigation’s objectives. Steps taken to consider additional evidence in response to a witness interview should be recorded in the investigation log so there is a clear record of the basis for reviewing that material. 11.30 Where a witness refers to or produces a new document in interview then, equally, it will be important to obtain a copy so it can be considered alongside the witness’ evidence. In addition, it is normally prudent to make a record of the document in the evidence log and include a reference in the interview notes to the document ID number or the location where that document is stored, for future reference.

Additional witness interviews 11.31 A  review of additional evidence, prompted by a witness interview, may lead the investigator to conclude a further interview with the same witness or other witnesses is required, in order to clarify their evidence or put documents to them which may contradict or alter the evidence they have already given. 11.32 In addition, it will be important to note during the course of the interview the names of individuals mentioned by the witness and what roles they performed. Once the interview is concluded, the investigator can then verify those names against the existing list of potential witnesses identified in the investigation plan and consider whether additional names should be added or removed, depending on what has been said in the interview about them. 110

Keeping witnesses updated following the interview 11.35

Expert reviews of witness evidence 11.33 Finally, as described in Chapter 9, it may be necessary after the interview to ask a subject matter expert to review the witness’ evidence in order to test its reliability and veracity, as well as provide any relevant context to assist the investigator in understanding that evidence. Again, this type of review may prompt further lines of enquiry of the witness or require them to provide additional context so as to ensure the investigation has a clear understanding of their evidence.

Keeping witnesses updated following the interview 11.34 Once the interview has concluded, it is generally good practice to stay in touch with a witness, even if it is only intermittently, so as to manage their wellbeing and avoid creating problems for the company/employer. It is worth keeping in mind here that a company will often have other, routine employment processes running alongside an investigation – such as annual appraisals and remuneration decisions – and the results of an investigation may be relevant to those processes. This is particularly the case if misconduct issues subsequently come to light which need to be referred to a disciplinary process for determination. Consequently, and as a matter of good employee relations (given the experience of being a witness in an investigation is not generally considered to be an enjoyable one), it is important that witnesses are kept apprised at a high level of the status of the investigation – for example updating witnesses on the likely timing for concluding the investigation – and that they are informed at the earliest possible opportunity when they are no longer required. A similar point normally applies to the witness’ line manager. 11.35 By providing regular updates as to the status of the investigation, the company can better manage employee expectations around timing for completion of the investigation, and any bearing this may have on other routine employment processes or any external process – such as an application for authorisation to perform a regulated function. In the financial services sector, the fact that an individual has been interviewed may be reported to an authority or regulator, particularly if the company needs to discharge its own obligations to a regulator to report on developments in the investigation, where the issues under investigation involve matters of significant risk. A similar obligation to report may apply to the individual concerned, if they are a regulated person. In these circumstances, it is often important for the company and individual to stay regularly in touch so as to avoid unnecessary inconsistency in how developments and information about the investigation are presented to the regulator.

111

Chapter 12

Documenting the work and preparing reports 12.01 ▶ ▶ ▶ ▶

▶ ▶ ▶ ▶

This chapter considers the following:

Documenting the investigation’s findings. Preparing and using chronologies and dramatis personae. A suggested practical structure to use when preparing investigation reports. Project management documentation and other miscellaneous documents generated by investigators. Security of documents generated. Team communications. Documents prepared and held by third parties. Retention of records.

Documenting the investigation’s findings 12.02 Naturally, an investigator will wish to record the results of their work as the investigation progresses and may record this information in a notebook or series of electronic notes for future reference. Regardless of an individual investigator’s preferred way of working and recording information, there are certain documents which are very frequently created in the course of an investigation and which are crucial to the effective and efficient completion of an investigation. These are: • a chronology of events and a list of key persons involved in the events under investigation, referred to here as a ‘dramatis personae’; • interview notes; • a report recording the factual findings from the investigation, and • project management documentation. 12.03 As explained earlier in this book, it will be important that the investigation maintains tight control over any work product produced, such as the items described above, so as to ensure consistency of approach and, where applicable, that legal privilege over any work product is maintained. 12.04 Some of this work product is relatively straightforward to prepare and requires little practical guidance – for example chronologies and dramatis personae – whereas other work product requires more care and structure such as the investigation findings report. These are considered in more detail immediately below.

Chronologies 12.05 Chronologies are often the most effective way of bringing together the evidence to build an understanding and presentation of what has happened over 113

12.06  Documenting the work and preparing reports time for the matters under investigation. Initially, at the outset of an investigation the chronology may be very short but, as the investigation develops, it can be populated with additional dates and a summary of relevant information for each date to assist the investigator in understanding the sequence of events and the context in which the issues under investigation occurred. 12.06 A chronology prepared in this way will also become a useful document for the conclusion of the investigation when it can either be dropped into the investigation report or relied on to produce a summary in the report of events in the order in which they occurred. 12.07 Where an investigation has multiple strands it may be helpful to build separate chronologies to cover particular issues or individuals. 12.08 A chronology is normally best structured so that it starts with the earliest relevant date for the investigation’s purposes – for instance, the date on which the alleged misconduct started or the date on which the company commenced doing business with an alleged fraudster – and ends with the most recent relevant date, such as the start date of the investigation or the date when authorities were alerted of the issue. 12.09 In terms of format, a chronology normally appears in tabular form with dates in the left-hand column and narrative in the right. A further right-hand column can be added, if desired, to include links to evidence where this is stored electronically within a company’s systems. 12.10 As a matter of best practice, a chronology should not contain commentary or opinion but it should merely be a series of factual statements or summaries of facts for each event in the timeline. 12.11 In summarising the contents of evidence in a chronology it is important to ensure the summary is accurate, is objectively written (for example the descriptions should not contain exaggeration or present information in a one-sided manner) and it should be clear from the summary what evidence the author has relied on to make each statement of fact.

Dramatis personae 12.12 A  dramatis personae is literally a list of characters, meaning a list of the persons involved in the issues under investigation. Ordinarily, these will include the names of the individual(s) subject to investigation, the names of witnesses, the names of any individuals with management responsibility for the business area which is the subject of the investigation and other key names that may be relevant to the investigation, such as key customer names or names of counterparts on a transaction who are not employed by the company. 12.13 Ideally, a dramatis personae will include names, roles and responsibilities and any other salient details such as the duration of their employment with the company and whether they are still employed by the company. 114

Preparing an investigation report – preliminary issues to consider 12.20 12.14 In more sophisticated investigations, the investigator may also chose to use a data profiling and analytics tool to map connections and understand complex relationships between multiple names. This functions similarly to a dramatis personae but on a much larger scale. 12.15 As well as being a useful tool to the investigator as they start to understand the connection between names, the dramatis personae functions as a helpful reference document during the course of the investigation – for instance, it can be used during the course of interviews to check names to which a witness refers or to verify the investigator has an accurate understanding of the roles performed by each individual. In addition, as with the chronology, once created the dramatis personae can be constantly updated and ultimately relied upon for the purposes of drafting the investigation report, ensuring the investigation is conducted in a more efficient way. 12.16 Given the dramatis personae will be a record of personal data (for example name and employed position) it will be important that appropriate safeguards are in place to store this information – such as password protecting the document – and ultimately destroy it once it is no longer necessary. This is so as to ensure the company complies with relevant data protection laws. Further details on the application of those laws and their relevance to documents generated investigation can be found in the section on record retention later in this chapter.

Interview notes 12.17 As explained in Chapter 9, audio recording an interview is not advisable. It is likely to alarm the interviewee, setting an inappropriately inquisitorial tone. It may also result in the interviewee becoming excessively cautious and unnecessarily guarded in their comments. 12.18 Consequently, the most effective way to record evidence gained from interviews is through the taking of notes. Chapter  11 sets out detailed guidance on the preparation for interviews and best practice for taking notes and interview summaries.

Preparing an investigation report – preliminary issues to consider Review the investigation scope and objectives 12.19 Chapter  2 of this book highlighted the importance of establishing at the earliest opportunity the purpose and objectives of the investigation. Chapter 6 went on to explain the principles for scoping and planning an investigation, the importance of regularly reviewing the investigation scope, and the importance of maintaining and regularly updating the plan as the investigation develops. 12.20 With that in mind, before embarking on the drafting of an investigation report it is critical for the investigator to revisit the objectives to assess whether these 115

12.21  Documenting the work and preparing reports have been met and to revisit the scope to satisfy themselves that all of the issues identified for investigation have been adequately considered. Once the investigator has confirmed there is nothing further required – ie that there is nothing outstanding which it would be disproportionate to investigate – then they can proceed to prepare their report.

Identify the audience – who is the report for? 12.21 The first step before drafting should always be to identify the individual(s) who will receive a copy of the report and the purpose for which they will receive it. Although there may be a presumption that the recipient will be the party that authorised the commencement of the investigation, the audience for the report itself may be wider. For instance, the board of directors may have approved an investigation but it may have already agreed to share a copy of that report with the company’s regulator. 12.22 Consequently, the nature of the audience will, to some extent, dictate the way the report is presented and the contents of the report. This does not mean a report should be ‘sexed up’ or the findings whitewashed to protect the company. Rather, it means the investigator must take care to understand what each recipient or group of recipients expects and whether they have particular requirements that need to be met. 12.23 For instance, the report may need to be divided into two sections to cover: (1) findings of fact and then; (2) based on those findings, conclusions in relation to the conduct of each individual that was the subject of investigation. The company may wish to then divide the latter section into separate parts for each individual for the purpose of sharing those parts with different independent hearing managers as part of a disciplinary procedure. Each hearing manager would, however, still receive the same set of findings of fact (ie section one described above), thereby ensuring consistency in the presentation of the evidence and achieving some efficiency because it saves the investigator from preparing multiple separate reports for each individual. 12.24 In a similar vein, where the investigation is undertaken on the instruction of the company’s lawyers and the company has decided to share a copy of the report with an authority or regulator, then it may wish to ensure the factual findings are separated from the legal analysis, so as to avoid any waiver of the company’s right to assert legal privilege over working documents produced by the investigation. The topic of legal privilege and how it applies to investigation, particularly the documents created in the course of an investigation, is explored in more detail in Chapter 15. 12.25 In the absence of any specific requirements or prior agreement regarding the recipients of the report then, typically, the audience will include at least the following: • •

the individual(s) responsible for confirming the investigation objectives have been met and, therefore, that the investigation can be closed; and the individual(s) responsible for acting on the findings of the investigation, who may be the same as immediately above. 116

A suggested practical structure to use when preparing investigation reports 12.31 12.26 Where the investigation concerns employee behaviour then, where there are adverse findings against an employee, the investigator should expect that the report will be shared with a disciplinary hearing manager, unless alternative arrangements are made for the purposes of sharing the investigation’s findings with them. The interaction between an investigation and a company’s disciplinary procedure is explored in more detail at Chapter 16 (Handling employees under investigation).

How should the report be presented – orally or in writing? 12.27 Having identified the audience for the report, the investigator may then need to consider how the report ought to be presented. For instance, should it be presented orally at a board meeting or in writing? And, if in writing, in what format – in draft or final form, in a Powerpoint presentation, in a summary note or in a detailed document? And, finally, should it be presented with evidence, for example copies of key correspondence or witness statements? 12.28 Perhaps frustratingly, there are no fixed rules as to how the investigation’s findings should be presented. However, there are several risks and rewards associated with each approach that need to be considered, such as: •



an oral presentation can be useful if a company wants to avoid putting anything in writing, thereby mitigating the risk of any disclosure of those findings. However, conversely, this may place the company at risk of criticism from authorities or regulators because it suggests the company may be trying to hide something and it exposes the company’s employees to the risk of formal interview so an authority can obtain an account of what was said at the presentation. a detailed written report with accompanying evidence may be invaluable as a record of the investigation’s conclusions and the basis on which these were made but it will also act as a roadmap for claimants if they subsequently bring court proceedings against the company for losses caused by the issues under investigation and they manage to obtain a copy.

12.29 The preparation of an investigation report is, therefore, a balancing act between competing interests and will depend on the circumstances and purpose of the investigation. 12.30 Subject to striking that balance, it is good practice to document the conclusions of an investigation in a written report. What follows therefore is a suggested structure for a written report and some guidance on best practice.

A suggested practical structure to use when preparing investigation reports 12.31 As a general rule of thumb, the most logical and practical structure for a report is to divide it into the following sections, ideally in the following order: 1.

A brief background which sets the scene and helps the reader to understand what the investigation is about. For example: 117

12.31  Documenting the work and preparing reports

2.

3.

‘On 1  January 2020 a trading incident occurred in the equities division of Big Bank which was reported to the whistleblowing hotline. An investigation was subsequently commenced on X  date to understand what happened and whether market abuse had occurred. This report sets out the findings from the investigation, along with lessons learned and recommendations as to next steps.’ A brief description of the scope and objectives of the investigation. This should be consistent with the contents of the scoping document created at the start of the investigation and updated throughout. A copy of the scoping document may be included as an appendix to the report, if desired. A  summary of the issues considered. These may have been described in the scoping document as well. The list of issues can be written as a set of questions. For example: ‘The investigation considered the following questions: • did Mr A submit false expenses claims? • did he subsequently mislead his line manager when he was challenged about his expenses claims?’

4.

5. 6.

An executive summary. Having set out the list of issues, the report then sets the tone for the executive summary which should contain a summary of the findings and conclusions in respect of each issue. An executive summary is best used where there has been a detailed investigation with large amounts of evidence considered, or where the report is to be presented to busy senior members of staff who may have insufficient time to read the report in detail. Where there is no executive summary then the writer must ensure that the report includes in its conclusions a finding in respect of each of the issues considered. A list of the steps taken. This can either be a summary of the steps and/or the investigation plan can be appended to the report, which details the steps taken. The factual findings. Ideally, this will be a chronological narrative of what happened and a summary of the evidence on which the investigator has relied for each finding of fact. For example: ‘Mrs B sent an email on 2 January 2020 to her line manager, Mr A, in which she raised concerns with him about his expenses claims. On 3 January 2020, Mr A responded to Mrs B’s email and attached a receipt for his expenses which was in his wife’s name. In interview, Mr A said he had used his wife’s card to pay for his expenses because he had mislaid his company credit card.’

7. 8.

A summary of any applicable internal policies and procedures etc. The policies or relevant extracts thereof should be appended to the report, where these are not already familiar to the reader. Where appropriate, a brief outline of any applicable laws and regulations. This may not always be appropriate and is more likely to feature in a report generated by or on the instruction of a company’s lawyers. Nevertheless, in some cases it may be important for the recipient of the report to understand the legal or regulatory framework surrounding the events under investigation because this may be relevant to the recommendations made in the report. For instance, an investigation into an individual’s conduct in a FCA-regulated firm may engage the FCA’s Conduct Rules, such as the requirement to act with due 118

Style 12.36 skill and care (Rule 2). Once it has been identified that this rule applies then, if the investigation finds there are grounds to conclude the rule has been breached, then additional regulatory requirements arise. Specifically, the firm is obliged to undertake a review of the conduct and, where a breach is identified, to report it to the FCA. 9. Lessons learned. It is invariably good practice for the investigator to include any lessons learned for the benefit of the company so it can act on them. It will also aid understanding within the company of where comparable risk events might arise and, therefore, assist the company in preventing similar incidents in the future. In some instances, there may also be a legal or regulatory imperative to undertake a lessons learned exercise. For instance, the FCA’s proposed rules on operational resilience require firms to complete a lessons learned exercise whenever an operational disruption event occurs. 10. Recommendations. Again, it is good practice to include recommendations wherever possible, unless to do so might create unnecessary risk for the company, for example because there are court proceedings in train, or because the recommendations may be disputed by senior management (in which case it may be better to present these orally first as a set of draft proposals for consideration pending agreement). 12.32 Not all of these sections will be necessary. For instance, there may be no applicable internal policies or procedures. However, by adopting this skeleton structure the reader can clearly follow the relationship between the investigation findings and the conclusions drawn, as well as the lessons learned and the rationale for any recommendations made. The clearer this is the better chance the reader has of understanding what immediate steps they may need to take in response, whether the issues identified could occur elsewhere in an organisation and how this might be prevented in the future.

Style 12.33 The style of writing should be plain, brief and factual. Care should be taken at this point not to conclude on whether there have been breaches of law or regulation. 12.34

So, for example, it is preferable to report that:

‘Trader X did have knowledge of customer order in advance of Trader X’s own trading in that security’, rather than ‘Trader X committed Market Abuse by front-running a customer order.’. 12.35 There are a number of reasons for this approach. First, a premature conclusion that a legal or regulatory breach has occurred may be helpful to a future adversary and complicate the regulatory disclosure obligations. There may also be defences against the allegation of which the investigator is not aware, or developments in other areas of the investigation that are exonerative. 12.36 If it is necessary to draw a conclusion as to regulatory breach then this should be undertaken cautiously at the conclusion of the investigation and with 119

12.37  Documenting the work and preparing reports the full awareness and approval of the decision-making body or individual with responsibility for the outcome of the investigation.

Key issues to consider before finalising 12.37 Before finalising the report there are certain steps worth taking to ensure its conclusions are accurate, robust and defensible. Specifically, the investigator should consider: •









critically, verifying the facts with key witnesses and the affected business area for their comments, particularly in relation to any lessons learned and recommendations for change. This can be a useful exercise because it can generate ‘buy-in’ to the investigation’s proposals before the report is finalised and signed-off by the body or person accountable for the investigation outcome. undertaking a check and challenge session with a relevant expert within the organisation – for instance, a key business representative who can vet the investigation findings against their own knowledge of the business, its products and clients. undertaking a gap analysis to consider if any additional areas of investigation are required. As described above, the gap analysis should involve comparing the findings and steps taken against the original investigation scope and action plan to confirm there are no outstanding areas for investigation. Where there are gaps which the investigation does not intend to close then it is prudent to maintain a record of this decision including an explanation why the action is incomplete, in case of future challenge for example by the board or by a regulator. identifying any potential disciplinary issues and consulting with the company’s HR team for their views on the appropriate approach to handling those issues. Their advice may form part of the recommendations section in the report, once it is presented to decision-makers for sign-off. ascertaining whether there are any legal or regulatory obligations to disclose the outcome that arises, as this may comprise part of the recommendations in the report. For significant issues that have been investigated then disclosure obligations may range from notifications to the markets, where the company is a listed entity, to notifying regulators and authorities. Further details regarding notifications and ongoing regulatory liaison are contained in Chapter 13.

Closing the investigation Approval of the report and its recommendations 12.38 Once the investigator is satisfied the report is in an acceptable form for presentation to the body or person responsible for the investigation outcome and its recommendations then it will be important to ensure the appropriate governance arrangements are followed for the approval of the final version of the report and acceptance of its recommendations. 12.39 Ideally, the governing body will ensure that any recommendations are adopted by the relevant business person or by the board on behalf of the company, 120

Use of the investigation findings for additional purposes 12.45 and that owners are allocated to any actions. A  clear plan can then be formulated by the company to track the implementation of the report’s recommendations. This is important because it enables the company to demonstrate to its staff, regulator, shareholders and investors that lessons have been learnt and have been acted on. The investigator may still be involved in this process because of their knowledge of the issues and the evidence. 12.40 If it is determined that a disciplinary procedure should be initiated in response to the report’s findings then the investigator is likely to be involved in presenting the findings and any supporting evidence to the disciplinary hearing manager so they can consider it in the context of determining whether there has been misconduct or management failings. More details on the disciplinary procedure and its relationship with internal investigations is contained at Chapter 16. 12.41 Once approval is given to the final version, the investigator can proceed to commence the process of formally closing the investigation including archiving evidence or, where appropriate, destroying it. In this context, it is worth noting the comments made below in relation to retention of records. 12.42 This entire process will require careful and accurate record-keeping, particularly retaining any approvals for closure of the investigation.

Next steps 12.43 Once the report’s recommendations have been approved then the investigator can proceed to record any next steps decided upon by the accountable body or person responsible for the investigation outcome. This may include implementing a remediation and redress scheme for customers, initiating a disciplinary procedure in relation to potential misconduct identified by the investigation or undertaking a change management programme within the company. Whilst it is not normally the responsibility of the investigator to ascertain whether these steps have been completed it will be important to create a record of the company’s intended response to the report’s recommendations to demonstrate the company has taken the findings seriously and acted on them. In particular, this can prove useful in the event of future challenge or scrutiny by an authority or other relevant third party.

Retention of records 12.44 On or before closing the investigation, the investigator will need to ascertain whether there are any applicable record retention policies or document holds that need to be observed for the purposes of retaining records of the investigation. This should include consideration of legal and regulatory requirements that may apply to the company, such as the FCA’s requirements relating to the preservation of reports in relation to breaches of the Conduct Rules (7 years).

Use of the investigation findings for additional purposes 12.45 As part of the steps following on from the conclusion of the investigation, the investigator may be asked either to share copies of their report or prepare 121

12.46  Documenting the work and preparing reports separate factual findings with a view to sharing these with relevant interested internal departments. For instance, with HR for the purposes of disciplinary hearings or the audit function for the purposes of scoping future audits within the organisation, designed to test whether proposed cultural and control improvements have been successfully implemented. 12.46 The investigation findings may also be incorporated into a company’s management information – for example where it tracks and records risk events or is required to report specific information to authorities or regulators, such as Conduct Rule breach reports or Suspicious Activity Reports. 12.47 In all these instances, care will need to be taken to ensure that the original report and its findings are shared on a basis which best protects the company’s interests. For example, if it is legally privileged then there will need to be significant restrictions on how widely it is distributed and to whom so as to protect the company’s right to privilege over its contents. Similarly, if the report contains sensitive or reputationally damaging findings then a limited distribution will be necessary. 12.48 In addition, if the investigator is asked to prepare summaries of the report’s findings then it will be crucial to ensure these do not inadvertently misrepresent the conclusions drawn or the basis on which findings were made. This risk is particularly acute where the investigator is asked to prepare a summary for a disciplinary hearing given the need to ensure an employee has a fair hearing.

Security of documents generated 12.49 Due to the potential for an investigation to consider sensitive issues, data privacy concerns, and the risk of leaks, great care should be taken to keep evidence and work papers secure. Access to the network area where work papers are stored should be restricted. 12.50 Where possible, investigators should not use emails to refer to findings, evidence or the identity of individuals under investigation. Where this is not practicable, then work papers should be emailed password protected with no confidential information contained in the body of the email. The use of code names for individuals will further reduce the risk of sensitive information going astray.

Project management documentation 12.51 Documents such as project plans, action trackers, decision and communications by investigators may not be intended to record the results of investigations, but nevertheless will at times refer to underlying evidence and confidential information. As such they should be treated as part of the work paper population and assigned the same security standards.

Documents prepared by third parties 12.52 Where the investigation has relied on documents prepared by third parties, for example forensic investigation consultants, then ideally arrangements will already 122

Disclosing the investigation report to an authority or regulator 12.56 have been agreed in advance for the production of the original materials (or copies) to the company for its record-keeping. Often those arrangements are set out in the terms of engagement with the third party. 12.53 Where such terms are absent then the investigating team should promptly rectify the position either before or at the conclusion of the investigation to ensure the company has access rights to the third party’s working papers and any underlying material on which it relied to reach its conclusions. 12.54 The duration for which those materials is kept and, therefore the duration of the company’s access rights will depend on whether the company is subject to specific legal or regulatory requirements with regards to the retention of records or there is some other requirement in place, such as a document hold notice as a consequence of actual or threatened litigation.

Disclosing the investigation report to an authority or regulator 12.55 The question of whether an investigation report should be disclosed to an authority or regulator is a complex one which is best answered by balancing the competing interests of the company in: (a) maintaining confidentiality, and potentially legal privilege, over the contents of the report; and (b) securing some degree of credit from the authority or regulator which may influence the outcome of any subsequent formal action or investigation by that body. Some of these issues are discussed in additional detail in the next two chapters, and corporate cooperation. However, the short answer to the question is that there is no hard and fast rule: the decision whether to disclose will depend on the particular facts at the time. 12.56 That said, there are certain common themes which emerge in discussions with regulators and authorities regarding the production of investigation reports, which are worth outlining here: •

• • •

as a general rule, a company is not under any obligation to share the content of legally privileged reports that they are given or advice that they receive, and it is for the company to decide whether to provide such material to an authority or regulator; the disclosure of a report to an authority or regulator can help it to decide on what action to take and may narrow the issues or obviate the need for certain work; similarly, early discussions with a regulator or authority regarding the decision to commission an investigation and its scope can help to narrow the range of action taken by the authority/regulator; frequent concerns that a regulator or authority may have with regards to an investigation report include: – the extent to which the authority will be able to rely on the report in any subsequent enforcement proceedings; – the extent to which the authority will have access to the underlying evidence or information that was relied upon in producing the report; 123

12.57  Documenting the work and preparing reports –

– – – – – –

where legal privilege or other professional confidentiality is claimed over any material gathered or generated in the investigation process, the extent to which such material may nevertheless be disclosed to the authority, on what basis and for what purposes the authority may use that material; what approach will the company adopt to establish the relevant facts and how evidence will be recorded and retained; whether the company has identified any conflicts of interest and how it proposes to manage them; whether the report will describe the role and responsibilities of identified individuals; whether the investigation will be limited to ascertaining facts or will also include advice or opinions about breaches of laws, rules or requirements; how the company intends to inform the authority of progress and communicate the results of the investigation; and timing for concluding the company’s investigation and producing its report.

12.57 Finally, guidance issued by the FCA and commentary from other authorities suggests that certain matters are key to their consideration of the company’s conduct in the context of its investigation and the extent to which the authority will grant credit to the company in any future enforcement proceedings, namely: • •



whether the company has maintained a proper record of the enquiries made and interviews conducted. This will help an authority decide whether any further work is needed and, if so, where it should focus its efforts. If an authority is to rely on a report as the basis for taking action, or not taking action, then it is important that the company should be prepared to give the authority ‘underlying material’ on which the report is based as well as the report itself. This includes, for example, notes of interviews conducted by the lawyers, accountants or other professional experts carrying out the investigation. Arguments about whether certain documents attract privilege frequently occur, are usually time-consuming and delay the progress of an authority’s investigation.

124

Chapter 13

Regulatory liaison and disclosure obligations 13.01 ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶

This chapter considers the following matters:

Initial or preliminary disclosure to authorities and regulators. The benefits of a proactive approach. Where an obligation to disclose arises. What to include in an initial disclosure. How to make the initial disclosure. Ongoing liaison with regulators and authorities. Impact on the scoping of the investigation. Updating authorities throughout the investigation. Provision of underlying evidence to an authority. Witness interviews and investigation reports. Whether to include opinions of liability or regulatory breach. Dealing with related investigations.

Introduction 13.02 In many cases involving potentially significant misconduct or failings within an organisation the investigation will need to consider whether the company has an obligation to report the matter to a regulator or authority. Alternatively, the investigation may need to seek expert advice to determine whether such an obligation has arisen. This chapter provides an outline of the issues an investigator may need to consider, such as what information to provide and the circumstances in which it might be necessary to disclose documents to an authority. This outline is not intended to be exhaustive. Instead, it is designed to give a sound basis for an investigator to start thinking about these issues and whether further advice or enquiry is required.

Initial disclosure to the authorities and regulators 13.03 In certain circumstances it may be appropriate and, in some instances, legally necessary to notify an authority or a company’s regulatory body that there is an issue which requires investigation or is the subject of investigation by the company. The question of when to notify and what information should be notified is one that needs to be asked at the outset of an internal investigation and on a regular basis throughout, particularly where there are material developments which may impact on a decision whether to notify, such as suspending a senior employee pending a review of their conduct. 125

13.04  Regulatory liaison and disclosure obligations 13.04 In considering whether a company has a notification obligation it is important to distinguish this from a duty to cooperate and the concept of ‘corporate cooperation’ which is described more fully in the next chapter. In this chapter, the focus is on the duty to inform an authority or regulator that an event has occurred or conduct has been identified which crosses a certain threshold of seriousness meaning it must be reported. In contrast, corporate cooperation is the term normally used to describe the process of cooperating with an authority or regulator once the company has self-reported or, conversely, once an authority has notified the company of an issue which requires investigation. 13.05 As is explained in the remainder of this chapter, the duty to inform includes both issues falling within the more general reporting obligations which are often found in the rules of certain regulators, such as the FCA and the PRA, and the more specific rules which apply to certain types of issue, such as the obligation to report suspicious financial activity under the money laundering regulations or the obligation to notify the Information Commissioner’s Office (ICO) about significant data breaches.

Benefits of a proactive approach to disclosure 13.06 There will be many cases where a firm has no choice but to make a disclosure to a regulator because a legal obligation to do so has arisen. However, in other instances, a proactive approach to self-reporting a company’s concerns to an authority, particularly a regulatory body, is likely to have significant benefits. 13.07 A  company that is disinclined to engage with regulators early should consider the increasing likelihood that information will come to regulators’ attention in any event via a leak or a whistleblower. 13.08 In addition, a failure to self-report is likely to be perceived as an indicator of cultural or control weaknesses which will compound the impression there is something that merits formal investigation by a regulator or authority. A regulator is likely to take a particularly dim view if the first time it hears about a serious concern is in the press. 13.09 •

• •

A proactive approach to disclosure has a number of other advantages.

It will serve to reassure the relevant authority that the company takes the concerns and its legal and regulatory obligations seriously. This may make the regulator more inclined to hold off or limit its own investigations whilst the company carries out its own internal investigation. A particularly unwelcome situation is for a company to be subject to competing demands from multiple regulators in the face of a lack of trust in the company to carry out appropriate investigative and related actions. It will provide an opportunity to understand the regulatory priorities which can then inform the scope of the company’s own investigation. It will provide an opportunity to discuss the proposed evidential population for review, with a view to defining and containing it. 126

Where an obligation to disclose arises 13.14 •

It will help to ensure company’s investigative actions do not prejudice the investigating authority’s own investigative actions, an issue which it is likely to take most seriously.

Where an obligation to disclose arises 13.10 Regardless of the benefits of early disclosure and engagement with regulators and authorities, in many cases a legal obligation to disclose the investigation and related matters will arise. 13.11 In a corporate context, the following types of reporting or notification obligation commonly arise in the UK: • • • • • •

suspicious activity and transaction reporting; data breach notifications to the data protection regulator (the ICO); notifications to other regulators such as the FCA and the PRA; reporting in relation to international sanctions and competition issues; reporting health and safety incidents; fraud and cybercrime reporting.

13.12 Often a company will find there are overlapping reporting obligations, for instance an obligation to file a suspicious activity report and notify the incident to the FCA, where it is of a sufficient level of significance to merit notification. 13.13 Once an obligation to disclose has arisen, a company may find it beneficial to relations with other regulators to inform them of the same matter, even where it is not certain that a legal duty to disclose to them has arisen. This is partly because many of the authorities and regulators have entered into a Memorandum of Understanding between each other, to allow for the efficient and effective communication of information between them without creating a risk of an actionable breach of confidentiality. As a consequence, one regulatory may notify another where it perceives there is a common interest in the issue or the regulated company. In those circumstances, it is often better for a company to get ahead of the curve and notify first. 13.14 Many of the reporting requirements described above will necessitate expert advice before a company decides whether to notify or file a report. From an investigative standpoint, the important point to bear in mind is that the obligation to report can arise at any time in the course of an investigation and therefore it is imperative that: • •

the investigation has in place a process for regularly reviewing and assessing the information gathered to determine whether a reporting requirement has been triggered; and the investigative team is sufficiently experienced to identify when there is a risk that a reporting obligation may have arisen or, alternatively, that the team is adequately supported by subject matter experts to help identify when such an obligation applies. 127

13.15  Regulatory liaison and disclosure obligations

What to include in an initial disclosure 13.15 When a disclosure obligation has arisen it will usually be the case that the investigation is in its early stages. Information is likely to be incomplete and the concerns not yet fully substantiated. 13.16 •



In these circumstances the notification is likely to include as a minimum:

A factual commentary summarising what has happened, including: – the type of misconduct that is alleged or being investigated (mispricing, front-running etc); – a summary of the understanding of the facts and the basis of that understanding; – any caveats about the reliability or strength of the evidence on which the understanding is based; – details of individuals involved and where they fall within the regulator’s regime; – the actions taken to date in response to the incident. A description of what further steps the company proposes to take to investigate and remediate the incident.

13.17 Where the company is still investigating the facts – as it ordinarily will at this early stage – it will be important not to say anything that erroneously infers that the company has concluded, or is in a position to conclude, that there has been a breach of law or regulation. The merits of sharing with the regulator the company’s opinions on regulatory breach is discussed in more detail in the section below on ongoing liaison.

How to make the initial disclosure 13.18 The most effective way to connect and communicate in the first instance with the correct person at the relevant regulator will be to provide a verbal update by phone. This does not preclude a follow-up letter or email repeating the information provided in the call. 13.19 A  verbal update allows for questions and so reduces the risks of misunderstandings. The call is an opportunity to initiate a working relationship with the regulator that will assist in subsequent liaison. It will also provide the firm with an opportunity to gauge the regulator’s initial positioning and focus. 13.20 If a regulator requests an additional written version of the update, then it is important that this should simply repeat the verbal disclosure (unless the regulator has requested additional information). 13.21 A refusal by the company to provide a written version of the verbal update on the basis that the document would be privileged is likely to be unfounded, at least in the UK, as the factual update is unlikely to contain legal advice and/or the prospect of litigation proceedings at this early stage of the investigation is likely to be a distant one. 128

Influencing the scope of the investigation 13.28 13.22 There are some circumstances where the risk of creating unprivileged documents that could help a future litigant or adversary needs to be considered (dealt with separately in Chapter 15) but this is unlikely to be an issue for brief factual summaries at the early stage of an investigation where the understanding of the events has not yet been fully developed or substantiated.

Ongoing Liaison with a regulator 13.23 For investigations into significant issues, the initial disclosure of the investigation and related concerns will often be the start of a lengthy period of engagement with regulators and enforcement agencies. 13.24 1.

2.

There are two main sources of risk in the relationship with them.

A dislocation develops between the regulator’s expectations of the investigative process and the actual course of the investigation. This might occur because the regulator has misunderstood the original objectives, the direction of the investigation has changed over time, the investigation has become much larger than originally anticipated with a consequent impact on progress and timetables, or the regulator’s own priorities change. The company fails to inform the regulator of significant findings of fact in the investigation, or informs them late. As mentioned above, a company will need to be careful not to inform one regulator but forget to inform another.

13.25 These outcomes will likely lead to the regulators and/or agencies losing faith in the company’s commitment and ability to deal with the matters appropriately. 13.26 The guiding principle to managing these risks should therefore be one of transparency over the investigation progress, scope and findings. However, this needs to be within the bounds of reasonableness. If a regulator is not expressing an interest in a particular area, such as system and control weaknesses, then there is no need for constant updates. Instead, the company’s updates should prioritise the issues that the regulator is focusing on. 13.27 It is also important that the company demonstrates that it wants to take into account the regulator’s priorities. Updates should be two-way conversations.

Influencing the scope of the investigation 13.28 Where a regulator or enforcement agency is made aware of the company’s investigation, it may seek to influence the scope of the company’s enquiries to ensure these include matters which are of most significance to the authority. For instance, in a financial services context, a firm can anticipate the regulator will form its high level objectives from the following list: • •

consideration of the interests of customers, including quantification of any detriment to them, with a view to remediation where appropriate; identification of any individual responsibility; 129

13.29  Regulatory liaison and disclosure obligations • • •

identification of any senior management responsibility; appropriate action to be taken against individuals where they have been found responsible for misconduct; identification and remediation of weaknesses in systems and controls.

13.29 However, as is to be expected, the focus will vary from investigation to investigation. 13.30 Regulators and enforcement agencies may not provide input into every case. But by allowing the regulator the opportunity to consider and shape the investigation scope, it will maximise the chance that they later rely on the company’s findings rather than re-performing an investigation themselves. 13.31 Scoping discussions with the regulator also present an opportunity to define and contain the evidential universe. If a regulator has had no or limited discussions with the company as to where the evidence may lie – the custodians, the databases, the data types – they are more likely subsequently to make wide-ranging requests for information that may capture very large populations of data. 13.32 It may also be necessary to explore with a regulator its expectations with regard to the investigation of individuals. In the UK, the financial services regulators have had a long-standing interest in holding individuals accountable and they expect firms to actively look into individual responsibility and culpability for systemic failings. For instance, the FCA’s rules in relation to designated senior managers require them to conduct an adequate investigation where there are concerns about a staff member relating to compliance with regulatory standards.

Updating regulators throughout the investigation 13.33 Regular verbal progress reports to investigating agencies are likely to help maintain confidence that matters are progressing and that the company is continuing to address the issues appropriately. A company should also update the regulator on an ad-hoc basis where new significant matters or findings arise. These would include evidential breakthroughs, the identification of new types and instances of misconduct, and the involvement of additional individuals in the misconduct.

Provision of underlying evidence to a regulator 13.34 It may be that a regulator requests access to certain evidence held by the company. The regulator typically has a right to access all underlying evidence anyway (except that which is privileged) so any attempt to withhold information may ultimately backfire. However, it is reasonable and legitimate for the company to request that the agency exercises any statutory powers it may have to compel provision of the information from the company. This will serve to protect the company from claims by third parties that information was provided to the regulator wrongly or unnecessarily, and allegations of breach of a third party’s confidentiality. 130

Witness interviews and investigation reports 13.41

Witness interviews and investigation reports 13.35 The issue of whether to disclose to investigating authorities a company’s records of interviews with witness employees has become something of a contentious issue in recent times. 13.36 Interview notes are often, and perhaps deliberately, prepared by lawyers on behalf of the company. This may allow for an assertion of privilege over the documents. Such a claim to privilege may or may not be valid depending on the circumstances, but many companies have asserted this claim, often to the frustration of investigating authorities. Both the FCA and SFO have suggested that whether a firm provides them with interview records is a significant consideration in their assessment of the firm’s cooperativeness. 13.37 A  similar debate surrounds the provision of investigation reports to investigating agencies. Even where the reports are entirely factual and contain no legal advice, a claim to privilege can be possible and is often made. 13.38 The Law Society in the UK has commented in quite strong terms that adverse inferences cannot be drawn from a refusal to waive privilege and that no regulator or investigator is entitled to apply pressure to waive privilege.1 13.39 Whether to assert privilege over witness accounts and investigation reports ultimately comes down to a balancing of risks. On the one hand, if the company intends to assist an investigating agency with its enquiries, it is very difficult to do so without providing them with a summary of the factual findings that the agency can take away and properly analyse. The summary will inevitably refer to, or include, witness accounts. On the other hand, there is a risk that the factual report loses any privilege in the hands of the agency and becomes useful to a future adversary. 13.40 This second risk can, however, be significantly mitigated by ensuring that the report is purely factual and contains no opinions by the company as to whether there has been a breach of law (see more on this below). Regulators and prosecuting agencies in the UK are almost unanimous in stating that their key priority is to obtain a factual narrative and, so, this approach is often acceptable to them. 13.41 One option for firms in the UK to consider is to claim privilege over the witness accounts and investigation reports but disclose them to the UK agencies under a limited waiver of privilege. Such an option does not always exist in other legal jurisdictions and therefore an investigator must take care in relation to cross-border investigations that any waiver does not inadvertently compromise the company’s rights elsewhere in the world. The issue of waiver of legal privilege is considered further in Chapter 15.

1 www.lawsociety.org.uk/news/stories/legal-professional-privilege-guidance-law-societyconsultation/.

131

13.42  Regulatory liaison and disclosure obligations

Whether to include opinions of liability and regulatory breach 13.42 There is a consensus amongst legal advisers that it is unwise to include opinions as to liability or regulatory breach in reports to regulators. Arguably it is for the regulator to determine whether its rules have been broken. However, the position is not always clear-cut. For instance, the FCA Handbook requires firms to notify the FCA of significant breaches of its rules,2 which would seem to envisage firms making and reporting conclusions as to regulatory breach. 13.43 What can be said with certainty is that companies should prioritise a factual narrative and avoid prematurely definitive language in their communications with the regulator. In any event, a company is unlikely to be in a position to begin to draw a conclusion on regulatory breach until the investigation of the relevant facts has been completed in any event. 13.44 Where a firm considers notifying a regulator that an employee (as opposed to the firm) has committed a regulatory breach, it should have mind to any disciplinary process that has yet to complete. The firm may be susceptible to allegations that it is not conducting a fair hearing if it has already informed the regulator that the employee is culpable. For FCA-regulated firms there are also certain rules and requirements which need to be observed when investigating and reporting on employee conduct. This is explained more fully in Chapter 16 on conducting employee investigations.

Dealing with a related investigation by regulator or prosecuting agency 13.45 It should be relatively unusual for a company and an agency to investigate in parallel. The more common situation is where an agency is seeking to rely on or use the investigation work performed by the company. 13.46 Where, for whatever reason, a parallel investigation is in prospect, a company will need to take care not to prejudice the authority’s own investigation. This might be through accidentally tipping off a suspect, or through tainting evidence in a criminal investigation. Again, ongoing dialogue with the regulator will be of the utmost importance in these situations.

Co-operation credit 13.47 In many jurisdictions credit for cooperation can be obtained in the form of lesser penalties. The FCA penalty regime takes into account both the promptness of disclosure and the co-operation throughout the investigation.3 In the case of the SFO, cooperation is a necessary condition for the SFO to consider a Deferred Prosecution Agreement. The question of whether to cooperate with UK authorities and what this means in practical terms is considered in the next chapter. 2 FCA Handbook SUP 15. 3 www.handbook.fca.org.uk/handbook/DEPP/6/5A.html.

132

Chapter 14

Cooperating with Authorities and Corporate Liability 14.01 ▶ ▶ ▶ ▶ ▶ ▶

This chapter considers the following matters:

The concept of ‘corporate cooperation’. When and whether to cooperate with authorities. The status of the corporate entity and other initial considerations. Corporate liability for employee conduct. The different forms of cooperation and alternative options. Advantages, rewards and risks of cooperation.

Introduction 14.02 The question of whether to ‘cooperate’ with an external authority might appear straightforward to answer: most right-minded people would say a company should always cooperate with an investigating authority, where there is an allegation of wrongdoing. However, to do so may expose the company or its staff to significant risk – such as the risk of prosecution – and therefore a balance often needs to be struck between the public and private interests. 14.03 This issue of cooperation is important to internal investigations because it can influence how the investigation is conducted (including whether or not to undertake an investigation at all), what information is created by the investigation and how this is ultimately shared with an external investigating authority. 14.04 These are complex and sensitive matters which invariably will require guidance and advice from a company’s lawyers. 14.05 Nevertheless, this chapter is intended to provide a high-level view of what constitutes ‘corporate cooperation’ and how this affects a company which may be the subject of a criminal investigation.

Introduction to cooperation agreements 14.06 In many jurisdictions, particularly in the UK and the US, there is an increased expectation that where a company (or ‘corporate’) is the subject of investigation it will provide significant co-operation to the investigating authority. This heightened expectation extends not only to the degree of co-operation provided but also to the timeliness in which that co-operation is offered. 133

14.07  Cooperating with Authorities and Corporate Liability 14.07 In the UK, this trend is perhaps most starkly illustrated by the levels of co-operation exhibited by corporates who have entered into a Deferred Prosecution Agreement (DPA) with the Serious Fraud Office (SFO). The DPA was created by the Crime and Courts Act 2013. It is an alternative to formal prosecution which can only be extended to corporates. Under a DPA, a corporate must agree to certain conditions and/or a certain course of conduct, in exchange for which, prosecution will be deferred. At the end of the deferred period, if the corporate has complied with the stated conditions, no prosecution is brought. 14.08 DPAs have typically been offered in circumstances in which firms have promptly self-reported and provided on-going co-operation or, in the absence of selfreporting, provided extraordinary co-operation. Such levels of co-operation have been wholeheartedly endorsed by the courts as representing appropriate conduct. 14.09 The law provides various mandatory obligations for co-operation. Examples of such obligations include statutory duties to answer questions and/or provide information pursuant to investigations conducted by enforcement bodies such as Her Majesty’s Revenue and Customs (HMRC), the SFO and the FCA.1 FCA regulated firms are required, under principle 11 of the FCA’s Principles for Business, to conduct themselves in an open and co-operative manner with the FCA. Corporates are also obligated to obey court orders such as witness summons requiring attendance or the production of a document at court. Failure to comply with such obligations can result in significant penalties being imposed. 14.10 This chapter is principally focussed on circumstances in which the law does not compel co-operation. In instances in which co-operation is not mandatory, the decision of whether a company is to co-operate through, for example, self-reporting or through the manner in which they respond to an enquiry, investigation, or even a prosecution by a regulator or law enforcement body can involve the careful weighing up of different factors and considerations. These factors are considered in greater detail throughout the course of this chapter.

Defining co-operation 14.11 Co-operation may encompass a broad spectrum of interaction between a company and a law enforcement body. It may include any of the following: selfreporting; tailoring an internal investigation in accordance with the law enforcement bodies’ preferences; not asserting claims to legal professional privilege; not contesting allegations or charges; and acting as a witness. 14.12 What constitutes co-operation will depend on the specific circumstances of the case and the expectations of the law enforcement body concerned. Nevertheless, there are some key features which can be identified and which appear to be broadly recognised by a range of law enforcement bodies as significant features of co-operation. These are a combination of timely self-reporting, demonstrating 1

Criminal Justice Act 2003, ss  2(8) and 2(8AA); Financial Services and Markets Act 2000, s174; Serious Organised Crime and Police Act 2005, s 65.

134

Defining co-operation 14.17 genuine cooperation and providing continuous cooperation after agreement with an investigating authority.

Timely self-reporting 14.13 The FCA have mandatory self-reporting requirements including a requirement for regulated firms to provide immediate notification in relation to fraud.2 14.14 HMRC, in their guidance document for the corporate offences of failure to prevent the facilitation of tax evasion,3 seek to encourage co-operation through timely self-reporting by stating that such reporting will be viewed as indicative that a corporate has a defence to these offences.4 14.15 Prompt self-reporting in SFO cases involving Standard Bank and XYZ of bribery and corruption within their organisations were deemed as important indicators of co-operation when being granted DPAs.5 In the case of XYZ, a law firm was instructed within a week after concerns became apparent. The SFO was informed, initially orally, less than a month later that a self-report may be made by an ‘unidentified party’. The SFO was not made aware of the identity of the company for approximately five weeks. In the case of Standard Bank, a law firm was instructed within a week and the concerns were reported to the SFO within 30 days. Both cases suggest that, in the context of criminal investigations, whilst prompt self-reporting is encouraged there is no expectation that it be immediate and that a self-report may still be considered to have been prompt, notwithstanding that it follows a period of investigation of a number of weeks from discovery.

Genuine co-operation 14.16 Law enforcement authorities expect that any co-operation offered by a company will be real and genuine. This is likely to be determined by adopting a holistic view of a company’s interaction with the authority and the extent to which any information provided assists them with addressing or investigating the matter under consideration. 14.17 For financial services firms, the FCA  Handbook cites co-operation as an important consideration before an enforcement investigation and/or enforcement action is taken. It states that amongst the matters to be considered will be a firms’ overall history of conduct with the FCA as well as the extent to which they have

2 3 4

5

FCA Handbook SUP 15.3.17 Criminal Finances Act 2017, ss 45 and 46. Page 13 of the HMRC guidance: Tackling Tax Evasion: Government Guidance for the Corporate Failure to Prevent Facilitation of Tax Evasion states as follows: ‘in order to encourage relevant bodies to disclose wrongdoing, timely self-reporting will be viewed as an indicator that a relevant body has reasonable procedures in place’. SFO v Standard Bank plc, U20150854, per Leveson LJ para 14 and SFO v XYZ Ltd. U20150856, per Leveson LJ, para 16.

135

14.18  Cooperating with Authorities and Corporate Liability assisted the FCA in determining the facts in relation to the specific matter under consideration.6

UK DPAs 14.18 A UK DPA is an agreement reached between a prosecutor and an organisation which could be prosecuted, under the supervision of a judge. The agreement allows a prosecution to be suspended for a defined period provided the organisation meets certain specified conditions. DPAs can be used for fraud, bribery and other economic crime. They apply to organisations, never individuals. 14.19 The key features of DPAs are: • they enable a corporate body to make full reparation for criminal behaviour without the collateral damage of a conviction (for example sanctions or reputational damage that could put the company out of business and destroy the jobs and investments of innocent people); • they are concluded under the supervision of a judge, who must be convinced that the DPA is ‘in the interests of justice’ and that the terms are ‘fair, reasonable and proportionate’; • they avoid lengthy and costly trials; • they are transparent, public events. 14.20 DPAs were introduced on 24  February 2014, under the provisions of Schedule 17 of the Crime and Courts Act 2013. They are available to the CPS and the SFO.

How DPAs work 14.21 Under a DPA, a prosecutor charges a company with a criminal offence but proceedings are automatically suspended if the DPA is approved by the judge. 14.22 In investigations involving the SFO, it says that a company will only be invited to enter DPA negotiations if there was ‘full cooperation’ with the investigation. The SFO does not take self reports at face value but must separately establish the extent of the criminality. 14.23 If the negotiations go ahead, the company must agree to a number of terms, such as paying a financial penalty, paying compensation and co-operating with future prosecutions of individuals. If the company does not honour the conditions, the prosecution may resume. Arrangements for monitoring compliance with the conditions is set out in the terms of the DPA. 14.24 The Director of Public Prosecutions and the Director of the SFO have published a Code of Practice describing how they will use DPAs.

6

FCA Handbook EG 2.12.1

136

Status of the corporate 14.30

The DPA Code of Practice 14.25 The DPA Code of Practice cites co-operation as one of the principal public interest factors to be considered in determining whether a DPA should be granted. Paragraph  2.8.2 of the Code cites a number of matters to be considered when measuring whether co-operation has been provided: ‘In applying this factor the prosecutor needs to establish whether sufficient information about the operation and conduct of P has been supplied in order to assess whether P  has been co-operative. Co-operation will include identifying relevant witnesses, disclosing their accounts and the documents shown to them. Where practicable it will involve making the witnesses available for interview when requested. It will further include providing a report in respect of any internal investigation including source documents.’ 14.26 In the Rolls-Royce DPA judgment, Lord Justice Leveson, in granting the DPA cited Rolls-Royce’s ‘genuine co-operation’ with the SFO. This had extended to: deferring interviews until the SFO had had an opportunity to complete their interviews; providing audio of their internal interviews on request; disclosure of all interview memoranda despite the belief that some of the material was potentially subject to legal professional privilege.7

Continuous Co-operation 14.27 Law enforcement bodies expect co-operation to be on-going and continuous. This expectation stretches across both the regulatory and criminal authorities. 14.28 The FCA handbook, in addressing how it assesses co-operation, indicates that this is done by considering a firm’s interaction with the FCA over a period of time.8 14.29 The SFO have stressed, in various public statements made in the context of DPAs, the importance of any co-operation offered by a corporate being continual. The SFO has previously stressed how co-operation does not end with consideration of the corporates’ liability but it extends to the overall investigation.9

Status of the corporate 14.30 The starting point, before a decision is made regarding: (a) whether to cooperate; (b) the type of co-operation to be offered; and (c) the extent or degree of cooperation to be advanced is to consider the status of the company. This is essentially a consideration of the level of culpability that may be attributed to the company for the offence or infringement under consideration. Is the company a victim, witness or perpetrator? How is this status likely to be influenced by co-operation through, for 7 SFO v Rolls-Royce, U20170036, para 121. 8 FCA Handbook EG 2.12.1 9 www.sfo.gov.uk/2018/03/16/camilla-de-silva-at-abc-minds-financial-services/.

137

14.31  Cooperating with Authorities and Corporate Liability example, self-reporting to a law enforcement body? What consequences, in light of the company’s status, are likely to flow from co-operation? 14.31 Once the status of a company is established, this provides a platform in which an assessment can be made of the potential risks and benefits that may flow from co-operation or non-co-operation. 14.32 In circumstances in which an incident comes to light, prior to the involvement of a law enforcement body, establishing status will require careful internal consideration. Such consideration should involve senior management and the obtaining of legal advice at an early stage. In the event that an internal investigation is required, careful consideration should be given as to the size and composition of the investigation team and the extent to which internal and/or external lawyers should be involved in this process. 14.33 As explained elsewhere in this book, the scope and purpose of the investigation should be clearly defined. The more thorough and extensive the investigation, the more likely it is that this will enable the corporate to gain a clear idea of what happened, why it happened and consequently any potential liability that may flow from this. However, a thorough and effective investigation is also more likely to be of interest to an external investigating authority, thereby increasing the risk the company may need to disclose the output of its investigation including, for example, providing notes of interviews and a report of the investigation’s findings. 14.34 It is also worth remembering that law enforcement bodies view prompt self-reporting as an indication of co-operation. This is measured from the point at which wrongdoing is discovered. Whilst a thorough investigation is likely to assist in enabling a corporation to determine its status, this may take a significant length of time and may diminish credit in the eyes of a law enforcement body, in the event that self-reporting takes place thereafter. 14.35 Once a law enforcement body is alerted to an infringement or wrongdoing, either through self-reporting (by the company), their own enquiries or another source, the status of the corporate is likely, on the face of it, to become more apparent. Whether a corporate is deemed the subject or target of an investigation or as a potential witness, will ultimately become clear by the manner in which the law enforcement body engages with it and any specific statutory powers utilised to do so.

Rewards and risks of cooperation 14.36 A corporate’s decision as to whether or not to offer voluntary co-operation to a law enforcement body should involve careful consideration of the potential rewards and risks. These span the range from reduced penalties to significant reputational harm.

Reduced Penalties 14.37 The criminal justice system has long recognised the importance of incentivising defendants, whether individuals or corporates, to co-operate through 138

Rewards and risks of cooperation 14.42 not contesting proceedings and by entering guilty pleas to offences. The Sentencing Council Guideline on ‘Reduction in Sentence for Guilty Plea’ sets out a sliding scale of reduction with a guilty plea offered at the first stage of proceedings attracting a discount of one third and guilty pleas offered thereafter attracting a discount of one quarter to a maximum of one-tenth on the first day of trial. 14.38 Under the Serious Organised Crime and Police Act 2005, individuals who enter guilty pleas and offer voluntary co-operation with a prosecutor may be entitled to lesser sentences. 14.39 More recently, the DPA scheme offers an alternative disposal to corporates other than prosecution, for alleged criminal conduct, in exchange for full cooperation, an acceptance of various facts detailing the alleged conduct and an agreement to comply with the terms of the DPA. These terms include payment of a reduced financial penalty. 14.40 Provision is also made for reduced penalties, in exchange for co-operation, in the regulated sphere. The FCA handbook, in addressing case selection and the use of enforcement powers indicates that an open and co-operative relationship between firms and their supervisors will, in some cases where a contravention has taken place, lead the FCA to decide against taking formal disciplinary action.10 The FCA, in their ‘Decision Procedure and Penalties Manual’ in setting out their five step process for determining the level of penalty to be imposed against a firm for breach of regulations, indicates that the degree of co-operation shown by a firm during an FCA investigation, or any other regulatory authority allowed to share information with the FCA, may operate as a mitigating factor which reduces the level of financial penalty.11

Reputation 14.41 Reputational impact is a key consideration in most companies’ decision making process. The reputational damage or stigma which may be incurred through being associated with criminal proceedings or a regulatory breach can heavily impact upon a corporation’s financial health. It may influence whether customers, suppliers or counterparties decide to do business with them. 14.42 In the criminal sphere, DPAs have been lauded as offering significant reputational benefits for corporations who are subject to investigation and/or potential prosecution. In the Standard Bank DPA judgment, Lord Justice Leveson stated as follows: ‘For my part, I  have no doubt that Standard Bank has far better served its shareholders, its customers and its employees (as well as all those with whom it deals) by demonstrating its recognition of its serious failings and its determination in the future to adhere to the highest standards of banking. Such an approach can

10 FCA Handbook EG E.1.4 11 6.5A.3 The Decision Procedure and Penalties Manual.

139

14.43  Cooperating with Authorities and Corporate Liability itself go a long way to repairing and, ultimately, enhancing its reputation and, in consequence, its business.’12 14.43 A  corporation, by voluntarily co-operating with a law enforcement body through, for example, negotiating a DPA, has an opportunity to influence the public narrative regarding any alleged wrongdoing. It provides a corporation with an opportunity to steer public attention away from the wrongdoing and to shift it towards the corporations’ response to it. As illustrated in the case of Standard Bank, it can present an opportunity to make a very public statement regarding a company’s stance on crime, the strengthening of their compliance procedures and their on-going commitment towards good corporate governance. 14.44 The topic of reputation risk management, public relations and corporate communications is tackled in more detail in Chapter 19.

Further benefits 14.45 There are a number of potential additional benefits to a corporate by cooperating. It may permit the corporate to have a better insight into the progress of an investigation. There may be cost benefits to avoiding a long drawn out adversarial process and reaching a swift resolution to proceedings through co-operation in its various forms. As indicated when considering DPAs, co-operation may offer an alternative to receiving a criminal conviction which may have a real impact on a corporate, not only from a reputational perspective, but also in relation to their capacity to engage in public tendering. 14.46 Notwithstanding the potential rewards which may be generated from cooperating it is important that a corporate carefully assesses, whether, how and the extent to which it offers co-operation in light of the potential risks and/or detriment which may flow from this.

Loss of Control 14.47 In the absence of involvement of a regulator or law enforcement body, a corporate has complete discretion as to how they seek to address any findings of wrongdoing. It can dictate the direction and scope of any internal investigation, it can control the dissemination of information concerning its findings and, to a certain extent, it can determine the consequences which flow from its findings, such as taking disciplinary action against employees. 14.48 In the event that a company seeks to offer co-operation though self-reporting it immediately cedes an element of control to an external authority. Once a report has been made, the company loses some of its ability to influence the course of action that a regulator or law enforcement authority may take and the consequences which

12 SFO v Standard Bank plc, U2015854, para 22.

140

Conclusion 14.53 may flow from this. Not to mention that the company will no longer be in control of who receives information regarding the investigation. 14.49 The commencement of a significant investigation by a body such as the SFO may also attract unwanted media attention. In addition, there are increased expectations from bodies such as the SFO that, in the spirit of co-operation, a corporate will cede control over any internal investigation it is conducting and consequently tailor that investigation to the preferences of the law enforcement body.

Future impact 14.50 In criminal investigations, co-operation in and of itself, is no guarantee that a criminal prosecution, and all the consequences which flow from this, will not be pursued. Even in circumstances which attract an alternative to prosecution – such as a DPA – the investigating authority will still require the company to admit culpability in an agreed statement of facts. In the event that a prosecution is ultimately pursued – for example due to a breach of the terms of a DPA – the agreed statement of facts could then be used to successfully bring a prosecution against the corporate.

Penalties 14.51 It is in large part accepted, in both the criminal and regulatory guidance that co-operating through concessions of culpability or assisting with an investigation will attract reduced penalties. Nevertheless, there is an argument which is gaining increased traction amongst legal experts that the obligations imposed through DPAs are, in certain circumstances, more onerous than those which would follow if a company chose not to initially engage in such a process and then, in the event that it is charged, entered a guilty plea at the first available opportunity. 14.52 Such an approach would potentially entitle the company to the maximum discount on any penalty imposed when being sentenced but without agreeing to the more onerous conditions that may appear in any DPA. This is an attractive argument when one considers, for example, the total number of conditions imposed in the Rolls-Royce DPA. Not only was Rolls-Royce the recipient of a considerable financial penalty, involving the payment of a fine, costs and compensation, it was also required to comply with and incur the costs of a lengthy compliance programme. This is in addition to the costs it had already incurred in its efforts to cooperate with the SFO in the period leading up to the negotiation of the DPA.13

Conclusion 14.53 Notwithstanding the increased expectations on corporates to voluntarily co-operate with law enforcement bodies, this should not be done without due

13 SFO v Rolls-Royce U20170036, para 67.

141

14.54  Cooperating with Authorities and Corporate Liability consideration of a company’s status and the potential risks and rewards which may flow from such a course of action. 14.54 In circumstances in which a corporate initially decides to co-operate, it is prudent to continually keep the position under review, particularly where there any significant developments in the investigation which could potentially change its status or views on the risk reward benefit of maintaining a cooperative approach.

142

Chapter 15

Confidentiality and Legal Privilege 15.01

This chapter considers the following:

General duty of confidentiality. Company confidential information. ▶ Personal data. ▶ Client confidentiality/banking confidentiality. ▶ Legal professional privilege – general principles. ▶ Identifying the client. ▶ Legal advice privilege. ▶ Litigation privilege. ▶ Common interest privilege. ▶ Without prejudice privilege. ▶ Exceptions to privilege. ▶ Loss of privilege and waiver. ▶ Selective waiver. ▶ Disclosure to third parties. ▶ Expert witnesses. ▶ Maintaining privilege – practical considerations. ▶ ▶

General duty of confidentiality 15.02 In the context of internal investigations, it will nearly always be the case that the investigation is conducted on the basis that it is confidential. But what does this mean and what information is covered by confidentiality? 15.03 The starting point is the general duty of confidentiality. This will exist where: • •

the information shared by or with the investigation is of a confidential nature; and there is an obligation on the receiving party to keep that information confidential. (This does not need to be an express or written obligation – it can be implied by the circumstances in which the information is provided.)

15.04 To bring this to life a little, if an employee shares information with the investigation about the company’s unpublished financial data then this will plainly be confidential information – the company would not wish this to be made public without its permission. If the investigator has been instructed by the company to conduct an internal investigation into the mishandling of unpublished financial data and produce a report to the company’s Board then plainly it is intended the investigation will be and remain confidential, unless the company chooses to waive its right to confidentiality. 143

15.05  Confidentiality and Legal Privilege 15.05 Even where a company publicly states it will publish the results of an investigation into the company and/or its staff, this does not mean the investigation itself is public – invariably, it is the findings of the investigation which the company means it plans to publish, and not all the gory details of the steps and hard work taken beforehand to get to that point. 15.06 Normally, therefore, the general duty of confidentiality will apply throughout the conduct of the investigation. This is obviously critical because it allows the investigator to gather evidence in a way which provides appropriate safeguards to both the company and its employees about the way confidential information is shared and ultimately protected from publication or disclosure to third parties. With those safeguards in place, there is a much greater prospect that those concerned with providing information – whether they are a witness or an individual in possession of relevant evidence – will more fully cooperate with the investigation. 15.07 As well as the general duty of confidentiality, there are also specific types of confidentiality that may apply to information sought and gathered during an investigation. By taking steps to understand whether a particularly type of confidentiality applies to a document, the investigator will be better equipped to decide how that document should be preserved, protected and disseminated (if appropriate). 15.08

The key types of confidentiality are as follows:

• company confidential or proprietary information; • personal data; • client confidential information; • ‘inside information’, ie market sensitive information; • legally privileged information. Each of these is considered in turn below.

Company confidential or proprietary information 15.09 In theory all information which a company ‘owns’ is likely to be confidential – meaning any information which is held or controlled by the company and which has not been made public. 15.10 However, in practice, an investigation is most likely to be concerned with protecting what the company considers to be its proprietary information, meaning information that a company wishes to keep secret. 15.11 This type of information can include everything from a recipe for a soft drink to a particular formula, or a network security plan designed to protect the company from cyber-attack. It can also extend to a company’s financial data, employee data, salary structure, employment contracts and marketing plans. Proprietary information will also include the information an employee acquires while working for the company. 15.12 Depending on the significance of the proprietary information, it may be necessary in an investigation to take specific particular steps to avoid this information 144

Personal data 15.20 from being disseminated too widely or, if it is shared widely, ensuring the information is ‘watermarked’ so that any leak can be easily traced back to its source.

Personal data 15.13 Investigations routinely handle personal data and normally there will be a legitimate basis for doing so – for instance, because it is necessary to establish whether the company has infringed a rule or law and, if so, whether it needs to report it. 15.14 However, if personal data is not handled appropriately during the course of the investigation then this can create additional risk for the company, such as the risk of a complaint against the company, filed with the Information Commissioner’s Office (ICO), or – where large volumes of personal data are compromised – potentially a class action against the company.

What is personal data? 15.15 In general terms, personal data means information about a particular living individual. This can be anyone, including a customer, client, employee, partner, member, supporter, business contact, public official or member of the public. 15.16 It does not need to be ‘private’ information – even information which is public knowledge or is about someone’s professional life can be personal data. 15.17 However, it does not include truly anonymous information – unless the individual could still be identified from the details, for example by combining it with other information, in which case it will still count as personal data.

The UK data protection regime 15.18 In the UK, the handling and use of personal data is subject to the Data Protection Act 2018 (DPA  2018) which sits alongside the EU’s General Data Protection Rules (GDPR). 15.19 The DPA 2018 sets out the framework for data protection law in the UK. It updates and replaces the Data Protection Act 1998, and came into effect on 25 May 2018. It tailors how the GDPR applies in the UK – for example by providing exemptions. It also sets out separate data protection rules for law enforcement authorities, extends data protection to some other areas such as national security and defence, and sets out the functions and powers of the Information Commissioner. 15.20 Understanding how to handle personal data in the course of an internal investigation has always been important but the introduction of the GDPR and legislation under the DPA 2018 means that the penalties for getting data handling wrong have been significantly increased. Previously, the maximum penalty for a breach of data protection law in the UK was £500,000. Under the new rules a breach 145

15.21  Confidentiality and Legal Privilege can cost a company a financial penalty of up to €20 million or 4% of global turnover, whichever is higher. 15.21 The broad reach of the data protection regime and the complexity of that regime means it is beyond the scope of this book, which is intended as a practical guide for investigators. If an investigation is likely to handle large volumes of personal data or, indeed, large or small volumes of sensitive data (such as medical records) then it is advisable to first seek advice on how best to do so, and how to manage the risk of breaching the data protection rules. This advice may come from the company’s Data Protection Officer (DPO) or its lawyers, where a DPO is not in place. 15.22 Subject to the comments above, there are a few practical considerations concerning personal data that should be borne in mind when conducting an internal investigation and won’t necessarily involve taking legal advice. These are detailed in the table immediately below.

PRACTICAL TIP – HANDLING PERSONAL DATA 1.

2.

3.

4. 5.

6.

Always establish at the outset of an investigation whether there is a lawful basis for processing personal data gathered during the course of the investigation. This might include conducting an investigation in order to verify whether the company has a legal or regulatory obligation to report wrongdoing or a breach of a particular rule or law. Or it might involve obtaining express consent from an employee to obtain a copy of their HR file and/or disciplinary or attendance records. Where personal data is gathered ensure there are appropriate security measures in place to protect that data. For instance, password protect documents containing personal data and store any hard copy files in a secure location. When sharing evidence with internal or external stakeholders, such as the company Board or a regulator, take steps to ensure they are aware of their legal obligations to protect personal data and provide guidance on how they can manage any risk the data might be lost, stolen or otherwise compromised. Always consider in advance whether the inclusion of any personal data in written investigative materials or productions of evidence is necessary for the proper discharge of the investigation. Take particular care where you are handling data falling within the special categories, such as an individual’s medical records, evidence of criminal convictions or records of political or religious affiliations. If you come across evidence of this nature then it is advisable to seek advice immediately from the company’s DPO before doing anything further with the data. When creating written materials, such as witness statements and investigation reports, manage the risk of inadvertent breach of data protection rules by anonymising individuals’ details – for example using code names and masking details about their role or business unit 146

Client confidentiality 15.27

7.

8.

so that a third party, reading the document, cannot easily identify the individual using open (online) searches. Where there is a risk that personal data cannot be protected from disclosure or it is impractical to do so, consider whether to obtain in advance an individual’s consent to the disclosure and/or explain the basis on which their personal data will be shared, in order to manage the risk to the company of any subsequent complaint about the handling of that individual’s data. Ensure there are appropriate arrangements for the deletion of personal data once it is no longer necessary. The timing for deletion will depend on several factors, not least whether there is an ongoing investigation by an external authority or litigation proceedings relating to the issues investigated by the company.

Client confidentiality 15.23 Client confidentiality is the principle that a legal person (whether an institution or individual) should not reveal information about their clients to a third party without the consent of the client or a clear legal reason. 15.24 Client confidentiality is often the cornerstone of regulated professions such as law, banking and accounting. However, it also arises in the context of other services-related industries, for example utilities, and it appears in most customer contracts or terms and conditions issued by those industries. 15.25 In the regulated professions, the core principles of client confidentiality are that a party must keep the affairs of their client confidential unless disclosure is: • •

required or permitted by law; or the client consents.

15.26 If an investigation handles client confidential information then, as with personal data, it will be important to ensure appropriate safeguards are in place to protect the confidentiality of that information. 15.27 For instance, if part of an investigation involves the review of customer files then it will be important to ensure that: •

• •

the review is undertaken in a way which protects and maintains the confidentiality of the customers’ information – for example by reviewing the material in a secure environment and not taking hard copies which could be inadvertently lost or otherwise compromised; any subsequent disclosure of client confidential information – for example in an investigation report – is clearly marked as confidential; any recipients of client confidential information during the course of the investigation are provided with appropriate guidance on handling that information; and 147

15.28  Confidentiality and Legal Privilege •

production of the client confidential information, for example in response to a formal request from an external authority, is done in a manner which does not compromise the client’s right to confidentiality.

Inside information 15.28 Some confidential information will also constitute ‘inside information’ meaning, in simple terms: • •

information which is not public and which, if it was made public, would likely have a significant effect on the price of any securities, for example shares in a publicly listed company.

15.29 As with personal data, the rules governing what constitutes inside information and how it should be handled are complex and therefore probably beyond the scope of this book. 15.30 However, there will be instances where an investigation either handles inside information or where the fact of the investigation itself (and what it is investigating) may constitute inside information – because, if it was to become public knowledge, it could have a material impact on a company’s share price or related financial instruments. In either circumstance, the investigation will need to ensure appropriate protocols and safeguards are in place to manage the risk of inadvertent disclosure and thereby potential breach of the rules concerning market abuse. This includes creating and maintaining insider lists as well as ensuring those in possession of inside information fully understand their obligations to keep the information confidential.

Disclosure of client confidential information to regulators 15.31 The obligation to disclose information to a regulator may come in conflict with legal obligations to keep client information confidential. 15.32 In general, disclosure of client confidential information to regulators, or prosecuting agencies, is permitted where there is a legal obligation to disclose (for example under FCA Principle for Business 11, or as part of the suspicious activity reporting regime in the UK). 15.33 In situations where there is some uncertainty as to whether an obligation to disclose a customer’s identity exists, the safest course of action is to request that the agency/regulator uses its compulsory powers to require the company to produce that information.

Other jurisdictions 15.34 Some jurisdictions, such as Switzerland and Singapore, have a much more restrictive framework and advice from local counsel will be necessary if there is an intent to disclose confidential information relating to clients outside the UK. 148

Background 15.38

The law of legal professional privilege 15.35 The law of legal professional privilege arises so frequently in the context of internal investigations that it would be remiss if this book omitted to cover the topic. Consequently, the remainder of this chapter attempts to summarise in simple terms the law of privilege and the key legal issues that need to be considered when conducting an internal investigation. However, privilege is a complex legal area and therefore it is advisable to consult a legal expert if issues concerning privilege arise in the course of an investigation, particularly when dealing with a regulatory body or enforcement agency. In addition, it should be noted that the law summarised below is specific to England and Wales.

Background What is privilege? 15.36 Privilege is the right of any individual or firm to be able to consult a lawyer in confidence, without fear of having to disclose those communications. This is a fundamental legal right which has long been recognised under the laws of England and Wales. This right is enshrined in the concept of legal professional privilege (‘privilege’). The practical importance of this is that communications which benefit from privilege can be withheld from production, ie  they do not generally have to be disclosed in adversarial legal proceedings. Once established, privilege is an absolute right. It is not subject to the discretion of the court. Further, privilege is not just a rule of evidence but is generally considered to be a substantive right. For that reason, there does not need to be court or other proceedings on foot for it to be asserted. It is also available in regulatory proceedings, or following a request from the police or HMRC. For example, the Financial Services and Markets Act 2000, s  413 specifically provides that firms do not have to disclose to the FCA or PRA ‘protected items’(defined broadly to reflect the common law definitions of privilege).

Privileged communications 15.37 For these purposes the term ‘communications’ is widely drawn to include actual lawyer/client communications (for example phone calls, face-to-face discussions, letters, emails, and other electronic messages.) and evidence of such communications (for example file notes of calls). It can include copies of documents, draft documents, manuscript notes, meeting notes, diary entries, electronic records and databases, and other data files (including personal computer, laptops and smart phones), email records, hard drives, internet servers and any other electronically stored or retained files or logs (including tape recordings, telephone records, phone recordings, voicemails, instant messages or SMS).

Who can claim privilege? 15.38 Privilege belongs to ‘the client’ and not the lawyer, and can still be asserted even after the death of the client. Identifying who the client is will therefore be a key 149

15.39  Confidentiality and Legal Privilege consideration and is covered in more detail below. The client’s lawyer is bound by privilege, and may not disclose privileged communications to any other party unless the client has waived privilege, the communication has lost its privileged status, or unless a specific statutory authorities requires it (for example, the Law Society may require a solicitor to disclose documents, including those subject to legal privilege1). 15.39 Who is a lawyer: privilege can only apply in the context of the legal profession. It extends to qualified solicitors, barristers and foreign lawyers, and to properly supervised legal executives, trainees and other non-qualified staff. It also applies to in-house lawyers, but only in their capacity as legal advisers, and not in any other capacity, for example giving commercial or other advice. Privilege does not apply to any professional other than lawyers.2 The lack of privilege in legal or tax advice given by accountants, rather than legal professionals, means that advice on tax planning or tax avoidance strategy may need to be produced to HMRC in any tax investigations. When taking legal or tax advice from a non-lawyer, clients should therefore be mindful of raising sensitive issues about their current or past position. By comparison, when taking legal advice on tax issues from a lawyer, clients can generally be certain that they can have a full and frank discussion and that privilege will attach. 15.40 In-house lawyers: privilege cannot attach to communications produced by an in-house lawyer providing commercial or management advice, or any other advice which is non-legal in nature. Where a communication from an in-house lawyer contains both legal and non-legal advice, there is a risk that the entire document could fail to attract privilege, due to the lack of relevant legal context. Accordingly, in house lawyers should try to separate out legal and non-legal advice where practical in order to preserve any potential privilege in legal advice that may arise.

The importance of confidentiality 15.41 Central to all types of privilege is the requirement for confidentiality. A communication can only be privileged if it is also confidential. 15.42 Generally, once a document has been disclosed to another party, any privilege which may have attached to it will be lost as regards that third party. However, if a privileged document has been disclosed to a limited number of parties on the express term that it was to remain confidential and was not to be disclosed to further parties, then privilege can be maintained. Conversely, any widespread, unauthorised or inappropriate dissemination of privileged documents can fundamentally undermine the confidentiality of those documents, such that they lose their privileged status.

1 2

Solicitors Act 1974, Sch 1, para 9. (Prudential PLC and another) v Special Commission of Income Tax and another [2010] EWCA Civ 1094.

150

Legal advice privilege 15.43

Legal advice privilege 15.43 ‘A  communication between a client and a lawyer for the purpose of seeking or giving legal advice (including documents which report or summarise such communications)’. Legal advice privilege exists to allow a client to place unrestricted confidence in his lawyer. The essential ingredients are as follows. (1) Confidentiality: a document needs to be confidential for privilege to attach, although disclosure to a third party on express terms that the document is to be kept confidential will not, in itself, waive privilege as against the rest of the world. (2) A communication: documents produced by the client but not communicated to the lawyer are unlikely to attract privilege, if there was no mention of them being communicated. For example, a note prepared by the client, for its own use, prior to asking a lawyer for legal advice, is unlikely to be privileged unless there is an intention of communicating it to the lawyer.3 This also applies more generally to internal documents generated by the client (or its employees) even if they are necessary to provide information to the lawyer to enable him or her to provide legal advice (although such documents might be covered by litigation privilege). By contrast, there is generally no need for documents produced by the lawyer to be communicated to the client. The general rule is that anything committed to paper during the course of a lawyer’s retainer which the lawyer knows only because of the professional relationship with the client, will be privileged. This would apply to preparatory work, research notes, and internal correspondence commenting on the merits of a course of action or strategy. (3) Between a lawyer and client: legal advice privilege applies to communications between a lawyer and their client, and not between a lawyer and a third party. It is important to consider who the client is, particularly when dealing with corporate bodies or organisations. The courts have given a restrictive definition of client and have held that legal advice privilege only attaches to communications between the lawyer and a small group of employees who were actually charged with instructing lawyers4 and the seeking and receiving of legal advice on the corporate’s behalf. Accordingly, where the client is a corporate body or an organisation, care needs to be taken in defining who will be giving instructions to outside counsel, and to whom outside advisers should direct legal advice. It is important neither to draw the definition artificially wide, nor to be so restrictive so as to cause practical difficulties. Ordinarily the ‘client’ will include the board of directors or other senior management who are authorised to seek and receive legal advice on the corporate’s behalf. The ‘client’ will also include specific members of the corporate’s internal legal team. In practice, this means the ‘client’ tends to comprise those individuals in the firm with oversight and responsibility for the legal team and decision-making in relation to the investigation. 3 4

Three Rivers District Council and others v Bank of England [2003] EWHC 2565 (Comm) (Three Rivers (No 5). Three Rivers (No 5) and Re RBS (Rights Issue Litigation) [2016] EWHC 3161 (Ch).

151

15.44  Confidentiality and Legal Privilege Given the restrictions on who is the client, always be aware that: (i) a communication will not be privileged if it is sent to individuals outside the client group; and consequently (ii) it is important to restrict the circulation of privileged communications so far as possible on a need to know basis. (4) There must be a relevant legal context: legal advice does not mean just telling the client what the law is; it can include advice as to what should prudently and sensibly be done in the relevant legal context.5 Advice that is not given in the relevant legal context cannot attract privilege, for example business or investment advice (which can particularly be an issue for in-house lawyers).

Litigation privilege 15.44 ‘A communication between either the client and the lawyer, or either of those and a third party, for the dominant purpose of litigation where litigation is in progress, or reasonably in prospect’ Litigation privilege is based on the principle that a litigant or potential litigant should be free to seek advice from his lawyer in relation to litigation, and gather evidence (whether factual or expert) without having to disclose the advice or the results of his searches to his opponent. The communications or other document must be confidential, and have come into being for the dominant purpose of litigation which is existing, pending or reasonably contemplated.6 Litigation privilege can protect communications passing between clients and lawyer, or lawyer and third parties, but can also include working notes, or internal communications, and anything else which can be said to form part of the lawyer’s brief.7 (1) Litigation: litigation means adversarial proceedings in the High Court, county court, employment tribunal and arbitration (where English procedural law applies). The position is less clear in relation to other tribunals, public enquiries and statutory investigations, such as under the Companies Act 1985, Pensions Act 2004, the Financial Services and Markets Act 2000, or the Finance Act 2008. Such statutory investigations may commence as purely inquisitorial proceedings, but can develop into what would be considered adversarial proceedings, particularly where a fine or sanction may be levied, although the dividing line may not be clear. (2) Dominant purpose: the purpose does not have to be exclusively relating to litigation, as there is a general recognition that documents may be created for more than one purpose, although it will be insufficient if litigation is for a secondary or equal purpose.8 The court will objectively assess whether a document has litigation as its dominant purpose, and although it will consider

5 6 7 8

Three Rivers District Council and others v Bank of England [2004]  UKHL  48 (‘Three Rivers (No 6)’), citing Balabel and another v Air India [1988] 2 All ER 246, see also Behague v Revenue and Customs Commissioners [2013] UKFTT 596 (TC). The distinction between legal advice privilege and litigation privilege were summarised in Waugh v British Railways broad [1980] AC 521. Anderson v Bank of British Colombia (1876) 2 Ch D 644. Waugh v British Railways Board [1980] AC 521.

152

Joint interest privilege 15.48 whether the document states that it was prepared to enable the lawyer to advise on litigation, this will not be determinative. (3) Likelihood of litigation: a ‘reasonable prospect’ means more than a mere possibility, but not necessarily greater than 50%. This position is straightforward where proceedings have been issued. In other cases, litigation must be a likelihood and the matter ‘could well give rise to litigation in the future’.9 Recent case law has confirmed that, in claiming privilege, the party claiming it must be able to establish that it was ‘aware of circumstances which rendered litigation … a real likelihood rather than a mere possibility’.10 15.45 In circumstances where no formal investigation has been commenced by an authority it is best to assume that only legal advice privilege applies, unless of course there is a reasonable prospect of some other type of litigation (such as court proceedings against the firm).

Joint interest privilege 15.46 Joint interest privilege in a communication can arise: (i) when two or more people jointly retain the same lawyer; or (ii) where there is no joint retainer, but two or more people have a joint interest in the subject matter of the communication at the time that it comes into existence..11 15.47 • • • •

Where joint privilege applies:

the communication can be shared between the parties without risking waiver of privilege by breaking confidentiality; neither party can assert privilege against the other in respect of the communication; each party may be able to establish a right to access documents held by the other; and either party (or both parties) can assert privilege in respect of the communications against the rest of the world.

15.48 Joint retainer: where two or more people jointly retain a lawyer to advise them, each person is entitled to see privileged communications to which they were not a party, and none of the parties is entitled to claim privilege against each other in respect of those communications in litigation.12 Where one party has instructed a lawyer and obtained advice, and that party later enters into a joint retainer with other parties in respect of the same matter, those other parties will not be entitled to see the original instructions or legal advice obtained prior to the joint retainer. The original legal advice privilege is not usurped by joint 9

Westminster International BV and others v Dornoch Limited and others [2009] EWCA Civ 1323; see also Tchenguiz v Director of the Serious Fraud Office [2014] EWCA Civ 136 and Starbev GP Ltd v Interbrew Central European Holding BV [2013] EWHC 4038 (Comm). 10 Serious Fraud Office (SFO) v Eurasian Natural Resources Corporation Limited [2017] EWHC 1017 (QB). 11 R (Ford) v Financial Services Authority [2011] EWHC 2583 (Admin) (‘Ford v FSA’). 12 The Sagheera [1997] 1 Lloyd’s Rep 160.

153

15.49  Confidentiality and Legal Privilege interest privilege.13 Note that where one person instructs a lawyer on behalf of another (ie as his agent), then there is no joint retainer, and joint privilege does not arise. Joint interest: where a third party can establish a joint interest in the subject matter of a privileged communication between a lawyer and his client. Any dispute as to whether joint privilege exists depends on factual position at the time the communication was made. It is not enough that advice is given to someone who is interested in it because it affects his personal position. It is an essential ingredient of joint privilege that all those sharing it and the lawyers concerned knew, or from the objective evidence ought to have known, that they enjoyed legal professional privilege with the others.14 15.49 Relationships which have been held to give rise to joint interest privilege include: • • • •

company and directors (and sometimes company and shareholders); trustee and beneficiary; partners; and parent company and subsidiaries.

15.50 The courts have suggested that it is best practice for the retainer letter to make clear whether advice is being given to one party alone (such as the company or a limited liability partnership) or also to a number of identifiable directors or partners.15 If this position changes after the initial engagement then this should be documented.

Common interest privilege 15.51 Common interest privilege will maintain privilege in communications or documents that are disclosed to a third party which has a common interest in its subject matter or in litigation connected to it.16 Where common interest privilege applies, the receiving party can assert privilege against the rest of the world. 15.52 Common interest can apply to both legal advice privilege and litigation privilege, but the common interest must exist at the time of disclosure to the recipient (contrast with the position concerning joint interest privilege where the joint interest must exist at the time the communication was made). 15.53 Relationships where common interest privilege have been held to apply include: • co-defendants;17 • insured and insurer;18

13 14 15 16

Kousouros v O’Halloran and another [2014] EWHC 2294 (Ch). Ford v FSA. Ford v FSA, per Burnett J at para 39. Buttes Gas and Oil Co v Hammer (No 3) [1981] QB 223 (Buttes Gas) and Svenska Handelsbanken v Sun Alliance [1995] 2 Lloyd’s Rep 84. 17 Buttes Gas. 18 Guinness Peat Properties Limited v Fitzroy Robinson Partnership [1987] 1 WLR 1027.

154

Waiver or loss of privilege 15.58 • •

companies in the same group, including parent companies and subsidiaries;19 agent and principal.20

15.54 As it is possible for a party to give a limited waiver of privilege, the issue of whether common interest privilege exists between the original and receiving parties is likely to be less relevant in practice. However, this highlights the need to ensure that the terms of that (limited) waiver are carefully drafted and, if possible, agreed with the receiving party.

Without prejudice privilege 15.55 This is a specific type of privilege, which will prevent oral and written statements made in a genuine attempt to settle a dispute from being put before the court as evidence of admissions against the party which made them. The without prejudice rule exists to encourage parties to litigation to settle their disputes out of court. If parties are able to speak freely, knowing that anything that they say may not be used against them, then this should facilitate settlement negotiations. PAG v RBS21 confirmed that there could be without prejudice communications between a regulator and a regulated firm to settle enforcement proceedings. This is an important factor when dealing with regulatory investigations which may carry with them the risk of satellite litigation with third parties. 15.56 In the event that a claim to without prejudice privilege is disputed and the court is asked to determine whether it exists, it will focus on the substance of the disputed document. Merely labelling a document ‘without prejudice’ will not bring it in within the scope of privilege if it is not, in substance, a communication made in a genuine attempt to settle a dispute. Similarly, neglecting to label a document ‘without prejudice’ will not necessarily preclude it from being privileged. 15.57 Unlike the other types of privilege identified above without prejudice privilege is not absolute, and the court may disregard it when it considers that doing so is in the interests of justice. Further, without prejudice privilege cannot be unilaterally waived by one of the parties; both parties must agree to make the communications ‘open’. Also, a document which is protected by without prejudice privilege may become admissible for various reasons, for example as evidence that a settlement agreement was concluded and/or what the terms of that settlement were.

Waiver or loss of privilege 15.58 The word ‘waiver’ in commonly (and often loosely) used to cover a number of distinct scenarios in which privilege is found to have been lost. More accurately, one should talk about ‘loss of privilege’, which can arise when:

19 Berkeley Administration Incorporated and others v McClelland and others (Court of Appeal), 2 March 1994, unreported. 20 The World Era (No 2) [1993] 1 Lloyd’s Rep 363. 21 Property Alliance Group Limited v The Royal Bank of Scotland Plc [2015] EWHC 1557 (Ch).

155

15.59  Confidentiality and Legal Privilege (i) a party to litigation puts privileged material before a court; (ii) confidentiality in a document has been lost; (iii) a party has expressly or impliedly waived privilege 15.59 A particular issue can arise when a party provides privileged documentation to a public or regulatory body, with the aim of persuading that body to take, or not take, disciplinary or regulatory action. In those situations, it will be important to have made it clear, or, better, agreed, before providing the materials to the public body that either: (i) privilege was not being waived; or (ii) that it was being waived for a specific, limited purpose.

Privilege in regulatory investigations 15.60 Most regulatory and enforcement authorities have formal powers to compel individuals and companies to product documents and information. The Financial Conduct Authority has powers to compel the production of documents but, as mentioned above, it recognises the right of a firm to withhold protected items (privileged communications). Corporates will often negotiate with the relevant authority regarding the scope of documents sought, and the role of privilege in withholding certain documents or resisting disclosure entirely. If disclosing privileged communications to regulators, the confidentiality of the communication should be protected to ensure that privilege is not inadvertently waived. 15.61 As a result of considerations over who is the ‘client’ and the ‘likelihood’ test in establishing litigation privilege (as above), privilege does not attach to every communication. Inappropriate or unfounded claims of privilege are viewed unfavourably by regulators.

Competition investigations involving the European Commission 15.62 For competition investigations involving the European Commission, different privilege rules will apply. Critically, in those cases any communications with internal lawyers will not be protected by privilege. However, communications with external EU qualified lawyers can still benefit from privilege. Given these limitations, in the event of a competition investigation it is highly advisable to seek specific legal advice before embarking on any internal enquiries.

Privilege outside of England and Wales 15.63 We have commented here on the rules of privilege under the laws of England and Wales. The fact that a document is privileged under English law will be no answer to a foreign order for disclosure, and the foreign court will apply its own rules. This could lead to confidentiality being lost, and the document losing 156

Privilege outside of England and Wales 15.64 privileged status under English law. However, the English courts will not enforce a foreign order for disclosure of a document where it would contravene English law. 15.64 The privilege laws in Scotland and Northern Ireland are substantially similar. Equally, US law recognises the concept of privilege, although there are differences in the underlying legal principles on which it is advisable to speak to a US lawyer in the event an investigation involves a regulatory or other issue involving US authorities.

157

Chapter 16

Employees under investigation 16.01 ▶ ▶ ▶ ▶ ▶ ▶

This chapter considers the following:

The differences between an internal investigation and a disciplinary procedures. Risks associated with disciplinary hearings. Suspension of employees. Freezing deferred awards. Malus and clawback. Indemnification and insurance coverage.

Introduction 16.02 Many internal investigations will concern the conduct of individuals within the company and, ultimately, make adverse findings concerning their conduct and performance. Those findings may lead to a disciplinary procedure where the hearing manager, normally someone independent of the investigation, will be asked to make a finding as to whether the conduct merits censure and sanction. This may include a decision with regards to an individual’s pay and reward. 16.03 Alternatively, instead of, or as well as, a disciplinary process, the company may rely on the investigation’s findings to inform its decision on an individual’s performance for that financial year or, in some cases, for previous financial years and whether or not to reward that individual in light of the findings concerning their performance. In this chapter, such action by the company is described as a performance adjustment. 16.04 In addition, in the course of an investigation an employer may wish to take certain steps to mitigate its risk, such as suspending an employee or freezing deferred financial awards. 16.05 Many of these actions against an employee will only be available to the company or the hearing manager where they already form part of the employment contract. It is always important therefore for an investigator to check and confirm the terms of employment for individuals who may be the subject of adverse findings, or ask the company’s HR team to confirm the position. This will help better inform any subsequent conversation between the investigator and the decision-making body or the hearing manager tasked with deciding what action to take against an employee. 16.06 This chapter summarises how and when these actions may be applied and their relationship to an internal investigation. 159

16.07  Employees under investigation

Internal investigation vs disciplinary procedure 16.07 At various points in this book it has been emphasised that a distinction needs to be drawn between an internal investigation and an investigation for the purposes of a disciplinary procedure. In part, this is because there are specific legal requirements relating to the latter which can hinder the company’s ability to investigate on its own terms. 16.08 Nevertheless, at some stage the company’s disciplinary procedure may be invoked and the company’s HR team and/or a disciplinary hearing manager may seek to rely on the output from the company’s own investigation. It is important therefore that an investigator has at least a rudimental understanding of some of the key employee rights and guidance issued in relation to the conduct of investigations into an employee, and how this may impact on their investigation.

Acas Code of Practice on Disciplinary and Grievance Procedures 16.09 Any move to commence a disciplinary investigation and hearing must be done in accordance with the Employment Rights Act 1996 (ERA). 16.10 Any disciplinary and grievance procedure needs to be carried out in accordance with the Acas Code of Practice on Disciplinary and Grievance Procedures as supplemented by the non-statutory Acas guide on Discipline and Grievances at work, and any decision to dismiss must be done in accordance with the need to identify a statutory fair reason for dismissal and act reasonably. In relation to dismissal, employers need to adopt a fair procedure before the application of a disciplinary or capability procedure, with the employee informed of the case against them and given the chance to tell their side of events at a hearing, with the option to appeal. 16.11 Under the Acas Code, informal discussions may be more appropriate than formal action in certain cases. If the employer moves to a formal disciplinary process, this will require planning in terms of procedure and personnel, but the employer must be careful to avoid ‘pre-judging’ culpability and consequences for specific individuals. They should, for example, ensure that the process is in accordance with their disciplinary policy, has different people at each stage, and keeps to timescales. The allegation against the employee must be correctly framed. 16.12 Even where the employer is certain that an employee is culpable, that employee and any others involved must not be disciplined without an investigation taking place first. This must be a separate, independent process from the original internal investigation which is the focus of this book. While the level of investigation required will vary from case to case, it must be ‘reasonable in all the circumstances’ (objectively, through reference to the ‘band of reasonable responses’ (Sainsbury’s Supermarkets Ltd v Hitt1)).

1 [2002] EWCA Civ 1588.

160

Risks associated with disciplinary hearings 16.15 16.13 The key points for employers to note coming out of case law and Acas are that: •

• • • • •



• •



There may be requirements under the employer’s own procedure on who should conduct the investigation, and members of human resources or subject specialists may be best placed to take on this position. Those carrying out the investigation may need to have had appropriate training and may require briefing by Human Resources. Human Resources should ensure that the advice they give to an investigator does not include discussion of culpability. Employees do not have a statutory right to be accompanied at such meetings, but they may have a contractual one and this is good practice. The employer must keep the investigation confidential and, for example, avoid revealing names where this is possible. The Acas Code states that the investigation should take place ‘without unreasonable delay’. It is important that the employee is made aware of the case against them and the allegations on which it is based. Under the Acas investigations guide, it is best practice not to anonymise witness statements, except for in exceptional circumstances where the witness has a genuine fear of reprisals, as this may disadvantage employees in terms of their not being able to effectively challenge evidence. The employer has an implied duty of trust and confidence owed to the employee. The investigation must not go beyond what is necessary to establish the full facts, and the employee may have additional rights in their contract or in the firm’s policies and procedures. It is extremely important to keep records of the investigation in order to demonstrate compliance with the legal requirements, for example to demonstrate fairness. At the end of the investigation, the Acas investigations guide recommends drawing up a report setting out a summary of the matter, details of the investigation process, the investigation’s findings, the investigation’s conclusions and copies of documents and witness statements referred to. This investigatory stage should be separate from any additional disciplinary stage that may follow, with no suggested sanction or disciplinary outcome until the latter.

16.14 A  decision must be taken at the end of the investigatory stage whether to proceed to a disciplinary stage. Disciplinary hearings will then also have to be conducted in compliance with employment law. For example, the employer should provide the employee with a letter giving sufficient information about the allegations and their consequences, copies of documents/evidence on which the employer intends to rely, the names of witnesses who will attend, and as good practice a copy of the employer’s disciplinary procedure and information. Employees should also be informed of their right to be accompanied.

Risks associated with disciplinary hearings 16.15 As outlined at the outset of this book, an internal investigation is a factfinding exercise. It is intended to be separate from any disciplinary process that may be subsequently initiated in light of the facts established by the investigation. 161

16.16  Employees under investigation 16.16 Nevertheless, it will be apparent from the comments above that most disciplinary processes will involve some form of enquiry or investigation, led by a disciplinary hearing manager who will make a finding on the basis of the information that they obtain and review. This may include a disciplinary hearing where the employee is given an opportunity to present their evidence and put their case. 16.17 Consequently, there often is a blurring of lines between an internal investigation and the disciplinary process, particularly where the disciplinary hearing manager seeks to rely on information gathered in the course of the internal investigation. 16.18 Critically, where an internal investigation identifies evidence that suggests an employee has a case to answer for a disciplinary matter, such as a breach of a firm’s policies or procedures, certain risks arise. These can be boiled down into two core issues: (1) All documents disclosed to a hearing manager must also be disclosed to the employee. – This may be unpalatable where the documents contain sensitive information, such as findings in respect of the firm’s systems and controls. Any documents provided to the employee may be used as evidence in any subsequent employment tribunal proceedings, which are generally heard in public. – A particular risk exists where a document is legally privileged, such as an investigation report prepared by lawyers in the investigation team. If such a document is produced to the hearing manager, and thereby to the employee, it will most likely result in a loss of privilege over that document. This is because it has been provided for a purpose different to the one for which it was created. This loss of privilege may also infect the legally privileged nature of other documents produced as part of the investigation, rendering them liable to be disclosed as part of any subsequent litigation or regulatory enforcement proceedings. (2) If there are two separate investigations into the same issues, there is a risk of inconsistent findings. – The credibility of the internal investigation will be undermined if the disciplinary enquiry into the same matters arrives at different conclusions. This can prejudice a firm’s defence in any related enforcement proceedings or litigation. Again, legal privilege is an important consideration here, because any documents produced by the disciplinary investigation may not fall within the relevant exceptions for legal privilege. 16.19 Similar issues may arise where a firm decides to commence a review for the purposes of determining malus (adjusting or withdrawing an individual’s entitlement to a deferred bonus) or clawback (commencing an action to recover bonus already paid). This is explained more fully later in this chapter. 16.20 The employee has no right to a disciplinary hearing in relation to malus and clawback, however a firm will still need to make appropriate enquiries and create documents for these purposes, such as communicating its findings to the former employee and seeking that individual’s comments on the findings. Again, 162

Suspension of employee 16.23 there is a risk here of creating unprivileged documents that undermine the internal investigation’s findings or are otherwise helpful to an adversary. 16.21 With all these points in mind, here are some practical tips for managing these risks: •







At the outset of the internal investigation, where there is a risk of subsequent disciplinary proceedings, the investigator should seek to agree with the relevant stakeholder (for example the HR team) how they will produce documents and evidence to a hearing manager once the initial investigation has concluded. In particular, the investigator should consider preparing a separate report for the disciplinary hearing manager containing exclusively factual findings without any comment or opinion on the evidence. Critically, where the material generated by an internal investigation is privileged, the investigator will need to make sure that the separate report for the hearing manager does not contain any legal advice (or this may inadvertently waive the firm’s right to claim privilege over the advice). A  note of the internal investigation interview with the relevant employee can be particularly useful to the disciplinary process. Where the investigator wishes to provide the hearing manager with such a note, and that note is legally privileged then the company may authorise the investigator to provide the note on the basis of a limited waiver of privilege. This can present certain risks, most significantly that any successful challenge to the limited waiver could lead to a wider loss of privilege over some or all of the written material generated in the course of the internal investigation. If this risk is considered too great, then an alternative is to brief the hearing manager verbally on the contents of the interview. The drawback with this approach is that the employee will be free to give a new account of events at the disciplinary hearing which, without access to the note, the hearing manager may be in a difficult position to challenge. Where the interview note is not privileged in the first place, the internal investigation team may wish to confirm the accuracy of the note with the witness before the note is finalised (see Chapter 11 for more on this point). This is useful in the event that the individual produces new or inconsistent evidence in the disciplinary hearing. In those circumstances, the disciplinary hearing manager may use the account provided in the internal investigation to test the veracity of what is said by the employee in the hearing.

Suspension of employee 16.22 In certain circumstances, it may be appropriate for the company to suspend an employee who is under investigation. Any decision to suspend needs to be made in a timely manner and taken on the basis of an objective appraisal of the facts by a sufficiently independent person. 16.23 Acas’ non-statutory guide ‘Suspension’ gives some guidance. It states that in relation to a serious allegation of misconduct, suspension should not be used as a disciplinary sanction. It should never be an automatic approach for an employer when dealing with a potential disciplinary matter and an employee will usually be able to continue doing their normal role while the matter is investigated. 163

16.24  Employees under investigation 16.24 However, this may not be the case in relation to FCA- and PRA-regulated firms and there may be a regulatory expectation to suspend pending the conclusion of an investigation into an individual’s behaviour. Care needs to be taken in this context because a suspension may constitute a sanction, rather than an investigatory suspension, where this results in a suspension of the individual’s authorisation to undertake regulated activity. 16.25 Whether or not there is a regulatory issue to consider, suspension should usually only be considered if there is a serious allegation of misconduct and: • • • •

working relationships have severely broken down; the employee could tamper with evidence, influence witnesses and/or sway the investigation into the allegation; there is a risk to other employees, property or customers; the employee is the subject of criminal proceedings which may affect whether they can do their job.

16.26 The Acas guide states that employers should think carefully before suspending an employee, and consider other options (which they should use, if practicable), including the employee temporarily: • • • • • •

being moved to a different area of the workplace; working from home; changing their working hours; being placed on restricted duties; working under supervision; being transferred to a different role within the organisation (the role should be of a similar status to their normal role, and with the same terms and conditions of employment).

16.27 Other employment law considerations in relation to suspension should also be taken into account, including whether the employer is contractually entitled to suspend the employee. Unless there is a clear contractual right to suspend pay, the employee should be paid their normal pay and benefits. Other requirements in relation to any action taken, such as those relating to the forfeiture or freezing of deferred compensation, should be considered.

Freezing deferred awards 16.28 In the financial services sector, when an investigation identifies an individual who is the subject of investigation and there is a risk they may receive a deferred award (bonus entitlement) before the investigation concludes then it is common practice for the employer to ‘freeze’ (ie suspend) payment of the award until the company has had an opportunity to consider the investigation’s findings in relation to the individual concerned and whether these merit any further action by the company. 16.29 This is an interim measure deployed by employers but it can only operate where the employment arrangement permits, for example where the company policy provides that deferred awards are paid entirely at the discretion of the employer. This 164

PRA and FCA-regulated firms 16.35 action of freezing an award is distinct from the principles of malus and clawback described immediately below.

A brief introduction to malus and clawback 16.30 Many large companies, particularly listed entities, will have a remuneration scheme or policy that includes provisions enabling the company to recover and/or withhold sums or share awards in certain specified circumstances (in employment law parlance these are known as ex-post risk adjustments or performance adjustments). 16.31 Ex-post risk adjustments or performance adjustments allow companies to adjust previously awarded remuneration to take account of subsequent performance and potential risk outcomes thus enabling them to recoup variable pay in the event of a downturn in performance or a risk management failure. More often than not, the company policy in relation to performance adjustments will apply to those individuals who either form part of the senior management of a company’s business (principally board directors) or who have a material impact on the company’s risk profile. However, the policy may also apply to other, less senior employees. 16.32 Ex-post risk adjustments have become an important tool for companies to use where there have been findings of failure or employee misconduct as a means of reprimanding the affected individual(s) as well as acting as a deterrent to others. 16.33 The terms ‘malus’ and ‘clawback’ are often used interchangeably but in fact constitute distinct forms of ex-post risk adjustment. Malus is as an arrangement that allows the company to prevent the vesting of all or part of the amount of a deferred remuneration award, for example a financial bonus for the past financial year which is payable at a future point in time. Clawback is a contractual agreement whereby the employee agrees to return an amount of remuneration to the company in certain circumstances. This can be applied to both upfront and deferred variable remuneration. 16.34 Of the two types of adjustment, clawback is by far the more challenging to enforce because it is often strenuously resisted by the individual concerned and invariably requires the company to take formal steps, such as instituting court proceedings, for the recovery of the funds.

PRA and FCA-regulated firms 16.35 Firms regulated by the PRA and FCA are required to incorporate malus and clawback into their incentive arrangements. The Remuneration Part of the PRA Rulebook and the FCA remuneration code for dual-regulated firms states that: ‘A  firm should reduce unvested deferred variable remuneration when, as a minimum: • there is reasonable evidence of employee misbehaviour or material error, 165

16.36  Employees under investigation • •

the firm or relevant business unit suffers a material downturn in its financial performance, or the firm or relevant business unit suffers a material failure of risk management.’

16.36 As to what constitutes employee misbehaviour or material error, this can vary according to the individual facts of each case and the context in which the conduct occurred. For instance, the materiality of an error may be determined by the number of consumers affected or the impact of the error on the price of securities. 16.37 Underpinning the FCA and PRA rules are specific conduct rules which can apply to a range of staff within a regulated firm – the Conduct Rules and the Senior Manager Conduct Rules. 16.38 In the context of an investigation in a regulated firm, the question of what constitutes employee misbehaviour or material error needs to be considered alongside these rules. Any breach of one or more of these rules is highly likely to constitute grounds for a performance adjustment.

Who decides whether to make a performance adjustment? 16.39 In most cases, the decision-maker(s) for the purposes of determining whether the company ought to apply a performance adjustment will be the company’s remuneration committee (or RemCo). Consistent with the recommendations in the FRC’s UK Corporate Governance Code, the RemCo is the body responsible for all decisions concerning senior management and executive remuneration. However, in larger institutions, particularly regulated firms, where a performance adjustment is recommended in respect of a less senior individual then the RemCo may delegate its responsibility to a sub-committee. The term RemCo is intended in this chapter to include any sub-committees or its equivalent. 16.40 Where performance adjustments are an option, it will be important for an investigator to establish early on which body is responsible for making adjustment decisions and then familiarise themselves with the process so they are aware of the format and content of the information required by that body to reach a decision. This information is best presented objectively and without comment, to allow the RemCo to consider and reach a view. An investigator should also be prepared for the prospect of being called by the RemCo to explain parts of their report or produce additional evidence in support of their findings. 16.41 In practical terms, the task of the RemCo will be to ascertain where on the spectrum the employee misbehaviour sits, taking into account any previous precedent, and then, based on their assessment, to determine the appropriate level of adjustment to apply. On occasion, it may fall to the investigator to advise the RemCo of any precedent and to give their view as to the level of adjustment merited on the facts of the case. 166

Indemnification and insurance coverage 16.45

Indemnification and insurance coverage 16.42 Where a senior employee or officer of the company (for example a director on the company board) is under investigation and wishes to be legally represented the costs of that representation are often met by the employer company. Typically, this is because either: • •

the company has agreed to indemnify the employee for legal costs in certain circumstances, such as a formal investigation by an enforcement agency; or the employee is entitled make a claim against the company’s directors and officers (D&O) liability insurance policy.

16.43 D&O  insurance policies offer liability cover for company managers to protect them from claims which may arise from the decisions and actions taken within the scope of their regular duties. This includes cover for the costs associated with the defence of an allegation of a wrongful act, such as a breach of trust, breach of duty, neglect, error or misleading statement, committed or attempted by a director or officer whilst acting in this capacity on behalf of the company. 16.44 Ordinarily, the D&O policy will pay for defence costs and financial losses. In addition, extensions to many D&O policies also cover costs for managers generated by administrative and criminal proceedings or in the course of investigations by regulators or criminal prosecutors. Cover is typically triggered when a director or officer is identified in writing by the body instigating the investigation. 16.45 However, it is rare that a D&O policy will pay for an individual’s legal costs and financial losses associated with an internal investigation, unless the company has made a formal notification to an authority and the authority has directed the company to undertake its own investigation.

167

Chapter 17

Investigating senior staff 17.01 ▶ ▶ ▶





This chapter considers:

Senior management involvement in an investigation. Key considerations when investigating senior staff. Relevance and impact of the Senior Managers Regime on conducting investigations in regulated financial services firms. Corporate liability for employee conduct – the ‘guiding mind and will’ test.

Senior management involvement in the investigation 17.02 As explained in Chapter 4 on governance and decision-making, where a senior manager appears directly involved in the matters under investigation it will be important to ensure that there is no compromise of the independence of the governance of the investigation. This may mean that the senior manager can no longer sit on certain committees where the investigation is reviewed or discussed. Where this is impractical then separate governance arrangements for the investigation should be implemented. 17.03 Where it is likely that the behaviour of a senior manager may be subject to scrutiny by the investigation then it will be important to consider whether anyone undertaking the investigation or responsible for the investigation has worked under the senior manager and the extent to which there may be a consequent perception of conflict of interest. If actual or potential conflicts are identified then safeguards should be put in place to mitigate the risk of the senior manager exerting undue influence over the investigation, inadvertently or otherwise. 17.04 The rest of this chapter assumes relevant safeguards are in place and conflicts of interest have been managed accordingly.

Key considerations when investigating senior staff 17.05

Investigations into senior staff broadly fall into three categories:

(1)

Investigations into the specific behaviour of a senior staff member, for example false expenses claims (Conduct investigations). (2) Investigations into accountability and responsibility of a senior staff member for organisational failings or systemic misconduct, for example mis-selling of financial products to a cohort of retail consumers (Accountability investigations). (3) Investigations into senior management decisions that led to a potential criminal offence or civil breach by the company and whether those decisions are attributable to the company itself (Attribution investigations). 169

17.06  Investigating senior staff

Conduct investigations 17.06 With regard to the first category, there is no practical distinction between the way an investigation is undertaken to review the behaviour of a senior staff member and another, more junior member of staff save for the fact that a company may wish to put in place additional safeguards, as described above, to avoid the senior staff member inappropriately exerting influence over the outcome of the investigation. 17.07 Where these investigations do often differ is in the outcomes themselves. For instance, a senior member of staff will be expected to lead by example and set the right tone from the top of the organisation. Ordinarily, this means a company will have higher expectations of the behaviour from its senior staff. Any misconduct by a senior individual will therefore be viewed through that lens and the sanction for any disciplinary breach will be magnified, relative to a more junior individual. 17.08 This approach to a more onerous sanction against senior individuals is best exemplified by the way publicly listed companies and, in particular, financial services firms have incorporated rules concerning performance adjustments into their service agreements for senior staff. As explained in the previous chapter, these rules allow the company to withhold bonus awards or recover awards paid in certain circumstances where employee misconduct has been found or where the company has suffered losses as a result of a risk event, such as misstating its financial accounts. Performance adjustments are one way of conveying to a senior staff member the seriousness of their misconduct or failure. 17.09 Whilst adjusting remuneration is an important tool for censuring senior staff, the absence of this tool for junior staff sometimes means the options available to the company are more limited for the latter – companies are often restricted to written warning, demotion or dismissal. Consequently, the outcome can appear harsher (where it is not a written warning) when compared to the deduction of bonuses due or paid. 17.10 Whilst it is not the role of the investigator to decide on the appropriate sanction for breaches by an employee, they may well be asked for their view as to the seriousness of the conduct concerned. In those circumstances it is important that the investigator is aware of any precedents set by the company in dealing with similar or comparable behaviour in the past, and that distinctions are appropriately drawn between behaviour by junior and senior staff when comparing past examples to determine the seriousness of a present case.

Accountability investigations 17.11 As to the second category, investigations into accountability and responsibility are a well-trodden path in the regulated sectors. In particular, for a number of years in the financial services sector there have been specific rules and requirements in place for designated senior managers (the Senior Managers and Certification Regime or SMCR) which must be adhered to or they risk regulatory investigation and sanction. As is explained more fully below, these rules provide a roadmap for an investigator 170

Relevant evidence for senior manager investigations 17.15 when reviewing whether a senior individual was accountable or responsible for a particular failing or misconduct identified. 17.12 • • •

Key aspects of the SMCR regime are:

each firm will have a ‘responsibility map’ setting out how prescribed responsibilities are divided between senior managers; a more detailed Statement of Responsibilities will be prepared for each designated senior manager, setting out their individual responsibilities; a statutory requirement for designated senior managers to take reasonable steps to prevent regulatory breaches in the area of the firm for which they are responsible – this means that where a regulatory breach has occurred, the regulator is likely to expect that internal investigations seek to establish what steps the senior manager did and did not take to prevent the breach in question.

17.13 High level examples of behaviours falling within the second category of accountability investigations include: • •



• • • • •

knowledge of the misconduct within the senior manager’s area of responsibility but a failure to take appropriate action; failure to follow recommendations of internal reviews (for example internal audit reports, compliance reviews, controls reviews) or reviews and recommendations by external parties (eg  auditors, regulators) where that failure resulted in a significant loss event for the company and/or its customers; failure to take appropriate action over obvious red flags where there was subsequent significant misconduct by an individual or individuals for whom the senior manager was responsible, for example dealers using mobile phones at desks; dealers fraternising with dealers from competitor banks; sales people generating unusually sized profits compared to others; failure to take appropriate action when concerns were raised by staff; disregard of misconduct or policy breaches by the business area in question; responsibility for design of obviously poor control environment, for example proprietary traders sitting next to sales staff; absence of appropriate policies and procedures; failure to remediate known system and control weaknesses.

Relevant evidence for senior manager investigations 17.14 Helpfully, UK financial services regulators have indicated the type of records that they will seek to examine, in the event of a regulatory contravention by a firm, in order to determine whether relevant senior managers have acted reasonably. These types of evidential record are equally applicable in a non-regulatory context when a company is investigating whether its senior management should be held accountable for a significant failing within the company. 17.15 •

The types of record are broadly as follows:

key governance documentation, including any senior manager role descriptions and statements of responsibilities; 171

17.16  Investigating senior staff • • • • •

the output of any review undertaken by the senior manager to map their areas of responsibility, identify the risks in that area and implement remediation in response; organisation charts; board and committee meeting minutes; training records; and regulatory or key correspondence with external parties relating to the matter under investigation.

17.16 However, as many senior managers will recognise, board and committee meeting minutes often record only a fraction of the discussion and challenge at those meetings (and not always in a very helpful or transparent way.) Further, in many cases much of the challenge, discussion and debate leading to major business decisions occurs outside the forum of the meeting itself and is seldom recorded in a formal way. 17.17 In the absence of adequate record-keeping, it can prove very difficult (if not impossible) to reconstruct the rationale for individual management actions (or omissions) or decision-making and to defend the reasonableness of relevant actions or decisions taken by reference to the information that was available at the time. 17.18 Nevertheless, record-keeping is key to assessing a senior managers’ conduct either in respect of their contributions to collective decisions (which may since have transpired to have been misconceived) or in respect of their involvement in managing, mitigating or otherwise responding to the risks emerging from the part of the company’s business for which they are responsible. 17.19 With that in mind, listed below are the critical questions that investigators may wish to ask of a senior manager and the company about record-keeping practices and how they interrogate, record and deploy the management information that flows out of their firm’s governance framework in order to assess a senior manager’s conduct. •



Record-keeping generally: How does your business record challenges and decision-making? How does your business document actions and outcomes? Is this sufficient? Are record-keeping requirements clearly explained and complied with? How do you record your own decision-making? Do you take notes of your 1-2-1s? Do you document actions and track follow-up with your line reports? How do you record your own challenge? (Asking the right questions is only half the job. What about the answers? Are they satisfactory? If not, have you chased these down and recorded them?) Statements of Responsibility: Do you understand the scope of your responsibilities and your reporting lines? Are these clear and up-to-date? Are you new-in-role? Have you received/given an adequate handover? Have you carried out a robust ‘initial assessment’ of the business for which you are responsible within the first two months of your new role? Would you say, following this initial assessment, that you have a good working understanding of the business for which you are responsible and the applicable regulatory requirements, the risks arising from the business and how they are mitigated? Do you have adequate management information to support your oversight responsibilities? Do you have sufficient bandwidth to fulfil your responsibilities? 172

Relevant evidence for senior manager investigations 17.19 •



• •

• •



• •

Handover process and documentation: Has the firm produced internal guidance for senior managers in respect of handover procedures and the orderly transition between senior managers? Is there a process for recording the handover so that it is clear what information was provided between the parties? What assessment is made of the handover material to ensure that the transition is founded on information that is, accurate, practical and helpful, so that the new senior manager can prioritise actions and attend to urgent issues? Management Information: Is it fit for purpose? Is it timely and accurate? (Note the importance of quality over quantity.) Does it tell you what you need to know? Is it aligned with the key risks facing your business? Is your risk reporting only backward looking or is it forward looking as well? Are you interrogating it critically (both your own management information and what you produce for others)? Are you using it to challenge what you are being told by your line reports and/or other lines of defence? Delegation: Where you have delegated responsibility, is this recorded appropriately? Can the reasonableness of your decision be evidenced. Can you evidence the appropriateness of your ongoing oversight and monitoring? Performance Management: Do you document 1-2-1s with your line reports and agreed actions/objectives arising? Do you track follow-up? Can you demonstrate that you effectively challenge and hold your line reports accountable through the annual performance review processes? Organisation charts: Are these up to date? Do they reflect clear reporting lines/ areas of responsibility and are you able to articulate these when asked? Board and Committee meeting minutes: How effectively do these record discussion and challenge in key decision-making? If they do not, do you record and maintain your own records of your participation in collective decision-making? If not, how do you expect to reconstruct the rationale for key decisions and your own involvement in them up to 6 years after the event (which the regulators may require you to do)? What are the arrangements for circulation and review of draft committee minutes? Are committee members given an appropriate opportunity to make clarifications or amendments, where appropriate? Other communications: Where decisions are taken outside a formal structure, do you memorialise agreed actions in an email or briefing document which is circulated to relevant stakeholders to ensure ownership is apportioned and agreed? Does your firm ensure that emails and document management systems are archived properly and made accessible? Training and CPD records: Are you attending all relevant training and recording your attendance in an accessible log? Response to emerging issues: Regulators and authorities often assess the robustness of a firm’s culture and governance in particular by reference to its response in moments of crisis. Is the firm being open and transparent in its dealings with regulators in respect of notifiable events within the part of the business for which you are responsible, including systems and controls inadequacies? Are you taking prompt and thorough remedial action in respect of such issues? Is the customer impact arising from such incidents being appropriately considered and mitigated? Are you engaging SMEs where appropriate (whether internal or external) to provide advice and assurance, carry out root cause analysis and appropriate remediation? If so, are you implementing their recommendations appropriately? If not, what is your 173

17.20  Investigating senior staff



rationale for not doing so and is it reasonable in the circumstances? Have you learned the lessons from prior incidents and are you reading them across to other parts of the business? Is relevant correspondence with regulators being conducted with openness and transparency? Are key areas of interest or focus by the regulator being kept under close scrutiny and review? Resourcing in the second and third lines of defence: Are you confident your second and third lines are resourced appropriately and performing effectively? Are you challenging them on the scope and delivery of their annual monitoring and audit plans? Is second and third line headcount increasing in step with the expansion of your business? Are you responding appropriately to requests for additional resource? If you are refusing such requests, what is your rationale? Is it reasonable?

17.20 It should be apparent from the list of questions above that the range of evidence required is extensive if an investigator is asked to analyse senior management accountability and whether a senior manager discharged their responsibilities. As a practical step therefore where a senior manager is likely to be asked these questions in an investigation it may be more efficient to pass the questions to them in writing so that they can reflect on them, and direct the investigation to other individuals within the relevant business who may be able to assist in pulling together the relevant information. This may be all the more important where the senior manager is time poor and is still expected to manage their business whilst the investigation is ongoing.

Corporate criminal liability for employee conduct 17.21 Where an internal investigation is concerned with events which may constitute a corporate criminal offence, such as a failure to prevent bribery, it is important the investigator has a grasp of the ways in which corporates can be held criminally liable for the acts of their employees. The first is through what is known as the identity doctrine. The second is through statute governing specific offences. In both instances, corporate liability will be determined by reference to the level of knowledge of the issues and involvement in those issues on the part of senior officers and directors of a company. This forms part of the third category of investigation described at 7.05 at the start of this chapter (Attribution investigations). 17.22 Armed with an understanding of the principles on which corporate liability can be established, the investigator will be in a better position to identify and analyse any evidence that may be relevant to the company in making decisions about the scope and focus of the investigation as it progresses. For instance, by introducing information barriers to avoid infecting the evidence of certain senior officers within the company where there is a risk they might otherwise be tainted by knowledge of the investigation’s findings and they are liable to be interviewed by an authority at some future date about the events which are the subject of the investigation.

The identity doctrine 17.23 Under the identity doctrine, a corporate can be held criminally liable for the acts or omissions of its ‘directing mind and will’. Whilst the ambit of those who 174

Corporate criminal liability for employee conduct 17.28 fall into this category is uncertain, it is likely that it will involve individuals of a considerable level of seniority including officers of the company and those at or close to board level. 17.24 The leading case concerning the application of the identity doctrine is Tesco Supermarkets Ltd v Nattrass1 (‘Nattras’). In this case, Tesco was prosecuted under the Trade Descriptions Act 1968 for displaying a notice indicating that goods were being offered at a price less than at which they were actually being offered. This occurred because the manager of one of their branches had negligently failed to notice that he had run out of low-price packets. The House of Lords considered that the branch manager could not be held to embody the company as a whole, which made a due diligence defence available to Tesco under section 24 of the Trade Descriptions Act 1968. 17.25 It was further held in Nattras that corporate criminal liability may also arise where the board of directors has delegated part of its management functions and the delegate has full discretion to act independently of instructions from them. Applying this principle in Nattrass, the branch manager could not be identified with the company because the board was found not to have delegated any of its functions. 17.26 It has proved difficult for law enforcement authorities to attribute liability to corporates, for acts of employees, under the identity doctrine. This is not only because it generally requires the act to have been committed by an individual of a high level of seniority but because companies, particularly large multi-nationals, often have sophisticated management structures with decentralised decision making. This can make it challenging to identify who the directing mind and will of the company is.

Statutory liability – the ‘failure to prevent’ offences 17.27 Within the last few years, specific statutory offences have been created, under the Bribery Act 2010 (UKBA) and the Criminal Finances Act 2017 (CFA), which make corporates liable for failing to prevent offences committed by employees on their behalf. These offences have been created, in partial reaction to the problems in attributing liability to corporates under the identity doctrine. 17.28 Under section 7 of the UKBA a ‘commercial organisation’ can be held liable if a person associated with it (this includes employees) bribes others with a view to obtaining or retaining business or an advantage on behalf of the commercial organisation. The implications of this offence are far reaching. A corporate can be held liable regardless of whether they were aware that the bribery was taking place. The bribery may take place entirely overseas without any action having taken place in the UK. The only defence is for the corporate to demonstrate that they have adequate procedures in place in order to prevent bribery.

1 [1972] AC 153.

175

17.29  Investigating senior staff 17.29 Guidance offered by the Ministry of Justice sets out six key principles which are aimed at providing a framework for the procedures that should be put in place in order to prevent bribery. They are as follows: • • • • • •

Principle 1 – Bribery prevention procedures must be proportionate to the nature, scale and complexity of the organisation. Principle 2 – There must be top-level commitment within an organisation to bribery prevention. Principle 3 – There should be periodic, informed and documented risk assessments. Principle 4 – Due diligence should be conducted on business relationships, particularly if they are new. Principle 5 – There must be communication regarding bribery prevention and related issues through training and clearly communicated policy. Principle 6 – There should be monitoring and review of bribery issues as they arise.

17.30 Under sections 45 and 46 of the CFA, a corporate can be held liable for failing to prevent the facilitation, by associated persons (including employees), of UK tax evasion and failure to prevent the facilitation, by associated persons (including employees), of foreign tax evasion. There are two defences available, namely that the business had reasonable prevention procedures in place or that the business had good reason not to have prevention procedures in place. Much like the guidance provided concerning the UKBA, HMRC sets out six key principles which need to be illustrated in order to demonstrate that a firm has adequate procedures in place, namely: proportionate procedures, top-level commitment, risk assessment, due diligence, communication and monitoring and review. 17.31 The principles and guidance described above are a helpful roadmap for investigators to follow in the event a company institutes an investigation to determine whether an offence may have been committed under the UKBA or CFA. For instance, in the list of evidence to gather, it would be prudent for the investigator to include risk assessments and due diligence reports. This will assist the company in understanding whether it can avail itself of the adequate procedures defence.

176

Chapter 18

Whistleblowing and raising concerns 18.01

This chapter considers the following:

The UK legal framework in relation to whisteblowers. The UK regulatory framework. ▶ Best practice for whistleblowing policies and procedures. ▶ Confidentiality. ▶ Meeting with the whistleblower. ▶ Disclosures made in witness interviews. ▶ Feedback to whistleblowers. ▶ ▶

18.02 This chapter summarises the UK legal and regulatory framework in relation to whistleblowing and investigations into protected disclosures. A broad understanding of this framework is necessary for an investigator conducting an investigation in the UK given the probability that, at some stage, either they will be asked to investigate allegations by a whistleblower or during the course of an investigation an individual makes a potentially protected disclosure. In the latter case, it will be important that the investigator understands their and the company’s obligations as a result of any disclosure.

The legal framework Legal Protection for Whistleblowers 18.03 Employees who ‘blow the whistle’ at work are protected from being dismissed and from suffering any other detriment as a result of having done so. This right is enshrined in UK employment law in the Public Interest Disclosure Act 1998 (PIDA), which came into force in 1999 and inserted sections 43A to 43L and 103A into the Employment Rights Act 1996 (ERA). 18.04 Prior to PIDA, there was already a degree of legal recognition of the right of employees to disclose wrongdoing even when they were bound by a duty of confidentiality. There was also a common law duty on employees to alert their employer to the wrongdoing of other employees in certain cases. However, PIDA extended the degree of protection enjoyed by whistleblowers by: • •

making the dismissal of an employee or employee shareholder automatically unfair if the reason, or principal reason, for their dismissal is that they have made a ‘protected disclosure’; and protecting workers from being subject to any ‘detriment’ for making a protected disclosure. 177

18.05  Whistleblowing and raising concerns 18.05 Under PIDA, in order for the act of the whistleblower to benefit from protection, it must meet two tests: the ‘qualifying disclosure’ test and the ‘protected disclosure’ test.

Qualifying Disclosures 18.06 The act of the whistleblower must firstly be a ‘qualifying disclosure’. The requirements for a ‘qualifying disclosure’ are set out in section 43B, ERA, as follows: 1.

2.

There must be a disclosure of information. A disclosure could include any form of recorded information, including written (letter, email, the provision of data indicating wrongdoing etc) or verbally (by telephone, during a meeting etc). In order to avoid disputes relating to the contents of the disclosure, it may be prudent to request that the disclosure is made in writing or, failing that, to present the whistleblower with a written record of their disclosure for them to verify. The disclosure can include information where the person receiving the information is already aware of the information but it is being brought to their attention (ERA, s 43L(3)). It is crucial that the worker discloses information and doesn’t simply voice concerns or make an allegation. ‘Information’ should be given its ordinary meaning of ‘conveying facts’, ie  conveying specific facts rather than, for example, simply alleging that an employer is in breach of legislation without any factual evidence. However, English courts have also found that allegations could also be information and therefore qualifying disclosures if they included sufficient factual content and specificity. The disclosure must, in the reasonable belief of the worker, tend to show that one or more of six specified types of malpractice or failure has taken place, is taking place, or is likely to take place. The six specified types of malpractice or failure under section 43B(1), ERA are: • criminal offences; • breach of any legal obligation; • miscarriages of justice; • the health and safety of any individual being endangered; • danger to the environment; and • the deliberate concealing of information about any of the above. The disclosure does not have to concern past or present wrongdoing, but can be wrongdoing that is only likely to take place. It can include the conduct of an employer, employee, or third party (Hibbins v Hesters Way Neighbourhood Project1) and includes conduct that occurs outside the UK or that is a breach of foreign laws (ERA, s 43B(2)). In terms of the requirement for the disclosure to show that the wrongdoing has taken place ‘in the reasonable belief’ of the worker, this will require the worker to subjectively believe that the relevant failure has occurred or is likely to occur and that their belief is objectively reasonable, regardless of whether their belief is in fact correct (Babula v Waltham Forest College2).

1 UKEAT 0275/08/0710. 2 [2007 EWCA Civ 174.

178

The legal framework 18.08

3.

It is important to note here that the English courts have set a relatively low bar for the degree of belief required on the part of the worker. As long as an employee actually believes that the wrongdoing falls into one of the six categories, and it is objectively reasonable for them to do so, then the disclosure will meet this requirement. The disclosure of information must, in the reasonable belief of the worker making the disclosure, be in the public interest. This is a relatively recent requirement added by section 17 of the Enterprise and Regulatory Reform Act 2013 (ERRA), which amended section 43B(1) of ERA. It only applies to disclosures made on or after 25 June 2013. As with the framework for establishing a reasonable belief in wrongdoing, the worker must have subjectively believed that the disclosure was in the public interest and their belief must have been objectively reasonable (Chesterton Global Ltd (t/a Chestertons) v Nurmohamed3). Chesterton Global Ltd also set out some guidance for firms to interpret the public interest requirement, such as: • Belief in the public interest does not need to be the worker’s predominant motive for making the disclosure. • Where the disclosure relates to a breach of a worker’s own employment contract or another matter where the worker has a personal interest, particular features of a case may mean that it meets the public interest requirement, for example if the wrongdoing relates to a large number of persons whose interests are affected by the breach of the contract; if the wrongdoing relates to a very important interest, which is more likely to be in the public interest than a more trivial wrongdoing; if the wrongdoing is deliberate rather than inadvertent; or if the alleged wrongdoer is large or prominent. It is important to note the relatively low threshold for this requirement to be met and the potential for disclosures relating to matters that might appear on first view to be personal or private, such as ones relating to personal contracts of employment.

Protected Disclosures 18.07 Once it has been established that the act of a whistleblower is a ‘qualifying disclosure’, it must then additionally be established that it is a ‘protected disclosure’. The requirements for ‘protected disclosures’ are set out in sections 43C-43H, ERA. 18.08 To be ‘protected’ as a disclosure, the act must be made to one of the following categories of people: • • • •

The employer. The person responsible for the matter. Legal Advisers. Government Ministers, where the employer is a public body appointed by an enactment.

3 [2017] EWCA Civ 979.

179

18.09  Whistleblowing and raising concerns •



A  Prescribed Person (as designated in the Prescribed Persons Order 2014, which includes, for example, various public sector bodies, as long as the worker reasonably believed that the wrongdoing falls within that Prescribed Person’s remit and the information/allegation disclosed is substantially true). Wider disclosures to others, for example non-prescribed regulators, police, MPs, peers, and the media. The test for this is an onerous one however, and it requires that one of various other additional requirements are present, for example that the worker has previously disclosed substantially the same information to their employer or to a prescribed person

18.09 • •

Key points for an investigator to note in relation to the above are that:

it is likely that an ‘employer’ would be interpreted broadly to cover, for example junior employees or whistleblowing hotlines; for responsible persons, the worker must reasonably believe the wrongdoing relates solely or mainly to that person’s conduct or legal responsibility.

Is an investigation needed? 18.10 Given the legal framework described above, an investigator needs to be able to establish whether or not a ‘disclosure’ has been made. They should be aware of the many forms, written and verbal, in which disclosure can occur. It may be important for individuals within the investigation team to be made aware of and trained in whistleblowing procedures in order to identify potential disclosures and to rule out the possibility that the whistleblower’s act is misplaced, purely allegationbased, or purely a private complaint and therefore inappropriate for treatment as a whistleblowing disclosure. Above all, an investigator should not focus on their irrelevant, subjective views of whether they think the disclosure is protected, and they should instead consider the test of objectively reasonable belief on the part of the whistleblower.

The Financial Services Regulatory Framework 18.11 In recent years, whistleblowing has become an increasingly prominent issue within the financial services sector. The Financial Conduct Authority (FCA) has been keen to stress that it takes whistleblowing and firms acting to the detriment of whistleblowers extremely seriously. In the section of its Senior Management Arrangements, Systems and Controls sourcebook (SYSC) that deals with whistleblowing (Section 18) the FCA states that it: ‘would regard as a serious matter any evidence that a firm had acted to the detriment of a whistleblower. Such evidence could call into question the fitness and propriety of the firm or relevant members of its staff and could therefore, if relevant, affect the firm’s continuing satisfaction of threshold condition 5 (Suitability) or, for an approved person or a certification employee, their status as such’ (SYSC 18.3.9G). 18.12 This comes in the context of an increase in whistleblowing as a phenomenon: according to its most recent Annual Report, the FCA received over 1,750 separate 180

Requirements under SYSC 18 18.14 allegations of whistleblowing and managed and assessed 1,119 whistleblower reports for the year 2018/2019.4 In its Annual Report, the FCA also points to how it has increased its resources in its whistleblowing team and has rolled out whistleblowing training for its staff.5 18.13 The rules on whistleblowing are set out in SYSC, 18 and in the PRA’s Policy Statement PS  24/15. These require a firm to establish, implement, and maintain appropriate and effective arrangements for the disclosure of ‘reportable concerns’ by whistleblowers (SYSC, 18.3.1(1)). In the glossary to the FCA Handbook, there is a wide definition of the term ‘reportable concerns’: these include not just the ‘protected disclosures’ covered by employment law discussed above, but also any breach of a firm’s policies and procedures and behaviour that harms or is likely to harm the reputation or financial well-being of the firm.

Requirements under SYSC 18 18.14 SYSC18 contains certain minimum standards which a regulated financial services firm is required to observe in dealing with whistleblowers. In particular, firms must: • • • • • • •

• • •

Allow disclosures to be made through a range of communication methods. Ensure that they are able to handle requests for confidentiality effectively. Ensure the effective assessment and escalation of reportable concerns, including to the FCA/PRA. Have appropriate records of reportable concerns and up-to-date written procedures that are readily available to the firm’s UK-based employees, outlining the firm’s processes for complying with this chapter. Have reasonable measures to ensure that no person ‘under the control of the firm’ engages in victimisation of a whistleblower. Provide appropriate training for UK-based employees, managers of UK-based employees wherever the manager is based, and employees responsible for operating the firm’s internal procedures. Make prompt reports to the FCA about each case contested but lost before an employment tribunal where the claimant successfully based all or part of their claim on either detriment suffered as a result of making a protected disclosure or being unfairly dismissed under PIDA/ERA. Make an annual report to the firm’s governing body on the operation and effectiveness of their systems and controls in relation to whistleblowing. Ensure that their settlement agreements expressly state that workers may make protected disclosures and do not include warranties relating to protected disclosures. Have a ‘whistleblowers’ champion’ (see below).

In relation to the UK branches of overseas banks, both in the EEA and outside, the rules recognise that a firm may have concurrent reporting obligations to

4

See pp 9 and 16, FCA’s Annual Report 2018-2019: www.fca.org.uk/publication/annual-reports/ annual-report-2018-19.pdf. 5 Ibid, p16.

181

18.15  Whistleblowing and raising concerns home regulators. They are therefore required to inform staff of their FCA/PRA whistleblowing services, while UK subsidiaries within their group must make their whistleblowing channels available. 18.15 The ‘whistleblowers’ champion’ is to have responsibility for ensuring and overseeing the integrity, independence and effectiveness of the firm’s policies and procedures on whistleblowing, including policies and procedures intended to protect whistleblowers from being victimised because they have disclosed reportable concerns (SYSC, 18.4.4). For a UK banking firm, the whistleblower’s champion must be the FCA-prescribed senior management; for an insurer, it must be a director or senior manager; and for a ‘firm’ it must be a non-executive director (a firm that does not have a non-executive director would be expected to appoint one for this purpose) (SYSCC, 18.4.1).

Additional rules 18.16 While these rules are extensive, firms should be aware that they can clarify in their written procedures that there may be other appropriate routes for some issues, such as employee grievances or consumer complaints (SYSC, 18.3.2(3)). Nothing in the rules prevents firms from taking action against those who have made false and malicious disclosures (SYSC, 18.3.2(b)) (though firms should be extremely careful that they do not misuse this power, since if an investigation concludes that the disclosure was untrue, it does not automatically mean that it was raised maliciously by a worker), and firms may also operate their whistleblowing arrangements internally, within their group or through a third party (SYSC, 18.3.3(1)). Additionally, firms have to consider how to manage any conflicts of interest (SYSC, 18.3.3(1)). 18.17 Given this context, it is doubly important that regulated firms ensure they protect whistleblowers and do not breach a whistleblower’s legal rights. They also need to carry out effective internal investigations in order to get to the bottom of potential wrongdoing and identify the next steps for action. Carrying out internal investigations can help firms to understand and deal with issues of risk, and a failure to do so properly could have very serious consequences. The FCA encourages firms to be proactive, and recognises the importance of internal investigations as part of their systems of control; they also recognise the potential use that post-investigation reports can have for them in areas where they have their own concerns.

Firm systems and controls – other best practice for whistleblowing policies and procedures 18.18 Although there is no overarching statutory duty on an unregulated company to have policies and procedures on whistleblowing, there are nonetheless certain practical tips that can be gleaned from the FCA’s rules which may be helpful for investigators more generally when they are dealing with whistleblowing issues in a company. These include: •

Establishing a variety of reporting channels for employees to raise concerns (for example internal, external, or third party hotline providers) to enable a 182

Firm systems and controls – other best practice for whistleblowing 18.20

• • •







whistleblower to maintain their confidentiality. An instance of particularly good practice previously noted by the FCA was whistleblowers being given the option to give their contact details to a third-party hotline provider, without personal details being given to the firm. This allowed a ‘two-way dialogue’ for the whistleblower, but still protected their identity. Ensuring that while they have internal procedures, they make employees aware that they are not required to first raise whistleblowing concerns internally before contacting the FCA. Having a clear policy and procedures in place in order to securely store whistleblowing information and to protect the whistleblower’s confidentiality. Making sure that the firm’s investigation processes are clear and welldocumented. This should provide a clear and consistent approach for those responsible for operating the firm’s arrangements and should include information on how to protect a whistleblower’s confidentiality, how to assess and grade the significance of information provided by whistleblowers, and how to help the whistleblowers’ champion when asked to do so. Documenting and embedding the company’s approach to preventing victimisation across their whistleblowing arrangements, ensuring that the necessary measures and safeguards are in place to protect whistleblowers from retaliation or being otherwise disadvantaged. Including information in policies and procedures on when feedback will be provided to a whistleblower and how much information will be given. It is best practice to manage a whistleblower’s expectations in terms of what action they can expect and give them clear timescales for providing updates. Having a designated point of contact. This could be either an individual or a team contact, as is considered appropriate.

18.19 • •

• • • • • •

Other elements of good practice are:

To treat all disclosures made seriously and consistently. To provide support to the worker. It is important to recognise that the period during and after they make a disclosure can be a challenging time for an employee, and it is good practice for the company to provide support to them through access to mentoring, advice and counselling. Providing the worker with access to mediation and dispute resolution to help rebuild trust and relationships in the workplace is also good practice. Reassuring the whistleblower that their disclosure will not affect their position at work. Documenting whether the whistleblower has requested confidentiality. Documenting any decisions or action taken following the making of a disclosure by a worker. Recording the number of whistleblowing disclosures that the firm receives and their nature. Maintaining records of the date and content of feedback provided to whistleblowers. Conducting regular surveys to ascertain the satisfaction of whistleblowers.

18.20 Additional, non-statutory guidance on best practice is available from various bodies. This includes the Department for Business, Energy and Industrial Strategy’s Guidance for Employers and Code of Practice, the FCA’s and PRA’s guidance 183

18.21  Whistleblowing and raising concerns (such as the FCA’s Review of firms’ whistleblowing arrangements for Retail and Wholesale Banking); the Acas Whistleblowing in the Workplace Guidance; and the Whistleblowing Commission’s Code of Practice.

Confidentiality 18.21 It is extremely important that a company maintains confidentiality of the identity of a whistleblower unless they are required by law to disclose it. Conversely, a company should manage the expectations of a whistleblower in circumstances where it is unlikely that speculation about their identity can be avoided. This extends to the internal investigation itself, where there will also be the need to deal with requests for confidentiality from witnesses. It is also important that the company make it clear that it may be necessary for the identity of witnesses to be disclosed. This topic is discussed in more detail at Chapter 9 on handling witnesses.

Status of disclosures made in witness interviews 18.22 As explained in Chapter  10 on conducting interviews, an investigator needs to be alert to the possibility that a witness may make a protected disclosures during an interview and that this may effect the witness’ status and rights. In those circumstances, the investigator should be ready to respond and ensure appropriate safeguards, along the lines outlined above, are put in place to protect the witness / whistleblower.

Feedback to whistleblowers and escalation beyond the firm 18.23 Wherever possible, it is important that a company is able to give feedback to a whistleblower both during an investigation – so as to manage their expectations around the outcome and timing for conclusion of the investigation – and afterwards so the whistleblower is aware of any remedial action taken in response to the concerns raised. By maintaining an open channel of communication with the whistleblower, the company can better manage the risk that the whistleblower might otherwise escalate or publicise their concerns before the company has concluded its investigation or had an opportunity to tackle any issues identified in response to the whistleblower’s report. Further, if the whistleblower sees that the company has taken their concerns seriously and responded to them by making changes, this will send a positive message about the company’s culture and its desire to effect meaningful change.

184

Chapter 19

Press, PR and Corporate Communications strategy 19.01 ▶ ▶ ▶ ▶ ▶ ▶ ▶ ▶

This chapter covers the following:

The importance of a good corporate communications strategy. Preparing a communications playbook and cascading messages. Strategies for handling leaks of information. Communicating with employees under investigation. Communicating with former employees. Communicating with an employee’s legal counsel. Parliamentary enquiries, commissions and committees. The Listing Rules and obligation to disclose.

The importance of a good corporate communications strategy 19.02 For the purposes of this book, corporate communications means any communication by a company with its primary stakeholders, meaning its employees, its customers, the press, politicians and the public at large. For practical guidance and an outline of the principles governing communications with regulators please see Chapters 13 and 14 on regulatory liaison and cooperating with authorities as well as the commentary earlier in the chapter on immediate priorities (Chapter 3). 19.03 This chapter focusses on circumstances where there is an investigation underway and the company needs to develop a formal and potentially detailed corporate communications strategy. However, the principles outlined here are equally applicable to communications of a less formal nature and how, at a practical level, the company can communicate with its stakeholders where it also needs to protect its investigation and those who may be under investigation. 19.04 The guidance included here is not intended to displace a company’s existing corporate communications strategy, particularly where it maintains a dedicated PR or Corporate Communications team which can advise on how best to communicate with affected stakeholder groups. Instead, it is designed to complement any existing arrangements by providing a few tips and thoughts based on actual experience of how the investigator can help make the communication process more effective and avoid some of the pitfalls.

185

19.05  Press, PR and Corporate Communications strategy

First steps Identify who you need to communicate with 19.05 Typically in an investigation there will come a point in time, sometimes at the very outset, where a firm will need to communicate with its employees. For instance, to confirm that an incident has occurred and that the firm is investigating it. Or, more seriously, to communicate the company’s dissatisfaction with behaviour and its expectation that any similar incident will result in severe penalty, such as immediate dismissal. 19.06 Chapter  16 on investigating employees deals with the importance of communicating with specific individuals under investigation for the purposes of preventing future misconduct. (For example, where the incident is limited to a specific trading desk.) This chapter is concerned with communicating with a wider body of employees. Giving thought to this topic is not just about managing future risk but also because it makes good business sense for a company wishing to appropriately control information about an incident, either to avoid inadvertent reputational harm or to mitigate the risk of prejudicing the investigation or its subjects. 19.07 It is critical therefore that the investigator considers at the outset what potential communications may be required or desirable. It is also sensible to seek out any expertise within the company that can advise how best to communicate information. This is not just about understanding the company’s relations with its stakeholders – it is also about understanding the mechanics for communicating. For instance, does the company normally host a ‘town hall’ when it wishes to communicate potentially significant information or does it only use email or other media? Deviating from the norm can, of itself, convey a certain message. Sometimes, this will be positive – for instance, the company is taking this very seriously – and sometimes negative – such as, the company isn’t taking this seriously enough. The latter effect is often most prevalent where the company fails to say anything but most of its staff are already aware of the incident or issue.

Additional considerations 19.08 As with the formal investigation, it is important that any significant internal or external communications have been properly tested by relevant experts and approved by an appropriately senior individual. (Or, alternatively, that an accountable individual has been identified with responsibility for ensuring the accuracy of the communication.) This is not a question of drafting by committee but, as outlined above, a matter of ensuring the company has accurately identified the stakeholder audience and that the communication is appropriately tailored for that audience. 19.09 For instance, the message to customer-facing teams may differ from those in support or operational functions. For the former, the communication may consider how the customer may feel or react on hearing of the issue which is the subject of an enquiry. For the latter, the communication may be more in the nature of a ‘stay alert’ message – to ensure that any additional emerging risk or issues similar to the original 186

Regularly communicate with employees 19.16 incident under investigation are swiftly identified and acted upon to prevent further harm to the company or its customers. 19.10 As noted above, it is also important to consider how a firm normally communicates and to be consistent unless there are good reasons for deviating for the norm. 19.11 An alternative approach may be necessary where one of the issues under investigation is the effectiveness of the firm’s communications. For instance, if there are allegations that staff were not adequately aware of specific policies or requirements that had been publicised via a firm’s intranet page then it is worth noting this lesson for the purposes of deciding on a future communications strategy. 19.12 As well as deciding how to communicate, it is also important to consider when to communicate. A decision on timing can be driven by both the needs of the investigation and also factors outside the control of the investigative team, such as a press statement by the company’s regulator, an investigating authority or a leak to the press. 19.13 Consequently, it is important to be prepared with both a reactive and proactive communications strategy. This is discussed further below in the context of leaks and preparing a communications playbook.

Regularly communicate with employees 19.14 If the investigation concerns a matter which is or is likely to be known to a broad group of people within a company then it is prudent to brief staff and provide them with appropriate information to avoid unnecessary speculation which can inadvertently effect the investigation, such as damaging written communications which subsequently prejudice the company’s ability to reach a fair resolution with authorities. In particular, any internal communication should remind staff of their obligations – for instance, not to communicate with the press except by official channels. 19.15 In deciding whether to issue an internal communication of the nature outlined above, it is worth considering ‘the water-cooler test’. Two employees are standing by a water cooler. If there is a more than 50% chance that one of them will say ‘did you hear about x’, where ‘x’ relates to the matters under investigation, then the company should communicate with its employees about the incident or conduct in question. By issuing an internal communication the company will have a better chance of maintaining control of the situation, avoiding unnecessary and potentially harmful speculation about the issues under investigation. 19.16 Investigators should also be aware that their presence and the steps taken by their team can also communicate certain information. A  company whose staff routinely wear casual clothes to work will not appreciate the investigating team appearing on its premises wearing dark suits and carrying leather briefcases if the 187

19.17  Press, PR and Corporate Communications strategy investigation is supposed to be conducted subtly or, more significantly, covertly. Communication is as much therefore about what you do and how you appear, as it is about what you say.

Leak strategy 19.17 In cases affecting regulated and publicly listed companies, leaks to the press are a regular occurrence and show no signs of abating. Leaks can be driven by disaffected employees, subversive PR strategies and unofficial regulatory policy – for instance, a well-placed leak can place a firm under inordinate public pressure to reach early settlement with a regulator where the firm is perceived to be intransigent. 19.18 Unfortunately, when leaks occur, much time is often devoted to investigating the source of the leak diverting important personnel and resource from the investigation. (A typical response of senior management to a leak is to immediately initiate a separate investigation into the source of the leak. Where resources are scant, the leak investigating team is often the same team which is responsible for looking at the original incident.) 19.19 Nevertheless, there is often a regulatory or public expectation that a company will investigate the source of any leak, particularly where it concerns ongoing dealings with an authority. Whilst the outcome of any such investigation might result in a corporate communication, it is imperative that a company is able to respond quickly to any leak and swiftly diffuse any adverse commentary. 19.20 With that in mind, there are certain steps a company can take at the outset of an investigation to place it in a better position in the event there is a leak, namely: • •

to identify a key point of contact in the company’s press office or PR firm who is briefed on the issues under investigation and who receives regular progress reports;1 to have a reactive statement ready, agreed upon with the press officer/PR representative, in the event there is a leak.

19.21 When adopting this course, it is important to ensure the appropriate confidentiality requirements are in place with the relevant point of contact and that the company has an established relationship of trust with them. 19.22 Inevitably, the reactive statement may be a simple ‘no comment’. However, by briefing the press officer/PR representative the investigator can help them understand why no comment can be given and this in turn will empower them to more robustly defend the company’s position (and therefore its interests). This information will also assist them in advising the company appropriately on its corporate communications strategy and whether it is appropriate to provide background briefings (which should be treated as ‘off the record’ but can often help contextualise and thereby diminish the impact of any allegations). 1

As explained in Chapter 14, care needs to be taken when briefing individuals who are outside the ‘client’ circle to avoid any inadvertent waiver of legal privilege.

188

Prepare a playbook 19.29

Prepare a playbook 19.23 For major incidents, a communications playbook is critical. This should be a document prepared in advance of publication of any investigative findings with agreed text to be used for each relevant stakeholder group. 19.24 A communications playbook goes beyond a press statement and anticipates the stakeholder audience that is most relevant to the message a company needs to deliver and the order in which a company needs to deliver that message. The playbook then contains a copy of each message tailored to each stakeholder group. 19.25 It may also be necessary in certain circumstances to issue a statement to the markets using the Regulatory Notification Service (RNS) ahead of making any other public statements about the matters under investigation. (See also section below on ‘Listing Rules and obligation to disclose’.) 19.26 A draft playbook should be prepared at the earliest opportunity once the investigation has adequately settled its findings – this may be before production of a report to a regulator, for instance. It may be useful to discuss with a company’s press office or PR representative the timing for preparing a playbook if it is anticipated there may be publicity, a leak or public scrutiny of the company before it has completed its investigation. Once drafted, a playbook should be regularly reviewed and updated to reflect the progress of the investigation or any dialogue with a regulator, for example. 19.27 A  playbook should contain appropriate text to deliver the company’s message to each of the firm’s primary stakeholder groups, including customers, investors, shareholders, industry bodies etc. Although this sounds like a significant task, it can be kept relatively simple by using set text (for example to describe the issues investigated) and then tweaking the wording according to the audience. It is also worth bearing in mind here that the description of the event or any settlement with authorities is highly likely to contain agreed wording which can then form the foundation for the text of each stakeholder communication. 19.28 A good playbook will also be bolstered by a statement of Key Facts and a section of frequently asked questions and answers (often referred to as Q&A or FAQ) for press, staff and public. This can then be used to draft appropriate wording for the script used by a company’s customer relations team or equivalent centre in response to customer enquiries. 19.29 Finally, the playbook should incorporate any press statement which needs to be issued in response to a regulatory finding, for instance a Final Decision Notice published by the FCA against a regulated firm. Whilst the content of this statement can normally be settled some time in advance of publication of the authority’s findings, it may be necessary to make some adjustments to the draft in response to any comments the authority has indicated it plans to make. For example, several of the UK regulators will normally share their draft press statement shortly in advance of publication, in order to give the company an opportunity to prepare a reactive statement, normally published consecutively to the regulator’s press release. 189

19.30  Press, PR and Corporate Communications strategy

Communications with employees under investigation, former employees and their independent legal counsel 19.30 Although it may not feature in a communications playbook, when deciding upon and implementing a corporate communications strategy, it is also important to consider how best to communicate similar information to employees under investigation, former employees and their independent legal counsel. 19.31 Understandably, a company may not be willing to share information with employees who are still the subject of scrutiny (either by their employer or by an authority), or who have been suspended or dismissed. However, it is important to strike a balance which manages the company’s interests with any ensuing prejudice that might arise by failing to communicate appropriate information to an affected individual. That prejudice can manifest in the form of adverse statements made to the press by the individual (or their spokesperson) or subsequent allegations of constructive dismissal for a perceived ‘outing’ of the individual or their conduct rendering it impossible for them to return to work. 19.32 These are delicate balances to strike and there is no easy solution but good planning and early recognition of these risks is important. 19.33 At a practical level, a company can mitigate these risks by ensuring that affected individuals are given advance notice of any impending, significant public communication and, where appropriate, an indication of its content. If an individual is still an employee of the company then they will normally be bound by certain confidentiality obligations which should provide a level of protection against disclosure ahead of the company’s own communications roll-out. 19.34 Where an individual has instructed independent legal counsel then it is open to a company to share communication information on a without prejudice or common interest basis which maintains confidentiality but allows the individual an opportunity to obtain legal advice ahead of communication, and plan any response. This is generally used to best effect where there is no material divergence between the interests of the company and its employee. Where such divergence does exist or there is a real risk of divergence, a less expansive approach may be necessary.

Whistleblowers 19.35 Again, a good corporate communications strategy will also consider the interests of any whistleblower, whether or not they have chosen to disclose their identity. 19.36 Where the investigation or part of it has been prompted by a whistleblowing report, it is important to decide whether to communicate the investigative findings to the whistleblower before communicating it to a wider audience. This may be important to allow the whistleblower an opportunity to respond to any findings as well as ensuring they are prepared for the subsequent communication. 190

Listing Rules and obligation to disclose 19.43 19.37 Such a strategy is especially important where the whistleblower is a current employee and the proposed communication is the first occasion on which the wider employer company becomes aware of the events identified by the whistleblower. Managing the whistleblower’s reaction to any corporate communication can also mitigate the risk of an adverse response by the whistleblower. (As mentioned in Chapter 18, it is generally advisable to provide regular updates to a whistleblower over the course of an investigation to mitigate any future adverse response.)

Parliamentary enquiries, commissions and committees 19.38 If there is a risk of parliamentary scrutiny, particularly from the Treasury Select Committee, it is advisable to seek expert advice on the relevant rules for calling witnesses and compelling the production of information (and restrictions a company can insist upon with regards to the use of that information). 19.39 These are legal questions but they are also material to any communications strategy because requests are often published (along with responses) and hearings are generally in public. In these circumstances, it is prudent to ensure that a company is supported not only by legal expertise but also appropriate public relations expertise to manage any emerging risks.

Listing Rules and obligation to disclose 19.40 One stakeholder group which needs to be carefully considered in any corporate communications strategy is a company’s shareholders and investors. This is partly because a listed company has a general duty not to mislead the market. 19.41 However, more specifically for listed firms there are very particular rules concerning the disclosure of information which is or is likely to be price sensitive. Generally, a decision whether information meets the relevant legal and regulatory thresholds for disclosure will involve consultation with a legal expert – normally, a designated ‘Disclosure Counsel’ – and a market expert – normally, a designated broker. Most listed companies will be able to identify their designated Disclosure Counsel and broker. 19.42 In any investigation which involves issues that may be perceived as price sensitive it is critical to take legal advice and, potentially, soundings from the designated broker to ascertain whether a regulatory notification needs to be made. 19.43 Where the company instituting the investigation is a listed company and the matters under investigation are sufficiently serious or significant then it will be important for the investigator: • •

to establish the identity of the company’s Disclosure Counsel and, where none exists, to establish with the company who would be best placed to provide appropriate advice, should the need arise; and to assess whether an initial view is required from Disclosure Counsel to better understand whether the matters under investigation are sufficiently significant that they may be construed as price sensitive. 191

19.44  Press, PR and Corporate Communications strategy 19.44 It is also worth bearing in mind that, even if there is insufficient information to determine the significance of the matters under investigation, the fact of an investigation may, of itself, be sufficiently price sensitive to trigger a disclosure obligation. 19.45 Finally, if there is any doubt as to whether something is potentially price sensitive then the investigator should seek legal advice at the earliest opportunity. A failure to make a notification at the appropriate time can be hugely damaging to a company’s reputation and may result in regulatory censure.

192

Chapter 20

Customer complaints, the Financial Ombudsman Service and litigation risk 20.01

▶ ▶

This chapter considers:

Managing customer complaints in an investigation context. Managing litigation risk during the investigation.

Introduction 20.02 Although the handling of complaints and litigation is beyond the scope of a book on internal investigations, it is nevertheless important for an investigator, when conducting an investigation, to be mindful of two factors: (1) The risk that a complaint or legal claim may have a material bearing on the conduct and scope of the investigation. (2) The risk that their findings may have a material bearing on how a company responds to complaints and legal claims for compensation and redress arising from the issues under investigation. 20.03 As to the latter, the risk can often be most acute in a consumer-facing business where a company may need to respond to customer complaints and legal claims arising from a serious incident in tandem with undertaking its investigation into that incident. The position is often further-exacerbated where the company is a regulated firm and is legally required to respond to consumers within designated time frames. All of this means that an investigator may be under considerable pressure to conclude an investigation and report their findings within a tight timescale so that the company can swiftly reach a decision on how to respond to affected customers and whether to offer them redress. 20.04 For FCA-regulated firms, additional rules and requirements apply. These firms are subject to the rules laid down in the FCA’s Complaints Sourcebook: Dispute Resolution (known as the ‘DISP’ rules). The DISP rules require a regulated firm to investigate complaints competently, diligently and impartially, and assess the complaint fairly, consistently and promptly. They also contain requirements and guidelines for the circumstances where a complaint may be referred to the Financial Ombudsman Service (FOS). A failure to comply with these rules can, in itself, result in an investigation by the FCA and, where failings are identified, potentially lead to the imposition of a financial penalty.

193

20.05  Customer complaints, the Financial Ombudsman Service and litigation risk

The Financial Ombudsman Service Certain businesses are subject to the compulsory jurisdiction of the FOS, an independent body established by Parliament to resolve disputes between financial businesses and consumers, including micro-enterprises and small businesses. A business may also voluntarily submit to the FOS’s jurisdiction, if it wishes to take advantage of its services. Before the FOS can adjudicate on a complaint, the consumer must first give the business they are unhappy with the opportunity to look into the complaint itself. The business has a maximum of eight weeks to resolve the complaint. If they do not resolve it within eight weeks or the consumer is not happy with the response then they can refer the complaint to the ombudsman service. The FOS has the authority to request or require a company to offer financial compensation, correct a consumer’s credit file, or offer an apology, as a means of dispute resolution. 20.05 At the outset of and throughout an investigation, it is important the investigator stays alive to the risks of potential complaints or legal claims, and is aware of any claims that are made so the company can consider their impact on: (a) the issues under investigation; (b) the investigation itself; and (c) the company’s response to any claims or complaints.

Impact on the investigation 20.06 As to the impact on the investigation and how it is manifested, a claim or complaint may contain information which is vital to understanding the seriousness or significance of the issues that are being investigated. The more serious the allegation made against the company the more relevant this will be to the scope of the investigation and what evidence the investigator needs to consider. 20.07 Similarly, allegations of sufficient significance will be highly relevant to the company’s assessment of its obligations to notify authorities, regulators and the financial markets (where a company is publicly listed). The more significant the allegation the more likely the company’s notification obligations will be triggered. 20.08 •

• •

The question of what is ‘significant’ may be determined by either:

the allegations made in a single complaint, where this alleges harm of a certain magnitude or seriousness, for example a claim for £10 million in damages or an allegation that sensitive personal data has been stolen, such as medical health records; or the volume of allegations made about the same or similar issues, such as happened in the case of mis-selling of payment protection insurance (PPI); or a combination of both of the above.

20.09 A  couple of examples may assist in understanding this point further and consequently how best to manage the risk: 194

Impact on company’s response to claims 20.15 (1) In relation to a data security breach, where a company has concluded there was no serious risk to consumers then any subsequent complaint which included first hand evidence of significant personal harm would be evidence to the contrary and could trigger a notification obligation to the Information Commissioner’s Office (the ICO). In turn, this evidence may influence the scope of the investigation – does it need to be broadened out to include other matters that may have been alleged in the complaint? – and it should prompt the investigator to pause and consider whether additional evidence, not previously considered relevant, is required to conclude their analysis of the issues. (2) A similar set of issues arise where a bank has assessed the significance of an incident at the outset of an investigation and concluded there is no reportable suspicion of money laundering. If it then received a pre-action letter which included allegations of financial crime by its customer then the bank would need to reappraise its assessment and whether the incident was now reportable. 20.10 Complaints and claims can therefore be a relevant source of information for the investigator in better understanding the fact pattern, whether the investigation has been scoped appropriately, and whether their analysis of the risks to the company are sound.

Impact on company’s response to claims 20.11 It will be apparent from the introduction to this chapter that handling complaints about an issue and conducting an investigation into that issue often happen in parallel. It is important therefore that the investigating team and the company’s complaints or claims handling team are actively coordinating to manage the company’s risk. 20.12 A  similar point applies in relation to communications more generally, particularly communications with consumers. This latter point is considered in more detail in Chapter 19 on Corporate Communications. 20.13 Where a company anticipates complaints or is in receipt of complaints about the issues under investigation then it will need to coordinate with the investigators to ensure the content of any response to complainants is accurate and does not inadvertently prejudice the outcome of the investigation, or the company’s defence to any legal claims in the event the complainant brings court proceedings. 20.14 For regulated firms, the importance of accuracy is paramount because of the risk of follow-on regulatory action against the firm if it misleads customers, inadvertently or otherwise, about the issues and their impact on the customer. Similarly, any inaccurate statements made to customers are useful ammunition in any legal claim because they can prejudice the court’s view of the defendant company’s conduct. 20.15 For an FCA-regulated firm, not only does it need to ensure the content of its response is accurate but it must also ensure the response is clear and fair. These principles of clarity and fairness may mean providing information about the status of the firm’s enquiries into the issues as well as acknowledging organisational failings 195

20.16  Customer complaints, the Financial Ombudsman Service and litigation risk or apologising for upset caused. In other words, making statements which, in a litigation context, could be potentially construed as an admission of liability. Where that is the case, a firm will need to take care to ensure appropriate context and caveats are provided in its correspondence to manage the litigation risk. 20.16 It will be apparent from the above, therefore, that maintaining clear lines of communication between the investigator and the company’s claims handlers is critical in order to best manage the company’s risk.

Practical steps for investigators in relation to complaints risk 20.17 With these issues in mind, here are some practical steps for investigators to consider in order to mitigate a company’s risk around complaints and legal claims: • •

• •





Identify a key point contact within the company’s customer relations team for future liaison with the investigation team. Provide customer relations representative with a briefing of issues and regular briefings on progress through an investigation so they are aware of when they might need to modify or adapt their responses to complaints to reflect developments in the investigation or changes to the evidential picture. Work with customer relations to agree timing for any customer communications exercise and/or production of a template for draft responses to customer enquiries. Agree the contents of a customer communications pack (see also Chapter 19 on Corporate Communications) with appropriate information. This can be reactive – responding to any complaints that do emerge – or proactive – in the form of a customer outreach programme designed to tackle the issues at the earliest opportunity and remediate customers where appropriate. For any reactive pack, it is important to ensure the templates are appropriately worded so they meet the relevant regulatory requirements, particularly: – the need to ensure communications are clear, fair and not misleading; and – observing the specific complaints handling procedure and timetable for responses set down in the DISP rules (maximum eight weeks before a firm must provide the customer with the right to refer their complaint to the FOS). At the same time, care needs to be taken to ensure customer communications do not prejudice either: (1) any ongoing investigation; or (2) any potential defence a firm may have in the event of court proceedings. On the latter, it is advisable to seek legal advice if there is a risk of litigation.

Managing litigation risk 20.18 In the event the company concludes there is a reasonable prospect of litigation or court proceedings have been threatened, then the investigator may wish to introduce additional protocols for the handling of evidence and its communications, 196

Delaying the progress of complaints or litigation 20.23 for example with the decision-making body responsible for oversight of the investigation. 20.19 As explained in Chapter 15 on legal professional privilege, if litigation is in reasonable contemplation then the company may avail itself of the protections afforded by litigation privilege in order to undertake its enquiries without the risk that its communications and work product generated by those enquiries will end up in the hands of claimants. Where this is the case, the investigator should reassess the communications framework in place, including the personnel involved to determine whether it remains fit for purpose or ought to be enhanced. 20.20 Similarly, where the risk of litigation has materialised, the investigator will need to give thought to how their findings are presented to avoid inadvertently prejudicing the company’s response to alleged legal claims. For instance, a finding of fault by individual personnel or a failing in a company’s systems would most likely be materially damaging to the company’s ability to defend claims or negotiate a commercial settlement to those claims. The need for careful drafting is an important consideration even if the investigator has concluded the report is protected from disclosure by virtue of litigation privilege. Practical guidance on drafting and navigating these issues is contained in more detail at Chapter 12 on documenting work and preparing reports.

Delaying the progress of complaints or litigation 20.21 Whilst this chapter focusses on the most common situation of complaints and litigation being pursued in tandem with the underlying investigation, it is worth noting that a company may have the option of delaying complaints or claims pending the conclusion of its investigation. A delay is not always easy to secure – the bar for granting a delay is a relatively high one, where the courts are concerned. Nevertheless, it is an important consideration where a company has identified a systemic issue and it needs time to properly investigate and adequately identify the harm caused, for example the number of impacted individuals and the level of impact on them, before reaching a conclusion as to the appropriate course of action to remedy the harm. 20.22 In most cases, a company will not be in a position to seek a delay unless formal proceedings have been commenced against the company in the courts or a formal complaint has been lodged with the FOS. Where court proceedings are commenced, a company may apply to the court to stay proceedings pending conclusion of its investigation and/or any regulatory settlement. The grounds for granting a stay broadly require the firm to show that it will be unreasonably prejudiced in the event the proceedings continue before it has concluded its investigation. The prejudice contemplated here might be prejudice to the investigation itself, for example placing undue burden on the company’s resources to investigate and respond to the claim at the same time, or prejudice to the company’s defence of the claim. 20.23 Similarly, where an individual complains to the FOS, a firm may ask the FOS to agree to extend the period for reaching a decision pending conclusion of the firm’s investigation. The FOS is far more likely to entertain such a request in circumstances where there are high levels of similar complaints made against the 197

20.24  Customer complaints, the Financial Ombudsman Service and litigation risk company in respect of the same issue, as was the case in relation to the mis-selling of payment protection insurance, and the FOS considers complainants may receive a better outcome if the company is given time to conclude its investigation before determining its response. 20.24 In both instances, it is advisable to seek expert legal advice before taking any such steps.

198

Index [all references are to paragraph number]

ACAS Code of Practice employee disciplinary proceedings, and, 16.09–16.14 Accountability decision-making, and, 4.17–4.18 investigating senior management, and, 17.11–17.13 Admissibility of evidence investigation process, and, 2.06–2.11 Advance sharing witness evidence, and, 9.89–9.91 Advanced analytics data and document reviews, and, 8.35– 8.37 Attribution investigations corporate criminal liability, 17.21–17.31 generally, 17.05 Audio files data and document reviews, and, 8.32– 8.33 Audio-recording witness evidence, and, 9.105–9.107 Authority decision-making, and, 4.17–4.18 Blame investigation process, and, 2.05 Bundles witness evidence, and, 9.86–9.88 CCTV recordings preservation of evidence, and, 7.15 Chatrooms data and document reviews, and, 8.34 Chronologies documenting work and findings, 12.05– 12.11 Clearance levels investigation process, and, 3.27–3.32 Closing statements witness evidence, and, 11.21–11.26 Closure of investigation approval of report and recommendations, 12.38–12.42 disclosure of report to authority or regulator, 12.55–12.57 next steps, 12.43 project management documents, 12.51

Closure of investigation – contd retention of records, 12.44 security of documents generated, 12.49– 12.50 third party documents, 12.52–12.54 use of findings for additional purposes, 12.45–12.48 Codes of practice deferred prosecution agreements, and, 14.25–14.26 employee disciplinary proceedings, and, 16.09–16.14 Common interest privilege generally, 15.51–15.54 Communications risk immediate priorities, and, 3.53–3.60 Communications strategy accuracy of communications, 19.08 commissions and committees, 19.38– 19.39 communications ‘playbook’, 19.23–19.29 confidentiality, 19.33–19.34 customer-facing communications, 19.09 employee communications, 19.14–19.16 employees under investigation, and, 19.30–19.34 expert testing, 19.08 former employee communications, 19.30–19.34 importance, 19.02–19.04 initial steps additional considerations, 19.08–19.13 recipients of communications, 19.05– 19.07 internal communications, 19.09 investigation of employees, and, 19.06 leak strategy, 19.17–19.22 Listing Rules, 19.40–19.45 meaning, 19.02 method of communications, 19.08–19.11 overview, 19.01 Parliamentary enquiries, commissions and committees, 19.38–19.39 ‘playbook’, 19.23–19.29 Regulatory Notification Service (RNS), 19.25

199

Index Communications strategy – contd timing of communications, 19.12 whistleblowers, 19.35–19.37 Competition investigations privilege, 15.62 Complaint management data security breaches, 20.09 financial services, and, 20.04 impact on investigation, 20.06–20.09 impact on response to claims, 20.11– 20.16 introduction, 20.02–20.05 overview, 20.01 practical steps, 20.17 Conduct investigations investigating senior management, and, 17.06–17.10 Confidentiality client data and information disclosure to regulators, 15.31–15.34 generally, 15.23–15.27 inside information, 15.28–15.30 common interest privilege, 15.51–15.54 company information, 15.09–15.12 competition investigations, in, 15.62 disclosure to regulators generally, 15.31–15.33 other jurisdictions, 15.34 general duty, 15.02–15.08 immediate priorities, and, 3.38–3.52 importance, 15.41–15.42 inside information, 15.28–15.30 joint interest privilege, 15.46–15.50 legal advice privilege, 15.43 legal professional privilege background, 15.36 claimants, 15.38–15.40 importance, 15.41–15.42 in-house lawyers, 15.40 introduction, 15.35 ‘lawyer’, 15.39 meaning, 15.36 privileged communications, 15.37 litigation privilege, 15.44–15.45 loss of privilege, 15.58–15.59 maintenance of contacts, 3.51–3.52 maintenance of list, 3.50 non-disclosure memorandum consequences of breach, 3.44–3.46 general obligations, 3.39–3.41 introduction, 3.38 legal obligations, 3.42–3.43 regulatory obligations, 3.42–3.43 third parties, and, 3.48–3.49 timing of issuance, 3.47

Confidentiality – contd overview, 15.01 personal data definition, 15.15–15.17 introduction, 15.13–15.14 meaning, 15.15–15.17 statutory regime, 15.18–15.22 privilege common interest privilege, 15.51–15.54 EU competition investigations, in, 15.62 joint interest privilege, 15.46–15.50 legal advice privilege, 15.43 legal professional privilege, 15.35– 15.42 litigation privilege, 15.44–15.45 outside of England and Wales, 15.63– 15.64 regulatory investigations, in, 15.60– 15.61 waiver or loss of, 15.58–15.59 without prejudice privilege, 15.55– 15.57 proprietary corporate information, 15.09– 15.12 regulatory disclosure generally, 15.31–15.33 other jurisdictions, 15.34 privilege, 15.60–15.61 third parties, and, 3.48–3.49 types, 15.08 waiver of privilege, 15.58–15.59 whistleblowing, and, 18.21 without prejudice privilege, 15.55–15.57 Co-operation interviews, and, 9.84–9.85 regulatory disclosure, and, 13.47 Co-operation with authorities and regulators conclusion, 14.53–14.54 considerations, 14.20–14.35 cost, 14.45 deferred prosecution agreements Code of Practice, 14.25–14.26 continuing co-operation, 14.27–14.29 features, 14.19 generally, 14.18 introduction, 14.06–14.10 meaning, 14.18 operation, 14.21–14.24 statutory basis, 14.20 definition, 14.11–14.12 engagement in public tendering, 14.45 features genuine assistance, 14.16–14.17

200

Index Co-operation with authorities and regulators – contd features – contd introduction, 14.11–14.12 timely self-reporting, 14.13–14.15 future impact, 14.50 genuine assistance, 14.16–14.17 insight into investigatory progress, 14.45 introduction, 14.02–14.05 loss of control, 14.47–14.49 overview, 14.01 penalties generally, 14.51–14.52 reduction, 14.37–14.40 public tendering, 14.45 regulatory disclosure, and, 13.47 reputational impact, 14.41–14.44 risks and rewards cost, 14.45 engagement in public tendering, 14.45 future impact, 14.50 insight into investigatory progress, 14.45 introduction, 14.36 loss of control, 14.47–14.49 penalties, 14.51–14.52 reduction of penalties, 14.37–14.40 reputational impact, 14.41–14.44 risk-detriment appraisal, 14.46 status of company, 14.30–14.35 timely self-reporting, 14.13–14.15 Corporate communications strategy accuracy of communications, 19.08 commissions and committees, 19.38– 19.39 communications ‘playbook’, 19.23–19.29 confidentiality, 19.33–19.34 customer-facing communications, 19.09 employee communications, 19.14–19.16 employees under investigation, and, 19.30–19.34 expert testing, 19.08 former employee communications, 19.30–19.34 importance, 19.02–19.04 initial steps additional considerations, 19.08–19.13 recipients of communications, 19.05– 19.07 internal communications, 19.09 investigation of employees, and, 19.06 leak strategy, 19.17–19.22 Listing Rules, 19.40–19.45 meaning, 19.02 method of communications, 19.08–19.11

Corporate communications strategy – contd overview, 19.01 Parliamentary enquiries, commissions and committees, 19.38–19.39 ‘playbook’, 19.23–19.29 Regulatory Notification Service (RNS), 19.25 timing of communications, 19.12 whistleblowers, 19.35–19.37 Corporate criminal liability ‘failure to prevent’ offences, 17.27–17.31 generally, 17.21–17.22 identity doctrine, 17.23–17.26 introduction, 17.05 Corporate governance decision-making, and accountability, 4.17–4.18 authority, 4.17–4.18 benefits of good governance, 4.03– 4.05 completion of remedial actions, 4.29–4.30 distinct from board or executive 4.19–4.20 external expectations for regulated firms, 4.31–4.33 independence, 4.09–4.16 introduction, 4.02 legal privilege, 4.23–4.27 objectivity, 4.09–4.16 overview, 4.01 role of decision-maker, 4.06–4.08 selection of decision-maker, 4.21–4.22 timing, 4.28 importance of investigations, 1.04 Co-worker representation generally, 10.30–10.34 HR representatives, 10.35–10.36 Criminal liability ‘failure to prevent’ offences, 17.27–17.31 generally, 17.21–17.22 identity doctrine, 17.23–17.26 introduction, 17.05 Customer complaint management data security breaches, 20.09 financial services, and, 20.04 impact on investigation, 20.06–20.09 impact on response to claims, 20.11– 20.16 introduction, 20.02–20.05 overview, 20.01 practical steps, 20.17 Data and document reviews advanced analytics, 8.35–8.37

201

Index Data and document reviews – contd appropriate subject matter expertise, 8.39–8.41 audio files, 8.32–8.33 chatrooms, 8.34 conduct oversight, 8.45–8.49 platforms, 8.42 prioritisation, 8.50–8.51 protocol preparation and maintenance, 8.43–8.44 data preparation and culling, 8.26–8.28 defining population of data and documents, 8.04–8.05 digital forensic analysis, 8.38 disclosure of legally privileged material, 8.52–8.60 IM and chatrooms, 8.34 inadvertent disclosure of privileged material, 8.52–8.60 inclusion in review populations, 8.10–8.24 instant messaging, 8.34 introduction, 8.02–8.03 iterative approach, 8.06–8.09 legally privileged material, 8.52–8.60 oversight, 8.45–8.49 overview, 8.01 platforms, 8.42 population of evidence defining, 8.04–8.05 documents for inclusion, 8.10–8.24 iterative approach, 8.06–8.09 search terms, 8.14–8.18 using TAR, 8.19–8.24 prioritisation, 8.50–8.51 privileged material, 8.52–8.60 protocol preparation and maintenance, 8.43–8.44 scope, 8.02–8.03 search terms, 8.14–8.18 specialist expertise, 8.25–8.38 subject matter expertise, 8.39–8.41 Technology Assisted Review generally, 8.19–8.21 precision, 8.23–8.24 recall, 8.22 third party document specialists, 8.29– 8.31 Data culling data and document reviews, and, 8.26– 8.28 Data privacy preservation of evidence, and, 7.29–7.33 Data protection preservation of evidence, and, 7.34–7.37

Database access logs preservation of evidence, and, 7.15 Decision-makers independence and objectivity appropriateness, 4.13–4.16 generally, 4.09–4.12 role, 4.06–4.08 selection, 4.21–4.22 Decision-making accountability, 4.17–4.18 authority, 4.17–4.18 benefits of good governance, 4.03–4.05 completion of remedial actions, 4.29–4.30 distinct from board or executive 4.19–4.20 external expectations for regulated firms, 4.31–4.33 independence appropriateness, 4.13–4.16 generally, 4.09–4.12 introduction, 4.02 legal privilege, 4.23–4.27 objectivity appropriateness, 4.13–4.16 generally, 4.09–4.12 overview, 4.01 role of decision-maker, 4.06–4.08 selection of decision-maker, 4.21–4.22 Senior Managers and Certification Regime, 4.32 timing, 4.28 Deferred prosecution agreements (DPAs) Code of Practice, 14.25–14.26 continuing co-operation, 14.27–14.29 features, 14.19 generally, 14.18 introduction, 14.06–14.10 meaning, 14.18 operation, 14.21–14.24 regulatory disclosure, and, 13.47 statutory basis, 14.20 Deferred remuneration employee disciplinary proceedings, and ex-post risk adjustments, 16.30–16.41 freezing remuneration, 16.28–16.29 Destruction of evidence See also Preservation of evidence immediate priorities, and, 3.14–3.17 Digital and documentary evidence reviews advanced analytics, 8.35–8.37 appropriate subject matter expertise, 8.39–8.41 conduct, 8.42–8.51 data preparation and culling, 8.26–8.28 defining population of data and documents, 8.04–8.05

202

Index Digital and documentary evidence reviews – contd digital forensic analysis, 8.38 disclosure of legally privileged material, 8.52–8.60 inclusion in review populations, 8.10–8.24 introduction, 8.02–8.03 iterative approach, 8.06–8.09 oversight, 8.45–8.49 overview, 8.01 platforms, 8.42 prioritisation, 8.50–8.51 legally privileged material, 8.52–8.60 protocol preparation and maintenance, 8.43–8.44 review of audio files, 8.32–8.33 review of IM and chatrooms, 8.34 search terms, 8.14–8.18 specialist expertise, 8.25–8.38 subject matter expertise, 8.39–8.41 Technology Assisted Review, 8.19–8.24 third party document specialists, 8.29– 8.31 Digital forensic analysis data and document reviews, and, 8.38 Digital material See also Data and document reviews preservation of evidence, and off network, 7.16–7.18 on company network 7.12–7.15 Directors’ and Officers’ (D&O) liability insurance employee disciplinary proceedings, 16.42–16.45 insurer notification, 3.74–3.77 Disciplinary investigations ACAS Code of Practice, 16.09–16.14 contrast with internal investigations, 16.07–16.08 deferred awards ex-post risk adjustments, 16.30–16.41 freezing remuneration, 16.28–16.29 directors’ and officers’ liability insurance, 16.42–16.45 ex-post risk adjustments clawback, 16.33–16.34 determination by remuneration committees, 16.39–16.41 FCA-regulated firms, 16.35–16.38 generally, 16.31–16.32 introduction, 16.30 malus, 16.33 PRA-regulated firms, 16.35–16.38 types, 16.33–16.34 introduction, 16.02–16.06

Disciplinary investigations – contd overview, 16.01 process, 2.05 representation D&O insurance, 16.42–16.45 interviews, at, 10.26–10.29 risks with hearings, 16.15–16.21 suspension of employee, 16.22–16.27 suspension of deferred awards, 16.28– 16.29 Disclosure of legally privileged material data and document reviews, and, 8.52– 8.60 Disclosure to regulators and authorities closure of investigation, and, 12.55–12.57 co-operation credit, 13.47 deferred prosecution agreements, 13.47 influence of regulator on scope of investigation, 13.28–13.32 initial steps contents, 13.15–13.17 generally, 13.03–13.05 legal obligation arises, where, 13.10– 13.14 proactive approach, 13.06–13.09 procedural methods, 13.18–13.22 interviews, 13.35–13.41 introduction, 13.02 investigation reports, 13.37–13.41 liability opinions, 13.42–13.44 ongoing relationship, 13.23–13.27 overview, 13.01 privilege, 13.37–13.41 provision of evidence to regulator, 13.34 regulatory breach opinions, 13.42–13.44 related investigation by regulator or prosecuting agency, where, 13.45– 13.46 updating regulator on progress, 13.33 Document-hold notices immediate priorities, and, 3.67–3.70 Document interviews generally, 9.34–9.37 Documenting work and findings chronologies, 12.05–12.11 dramatis personae, 12.12–12.16 generally, 12.02–12.04 introduction, 2.21 notes of interview, 12.17–12.18 overview, 12.01 Dramatis personae documenting work and findings, 12.12– 12.16 Emails preservation of evidence, and, 7.15

203

Index Employee correspondence preservation of evidence, and, 7.29–7.33 Employee disciplinary proceedings ACAS Code of Practice, 16.09–16.14 contrast with internal investigations, 16.07–16.08 deferred awards ex-post risk adjustments, 16.30–16.41 freezing remuneration, 16.28–16.29 directors’ and officers’ liability insurance, 16.42–16.45 ex-post risk adjustments clawback, 16.33–16.34 determination by remuneration committees, 16.39–16.41 FCA-regulated firms, 16.35–16.38 generally, 16.31–16.32 introduction, 16.30 malus, 16.33 PRA-regulated firms, 16.35–16.38 types, 16.33–16.34 introduction, 16.02–16.06 overview, 16.01 process, 2.05 representation D&O insurance, 16.42–16.45 interviews, at, 10.26–10.29 risks with hearings, 16.15–16.21 suspension of deferred awards, 16.28– 16.29 suspension of employee, 16.22–16.27 Evidence digital and documentary reviews advanced analytics, 8.35–8.37 appropriate subject matter expertise, 8.39–8.41 conduct, 8.42–8.51 data preparation and culling, 8.26–8.28 defining population of data and documents, 8.04–8.05 digital forensic analysis, 8.38 disclosure of legally privileged material, 8.52–8.60 inclusion in review populations, 8.10–8.24 introduction, 8.02–8.03 iterative approach, 8.06–8.09 legally privileged material, 8.52–8.60 oversight, 8.45–8.49 overview, 8.01 platforms, 8.42 prioritisation, 8.50–8.51 privileged material, 8.52–8.60 protocol preparation and maintenance, 8.43–8.44

Evidence – contd digital and documentary reviews – contd review of audio files, 8.32–8.33 review of IM and chatrooms, 8.34 search terms, 8.14–8.18 specialist expertise, 8.25–8.38 subject matter expertise, 8.39–8.41 Technology Assisted Review, 8.19– 8.24 third party document specialists, 8.29–8.31 investigating senior management, 17.14– 17.20 preservation consideration of personal issues, 7.24–7.37 data privacy, 7.29–7.33 data protection, 7.34–7.37 determining evidence to be protected, 7.07–7.10 digital material off network, 7.16–7.18 digital material on company network 7.12–7.15 employee correspondence, 7.29–7.33 hard copy documents, 7.19–7.23 identification of relevant evidence, 7.02–7.06 introduction, 2.21 overview, 7.01 personal information, 7.29–7.33 personal property issues, 7.26–7.28 sources of material, 7.11–7.23 Expertise independent regulation, 5.18 investigators, of external, 5.17–5.21 internal, 5.13–5.16 introduction, 5.11–5.12 legal privilege, 5.19 review of witness evidence, 11.33 technical expertise, 5.20 Ex-post risk adjustments clawback, 16.33–16.34 determination by remuneration committees, 16.39–16.41 FCA-regulated firms, 16.35–16.38 generally, 16.31–16.32 introduction, 16.30 malus, 16.33 PRA-regulated firms, 16.35–16.38 types, 16.33–16.34 Fact-gathering investigation process, and, 2.03–2.04 Financial Conduct Authority (FCA) benefits of investigations, 1.05

204

Index Flash drives preservation of evidence, and, 7.16 Foreign-based employees interviews, and, 10.71–10.73 Former employees interviews, and, 10.64–10.70 Hard copy documents preservation of evidence, and, 7.19–7.23 Hard drives preservation of evidence, and, 7.16 HR representation interviews, and, 10.35–10.36 IM and chatrooms data and document reviews, and, 8.34 Inadvertent disclosure of privileged material data and document reviews, and, 8.52– 8.60 Independence decision-making, and appropriateness, 4.13–4.16 generally, 4.09–4.12 investigators, of, 5.06–5.10 Informed decision-making investigation process, and, 2.12–2.15 Instant messaging data and document reviews, and, 8.34 Insurers notifications D&O liability insurance, 3.74–3.77 general insurance, 3.72–3.73 introduction, 3.71 Internal investigations See also Disciplinary investigations benefits, 1.05–1.08 closure of investigation, 12.38–12.57 conduct of interviews, 10.01–10.73 confidentiality, 15.01–15.64 co-operation with regulatory authorities, 14.01–14.54 decision-making, 4.01–4.33 digital and documentary evidence, 8.01–8.60 disclosure to regulatory authorities, 13.01–13.47 documenting work and findings, 12.01– 12.18 immediate priorities, 3.01–3.77 importance, 1.04 interviews conduct, 10.01–10.73 generally, 9.01–9.107 note-taking, 11.01–11.35 introduction, 1.01–1.03 investigators, 5.01–5.21

Internal investigations – contd preparation of investigation report, 12.19–12.37 preservation of evidence, 7.01–7.37 process, 2.01–2.23 purpose, 1.04 scoping and planning, 6.01–6.38 senior management, involving, 17.01– 17.31 taking notes during interviews, 11.01– 11.35 whistleblowing, and, 18.01–18.23 Interviews acceptance of terms, 10.07–10.16 additional interviews, 11.31–11.32 advance sharing, 9.89–9.91 attendees on behalf of company/employer 9.49–9.56 attendees on behalf of employee, 9.57– 9.60 attendees other than interviewer, 9.48 audio-recording, 9.105–9.107 bundles, 9.86–9.88 closing statements, 11.21–11.26 conduct acceptance of terms, 10.07–10.16 foreign-based employees, and, 10.71– 10.73 former employees, and, 10.64–10.70 legal privilege, 10.03–10.06 legal representation, 10.37–10.50 opening statements, 10.01–10.16 representation, 10.17–10.36 right against self-incrimination, 10.51– 10.57 third parties, and, 10.64–10.70 whistleblowing investigations, in, 10.58–10.63 co-operation duty, 9.84–9.85 core questions, 9.100–9.104 co-worker representation generally, 10.30–10.34 HR representatives, 10.35–10.36 document interviews, 9.34–9.47 duration, 9.78–9.79 expert review of witness evidence, 11.33 foreign-based employees, of, 10.71–10.73 former employees, of, 10.64–10.70 generally, 2.21 HR representation, 10.35–10.36 introduction, 9.02–9.13 legal representation company precedent, 10.43 contractual entitlement, 10.42 exceptions to general rule, 10.41–10.50

205

Index Interviews – contd legal representation – contd general rule, 10.37–10.40 risk of investigation by external authority, where, 10.44–10.50 legally privileged interviews, 10.03–10.06 location, 9.65–9.68 note-taking best practice, 11.01–11.06 timely preparation of final version, 11.07–11.09 use for non-investigatory purposes, 11.10–11.13 number per witness, 9.76–9.77 opening statements acceptance of terms, 10.07–10.16 generally, 10.01–10.02 legal privilege, 10.03–10.06 order of, 9.69–9.75 outline of questions, 9.92–9.99 overview, 9.01 post-interview steps additional interviews, 11.31–11.32 expert review of witness evidence, 11.33 introduction, 11.27–11.28 review of evidence, 11.29–11.30 updating witnesses on progress, 11.34– 11.35 preliminary interviews, 9.19–9.33 preparation, 9.80–9.83 purpose, 9.02 putting others’ evidence to witness, 11.16–11.20 question preparation, 9.92–9.104 questioning closing statements, 11.21–11.26 ‘golden’ rules, 11.14–11.15 putting others’ evidence to witness, 11.16–11.20 recording, 9.105–9.107 regulatory disclosure, and, 13.35–13.41 relevant interviewees, 9.04–9.08 representation co-workers, by, 10.30–10.36 disciplinary process, and, 10.26–10.29 generally, 10.17–10.25 HR representatives, by, 10.35–10.36 lawyers, by, 10.37–10.50 union representatives, by, 10.30–10.34 review of witness evidence additional interviews, 11.31–11.32 expert, 11.33 generally, 11.29–11.30 introduction, 11.27–11.28

Interviews – contd right against self-incrimination, 10.51– 10.57 risk of investigation by external authority, where, 10.44–10.50 sharing evidence in advance, 9.89–9.91 taking notes best practice, 11.01–11.06 timely preparation of final version, 11.07–11.09 use for non-investigatory purposes, 11.10–11.13 third parties, of, 10.64–10.70 timing, 9.61–9.64 union representation, 10.30–10.34 updating witnesses on progress of investigation, 11.34–11.35 whistleblowing investigations, in other persons, with, 10.60–10.63 whistleblowers, with, 10.58–10.59 witnesses of fact or subject of investigation, 9.14–9.18 Investigation process admissibility of evidence, 2.06–2.11 approach, 2.16–2.20 approval of report and recommendations, 12.38–12.42 chronologies, 12.05–12.11 clearance levels, 3.27–3.32 closure of investigation approval of report and recommendations, 12.38–12.42 disclosure of report to authority or regulator, 12.55–12.57 next steps, 12.43 project management documents, 12.51 retention of records, 12.44 security of documents generated, 12.49–12.50 third party documents, 12.52–12.54 use of findings for additional purposes, 12.45–12.48 communications risk, 3.53–3.60 confidentiality, 3.38–3.52 decision-making accountability, 4.17–4.18 authority, 4.17–4.18 benefits of good governance, 4.03–4.05 completion of remedial actions, 4.29–4.30 distinct from board or executive 4.19–4.20 external expectations for regulated firms, 4.31–4.33 independence, 4.09–4.16

206

Index Investigation process – contd decision-making – contd introduction, 4.02 legal privilege, 4.23–4.27 objectivity, 4.09–4.16 overview, 4.01 role of decision-maker, 4.06–4.08 selection of decision-maker, 4.21–4.22 timing, 4.28 destruction of evidence, 3.14–3.17 digital and documentary evidence reviews advanced analytics, 8.35–8.37 appropriate subject matter expertise, 8.39–8.41 conduct, 8.42–8.51 data preparation and culling, 8.26–8.28 defining population of data and documents, 8.04–8.05 digital forensic analysis, 8.38 disclosure of legally privileged material, 8.52–8.60 inclusion in review populations, 8.10–8.24 introduction, 8.02–8.03 iterative approach, 8.06–8.09 oversight, 8.45–8.49 overview, 8.01 platforms, 8.42 prioritisation, 8.50–8.51 legally privileged material, 8.52–8.60 protocol preparation and maintenance, 8.43–8.44 review of audio files, 8.32–8.33 review of IM and chatrooms, 8.34 search terms, 8.14–8.18 specialist expertise, 8.25–8.38 subject matter expertise, 8.39–8.41 Technology Assisted Review, 8.19–8.24 third party document specialists, 8.29–8.31 disciplinary proceedings, 2.05 disclosure of report to authority or regulator, 12.55–12.57 document-hold notices, 3.67–3.70 documenting work and findings chronologies, 12.05–12.11 dramatis personae, 12.12–12.16 generally, 12.02–12.04 introduction, 2.21 notes of interview, 12.17–12.18 overview, 12.01 dramatis personae, 12.12–12.16 fact-gathering, 2.03 identification of stakeholders, 3.19–3.27

Investigation process – contd immediate priorities clearance levels, 3.27–3.32 communications risk, 3.53–3.60 confidentiality, 3.38–3.52 destruction of evidence, 3.14–3.17 document-hold notices, 3.67–3.70 identification of stakeholders, 3.19– 3.27 initial procedural steps, 3.18 introduction, 3.02–3.06 management reporting risks, 3.61–3.66 notifications to insurers, 3.71–3.77 ongoing behaviour, where, 3.07–3.17 overview, 3.01 preservation of evidence, 3.14–3.17 record of individuals briefed, 3.28–3.37 informed decision-making, 2.12–2.15 initial procedural steps, 3.18 interviews advance sharing, 9.89–9.91 attendees on behalf of company/ employer 9.49–9.56 attendees on behalf of employee, 9.57–9.60 attendees other than interviewer, 9.48 audio-recording, 9.105–9.107 bundles, 9.86–9.88 conduct, 10.01–10.63 co-operation duty, 9.84–9.85 core questions, 9.100–9.104 document interviews, 9.34–9.47 duration, 9.78–9.79 generally, 2.21 introduction, 9.02–9.13 location, 9.65–9.68 note-taking, 11.01–11.13 number per witness, 9.76–9.77 order of, 9.69–9.75 outline of questions, 9.92–9.99 overview, 9.01 post-interview steps, 11.27–11.35 preliminary interviews, 9.19–9.33 preparation, 9.80–9.83 purpose, 9.02 question preparation, 9.92–9.104 questioning, 11.14–11.26 recording, 9.105–9.107 relevant interviewees, 9.04–9.08 sharing evidence in advance, 9.89–9.91 taking notes, 11.01–11.13 timing, 9.61–9.64 witnesses of fact or subject of investigation, 9.14–9.18 introduction, 2.02–2.15

207

Index Investigation process – contd investigators expertise, 5.11–5.21 external expertise, 5.17–5.21 independence, 5.06–5.10 internal expertise, 5.13–5.16 introduction, 5.02–5.05 overview, 5.01 relevant expertise, 5.11–5.12 selection, 5.06–5.10 key stages, 2.21–2.23 notes of interview, 12.17–12.18 management reporting risks, 3.61–3.66 notifications to insurers, 3.71–3.77 ongoing behaviour, where, 3.07–3.17 plan contents, 6.30–6.36 introduction, 6.02–6.04 overview, 6.01 preparation, 6.23–6.27 project management tools, 6.37–6.38 review prior to execution, 6.28 scope of investigation, and, 6.05–6.22 unpredictable events, 6.29 preparation of investigation report contents, 12.31–12.32 final considerations, 12.37 identifying the audience/recipients, 12.21–12.26 introduction, 2.21 objectives of investigation, 12.20 presentation, 12.27–12.30 scope of investigation, 12.19 style, 12.33–12.36 preservation of evidence consideration of personal issues, 7.24–7.37 data privacy, 7.29–7.33 data protection, 7.34–7.37 determining evidence to be protected, 7.07–7.10 digital material off network, 7.16–7.18 digital material on company network 7.12–7.15 employee correspondence, 7.29–7.33 hard copy documents, 7.19–7.23 identification of relevant evidence, 7.02–7.06 immediate priorities, 3.14–3.17 introduction, 2.21 overview, 7.01 personal information, 7.29–7.33 personal property issues, 7.26–7.28 sources of material, 7.11–7.23 project management documents, 12.51

Investigation process – contd purpose, 2.16 reasonable steps, 2.12 recommendations, 2.21 record of individuals briefed, 3.28–3.37 reliability of evidence, 2.06–2.11 report of investigation contents, 12.31–12.32 final considerations, 12.37 identifying the audience/recipients, 12.21–12.26 introduction, 2.21 objectives of investigation, 12.20 presentation, 12.27–12.30 scope of investigation, 12.19 style, 12.33–12.36 retention of records, 12.44 review of evidence, 2.21 scope approval, 6.13 authority for investigation, 6.05–6.09 deadlines, 6.12 definition, 6.02 generally, 2.17–2.20 introduction, 6.02–6.04 monitoring, 6.14–6.17 overview, 6.01 post-completion review, 6.21–6.22 production of document to third party, 6.18–6.20 reporting body or individual, 6.10–6.11 review, 6.14–6.17 timing, 6.12 security of documents generated, 12.49– 12.50 senior management, involving accountability, 17.11–17.13 attribution, 17.05 conduct, 17.06–17.10 corporate criminal liability, and, 17.21– 17.31 evidence, 17.14–17.20 generally, 17.02–17.04 overview, 17.01 types of investigations, 17.05–17.13 stages, 2.21–2.23 third party documents, 12.52–12.54 use of findings for additional purposes, 12.45–12.48 Investigation reports contents, 12.31–12.32 final considerations, 12.37 identifying the audience/recipients, 12.21–12.26 introduction, 2.21

208

Index Investigation reports – contd objectives of investigation, 12.20 presentation, 12.27–12.30 regulatory disclosure, and, 13.37–13.41 scope of investigation, 12.19 style, 12.33–12.36 Investigations involving senior staff accountability, 17.11–17.13 attribution corporate criminal liability, 17.21– 17.31 generally, 17.05 conduct, 17.06–17.10 considerations accountability, 17.11–17.13 attribution, 17.05 conduct, 17.06–17.10 introduction, 17.05 corporate criminal liability, and ‘failure to prevent’ offences, 17.27– 17.31 generally, 17.21–17.22 identity doctrine, 17.23–17.26 introduction, 17.05 evidence, 17.14–17.20 generally, 17.02–17.04 mis-selling products, 17.11–17.13 organisational failings, 17.11–17.13 overview, 17.01 records to be examined, 17.14–17.20 specific behaviour, 17.06–17.10 systemic misconduct, 17.11–17.13 types, 17.05–17.13 Investigators expertise external, 5.17–5.21 internal, 5.13–5.16 introduction, 5.11–5.12 independence, 5.06–5.10 introduction, 5.02–5.05 overview, 5.01 relevant expertise, 5.11–5.12 selection, 5.06–5.10 Joint interest privilege generally, 15.46–15.50 Legal advice privilege generally, 15.43 Legal professional privilege background, 15.36 claimants, 15.38–15.40 decision-making, and, 4.23–4.27 external experts, and, 5.19 importance, 15.41–15.42 inadvertent disclosure of privileged material, 8.52–8.60

Legal professional privilege – contd in-house lawyers, 15.40 introduction, 15.35 ‘lawyer’, 15.39 meaning, 15.36 privileged communications, 15.37 witness interviews, and, 10.03–10.06 Legal representation company precedent, 10.43 contractual entitlement, 10.42 exceptions to general rule, 10.41–10.50 general rule, 10.37–10.40 risk of investigation by external authority, where, 10.44–10.50 Liability opinions regulatory disclosure, and, 13.42–13.44 Litigation management delaying progress, 20.21–20.24 generally, 20.18–20.20 Litigation privilege generally, 15.44–15.45 Management of risk customer complaints data security breaches, 20.09 financial services, and, 20.04 impact on investigation, 20.06–20.09 impact on response to claims, 20.11– 20.16 introduction, 20.02–20.05 overview, 20.01 practical steps, 20.17 litigation delaying progress, 20.21–20.24 introduction, 20.18–20.20 Management reporting immediate priorities, and, 3.61–3.66 Messaging systems preservation of evidence, and, 7.15 Mis-selling products investigating senior management, and, 17.11–17.13 Mobile devices preservation of evidence, and, 7.16 Non-disclosure memorandum consequences of breach, 3.44–3.46 general obligations, 3.39–3.41 introduction, 3.38 legal obligations, 3.42–3.43 regulatory obligations, 3.42–3.43 third parties, and, 3.48–3.49 timing of issuance, 3.47 Notes of interview best practice, 11.01–11.06 documenting work and findings, 12.17– 12.18

209

Index Notes of interview – contd timely preparation of final version, 11.07–11.09 use for non-investigatory purposes, 11.10–11.13 Notifications insurers, to, 3.71–3.77 Objectivity decision-making, and appropriateness, 4.13–4.16 generally, 4.09–4.12 Ongoing behaviour investigation process, and, 3.07–3.17 Opening statements acceptance of terms, 10.07–10.16 generally, 10.01–10.02 legal privilege, 10.03–10.06 Organisational failings investigating senior management, and, 17.11–17.13 Penalties co-operation with regulators, and generally, 14.51–14.52 reduction, 14.37–14.40 Personal data confidentiality definition, 15.15–15.17 introduction, 15.13–15.14 meaning, 15.15–15.17 statutory regime, 15.18–15.22 Personal devices preservation of evidence, and, 7.16 Personal information preservation of evidence, and, 7.29–7.33 Personal property preservation of evidence, and, 7.26–7.28 Phone logs preservation of evidence, and, 7.15 Planning investigations contents, 6.30–6.36 introduction, 6.02–6.04 overview, 6.01 preparation, 6.23–6.27 project management tools, 6.37–6.38 review prior to execution, 6.28 scope of investigation, and, 6.05–6.22 unpredictable events, 6.29 Preliminary interviews generally, 9.19–9.29 subject of investigation, with, 9.30–9.33 Preparation of investigation report contents, 12.31–12.32 final considerations, 12.37 identifying the audience/recipients, 12.21–12.26

Preparation of investigation report – contd introduction, 2.21 objectives of investigation, 12.20 presentation, 12.27–12.30 scope of investigation, 12.19 style, 12.33–12.36 Preservation of evidence approach, 7.09 CCTV recordings, 7.15 consideration of personal issues, 7.24– 7.37 custodians, by, 7.09–7.10 data privacy, 7.29–7.33 data protection, 7.34–7.37 database access logs, 7.15 determining evidence to be protected, 7.07–7.10 digital material off network, 7.16–7.18 on company network 7.12–7.15 emails, 7.15 employee correspondence, 7.29–7.33 flash drives, 7.16 hard copy documents, 7.19–7.23 hard drives, 7.16 identification of relevant evidence, 7.02–7.06 immediate priorities, and, 3.14–3.17 introduction, 2.21 messaging systems, 7.15 mobile devices, 7.16 overview, 7.01 personal devices, 7.16 personal information, 7.29–7.33 personal property issues, 7.26–7.28 phone logs, 7.15 reasonable and proportionate, 7.08 security system logs, 7.15 shared drives, 7.15 sources of material digital material off network, 7.16–7.18 digital material on company network 7.12–7.15 hard copy documents, 7.19–7.23 introduction, 7.11 trade data, 7.15 types of material, 7.10 voice recordings, 7.15 Press communications strategy accuracy of communications, 19.08 commissions and committees, 19.38– 19.39 communications ‘playbook’, 19.23–19.29 confidentiality, 19.33–19.34

210

Index Press communications strategy – contd customer-facing communications, 19.09 employee communications, 19.14–19.16 employees under investigation, and, 19.30–19.34 expert testing, 19.08 former employee communications, 19.30–19.34 importance, 19.02–19.04 initial steps additional considerations, 19.08–19.13 recipients of communications, 19.05– 19.07 internal communications, 19.09 investigation of employees, and, 19.06 leak strategy, 19.17–19.22 Listing Rules, 19.40–19.45 meaning, 19.02 method of communications, 19.08–19.11 overview, 19.01 Parliamentary enquiries, commissions and committees, 19.38–19.39 ‘playbook’, 19.23–19.29 Regulatory Notification Service (RNS), 19.25 timing of communications, 19.12 whistleblowers, 19.35–19.37 Privilege common interest privilege, 15.51–15.54 competition investigations, in, 15.62 confidentiality, and background, 15.36 claimants, 15.38–15.40 importance, 15.41–15.42 in-house lawyers, 15.40 introduction, 15.35 ‘lawyer’, 15.39 meaning, 15.36 privileged communications, 15.37 decision-making, and, 4.23–4.27 EU Commission investigations, in, 15.06 inadvertent disclosure of privileged material, 8.52–8.60 joint interest privilege, 15.46–15.50 legal advice privilege, 15.43 legal professional privilege background, 15.36 claimants, 15.38–15.40 importance, 15.41–15.42 in-house lawyers, 15.40 introduction, 15.35 ‘lawyer’, 15.39 meaning, 15.36 privileged communications, 15.37 litigation privilege, 15.44–15.45

Privilege – contd loss of, 15.58–15.59 outside of England and Wales, 15.63– 15.64 overview, 15.01 personal data definition, 15.15–15.17 introduction, 15.13–15.14 meaning, 15.15–15.17 statutory regime, 15.18–15.22 regulatory disclosure, and, 13.37–13.41 provision of evidence to regulator, 13.34 scope of investigation, 12.19 style, 12.33–12.36 regulatory investigations, in, 15.60–15.61 waiver of, 15.58–15.59 without prejudice privilege, 15.55–15.57 Project management documents closure of investigation, and, 12.51 Public relations (PR) strategy accuracy of communications, 19.08 commissions and committees, 19.38– 19.39 communications ‘playbook’, 19.23–19.29 confidentiality, 19.33–19.34 customer-facing communications, 19.09 employee communications, 19.14–19.16 employees under investigation, and, 19.30–19.34 expert testing, 19.08 former employee communications, 19.30–19.34 importance, 19.02–19.04 initial steps additional considerations, 19.08–19.13 recipients of communications, 19.05– 19.07 internal communications, 19.09 investigation of employees, and, 19.06 leak strategy, 19.17–19.22 Listing Rules, 19.40–19.45 meaning, 19.02 method of communications, 19.08–19.11 overview, 19.01 Parliamentary enquiries, commissions and committees, 19.38–19.39 ‘playbook’, 19.23–19.29 Regulatory Notification Service (RNS), 19.25 timing of communications, 19.12 whistleblowers, 19.35–19.37 Public tendering co-operation with regulators, and, 14.45 Questioning closing statements, 11.21–11.26

211

Index Questioning – contd ‘golden’ rules, 11.14–11.15 preparation, 9.92–9.104 putting others’ evidence to witness, 11.16–11.20 Reasonable steps investigation process, and, 2.12 Recommendations investigation process, and, 2.21 Recording witness evidence, and, 9.105–9.107 Record-keeping individuals briefed about investigation, 3.28–3.37 investigating senior management, and, 17.14–17.20 Regulatory co-operation conclusion, 14.53–14.54 considerations, 14.20–14.35 cost, 14.45 deferred prosecution agreements Code of Practice, 14.25–14.26 continuing co-operation, 14.27–14.29 features, 14.19 generally, 14.18 introduction, 14.06–14.10 meaning, 14.18 operation, 14.21–14.24 statutory basis, 14.20 definition, 14.11–14.12 engagement in public tendering, 14.45 features genuine assistance, 14.16–14.17 introduction, 14.11–14.12 timely self-reporting, 14.13–14.15 future impact, 14.50 genuine assistance, 14.16–14.17 insight into investigatory progress, 14.45 introduction, 14.02–14.05 loss of control, 14.47–14.49 overview, 14.01 penalties generally, 14.51–14.52 reduction, 14.37–14.40 public tendering, 14.45 regulatory disclosure, and, 13.47 reputational impact, 14.41–14.44 risks and rewards cost, 14.45 engagement in public tendering, 14.45 future impact, 14.50 insight into investigatory progress, 14.45 introduction, 14.36 loss of control, 14.47–14.49

Regulatory co-operation – contd risks and rewards – contd penalties, 14.51–14.52 reduction of penalties, 14.37–14.40 reputational impact, 14.41–14.44 risk-detriment appraisal, 14.46 status of company, 14.30–14.35 timely self-reporting, 14.13–14.15 Regulatory disclosure closure of investigation, and, 12.55–12.57 co-operation credit, 13.47 deferred prosecution agreements, 13.47 influence of regulator on scope of investigation, 13.28–13.32 initial steps contents, 13.15–13.17 generally, 13.03–13.05 legal obligation arises, where, 13.10– 13.14 proactive approach, 13.06–13.09 procedural methods, 13.18–13.22 interviews, 13.35–13.41 introduction, 13.02 investigation reports, 13.37–13.41 liability opinions, 13.42–13.44 ongoing relationship, 13.23–13.27 overview, 13.01 privilege, 13.37–13.41 provision of evidence to regulator, 13.34 regulatory breach opinions, 13.42–13.44 related investigation by regulator or prosecuting agency, where, 13.45– 13.46 updating regulator on progress, 13.33 Regulatory investigations privilege, 15.60–15.61 Reliability of evidence investigation process, and, 2.06–2.11 Remedial actions completion, 4.29–4.30 Report of investigation contents, 12.31–12.32 final considerations, 12.37 identifying the audience/recipients, 12.21–12.26 introduction, 2.21 objectives of investigation, 12.20 presentation, 12.27–12.30 regulatory disclosure, and, 13.37–13.41 scope of investigation, 12.19 style, 12.33–12.36 Representation co-workers, by generally, 10.30–10.34 HR representatives, 10.35–10.36

212

Index Representation – contd disciplinary process, and, 10.26–10.29 employee disciplinary proceedings, and D&O insurance, 16.42–16.45 interviews, at, 10.26–10.29 generally, 10.17–10.25 HR representatives, by, 10.35–10.36 lawyers, by company precedent, 10.43 contractual entitlement, 10.42 exceptions to general rule, 10.41–10.50 general rule, 10.37–10.40 risk of investigation by external authority, where, 10.44–10.50 union representatives, by, 10.30–10.34 Reputational impact co-operation with regulators, and, 14.41– 14.44 Retention of records closure of investigation, and, 12.44 Review of evidence data and documents advanced analytics, 8.35–8.37 appropriate subject matter expertise, 8.39–8.41 conduct, 8.42–8.51 data preparation and culling, 8.26–8.28 defining population of data and documents, 8.04–8.05 digital forensic analysis, 8.38 disclosure of legally privileged material, 8.52–8.60 inclusion in review populations, 8.10–8.24 introduction, 8.02–8.03 iterative approach, 8.06–8.09 oversight, 8.45–8.49 overview, 8.01 platforms, 8.42 prioritisation, 8.50–8.51 legally privileged material, 8.52–8.60 protocol preparation and maintenance, 8.43–8.44 review of audio files, 8.32–8.33 review of IM and chatrooms, 8.34 search terms, 8.14–8.18 specialist expertise, 8.25–8.38 subject matter expertise, 8.39–8.41 Technology Assisted Review, 8.19–8.24 third party document specialists, 8.29–8.31 introduction, 2.21 post-interview steps additional interviews, 11.31–11.32 expert, 11.33

Review of evidence – contd post-interview steps – contd generally, 11.29–11.30 introduction, 11.27–11.28 witness evidence, 11.33 Right against self-incrimination witness evidence, and, 10.51–10.57 Scope of investigations approval, 6.13 authority for investigation, 6.05–6.09 deadlines, 6.12 definition, 6.02 generally, 2.17–2.20 introduction, 6.02–6.04 meaning, 6.02 monitoring, 6.14–6.17 overview, 6.01 post-completion review, 6.21–6.22 production of document to third party, 6.18–6.20 reporting body or individual, 6.10–6.11 review, 6.14–6.17 timing, 6.12 Search terms data and document reviews, and, 8.14– 8.18 Securities Exchange Commission (SEC) benefits of investigations, 1.06 Security of documents closure of investigation, and, 12.49–12.50 Security system logs preservation of evidence, and, 7.15 Self-incrimination witness evidence, and, 10.51–10.57 Senior management accountability investigations, 17.11–17.13 attribution investigations corporate criminal liability, 17.21– 17.31 generally, 17.05 conduct investigations, 17.06–17.10 considerations accountability, 17.11–17.13 attribution, 17.05 conduct, 17.06–17.10 introduction, 17.05 corporate criminal liability, and ‘failure to prevent’ offences, 17.27– 17.31 generally, 17.21–17.22 identity doctrine, 17.23–17.26 introduction, 17.05 evidence, 17.14–17.20 generally, 17.02–17.04 mis-selling products, 17.11–17.13

213

Index Senior management – contd organisational failings, 17.11–17.13 overview, 17.01 records to be examined, 17.14–17.20 specific behaviour, 17.06–17.10 systemic misconduct, 17.11–17.13 types, 17.05–17.13 Senior Managers and Certification Regime (SMCR) decision-making, and, 4.32 Shared drives preservation of evidence, and, 7.15 Stakeholders external stakeholders, 3.20–3.24 internal stakeholders, 3.25–3.27 introduction, 3.19 Suspension employee disciplinary proceedings, and deferred awards, 16.28–16.29 employee, 16.22–16.27 Systemic misconduct investigating senior management, and, 17.11–17.13 Taking notes best practice, 11.01–11.06 documenting work and findings, 12.17– 12.18 timely preparation of final version, 11.07–11.09 use for non-investigatory purposes, 11.10–11.13 Technology Assisted Review generally, 8.19–8.21 precision, 8.23–8.24 recall, 8.22 Third parties witness evidence, and, 10.64–10.70 Third party documents closure of investigation, and, 12.52–12.54

Trade data preservation of evidence, and, 7.15 Union representation witness evidence, and, 10.30–10.34 Voice recordings preservation of evidence, and, 7.15 Whistleblowing best practice for policies and procedures, 18.18–18.20 conduct of interviews other persons, with, 10.60–10.63 whistleblowers, with, 10.58–10.59 confidentiality, 18.21 corporate communications strategy, and, 19.35–19.37 feedback from company, 18.23 financial services regulatory framework additional rules, 18.16–18.17 best practice for policies and procedures, 18.18–18.20 generally, 18.11–18.13 requirements, 18.14–18.15 systems and controls, 18.18–18.20 interviews, during, 18.22 legal framework general protection, 18.03–18.05 need for investigation, 18.10 protected disclosures, 18.07–18.09 qualifying disclosures, 18.06 overview, 18.01–18.02 regulatory framework, 18.11–18.13 status of disclosures made in witness interviews, 18.22 systems and controls, 18.18–18.20 Without prejudice privilege generally, 15.55–15.57 Witnesses of fact or subject of investigation interviews, and, 9.14–9.18

214