We have reached a "high water mark for governmental investigations in which the risk of becoming swept up in such an investigation is greater than ever before." Defending Corporations and Individuals in Government Investigations, West (2011). This increase in enforcement comes at a time when there also has been a "proliferation of cheap wireless and web-enabled smartphones and 'the cloud' – those enormous server farms that hold and constantly update thousands of software applications." Friedman, "One Country, Two Revolutions," The New York Times, Oct. 23, 2011. In the brave new era of Dodd-Frank whistleblowers and aggressive enforcement by regulators, among other developments, companies face greater burdens than ever before when responding to subpoenas or other government requests for information. The sheer complexity and cost of responding to such requests given the deluge of potentially responsive data created by innumerable electronic devices can be overwhelming. There are a few practical steps that companies can take to limit their potential exposure and reduce the burdens and costs of responding to a government investigation.
To prepare for and deal with a potential regulatory investigation, companies should ensure they have the following basics in place: (i) a robust compliance program, (ii) effective IT policies, (iii) experienced white collar counsel and (iv) qualified electronic data consultants.
Much has been written about the need for and the best ways to implement an effective compliance program. Every company should have a comprehensive program of policies, procedures and monitoring that actually deters, detects and corrects illegal conduct within the organization. Suffice it to say that in today's treacherous white collar environment, having a robust, risk-based compliance program in place is a necessity for most companies. The legal or compliance department should assess the company's need for and develop compliance programs tailored to its greatest risks, including but not limited to FCPA, antitrust, trade secrets, fraud, accounting malfeasance and the like.
The area that often surprises companies when responding to a government subpoena or information request is the volume and complexity of the electronic data that they have to manage. With more open and flexible information technologies and custodians using multiple devices to conduct their business, including very often an office computer, a home computer, an iPad, a blackberry or iPhone, as well as the breadth of data often requested, including emails, texts, shared server documents, instant messages and accounting data, it very often is a daunting project to identify, locate, catalog and preserve that much data.
A good start is to ensure that your organization has clear IT policies, including limits on the type and number of devices where company data can reside as well as the volume and duration of data storage and retention. Every business should designate one person or department that is responsible for maintaining an accurate and up-to-date inventory of custodians and the devices they use. That person or department also should be responsible for the company's retention and back-up policies and procedures. The business must maintain an accurate, up-to-date list of back-up tapes and deletion or overwriting schedules. By working with the IT department to tightly monitor and inventory devices on which the company's data resides, a company can guard against the inadvertent loss or destruction of responsive data when responding to a government subpoena or information request – a circumstance that can create profoundly difficult problems during an investigation.
Very often, in a government investigation, the pace of an electronic data collection is much quicker and broader in scope than in civil litigation. Every company generally wants to be timely and thorough in responding to government requests while also being efficient and cost-sensitive. These goals sometimes conflict, but in the context of a government investigation, the risks of not properly identifying and preserving responsive information, or of antagonizing the government lawyers who may ultimately decide a company's fate, are often too great to risk. Thus, one of the most important factors for a positive outcome in responding to a government investigation is the quality and experience of the attorneys and data consultants who work on the matter. Very often, when investigations progress poorly and the government becomes frustrated with the company, it is the result of inexperienced counsel or electronic data consultants who either have not managed the government's expectations appropriately or who have not properly identified, preserved, analyzed and produced responsive and relevant data. Clear and effective communication with government lawyers therefore is essential during an investigation. The dialogue with the government generally is most successful when the attorneys representing a company have the experience to make realistic commitments on the company's behalf that maintain the company's credibility and good will with the government.
Of equal importance are the quality and experience of the electronic data consultants working with the company's counsel. Outside counsel very often must rely on the knowledge and expertise of these data consultants to identify relevant and potentially responsive data and to appropriately capture that data. This often has to be done in a complex, dynamic environment in which data is being used and potentially modified every day and in which multiple systems have different operating platforms, backup protocols and the like. Consequently, outside counsel often must rely on the knowledge and experience of its electronic data consultants working with the company's IT department to quickly and effectively identify where and how to preserve potentially responsive electronic data and how to manage large amounts of data so that counsel can begin reviewing and analyzing that information.
Given the importance of electronic data consultants, company counsel should carefully consider which one to use. Good electronic data consulting firms share some common characteristics. They have consultants who used to work in law enforcement and who know how to forensically preserve data in a manner that makes government agencies comfortable that important data will not be lost in the collection process. They also have substantial field experience; that is, they have worked on internal and government investigations of varying sizes and complexity assisting counsel in preserving data, filtering the data and making it available on a platform that lawyers can access. Counsel should only work with electronic data consultants who have the necessary expertise, professionalism and project management skills to get the job done well.
By having robust, risk-based compliance programs in place, strict and well enforced IT policies, up-to-date inventories of custodians, devices and backup tapes, and by retaining experienced white collar counsel and electronic data consultants, companies will go a long way toward reducing the costs and burdens associated with responding to a government investigation should the need arise.
Exerted from the book Defending Corporations and Individuals in Government Investigations, 2014-2015 edition. Daniel J. Fetterman and Mark P. Goodman, contributing authors. Find it here.
Mark P. Goodman is a partner at Debevoise & Plimpton LLP, where his practice focuses on white collar criminal defense, internal investigations, regulatory enforcement matters, and complex civil litigation. Mr. Goodman represents companies and individuals in grand jury and regulatory investigations and criminal proceedings involving allegations of securities fraud, healthcare fraud, insider trading, and violations of the Foreign Corrupt Practices Act. Mr. Goodman frequently conducts internal investigations and represents corporate boards and board committees.
Daniel J. Fetterman is a partner at Kasowitz, Benson, Torres & Friedman LLP, where his practice focuses on white-collar criminal defense, internal investigations, and complex business disputes. He routinely represents both corporations and individuals and has represented clients in matters relating to, among others, the Madoff ponzi scheme, the Hilton/Starwood litigation, the Bank of America/Merrill Lynch CDO litigation, the Vioxx litigation, the New York Jets/Cablevision stadium litigation, the Governor Blagojevich prosecution, and the Staten Island ferry crash.
Visit the West LegalEdcenter for these recent programs by Dan Fetterman and Mark Goodman on 'Defending Corporations'