With increased globalisation, multinational businesses are establishing more of a global footprint and there is an increased need to manage risks across jurisdictions. In the area of corporate compliance and investigations, there has been an increase in the number of compliance reviews and cross-border investigations. Investigators and compliance professionals in Singapore, which is a hub for many businesses whose regional headquarters are based in this city state, are often faced with the task of managing or coordinating these reviews and investigations.
Whilst investigations are often focussed on fact finding and the potential ramifications of the conduct in question, they should also be carried out with due regard to compliance with applicable laws and regulations. This article discusses some of the common issues that arise.
Processing personal data is part and parcel of an investigation. This arises when the investigative team is required to preserve data for the investigations, search emails and documents for relevant evidence, interview witnesses, prepare notes and reports, or disclose evidence to a regulator.
In the course of dealing with personal data, investigative teams need to be aware of data privacy laws and regulations that may apply. Some form of data protection law exists in more than 100 countries across the world.
In recent years, there has also been a rapid development of privacy laws in the region, either in the form of new legislation or significant revisions to existing laws. For example, the Singapore Personal Data Protection Act (the "PDPA") and the Personal Data Protection Regulations came into force in 2014, and a number of advisory guidelines and enforcement decisions have since been published.
The challenge with coordinating cross-border investigations arises from the gamut of laws in this increasingly regulated environment. Different countries adopt different legal standards regarding data privacy. For example, some jurisdictions prohibit or restrict the interception, review, or recording of communications for purposes of investigations, whilst others do not. Many jurisdictions, including Singapore, prescribe requirements and limitations on the transfer of personal data to other jurisdictions, although the extent of such requirements and limitations may differ.
Non-compliance with data privacy laws and regulations may impact the investigation and lead to civil or criminal sanctions against the organisation. For example, employees may challenge non-compliant processing of their personal data through applications to the Singapore Personal Data Protection Commission or courts for injunctive relief. The investigative team may consequently not be able to use the evidence to further the investigation or for subsequent action or proceedings, including litigation or disciplinary proceedings to be taken against parties who have committed wrongful acts.
Rights of whistleblowers and subjects of investigations
Statistics show that many investigations arise from whistleblower complaints. Employees within an organisation have first-hand information concerning their workplaces, and are usually the first to recognise wrongdoings. However many may not raise issues for fear of reprisals or retaliation by fellow colleagues or superiors.
In recognition of this concern, many countries have laws that protect the rights of whistleblowers. These laws typically provide for confidentiality protection measures, anti-retaliation measures, and increased safety and protection of assets for whistleblowers. Singapore does not have an overarching whistleblower protection legislation, though the Prevention of Corruption Act (the "PCA") provides that the identity or address of any informer who brings complaints under the PCA shall be kept confidential.
Even where there is no legislation to address whistleblower rights, many corporations have policies that govern the treatment of whistleblowers within the organisation. A corporation which fosters an environment where employees feel comfortable with raising issues to their superiors or other relevant departments would stand a better chance at uncovering and dealing with these issues effectively.
Naturally, where an internal investigation arises from a whistleblower report, an investigative team should, at the outset, take advice on and be aware of relevant laws and regulations or policies governing whistleblower rights. Any subsequent engagement with the whistleblower to seek further information or evidence in respect of the allegations raised should be conducted in a manner that respects and protects these rights.
On the other hand, an organisation should also have regard to the rights of the targets of investigations. Issues to be considered include, for example, the rights of the target employee under employment laws and the employment contract, rights under privacy laws, and whether there is a right of a target to counsel or a privilege against self-incrimination.
Ideally, a company should be able to conduct its investigations without the fear of the resulting information and interviews being subject to a subsequent request for their discovery in the context of litigation proceedings or regulatory actions. An investigation, if done correctly, may be cloaked with the protections of privilege and any associated protections.
The US Supreme Court, in its landmark ruling on the 1981 case of Upjohn Co. v. United States1, concluded that attorney-client privilege applies in the context of corporate internal investigations. The case involved an internal investigation into questionable payments to foreign officials by employees of a pharmaceutical manufacturer. As part of the investigation, the corporation distributed a questionnaire to its employees to get information regarding the payments, which was then sent to the corporation's lawyers for review and advice.
The Internal Review Service subsequently investigated into the tax consequences of the payments and sought disclosure of the questionnaire responses. The Supreme Court held that the questionnaires were covered by the attorney-client privilege and therefore not subject to disclosure.
Since the above, there have been numerous cases and developments on the extent to which legal advice privilege can be maintained in internal investigations, most significantly in the US and the UK. In Singapore, the issue was considered in Skandinaviska Enskilda Banken AB (Publ), Singapore Branch v Asia Pacific Breweries (Singapore) Pte Ltd2, although no holding was made on the applicability of legal advice privilege in internal investigations, as the Court of Appeal ultimately decided that litigation privilege applied to the documents in question.
In managing cross-border investigations, it would be important for investigative teams to seek advice and make a conscious and informed assessment at the outset on the extent to which an investigation will be cloaked with applicable privilege doctrines, and determine the best approach in the process.
The above are by no means an exhaustive list of the legal issues that arise throughout the investigative process. The importance of appreciating the potential legal issues arising from investigations cannot be overstated. Ultimately, it is through understanding and anticipating the implications of possible legal issues at the onset of investigations that investigative teams would be able to effectively navigate the complexities of the process.
1449 U.S. 383 (1981)
2 2 SLR(R) 367
The views expressed in this column are the author's own and do not necessarily reflect this publication's view, and this article is not edited by Singapore Business Review. The author was not remunerated for this article.
Do you know more about this story? Contact us anonymously through this link.
Weiyi is a Principal in Baker & McKenzie.Wong & Leow’s dispute resolution and intellectual property practice. Weiyi regularly advises on compliance infringements, cross-border investigations, regulatory enquiries, and enforcement actions, particularly in the areas of anti-corruption, data privacy, tax and financial regulatory compliance.