What was once the exception is now the rule: Cross-border, multi-jurisdictional investigations are the new normal. Few significant investigations now are confined to only a single regulator, and many now involve three or more. This development poses unique challenges for companies, particularly those operating on the global stage. Regulators have become increasingly assertive in expanding what conduct they target, how far they can reach, and what penalties they impose.
The catalyst for this development has been the expansive view of jurisdiction espoused by U.S. Foreign Corrupt Practices Act (FCPA) prosecutors. The combination of their considerable prosecutorial clout and the absence of judicial oversight has resulted in a steady expansion of U.S. jurisdiction—a phenomenon characterized outside the U.S. as “lex Americana.” But the Americans are by no means alone. The seeds of the FCPA’s broad view of jurisdiction are found in the OECD Convention on Bribery, which calls upon participating states to adopt organic statutes that reach conduct anywhere in the world committed by a country’s nationals, and which also allows jurisdiction to be asserted over any scheme that is committed, even in small part, within a country’s borders. In practice, this means that virtually any public corruption case will necessarily implicate the laws of at least two and, often, many more countries, all of which have concurrent jurisdiction over the conduct. Other notable examples include U.S. penalties applied to foreign banks acting in third countries in violation of U.S. sanctions.
But the U.S. is hardly alone. The UK Bribery Act, and, most recently, the UK Criminal Finances Act purport to reach misconduct by any company doing business in the UK. Likewise, the Brazil Clean Companies Act has served as the basis for the assertion of jurisdiction over conduct all over the world. Expansive regulatory actions have been increasingly adopted by global regulators in France under Sapin II and from Asia through to Latin America, and have included not just anti-corruption, but also antitrust and sanctions enforcement.
These developments pose unique risks for companies operating in multiple jurisdictions. Some of these risks can be managed through careful attention to the problems posed by cross-border investigations. Companies need to be scrupulous about data protection, IP controls, local blocking statutes, and the availability (or not) of attorney-client privilege. Indeed, in some instances, the potential penalties for running afoul of these laws in the course of an investigation are greater than those for the underlying conduct. The new EU rules will only increase these risks. But familiarity with the relevant rules can, in large measure, mitigate those dangers.
Other problems are far more challenging. Around the world, the courts are grappling—without much success—with the problems posed by the risk of double jeopardy or ni bis in idem. While U.S. authorities have adopted the practice of crediting penalties paid to other jurisdictions, they stubbornly refuse to simply defer to prior prosecutions in other jurisdictions. The courts in Europe have not done much better. As a practical matter, the most successful litigation strategies for companies involved in multi-jurisdictional investigations have involved the encouragement of joint, global resolutions, in which every national stakeholder can participate simultaneously.
So, too, with the problem of multiple investigations. Some companies have sought, without much success, to use Section 4.1 of the OECD Convention, which contemplates coordination among participating states, to minimize the burden of responding to multiple investigations and, sometimes, conflicting demands for information. As with the problem of multiple or successive prosecutions, however, there is neither a structure in place nor agreed legal norms to resolve this problem judicially. But finding a way to address this problem will have a huge impact on the ability of large, global corporations to manage litigation risk across the globe.
The ultimate complication in this regulatory and litigation equation is that the international architecture of compliance and regulation is neither harmonized nor consistent. This increases the challenge for contemporary businesses in managing the litigation risks that reflect their business exposure in the global landscape. Governments, and occasionally industry lobbyists, bear much of the responsibility for this unevenness. Those keen to promote their competitive advantages will temper regulation in certain areas; proponents of strict enforcement and restrictions will highlight the virtues of robust regulatory structures. In other jurisdictions, un- or partly-reformed legacy regulation remains a working reality for businesses entering or active in those markets.
Indeed, at every point along the enforcement spectrum, there is a delicate balance of judgment that businesses must consider to ensure regulation is managed in a way that is economically sound, not unfairly restrictive, and proportionate to business (and litigation) risk. Given that these critical aspects are interpreted very differently across national boundaries, today’s corporations, advised by their GCs and legal professionals, operate on a platform of regulatory restriction of high variability. It is truly chess in three dimensions.