Multinational companies are seeing an increase in data volumes as well as a vast globalization of company data. As business ventures and data continue to cross borders, organizations are facing new challenges when it comes to regulatory scrutiny across the globe.
Specifically, the U.S. Securities and Exchange Commission (SEC) and U.S. Department of Justice (DO have ramped up enforcement actions against international corporate bribery under the Foreign Corrupt Practices Act (FCPA) and confirmed the assignment of additional resources directed at these types of investigations.
The law, which is enforced by the aforementioned agencies, prohibits the corrupt payment of money or anything of value to a foreign official in order to obtain or retain business, in addition to implementing certain accounting transparency requirements. Any U.S.-based company conducting business internationally, or foreign corporations trading securities in the United States, must comply with this act.
Further, the UK Bribery Act, a law enacted in 2010, has been referred to as the "the toughest anti-corruption legislation in the world." Under the act, any organization doing business in the UK or with ties to the UK may be prosecuted, face unlimited fines and the risk of a prison sentence for individuals involved.
This regulatory landscape for corruption and bribery offenses, combined with the widely varying data privacy and protection laws of countries across the globe and differences in local culturally-acceptable business practices, bring the issue of the appropriate performance of cross-border investigations under the microscope for corporate financial executives, inside counsel and information technology professionals. Finance professionals are especially important to this process given the Sarbanes-Oxley Act and SEC requirements around accountability and reporting events.
Complying with and understanding the nuances of these laws require strategic legal and technical expertise. These issues continue to be a problem for multinational companies and often leave their executives in a reactive, defensive position.
Data Here, There and Everywhere
In the event of an investigation in response to FCPA or UK Bribery Act enforcement, or an internal investigation due to suspicion of corrupt practices, a critical first step is to gather and analyze the facts surrounding the allegation. A key part of this process is the collection and review of employee and company data such as email and accounting records. Due to the international focus of these regulations, much of the data needed is typically outside of the U.S.
A traditional domestic U.S. investigation would see the forensic team visit the site where the data resides, collect all of it and take it to be hosted from a processing and review facility off site. It would then be reviewed and analyzed by counsel and investigators as needed for the matter. A cross-border corruption and bribery investigation often is a different matter as many countries have laws in place that prohibit or limit transfer of data to countries such as the U.S. that are not deemed to have an adequate level of data protection.