A strategic, proportional, and comprehensive document review is one of the most critical components of an effective Foreign Corrupt Practices Act (“FCPA”) investigation. A company's internal documents and data often contain the best evidence of potentially improper payments. It is not surprising, therefore, that U.S. enforcement authorities in FCPA matters place great emphasis on obtaining and analyzing relevant documents, data, and other reviewable information. For this reason, it is incumbent upon any company in a cooperative posture with the government to disclose as much relevant, non-privileged information as practicable.

When a document review is mishandled, the repercussions can be severe. Flaws in the document review process, for example, may cause enforcement officials to question the integrity of the investigation. This, in turn, can lead officials to dedicate more resources to their own search for evidence relating to alleged improprieties. Moreover, if a company fails to identify and disclose relevant documents that the government later obtains independently, the credibility of the investigation could be called into question, and the company may be forced to contemplate harsher penalties or sanctions.

Legal commentators have dedicated significant attention (in an FCPA context) to analyzing certain topics related to the document review process, including when to launch an internal investigation and how to handle issues such as e-discovery and disparate data privacy laws. In this article, we examine a less-explored but equally important topic: where should a company conduct document review during an FCPA investigation?

Some commentators have noted that documents pertaining to alleged bribery should be handled solely by U.S. lawyers in the United States, while others opine that potentially incriminating documents are best kept outside U.S. borders. Below, we analyze these and other important considerations to help shed light on how companies can select the best location to conduct document and data review in an FCPA investigation.

The Importance of Location

FCPA investigations often involve cross-border issues requiring the collection of documents, data, and other evidence from multiple jurisdictions around the world. To properly evaluate this information, a company will typically send it to a single (central) location for processing and review.

This decision alone can be quite daunting.  Indeed, there is no shortage of options for a company to consider.  For example, after more than a decade of robust, international anti-corruption enforcement, a plethora of third-party vendors now offer e-discovery and document review services in numerous countries. Additionally, law firms conducting internal investigations may decide that it is in the company’s best interests to assign firm attorneys to perform document review.  Alternatively, firms and their clients may choose to supervise contract attorneys who can review documents at a discounted rate.

Moreover, when choosing a location to perform document review, no two jurisdictions are equal. The choice to conduct document review in a given country could significantly impact the cost and quality of the investigation, which in turn may affect the disposition of an FCPA enforcement action. As with every aspect of an internal investigation, companies must, therefore, carefully consider and select the best location for document and data processing and review, based on their unique circumstances.

Balancing Cost and Quality

Generally speaking, document review—like many other services—is less expensive outside of the United States. Because FCPA investigations can quickly become costly endeavors, companies may seek to defray costs by outsourcing document review to a foreign jurisdiction.  The risk, however, is that the quality of the review may suffer if it is performed by non-U.S. lawyers who are perhaps not as well-versed in the intricacies of the FCPA or the principles of anti-corruption compliance.

At its most basic level, FCPA-related document review poses two essential questions.  First, is the document relevant? And second, is the document privileged?  Answering the first question requires a fair amount of knowledge about the FCPA and related enforcement actions. The reviewer must be able to identify red flags indicating that an improper payment was made, and know and understand the elements of an FCPA violation well enough to pinpoint facts relevant to the satisfaction of these elements. Before deciding to conduct document review outside of the United States, companies should determine whether a vendor’s reviewers have the necessary FCPA experience to make accurate relevance determinations.

Answering the second question—whether a document is privileged—proves an even more complicated task. A privilege determination comprises two separate concepts: attorney-client privilege and work product doctrine.  Attorney-client privilege protects any communication between an attorney and her client made in confidence for the purpose of obtaining or rendering legal advice. Separately, the work product doctrine protects any documents or tangible things prepared by or at the direction of an attorney in anticipation of litigation.  Understanding and applying these two concepts can be difficult, even for experienced U.S. attorneys. Accordingly, companies must be careful to ensure that foreign reviewers are trained to make privilege determinations before deciding to conduct a review outside of the United States.

Despite these caveats, there are certain circumstances where it is preferable to conduct document review in a foreign jurisdiction. In particular, if the documents to be reviewed are in a foreign language, it may be wise to have the documents reviewed by native speakers. Although there are U.S.-based vendors with foreign language capabilities, these services are often expensive and may not afford the same level of quality that a native speaker would provide. Notably, FCPA red flags are sometimes concealed behind suggestive or nuanced language that a non-native speaker may fail to recognize.

If one of the company’s primary objectives is to save time and money on document review, it may first want to consider strategies to reduce costs while keeping the review in the United States.  For example, new technologies such as predictive coding can reduce the total number of documents that must be examined.  Also, a company could engage foreign reviewers to make initial relevance determinations and then employ U.S. attorneys to conduct a privilege analysis of the relevant documents.  Such creative solutions can help companies balance the cost of a document review with its overall quality.

Implications for U.S. Civil Litigation

FCPA enforcement actions are often accompanied by civil litigation brought against a company by its shareholders in the form of class action or shareholder derivative suits. As a result, most companies conduct internal investigations with an understanding of the potential for shareholder litigation, and are appropriately concerned that a misstep in the investigation could have consequences down the road for such collateral litigation. Seeking to limit their exposure to the U.S.’s expansive civil discovery regime, some foreign companies elect to keep sensitive documents outside of the country, believing that this may protect the documents from disclosure to shareholder plaintiffs in U.S. civil litigation.

This approach, however, is misguided.  In 1987, the Supreme Court of the United States held that foreign companies subject to jurisdiction in a U.S. district court must comply fully with the discovery processes mandated by the Federal Rules of Civil Procedure (“FRCP”). See Societe Nationale Industrielle Aerospatiale v. United States Dist. Court, 482 U.S. 522, 541 (1987). This mandate includes FRCP 34, a discovery mechanism that plaintiff shareholders can use to obtain any relevant, non-privileged documents in a foreign company’s possession, custody, or control.  A foreign company may even be required to obtain and produce documents in the possession of a foreign affiliate if the company “controls” the affiliate.  See, e.g., Uniden Am. Corp. v. Ericsson Inc., 181 F.R.D. 302, 305-06 (M.D.N.C. 1998). Ultimately, this means that foreign companies cannot limit their exposure to discovery in U.S. civil litigation by conducting document review outside of the United States.

Compliance with U.S. Subpoenas

Many FCPA investigations are triggered by service of a subpoena by the U.S. Department of Justice (“DOJ”) or the U.S. Securities and Exchange Commission (“SEC”). These subpoenas seek documents and information related to an alleged FCPA violation.  In most cases, companies voluntarily comply with subpoenas to demonstrate to the government that they are cooperating with the government’s inquiry. But what if a company chooses not to cooperate with the government—how can the location of document review affect the company’s obligations to comply with a DOJ or SEC subpoena?

In short, maintaining documents and data outside of the United States could, at least temporarily, relieve a company from the obligation to produce those materials in response to a DOJ or SEC subpoena. Generally speaking, U.S. search warrants are not effective in foreign jurisdictions. Also, despite ongoing debate over the issue, the United States Code does not expressly grant independent authority for U.S. enforcement agencies to serve subpoenas on non-U.S. persons in foreign countries.

Even, however, if a non-U.S. company does not legally have to comply with a DOJ or SEC subpoena, federal prosecutors can seek foreign discovery through other mechanisms. Recently, prosecutors have succeeded in obtaining documents from foreign companies in FCPA matters by issuing requests for letters rogatory, mutual legal assistance treaty (“MLAT”) requests, and informal diplomatic requests. As a result, although a company may initially be able to elude compliance with a government subpoena by maintaining its documents and data outside of U.S. borders, the company will likely have to turn that information over to (perhaps) a less tolerant enforcement agency at some point in the future.

Summary of Best Practices

The central consideration in deciding where to conduct document review in an FCPA investigation is how a company wants to balance the cost of the review with its quality. Conducting document review outside of the United States can yield some cost savings, but perhaps at the expense of highly-accurate relevance and privilege determinations. Furthermore, the law does not support the commonly-held belief that companies will enjoy limited exposure to discovery in U.S. civil litigation by maintaining their documents and data outside of the United States. The best reason to conduct document review in a foreign jurisdiction is to take advantage of native speakers tasked with reviewing documents in the language of their country.

Ultimately, companies that cut corners in the early stages of an FCPA investigation, particularly with respect to document review, may pay for any resulting complications when it comes to resolving an enforcement action or managing follow-on shareholder litigation. Before deciding to conduct document review outside of the United States, therefore, companies should be judicious in weighing the risk of any cost savings realized in the short term against the potential for more severe penalty assessments by U.S. authorities and/or elevated settlement payouts to shareholder plaintiffs.