The Long Arm of Law Enforcement
This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight
Corporate investigations in Asia-Pacific frequently involve misconduct that spans multiple jurisdictions and, as a result, often attract the attention of various law enforcement and regulatory authorities. It is critical to be aware of the powers that authorities wield and how they may impact or disrupt the company’s investigations and business operations more generally. This article considers the key aspects of legal assistance and cooperation available to authorities in the Asia-Pacific region, and highlights the practical considerations drawn from our experience in handling multi-jurisdictional investigations.
- Cooperation between regulators and law enforcement across borders is increasingly common and effective, with various frameworks in place
- New laws have been enacted in some countries to enhance the ability to access information across borders. However, certain countries have laws that restrict the transfer of information overseas, giving rise to potential conflicting obligations for multi-national companies
Referenced in this article
- US: Clarifying Lawful Overseas Use of Data Act
- US: Anti-Money Laundering Act of 2020
- UK: Crime (Overseas Production Orders) Act 2019; and the Overseas Production Orders and Requests for Interception (Designation of Agreement) Regulations 2020
- China: International Criminal Judicial Assistance Law
- China: Data Security Law
- China: Personal Information Protection Law
- UN: UN Model Law on Extradition and UN Model Treaty on Extradition
Obtaining evidence in other jurisdictions
Mutual legal assistance treaties
One of the key mechanisms available to authorities to obtain evidence from other jurisdictions is by seeking the cooperation of a counterpart authority in that jurisdiction through a mutual legal assistance treaty (MLAT).
Countries may enter into multilateral or bilateral arrangements to facilitate mutual assistance. For instance, the Association of Southeast Asian Nations multilateral treaty on Mutual Legal Assistance in Criminal Matters has Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam as signatories. By contrast, Hong Kong and China have opted to enter into bilateral treaties with individual countries.
Each jurisdiction will generally implement MLAT obligations through domestic legislation. These laws then provide a domestic basis for fulfilling the obligation to provide assistance in criminal matters, including obtaining statements, documents and performing searches and seizures of information. A request made and approved through the formal MLAT mechanism will then be enforceable in the relevant jurisdiction.
In practice, the process for obtaining assistance can often be quite difficult. MLATs typically require a process to be followed, which can take time and requires the satisfaction of various criteria. In particular, MLATs will generally contain a number of circumstances in which a request must be refused or postponed.
As a result, many enforcement agencies might seek first to rely on informal channels, seeking assistance through their overseas counterparts rather than formally making the request through an MLAT. If this is the case, the request may not be enforceable and any assistance provided by the relevant individual or company will be voluntary in nature. Accordingly, where a company is receiving a request with a cross-border element, it is important to understand the nature of any requests being made to identify whether the company is being compelled to assist, on what basis and the consequences of acceding to the request.
In circumstances where the request is voluntary in nature, consideration should be given to the applicability of other laws, such as data privacy, or the availability of legal professional privilege. In the case of data privacy, many statutes will provide protection for information that has been released as a result of compulsion. Such protection is unlikely to be available where the information has been voluntarily produced. Similarly, where legal professional privilege attaches to a document, voluntary production of that document will amount to a waiver of privilege. Although a limited waiver of privilege could be used, consideration will need to be given to whether that will be effective in the circumstances.
Extraterritorial evidence collection and the cloud
With the increasing use of cloud storage by businesses, it is becoming more common for data relevant to a criminal investigation to be stored in a different jurisdiction. This has often resulted in a need to rely on MLATs to obtain that data, which can slow down the investigative process. Following the enactment of the Clarifying Lawful Overseas Use of Data (CLOUD) Act and the Crime (Overseas Production Orders) Act 2019 (COPOA) in the US in 2018 and the UK in 2019 respectively, these two jurisdictions entered into the US–UK Bilateral Data Access Agreement (the Agreement). The development in the US and the UK has prompted some jurisdictions to consider law reform, for example, the European Union and Australia, which have been in negotiations with the US Department of Justice regarding similar bilateral agreements.
The US CLOUD Act provides a particular type of production order for data targeted at US-based global technology providers, which prima facie applies to data located in jurisdictions outside the US, albeit subject to a formal process for challenge under certain specified grounds. It provides a framework for foreign governments to enter into bilateral agreements with the US with the effect of permitting that jurisdiction’s law enforcement authorities to make requests directly to US service providers, rather than via the US government under an MLAT. Reciprocal arrangements must be made to allow the US to request electronic data from service providers in that country.
Similarly, the UK COPOA facilitates the application by UK-based law enforcement agencies for production orders in the UK that are capable of being served upon communications service providers based outside the UK, to assist with UK investigations and prosecutions of serious crimes. Similar to the CLOUD Act, COPOA provides for international cooperation arrangements to be entered into, enabling those orders to be served and recognised outside the UK and reciprocal recognition of similar orders from the foreign jurisdiction in the UK.
The US and the UK subsequently entered into the Agreement in 2019 to implement cooperation under the CLOUD Act and COPOA, and the Agreement came into effect on 8 July 2020.1 The effect of this is that overseas production orders can now be made by the courts in either jurisdiction to permit law enforcement agencies from that country to go directly to tech companies based in the other country to access electronic data. One of the aims of the Agreement is to put in place a more efficient mechanism for law enforcement agencies to acquire relevant information for investigations, while still imposing sufficient protection to prevent abuse of the Agreement. The UK Home Office published a statement shortly after the conclusion of the Agreement highlighting that the MLAT process ‘which see[s] requests for communications data from law enforcement agencies submitted and approved by central governments . . . can often take anywhere from 6 months to 2 years’ but that ‘the [Agreement] will see the process reduced to a matter of weeks or even days’.2 The Agreement also seeks to resolve potential conflicts in legal obligations, such as the obligation to disclose data by the law of the requesting jurisdiction while at the same time being obliged not to disclose data under the privacy or data protection laws of the jurisdiction in which the data is hosted.
However, these arrangements are not without their detractors. For instance, concern has been raised over requiring a cloud provider to challenge a production order in an overseas court. Although protections also exist for legal privilege and confidential personal information, the fast turnaround for production and the differences in the concepts of privilege and personal information between jurisdictions have been grounds for concern.
Expanded subpoena powers under US Anti-Money Laundering Act of 2020
On 1 January 2021, the US Congress enacted the Anti-Money Laundering Act of 2020 (AMLA), which (among other things) significantly enhances the ability of the Department of Justice (DOJ) and Department of the Treasury (Treasury) to access financial records located outside the US in the context of criminal investigations and civil forfeiture proceedings.
The AMLA enables the DOJ and the Treasury to issue a subpoena to ‘any foreign bank that maintains a correspondent account in the [US]’ requiring the bank to produce any records relating to ‘any account at the foreign bank, including records maintained outside of the [US]’. In effect, this means that the correspondent account does not need to be in any way connected to the misconduct under investigation (which was previously required under the PATRIOT Act of 2001) and that, for a foreign bank, the mere fact of maintaining a US correspondent account now provides a legal basis for the US authorities to subpoena records relating to any of its accounts in any jurisdiction.
The new subpoena powers provide a direct means of securing evidence located outside of the US more expeditiously than would typically be the case through a protracted MLAT process or other forms of diplomatic cooperation, as well as a means of securing records from jurisdictions with which the US does not have a functioning MLAT or a positive diplomatic relationship.
While the overall focus of the AMLA is anti-money laundering and counter-terrorist financing, it is notable that the legislation enables enforcement authorities to issue a subpoena in connection with a suspected violation of any federal criminal law, thus expanding the scope of the legislation to cover the whole range of criminal misconduct, potentially including, for example, fraud, tax evasion, bribery or sanctions violations.
The breadth and reach of the AMLA subpoena power gives rise to the potential for conflicts with obligations arising in other jurisdictions, such as the laws in China that restrict the provision of certain information overseas (see below). While the AMLA provides that the foreign bank subject to a subpoena may petition the relevant US district court to modify or quash the subpoena, it specifically states that ‘conflict with foreign secrecy or confidentiality law shall not be a sole basis for quashing or modifying the subpoena.’
Chinese legislation restricting the provision or transfer of information overseas
As mentioned above, a number of Chinese laws contain provisions that restrict the provision or transfer of information overseas. One example is the International Criminal Judicial Assistance Law (ICJAL), enacted on 26 October 2018, which in essence limits the ability of those within China to provide assistance in criminal proceedings outside the jurisdiction. The ICJAL defers to MLATs, on the condition that basic principles of Chinese laws are not violated.
Under the ICJAL, individuals and companies are required to obtain approval from a Chinese ‘competent authority’ before disclosing evidence or providing access to witnesses located in China to overseas criminal enforcement authorities. Where approval is granted, the Chinese authority has the power to monitor and intervene in the testimonial or evidence gathering process in China. Chinese authorities are also prohibited from seeking assistance from their overseas counterparts without obtaining a similar approval.
Although the Chinese authorities have clarified that only the disclosure of evidence that is directly in connection with foreign criminal proceedings should follow the ICJAL, they have not provided any commentary or guidance on the practical application of the ICJAL. There have been no cases in China in which the requirement of obtaining prior government approval was applied. As such, the practical application of this requirement by the Chinese authorities remains unclear.
The practical effect of this law in the US has been considered in a federal district court in the District of Columbia in which the ICJAL was cited as a basis for not complying with a subpoena.3 The court ultimately determined that in light of the US’s security interest involved in the matter, the importance of the information subpoenaed and the futility of previous reliance on the MLAT between the US and China, the recipient of the subpoena was compelled to produce information subpoenaed by the US Attorney’s Office regardless of the requirements of the ICJAL. In a separate matter, the US court merely commented that it is unknown whether China will in practice use the ICJAL to stall requests for documents and information for criminal investigations in other jurisdictions.4
It is unclear how the ICJAL will practically affect requests for information and documents from foreign authorities, and how freely the Chinese government will provide such consent. However, should consent not be forthcoming, a multinational company may have to choose between violating the ICJAL or being held in contempt of a production order.
Another example of laws that restrict the transfer of information out of China is the Data Security Law, which was enacted on 10 June 2021 with an implementation date of 1 September 2021. It provides that the competent authorities of China shall handle data provision requests from foreign judicial or law enforcement agencies in accordance with relevant laws, international treaties and agreements concluded by China, or the principle of equality and reciprocity. However, organisations and individuals within the territory of China shall not provide data stored within the territory to foreign judicial or law enforcement agencies without the approval of the competent authorities of China. This applies to any data stored in China irrespective of the nationality of the organisation or individual that controls the data. A breach of this requirement may result in a maximum fine of up to 1 million yuan (or up to 5 million yuan where the breach results in serious consequences), with separate fines on the responsible persons of the organisation in breach. A similar requirement regarding the provision of personal information to judicial or law enforcement agencies outside of China is included in the Personal Information Protection Law, which was enacted on 20 August 2021 with an implementation date of 1 November 2021.
In managing the risks arising under the ICJAL, the Data Security Law and the proposed Personal Information Protection Law, corporations that receive requests for legal assistance outside of the MLAT mechanism by other countries in relation to information held within China will need to weigh various matters, such as the relationship with the government authority or authorities outside mainland China and the nature of the information sought (including the likely sensitivity of that in the eyes of the Chinese authorities and whether it could contain information falling within the State Secrets Law). Where approval is sought from the Chinese government and the matter was not already on their radar, such a request could raise interest and prompt delays.
Cooperation between authorities
Aside from MLATs and other production orders, regulators and enforcement authorities have developed their own tools to enhance their investigative powers. These tools typically stem from ‘soft law’ instruments such as memorandums of understanding (MOUs) between two or more parties, although facilitated by domestic legislation or regulation in each jurisdiction.
Financial services regulators
One sector that has shown great appetite for setting up cooperation channels between regulators is the financial services sector. Regulators rely on a variety of mechanisms for cooperation, including bilateral MOUs and bilateral agreements, as well as multiparty MOUs.
Financial regulators in the Asia-Pacific have entered into numerous MOUs and cooperation agreements with their counterparts in the region, as well as their equivalents in the European Union, the UK and the US.
By way of example, the Hong Kong Monetary Authority (HKMA) has entered into MOUs and other formal arrangements with multiple banking supervisory authorities outside Hong Kong.5 Broadly, these cover the sharing and exchange of information to assist in the supervision of banks that operate in both the HKMA and its counterparts’ jurisdictions, regular or informal meetings to discuss common issues, and consultations with each other on any cross-border establishment or investment by banks. The Securities and Futures Commission in Hong Kong has also entered into MOUs and other arrangements with multiple securities regulators globally on investigatory assistance and exchange of information.6 Separately, it has entered into an MOU with the China Securities Regulatory Commission to strengthen regulatory and enforcement cooperation under the Mainland-Hong Kong Stock Connect, a platform that allows mutual stock market access between Shanghai and Hong Kong and between Shenzhen and Hong Kong. The MOU is aimed at improving the mechanism for identification and notification of suspected misconduct and initiating effective investigatory cooperation to combat cross-boundary suspected misconduct, such as disclosure of misleading information, insider dealing, market manipulation and other fraudulent activities.7
In February 2020, the Monetary Authority of Singapore and the US Department of the Treasury issued a joint statement on financial services data connectivity. Singapore and the US agree that data localisation requirements can increase cybersecurity and other operational risks, hinder risk management and compliance, and inhibit financial regulatory and supervisory access to information. The two countries intend to seek to promote adoption and implementation of policies and rules in their respective bilateral and multilateral economic relationships to facilitate the following goals:
- ensuring that financial service suppliers can transfer data (including personal information) across borders by electronic means if this activity is for the conduct of the business of a financial service supplier;
- opposing measures that restrict where data can be stored and processed for financial service suppliers as long as financial regulators have full and timely access to data needed to fulfil their regulatory and supervisory mandate; and
- ensuring that financial service suppliers have the opportunity to remediate the lack of access to such data before being required to use or locate computing facilities locally.8
There are various multilateral cooperation instruments. For example, the International Organization of Securities Commissions (IOSCO) established a Multilateral Memorandum of Understanding Concerning Consultation and Cooperation and the Exchange of Information (MMOU) in 2002 (last updated in May 2012), which currently has 124 signatories.9 Members of IOSCO are typically the primary securities or futures regulator in a particular jurisdiction. The MMOU is aimed at providing securities regulators with tools for combating cross-border fraud and misconduct, and represents a common understanding among its signatories of how they should consult, cooperate and exchange information for securities regulatory enforcement purposes, including providing specified information and documents and taking or compelling witness evidence. The number of information requests made under the MMOU increased from 56 in 2003 to 4319 in 2019.10
In 2017, IOSCO established the Enhanced MMOU (EMMOU)11 to enhance information sharing and cooperation between IOSCO members in light of the significant increase in globalisation and interconnectedness of financial markets, as well as technological advancements. The new powers introduced in the EMMOU include powers to obtain and share audit working papers, existing internet service provider records and telephone records, to freeze assets and to compel physical attendance for testimony, a potentially powerful tool. There are currently 19 signatories.
The objective is for all MMOU signatories to eventually migrate to the EMMOU. However, the MMOU will remain in effect as long as any signatory wishes to continue using it.
It is important to note that both the MMOU and the EMMOU are not intended to create legally binding obligations or to supersede domestic laws.
Similarly, the International Association of Insurance Supervisors established the Multilateral Memorandum of Understanding on Cooperation and Information Exchange in 2007 (last updated in July 2014) for insurance regulators to cooperate and exchange information relating to the supervision of insurance companies where cross-border aspects arise. There are currently over 70 signatories.12
Like financial regulators, anti-corruption agencies actively liaise to fight graft. In fact, around 13 per cent of foreign bribery cases are brought to the attention of law enforcement authorities through the use of formal and informal mutual legal assistance between countries for related criminal investigations.13 Although cooperation and collaboration outside formal mutual legal assistance channels do exist and are, in fact, on the rise,14 it is widely acknowledged that there is a need for increased coordination.15
The United Nations Convention against Corruption (UNCAC),16 which has 187 parties and 140 state signatories, provides a basis for anti-corruption agencies to cooperate.17 Under the UNCAC, state parties have agreed to cooperate with one another in every aspect of the fight against corruption, including prevention, investigation and the prosecution of offenders. In particular, state parties are to afford the widest measure of mutual legal assistance in investigations, prosecutions and judicial proceedings in relation to the offences under the UNCAC, including undertaking measures to support the tracing, freezing, seizure and confiscation of the proceeds of corruption. Other provisions provide for the extradition of offenders,18 transfer of sentenced persons19 and law enforcement cooperation and joint investigations.20 The July 2020 Organisation for Economic Co-operation and Development (OECD) and UN report on the G20 2030 Sustainability Goals highlighted that relatively few countries regularly use the UNCAC as a legal basis for mutual legal assistance, extradition or law enforcement cooperation.
The UK SFO has emphasised the need to cooperate more effectively across jurisdictions and with cross-border enforcement agencies.21 The SFO has an international team whose role is to liaise with and advise case teams to assist with cross-border requests and collaboration. However, a report released in October 2019 by HM Crown Prosecution Service Inspectorate suggested that cases with overseas elements were nonetheless a frequent cause for delays. While this may be inevitable and for the most part out of the control of the investigating officers, the report did note that better case management and more thoughtful interaction with overseas counterparts could minimise those delays.22 As a result, more effective collaboration with their counterparts in other jurisdictions will undoubtedly be a focus.
Similarly, in 2018 the US Deputy Attorney General announced a new US DOJ policy to enhance coordination with other law enforcement agencies. Termed the policy against ‘piling on’, the aim ‘is to enhance relationships with our law enforcement partners in the US and abroad, while avoiding unfair duplicative penalties’ by requiring DOJ attorneys to coordinate with one another. Early indications suggest an increased willingness to coordinate and cooperate with foreign enforcement agencies. So far, the policy is generally viewed as being effective in acting as a beacon for more coordination and cooperation among foreign authorities. Since its implementation, the DOJ and the Securities and Exchange Commission coordinated resolutions and afforded credit for penalties paid to other foreign authorities where appropriate. This appears to have prompted consideration of a no ‘piling on’ policy at a broader international level. In December 2019, the chair of the OECD began lobbying for a global ‘no piling on’ standard, citing the US DOJ’s policy as model, urging other countries to adopt similar measures.23
Multinational companies will often need to be sensitive to the potential risks of employees finding themselves caught up in an investigation. Where an individual may provide assistance to the authority as a witness, the mechanisms set out in the relevant MLAT or MOU will provide some guidance as to the process of obtaining assistance in the jurisdiction in which the individual is located. However, in circumstances where the employee finds himself or herself a target of the investigation, the foreign authority may lay charges and ultimately seek to extradite that individual so that he or she can face trial.
Extradition refers to a legal process by which a person who is accused or convicted of a criminal offence (person sought) is legally surrendered by one jurisdiction (requested jurisdiction) to be transferred to another jurisdiction (requesting jurisdiction) to be tried, sentenced or to serve a term of imprisonment. Extradition may take place pursuant to treaties (bilateral or multilateral) or ad hoc arrangements, in both cases usually supported by domestic legislation in the requested jurisdiction and the requesting jurisdiction.
Most countries have entered into bilateral treaties with other countries providing for extradition arrangements between the two jurisdictions. Examples of multilateral treaties include the European Convention on Extradition24 and the Inter-American Convention on Extradition.25 Subject matter specific treaties may also provide for extradition obligations, such as the United Nations Convention against Transnational Organized Crime26 or the UNCAC. Unless a country enters into a treaty imposing such an obligation, there is no duty in international law to surrender an individual.
Countries will normally make an assessment of other countries prior to entry into an extradition treaty in order to be satisfied that surrendered fugitives will be subject to minimum standards of treatment in relation to due process and punishment.
The content of extradition treaties and domestic laws implementing those treaty obligations clearly varies depending on the jurisdictions involved. However, the UN Model Law on Extradition27 (Model Law) and the UN Model Treaty on Extradition28 (Model Treaty) provide a framework that is intended to reflect international practice. The overarching elements the Model Treaty addresses are as follows:
- Matters relating to extradition of the person sought from the requested jurisdiction (otherwise referred to as passive extradition):
- the substantive conditions for extradition;
- the grounds for refusal of an extradition request; and
- the process for extradition proceedings and documentary requirements.
- Matters relating to extradition of the person sought to the requesting jurisdiction (otherwise referred to as active extradition):
- the process for making a request, including the competent executive and judicial bodies; and
- the treatment of the person sought in the requested jurisdiction and limits on action that can be taken and on re-extradition.
- Matters relating to transit of the person sought through a third jurisdiction on their way from the requested jurisdiction to the requesting jurisdiction.
Some general points to note about the conditions for extradition under the Model Law and Model Treaty are as follows.
Extradition is only available in respect of offences that are punishable under the laws of both jurisdictions by imprisonment for a minimum specified period – known as the ‘double criminality’ requirement.
The scope of extraditable offences can be further limited to specific crimes. Alternatively, a specified list of crimes may be excluded from the bilateral arrangements.
However, where extradition of a person is sought for an offence against a law relating to taxation, customs duties, exchange control or other revenue matters, extradition may not be refused on the ground that the law of the requested jurisdiction does not impose precisely the same kind of tax or duty or does not contain a tax, customs duty or exchange regulation of the same kind as the requesting jurisdiction.
There are mandatory grounds for refusal of extradition. This includes where the offence is regarded by the requested jurisdiction as an offence of a political nature, or where the requested jurisdiction has substantial grounds for believing that the request has been made for the purpose of prosecuting or punishing the person sought on account of his or her race, religion, nationality, ethnic origin, political opinions or gender.
There are also mandatory grounds for refusal where the person sought has been or would be subjected in the requesting jurisdiction to torture or cruel, inhuman or degrading treatment or punishment, or where judgment has been rendered in absentia, the person sought has not had sufficient notice of the trial or the opportunity to arrange for his or her defence.
In addition, there are various optional grounds for refusal, including where the offence in relation to which the request has been made carries the death penalty under the law of the requesting jurisdiction or where extradition would be incompatible with humanitarian considerations in view of age, health or other personal circumstances of that person.
There are also optional grounds for refusal in respect of extraterritorial offences (where the alleged offence has been committed outside the territory of either jurisdiction) where the requested jurisdiction’s law does not provide for such an offence committed outside its territory in comparable circumstances.
INTERPOL Red Notices
The International Criminal Police Organization (INTERPOL) is an intergovernmental organisation whose membership comprises the overwhelming majority of countries’ law enforcement agencies.
The Red Notice system is a process by which the law enforcement agency in a member country can issue a request to locate and provisionally arrest an individual pending extradition.29 A Red Notice is issued by the INTERPOL General Secretariat at the request of that member country based on a valid national arrest warrant.
The system is not supported by any legal framework and INTERPOL cannot compel any member country to arrest an individual who is the subject of a Red Notice. Publication of a Red Notice simply provides notice to member countries that the person is wanted.
Member country practice in respect of Red Notices will vary. Some member countries will treat a Red Notice as an arrest warrant whereas others will require a domestic warrant to be issued prior to any detention. A member country may detain the subject or may instead begin deportation proceedings against the subject. If the subject is stopped at an airport, the country may also simply require the subject to return to the country of departure.
The process for issue of a notice is relatively straightforward.
A relevant law enforcement agency in a member country requests a Red Notice via their National Crime Bureau. Each member country hosts an INTERPOL National Central Bureau, which connects its national law enforcement with other countries and with the INTERPOL General Secretariat.
Compliance checks will then be conducted and, assuming the request meets the necessary criteria (see below), the INTERPOL General Secretariat issues a Red Notice. Law enforcement agencies in all member countries are then alerted through INTERPOL’s global network.
A number of conditions must be met before INTERPOL can publish a Red Notice:
- the offence concerned cannot be an offence that is of political, military, religious or racial character;
- the offence concerned cannot be an offence that relates to behavioural or cultural norms, family or private matters, administrative matters or private disputes;
- for a person sought for prosecution, the offence must be one that is punishable by at least two years of maximum deprivation of liberty;
- for a person sought to serve a sentence, the sentence remaining to be served must be for at least six months of imprisonment;
- the person sought must be sufficiently identified by name, photograph, etc;
- the requesting agency must provide sufficient judicial data including the relevant facts, charges, laws, penalties and a valid arrest warrant or judicial decision; and
- the requesting agency must provide assurances that extradition will be sought upon arrest, and that relevant authorities for extradition have been consulted.
The Parliamentary Assembly of the Council of Europe has recently formally recognised that a number of countries have been abusing Red Notices by issuing them against perceived political enemies and based on activities that would otherwise be protected in western democracies.30 This has been a concern among the international community for some time. The Council has passed a resolution to address the abuse of Red Notices, which has been recognised to most commonly occur in situations involving political abuse, corruption and failure to seek extradition. Among other things, the resolution calls on INTERPOL to further improve transparency by disclosing data relating to the effectiveness of its review mechanisms and to examine with particular care any repetitive requests as well as requests submitted by those that have previously submitted a high number of abusive requests.
Actions taken by law enforcement authorities and regulators in conducting their own inquiries can severely disrupt the company’s internal investigations and business operations more generally. The extent and nature will inevitably vary by reference to the nature of the case, the governmental agencies involved and, frequently, the political environment in that jurisdiction.
Nonetheless, there are some generally applicable practical issues to consider.
When addressing a request from an out-of-jurisdiction authority or regulator, make sure to carefully consider the nature of the request and whether the company (or individual) is being compelled to produce the information. In some circumstances, voluntary production of information to a regulator or authority can cause the company to lose protections around data privacy and legal professional privilege that might otherwise be available. Equally, insisting on relying on your strict legal rights, even for good reason, may frustrate some agencies who will see this as evasive.
Voluntary sharing of information among group entities to placate law enforcement authorities can create an expectation of such conduct in the future. This may mean that a later refusal attracts even more suspicion than it would have had that precedent not been set.
Before responding to a request (either voluntary or compelled), ensure that the company is aware of any potential restrictions or blocking statutes that might apply. There may be a tension between the laws of the jurisdiction from which the request or order originates and the jurisdiction where the information is held. Although it may not be possible to resolve that tension, the company should make sure it is aware of the potential risk.
When considering any strategy for addressing self-reporting, whether on a voluntary or an obligated basis, consider the prospect of information being shared among the relevant government agencies and how that impacts which agencies a report is made to, when that occurs and what is said.
In circumstances where an individual is potentially subject to criminal charges in another jurisdiction, consider the company’s position and how the risk could be mitigated if the employee is retained. Even in circumstances where the allegations are considered unfounded or there is a disagreement with the alleged crime from a policy perspective, consider how this impacts the employee’s ability to travel and, in regulated industries, his or her fitness and propriety. Keep in mind also that INTERPOL Red Notices can be misused, although the process for challenging such notices is protracted when compared with the rapid speed with which they can be issued.
Managing multinational investigations is always challenging and can be particularly so with jurisdictions in the Asia-Pacific region. It is important for companies and their lawyers to be mindful of the web of government agencies that may take an interest in the conduct under investigation.
 The Overseas Production Orders and Requests for Interception (Designation of Agreement) Regulations 2020 were passed in the UK to ensure that the Agreement was designated under the relevant UK legislation to enable UK overseas production orders and to allow a UK telecommunications operator to lawfully intercept the communications of an individual at the request of the US when such a request is made in compliance with the requirements of the Agreement.
 In Re: Sealed Case 442 US App DC 378.
 In Re Grand Jury Investigation of Possible Violations of 18 USC 1956 and 50 USC 1705.
 See http://www.iosco.org/about/pdf/Text-of-the-EMMoU.pdf for the text of the EMMOU and http://www.iosco.org/about/?subSection=emmou&subSection1=signatories for a list of signatories.
 See http://www.iaisweb.org/page/supervisory-material/mmou for the text of the memorandum and a list of signatories.
 OECD Foreign Bribery Report, 2014.
 Transparency International, Exporting Corruption – Progress Report 2018: Assessing Enforcement of the OECD Anti-Bribery Convention (2018) at 16.
 See OECD Working Group on Bribery, 2016 Data on Enforcement of the Anti-Bribery Convention – Special focus on international cooperation (November 2017); Transparency International, Exporting Corruption – Progress Report 2018: Assessing Enforcement of the OECD Anti-Bribery Convention (2018) at 17.
 UN General Assembly, United Nations Convention Against Corruption, 31 October 2003, A/58/422, available at: http://www.unodc.org/documents/brussels/UN_Convention_Against_Corruption.pdf.
 Article 44 UNCAC.
 Article 45 UNCAC.
 Articles 48 and 49 UNCAC.
 Speeches by Lisa Osofsky (Director of SFO), 2019 and Matthew Wagstaff (Joint Head of Bribery & Corruption) 2018.
 HM Crown Prosecution Service Inspectorate, Case progression in the Serious Fraud Office: Review of case progression systems and processes between case acceptance and charge (October 2019): http://www.justiceinspectorates.gov.uk/hmcpsi/inspections/case-progression-sfo-oct-19/.
 Global Investigations Review, ‘OECD mulls common anti-piling on policy’, 6 December 2019, available at: https://globalinvestigationsreview.com/article/1211813/oecd-mulls-common-anti-piling-on-policy.
 Organization of American States, Inter-American Convention on Extradition, 25 February 1981, available at: http://www.oas.org/juridico/english/treaties/b-47.html.
 UN General Assembly, United Nations Convention against Transnational Organized Crime: resolution adopted by the General Assembly, 15 November 2000, A/RES/55/25, available at: http://www.unodc.org/unodc/en/organized-crime/intro/UNTOC.html.
 UN Office on Drugs and Crime, Model Law on Extradition (2004) available at: http://www.unodc.org/pdf/model_law_extradition.pdf.
 UN General Assembly, Model Treaty on Extradition, resolution adopted by the General Assembly, 14 December 1990, A/RES/45/116 (subsequently amended by resolution 52/88), available at: http://www.unodc.org/pdf/model_treaty_extradition.pdf.
 See generally http://www.interpol.int/en/How-we-work/Notices/Red-Notices.
 Parliamentary Assembly Council of Europe, Abusive recourse to the Interpol system: the need for more stringent legal safeguards, Resolution 2161 (2017); and Parliamentary Assembly Council of Europe, Interpol reform and extradition proceedings: building trust by fighting abuse, Resolution 2315 (2019).