Asia (Other)

Published in Asian-mena Counsel: Sanctions & Investigations Special Report 2020

Screenshot 2020-10-21 at 2.10.25 PM

When a crisis such as a regulatory raid or phishing attack grips an organisation, there are essential steps to take that can steady the business and help it steer clear of further danger.

By Yvette Anthony, Counsel, dispute resolution practice head, Singapore and Lyndon Choo, Legal Associate, Osborne Clarke.

Screenshot 2020-10-21 at 3.37.06 PM

It is a Sunday evening. You are the general counsel of a global technology multinational company. You have just been informed by someone from the business that investigators from the commercial affairs department are present at the office premises and are demanding access to all your company’s documentary, personnel and electronic records. There is a vague idea that the investigation relates to alleged corrupt practices involving a foreign joint venture.

Meanwhile, the company’s staff in the office are (naturally) alarmed by the presence of investigators. In their panic, they reach out to their contacts in the joint-venture partner. Some post videos and text messages about the incident on social media, while others start deleting emails they perceive as incriminating.

The above may be a hypothetical, but it is a real and very possible scenario given the increase in corporate scrutiny. Indeed, crises can come in various forms – from warehouse fires to phishing incidents and regulatory investigations.

Yet, organisations often scramble and flounder when faced with such situations. Potential ramifications of this include the inadvertent disclosure of sensitive information or accusations of evidence tampering. But there are some proven measures that an organisation can take to better prepare for unexpected events.

Screenshot 2020-10-21 at 3.33.05 PM

Crisis committee

The establishment of a standing crisis-management committee helps ensure that organisations are able to effectively take charge of a crisis.

This committee should be made up of individuals managing the organisation’s main functions. This could include representatives from human resources, compliance, finance, legal and others.

To minimise confusion, a single point of contact within the committee (with a deputy) should be identified. This person would ideally have undergone some training in crisis management and be familiar with the standing orders to be followed during any incident.

Assemble the team

Organisations should try to bring external counsel on-board early to take charge of the response to an incident. This has a number of important benefits. External counsel with expertise and experience in investigations management can quickly oversee the situation, work with the crisis committee to prepare an action plan, and maximise the prospects of privilege over correspondence and documents that are to be retained.

In order to speed up the appointment of external consultants during a crisis, an organisation may prepare beforehand a shortlist of possible counsel with suitable expertise (for example, for tech companies, lawyers familiar with technology regulation). Companies may also consider having pre-agreed engagement terms, which can be quickly activated.

Privilege considerations

Privilege is a right to resist compulsory disclosure of correspondence and documents.

One type of privilege is legal professional privilege, which generally applies (at least in the main common law jurisdictions) over correspondence and documents exchanged between the external counsel and the client for the purpose of legal advice or the dominant purpose of litigation. In Singapore, such privilege extends to communications with in-house counsels.

To increase the prospect of successfully relying on privilege, it would help to state clearly on the face of correspondence and documents between the organisation and its external and in-house lawyers that these are privileged and confidential. Although not conclusive, this generally provides a starting point for arguments to be made on the nature of the correspondence/documents in question.

Screenshot 2020-10-21 at 3.33.15 PM

Communications protocol

In a crisis or an unexpected situation, there is often a temptation to update as many business recipients as possible to keep them ‘in the loop’.

This practice carries certain risks, especially when there are ongoing investigations and potential litigation. For example, documents may lose privilege if sent to individuals with little or only tangential interest in the investigations.

Care should therefore be taken to limit communications to personnel on an absolute “need to know” basis, and mark such communications as privileged as discussed in the preceding section. Communications on the incident should also be done on a single secured channel (for example, encrypted work email), to avoid any information leakage.

Data retention policies

Once an incident occurs, it is important to have data retention protocols to preserve evidence relating to it. This could include standing orders to employees, and the suspension of any auto-delete IT policy. Doing so increases the chances of the organisation being able to review and evaluate critical evidence. It also minimises the likelihood of the organisation being accused of destroying evidence/interfering with investigations.

_______________

Screenshot 2020-10-21 at 3.42.34 PM

W: https://www.osborneclarke.com/locations/asia/singapore/

E:  yvette.anthony@osborneclarke.com
E:  lyndon.choo@osborneclarke.com

 

Official Publication: Asian-mena CounselClick Here to read the full issue of Asian-mena Counsel: Sanctions & Investigations Special Report 2020.

Latest Updates
Related Articles
Related Articles by Jurisdiction
Reducing and removing involvement in modern slavery
The first of four reports from Kroll and Liberty Asia on how to mitigate any hidden compliance and reputational risks relating to human trafficking issues ...
Latest Articles