Privileges are generally conceived as the principle-based reason for information to remain available only to those possessing the privilege and, conversely, immune from outsiders to the relationships recognised by the applicable privilege. It is well established that there is no attorney–client privilege between a monitor and a monitoree. Virtually every recently documented resolution that has resulted in a monitorship confirms the parties’ agreement to that principle. Further, the legal area of privilege as it bears on monitorships is relatively underdeveloped and it is uncommon for a circumstance to arise where it could be developed, such as where an outsider to the monitorship seeks to obtain a report written by a monitor. From the broader perspective of confidentiality, however, there is quite a bit to consider.
Knowing that no attorney–client relationship exists between the monitor and monitoree, parties invested in a successful monitorship typically seek to preserve confidentiality to the greatest extent possible. Confidentiality concerns are at the forefront of every monitorship. For example, the monitor will want to investigate the compliance programme of a financial institution robustly, with an eye towards its improvement. To do so, it needs the freedom to communicate with the financial institution, its employees and its regulator without fearing that information about newly discovered compliance problems, let alone information about their solutions, will be made available to those who could exploit that information. Further, the prosecutor or regulator that installed the monitor may have an institutional interest in ensuring the confidentiality of reports generated by the monitor, such as a newly discovered activity that requires follow-up investigation or enforcement.
However, it is not always clear from whom information should remain confidential and when recognised interests in confidentiality should be overridden by other interests. For example:
- Under what circumstances does the public have a First Amendment right to obtain the reports of a monitor that are the result of a judicially supervised resolution?
- When should the monitor’s discovery of new or ongoing criminal activity be brought to the attention of the prosecutor or regulator that installed the monitorship, but kept confidential from the monitoree?
- When should a private litigant be able to obtain by subpoena otherwise non-privileged information developed by the monitor and summarised in a written report to the prosecutor or regulator that installed the monitorship?
- If the confidentiality of a monitor’s report cannot be guaranteed under US law, how might foreign regulators be persuaded to allow a monitor access to an entity under a US monitorship that is also subject to the jurisdiction of a foreign regulator?
This chapter seeks to explore these questions, the nature of privilege and the broader issue of confidentiality in connection with monitorships.
No privilege between monitor and monitoree
The common theme underlying monitorships arising from deferred prosecution agreements (DPAs), non-prosecution agreements (NPAs) and other similar types of resolutions (for example, resolutions with the Securities and Exchange Commission (SEC) that require retention of a consultant as a result of a resolution of a civil suit or administrative proceeding) is that the monitor or consultant must be independent of both the government and the corporation it is tasked with monitoring.
The requirement of independence assures, among other things, that the monitor will act neutrally in pursuit of the facts and in otherwise satisfying the mandate of the monitorship to which the monitoree and the government have agreed. Independence is typically ensured as part of the monitor selection process and in the frequent requirement that the monitor not enter into any employment, consulting or attorney–client relationships for a specified period after completion of the monitorship or consulting arrangement.
This independence predominantly drives the answer to the question of whether the information that the monitor obtains, and the work-product that it generates in carrying out its responsibilities, can be deemed privileged or otherwise protected from disclosure.
In guidance issued by the US Department of Justice (US DOJ) in 2008 concerning the use of monitors in DPAs and NPAs with corporations, the then Acting Deputy Attorney General Craig Morford stressed the principle that a monitor ‘is an independent third-party, not an employee or agent of the corporation or of the Government’. Because ‘[t]he monitor is not the corporation’s attorney . . . the corporation may not seek to obtain or obtain legal advice from the monitor. Conversely, a monitor also is not an agent or employee of the Government’.
The need to ensure that monitors act as independent and neutral arbiters was reinforced in the civil context on 16 April 2021, when Attorney General Merrick B Garland rescinded a 2018 order from the then Attorney General Jeff Sessions substantially limiting the use of consent decrees pertaining to misconduct by local police departments. In his memorandum, Attorney General Garland emphasised that the US DOJ ‘has a significant interest in ensuring that the monitor selected is independent, highly qualified, and free of conflicts of interest’. He also emphasised that, in future monitorships of state and local governments, the monitors should be accountable to the court, the parties and the public. In September 2021, Attorney General Garland announced the outcome of a resulting US DOJ review of the use of monitors, characterising as one of the ‘important aims’ of the review to ensure that monitors are independent. The American Bar Association (ABA) agrees.
Consistent with this policy view, virtually every resolution providing for a monitorship explicitly indicates that ‘[t]he parties agree that no attorney-client relationship shall be formed between the Company and the Monitor’. Non-DOJ resolutions, such as one with the Department of Commerce, are similar:
No attorney–client relationship shall be formed between [the entity] and the [special compliance coordinator]. No documents or information created, generated, or produced by the [special compliance coordinator] will be considered privileged from disclosure to [the US Department of Commerce, Bureau of Industry and Security] or other US federal government agencies, nor shall [the entity] assert such a claim of privilege.
The ABA’s Standards for Criminal Justice: Monitors and Monitoring (the ABA Standards) note, however: ‘It is clear under these Standards that the Monitor should not treat the [corporation] as its client, and therefore, for example, the Monitor does not have a duty of zealous representation or a duty to maintain most confidences.’ Moreover, to carry out his or her responsibilities, the monitor must have the discretion and, where authorised by the settlement agreement, the obligation to report to the court, the government (or both) concerning the corporation’s conduct.
Resolutions with the SEC that require the installation of an independent compliance consultant also do not create an attorney–client relationship between the compliance consultant and the entity agreeing to the resolution.
Typically, resolutions with the SEC require the entity to retain a consultant to review the entity’s policies and procedures in a particular area, make recommendations for changes and improvements, and conduct periodic reviews. To ensure the independence of the consultant, the entity is frequently precluded from dismissing the consultant without the approval of the SEC.
These resolutions foreclose, at the outset, invocation of the attorney–client privilege or even the attorney work-product protection: ‘Respondent shall not invoke the attorney–client privilege or any other doctrine or privilege to prevent the Consultant from transmitting any information, reports, or documents to the Commission staff.’
It is important to distinguish monitors and independent consultants retained as part of a resolution from those who are pre-emptively retained by an entity or an entity’s counsel during an investigation. Frequently, entities under investigation hire external subject-matter experts, often through counsel, to implement an effective compliance programme in an effort to pre-empt the need for a monitor. The US DOJ has noted that, under some circumstances, a monitor may not be required as part of a resolution ‘if a company has, at the time of resolution, implemented an effective compliance program’. Similarly, the SEC has cited early remedial actions undertaken by an entity as reasons for a particular resolution. On the other hand, regulators have noted in some instances that institutions had failed, prior to the resolution, to effectively remediate problems after an external consultant was retained to assist. These pre-resolution arrangements, and arrangements by which an entity is permitted to monitor itself, may be protected by attorney–client and attorney work-product privilege.
Despite the lack of a recognised attorney–client privilege between the monitor and monitoree, there is a high level of interest of all concerned in maintaining confidentiality. For example, the monitoree wants to ensure that its trade secrets remain as tightly protected as can reasonably be accomplished. The monitor has a great interest in ensuring that employees have a mechanism to be candid and self-critical so as to allow real improvements in the entity’s culture of compliance. Finally, the prosecutor or regulator has institutional concerns about ensuring that compliance programmes are assessed, and improvements identified and implemented, out of the view of those who might exploit compliance blind spots.
There are mechanisms for improving the chances that documents generated by the monitor, including its reports to the monitoree and the government, and communications with the monitor, remain confidential.
One mechanism is purely contractual, with typical language of a DPA being as follows:
The reports [generated by the monitor] will likely include proprietary, financial, confidential, and competitive business information. Moreover, public disclosure of the reports could discourage cooperation, or impede pending or potential government investigations and thus undermine the objectives of the monitorship. For these reasons, among others, the reports and the contents thereof are intended to remain and shall remain non-public, except as otherwise agreed to by the parties in writing, or except to the extent that the Department determines in its sole discretion that disclosure would be in furtherance of the Department’s discharge of its duties and responsibilities or is otherwise required by law.
In instances where an entity is permitted, in essence, to self-monitor by retaining a consultant pursuant to a DPA or NPA, even a component of the government that did not specifically require the self-monitoring is included within those to whom monitor-generated documents may be provided. Typical language provides that:
For the duration of this Agreement, the Office, as it deems necessary and upon request to [the entity], shall: (a) be provided by [the entity] with access to any and all non-privileged books, records, accounts, correspondence, files, and any and all other documents or other electronic records, including e-mails, of [the entity] and its representatives, agents, affiliates that it controls, and employees, relating to any matters described or identified in the [reports generated pursuant to related settlements with other governmental authorities] and (b) have the right to interview any officer, employee, agent, consultant, or representative of [the entity] concerning any non-privileged matter described or identified in the [reports generated pursuant to related settlements with other governmental authorities].
Limited confidentiality in selected cases and increasing transparency
There is some precedent for the enforcement of these types of confidentiality provisions in the context of consent decrees when the material comes into existence because the consent decree requires it to be generated.
In United States v. Bleznak, the defendants were required to implement a compliance programme that included recording and monitoring the telephone conversations of its stock traders pursuant to a consent decree. The Second Circuit shielded the material from disclosure to third-party intervenors on the strength of a confidentiality provision stating that tapes made pursuant to the agreement would not be subject to civil process, except for a request by the government and certain regulatory agencies and self-regulatory organisations. However, the court introduced a cautionary note, stating that it did not ‘quarrel with the principle asserted by [the requesting third-party plaintiffs] that parties may not use a consent decree to limit non-party rights that would otherwise prevail’.
Similarly, when a defendant created training materials and policies required by its consent decree, the court shielded that material from disclosure to the plaintiffs, who were not parties to the consent decree, but held that the defendant was required to produce any similar materials that predated the consent decree, notwithstanding the broad terms of a confidentiality provision. Moreover, because the consent decree merely allowed, but did not require, the defendant to conduct an internal investigation into complaints similar to those that originally gave rise to the consent decree, the court ordered the defendant to produce documents that it sent to the government concerning the results of that investigation.
In contrast to these nuanced approaches, in the context of a civil consent decree, the District Court for the Southern District of Mississippi has held that ‘[t]he plain language of the consent decree controls’, in rejecting the request of the municipal county for production of the monitor’s communications with county employees. Reasoning that the requests were contrary to the consent decree’s requirement that the monitor maintain the confidentiality of all information, and that disclosure would ‘seriously undermine’ the monitor’s ability to do the job well, the district court denied that request, as well as the county’s request for any communications between the United States and the monitor.
The ABA Standards envision a monitor’s ability to allow individuals to speak confidentially or anonymously to increase the flow of information to the monitor: ‘If the flow of information includes proprietary or confidential information, the Monitor is under a duty to safeguard that information.’ However, it is not certain that even an explicit expression of the parties’ intent to keep the information confidential will be honoured by the courts.
There is also precedent for the release of a non-confidential version of the report of an independent compliance monitor in civil antitrust cases to which the government is a party and in police misconduct monitorships. A number of recent monitorships have required some limited information arising out of the monitorship to be made public, and the US DOJ has started to publicise the identity of compliance monitors in selected matters.
Judicial action in monitorships created by DPAs
The judiciary has been active in scrutinising confidentiality provisions and one additional avenue to buttress the confidentiality of monitor-related materials is to enlist the aid of the judiciary itself. Accordingly, when a corporation enters into a DPA, which is filed with the court, the parties can request that the court issue a protective order directing that those materials are protected from discovery.
In United States v. Computer Associates International, Inc, where the court appointed an independent examiner pursuant to a DPA, the parties did just that. In their joint application, the government, the defendant and the independent examiner cited the need to ‘encourage a free flow of information to and from the Independent Examiner, without threat that such information will be discoverable’.
The application argued as a basis for the proposed order the ‘quasi-judicial immunity frequently accorded court-appointed examiners for the protection of testimony, documents and other information obtained by examiners through their court-ordered powers’, relying on cases concerning bankruptcy examiners. The court then entered a sweeping protective order providing not only that information and material provided to, and generated by, the independent examiner would be protected from disclosure, but also that the independent examiner and his agents were not subject to deposition or other discovery requests.
As an outgrowth of the protective order permitted in Computer Associates, an additional, albeit untested, mechanism that may protect from disclosure information provided to a monitor appointed pursuant to the judicially supervised DPA is Rule 502, Paragraphs (d) and (e) of the Federal Rules of Evidence, a provision added in 2008. In general, under Rule 502(d), the court may issue an order providing that a party’s disclosure of documents protected by the attorney–client privilege or work-product protection does not waive the privilege. Under Rule 502(e), if an agreement between the parties to that effect is embodied in a court order, it can bind persons other than the litigants that entered into the order (unless there was an intent to waive the privilege).
Without the benefit of a prospective court order, the parties are left to argue the issue of confidentiality before the court, with high stakes and uncertain results. The courts have struggled with how to evaluate the work of persons acting in a monitor-like capacity in the context of traditional privileges designed to protect information from public access. Some courts have refused to find that existing protections extend to the work of the monitor, adhering to the traditional contours of the cited privilege. Other courts have had to finesse the issue of where precisely the authority to protect these materials from disclosure derives.
In In re LTV Securities Litigation, the court recognised a ‘special officer privilege’ where such an official had been appointed pursuant to a corporation’s consent decree with the SEC. The special officer was required to report to the SEC as well as to the corporation’s audit committee. The court reasoned that his function was a ‘hybrid of two roles, those of government investigator and privately retained counsel’; as such, because attorney–client and work-product privilege are ‘reasonably flexible’, and because the court must ‘construe claims of privilege in their true factual context to ensure that the underlying policy justifications are served’, the court refused to compel discovery of the special officer’s work to shareholders in a class action brought against the corporation. The court specifically commented on the ‘immediate adverse impact on the ongoing investigation’ of the corporation, and focused on the concern that corporations would be less willing to engage in self-investigation were the special officer’s reports to be disclosed. The court concluded that ‘changing circumstances require courts constantly to review the need for and extent of existing privileges’.
United States v. HSBC Bank USA, NA (HSBC) represents a stark example of the high stakes involved when it comes to protecting the work of the monitor and the tenuous nature of those protections in the hands of an independent judiciary. In HSBC, the district court employed what it termed a ‘novel’ approach to its supervisory power, holding that it was authorised to monitor the execution and implementation of HSBC’s DPA with the government and directing the parties to file quarterly reports with the court. Subsequently, the court received a letter from a pro se complainant, stating that the monitor’s report had a ‘bearing’ on a complaint he had filed against HSBC with the Consumer Financial Protection Bureau and that the report would validate his claims that HSBC was in violation of ‘multiple sections of multiple Consent Decrees’.
The district court reasoned that the report was a judicial document subject to a presumptive First Amendment right of access by the public, and that the pro se letter was a motion to unseal. The court directed the government to file the monitor’s report itself, over the objection of both the government and HSBC, and despite the government’s assurances that HSBC was acting in good faith to comply with the agreement. The government argued that criminals could exploit the information and HSBC argued separately that it was legally obliged to protect the confidential information provided to the monitor. Because HSBC had a global footprint and the monitorship’s activities implicated various non-US jurisdictions, multiple interested parties advanced their views, including the Board of Governors of the Federal Reserve, the United Kingdom’s Financial Conduct Authority, the Hong Kong Monetary Authority and a Malaysian banking regulator.
On appeal, the Second Circuit reversed. The court held that ‘a federal court has no roving commission to monitor prosecutors’ out-of-court activities just in case prosecutors might be engaging in misconduct’ and had no ‘freestanding supervisory power to monitor the implementation of a [deferred prosecution agreement]’. Accordingly, the Second Circuit held that the monitor’s report was not relevant to the performance of the judicial function and, therefore, the district court abused its discretion in ordering it unsealed pursuant to the First Amendment objection.
Notwithstanding that the Second Circuit restrained the district court, the case remains an example of the significance of confidentiality concerns in monitorships and the challenges in maintaining confidentiality in the face of legal uncertainty. Indeed, HSBC remains beleaguered to this day, a circumstance presaged by a footnote in the Second Circuit’s decision. The court noted that even though the monitor’s report was not a judicial document, ‘[t]he appropriate device for obtaining executive records’ is a request to the ‘relevant agency’ under the federal Freedom of Information Act (FOIA), even as it cautioned that it was offering no view on whether any of that statute’s exemptions would apply. As we discuss below, BuzzFeed, a digital media company, accepted the Second Circuit’s invitation in October 2019 by filing a concise, three-page complaint against the US DOJ seeking access to the HSBC monitor’s report under the FOIA.
Limited success of the FOIA
Given the government’s repeated emphasis on ensuring that a monitor be considered independent rather than an agent or employee of the government, it is perhaps incongruous that third parties have had some limited success in citing the FOIA as a basis to procure monitor reports. In Leopold v. United States DOJ, the named plaintiffs (BuzzFeed and one of its investigative reporters) sought the 1,000-page confidential report issued by the independent monitor pursuant to the DPA between the government and HSBC. BuzzFeed alleged simply that the US DOJ was a federal agency subject to the FOIA and the report was not exempt under that statute. The government withheld the report, claiming numerous exemptions under the FOIA, and both parties moved for summary judgment concerning the applicability of those exemptions. The district court found two exemptions to be applicable: the exemption protecting sensitive commercial and financial information provided to the government under the assurance of confidentiality; and the exemption that applied to reports concerning the examination or operation of a financial institution even if the withholding agency was not the regulator. As such, the district court denied BuzzFeed’s motion for summary judgment, but also denied the government’s motion, holding that the government had failed to satisfy its obligation to segregate releasable information. The district court directed the government to ‘conduct a line-by-line review’ of the 1,000-page report ‘to determine whether any information can be reasonably segregated and released’. As of February 2022, the parties were still litigating whether the FOIA exemptions applied to protect the report against disclosure.
The New York Times preceded BuzzFeed by seven months in seizing on the FOIA as a means to obtain access to monitors’ confidential reports. In New York Times Co v. United States DOJ, the New York Times and one of its reporters brought an action against the US DOJ under the FOIA seeking a monitor’s report concerning Volkswagen AG’s compliance with a 2018 plea agreement arising out of Volkswagen’s scheme to evade emissions requirements. The plea agreement contained a provision specifying that the monitor’s reports were intended to be non-public unless required by law or if the US DOJ, in its sole discretion, determined that disclosure would be in furtherance of its duties. In contrast to HSBC, the government did release portions of the report in the New York Times case, while withholding other portions pursuant to FOIA exemptions covering ‘inter-agency or intra-agency memorandums or letters’. The district court denied both parties’ motions for summary judgment and ordered production for the report for in camera review. The decision is noteworthy for its lengthy analysis of whether the monitor’s report contained ‘commercial’ information for the purposes of the FOIA. The court noted that the Second Circuit had not yet addressed whether ‘information about the implementation of a company’s compliance program is itself “commercial” within the meaning of [the relevant FOIA exemption]’. However, in the court’s view, the cases in which information about compliance programmes was held to be exempt were ones where that information was ‘intertwined’ with other information that could fairly be described as commercial. One hopeful feature of the court’s analysis was with respect to another FOIA exemption. As to that exemption, the court held that the monitor was a ‘consultant corollary’ to the US DOJ, and that the report was ‘predecisional’ and ‘deliberative’. The court went on to hold that in camera review was necessary to determine whether the government had redacted factual, as opposed to deliberative, material.
Federal and state banking law privilege
There are a handful of federal and state statutes and regulations that bear on privilege and confidentiality in connection with financial institutions. Although a full discussion of these provisions and their intricacies is beyond the scope of this chapter, a basic introduction is important for an understanding of the manner in which monitorships of federal-regulated and state-regulated financial institutions may implicate the protection of confidential and privileged information.
Federal bank examination privilege, confidential
Supervisory information and anti-waiver provision
Bank examinations are a regular and important part of the life cycle of a financial institution. The purpose, in general, is to assess the safety and soundness of the financial institution and to ensure its compliance with a host of requirements applicable to banks. These examinations, the reports regulators make of them and other materials generated by bank regulators in the performance of their duties with respect to specific institutions, are non-public and are not easily obtained as a result of federal regulations that make them privileged.
Beyond these specific regulations, there is a qualified common law privilege widely recognised by US courts: ‘Stated broadly, the bank examination privilege is a qualified privilege that protects communications between banks and their examiners in order to preserve absolute candor essential to the effective supervision of banks.’ It is not without its limits, however, and has frequently been held to be confined to opinions and recommendations, not factual material. Indeed, in opposing the disclosure of the report of the monitor in HSBC, the Board of Governors of the Federal Reserve Board invoked the bank examination privilege and, while not quite contending that it was applicable to the HSBC monitor, noted the similarity between bank examinations and the monitor’s endeavour.
Finally, 12 US Code Section 1828(x) of Title 12 permits a financial institution to disclose privileged information to a wide variety of federal, state and foreign banking authorities, without waiving the privilege as to third parties to whom the disclosure is not made. It is, in effect, a federal statute that permits selective waiver:
The submission by any person of any information to the Bureau of Consumer Financial Protection, any Federal banking agency, State bank supervisor, or foreign banking authority for any purpose in the course of any supervisory or regulatory process of such Bureau, agency, supervisor, or authority shall not be construed as waiving, destroying, or otherwise affecting any privilege such person may claim with respect to such information under Federal or State law as to any person or entity other than such Bureau, agency, supervisor, or authority.
New York State Banking Law Section 36.10
There is a wide variety of state law relevant to the question of whether any privilege or confidentiality attaches to information and documents. Given its importance as a financial centre, the number of US and global banks with operations in New York, and the prominent role of its banking regulator, the most significant state statute is Section 36.10 of the New York State Banking Law.
Section 36.10 identifies a broad category of documents and materials that constitute ‘confidential communications’. These documents include ‘[a]ll reports of examinations and investigations, correspondence and memoranda concerning or arising out of such examination and investigations’ held, in general, by entities supervised by the New York State Department of Financial Services (NYDFS). Section 36.10 provides that confidential communications ‘shall not be subject to subpoena and shall not be made public’.
Indeed, Section 36.10 has become significant beyond the express purpose of shielding information from discovery and has been used, in effect, as a stand-alone enforcement mechanism. For example, in connection with concerns about the work done by consulting firms on behalf of entities supervised by the NYDFS, the Department’s then Superintendent, Benjamin M Lawsky, noted in 2013 that, under the resolution with one of those firms:
If [the firm] breaches this agreement, DFS could issue an order pursuant to New York Banking Law § 36.10 barring regulated financial institutions from sharing confidential supervisory information with [the firm]. Under New York Banking Law § 36.10, a statute that dates back to 1892, DFS can revoke a consultant’s access to confidential supervisory information if continued access to that information would not serve ‘the ends of justice and the public advantage.’ . . .
Regulators basically hold the keys to the kingdom for consultants in the form of access to confidential supervisory information. We have the power to shut off the spigot. Using that authority could be a way to impose accountability in an area that’s seen precious little of it.
But Section 36.10 has been subjected to scant testing and has not always resulted in the confidentiality of monitor-generated documents being maintained. For example, in a False Claims Act case brought in Texas, the relator sought via subpoena documents generated by the monitor of a mortgage servicing company that had entered into a consent order with the NYDFS. In the litigation, the monitoree and the NYDFS opposed the subpoena and asserted, among other grounds, Section 36.10.
The district court denied the motion to quash. The court found, first, that the monitor’s reports were not settlement communications protected by Rule 408 of the Federal Rules of Evidence because they were generated long after the resolution with the NYDFS. The court then applied a balancing test to determine whether Section 36.10 should be recognised under Rule 501 of the Federal Rules of Evidence and considered a variety of factors:
(1) whether the communications originated in a confidence that they will not be disclosed; (2) whether confidentiality is essential to the full and satisfactory maintenance of the relation between the parties; (3) whether the relation is one in which the opinion of the community ought to be sedulously fostered; and (4) whether the injury that would inure to the relation by the disclosure of the communications is greater than the benefit gained for the correct disposal of litigation.
Ultimately, the court rejected recognition of Section 36.10 under Rule 501 and ordered the monitor’s reports to be produced.
Additional monitor–monitoree considerations
Discovery of new or continuing unlawful conduct
Monitorships are increasingly global in nature. More and more, the conduct that has resulted in the monitorship and the work of the monitorship spans many areas of an institution’s operations and in different countries. As a result, the possibility that the monitor will uncover new or continuing unlawful or problematic conduct is frequently present. Recent DPAs provide the monitor with significant discretion to determine how to proceed following the discovery of such conduct, including immediate disclosure of actual misconduct to the US DOJ, with the option to disclose the actual misconduct to the monitoree’s general counsel, chief compliance officer or audit committee; immediate disclosure of possible misconduct to the US DOJ, but not the company, under certain circumstances; and immediate disclosure of possible misconduct to the monitoree’s general counsel, chief compliance officer or audit committee, with optional disclosure to the US DOJ.
Other monitorships have given the monitor more flexibility in determining how to respond to newly discovered conduct:
If potentially illegal or unethical conduct is reported to the Monitor, the Monitor may, at his or her option, conduct an investigation, and/or refer the matter to the Office. The Monitor should, at his or her option, refer any potentially illegal or unethical conduct to [the entity]’s compliance office. The Monitor may report to the Office whenever the Monitor deems fit but, in any event, shall file a written report not less often than every four months regarding: the Monitor’s activities; whether [the entity] is complying with the terms of this Agreement; and any changes that are necessary to foster [the entity]’s compliance with any applicable laws, regulations and standards related to the Monitor’s jurisdiction as set forth in [the agreement].
Whenever the company itself learns of the misconduct, it will typically conduct its own investigation, separately from the monitor, to preserve whatever privilege may attach to its findings. An additional consideration here is when the government has asked either the monitor or the company’s counsel to defer to the other in looking into this misconduct as part of a deconfliction effort.
Monitor’s access to privileged monitoree information
Monitorships are typically governed by a written mandate setting out the scope of the monitor’s work. Frequently, the mandate of the monitorship is forward-looking, that is, the monitor is tasked with ensuring that the monitoree complies with the terms of its resolution with the government going forward.
Often, the key component of the resolution is to ensure the robustness of the monitoree’s current compliance programme so as to reduce of the risk of recurrence of the conduct that resulted in the enforcement effort that brought about the monitorship. As one resolution described the monitor’s mandate:
The Monitor’s primary responsibility is to assess and monitor the Company’s compliance with the terms of the Agreement, including the Corporate Compliance Program . . . so as to specifically address and reduce the risk of any recurrence of the Company’s misconduct. During the Term of the Monitorship, the Monitor will evaluate, in the manner set forth below, the the effectiveness of the internal accounting controls, record-keeping, and financial reporting policies and procedures of the Company as they relate to the Company’s current and ongoing compliance with the [Foreign Corrupt Practices Act] and other applicable anti-corruption laws (collectively, the ‘anti-corruption laws’) and take such reasonable steps as, in his or her view, may be necessary to fulfill the foregoing mandate (the ‘Mandate’). This Mandate shall include an assessment of the Board of Directors’ and senior management’s commitment to, and effective implementation of, the corporate compliance program described [elsewhere in] the Agreement.
However, there are monitorships that have an historical or retrospective component that may require the monitor to investigate matters of the past. For example, one resolution required the monitor to review and report on various current compliance issues as well as ‘[t]he elements of the Bank’s corporate governance that that contributed to or facilitated the improper conduct discussed in this Consent Order and that permitted it to go on’.
These types of monitorships, with both an historical and prospective component, can be uniquely challenging. Experienced corporate monitor Bart M Schwartz, of Guidepost Solutions, has expressed strong views about the difficulties of successfully completing monitorships having both backward-looking and forward-looking components. He has written:
[A] Monitor should be forward looking. It is NOT ‘another investigation.’ I have turned down assignments where a company asked me to investigate wrongdoing and help build a compliance program. You can do one or the other; but I believe doing both is difficult, if not impossible, and if undertaken will cause problems on both sides of the equation. Think about it, how can one assign blame on one day and then seek cooperation the next day? It will not work.
A contrary and perhaps equally valid view is that an investigation of historical practices may inform future improvements, particularly where management and line-level employees have remained in place between the time of the conduct that resulted in the monitorship and the present.
Whether Schwartz is correct or not in his view of the impossibility of contemporaneously ‘investigat[ing] wrongdoing and help[ing] build a compliance program’, dual historical and prospective monitorships do generate unique issues regarding privilege. Namely, if the mandate of the monitor is to ‘investigate the investigation’ that the entity undertook when it became aware of the misconduct or when the government was investigating the misconduct, will the monitor by necessity be required to delve into information that may otherwise be protected by the attorney–client privilege and work-product protections?
If the answer to this question is yes, the monitorship may require a resolution of what are likely to be complicated questions of privilege. No easy solutions to the question of a monitor’s access to company-privileged information are identifiable, even in solely prospective monitorships with no historical investigation required. Given the difficulties of solving these problems in advance, some monitorships – including those with only a going-forward perspective – have directed the monitor and the monitoree to work cooperatively to solve these problems:
In the event that the Company seeks to withhold from the Monitor access to information, documents, records, facilities, or current or former employees of the Company that may be subject to a claim of attorney–client privilege or to the attorney work-product doctrine, or where the Company reasonably believes production would otherwise be inconsistent with applicable law, the Company shall work cooperatively with the Monitor to resolve the matter to the satisfaction of the Monitor.
The alternative to the monitor and monitoree’s resolution on their own of thorny questions of privilege or, for that matter, complicated questions of access to material under foreign law, is to put the government in the unenviable position of mediating these disputes:
If the matter cannot be resolved, at the request of the Monitor, the Company shall promptly provide written notice to the Monitor and the Department. Such notice shall include a general description of the nature of the information, documents, records, facilities or current or former employees that are being withheld, as well as the legal basis for withholding access. The Department may then consider whether to make a further request for access to such information, documents, records, facilities, or employees.
It is notable that recent resolutions that employ this language do not provide that the government will resolve disputes. The recent language provides simply that the dispute will be brought to the attention of the government for further action.
Everyone involved in a monitorship has a vested interest in its success. The monitoree has a desire to improve its compliance programme, prevent future unlawful conduct and allow the monitor to complete its work in as timely, efficient and cost-effective a manner as possible. The monitor seeks to drive real improvement in the monitoree’s compliance programme and ensure lasting change, so that the problems of the past do not recur, by completing the work within the time allotted by the monitoree’s resolution with the government. Further, the government has an interest in preventing further unlawful conduct by leveraging the expertise and resources of an external party.
That said, each of the parties involved in a monitorship approaches the issues of privilege and confidentiality from very different perspectives. Given the unsettled nature of some important questions of privilege and confidentiality in the monitorship context, the most successful monitorships will frequently arise where there is a repository of trust, good faith and flexibility on the part of all concerned.