Internal Investigations and Privilege

Recent case law highlights the difficulties with maintaining claims of privilege over documents created during companies' internal investigations. There are various steps companies can take to seek to address these difficulties.

Introduction

Companies will often establish an internal investigation in response to significant events or allegations of wrongdoing. The company may regard documents associated with the internal investigation as subject to legal professional privilege. Recent case law in Australia and the UK highlights the difficulties with maintaining such claims of privilege in the face of requests from regulators or court orders. We summarise these difficulties and make some suggestions for dealing with them below. More detailed analysis of these issues is available in a recent article by the authors¹ or by contacting the authors directly.

Challenges with maintaining privilege

Recent authorities in Australia and the UK show that privilege claims in the context of internal investigations have been vulnerable to challenge in three main areas.

First, courts have applied the dominant purpose test strictly in numerous cases. Courts will not accept that an internal investigation commenced with the stated objective of enabling the company to obtain legal advice or litigation services will cloak all investigation documents with privilege. Instead, courts will carefully scrutinise the purpose said to underlie each document in the context of the investigation. There are numerous Australian and English authorities which have accepted that there is a sufficiently strong nexus between the relevant communication said to be privileged and the legal advice ultimately being provided to the company by the lawyer, even if the communication or document is of a factual nature and is "part of a continuum and does not itself contain any specific advice."² There are, however, many authorities demonstrating that the dominant purpose test will be difficult to establish if there are plausible purposes (other than legal advice or litigation services) leading to the creation of the document³ or if there is a lack of "focused and specific evidence" regarding the circumstances in which the document was created.

Secondly, UK courts have adopted a narrow view of "the client" in a corporate context, which may confine those employees in a corporate group with whom communications can be privileged to the limited group of employees (generally lawyers) tasked with obtaining the relevant legal advice. This has been applied in recent UK cases to notes prepared by lawyers and employees of the company prior to litigation⁴ and to records of interviews with employees conducted by lawyers.⁵ While this position now appears entrenched in English authorities until challenged in the Supreme Court, it has not, to date, been accepted in Australia.

Thirdly, there is an increasing trend of regulators and commissions of inquiry compelling or persuading companies to waive claims of legal professional privilege. Regulators are increasingly applying pressure on companies to disclose privileged documents as a necessary condition for cooperative arrangements or deferred prosecution agreements. Whether or not such disclosure will result in a general waiver will depend on the circumstances.⁶

Issues regarding privilege in the context of internal investigations will be considered by the UK Court of Appeal in the forthcoming appeal in SFO v ENRC.

Addressing these challenges

While in combination the authorities referred to above pose serious risks to the availability of privilege across many investigation documents, there are steps that companies can take to seek to address the concerns evident in these authorities.

1. Consideration may be given to running two separate investigations: one directed by the legal team for the purpose of the company obtaining legal advice (the privileged workstream) and the other confined to technical findings to enable the company to respond to the incident (the non-privileged workstream).⁷
2. Secondly, because of the evidential difficulties attending the dominant purpose test and the risk of non-privileged purposes being inferred, the company and its lawyers should carefully record from the outset the purpose of the investigation, its workstreams and key documents. The connection between fact-finding work and the ultimate legal advice or contemplated proceedings should be express.
3. Thirdly, in order to guard against the risk posed by the restricted definition of "client" in UK authorities, the engagement letter and investigation protocols should establish a committee tasked with instructing legal counsel and coordinating factual enquiries.
4. Finally, because of the risks to privilege which arise from communicating privileged information to third parties, the investigation governance and communications protocols should contain strict limitations on communications with external parties and internal communications within the company regarding the investigation. Disclosures to third parties should be subject to a limited waiver agreement.

Endnotes

1. Andrew Eastwood and Mark Smyth, 'Internal Investigations and Privilege: A Response to Recent Challenges' (2018) 33 Australian Journal of Corporate Law 3.
2. AWB Limited v Cole (No 5) (2006) 155 FCR 30; Re Southland Coal Pty Ltd (2006) 203 FLR 1; Harden Shire Council v Curtis [2009] NSWCA 179; Bilta (UK) Ltd v Royal Bank of Scotland [2017] EWHC 3535 (Ch).
3. SFO v ENRC [2017] EWHC 1017; AusNet Electricity Services Pty Ltd v Liesfield [2014] VSC 474; Perry v Powercor [2011] VSC 308; Carter Holt Harvey Wood Products Australia Pty Ltd v Auspine Ltd [2008] VSCA 59; Kirby v Centro Properties (No 2) (2012) 87 ACSR 229; Sydney Airports Corporation v Singapore Airlines [2005] NSWCA 47; Esso Australia Resources Ltd v Commissioner of Taxation (1999) 201 CLR 49.
4. Astex Therapeutics v Astrazeneca [2016] EWHC 2759.
5. The RBS Rights Issue Litigation [2016] EWHC 3161; SFO v ENRC [2017] EWHC 1017.
6. Cantor v Audi Australia Pty Ltd [2016] FCA 1391.
7. An example of this dual track approach is evident in In re: Target Corporation Customer Data Security Breach Litigation MDL No. 14-2522 (PAM/JJK).