• U.S. District Court for the District of Columbia holds documents related to internal investigations of possible violations of corporate code of conduct not protected from disclosure under either attorney-client privilege or attorney work product doctrine
• Ruling serves as timely reminder for companies in a wide variety of industries to review internal procedures relating to internal corporate compliance program or code of conduct investigations to maximize the likelihood that appropriate privileges will be honored

On March 6, 2014, the United States District Court for the District of Columbia granted a qui tam relator’s motion to compel the production of documents relating to the defendant Kellogg Brown & Root Services, Inc.’s (“KBR’s”) “Code of Business Conduct (“COBC”) investigations,” holding such documents were not protected from disclosure under either the attorney-client privilege (“ACP”) or the attorney work product doctrine (“AWP”). The court concluded that the company’s investigations were conducted pursuant to “regulatory law and corporate policy,” rather than for the purpose of obtaining legal advice. Accordingly, KBR was ordered to produce some 89 documents that it previously claimed as privileged under the ACP and/or AWP. U.S. ex rel Barko v. Halliburton Company, No. 1:05-CV-1276 (D.D.C., March 6, 2014). The court’s broader statements could have significant implications for companies in regulated industries where corporate compliance programs are commonplace, or even required.

The court’s description of KBR’s internal procedures is relatively sparse. As summarized by the court, COBC investigations usually result from a tip (via an employee to a designated mailbox, email address and/or hotline, or directly to the Law Department) of a potential violation of the company’s COBC. If a formal investigation file is opened, COBC investigators conduct witness interviews, review pertinent documents, and prepare an investigation report. The final COBC investigation report is then transmitted to the company’s Law Department.

The court declined to withhold the documents under the ACP or AWP because it found that the COBC investigations “were undertaken pursuant to regulatory law and corporate policy rather than for the purpose of obtaining legal advice,” citing FAR 203.7001. That regulation generally requires that certain government contractors have in place management controls reflecting the typical elements of an effective corporate compliance program under the U.S. Sentencing Commission Guidelines.¹ These elements are also commonly cited by the Department of Health & Human Services Office of Inspector General (“OIG”) in its guidelines for health care entities’ corporate compliance programs. See, e.g., 65 Fed. Reg. 14289 (Mar. 16, 2000). They are also reflected in the OIG’s numerous Corporate Integrity Agreements with health care entities.

The court reasoned that the COBC investigative process “merely implement[s] these regulatory requirements,” because investigations were routinely conducted, rather than following specific consultation with outside counsel concerning whether and how to conduct an investigation. Thus, according to the court, the investigations were not conducted for the primary purpose of seeking legal advice, since they “would have been conducted regardless of whether legal advice [was] sought,” and therefore the court held the ACP protection did not apply. The court also cited the fact that non-attorney COBC investigators conducted the interviews in question, and that written employee disclosures did not specifically reference that the purpose of the interviews was to provide legal advice to the company.

With respect to these process matters, the court’s analysis may be overbroad as it does not consider the potential roles of in-house counsel in compliance investigations, including their role in investigating, directing, or coordinating with the compliance program. Thus, although the court cites the Supreme Court’s decision in Upjohn Co. v. United States, 449 U.S. 383 (1981), a potential effect of the court’s reasoning with respect to compliance program investigations may be to undermine Upjohn’s protection of employees’ communications with in-house counsel.

With respect to AWP, the court found that the investigative documents at issue were not “prepared or obtained because of the prospect of litigation,” but were instead conducted in the ordinary course of business. Notably, the court emphasized its view that investigations conducted by non-attorney investigators was “another indication that the documents were not prepared in anticipation of litigation.”

While it is certainly the case that some routine investigation, auditing and monitoring activities conducted by corporate compliance programs should not qualify for ACP and AWP protection, the court’s broader suggestion that such programs are “merely” contractual or regulatory could be erroneously cited in support of disclosure of otherwise protectable communications. Indeed, the court’s opinion makes no mention of the fact that the very purpose of such programs is to promote legal compliance, which includes legal requirements relating to the disclosure of identified instances of noncompliance. That exercise will frequently and necessarily entail legal advice and other communications in confidence associated with rendering legal advice.

Many organizations, such as government contractors, health care providers and manufacturers, and financial institutions, have similar codes of business conduct and undertake internal compliance investigations pursuant to their codes. At the very least, Barko should provide a timely reminder to review internal procedures relating to internal corporate compliance program investigations to maximize the likelihood that appropriate privileges will be honored.

For example, the decision highlights the importance of: (i) establishing processes for the legal department-compliance department interface to identify those investigations intended to be legally privileged, and to confirm when compliance investigators are acting under legal direction; (ii) clearly defining and documenting that the particular investigation is being conducted for the primary purpose of obtaining legal advice and/or is anticipating actual or potential litigation, (iii) considering whether investigations should be conducted exclusively by outside counsel retained specifically for that purpose, and the role of internal personnel who interact with outside counsel; and (iv) communicating the privileged nature of investigations to employees where applicable.

¹ Specifically, the FAR 203.7001 provides:

(a) A contractor's system of management controls should provide for—

(1) A written code of business ethics and conduct and an ethics training program for all employees;

(2) Periodic reviews of company business practices, procedures, policies, and internal controls for compliance with standards of conduct and the special requirements of Government contracting;

(3) A mechanism, such as a hotline, by which employees may report suspected instances of improper conduct, and instructions that encourage employees to make such reports;

(4) Internal and/or external audits, as appropriate;

(5) Disciplinary action for improper conduct;

(6) Timely reporting to appropriate Government officials of any suspected or possible violation of law in connection with Government contracts or any other irregularities in connection with such contracts; and

(7) Full cooperation with any Government agencies responsible for either investigation or corrective actions.

Client Alert 2014-084