Risk Assessment and Management

How to Protect Compliance Risk Assessments from Unwanted Disclosure

By[1] Russ Berland[2]

A compliance risk assessment is a basic tool of compliance professionals. It is used to determine where risks and vulnerabilities exist in a company’s compliance with laws. The Federal Sentencing Guidelines, [3] the Resource Guide to the U.S. Foreign Corrupt Practices Act[4] and the OECD Good Practice Guidance,[5] as well as numerous other guidance documents and best practices, mandate that a risk assessment is a necessary first step to have an effective compliance program. Typically a compliance risk assessment (1) catalogues the legal and compliance requirements facing the company; (2) uses information gathering tools such as interviews, surveys, benchmarking, and document and financial transaction review to determine the company’s risks of failing to comply with legal and regulatory requirements; and (3) analyzes those risks to prioritize them according to likelihood, impact, and velocity. But how the risk assessment is conducted can determine whether it stays safely within the company’s confidential information or must be given to prosecutors and plaintiffs’ attorneys.

A risk assessment is a potentially risky undertaking in itself. Suppose, despite all expectations to the contrary, that some significant improper conduct were to come to light in the assessment. The company could be deemed to be on notice of the bad condition. Suppose that the assessment showed control weaknesses that the company had not previously been aware existed. While the results of the assessment are critical, at the end of the process, no one wants to be forced unwillingly to give that report to prosecutors or plaintiffs’ attorneys. Because of the “dirt” that a risk assessment might uncover, it could end up being prosecutor’s exhibit number 1 or plaintiff’s exhibit A in court as they prosecute or sue your company. But unless the document is protected by some form of privilege, it may be disclosed outside the company in the event of criminal investigations or private litigation. Critical steps should be taken during the risk assessment to protect it from disclosure.

What Is Privilege and Why Does It Matter?

Privilege protects certain kinds of information from forced disclosure in legal proceedings and investigations. Suppose the Securities and Exchange Commission (SEC) were to say to the company (through a subpoena), “Give us all your documents and other records that assessed your risks of violation of the Foreign Corrupt Practices Act in the last five years.” When you look through your documents, you find one called “FCPA Risk Assessment” at your company. After reviewing the risk assessment, you think, “Some of this may be misunderstood, and it does not look like we acted very quickly when we learned about our risks,” even though you know that compared to most initiatives in your company, the remedial FCPA measures happened quite rapidly. In other words, it is a potentially damaging document. So unless a privilege applies, the SEC probably gets to see the risk assessment report. But, if it is privileged and you do not do unwise things with the document, your company should be able to protect it from disclosure.

Options

Here are the choices on how to conduct a risk assessment:

  • Do not do one at all. If there were no risk assessment, there would be no report to disclose. But, the resulting compliance program would not be risk-based, so it would be significantly less likely to be designed effectively. And, it would be difficult to argue that a compliance program meets the requirements of the Federal Sentencing Guidelines or similar standards if this crucial first step is skipped. This does not seem to be an acceptable outcome.

  • Have a non-legal internal group or an outside consultant conduct the risk assessment. At the end of the process, the company would have its risk assessment, which could be used to design an effective compliance program. But, the risk assessment report would not be protected from disclosure through legal or administrative discovery processes later on. In other words, the company could be forced to hand it over to people who would want to hurt the company with it.

  • Have in-house counsel direct the preparation of the risk assessment. The company might have an argument for attorney-client privilege or attorney-work product. If these succeeded, they would protect the report. But, there are circumstances where these privileges would not apply and the company could be forced to hand over the document.

  • Have outside counsel direct the preparation of the risk assessment. If done right, the company should have protection under attorney-client privilege and might even have protection as attorney-work product.

Legal Forms of Protection

There are two primary types of privilege that might protect a company’s compliance risk assessment from disclosure. The first is the attorney-client privilege and the second is the attorney-work product privilege. Each requires specific actions when the risk assessment is being created. After the fact, the company can only protect existing privilege, but it cannot go back and create privilege retroactively.

Attorney-client privilege

The attorney-client privilege is an old and established privilege based in common law. It can apply to both individuals and corporations. To establish the attorney-client privilege, the corporation needs to show the following[6] :

  1. The corporation is a client of the attorney.

  2. The attorney is a member of a bar of a court (or is the subordinate of such a person).

  3. The attorney is acting as an attorney in connection with the communication.

  4. The communication relates to facts that the client told the attorney about and there were no strangers present to overhear.

  5. The primary purpose of the communication is for the attorney to give:

    1. an opinion of law,

    2. legal services, or

    3. assistance in a legal proceeding.

  6. The communication is not being used to commit a crime or tort.

  7. The corporation claims that the communication is privileged and does not waive it.

One of the elements for a risk assessment report to be an attorney-client privileged communication is that it be directed and authored by an attorney. That attorney can be in-house or outside counsel. But if the author or overseer is in-house counsel, there are additional obstacles to overcome. The risk assessment will only be privileged if the attorney is acting as an attorney and not in a business role. Many courts are skeptical of in-house counsel asserting privilege, because of the mixed responsibilities of those attorneys. In fact, some courts presume that in-house counsel engage in a substantial amount of non-legal work and require that the company overcome this presumption to claim the privilege.[7] A greater degree of scrutiny may be applied to in-house counsel who are trying to overcome this presumption, meaning extra care should be taken to document and prove that the assessment was conducted for a legal purpose.[8] Some courts have warned against companies obstructing the truth-finding process by improperly having in-house counsel claim privilege.[9] And, some jurisdictions follow a general presumption that privilege applies if the work is conducted by outside counsel.

A company operating in multiple jurisdictions faces unique challenges when determining how privilege may be conferred. Multidistrict litigation may force companies to defend against disclosure according to the rules of a court outside of their “home turf, due to the fact the privilege may be based on where the documents originated.”[10] Not thinking about the differences among various state privilege laws risks unwanted disclosure where those laws are applied to narrower circumstances than anticipated.

Companies operating internationally can be caught between multiple approaches when determining the fundamentals of privilege. For example, if the risk assessment might be subject to discovery by a European agency or court, it may be unwise to use in-house counsel to claim privilege. The European Court of Justice and the Court of First Instance have rejected extending the “legal professional privilege” to in-house counsel.[11] Similarly, China also lacks special protections for in-house legal counsel when it comes to disclosure. For outside counsel, China views privilege as a “duty” extending from the attorney to the client. This duty creates a “privilege–like” protection that won’t always be enough to prevent disclosure when lawyers must testify during a civil case.[12] This distinction has even led to instances where US courts have refused to provide protection for documents created in line with Chinese law.[13]

To preserve the attorney-client privilege, the risk assessment report must be confidential, which means that the corporation intended and expected it to be and remain confidential. And the risk assessment must either contain legal advice or convey legal services.

It is important to ensure the process of creating a risk assessment report is planned and conducted with confidentiality and legal services in mind. During the process, the data collector should inform each person who provides data or information that the data collector is acting at the direction of counsel and that they are collecting documents, data, and information (through physical or electronic collection and through interviews) in order for counsel to give legal advice based on those documents, data, and information.[14] The written risk assessment report should also contain legal advice about the risks and vulnerabilities of the company, often in the form of assigning values to the potential impact of various risks. Also, attorneys “hired to investigate through the trained eyes of an attorney” are performing legal services consistent with the attorney-client privilege.[15] If an attorney requests and directs an investigation for legal purposes, and keeps the resulting reports confidential, the report may be privileged despite the fact non-lawyer personnel conducted the bulk of the investigation.[16] In contrast, investigations which appear to be undertaken in the “ordinary course of business” are less likely to receive protection.[17]

When beginning a risk assessment, it is necessary to step back and examine the types of individuals and company characteristics involved, as they may affect the final report’s confidentiality. Sometimes, a person involved in an risk assessment may occupy a “quasi-legal” role, in which they are technically an attorney but do not meet the criteria required to confer privilege.[18] If work is to be delegated to a quasi-legal person, the role that person plays should be clearly defined from the beginning. Additionally, characteristics of the company’s industry may cause the court to view some “quasi-legal” activity with more scrutiny. An example may be a compliance practioner for a company, who is also an attorney, but does not give legal advice as part of their role. In-house counsel working in highly regulated fields, such as insurance, may be considered acting as advisors on matters running in the ordinary course of business, and thus not under a privileged relationship.[19]

Those conducting a risk assessment should also be mindful of the effect a company’s structure may have on the assessment, and the subsequent report. For example, attorney client privilege generally applies to subsidiaries of a parent company conducting an assessment. But if the parent company indirectly owns the subsidiary, or else expects the subsidiary to have a conflicting legal interest, special steps may need to be taken to protect privileged communications.[20] Similarly, due care should be taken to ensure communications with third parties fall under the same umbrella of privilege as those made within the company.

The attorney-client privilege is an absolute privilege, meaning it cannot be avoided because a party seeking the information shows substantial need. This comes up when someone is seeking to obtain the company’s confidential information saying, “I don’t have any other way to get this information—I need that risk assessment.” Unlike the work product doctrine, discussed later, that justification does not work here.[21] Also, the attorney-client privilege only protects the communication, not the underlying facts. So, the risk assessment report is privileged, but in litigation, the opposing side may still subpoena employees who happened to give input for the risk assessment and ask them questions about the risks and vulnerabilities of the company. But they cannot ask, “Did you tell the attorney about this?” That conversation would be covered by the privilege.

Once the risk assessment report is covered by this privilege, the company could still lose it by waiver.[22] Most of the time, this happens when the privileged and confidential communication is shared with someone who is not with the company (such as an external auditor) or not otherwise acting in a confidential capacity. It could also happen during litigation, due to poor management of discovery or planning of the company’s defense.[23] In general, to prevent waiver, one should keep the risk assessment report confidential, locked up, and only make it available to senior personnel on a need-to-know basis. Some prefer to issue only paper copies of risk assessments with a footer notation on each page that says, “Do Not Copy,” while designating the name of the individual recipient. People are less likely to copy a confidential hard copy of a document when expressly advised not to do so and their name appears on every page.

Finally, the privilege is not self-executing. When, in litigation or in the investigation of a crime, the company is asked for documents that are covered by privilege, the company must say the documents exist but cannot be produced due to privilege. One cannot hide the documents or act like they do not exist because they are privileged. There are specific procedures for asserting privilege that are not covered here, but should be an immediate topic of conversation with counsel when subpoenas or discovery requests may involve your risk assessment report.

Work product doctrine

While attorney-client privilege exists to protect the attorney-client relationship, the work product doctrine exists to promote a better adversarial process in litigation. The work product doctrine[24] generally protects an attorney’s work product, created in preparation for litigation, from involuntary disclosure. It is a broad privilege and applies to materials that the attorney prepared or were prepared at the direction of the attorney. These materials may include witness interview notes, investigative reports, questionnaires, memoranda, notes, and compliance reviews. But, unlike the attorney-client privilege, it is a qualified privilege. This means that even if the work product doctrine applies, the party trying to get the risk assessment report can still get it if they meet certain requirements, such as proving they cannot get the information any other way.

For the work product doctrine to apply, the following requirements must be met: (1) the materials or communications are of a nature that qualifies for protection, (2) they are prepared or obtained in anticipation of litigation, and (3) they were prepared by or for an attorney.[25] Additionally, each state typically has its own rules governing how work product is handled in a trial. Attorneys should be familiar with the local rules where work product is created because federal courts often look to state rules in deciding localized cases.

The true difficulty usually comes in showing that the risk assessment was prepared in anticipation of litigation. The anticipation of litigation must be more than a remote possibility.[26] Most courts break the “anticipation of litigation” into two aspects: causation and reasonableness. Generally courts look first at whether the report was created because of potential or actual litigation or for some other purpose. Compliance risk assessments are generally prepared in order to create an effective compliance program, not because there is litigation on the horizon. Risk assessments may find issues that may become subject to criminal investigation or litigation, but that is a remote possibility, not a likelihood. And the order of causation is wrong. The need for an effective compliance program is what caused the company to order a compliance risk assessment in the first place. If litigation or a criminal investigation results from being discovered during the risk assessment, it is a result, not a cause. Many courts withhold from protection “documents that are prepared in the ordinary course of business or that would have been created in essentially similar form irrespective of the litigation.”[27]

The First Circuit addressed this issue en banc in U.S. v. Textron, Inc.[28] In that case, the court was addressing whether the IRS could force the production of a risk assessment of Textron’s tax liabilities prepared by the company’s in-house tax attorneys. Textron had waived its attorney-client privilege when it showed the work to its auditors. But—as noted above—disclosure of work product to a third party doses not necessarily waive the work product protection.[29] When Textron refused to produce the risk assessment because they claimed that it was attorney-work product, the court had to decide whether the work product doctrine applied in that situation. The court said the work product doctrine did not apply because the risk assessment was prepared for the financial statements, which is a reason other than potential litigation. Textron had to give up its tax liability risk assessment to the IRS. Many commentators have opined that the Textron case also stands for the proposition that the argument for work product doctrine protection is weaker if the work is done by in-house counsel.[30]

The enforceability of work product protections may depend on the circuit where the lawsuit takes place.[31] In some instances, attorney assessments do not lose work product status because they are used in the making of a business decision.[32] While these assessments must still be prepared in anticipation of litigation, the D.C. Circuit Court of Appeals held, “a document can contain protected work-product material even though it serves multiple purposes.”[33] Assessments are less likely to be considered “work product” if they do not sufficiently intertwine facts and statements with legal opinions, or else contain the reports and opinions of non-attorneys. To minimize this deficiency, attorneys ahould manage and prepare as much of the report as possible.

In a high-profile General Motors case regarding the internal investigation of the delay in recalling an engine switch,[34] the court determined that the work product doctrine applied to protect interview memoranda prepared from interviews conducted by outside counsel in light of a pending DOJ investigation and in anticipation of civil litigation. Because all witnesses were informed that the interviews were to gather information that outside counsel would use to provide legal advice to General Motors, the court held that the interview memoranda produced from those interviews would be considered classic attorney work product.

Courts then look at how reasonable it was to expect litigation at the time the work was prepared. The remote possibility of litigation is not sufficient. In general, the company must have identified some claim or some set of facts that would cause them to anticipate litigation. The claim need not have already been filed, but there must be some basis to anticipate that litigation could occur. For example, courts have held that an investigation by a regulatory agency is sufficient to reasonably anticipate litigation. But, “It is not enough to trigger work product protection that the subject matter of a document relates to a subject that might conceivably be litigated.”[35]

Crafting an assessment as work product is just one half of the battle. Procedural and evidentiary requirements may cause the work product protection to be waived during litigation, even if the assessment has met all of the other requirements. Similar to attorney-client privilege, the party who does not want the assessment disclosed must show it is work product. Once work product protection is established, the party seeking production of the document must show there is a substantial need for the materials, and that the information it contains cannot be obtained in another way.

What You Can Do

To protect your compliance risk assessment report from future discovery, here are some suggestions:

  • Do use attorneys to protect attorney-client privilege of the risk assessment report. Be careful of using in-house counsel unless you feel comfortable that the attorney can demonstrate that they are primarily doing legal work and their leading the risk assessment effort cannot be construed as non-legal work. Use of outside counsel generally has lower risk in protecting privilege.

  • Do have interviewers and investigators instruct those from whom they are gathering information that this is being done at the direction of counsel in order to collect information on which counsel will rely in giving legal advice to the company.

  • Do adopt clear policies to provide guidance on when counsel should direct a risk assessment.

  • Don’t rely on the work product doctrine unless an external investigation is underway or litigation is reasonably actually anticipated. A suspicion that the risk assessment may uncover issues that could be the subject of a criminal/regulatory investigation or civil litigation may be insufficient to establish that the risk assessment is being conducted “in anticipation of litigation.”

  • Do keep the risk assessment confidential. Don’t let it be shared with anyone outside the company and keep distribution within the company on a need-to-know basis, preferably with senior level employees.

  • Do distribute the report only in a hard copy, paper version. Electronic copies tend to wander too much, especially as email attachments.

  • Don’t provide the report to anyone without the express written permission of the legal department. Each hard copy may also be marked with the name of the recipient to discourage scanning or copying.

  • Do mark the report, “privileged and confidential, attorney-client communication.”

  • Do include legal opinions in the risk assessment report.

  • Do keep to a minimum any separate, written materials used in writing the report. And keep legal opinions out of that separate, written material.

  • Do notify your attorney immediately and determine the appropriate process to assert the privilege if your company receives a subpoena or discovery request that might arguably cover the risk assessment report.

 
2Russ Berland is a partner at Dentons US LLP in Kansas City. He is a former chief compliance officer of a publicly-traded, multinational, Fortune 500 company. His practice area addresses building practical and effective corporate compliance programs for multinational businesses, anti-corruption compliance programs, internal investigations, and negotiations with the agencies and prosecutors such as the SEC and DOJ.
3 United States Sentencing Commission. “Chapter 8: Sentencing of Organizations.” Guidelines Manual, §8B2.1 (2014). Available at http://www.ussc.gov/guidelines-manual/2014/2014-chapter-8#8b21.
4 Criminal Division of the U.S. Department of Justice and the Enforcement Division of the Securities and Exchange Commission, “A Resource Guide to the U.S. Foreign Corrupt Practices Act.” (Original 2012, Revised 2015). Available at http://www.justice.gov/sites/default/files/criminal-fraud/legacy/2015/01/16/guide.pdf.
5 Working Group on Bribery in International Business Transactions, “Annex II: Good Practice Guidance on Internal Controls, Ethics, and Compliance,” in Recommendation of the Council for Further Combating Bribery of Foreign Public Officials in International Business Transactions; Paris: Organisation for Economic Cooperation and Development, 2010. Available at http://www.oecd.org/investment/anti-bribery/anti-briberyconvention/44884389.pdf.
6 See Jerome G. Snider and Howard A. Ellins. Corporate Privileges and Confidential Information § 2.02[1] New York: American Lawyer Media,(2016).
7 Ames v. Black Entertainment Television, 1998 WL 812051 at 8 (S.D.N.Y Nov. 18, 1998); Kramer v. Raymond Corp., 1992 WL 122856 at 1 (E.D. P.A. May 29, 1992); Avianca, Inc. v. Corriea, 705 F. Supp. 666, 676 (D.D.C. 1989), Avianca, Inc. v. Harrison, 70 F.3d 637 (D.C. Cir. 1995); Pownell v. Credo Petroleum Corp., 2011 WL 1045418, 2 (D. Co. 2011); Oracle America, Inc. v. Google, Inc., 2011 WL 3794892 (N.D. Cal. 2011); In re Lululemon Athletica Inc.220 Litigation, 2015 WL 1957196 (Del. Ch. 2015).
8 See, e.g., Kincaid v. Wells Fargo Sec., LLC, 2012 WL 712111 (N.D. Okla. Mar. 1, 2012).
9 Rossi v. Blue Cross & Blue Shield of Greater New York, 73 N.Y.2d 588, 592-593, 540 N.E.2d 703, 705, 542 N.Y.S.2d 508 (1989); United States v. Davis, 131 F.R.D. 391, 401 (S.D.N.Y 1990); Teltron, Inc. v. Alexander, 132 F.R.D. 394, 396 (E.D. Pa. 1990); Northern Valley Communications, L.L.C. v. Qwest Communications Corp., 2010 WL 3672233 (D.S.D. 2010); Barton v. Zimmer Inc., 2008 WL 80647 (N.D. Ind. 2008); Musa-Muaremi v. Florists’ Transworld Delivery, Inc., 270 F.R.D. 312 (N.D. Ill. 2010).
10   See, e.g., Yasmin and Yaz (Drospirenone) Mktg, Sales and Products Liability Litigation, 2011 WL 1375011 (S.D. Ill. Apr. 12, 2011) (nearly 6,000 combined lawsuits from around the nation posed a challenge governing the discoverability of certain privileged documents based on conflicting interstate rules regarding the same).
11 Akzo Nobel Chemicals, Ltd. & Akeros Chemicals Ltd. v. Commission of the European Communities, Joined Cases T-123/03 & T-253/03 (Ct. First Instance Sept. 17, 2007).
12 Yingxi Fu-Tomlinson, “Safeguarding Confidential Information in China,” March 25, 2016 Available at https://www.law360.com/articles/773074/safeguarding-confidential-communication-in-china.
13 See, e.g., Wultz v. Bank of China, 2013 U.S. Dist. Lexis 154343 (S.D.N.Y. Oct.24, 2013) (holding that in China, “the duty of confidentiality is an ethical obligation and not an evidentiary protection analogous to the attorney-client privilege”).
14In re Kellogg Brown & Root, Inc., 756 F.3d 754, 759 (D.C. Cir. 2014) (While investigators do not have to use “magic words” during interviews, privilege applies if one of the significant purposes of the internal review is to obtain legal advice); see also, In re Kellogg Brown & Root, Inc., 796 F.3d 137 (D.C. Cir. 2015) (preventing disclosure of the same report on grounds the lower court erred in balancing the weight of fairness toward the petitioner) cert denied 136 S.Ct. 823 (2016).
15In re Allen, 106 F.3d 582, 601-603 (4th Cir. 1997); United States v. Rowe, 96 F.3d 1294, 1297 (9th Cir.1996); Dunn v. State Farm Fire & Casualty Co., 927 F.2d 869, 875 (5th Cir.1991); In re Grand Jury Subpoena, 599 F.2d 504, 510-11 (2d. Cir. 1979); Johnson v. Ford Motor Co., 2016 WL 1241538 (S.D. W.Va. 2016); Slaven v. Great American Insurance Co., 83 F.Supp.3d 789 (N.D. Ill. 2015) (demonstrating attorney investigations conducted outside the ordinary course of business are considered privileged); Sandra T.E. v. South Berwyn School Dist. 100, 600 F.3d 612 (7th Cir. 2009).
16 See, e.g., Johnson et al., v. Ford Motor Company, 3:13-cv-06529 Document 768 (S.D. W. Va. Mar. 28, 2016) (where a judge found Ford’s internal safety investigation report was privileged despite the majority of the “work” being performed by engineers and safety analysts); see also, In re: Target Corporation Customer Data Security Breach Litigation, Order 14-2522 (D. Minn. Oct. 23, 2015) (holding the communications made by its “data breach task force” could be protected to the extent investigations into leaked information.
17In re: Target Breach Litigation, referenced above, also noted a parallel investigation into similar matters was distinctively not privileged as it was not under attorney management.
18 See Casey v. Unitek Global Services, 2015 WL 539623 (E.D. Pa. Feb. 9, 2015).
19 See FTC v. Abbvie Inc., 2015 WL 8623076 (E.D. Pa. Dec. 14, 2015) (holding an assessment conducted by in-house counsel to determine compliance with insurance regulations was conducted as a function of the company’s ordinary course of business, and not for a legal purpose).
20 Compare Nester v. Textron, Inc., 2015 WL 1020673 (W.D. Tex. Mar. Org Chart9, 2015) (finding that attorney-client privilege may extend from the communications between the parent company counsel and its indirect subsidiary) with, In re Teleglobe Communications Corp., 493 F.3d 345, 362–366 (3rd Cir. 2007) (noting attorney-client privilege in potentially adverse parent–subsidiary relationships may require special agreement, or outside counsel, to help protect against disclosure).
21 Although there are some special cases, such as lawsuit brought by shareholders against the company, on behalf of the company interest, where the privilege may be lost. See Garner v. Wolfinbarger, 430 F.2d 1093, 1104 (5th Cir. 1970) (known as the “Garner doctrine”).
22 See Federal Rule of Evidence 502.
23 See, In re Lott, 424 F.3d 446, 454 (6th Cir. 2005) (stating that “litigants cannot hide behind the privilige if they are relying upon privileged communications to make their case”).
24 See Federal Rule of Civil Procedure 26(b)(3).
25 Fed. R. Civ. Proc. 26(b)(3); Hickman v. Taylor, 329 U.S. 495, 509-510, 67 S.Ct. 385, 91 L.Ed. 451 (1947); In re General Motors LLC Ignition Switch Litigation, 14-MD-2543 (JMF)(S.D.N.Y. Jan. 15, 2015).
26 Diversified Industries, Inc. v. Meredith, 572 F.2d 596, 604(8th Cir. 1977); S.E.C. v. Goldstone, 301 F.R.D. 593, 2014 WL 4347183 (D. N.M. 2014); Great American Ins. Co. of New York v. Castleton Commodities Intern. LLC, 2015 WL 6955176 (S.D.N.Y. 2015).
27 U.S. v. Adlman, 134 F.3d 1194, 1202 (2d Cir. 1998).
28 United States v. Textron, Inc., 577 F.3d 21 (1st Cir. 2009).
29 Colonial Gas Co. v. Aetna Cas. & Sur. Co.Eyeglasses, 144 F.R.D. 600, 609–10 (D. Mass. 1992); Deel v. Bank of America, 227 F.R.D 456 (W.D. Va. 2005).
30 See, e.g. In-house ACCess, “Will Your Work Product Become Your Adversary’s Exhibit A?” Susan Hackett (January 28, 2010) available at http://www.inhouseaccess.com/2010/01/articles/inhouse-practice/will-your-work-product-become-youradversarysexhibit-a/.
31 U.S. v. Deloitte LLP, 610 F.3d 129, 137–39 (C.A.D.C. 2010) (noting that circuits have applied different tests to determine the extent to which work product is determined to be in anticipation of litigation).
32 See, id.; see also, U.S. v. Adlman, 134 F.3d 1194, (2d. Cir. 1998) (stating work product made to assess the impact of anticipated litigation on a business decision was protected from disclosure).
33 U.S. v. Deloitte LLP, 610 F.3d 129, 137–139.
34In re General Motors LLC Ignition Switch Litigation, 14-MD-2543 (JMF) (S.D.N.Y. Jan. 15, 2015).
35 U.S. v. Textron, Inc., 577 F.3d 21 (1st Cir. 2009).
1 Updated for 2017 with the exceptional assistance of Cody Wilson, summer associate, Dentons US LLP and law student at the University of Kansas Law School.

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings