Litigation Newsletter: Three Stages of Escalation - Part 1


How must a company be organized in order to be optimally prepared for a possible legal dispute? A company that wants to decisively minimize its risk of becoming involved in legal procedures or to create a good starting point for this purpose is recommended to accord appropriate importance to the topic of compliance. In this context, compliance means adhering to the law, industry standards and internal rules of conduct. A company that maintains an effective compliance culture is better prepared in the event of a crisis than a company that does not prioritize compliance. Compliance can prevent a company from suffering financial damage and loss of reputation while at the same time protecting its employees and stakeholders. One of the requirements for this is that top management itself commits to comprehensive integrity and ensures that these specifications are adhered to at all corporate levels. Which internal rules of conduct should a company reasonably provide for? The required internal rules of conduct depend on the specific needs and risks, as well as the size of the company. The aim of the following explanations is to show, using examples, which regulations can be used to avoid future legal disputes or to positively influence their outcome. In legal disputes, whether a certain issue can be proven is often the decisive factor for losing or winning a case. It is therefore always crucial to be able to obtain the data relevant to the matter quickly. If persons who were responsible for the business relationship on which the legal dispute is based are no longer employed in the company, data collection is made more difficult. This problem is exacerbated by the fact that these persons can no longer be required to cooperate on the basis of the duty of loyalty in accordance with the employment contract. An internal regulation concerning the storage and retention of data enables access to the relevant emails and documents even years later and in particular, prevents emails and other data from being permanently deleted within a particular period (usually ten years). For the purpose of compliance with the requirements of data protection laws, in particular the obligations of transparency, it is important that the employees are informed about the processing of their data and in particular any subsequent access to this data. If the employees are permitted to also use business devices and accounts for private matters, it must be noted that in general, data may not be collected without the cooperation of the employees concerned. Regulations on the use of business devices as well as “Bring Your Own Device” in cases where employees use their personal devices for business purposes are therefore gaining increasing importance. In such cases, one of the important topics to specify is that business data must be stored separately from private data. In order to prevent future legal disputes with business partners, the partners should be selected very carefully. This is described as “Third-Party Compliance”. The process of onboarding business partners can, for example, be defined in a guideline. In addition, IT systems can be implemented for automated risk classification and definition of “red flags”, questionnaires can be prepared and trainings can be held for employees. Frequently, internal company incidents lead to a legal dispute at a later date. However, providing a process for internal investigations (for example, in a guideline or checklist) enable such internal incidents to be clarified early on. The responsible persons thus know how they need to react and the employees know that any measures required follow an ordered, predefined and, in particular, fair procedure. In this context, the handling of “whistleblower” reports should also be defined. Internal reporting systems help to avoid later legal disputes. In addition, persons who feel that their concerns are being taken seriously will be less likely to initiate legal proceedings. With regard to future legal disputes between the company and its own employees, it should be noted that only the general statutory disciplinary measures such as dismissal (with or without garden leave), reprimand and warning are permissible without an internal regulation. For other disciplinary measures which are not provided for by law (such as fines, wage cuts, bonus repayments) a special regulation is required, so that these measures can withstand a possible judicial review. Transparent rules on how to deal with employee misconduct can thus minimize another target of attack. However, it must always be remembered that measures of a (conventional) punitive nature must be contractually agreed upon and thus any special provisions must be included as integral components when the employment contract is concluded. What should be noted with regard to responsibilities? It is important that the responsibilities in a company are clearly defined so that unnecessary delays do not occur. In particular, and depending on the size of the company, it may be advisable to set up a separate internal legal department including a Compliance Officer. In order to avoid conflicts of responsibilities and gaps in responsibilities, the respective roles should be assigned in writing. Employees must always be aware who their contact persons are. This can be ensured with regular checks and trainings. In addition, a process must be defined about how the decision on a conflict of responsibilities is made (for example, by the CEO). Must documents and communications relating to matters which could potentially lead to a legal dispute be specially marked in order to be protected by the attorney-client privilege? In Switzerland, the communication and information exchange between attorneys and their clients are protected by professional confidentiality both on the part of the attorney as well as on the part of the client, provided the attorney is acting as legal counsel or legal representative of the client. In particular, information does not have to be identified as “Privileged & Confidential” in order to be protected. However, documents and information that are shared with attorneys and concern the business activity of the client (such as corporate management, brokerage, asset management or foundation of the company) are usually not protected by the attorney-client privilege, whereby the line between protected and unprotected information can be difficult in individual cases. It must be noted that no “in-house counsel” privilege currently exists in Switzerland, which means that attorney-client privilege does not cover the communication and information that is exchanged between the “in-house counsel” and the employees or customers of a company. If “in-house counsel” is thus obliged to testify or to produce documents during a legal dispute, it cannot invoke the rights of refusal, as external attorneys may do. This circumstance must therefore always be taken into account when assessing whether legal matters should be handled internally or externally – even before a legal dispute arises. Are there any special measures with which a company can ensure that they will be able to initiate legal proceedings themselves at a later point in time? In order to not unnecessarily block its own legal action, a company can ensure that at least no limitation periods are missed by means of good document management and clear IT processes. Document management also includes sensibly regulating access authorizations to the respective documents, so that the persons who require access also receive it effectively. How can a company prepare for a case in which possible future proceedings do not involve two private parties but authorities? Particularly noteworthy in this context is preparation for the case of what is known as “dawn raids”. This is an investigative tool used by criminal, competition and other authorities to investigate suspected criminal, competition and other legal violations. Based on the element of surprise, the company should be prevented from covering up possible unlawful conduct. Companies are obliged to cooperate in the event of a dawn raid. However, in order to safeguard legitimate self-interest at the same time, companies can define a process that the employees can use as a guideline in such scenario. Trainings can ensure that this process is also effectively known to the employees. Checklist: Organizational management with respect to legal disputes in the future Compliance culture is practiced and promoted by the management Internal regulations: on data storage and data retention on data privacy on the use of business devices and “Bring Your Own Device” on “Third-Party Compliance” on conducting internal investigations and handling “Whistleblower” reports on disciplinary measures Regulation of responsibilities Good document management “Dawn raid” trainings Your contacts at KC on the topic of organizational management are: Commercial criminal law, legal assistance, internal investigations, crisis management and compliance, Dispute Resolution and Litigation and Arbeits- & Sozialversicherungsrecht. Contacts Bettina Achermann Tel. +41 58 200 30 16 Fax +41 58 200 30 11 bettina.achermann@kellerhals-carrard.ch Susanna Baumgartner Morin Tel. +41 58 200 30 07 Fax +41 58 200 30 11 susanna.baumgartner@kellerhals-carrard.ch

How must a company be organized in order to be optimally prepared for a possible legal dispute?

A company that wants to decisively minimize its risk of becoming involved in legal procedures or to create a good starting point for this purpose is recommended to accord appropriate importance to the topic of compliance. In this context, compliance means adhering to the law, industry standards and internal rules of conduct.

A company that maintains an effective compliance culture is better prepared in the event of a crisis than a company that does not prioritize compliance.

Compliance can prevent a company from suffering financial damage and loss of reputation while at the same time protecting its employees and stakeholders. One of the requirements for this is that top management itself commits to comprehensive integrity and ensures that these specifications are adhered to at all corporate levels.

Which internal rules of conduct should a company reasonably provide for?

The required internal rules of conduct depend on the specific needs and risks, as well as the size of the company. The aim of the following explanations is to show, using examples, which regulations can be used to avoid future legal disputes or to positively influence their outcome.

In legal disputes, whether a certain issue can be proven is often the decisive factor for losing or winning a case. It is therefore always crucial to be able to obtain the data relevant to the matter quickly. If persons who were responsible for the business relationship on which the legal dispute is based are no longer employed in the company, data collection is made more difficult. This problem is exacerbated by the fact that these persons can no longer be required to cooperate on the basis of the duty of loyalty in accordance with the employment contract.

An internal regulation concerning the storage and retention of data enables access to the relevant emails and documents even years later and in particular, prevents emails and other data from being permanently deleted within a particular period (usually ten years).

For the purpose of compliance with the requirements of data protection laws, in particular the obligations of transparency, it is important that the employees are informed about the processing of their data and in particular any subsequent access to this data.

If the employees are permitted to also use business devices and accounts for private matters, it must be noted that in general, data may not be collected without the cooperation of the employees concerned.

Regulations on the use of business devices as well as “Bring Your Own Device” in cases where employees use their personal devices for business purposes are therefore gaining increasing importance. In such cases, one of the important topics to specify is that business data must be stored separately from private data.

In order to prevent future legal disputes with business partners, the partners should be selected very carefully. This is described as “Third-Party Compliance”. The process of onboarding business partners can, for example, be defined in a guideline. In addition, IT systems can be implemented for automated risk classification and definition of “red flags”, questionnaires can be prepared and trainings can be held for employees.

Frequently, internal company incidents lead to a legal dispute at a later date. However, providing a process for internal investigations (for example, in a guideline or checklist) enable such internal incidents to be clarified early on. The responsible persons thus know how they need to react and the employees know that any measures required follow an ordered, predefined and, in particular, fair procedure.

In this context, the handling of “whistleblower” reports should also be defined. Internal reporting systems help to avoid later legal disputes. In addition, persons who feel that their concerns are being taken seriously will be less likely to initiate legal proceedings.

With regard to future legal disputes between the company and its own employees, it should be noted that only the general statutory disciplinary measures such as dismissal (with or without garden leave), reprimand and warning are permissible without an internal regulation. For other disciplinary measures which are not provided for by law (such as fines, wage cuts, bonus repayments) a special regulation is required, so that these measures can withstand a possible judicial review. Transparent rules on how to deal with employee misconduct can thus minimize another target of attack. However, it must always be remembered that measures of a (conventional) punitive nature must be contractually agreed upon and thus any special provisions must be included as integral components when the employment contract is concluded.

What should be noted with regard to responsibilities?

It is important that the responsibilities in a company are clearly defined so that unnecessary delays do not occur. In particular, and depending on the size of the company, it may be advisable to set up a separate internal legal department including a Compliance Officer. In order to avoid conflicts of responsibilities and gaps in responsibilities, the respective roles should be assigned in writing. Employees must always be aware who their contact persons are. This can be ensured with regular checks and trainings. In addition, a process must be defined about how the decision on a conflict of responsibilities is made (for example, by the CEO).

Must documents and communications relating to matters which could potentially lead to a legal dispute be specially marked in order to be protected by the attorney-client privilege?

In Switzerland, the communication and information exchange between attorneys and their clients are protected by professional confidentiality both on the part of the attorney as well as on the part of the client, provided the attorney is acting as legal counsel or legal representative of the client. In particular, information does not have to be identified as “Privileged & Confidential” in order to be protected. However, documents and information that are shared with attorneys and concern the business activity of the client (such as corporate management, brokerage, asset management or foundation of the company) are usually not protected by the attorney-client privilege, whereby the line between protected and unprotected information can be difficult in individual cases.

It must be noted that no “in-house counsel” privilege currently exists in Switzerland, which means that attorney-client privilege does not cover the communication and information that is exchanged between the “in-house counsel” and the employees or customers of a company.

If “in-house counsel” is thus obliged to testify or to produce documents during a legal dispute, it cannot invoke the rights of refusal, as external attorneys may do. This circumstance must therefore always be taken into account when assessing whether legal matters should be handled internally or externally – even before a legal dispute arises.

Are there any special measures with which a company can ensure that they will be able to initiate legal proceedings themselves at a later point in time?

In order to not unnecessarily block its own legal action, a company can ensure that at least no limitation periods are missed by means of good document management and clear IT processes.

Document management also includes sensibly regulating access authorizations to the respective documents, so that the persons who require access also receive it effectively.

How can a company prepare for a case in which possible future proceedings do not involve two private parties but authorities?

Particularly noteworthy in this context is preparation for the case of what is known as “dawn raids”. This is an investigative tool used by criminal, competition and other authorities to investigate suspected criminal, competition and other legal violations.

Based on the element of surprise, the company should be prevented from covering up possible unlawful conduct. Companies are obliged to cooperate in the event of a dawn raid. However, in order to safeguard legitimate self-interest at the same time, companies can define a process that the employees can use as a guideline in such scenario. Trainings can ensure that this process is also effectively known to the employees.

Checklist: Organizational management with respect to legal disputes in the future

Compliance culture is practiced and promoted by the management
Internal regulations:
- on data storage and data retention
- on data privacy
- on the use of business devices and “Bring Your Own Device”
- on “Third-Party Compliance”
- on conducting internal investigations and handling “Whistleblower” reports
- on disciplinary measures
Regulation of responsibilities
Good document management
“Dawn raid” trainings

Your contacts at KC on the topic of organizational management are: Commercial criminal law, legal assistance, internal investigations, crisis management and compliance, Dispute Resolution and Litigation and Arbeits- & Sozialversicherungsrecht.

Contacts

Bettina Achermann

Tel. +41 58 200 30 16

Fax +41 58 200 30 11

bettina.achermann@kellerhals-carrard.ch

Susanna Baumgartner Morin

Tel. +41 58 200 30 07