Most of the blog posts in this crisis management series have had to do with civil problems rather than criminal. There are, however, many criminal situations that change the risks for everyone.
In most instances you get positive "points" if you trump the circumstances and report yourself to the enforcement authority. In many situations this is actually built into the way the system works. Antitrust and securities law situations are most prominent here. If you have analyzed the situation thoroughly and determine that you have serious potential exposure, there is little to be gained by fox holing. You have to assume that some of the employees who have some knowledge of the situation are thinking of becoming prosecution witnesses, and you would normally do well to get to the enforcement agency before the vengeful/opportunistic employee does. Trying to buy off potential adverse witnesses before something hits the fan always gets exposed, and that makes your situation much worse for having done that.
The Enron situation is the most extreme example of how big companies, big law firms and big accounting firms can all coalesce to mismanage everything and create the worst possible criminal and civil exposure. It is the single best case study of what happens when you think you can outsmart everybody.
Where there is a potential for an involved employee to have his own personal exposure to prosecution, what can be asked of him in an investigation carries responsibilities with which crisis counsel must be familiar. The lawyer for the company is not in those situations also the lawyer for the employee. There may be no attorney client privilege. There probably has to be a Miranda warning given before an interview. If that isn’t technically correct in some situations, it is still the most intelligent way to proceed. Failing to do that often results in the company and its lawyers being accused of witness tampering. Even if that isn’t so, who will believe that it isn’t so?
Having to Mirandize employees means they go get their own lawyer, and from then on you work through their lawyer. You don’t know what their lawyer has as his agenda, so there is a cognizable risk there that must be accounted for. You can certainly expect, at the very least, demand for indemnification, a covenant not to sue, a release of all claims that might be asserted against the employee. How much of that you consider and how it is memorialized, as well as who is informed of it, are critical questions. For example, when would you do that without making the enforcement authority aware of the fact that you are doing it? It can come out in a grand jury interrogation or in a simple interview with a prosecutor. Is that how you want that to be revealed?
You do need to know where the information that the employee has is located, and you do need to get at that. You may need to have his personal computer/laptop/PDA turned over to you, and you had better handle that with sufficient transparency so that you can deal effectively with any claim that you may have modified relevant information. Data on all electronically stored information has to be preserved and will have to be produced to the enforcement agency.