Compliance Databases and the Issue of Privilege 

publication 

Fall 2010 - (Corporate Insurance Brief Fall 2010 )

Co-authored: Frank Palmay and R. Nairn Waterman
Corporate Insurance Brief Fall 2010

The adoption of self-assessment compliance regimes by Canadian insurance companies creates centralized depositories of confidential company records that identify the company's problems and its responses to them.

These centralized depositories contain information and analysis on the insurance company's non-compliance with laws and regulations, and with company and industry standards, practices, policies and requirements. Regulators and those interested in pursuing claims against the insurance company will seek access to these depositories as sources of information which may be used to establish liability, identify classes of claimants and increase damages claims against the company.

The self-assessment records and working papers will contain both new and old confidential corporate records containing information, analysis, reviews, evaluations, strategies and reports which could be used as evidence in proceedings against the insurance company. Knowing that such records exist will encourage those seeking to attack the insurance company to press for broad disclosure not only of the final reports, but also of the underlying working papers and supporting primary records.

The risk posed by these centralized collections is aggravated by the modern use of electronic communications and databases, which increase the volume, retention, dispersion and accessibility of information collected during a self-assessment review. This risk is also aggravated by the modern trends in Canadian law towards increased:

  • allegations of bad faith for failure to address known or discoverable problems in a timely fashion;
  • use of class actions for claims arising from systemic problems; and
  • pressure on government regulators to deal with perceived risks in the financial sector.

This combination of interest, opportunity and electronic means for collection and review is likely to lead to increased demands to compel disclosure of self-assessment records and underlying documents in both regulatory and civil proceedings against insurance companies.

Insurance and securities regulators have statutory authority to compel disclosure of confidential corporate records as part of regular administrative reviews and regulatory prosecutions. Civil litigants are entitled to compel such disclosure under the discovery rules that govern the conduct of law suits. Both rule makers and courts have adopted the view that full and fair disclosure of a party's relevant records is desirable for the effective and efficient resolution of adversarial proceedings and for controlling wrongdoing. As such, in either regulatory proceedings or civil actions, insurance companies can expect aggressive efforts to compel disclosure and inspection of the confidential records that have been collected or created as part of their self-assessment programmes and follow-ups. As these records become more widely known and precedent for access is set, this trend can be expected to accelerate and become more of an issue.

Under Canadian law, the principles of "privilege" provide the most common defence to and restrictions on compulsory disclosure of confidential corporate records.

In order to reduce the exposure created by the self-assessment process, insurance companies should institute a clear protocol for the recognition and protection of potential claims for privilege when planning and implementing their self-assessment programme. This requires not only an understanding of the potential scope and requirements for claiming privilege, but also the implementation of practical, operational protocols and systems for the collection and analysis of records and the preparation of self-assessment reports.

Privilege protections were developed by the common law courts to advance policies that the courts considered important to the operation of the legal system. Different categories of privilege have been developed and defined by the courts based on their different purposes or rationales. Recently, the Supreme Court of Canada described the two most common categories of privilege (solicitor-client or advice privilege and litigation privilege) as very different animals with different purposes, characteristics, status and consequences. As they have different requirements, applications and protections, each must be separately considered and incorporated into the company's protocols for the preparation, use and retention of records relating to self-assessment audits.

Solicitor-client privilege or advice privilege protects confidential communications with a lawyer in connection with obtaining legal advice. It emphasizes and protects the solicitor-client relationship and confidential communications within that relationship. In contrast, litigation privilege protects the need for parties to adversarial proceedings "to prepare their contending positions in private without adversarial interference and without fear of premature disclosure." It emphasizes and protects preparation in the apprehension of legal proceedings. Each of these privileges may protect some of the sensitive documents collected or created as part of the self-assessment review, provided that the opportunity for such protection is identified and the basis for protection established and maintained.

As self-assessment reviews are part of regular business operations for the purpose of meeting business requirements, the starting point is that they are unlikely to be privileged. Generally, they neither involve lawyers giving legal advice nor are they undertaken for the primary purpose of dealing with expected legal proceedings. However, they may involve the collection and review of records or circumstances which create an opportunity for protection. For example, the audit may raise issues on which legal advice is needed or reveal information which creates a reasonable apprehension of future legal proceedings by either the regulator or third parties. To protect available privileges when such situations occur, the insurance company's protocol should encourage the identification of these possibilities at the earliest possible time and provide for the required steps to establish the privilege (e.g., by the immediate involvement of a lawyer to oversee the continued collection and communication of facts relevant to legal questions to be addressed, or to receive the information relevant to the potential legal proceedings).

Having identified and established potential privilege, all subsequent records, collections and investigations should expressly refer to it. For example, for advice privilege, further investigation and gathering of information should be in response to the request and for the use of the lawyer retained by the company for giving the advice. These records should be marked "Privileged, Confidential, For Counsel" and copies provided to the lawyer for his or her advice on the identified issue. For litigation privilege, the document should also refer to the possible dispute. In both cases the records should be segregated and copying, dissemination, use and retention controlled. In addition, the collection, review and use of any record which may otherwise be privileged must be controlled to avoid waiving (i.e., forfeiture of any existing privilege). If privilege is established, the demands for disclosure of sensitive, confidential records by either the regulator or the insurance company's adversaries can be resisted.

Ed.: This article appeared previously in "International Law Office," an e-subscription information service that delivers global analysis of legal developments to lawyers worldwide.

This article appeared in the Lang Michener LLP Corporate Insurance Brief Fall 2010.