On 30 November 2015, ICBC Standard Bank (the “Bank”) became the first company to enter into a deferred prosecution agreement (DPA) in the UK. The Bank was to be charged with failing to prevent bribery under section 7 of the UK Bribery Act 2010 (the “UKBA”).
The relevant facts involved Standard Bank Plc (“Standard London”), and took place before ICBC acquired a majority stake in Standard London (to create the “Bank”).
There was no allegation that the Bank or any of its employees had engaged in corrupt acts. Rather, the Bank was to be charged with the section 7 offence on the basis that third parties committed a corruption offence sufficiently closely connected to the Bank’s business.
The case centred on a payment made by Standard London’s sister company in Tanzania (“Stanbic”) to another Tanzanian entity called Enterprise Growth Market Advisors Limited (“EGMA”). The payment was for undefined services carried out by EGMA in relation to a sovereign note deal Standard London and Stanbic arranged for the Tanzanian Government. The SFO allege the payment was improperly made to induce a representative of the Government to favour Standard London or Stanbic in awarding that mandate.
The Bank apparently had no defence to the potential charges that it failed to prevent bribery due to the fact that its systems and controls, at the time, failed to detect that one of EGMA’s directors and shareholders was a member of the Tanzanian Government and another director and shareholder was the ex-chief of the country’s securities regulator.
Under the DPA, the Bank has agreed to:
- pay $32.2 million (which includes a financial penalty, disgorgement of profits and a compensation payment to the Tanzanian Government);
- engage PWC to carry out an independent review of its procedures and take action (including training) to address any gaps identified; and
- continue to cooperate in any related investigation (within the UK or elsewhere).
In exchange, the Serious Fraud Office (the “SFO”), with the court’s approval, has agreed to suspend the criminal proceedings against the Bank for three years. At the end of that period, if the Bank has complied with the terms of the DPA, the proceedings will be formally discontinued.
Why this is significant
The case is significant for two reasons. First, it is the first time any prosecutor has entered into a DPA in the UK. Second, it is the first time, since the offence was introduced in 2010, that the SFO has imposed a penalty on a corporate for failing to prevent bribery under section 7 of the UKBA.
The Director of the SFO, David Green, has made no secret of his desire to reposition the SFO as a prosecutor of serious crime. But with this first DPA, the SFO has demonstrated its willingness to resolve at least some cases through the DPA regime, without criminal prosecution. The SFO is hailing this case as a victory and a “template for future agreements.” But this case is not necessarily typical. Clearly, it was strategically chosen by the SFO as the poster child for DPAs given the extent to which the Bank cooperated—informing the SFO within a few weeks of the matter coming to light and providing the SFO with evidence to which it might otherwise not have had access, such as the Bank’s internal investigation report and contemporaneous documents located abroad. Furthermore, it appears that the particular facts lent themselves to a more straight-forward resolution in this case.
The Bank obviously paid attention to the SFO’s oft-repeated message that it expects high levels of cooperation from corporates looking to avoid prosecution—and the Bank was duly “rewarded” with a DPA. As a financial institution, from its dealings with the Financial Conduct Authority, the Bank will no doubt have been used to that level of interaction in terms of cooperation and reporting. However, not all companies will be able to share (or indeed feel comfortable sharing) so much with the prosecutor quite so quickly, particularly in circumstances where the fact pattern is not so clear cut or the context so simple.
Further, even though the misconduct in Tanzania seems, from the statement of facts, to be quite clear, the presiding judge, Lord Justice Leveson, considered the seriousness of the conduct to be such that a DPA (rather than a prosecution) was in the interests of justice. This is despite the fact the allegations involved potential bribery of foreign Government officials and a loss of $6 million of public funds. Rather, as Lord Justice Leveson put it: “the criminality potentially facing Standard Bank arose out of the inadequacy of its compliance procedures and its failure to recognise the risks inherent in the proposal” put forward by Stanbic. There were no allegations that the Bank or any of its employees had engaged in corrupt acts. And he emphasised that the section 7 offence was not a substantive bribery offence. Whilst section 7 offences may, therefore, be inherently compatible with DPAs, perhaps, in more egregious cases, the SFO may find it more challenging to convince the courts that a DPA is appropriate.
It is still very early days for UK DPAs. Time will tell just how much UK prosecutors are prepared to use DPAs as a means of resolving cases against corporates. And it is also too soon to tell just how attractive such agreements are for those companies facing prosecution. Even so, this case does provide an indication of:
- the severity of the financial penalties and other terms to be imposed on companies in return for a DPA;
- the degree of co-operation expected by the prosecutor in return for a DPA;
- the impact DPAs may have on individuals; and
- the SFO’s approach to prosecuting corporates under section 7 of the UK Bribery Act.
Overview of the DPA
Under the DPA, the Bank agreed to pay $32.2 million to resolve potential charges that it failed to prevent bribery of foreign officials in Tanzania under section 7 of the UK Bribery Act. The allegations concern a private placement of sovereign notes to raise funds for the Government of Tanzania.
In summary, the Bank will pay:
- a fine of $16.8 million (being 300% of the total fee the Bank received for the transaction reduced by one third for the early resolution of the matter);
- compensation to the Tanzanian Government of $6million plus $1million interest; and
- disgorgement of profits from the transaction of $8.4 million.
The Bank will also pay the SFO’s costs of bringing the prosecution (£330,000) and, in a related agreement, the Bank will pay the SEC $4.2 million to resolve potential violations of US securities laws.
The Bank has also agreed to engage PWC to carry out an independent review of its anti-corruption procedures and controls and take action (including training) to address any gaps identified. The scope of PWC’s work will be agreed with the SFO. In many respects, this is akin to a section 166 “skilled persons report”—something with which companies in the financial services sector will be familiar.
Whilst this demonstrates the prosecutor’s commitment to imposing terms specifically aimed at addressing compliance failings, this arrangement stops short of the appointment of a formal monitor for the period of the DPA. A formal monitorship would have been much more burdensome for the Bank. Nonetheless, the SFO’s oversight over PWC’s review does mean that the Bank will have to deal with the prosecutor on its internal processes and controls for some time to come yet.
In addition, the Bank has agreed to continue to cooperate “fully and honestly” with the SFO. And at the SFO’s request, the Bank must also cooperate with any other agency or authority, domestic or foreign, and multilateral development banks, in any matter relating to the facts of the case.
Further, the Bank has had to warrant that, during the three year term of the DPA, it will notify the SFO if it becomes aware of anything it knows or suspects may be relevant to the alleged offences, and that it will provide the SFO with any materials related to the same. This is a broad ranging and potentially quite onerous obligation. In light of this, and the PWC review, it is clear that the Bank’s dealings with the SFO do not end with the signing of the agreement and the payment of the penalty.
The procedure for how the DPA process works in practice is explained in our previous briefing here. In this case, the court gave its blessing to the terms at a private hearing first, before formally approving the agreement at a public hearing on November 30th. This is the standard approach.
The English courts are expected to take an active role in overseeing DPAs and their initial review is to be in private, so any issues they raise can be dealt with before the matter becomes public. Even so, transparency is a key element of the process. Upon final approval of a DPA, the preliminary judgments approving or rejecting earlier proposals are published. Here, there was nothing controversial in the earlier private judgment (which is now public) but that may not always be the case.
The facts the Bank agreed to
A defendant company does not have to make any formal admissions under a DPA. However, it does have to agree a public statement of facts about the alleged offences.
The extent of the statement of facts published in the Bank’s case may surprise some who are more familiar with US-style DPAs. The level of detail reflects the SFO’s need to furnish the court with sufficient information to satisfy it that there is a case for the company to answer—given the active role the English courts are required to take in overseeing DPAs under the UK’s legislative regime. This case serves as both an example and a warning to other companies about just how much information they will have to share publicly if they do want to enter into a DPA.
The detailed, 55 page statement of facts agreed between the Bank and the SFO noted that:
- The relevant facts took place in 2012 and 2013. This was before ICBC acquired a 60 percent majority stake in Standard Bank Plc in February 2015 (creating the Bank). Prior to the acquisition, Standard Bank Plc (“Standard London”) had been owned and controlled by South Africa’s Standard Bank Group.
- In 2012, the Government of Tanzania wished to raise funds by way of a private placement of sovereign notes. Standard London and its then sister company Stanbic Bank Tanzania Limited (“Stanbic”) jointly sought to negotiate the deal as Stanbic did not have the relevant licenses to do it alone.
- The negotiations were initially slow and only gained traction when a Tanzanian entity called Enterprise Growth Market Advisors Limited (“EGMA”) was introduced into the transaction by employees of Stanbic.
- At that time, the transaction fee increased from 1.4% to 2.4% with 1% (US$6 million) to be paid to EGMA for its services. It was unclear what these services were.
- Standard London relied on Stanbic to carry out due diligence. The Standard London employees believed that they did not have to carry out their own due diligence as another member of the group (i.e. Stanbic) was engaging and paying EGMA and was carrying out the KYC process.
- Two of the three directors and shareholders in EGMA were the former CEO of Tanzania’s Capital Markets and Securities Authority and the Commissioner of the Tanzania Revenue Authority (a member of the Government of Tanzania).
- When EGMA opened a bank account with Stanbic, only standard due diligence was carried out. The KYC forms, which were shared with Standard London, did not include any information on the source of funds or details of those behind EGMA. The forms did note that EGMA should be treated as “high risk.” This, however, was overlooked by the Standard London employee who reviewed the forms.
- The introducers and consultants policy was unclear and was not effectively communicated or reinforced through training within Standard London. As such, Standard London relied on Stanbic to flag any bribery and corruption risks, which it failed to do.
- Upon completion of the transaction, EGMA’s fee of $6 million was paid into its account at Stanbic. Not long after the deal had closed, staff at Stanbic became concerned when almost all of the $6 million was withdrawn in cash over the course of ten days. Stanbic employees quickly alerted Standard London and, within a week, Standard Bank Group began an internal investigation.
Standard London had been sanctioned before for failings in its due diligence processes (prior to its takeover by ICBC). In 2014, the Financial Conduct Authority fined Standard London for failing to consistently carry out adequate enhanced due diligence measures before establishing business relationships with corporate customers that had connections with Politically Exposed Persons. This previous fine did not preclude the Bank from being eligible for a DPA. Rather, the SFO accepted that the Bank had made significant enhancements to its policies and procedures since the FCA’s review in 2011, which mitigated in favour of a decision to enter into a DPA.
The Bank’s cooperation with the investigation
In terms of cooperation, the SFO and the court placed great emphasis on the fact that the Bank had self-reported the matter to the SFO within three weeks of the matter coming to the Bank’s attention. The SFO noted in its press release that the Bank's solicitors reported the matter to the Serious and Organised Crime Agency (now the National Crime Agency) six days before the Bank reported the matter to the SFO. This suggests that the facts of the case gave rise to a mandatory reporting obligation under the Proceeds of Crime Act 2002 (“POCA”). If that is the case, it is welcome news that the SFO, nonetheless, considers this to have been a genuine self-report and has given the Bank full credit for doing so, notwithstanding any mandatory obligation that may have arisen under POCA (or indeed any other potential regulatory obligation).
The SFO noted that the Bank had fully cooperated in the investigation. This included appointing an external law firm to carry out an internal investigation, sharing the outcome of that investigation with the SFO, identifying employees, and sharing documents collected from: (i) email servers held in Africa, (ii) inboxes and hard drives of team members working on the transaction, (iii) shared drives, (iv) paper files, (v) CCTV images recorded in Africa and (vi) recordings of telephone conversations. The SFO would not have had access to much of this evidence had it not been for the Bank voluntarily providing it. This may be indicative of the extensive degree of cooperation the SFO requires and how high the bar is set for companies looking to enter into a DPA.
Doubtless the SFO will be hailing this as vindication of their stance on cooperation being the critical component required before companies are extended the invitation to avoid criminal prosecution in favour of a DPA.
Impact on individuals
The joint CPS/SFO DPA Code of Practice states that companies entering into a DPA will normally have to agree to cooperate with any investigations into related offences, which would include investigations into individual defendants.
Under the DPA, the Bank has agreed to assist in any investigation of individuals carried out by any authority, domestic or foreign, including development banks. This demonstrates the SFO’s clear commitment to use DPAs to help secure the cooperation of corporates in the pursuit of individuals, even where those individuals do not fall within the SFO’s jurisdiction.
This approach has the potential to create tensions between companies who want to cooperate with the authorities to obtain a DPA and employees who are facing individual criminal liability. Such tensions could potentially arise in borderline cases where the employee misconduct is not as clear cut as appears to have been the case here.
In the present case, the individuals named by the SFO as allegedly having taken part in the bribery are not within the SFO’s jurisdiction and have left the Bank—so conflicting interests may not have been a concern for the Bank. However, that will not always be the case.
Further, individuals might be concerned to learn that the statement of facts in this case refers to a number of Standard London or Stanbic employees by reference to their name or job title. In fact, the SFO openly alleges that two named former Stanbic employees, based in Tanzania, are guilty of bribery under section 1 of the UK Bribery Act (or would be if it were not for jurisdictional constraints).
SFO’s approach to prosecuting section 7 of the UKBA
It is notable that this first, long-awaited, corporate prosecution under the 2010 UKBA was disposed of by way of a DPA. The SFO will still be claiming this DPA as a success, but the SFO’s Director will, no doubt, be keen to secure a conviction under section 7 in due course. In explaining why it was appropriate to resolve the matter in this way, the SFO has pointed to the Bank’s prompt self-report and extensive cooperation in the investigation.
Interestingly, notwithstanding the extent of the evidence that the Bank voluntarily made available to it and the facts in this case being relatively straightforward, the SFO did not state it had sufficient evidence to provide a realistic prospect of conviction (i.e. it did not confirm it had met the first limb of the full code test). Instead, it stated that it had met the lower evidential threshold set out in the DPA Code of Practice—namely that there was at least a reasonable suspicion, based on some admissible evidence, that the Bank had committed the offence and there were reasonable grounds for believing that further investigation would produce more admissible evidence in favour of a conviction.
It may be that the SFO simply thought it was unnecessary to try to satisfy the higher burden of the full code test when the DPA code test would do. However, in cases where the SFO does want to push for prosecution, which may well have more complex fact patterns than the present case, it remains to be seen just what evidence the SFO will need to satisfy itself that a case does have a realistic prospect of conviction.
What does this mean for companies coming within the SFO’s jurisdiction?
For companies to whom the UK Bribery Act applies, i.e. those commercial organisations carrying on a business or part of a business in the UK, the case has some specific takeaways. In particular, it highlights their exposure to the strict liability offence of failing to prevent bribery if they fail to carry out proper due diligence on third parties—especially when those third parties are introduced to them by other group members in high risk jurisdictions.
The SFO acknowledged that the Bank had processes designed to address bribery and corruption. However, where it principally fell down was in the failure of its people to understand what they meant in practice. In particular, the employees lacked sufficient guidance or training on what procedures applied where two entities within the group were involved in a transaction and one of the two engaged an introducer or a consultant. This is a clear reminder to companies that having anti-bribery policies is just the first step—ongoing efforts are required to ensure they are embedded within the organisation’s processes and adhered to in practice.
With the publication of this first DPA, we now have a greater insight into how DPAs will work in practice in the UK. However, this is only the first one. For now, there still remains a good degree of uncertainty. Companies invited to the negotiating table with the SFO still have many tough calls to make. Not least they will have to ask themselves if they are comfortable:
- paying a penalty that is the equivalent of a fine levied upon an early guilty plea (which, in this case, before the 30% discount, was 300% the revenue represented by the transaction in question);
- accepting the ongoing levels of cooperation and oversight the SFO might require (although companies in regulated sectors, particularly financial services, will already be accustomed to the levels of cooperation expected by other authorities);
- reporting as quickly as the Bank did; and
- agreeing to a statement of facts that is as detailed or even more detailed as the one agreed to by the Bank, and whether they can live with the additional exposure such a public agreement on the facts might place on them.