A recent settlement by the SFO with a UK company accused of bribery has resulted in the SFO being accused of suffering a “failure of nerve”. In a speech on 7 March 2017 Ben Morgan, Joint Head of Bribery and Corruption at the SFO, spoke about the future of Deferred Prosecution Agreements. The speech highlights some important issues for any company concerned about potential criminal liability exposure.
DPAs can apply in a variety of situations
Although Deferred Prosecution Agreements (DPAs) have been available in the U.S. for a number of years, they were only introduced in the UK in early 2014. To date, there have been three DPAs in the UK, all in relation to bribery charges under s7 Bribery Act 2010. Mr Morgan distinguished each case:
- a major bank, within which there was misconduct related to a fund-raising exercise for the government of Tanzania – a “pocket of behaviour”, a “narrow self-contained problem in a large and complex business”;
- a UK SME which has not yet been publicly identified for legal reasons – an example, according to Mr Morgan, of where a DPA was used to limit the “negative effects of corporate behaviour on innocent people” eg employees, pensioners and others who are reliant on the future of a company, such as suppliers, manufacturers or customers. This was because the scale of the misconduct was so large, compared to the financial means of the company, that the appropriate financial sanctions “would have put the company out of business”. The DPA provided for terms that the “company could just cope with and stay alive”; and
- a major UK engineering company – “an altogether different case again… conduct spreading widely through its business, over several decades and over multiple jurisdictions”.
Mr Morgan refers to criticism of the DPA that was entered into with the major engineering company – “if not this case, then when would the SFO prosecute?”.
What makes a case suitable for a DPA?
Given the widely varying circumstances of the first three DPAs, does Mr Morgan’s speech give us any more clues about when a DPA is (or is not) appropriate?
Mr Morgan’s speech highlighted some important factors. Companies must be frank about what has happened and cooperate fully. Examples of excellent cooperation are providing unfiltered access to company records, agreeing to an independent review for privilege, disclosing written accounts of interviews and seeking SFO views on media and government relations. When referring to the most recently implemented DPA, Mr Morgan commented “[t]here was little more they could have done to put right what had happened”.
On the future, the speech suggests that:
- There is a high bar for cooperation. Mr Morgan refers to the fact that most companies will start with a “deficit” (namely the misconduct) – from that point on, what a company chooses to do in terms of cooperation with the SFO will be taken into account in judging whether the company has “close[d] that deficit”;
- it is still possible to get some self-reporting credit where the SFO already has some limited information from a third party source: “self-reporting is not dead... it is still a key feature of the profile of a case suitable for resolution by the DPA”. Referring to the fact that the SFO had first learnt of issues in one of the organisations granted a DPA from an anonymous blog, Mr Morgan alluded to the idea that, even if the SFO is tipped off by a third party, it is still possible for a company to receive cooperation credit if the information provided goes “far beyond what [the SFO] already knew”; and
- closer and better international cooperation will lead to “choreographed resolutions… there have been, and will continue to be, if not global then at least multi-agency outcomes”.
The SFO is clearly keen to address some of the less positive commentary that its recent use of DPAs has attracted. The SFO sees using DPAs as a key part of its future strategy to address criminal misconduct in organisations relating to bribery and corruption. However, this is not to say that the SFO will be entering into DPAs lightly, or making this easier for companies. A company that wishes to qualify for a DPA must still meet the relatively high qualification thresholds expected by the SFO, especially those relating to self-reporting and cooperation.