The UK Serious Fraud Office’s Corporate Cooperation Guidance has implications for organizations operating inside and outside the United Kingdom. International organizations should take the Guidance into account in practical terms when conducting cross-border investigations and reviewing their own internal investigations and incident response protocols.
The UK Serious Fraud Office (SFO) published the Corporate Cooperation Guidance (Guidance) on August 6. It forms part of the SFO Operational Handbook and will be used to assist the SFO in assessing the level of cooperation it has received in making charging decisions.
The Guidance outlines in some detail an approach to investigations that more experienced organizations and their external lawyers have largely been adopting for some time. It is helpful in outlining what the SFO will (and will not) regard as cooperative and identifying what it views as good investigation practices, including preserving materials and providing them to the SFO. The Guidance also discloses the type of information the SFO expects to receive and in what manner, and the type of engagement the SFO expects from cooperative organizations.
While this information is not new, the way in which the SFO has articulated and published it is nonetheless welcome. The differences that have historically existed between UK agencies and those elsewhere, particularly in the United States, have often created what some see as unnecessary difficulties for organizations that are trying to cooperate fully, while balancing the interests and needs of all external agencies and other stakeholders that may have an interest in an issue that straddles borders. Therefore, attempts to harmonize the different regimes and approaches are welcome, and the Guidance can be seen as a step toward a collaborative approach for the SFO and the private sector.
The Guidance points out that each case will turn on its own facts and that even full cooperation cannot guarantee any particular outcome. It recognizes that no checklist can cover every case, and describes the nature and tone underlying the conduct of a genuinely cooperative organization, its legal advisers, and the SFO.
Specifically, organizations wishing to be cooperative should do the following:
- Provide assistance to the SFO that goes well beyond what the law requires
- Identify to the SFO suspected wrongdoing and criminal conduct, together with the people responsible, regardless of their seniority in the organization
- Report these findings to the SFO within a reasonable time of the suspicions coming to light
- Preserve available evidence and provide it promptly in an evidentially sound format
Other parts of the Guidance are more challenging for organizations and their advisers, including that the SFO expects organizations to do the following:
- Consult with the SFO in a timely way before interviewing witnesses or suspects or taking personnel/HR actions or other overt steps
- If seeking cooperation credit by providing witness accounts, also provide any recordings, notes, or transcripts of the interview and a witness competent to speak to the contents of each interview
- Assist in identifying material that might reasonably be seen as assisting any accused or potential accused or undermining the case for the prosecution
- If the organization claims privilege, obtain certification from independent counsel that the material is privileged
- Notify the SFO of any government agencies (whether domestic or foreign, law enforcement or regulatory) that have contacted the organization or to which the organization has reported
Conflicts and Challenges
Two immediate issues arise in the context of possible self-reporting. The first is that the Guidance indicates that the SFO expects to be told by an organization of any contact it receives from another law enforcement agency or regulator. It may be difficult to reconcile the need to notify the SFO of such contact where, for example, the organization has at that point no clear indication that there is any conduct of a type that should be disclosed to the SFO. Notification to the SFO of something that has already been disclosed to another law enforcement agency is an easier decision than an instance where an organization has been contacted by a law enforcement agency and has yet to determine whether notification to the SFO or another agency is appropriate. The organization must balance the risk that the SFO, in hindsight, might view the organization as not being cooperative if the SFO were not timely notified of an issue against the risk of notifying the SFO too early, resulting in possibly having to notify multiple agencies and losing control of the issue.
The second issue that arises is timing. The Guidance anticipates that the SFO will be notified and consulted before an organization interviews potential witnesses or suspects. However, this approach may not prove possible in many internal investigations for a host of reasons, including that it is necessary to conduct interviews before determining whether any criminal conduct may have occurred and before any decision to self-report can reasonably be expected to have been made.
In this regard, the Guidance presents a more restrictive approach to internal investigations than is the practice in the United States. In general, the US Department of Justice (DOJ) has not viewed corporate internal investigations as a hindrance or barrier to cooperation. This general understanding was recently reinforced in DOJ’s March 2019 update to its FCPA Corporate Enforcement Policy, wherein DOJ expressly noted, “Although the Department may, where appropriate, request that a company refrain from taking a specific action for a limited period of time for de-confliction purposes, the Department will not take any steps to affirmatively direct a company’s internal investigation efforts.” Moreover, any requests for de-confliction will be “narrowly tailored to a legitimate investigative purpose.”
The requirement to contact the SFO before interviewing witnesses and suspects is less likely to cause difficulty after a notification has been made and is not an uncommon practice in any case. The Guidance goes beyond what is specifically required in the United States, and organizations will need to be careful to ensure that all authorities have (and perceive themselves to have) equal information.
The guideline that organizations seeking cooperation credit by providing witness accounts should provide recordings, notes, and/or transcripts of those interviews creates obvious difficulty from the US perspective, as well as in the United Kingdom. While the Guidance states that an organization that does not waive privilege and does not provide witness accounts “will not be penalised by the SFO,” the fact that an entire section of the Guidance is titled “Witness Accounts and Waiving Privilege” may compel organizations seeking cooperation credit to provide witness accounts at the expense of waiving privilege.
In the United States, such waiver of privilege is expressly not a requirement for cooperation credit. In its updated March 2019 FCPA Corporate Enforcement Policy, DOJ is clear that “eligibility for cooperation or voluntary self-disclosure credit is not in any way predicated upon waiver of the attorney-client privilege or work product protection.” In crediting an organization with full cooperation, DOJ specifically seeks only “attribution of facts to specific sources where such attribution does not violate the attorney-client privilege, rather than a general narrative of the facts.”
There is also potentially conflicting guidance about what is expected with respect to individuals. The Guidance anticipates organizations “identifying material that might reasonably be considered capable of assisting any accused or potential accused or undermining the case for the prosecution” and providing “[p]articularly relevant materials sorted, for example, by individual or specific issue.” Contrast this with the United States, where DOJ anticipates organizations identifying only “relevant facts about all individuals substantially involved in or responsible for the violation of law.” DOJ does not want investigations “delayed merely to collect information about individuals whose involvement was not substantial, and who are not likely to be prosecuted.”
The Guidance also creates potential constitutional issues in the United States. In a recent decision, the US District Court for the Southern District of New York criticized both the government’s substantial involvement in directing employee interviews and the target organization’s decision to seek the government’s permission to interview its own personnel. The Guidance’s expectation that the SFO will be notified and consulted before an organization interviews potential witnesses and its encouragement that an organization waive privilege over the notes, accounts, and transcripts of witness interviews seem to allow the government to do exactly what the court warned against: “outsourc[ing] the important development stage of [the government’s] investigation” to the organization and then relying on that information to “buil[d] its own investigation” against the target company’s employees.
How Can These Conflicts Be Reconciled?
Reconciling these conflicts is likely to start with the approach taken by an organization and its advisers and how the organization is perceived by the SFO. The Guidance states, “Many legal advisers well understand the type of conduct that constitutes true co-operation. This will be reflected in the nature and tone of the interaction between a genuinely co-operative organization, its legal advisers and the SFO.” There will undoubtedly be more opportunity to reconcile differences through discussion, while still remaining cooperative in a collaborative environment.
Early risk assessment and decisionmaking are also important. It may be that the conflicts in the United Kingdom and with the US processes and other processes can be reconciled in whole or in part. If not, an assessment of which process should be followed will need to be made based on the various risks of not being cooperative with the SFO or any other agency, with consideration for how these risks can best be mitigated. It is important to remember that on its face the Guidance does conflict with processes in the United States, but also with the processes of other UK agencies such as the Financial Conduct Authority or Competition and Markets Authority.
Litigation risk is another factor to consider in process decisions. Although not necessarily determinative, it should be raised at an early stage when making judgment calls on competing processes.
An organization’s internal team and external legal team need to understand the cultural differences that are likely to drive decisionmaking, and how the conflicts in processes are likely to be approached by different agencies. A blanket adoption of, for example, US practices and processes may in certain circumstances be the right approach, but in other instances a different or more nuanced approach may achieve better results. Team composition can be an early and important determining factor contributing to both process decisions and the ultimate outcome.
Finally, constructive dialogue with the SFO and other agencies about the problems that arise and need to be addressed by the organization can achieve positive results. A tailored approach to evidence gathering and production may be available to address (or at least mitigate) differences. Considered dialogue accompanied by solutions, where possible, can be important in finding collaborative and sometimes innovative solutions.
The Guidance provides a timely reminder that it is necessary to be prepared to obtain and record data in internal investigations, which data may need to be produced through conflicting processes. Organizations with sophisticated, well-developed investigation functions are more likely to gather evidence in a manner that could be seen as breaching the Guidance, so they should review their protocols for compliance.
Similarly, those conducting internal investigations should be aware of the possible conflicts that can arise and how they can best be managed so as to avoid loss of cooperation credit with the SFO or other agencies.
Organizations should review their notification policies and processes to ensure that notifying the SFO about an issue is at least considered if the organization is contacted by another agency and that issue may later be of interest to the SFO. If no notification to the SFO is made, the organization should consider how to record that decision in order to minimize the risk that the SFO later considers the organization to be uncooperative.
Publication of the Guidance is a positive development, and overall, its contents are helpful. However, organizations should be aware of areas of conflict with other countries’ and agencies’ processes, particularly as they structure and conduct internal investigations into cross-border issues. The increased flexibility the SFO presents in the Guidance is welcome, but must be considered and balanced against the increased scrutiny by both US and UK courts of the extent to which government agencies can “outsource” and control these investigations. Organizations need to review their approach to evidence gathering generally and on a case-by-case basis to ensure the best chance of preserving cooperation credit in the United Kingdom and elsewhere.