On 17 January 2020 the UK Serious Fraud Office (“SFO“) updated its Operational Handbook to include a new chapter on evaluating a compliance programme (the "New Chapter"). The New Chapter considers the relevance of compliance programmes for SFO cases and how the SFO will investigate the effectiveness of a compliance programme.
The SFO's Operational Handbook is for internal SFO guidance, does not constitute official guidance to third parties and is published in the interests of transparency. However, it can be instructive in revealing the SFO’s approach to certain matters. In this briefing we provide an overview of the New Chapter.
Relevance of Compliance for SFO Cases
The New Chapter defines a compliance programme as an "…organisation's internal systems and procedures for helping to ensure that the organisation – and those working there – comply with legal requirements and internal policies and procedures". It states that, whenever investigating an organisation, the SFO should assess the effectiveness of the organisation's compliance programme, in order to "inform decisions on the case" and outlines the following decisions at different stages of a case where a compliance programme may be relevant:
(a) The state of the compliance programme at the time of offending could be relevant to:
(i) the decision to prosecute - under the Guidance on Corporate Prosecutions it is a public interest factor in favour of prosecution if "The offence was committed at a time when the company had an ineffective corporate compliance programme";
(ii) whether a commercial organisation has a defence against a section 7 Bribery Act 2010 offence of failing to prevent bribery (the “Section 7 Corporate Offence”); and
(iii) sentencing for a Section 7 Corporate Offence where some effort has been made to put bribery prevention measures in place but insufficient to amount to a defence.
(b) The current state of the compliance programme could be relevant to:
(i) the decision to prosecute – under the Guidance on Corporate Prosecutions, a prosecutor should consider whether an organisation has taken "remedial actions", which can include enhancements to its compliance programme, and whether there is a "genuinely proactive and effective corporate compliance programme";
(ii) whether a DPA will be offered – sub-paragraph 7.11 of the DPA Code of Practice provides that an important consideration for entering into a DPA is whether the organisation has "a genuinely proactive and effective compliance programme"; and
(iii) sentencing – the Fraud, Bribery and Money Laundering sentencing guidelines for corporate offenders includes, as one of the non-exhaustive list of factors for the court to consider when deciding on any adjustments to the level of fine, the "Impact of fine on offender's ability to implement effective compliance programmes".
(c) How the compliance programme could change going forward could be relevant to the terms of a DPA. Even if an organisation does not yet have a fully effective compliance programme, a DPA may, in certain circumstances, still be appropriate and a DPA could include terms requiring the organisation to implement a compliance programme, or change its existing programme, policies or training (see Schedule 17 of the Crime and Courts Act 2013).
There is nothing new in the above, but it is a useful reminder of some of the reasons why it is important for businesses to seek to ensure that they have a robust compliance programme in place, even if they have not always done so historically.
The New Chapter indicates that the SFO will routinely seek detailed records regarding a business’s compliance programme at an early stage of an investigation into corporate wrongdoing, using various tools including compelled requests. It states that “[t]he organisation should have a variety of written records of its compliance programme and its operation” – in implementing their compliance programmes, companies should bear in mind that they may be in a position where they need to evidence that programme and its operation.
What a Compliance Programme Entails
The New Chapter notes that, as individual cases differ, it does not prescribe a particular approach to investigating a compliance programme. Instead, it states that it is helpful to arrange the assessment of a compliance programme around the six principles detailed in the Bribery Act 2010 Guidance published by the Ministry of Justice (the “MoJ Guidance”), namely:
- Proportionate procedures
- Top-level commitment
- Risk Assessment
- Due diligence
- Communication (including training)
- Monitoring and review
Whilst the MoJ Guidance pertains specifically to the Section 7 Corporate Offence, the New Chapter suggests that “its principles represent a good general framework for assessing compliance programmes”.
The New Chapter excerpts various passages from the MoJ Guidance but provides no specific guidance on how the SFO will assess a compliance programme, nor what it may consider would constitute adequate procedures for the defence to the Section 7 Corporate Offence.
To date, there has been only one contested trial in which a jury was asked to consider whether a corporate could rely on the adequate procedures defence, R v Skansen Interiors Limited. Skansen gave no real clarification as the reason the jury decided to convict remains known to them alone. The Deferred Prosecution Agreement (“DPA”) judgments to date contain only limited compliance related commentary; by agreeing a DPA in respect of a Section 7 Corporate Offence, the company impliedly accepts that it did not have adequate procedures at the time so this would not be tested before the court.
The question of what procedures are “adequate” therefore remains ill-defined and a continued source of uncertainty both for businesses seeking to ensure their policies and procedures are adequate, and for those businesses subject to investigation by the SFO in relation to a Section 7 Corporate Offence(s).
The previous SFO Director, Sir David Green CB QC, had stated that it was not the SFO's job as a prosecutor to provide guidance on what may or may not constitute adequate procedures. The New Chapter suggests that the current SFO Director, Lisa Osofsky, may share that view. That may be so, but the SFO will nevertheless need to assess compliance programmes against the high level principles set out in the MoJ Guidance; without clearer operational guidance, it is unclear how they will be able to do so effectively and consistently. Given the importance which the SFO states that it may give to a business’s compliance programme when making various important case decisions, it is hoped that the SFO will, in time, provide more meaningful guidance on the criteria it will apply when reaching such decisions.