Lexology GTDT Market Intelligence provides a unique perspective on evolving legal and regulatory landscapes. This interview is taken from the Anti-Corruption volume featuring discussion and analysis of legal developments, compliance risk and the role of enforcement authorities within key jurisdictions worldwide.

1 What are the key developments related to anti-corruption regulation and investigations in the past year in your jurisdiction, and what lessons can compliance professionals learn from them?

Deferred prosecution agreements (DPAs) continue to mark the key developments in anti-corruption case law, with two in the past 12 months and eight in total. Notable was how 2020 began with a record DPA with Airbus SE, a corruption case involving multiple jurisdictions and significant international cooperation (see more on DPAs and Airbus SE in question 4). The second DPA involved G4S’s fraud in undertaking public sector contracts, and is interesting in this context because the company delayed full cooperation for several years (see more at question 5). In addition to DPAs, the Serious Fraud Office (SFO) still has on its books a number of ongoing, significant investigations into allegations of bribery and corruption, including Chemring, Amec Foster Wheeler and ENRC. The SFO also recently announced corruption charges in its investigation into GPT’s business in Saudi Arabia. However, the SFO’s caseload has decreased in recent years, with the number of active investigations falling by 20 per cent, from 75 in 2017 and 2018 to around 60 now.

The SFO has brought fewer cases to trial in the past year than in the previous two years. Whatever the reasons for this, there has been some criticism of the SFO’s failure to secure convictions against individuals charged in cases where the corporate entity has entered into a DPA. To date, no individuals have been convicted in such cases and this has led to some commentators suggesting that corporates may become increasingly reluctant to enter into a DPA, given the obvious difficulties facing a prosecutor in these cases.

From a practical perspective, the case of R (on the application of KBR Inc) v The Director of the Serious Fraud Office (2018 EWHC 2368 Admin) is significant. The court held that, where a company has a ‘sufficient connection’ to the United Kingdom, the SFO can compel the production of documents from that company using a section 2 notice, even if the documents are held outside the jurisdiction. In this case, the court held that, where a company has a ‘sufficient connection’ to the United Kingdom, the SFO can compel the production of documents from that company using a section 2 notice, even if the documents are held outside the jurisdiction. This decision confirms the extra­territoriality of section 2 notices in circumstances where there is a ‘sufficient connection’ between this jurisdiction and the person subject to the notice. The Supreme Court has given KBR permission to appeal this judgment and practitioners await the outcome of this appeal with interest.

The message for compliance professionals is that they should remain vigilant and ensure that internal compliance procedures are effective. Despite the reported reduction in cases, the SFO’s objectives have not changed: it continues actively to investigate allegations of bribery and corruption and it has good relationships with active overseas enforcers. It continues, also, to achieve significant settlements in corporate corruption cases.

Brexit

The UK government is keen to demonstrate to the world that, post-Brexit, the UK offers an attractive ‘clean business’ environment. At the same time, one of the arguments advanced in favour of Brexit is the advantages of doing business with new partners and emerging markets. It is, of course, recognised that in many emerging markets there is generally a higher level of corruption risk than many current partners, such as EU member states. By engaging with new markets and industry sectors that are commonly affected by corruption, it is likely that the UK’s corruption risks will increase and there will be a consequent increase in focus on foreign bribery risks from UK enforcement bodies.

2 What are the key areas of anti-corruption compliance risk on which companies operating in your jurisdiction should focus?

The SFO has clearly set out its areas of focus for anti-corruption compliance when carrying out its investigations and considering whether to offer a company the opportunity to enter into DPA negotiations. Companies should carefully review the areas the SFO has identified as its key areas of concern and ensure that they have addressed them properly.

In 2019, the SFO published its guidance on corporate cooperation, which is essential reading for any in-house counsel or compliance officer where the company is either in the United Kingdom or has a link to the UK. This is an important addition to the guidance contained in the joint Crown Prosecution Service (CPS) and SFO Code of Practice, and the joint CPS and SFO Guidance on Corporate Prosecutions. The 2019 guidance spells out what the SFO will expect from a company in terms of cooperation when seeking to enter into a DPA and makes clear at the outset that ‘cooperation means providing assistance to the SFO that goes above and beyond what the law requires’. This includes:

identifying suspected wrong-doing and criminal conduct together with the people responsible, regardless of their seniority or position in the organisation; reporting this to the SFO within a reasonable time of the suspicions coming to light; and preserving available evidence and providing it promptly in an evidentially sound format.

The guidance sets out the SFO’s expectations of good practice in terms of preserving and providing material including witness accounts and waiving privilege. Of course, witness accounts and privilege have been the subject of much debate and litigation in recent years, and the SFO shows no sign of losing interest in receiving such accounts and, if necessary, requiring waivers of privilege as a mark of cooperation.

In the United Kingdom, firms regulated by the Financial Conduct Authority (FCA) are obliged to disclose anything that the regulator would ‘reasonably expect notice’. For FCA-regulated firms dealing with cases where disclosure has already been made to the FCA, the decision to cooperate with the SFO will be relatively straightforward. However, for unregulated businesses, the question of whether to self-report and then to commit to an arduous course of cooperation is more complex, particularly as the SFO’s guidance makes clear that full cooperation does not guarantee a particular outcome. Companies would, therefore, be well-advised to take early, specialist legal advice on the best way forward.

Continuing in its transparency agenda, in 2020 the SFO published a chapter within its Operational Handbook entitled ‘Evaluating a Compliance Programme’. It sets out the relevance of compliance for SFO cases and is described in more detail in question 6.

3 Do you expect the enforcement policies or priorities of anti-corruption authorities in your jurisdiction to change in the near future? If so, how do you think that might affect compliance efforts by companies or impact their business?

The covid-19 pandemic has had a profound impact on so many walks of life, including law enforcement. In the short term, there will be pressure on law enforcement bodies to prioritise investigations into pandemic-related crime. This may result in the SFO taking on more fraud cases than bribery cases in the immediate future.

In the medium to long term, however, there should be no shift away from corruption work. The United Kingdom is committed in international law to pursue bribery cases and anti-bribery activity remains a law enforcement objective. As set out above, increased trade with emerging markets, particularly in times of recession, will always increase the risk of bribery and corruption to the United Kingdom. It remains to be seen how such risks will manifest themselves, but the enforcement bodies are alive to this issue and it remains a likely area of future litigation.

4 Have you seen evidence of continuing or increasing cooperation by the enforcement authorities in your jurisdiction with authorities in other countries? If so, how has that affected the implementation or outcomes of their investigations?

The director of the SFO has repeatedly made clear her focus on multi-agency cooperation and has welcomed secondments to the SFO from the United States and Singapore. More tangibly, a record-breaking DPA involving global aerospace company Airbus SE was announced in January 2020, which involved close co­operation between UK, French and US authorities. Airbus SE agreed to pay a total of €3.6 billion, the world’s largest ever settlement in a bribery case, of which €991 million was payable in the United Kingdom. The SFO’s indictment covered five counts of failure to prevent bribery and concerned five jurisdictions – Sri Lanka, Malaysia, Indonesia, Taiwan and Ghana – between 2011 and 2015. Under the terms of the DPA, Airbus SE agreed to full cooperation with the SFO and its law enforcement partners in any future investigations and prosecutions, and disclosure of any subsequent wrongdoing by the company or its employees, subject to applicable laws. In her judgment approving the DPA, Dame Victoria Sharp said:

The seriousness of the criminality in this case hardly needs to be spelled out. As is acknowledged on all sides, it was grave. The conduct took place over many years. It is no exaggeration to describe the investigation it gave rise to as worldwide, extending into every continent in which Airbus operates. The number of countries subject to intense criminal investigation by the various agencies, and the scale and scope of the wrongdoing disclosed in the Statement of Facts demonstrate that bribery was to the extent indicated, endemic in two core business areas within Airbus.

A focus on cross-border cooperation affects the impact and outcome of any criminal investigation, by better enabling the enforcement bodies to obtain evidence spanning multiple jurisdictions and helping ensure that they have sufficient evidence to meet the evidential threshold required for a conviction. However, it has not yet enabled the SFO to convict individuals who are said to have committed the wrongdoing that is the subject of DPAs. More generally, international cooperation depends on the efficient functioning of mutual legal assistance mechanisms, something that will be disrupted by a no-deal Brexit.

5 Have you seen any recent changes in how the enforcement authorities handle the potential culpability of individuals versus the treatment of corporate entities? How has this affected your advice to compliance professionals managing corruption risks?

The key difference between the two is that only a corporate may enter into a DPA. Corporate cases are, in turn, complicated by complex laws on corporate criminal liability. The starting point is that, to convict a corporate of an offence not carrying strict liability, the prosecutor must prove the guilt of the ‘directing mind and will’ of the company (‘the identification principle’). This has proved difficult to establish historically and has led to calls for change to the law. Ten years ago the law was reformed for bribery and corruption cases with the creation of the corporate offence of failure to prevent bribery contained in section 7 of the Bribery Act 2010. This has operated in some ways to bridge this gap and there have been further calls for an additional offence of a more general offence of ‘failure to prevent economic crime’.

Under section 7, a commercial organisation (C) commits an offence where an ‘associated person’ bribes another person intending to obtain or retain business or a business advantage for C. As such, the prosecution must prove, beyond reasonable doubt, that a section 1 or 6 (bribery) offence has been committed in order for the section 7 offence to be made out, even though it does not need actually to convict a person of such a crime before it can prosecute the company. It is a complete defence to a charge, under section 7 of the Bribery Act, for a commercial organisation to demonstrate that it had adequate procedures in place to prevent bribery. It is for the commercial organisation to raise the defence and it bears the burden of establishing the adequacy of its procedures on the balance of probabilities, rather than for the prosecution to establish the inadequacy of C’s procedures beyond reasonable doubt. For that reason advice to compliance professionals remains to consider the legislation, consider the government guidance on the Bribery Act 2010, consider the SFO’s 2020 guidance on evaluating a compliance programme and ensure that your procedures are adequate and embedded within the company.

The challenge facing a company that wishes to make a self-report and enter into discussions with the SFO is that cooperation with the SFO will inevitably prejudice the company’s position in terms of employment issues or civil litigation. This is often a sacrifice that cooperating companies have to make and the difficult decisions needed when wrongdoing first comes to the attention of a company means that early legal advice is essential. The SFO has made clear that early cooperation means within a ‘reasonable time of the offending coming to light’. In practical terms, the SFO wants cooperation to start before the completion of any internal investigation, although in its investigation into G4S the fact that the company did not fully cooperate until several years after the investigation started did not prevent the company being able to enter into a DPA. As the judge commented in approving the agreement, what mattered was ‘the overall level of cooperation’. Delayed or not, the SFO is clear that cooperation will include the supply of any records of interviews undertaken during that internal investigation.

6 Has there been any new guidance from enforcement authorities in your jurisdiction regarding how they assess the effectiveness of corporate anti-corruption compliance programmes?

In January 2020, the SFO published a new section in its Operational Handbook on ‘Evaluating a Compliance Programme’. The guidance given is similar to the US Department of Justice’s 2019 guidance on the topic.

It records the importance of compliance for SFO cases, stating that,

If the SFO is investigating an organisation, it will need to assess the effectiveness of the organisation’s compliance programme. This assessment is relevant in all cases involving an organisation. Its purpose is to inform decisions on the case, including:

• Is a prosecution in the public interest?

• Should the organisation be invited into DPA negotiations and, if so, what conditions should the DPA include?

• Does the organisation have a defence of ‘adequate procedures’ against a charge under s.7 of the Bribery Act 2010 (failure of a commercial organisation to prevent bribery)?

• Might the existence and nature of the compliance programme be a relevant factor for sentencing considerations?

The message from the SFO for corporates and their compliance officers is clear: any compliance programme needs to be ‘effective and not simply a “paper exercise”’. It must be embedded within the company’s culture.

During the current pandemic when companies are under enormous pressure and many employees are working online, it is plainly more difficult for companies to monitor and demonstrate how ‘embedded’ a compliance programme might be. It is vital that companies consider this issue now and take steps to ensure that training is attended and monitored and due diligence issues are considered and recorded. The ways of working may have changed for many corporations but the expectations of the SFO and other enforcement bodies have not. Reviewing this guidance and ensuring compliance programmes measure up to the expectations is vital for any company navigating the current global crisis.

7 How have developments in laws governing data privacy in your jurisdiction affected companies’ abilities to investigate and deter potential corrupt activities or cooperate with government inquiries?

Data processing in the age of the internet has taken on new complexities and legal regulation in recent years. A detailed analysis of mutual legal assistance processes and the EU General Data Protection Regulation (GDPR) is beyond the scope of this chapter, but a few topical points are raised below.

The United Kingdom’s transition period after Brexit will expire on 31 December 2020. Thereafter, the terms on which personal data can be transferred between the European Union and the UK will depend on the scope of the agreement, if any, which is currently being negotiated. In the absence of a deal, the starting point will be that the United Kingdom will be a third-party state for the purposes of EU states’ GDPR compliance and transfers of personal data will be more difficult. In the continued absence of a declaration of adequacy from the European Union (which essentially confirms that the UK has the same standard of personal data protection as the EU), companies will have to assess with particular care the legal basis for any transfer of personal data from the EU to the UK and would be well advised to take specialist advice on the matter.

So far as transfers from the United Kingdom to the EU are concerned, the position is similarly unresolved. This will be a matter for specialist advice but, in the interim, the Information Commissioner’s Office provides a useful resource.

So far as public authorities are concerned, there have been two developments of note. First, the UK–US Bilateral Data Access Agreement has been signed and is understood to be due to come into effect shortly, although, at the time of writing, no date has been announced. When it does come into force, it will enable UK and US law enforcement to obtain electronic data directly from communication service providers (CSPs) in each other’s countries, provided the data is needed for the purposes of criminal investigations into, or prosecutions of, serious crime. This is the first agreement following the UK’s Crime (Overseas Production Orders) Act 2019, which was designed to enable ‘fast-track’ procedures for cross-border data sharing using an overseas production order (OPO). The OPO’s remit of serious crime includes serious fraud, bribery and corruption, and the new powers should inform any steps taken by corporates and their officers when considering the now familiar themes of internal investigations, self-reporting and cooperation. Here they should bear in mind the SFO director’s early commitment regarding cross-border cooperation: ‘I intend to use all the powers at my disposal . . . . My approach will be international, cooperative across all jurisdictions . . .’. The OPO offers the SFO a simple and speedy solution to obtaining electronic data from the United States where so many communication service providers are based. This is all the more significant now that, as a result of the pandemic, even more business than before is conducted electronically. The impact of the OPO for corporates under investigation remains to be seen, but, by removing the need for mutual legal assistance to secure electronic data from CSPs, it should increase the speed with which authorities can carry out their investigations.

Second, we have already referred to R (on the application of KBR Inc) v The Director of the Serious Fraud Office in question 1. It established that, where there is a sufficient connection between the United Kingdom and the recipient of a section 2 notice (requiring the production of material relevant to the SFO’s investigation), such notices have extraterritorial effect. Subject to the Supreme Court’s decision on KBR’s appeal, this offers a direct route for the SFO lawfully to obtain electronic data.

The Inside Track

What are the critical abilities or experience for an adviser in the anti-corruption area in your jurisdiction?

An adviser needs to understand both how the authorities operate and how businesses work. Regarding the latter, this enables them to advise on policies and procedures that are not just effective on paper but practical and capable of effective implementation. If companies can get this right, then there will be no need for their advisers to engage with the authorities. But things do go wrong and it is important, therefore, for advisers to know about the policies that drive decision-making by public authorities, their powers and the negotiating stances they are likely to take.

What issues in your jurisdiction make advising on anti-corruption compliance challenging or unique?

We work in an area where business and the criminal law overlap. From a business perspective, the challenges of Brexit and the pandemic make this a difficult, uncertain time with pressure on income streams. It is all the more important, therefore, that we see compliance cultures hardwired into businesses and full support given to compliance colleagues. From a criminal lawyer’s perspective, we are operating at the cutting edge, with new techniques for establishing corporate liability and disposing of cases, and vigorous arguments over core principles such as privilege.

What have been the most interesting or challenging anti-corruption matters you have handled recently?

Alun Milford: In my time at the SFO I was involved in all the corruption cases and DPAs the office handled, and undertook corruption-related policy work internationally. Private practice provides a different, but equally challenging, perspective, particularly when I have been involved in drafting anti-corruption compliance policies or worked on internal investigations, looking at things through the eye of the company.

Áine Kervick: I have advised clients on many high-profile SFO cases including Libor and represented senior business executives in a number of foreign bribery matters. I regularly advise on the full range of white-collar issues including matters concerning privilege, interviews with enforcement agencies and related extradition advice.