The investigation and prosecution of corporate offending has historically been low on the list of priorities for the United Kingdom. But sustained international criticism, the financial crisis and increasing public anger have prompted increased efforts by a range of government bodies in the UK to combat corporate offending. Recent data leaks, including the Panama Papers, have added to the upward trajectory.
Several bodies are responsible for investigating and prosecuting corporate offending in England and Wales. These include the Serious Fraud Office (SFO), the Competition and Markets Authority (CMA), the Financial Conduct Authority (FCA) and Her Majesty’s Revenue and Customs (HMRC). While there is some overlap in the offences each of the foregoing bodies can investigate and prosecute, their remits are largely separate. In addition, the overlaps that do exist have been addressed by memoranda of understanding that assign primacy in the vast majority of investigations and prosecutions (although concurrent investigations occasionally do occur).
Each of the foregoing bodies has a wide range of powers. The powers typically include the execution of ‘dawn raids’ (whether alone or with the assistance of partner law enforcement agencies such as the police or National Crime Agency (NCA)) and the compulsory production of documents and information. Non-compliance with lawful production orders constitutes a criminal offence in the UK.
Importantly, the service of compulsory production notices tends to override any duties of confidence a recipient otherwise owes to a third party (although not legal professional privilege, which can, unless waived, operate to prevent disclosure – see below). Financial institutions and professional advisers therefore must comply with such notices, absent professional privilege, without fear of being held liable to their clients for breach of confidence.
The SFO is responsible for investigating and prosecuting the most serious cases of fraud and other related economic crimes in the UK. A large part of the SFO’s remit involves the investigation and prosecution of bribery and corruption offences as well as certain financial and competition law offences. The SFO’s powers of investigation are derived from Section 2 of the Criminal Justice Act 1987, which permits the SFO to require persons to answer questions and produce documents.
The SFO has the power to conduct dawn raids (with the practical assistance of the police and the NCA). While the number of such raids in recent years has been low, largely due to the SFO’s high-profile defeat in a judicial review claim by the Tchenguiz brothers,2 the number of such raids has been increasing over the past several months. The SFO conducted several high-profile dawn raids in 2015 and 2016, including on the premises of Soma Oil and Gas in July 2015 and Unaoil in March 2016.
Dawn raids have also historically been used by the UK competition authorities. Since April 2014, the CMA has taken over the competition functions of the now defunct Office of Fair Trading (OFT) and Competition Commission. The CMA is now the main competition regulator in the UK, being responsible for ensuring compliance with the Competition Act 1998 (CA98) and Articles 101 and 102 of the Treaty on the Functioning of the European Union (TFEU).
In carrying out its functions, the CMA has wide-ranging powers derived from CA983 to investigate suspected infringements of competition law. These include the power to request information, whether in the form of documents or answering questions, and conduct various on-site investigations, including dawn raids, examining and making copies of company books and records and requiring computerised information to be produced in a form that is readable.
Since April 2015, the FCA has had concurrent competition law powers for the financial services sector pursuant to which it may, inter alia, prosecute competition law infringements, conduct market studies and refer markets to the CMA for in-depth investigation. The FCA’s main remit, however, is regulating the financial services sector and maintaining the integrity of the UK financial markets.
A wide range of investigatory powers has been conferred upon the FCA by section 168(2) of the Financial Services and Markets Act 2000 (FSMA). Investigations of this type typically relate to allegations of insider dealing, market abuse, making misleading statements, giving misleading impressions or violating the general prohibition appearing in Section 19 of the FSMA.4 Relevant powers include the power to interview any person (whether or not the subject of the investigation), compel the production of documents and information, and compel any person to give such assistance as he or she is ‘reasonably able to give’.
HMRC is responsible for investigating tax and revenue related offences in England and Wales. In doing so, it has a wide range of civil and criminal investigatory powers. Its civil powers derive from the Finance Act 2008 and include the power to obtain information and documents under compulsion as well as inspect premises. HMRC’s criminal powers are derived from a range of statutes, the main one being the Police and Criminal Evidence Act 1984 (PACE).5 PACE confers a broad range of investigative powers on HMRC, including search and seizure and compulsory document production.
Each of the SFO, CMA and FCA are empowered both to investigate and prosecute relevant offences falling within their remit. HMRC by contrast is only responsible for investigation. The prosecution of tax-related offences has been assigned to the Crown Prosecution Service. The decision to prosecute is required to be made in accordance with the Full Code Test in the Code for Crown Prosecutors in relation to criminal offences and applicable codes of practice or guidance otherwise.
Against a backdrop of ever increasing regulation and enforcement, self-reporting is an issue many corporates will have to grapple with at some stage. The starting point for the majority will be the same: while there generally is no legal obligation to self-report in the UK, self-reporting may or may not – depending upon a variety of factors and circumstances – be advantageous.
The most well-developed self-reporting regime in the UK is operated by the CMA in relation to cartels, which provides for three types of immunity or leniency for corporates from the imposition of financial penalties.6 Whether full immunity is granted will depend largely upon the timing of the self-report. Greater credit is given the earlier the self-report is made. Broadly, the first to report, provided the self-report is made before the CMA has begun its own investigation, will qualify for leniency (subject to the satisfaction of additional criteria).
A discretionary sliding scale of leniency is offered to those who come forward after an investigation already has begun or when the particular corporate is not the first to do so. The highest and broadest type of leniency, Type A, can offer full corporate immunity from fines as well as immunity from criminal prosecution for all current and former directors, officers and employees who cooperate with the CMA. Timely self-reporting therefore can be crucial in the context of competition infringements.
A less generous but nonetheless significant self-reporting regime is operated by the SFO. While the SFO’s guidance on corporate prosecutions has made clear for some time that a self-report may be taken into account as a public interest factor tending against prosecution,7 only recently – with the advent of Bribery Act 2010 (UKBA) offences, the availability of deferred prosecution agreements (DPAs) and an increasingly aggressive approach by the SFO – has this guidance actually begun to prompt some self-reporting. The recent and contrasting cases of Standard Bank8 and Sweett Group9 demonstrate the point.
Standard Bank self-reported possible misconduct before having begun an internal investigation. By contrast, the Sweett Group self-reported potential misconduct only after allegations of misconduct had appeared in the press. The difference in outcome is striking: the Standard Bank matter was resolved by means of a DPA while the Sweett Group was convicted of a criminal offence (although it should be noted that a number of additional factors likely contributed to the differential outcomes of the Standard Bank and Sweett Group matters).
The approach taken by Standard Bank was praised by the court. Further, in presenting the proposed DPA to the court, the SFO stated that Standard Bank’s early self-report had been a major factor causing the SFO to seek to resolve its investigation of Standard Bank by means of a DPA. Meanwhile, the Sweett Group does not appear to have obtained any meaningful credit from the SFO or the court for what both apparently concluded had been an unjustifiably belated self-report.
Whether the SFO’s repeated encouragement of early self-reporting, coupled with the SFO’s sparing use of its authority to seek to resolve matters by means of a DPA rather than a full criminal prosecution, will produce a sustained increase in self-reporting – comparable to the self-reporting from which the US Department of Justice (DOJ) and US Securities and Exchange Commission (SEC) long have benefited – remains to be seen. Despite the differential outcomes of the Standard Bank and Sweett Group matters, a substantial case can be made in favour of further consideration by the SFO of whether the SFO has assessed properly the current incentives and disincentives to self-reporting on matters subject to the SFO’s jurisdiction.
The FCA has had a longer history than the SFO of taking significant and consistent enforcement action against the firms it regulates. Self-reporting by FCA regulated firms is far more routine for the FCA than the SFO – indeed, it is largely compulsory. Pursuant to the FCA’s high-level principles for business, regulated firms are required to deal with the FCA in an open and cooperative way, disclosing anything relating to the firm and the firm’s corporate group of which the FCA reasonably would expect notice.10 Suspicion or evidence of wrongdoing by FCA regulated firms falls within the scope of this requirement and thus should be, and generally is, reported to the FCA as a matter of course.
Since July 2015, the foregoing self-reporting obligations have been extended to competition law infringements.11 Consequently, FCA regulated firms are now expected to self-report instances of significant infringements of competition law to the FCA. Self-reporting is, as has been stressed in recent FCA pronouncements, deemed currently to be a bare minimum requirement by the FCA12 and enforcement action is typically taken if that requirement is breached. A recent enforcement action reflecting that trend ended with Deutsche Bank AG being fined £227 million for misconduct in manipulating LIBOR and EURIBOR and the bank’s failure to deal with the FCA in an open and cooperative way.13
The decision to self-report in the UK often is influenced or driven by the application of the UK money laundering regime. The Proceeds of Crime Act 2002 (POCA) includes several money laundering offences predicated on the commission of one or more criminal offences that have produced revenues in or remitted revenues into the UK. Broadly, the only way liability for POCA offences can be avoided is by reporting the underlying criminal conduct. That is especially so for those operating in the regulated sector – for the most part, financial institutions and professional advisers – which are subject to function-specific reporting obligations under POCA.
ii Internal investigations
Internal investigations have become increasingly common in recent years due largely to the increase in UK enforcement action and the severity of penalties that are increasingly being imposed. While the UK authorities do not necessarily require corporates to carry out internal investigations when they suspect wrongdoing, they typically expect to see that some action has been taken when evidence of possible misconduct is discovered or reports of possible misconduct are received. The type of action that is expected varies, however, between and among the pertinent authorities.
The SFO has made clear that the primary responsibility for investigating possible misconduct within the SFO’s remit falls squarely upon the SFO.14 That said, SFO officials have said that they understand that ‘up to a point’ corporates will need to do some work to investigate possible misconduct, if only to determine preliminarily whether the evidence of misconduct that has been discovered or the report of misconduct that has been received warrant the SFO’s attention.
At the same time, SFO officials have said repeatedly that they will not tolerate internal investigations that ‘trample over the crime scene’ and expect corporates to cooperate with the SFO’s investigation rather than duplicating it. Further, SFO officials have stressed repeatedly that they will not accept self-reports at face value, no matter how comprehensive or seemingly objective the reports appear to be, and are committed to conducting their own investigation to establish the pertinent facts.15
The SFO’s begrudging tolerance for internal investigations is in stark contrast with the encouragement for internal investigations that has long emanated from officials at the DOJ and SEC. Given the SFO’s rather paltry budget, at least when compared with the resources that have been given to the DOJ and SEC, the SFO’s attitude toward internal investigations is somewhat surprising.
In addition, it is not at all clear how a corporate-funded investigation would ‘trample over the crime scene’, particularly when such investigations are geared toward collecting and preserving potentially pertinent electronic and other evidence that may be lost by the mere passage of time or pursuant to the company’s long-standing document retention programme. Further, the SFO has not explained how its approach to internal investigations can be squared with a company’s duty, when suspecting past misconduct, to move promptly to avoid future misconduct – a responsibility that can be difficult to meet if the corporate is deprived of the ability to conduct a prompt internal investigation.
The SFO’s approach to internal investigations is mirrored in important respects by the FCA.16 While encouraging internal investigations in some contexts, the FCA has discouraged them when the suspicion that has arisen relates to suspected market abuse or other criminal conduct. In those circumstances, the FCA expects firms not to carry out their own investigation, purportedly due to the risk of the FCA’s investigation being compromised or potential suspects being alerted. Importantly, the FCA – like the SFO – expects to be involved from an early stage to discuss the nature and scope of any internal investigation the particular company has proposed to undertake or commission.
Both the FCA and SFO expect corporates to provide them with the fruits of any internal investigation they have undertaken or commissioned together with underlying supporting materials. Although privileged material is said to be protected from mandatory production, the FCA and SFO often have demanded production of – at the very least – the factual narrative in any internal investigation report that has been prepared. In one recent case, a corporate reportedly negotiated a compromise agreement with the SFO – agreeing to provide an oral summary of the internal investigation report as well as underlying documents rather than the report itself. In still other cases, corporates have chosen to provide the FCA and SFO with the full internal investigation report, seeking thereby to earn maximum cooperation credit.
Internal investigations tend to be conducted routinely in a competition law context, typically to support leniency applications. The relatively low evidential threshold for such applications coupled with the significant advantages of an early application usually result in a more detailed internal investigation being carried out post-application. Both pre-application and post-application internal investigations must be carried out with extreme caution, however, due to the risk of ‘tipping off’ other participants in the suspected cartel activity. The CMA has issued guidance on how that should be managed.17
Importantly, while the CMA does not require a waiver of legal privilege as a requirement of leniency or otherwise, it does require corporates to keep a detailed note of all actions undertaken as part of any internal investigation they have conducted or commissioned, including the identities of any witnesses who were interviewed, the nature of the questions that were asked of them and their respective responses. The note is required to be retained until the conclusion of any proceedings the CMA initiates. Any refusal or inability to do so may be viewed by the CMA as an application not meeting the conditions for leniency.
Whistle-blowers are afforded a number of workplace and non-workplace related protections in England and Wales. Workplace protections derive from the Public Interest Disclosure Act 1998 (PIDA), which protects qualifying disclosures made to, inter alia, employers and ‘prescribed persons’, including the CMA, SFO, FCA and HMRC.
To qualify for protection, the disclosure that is made must relate to a failure such as the commission of a criminal offence or breach of a legal obligation. The disclosure also must be motivated by a reasonable belief on the part of the whistle-blower that such failure occurred and that its disclosure is in the public interest.
If the disclosure satisfies PIDA criteria, it will be protected and employees dismissed unfairly or suffering detriment as a result of their disclosure may seek potentially unlimited compensation from their employer. Companies are expected to have procedures for dealing with whistle-blowing, especially when regulated by the FCA.18 At a minimum, a company will be expected to consider whether any further steps are required as a result of any disclosure that is made such as whether further investigation or the implementation of remedial actions are needed.
Non-workplace protection is given to witnesses and victims through the Code of Practice for Victims of Crime and the Witness Charter, which most prosecuting authorities, including the SFO and FCA, are legally bound to apply. These provide broad protections to disclosures and the treatment of victims and witnesses. Importantly, however, the relevant UK authorities typically are reluctant to advise whether a particular disclosure will qualify as a protected disclosure under PIDA.
i Corporate liability
Save when otherwise provided by statute, a corporate will be liable for the offences it commits just as it would be if it were an individual. As a corporate can only act through natural persons, such liability is based on acts committed by its respective officers or employees in the course of employment. Liability is attributed through one of two means: vicarious liability or the identification principle.
Vicarious liability typically arises from the commission of a strict liability offence, namely offences that do not require fault or intention on the part of the offender. Such offences usually are created expressly by statute and are most common in quasi-regulatory areas of the criminal law such as health and safety standards and trading standards.
The ‘identification principle’ is by contrast fault-based and attributes to the company the acts and state of mind of those who represent the company’s directing mind and will. The identification principle does not attribute to the company the acts and state of mind of all employees but only those who are serving on the company’s board of directors, the managing director and other superior officers carrying out management functions.19
Because of the limited number of strict liability offences, most corporate prosecutions in the UK are based upon – and require application of – the identification principle. That often poses significant difficulty to prosecutors. The larger the company or the more diffuse its corporate structure, the more difficult it often is to attribute liability to the company. That has prompted widespread criticism of the identification principle in the UK, including most recently by the Director of Public Prosecutions in relation to the ‘phone hacking’ scandal when the absence of corporate prosecutions was laid at the door of the identification principle.20
New legislation, such as the proposed corporate offence of facilitating tax evasion,21 is likely to be modelled on Section 7 of the UKBA, which utilised a ‘failure to prevent’ model of liability providing for quasi-strict liability for the acts of persons associated with a company, thereby avoiding application of the identification principle. Such associated persons include anyone who performs services for or on behalf of the company and explicitly includes its employees. An extension of the ‘failure to prevent’ model of liability to a broader range of economic crimes, including fraud and money laundering, also is to be considered later this year.22 This new model is likely to make corporate prosecution simpler and already has, as seen above, facilitated a DPA and prosecution respectively in Standard Bank and Sweett Group.
As regards representation, when both the corporate and its employees are being investigated, both typically are not represented by the same counsel. While joint representation sometimes occurs at the beginning of an investigation, the interests of the corporate and the corporate’s employees often diverge early in the investigation, requiring separate representation. The costs of an individual’s representation may be covered by directors’ and officers’ liability insurance, although it is common for such policies to require any funds that are dispensed to be returned if the recipient of the funds ultimately is convicted of a criminal offence.
Individuals do not always have the right to legal representation at an interview in the UK even when the interview occurs in a criminal context. By way of example, when a representative of the SFO is interviewing an individual pursuant to the SFO’s powers under Section 2 of the Criminal Justice Act 1987, the SFO is not required to permit a solicitor to be present at the interview or wait for one to arrive before beginning the interview. Similarly, since the Divisional Court’s decision in R (Lord, Reynolds and Mayger) v. Serious Fraud Office,23 the SFO has been empowered to – and often does – exclude company lawyers from attending employee interviews (even over the employee’s objection).
By contrast, individuals in the UK have the right to legal representation when being interviewed as a criminal suspect. In such circumstances, the PACE Code of Conduct gives such individuals the right to consult and communicate privately with a solicitor at any time during the interview.24 Such interviews are usually carried out at a police station following arrest, although certain authorities – such as the SFO – often insist upon conducting such interviews on the SFO’s own premises.
Other rights and duties of an individual being interviewed in a criminal context likewise depend upon the individual’s status. The target of a criminal investigation in the UK generally can decline to answer the questions put to him or her. But an individual being interviewed as a witness must answer any and all questions that are asked of him or her.
If a target of a criminal investigation in the UK exercises his or her right to remain silent when being interviewed but provides at trial a response on which the target seeks to rely in defence, the court may draw an adverse inference from the target’s silence during the interview. By contrast, a response that an individual who was not a target was required to provide when being interviewed generally cannot be used against that individual in a subsequent criminal prosecution.
Sanctions for corporate misconduct have become increasingly severe in England and Wales with nominal fines or non-criminal, regulatory outcomes no longer being guaranteed. There has been in recent years a sea change in the approach taken by many UK prosecutors to corporate offending, with substantial financial penalties and other severe criminal consequences seeming to increase with each passing year.
The FCA is at the forefront of the foregoing trend. During 2015 alone, the FCA imposed a total of £905,219,078 in fines for regulatory breaches.25 The number of FCA criminal prosecutions also has steadily increased and criminal prosecutions remain one of the FCA’s key goals in 2016.26 Regulatory fines and criminal prosecutions are, however, only two of the FCA’s many disciplinary and enforcement powers. The FSMA27 gives the FCA power to impose a range of regulatory sanctions on those it regulates, from mere public censure at one end to the suspension or cancellation of FCA authorisation and the imposition of substantial regulatory fines at the other.
The FCA’s Decision Procedure and Penalties Manual28 sets out a non-exhaustive list of factors the FCA is supposed to consider when determining what action to take in a particular matter. These include the nature, seriousness and impact of the suspected breach, the conduct of the firm or approved person after the breach occurred or was discovered (including how quickly, effectively and completely the breach was brought to the FCA’s attention), the disciplinary record and compliance history of the firm or approved persons, any published guidance by the FCA and any action taken by the FCA in similar cases. In addition, the FSMA gives the FCA power to prosecute criminal offences such as insider dealing pursuant to the Criminal Justice Act 1993 and breaches of the Money Laundering Regulations 2007.
Like the FCA, the CMA has both civil and criminal powers with respect to competition law infringements. The civil remedies available to the CMA range from settlement accompanied only by the making of certain commitments to the imposition of financial penalties. Settlement is a voluntary process29 pursuant to which the infringing firm makes an unequivocal admission of liability and in return may receive a discount of up to 20 per cent of the penalty that otherwise would have been imposed. Commitments and directions are agreements between the firm and the CMA that, if not complied with, can be enforced through the courts.30
Commitments are accepted by the CMA only when the CMA deems, inter alia, its concerns to be capable of being fully addressed by the commitments. Similarly, directions are imposed only if the CMA is of the view that they are sufficient to bring the particular infringement to an end.31 The most significant civil power at the CMA’s disposal is the power to impose financial penalties of up to 10 per cent of a firm’s worldwide turnover in the business year preceding the date on which the CMA’s decision is taken.32
The CMA and SFO both can criminally prosecute individuals who are suspected of having committed a cartel offence.33 By contrast, the CMA and SFO can impose upon corporates only civil sanctions for anticompetitive conduct. Whether that will continue to be so, despite the criticism that appears to be growing in the UK of the traditional limitations on corporate criminal liability, remains to be seen.
The SFO is responsible for prosecuting serious or complex fraud, bribery and other forms of corruption. The SFO has two options for resolving such conduct in the case of corporates: entry into a DPA or a criminal prosecution. DPAs were introduced in the UK in February 201434 as a discretionary tool enabling prosecutors to enter into agreements with offending corporates, under the supervision of a judge, to suspend prosecution for a defined period of time so long as the corporate meets specified conditions during that time.
The criteria for entry into a DPA are high. To date, there has only been one resolution of corporate offending by means of a DPA – the Standard Bank case. The Joint SFO and CPS Deferred Prosecution Agreements Code of Practice makes clear that the SFO is ‘first and foremost’ a prosecutorial authority and that the SFO and CPS will offer a DPA instead of pursuing a full prosecution only in exceptional cases.35 The public interest factors prosecutors are supposed to take into account when coming to such a decision include the corporate’s history of similar conduct, whether the conduct being addressed is part of the corporate’s established business practices, whether the corporate had an effective compliance programme and whether the corporate self-reported the matter within a reasonable period after the offending conduct was discovered.36 Importantly, the court is involved throughout the DPA process and ultimately must approve any DPA that is proposed.
Criminal prosecution or resolution of offending by means of a DPA can have a significant effect on the corporate from a public procurement perspective. The Public Contracts Regulations 2015 (the Regulations)37 provide for mandatory debarment when a corporate is convicted of certain criminal offences. Such offences include the active bribery offences in Sections 1, 2 and 6 UKBA (although not the adequate procedures offence in Section 7 UKBA). Mandatory debarment sometimes can be avoided if the corporate is able to demonstrate that it has adequately remediated the offending conduct. Absent such a showing, however, a criminal conviction triggers mandatory debarment. By contrast, entry into a DPA does not trigger mandatory debarment. Discretionary debarment may be ordered, however, depending upon the circumstances surrounding the DPA as well as in relation to any Section 7 UKBA violations.
Corporate tax offences are largely resolved by HMRC in line with its applicable Code of Practice by means of a civil resolution.38 Factors that may contribute to a criminal outcome include a suspicion of deliberate concealment, deception, conspiracy or corruption or when there is a link to suspected wider domestic or overseas criminality.
iii Compliance programmes
The existence of an effective compliance programme can be relevant to both liability and penalty, depending on the circumstances. While the existence of adequate procedures is a defence only to the Section 7 UKBA corporate offence of failing to prevent bribery, it may nonetheless be taken into account when considering the issue of penalty.
Section 7 UKBA provides for a defence to the corporate offence of failing to prevent bribery by persons associated with the corporate when such bribery is intended to obtain or retain a business advantage for the corporate. To be deemed to be adequate, the procedures must accord with the six principles set out in the Ministry of Justice’s guidance on the UKBA39 – proportionality, top-level commitment, risk assessment, due diligence, communication (including training) and monitoring, and review. The principles are overarching principles and, as such, each set of procedures must be tailored to the individual corporate.
To date, no corporate has relied successfully upon the adequate procedures defence. In both the Standard Bank and Sweett Group cases, the policies and procedures that had been implemented were not found to be adequate. Indeed, in Standard Bank, the bank agreed as part of its DPA to commission an independent review of its anti-bribery and corruption controls, policies and procedures. As such, the exact requirements of the adequate procedures defence are not yet clear. How often such a defence will save a company from prosecution or an adverse outcome, particularly when assessed after corporate wrongdoing has been established, is a still open question.
As regards competition offences, the CMA’s Penalty Guidance40 makes clear that compliance activities can merit in particular cases a penalty discount of up to 10 per cent. The starting point in that regard is neutral so that the mere existence of compliance efforts will not necessarily be treated as a mitigating factor. Evidence of adequate steps being taken to achieve a clear and unambiguous commitment to competition law compliance throughout the organisation (from the top down), together with appropriate steps having been taken relating to competition law risk identification, risk assessment, risk mitigation and review activities, often are treated as mitigating factors.
For firms regulated by the FCA, and therefore bound by the provisions of the FCA Handbook, the establishment and maintenance of effective systems and controls for compliance with applicable requirements and standards and for countering the risk of the firm being used to further financial crime is mandatory.41 When a firm has not adopted such measures, it should expect to incur liability that is commensurate with the inadequacy of the measures it has taken. In fact, the FCA has sometimes penalised firms for not having established effective compliance systems and controls even in the absence of any other misconduct.42
iv Prosecution of individuals
When a corporate is prosecuted, it is usual in England and Wales for enforcement action also to be taken against culpable individuals. Guidance, such as that setting out the common approach of the CPS and SFO (and formerly the prosecutorial arm of HMRC),43 makes clear that prosecution of a company is not a substitute for the prosecution of criminally culpable individuals such as directors, officers or employees. The reason cited for that policy is that prosecution of culpable individuals provides a strong deterrent against future corporate wrongdoing.
When enforcement action is taken against an individual, it can pose a number of issues for the corporate involved. In particular, corporates must be mindful of any employment law obligations they owe toward such employees and ensure that any action they take against them is commensurate with the misconduct that has been identified.
The most common step taken against employees suspected of wrongdoing in the course of an investigation (whether internal or external) is suspension. The timing of the suspension must be considered carefully, however, as suspension for the entire duration of an investigation may not be deemed to be fair and reasonable from an employment law perspective. Suspension therefore usually occurs only after the particular employee has been interviewed as a suspect or charges have been made against such individual.
While there is no requirement for corporates to pay for an individual’s legal representation (save for any provisions to the contrary in the individual’s employment contract), it is common for corporates to do so in the beginning stages of an investigation. As the majority of those charged tend to be senior officers of the corporate – namely, those constituting its controlling mind and will – such individuals often also are able to rely upon directors’ and officers’ liability insurance, which may provide cover until the individual is found to be guilty or otherwise to be at fault (see above).
i Extraterritorial jurisdiction
Typically, jurisdiction over criminal conduct is state specific. A state usually will have jurisdiction only when some or all of the offence takes place within its territory or the accused and/or victim is a national of that state. The exception is when principles of universal jurisdiction apply, such as in relation to war crimes, or the relevant jurisdiction has enacted laws with extraterritorial effect.
In the UK, it is well-established that statutes are not to be interpreted as having extraterritorial effect unless they expressly state otherwise. In recent years, a number of such statutes have been enacted. The effect of this is that UK authorities, depending on the circumstances of the particular case, may prosecute offences that took place overseas, whether wholly or in part, when there is some sort of connection to the UK such as through incorporation, nationality or residency.
Key offences with extraterritorial effect include:
- a fraud under the Fraud Act 2006;
- b dishonesty under the Criminal Justice Act 1993;44
- c terrorism under the Terrorism Act 2000 and Terrorism Act 2006;
- d bribery under the UKBA; and
- e money laundering under POCA.
The UKBA has exceptionally broad extraterritorial effect. Corporates that carry on a business or part of a business in the UK may incur liability under Section 7 UKBA for bribery committed anywhere in the world for their benefit by persons associated with them irrespective of whether those persons have any other connection to the UK. Liability for both UK incorporated companies as well as those that merely carry on business or a part of a business in the UK therefore extends to acts committed on their behalf abroad.
In relation to money laundering, Part 7 of POCA makes clear that liability for money laundering offences may be predicated on criminal conduct that occurred abroad. The only additional requirements are that such overseas criminal conduct constituted a criminal offence in the UK when it occurred and proceeds of the overseas criminal conduct have been transferred, in some manner, to the UK.
The UKBA and POCA are part of a trend in UK law to provide liability for offences taking place abroad. Consultations recently have been held for the introduction of a new corporate criminal offence of failure to prevent tax evasion. Draft legislation has been published in that connection modelled on Section 7 of the UKBA, proposing strict liability on corporates that fail to implement adequate procedures to prevent tax evasion. Consultation on the draft legislation and accompanying guidance is due to close on 10 July 2016.
ii International cooperation
With the internationalisation of business, it is becoming increasingly common for cases to involve criminality or participants in more than one jurisdiction. Law enforcement and prosecutorial authorities increasingly are dealing with that challenge through a variety of formal and informal channels.
The UK has enacted a number of statutes to facilitate the sharing of information between and among domestic and overseas authorities for the investigation and prosecution of crime. Such information gateways include Part XXIII of FSMA, which permits the disclosure of confidential information for the purpose of allowing the performance of a public function and Section 68 of the Serious Crime Act 2007, which permits public authorities to disclose information to other organisations to prevent fraud.
A number of memoranda of understanding (MoUs) exist between the various UK authorities as well as with their international counterparts. Examples of domestic MoUs include the MoU on Tackling Foreign Bribery, of which the FCA, SFO, NCA and the City of London Police are signatories; the MoU between the CMA and the SFO; and the MoU between the CMA and the FCA in relation to concurrent competition powers. International MoUs include the MoU between the FCA and the SEC.
In addition to such domestic statutes and MoUs, the UK has signed a number of multilateral and bilateral mutual legal assistance (MLA) treaties enabling UK prosecuting authorities to obtain evidence overseas. These include the European Convention on Mutual Assistance in Criminal Matters 1959, the Convention on Mutual Legal Assistance in Criminal Matters between the Member States of the European Union 2000, the United Nations Convention against Corruption 2003, the Commonwealth Scheme Relating to Mutual Assistance in Criminal Matters (1986) and various bilateral agreements with individual states such as the US. Section 7 of the Crime (International Co-operation) Act 2003 also provides for UK prosecutors to obtain overseas evidence through letters of request.
In addition to the formal means of information gathering mentioned above, law enforcement authorities in the UK can draw upon an array of informal information exchange networks. It is not uncommon for UK authorities to speak on an informal basis with their foreign counterparts. Issues of forum and investigation primacy tend to be resolved following informal discussion, particularly in reasonably straightforward or uncomplicated cases. More complicated cases may require prosecutors to engage the more formal MLA means of information exchange.
As a result of the foregoing measures, corporates being investigated in one jurisdiction should be conscious that information regarding the investigation, especially if touching other jurisdictions whether through relevant conduct or some other territorial nexus, will often be made available to law enforcement or prosecutorial authorities overseas. China, to cite only one example, recently initiated a bribery prosecution of one company that previously had been convicted of bribery in China by an overseas prosecutor.
A further possible consequence of MLA arrangements between states is the extradition of individuals. Two types of extradition exist in the UK: import extradition and export extradition. The former relates to a request from the UK to another state for the extradition of a person to the UK. The latter relates to a request by another state for the extradition of someone from the UK. Importantly, not all offences are extraditable offences.
The Extradition Act 2003 (the 2003 Act) regulates both import and export extradition. Part 1 of the 2003 Act regulates export extradition to category 1 states. These are EU Member States that have implemented the European Arrest Warrant mechanism. For the most part, dual criminality is required to be shown in that the relevant conduct must also constitute an offence in the UK. Part 2 of the 2003 Act regulates export extradition to category 2 states – that is, to non-EU Member States.
Decisions regarding extradition to non-EU Member States ultimately are made by the UK Secretary of State. Various restrictions apply to extradition from the UK such as whether the death penalty might be imposed or whether further extradition to a third state could ensue following initial extradition. Import extradition is regulated by Part 3 of the 2003 Act. As with export extradition, the applicable mechanism for import extradition generally depends upon whether the relevant state is a category 1 or 2 state. Whether such requests are granted is ultimately determined, of course, by the overseas state.
iii Local law considerations
One of the central issues in cross-border investigations, especially those involving the US, is the application of the UK data protection regime. The UK Data Protection Act 1998 (DPA) prohibits the transfer of personal data from the UK to a place outside the European Economic Area unless that jurisdiction or territory is able to ensure a UK equivalent level of protection to those to whom the data belongs. Whether a jurisdiction or territory is deemed to provide an adequate level of protection is decided by the European Commission.45
Until 2015, personal data were permitted to be transferred to those US companies (other than those in certain sectors such as financial services, transport and telecommunications) that had agreed to adhere to the ‘Safe Harbor’ framework agreed between the European Commission and US. But the Court of Justice of the European Union invalidated the ‘Safe Harbor’ framework in October 2015 in Maximillian Schrems v. Data Protection Commissioner.46 Since that decision, negotiations have been under way between the European Commission and US government for a replacement framework.
Legal professional privilege is another issue that must be considered from the beginning of an investigation. England and Wales recognises both legal advice privilege and litigation privilege in relation to advice provided by both in-house and external counsel. The only exception is in relation to competition law where, because of the decision in Akzo Nobel Chemicals Ltd v. European Commission,47 in-house lawyers have been deemed to be outside the bounds of legal privilege. Advice given by external counsel in the course of an EU competition investigation still is regarded, however, to be protected by legal professional privilege.
Importantly, the issue and extent of legal professional privilege in the UK is currently in flux as it is becoming increasingly common for authorities to seek the production of investigation materials arguably subject to legal professional privilege, such as first account witness interviews, as a sign of cooperation. It remains to be seen how this issue will be resolved.
V CONCLUSIONS AND OUTLOOK
Tackling corporate crime has become a key political priority for the UK in recent years. With it has come a raft of legislative measures aimed at providing additional routes to corporate liability and tougher sentencing.48 The coming year likely will be no exception in that regard with two potential pieces of legislation already pointing in that direction.
HMRC launched in April 2016 a consultation on the wording of new draft legislation and guidance for a corporate offence of failing to prevent tax evasion.49 The consultation outlines three situations to which the offence would apply – namely, when (1) a UK-based corporate fails to prevent those who act on its behalf from facilitating a UK tax loss; (2) a non-UK based corporate fails to prevent those who act on its behalf from facilitating a UK tax loss; and (3) a UK-based corporate fails to prevent those who act on its behalf from facilitating a tax loss overseas, when the jurisdiction suffering the tax loss has laws equivalent to those in the UK.
The foregoing offences, as proposed, appear to be modelled on the strict liability ‘failure to prevent’ model used in the Section 7 UKBA offence. Whether they will remain in that form following the end of the consultation in July 2016 is uncertain. But they do signal a desire on the part of the UK government to tackle tax evasion and penalise those corporates deemed to be facilitating it. The UK government is also considering extending the ‘failure to prevent’ model of liability to a broader range of economic crimes, including fraud and money laundering, and recently announced its intention to launch a consultation on the proposal later this year.
Similarly, the Policing and Crime Bill 201650 (the 2016 Bill) seeks to introduce extensive new provisions regarding financial sanctions breaches. Historically, very few prosecutions have been brought in the UK for the breach of financial sanctions. The 2016 Bill suggests that the current UK government wants to change that. The 2016 Bill not only increases the maximum term of imprisonment from two to seven years but also provides for a new civil monetary penalty regime. Pursuant to the proposed regime, HM Treasury could impose a monetary penalty of up to £1 million on a person if it is satisfied that, on the lower civil standard of probabilities, the person breached or failed to comply with the UK financial sanctions regime.
When the breach or failure relates to particular funds or economic resources and it is possible to value them, the maximum fine that has been proposed is the greater of either £1 million or 50 per cent of the estimated value of the funds or resources. As such, when it is possible to put a value on the breach, the fine could well be significantly in excess of £1 million. This combined with additional provisions permitting such breaches to be dealt with by means of a DPA and the establishment in March 2016 of the Office of Financial Sanctions Implementation, a body dedicated to the implementation and enforcement of financial sanctions, suggests that the coming year may see increased enforcement action for breach of financial sanctions.
Whether or not additional legislation ultimately is introduced, it is clear that the investigation and prosecution of corporate wrongdoing has gained significant momentum in the UK in recent years. Whether the pertinent UK authorities can build on that momentum will be one of the stories to follow over the next year or two. What is clear, however, is that a range of UK prosecutors now have at least some of the tools they previously lacked to address corporate misconduct as well as increased political backing to do so.
1 Jeff Cottle and John Rupp are partners and Alex Melia is an associate at Steptoe & Johnson.
2 Tchenguiz v. Serious Fraud Office  EWHC 2254 (Admin) dealt with the execution of a search warrant on the business premises of prominent UK businessmen Robert and Vincent Tchenguiz for documents pertaining to the collapse of the Icelandic bank Kaupthing. The High Court held in the foregoing case that the SFO search had been unlawful because the SFO had obtained the underlying warrant through misrepresentation and that the SFO had failed to disclose salient facts to the judge who had issued the warrant.
3 As amended by the Enterprise and Regulatory Reform Act 2013.
4 Section 19 of the FSMA makes it a criminal offence to carry out any regulated activities in the UK without prior authorisation from the FCA.
5 As amended by the Finance Act 2007.
6 While the CMA does carry out both civil and criminal investigations, only individuals may be prosecuted for the criminal cartel offence. Corporates are only liable to financial penalties.
7 See the Joint Guidance on Corporate Prosecutions issued by the Director of Public Prosecutions, the Director of the SFO and the Director of the Revenue and Customs Prosecutions Office (www.sfo.gov.uk/ publications/guidance-policy-and-protocols/corporate-self-reporting/).
8  Lloyd’s Rep. F.C. 102 and  Lloyd’s Rep. F.C. 91.
9 See www.sfo.gov.uk/cases/sweett-group/.
10 See Principle 11 of the FCA Principles for Businesses at PRIN 2.1 of the FCA Handbook (www.handbook.fca.org.uk/handbook/PRIN/2/1.html).
11 See FG15/8: The FCA’s concurrent competition enforcement powers for the provision of financial services (www.fca.org.uk/static/documents/finalised-guidance/fg15-08.pdf).
12 See speech by Jamie Symington, the FCA Director of Enforcement (Wholesale, Unauthorised Business and Intelligence), of 5 November 2015 (www.fca.org.uk/news/speeches/internal-investigations-by-firms-#).
13 See www.fca.org.uk/news/deutsche-bank-fined-by-fca-for-libor-and-euribor-failings.
14 See speech by Ben Morgan, Joint Head of Bribery, of 20 May 2015 at the Global Anti-Corruption and Compliance in Mining Conference 2015 (www.sfo.gov.uk/2015/05/20/compliance-and-cooperation/).
15 See speech by Matthew Wagstaff, Joint Head of Bribery, of 18 May 2016 at the 11th Annual Information Management, Investigations Compliance eDiscovery Conference (www.sfo.gov.uk/2016/05/18/role-remit-sfo/).
16 See FCA Handbook, Enforcement Guide 3.11 (www.handbook.fca.org.uk/handbook/EG/PDF/Archive/?view=chapter).
17 See July 2013 OFT Guidance, adopted by the CMA, on Applications for leniency and no-action in cartel cases (www.gov.uk/government/uploads/system/uploads/attachment_data/file/284417/OFT1495.pdf).
18 The FCA published new rules in relation to whistle-blowing on 7 July 2015 requiring certain regulated firms to implement procedures for handling whistle-blowing disclosures as well as a senior manager as their whistle-blowing champion (see www.fca.org.uk/news/fca-introduces-
19 Tesco v. Supermarkets Ltd v. Nattrass  AC 153.
20 The Director of Public Prosecutions stated ‘the law on corporate liability in the United Kingdom makes it difficult to prove that a company is criminally liable if it benefits from the criminal activity of an employee, conducted during their employment’ (www.cps.gov.uk/news/latest_news/no_further_action_to_be _taken_in_operations_weeting_or_golding/).
21 See government consultation on tackling tax evasion (www.gov.uk/government/consultations/
22 See government press release (www.gov.uk/government/news/new-plans-to-tackle-
23  EWHC 865 (Admin).
24 See PACE Code C, paragraph 6 (www.gov.uk/government/uploads/system/uploads/attachment_data/file/364707/PaceCodeC2014.pdf).
25 FCA fines in 2014 totalled £1,471,431,800 and £905,219,078 in 2015.
26 See www.fca.org.uk/static/channel-page/business-plan/business-plan-2015-16.html.
27 As amended by the Financial Services Act 2012.
28 See DEPP 6.1 (www.handbook.fca.org.uk/handbook/DEPP/6/?view=chapter).
29 Historically, settlement took place informally. Section 42 of the Enterprise and Regulatory Reform Act 2013, however, introduced a formal settlement procedure.
30 Sections 31E and 34 of the Competition Act 1998.
31 Section 32 and 33 of the Competition Act 1998.
32 Pursuant to the Competition Act 1998 (Determination of Turnover for Penalties) (Amendment) Order 2004 (SI 1259/2004).
33 As set out in Section 188 of the Enterprise Act 2002.
34 Pursuant to Schedule 17 of the Crime and Courts Act 2013.
35 See Section 2.1 of the Joint SFO and CPS Deferred Prosecution Agreements Code of Practice (www.sfo.gov.uk/publications/guidance-policy-and-protocols/deferred-prosecution-agreements).
36 See Section 2.8 of the Joint SFO and CPS Deferred Prosecution Agreements Code of Practice.
37 See Regulation 57 of The Public Contracts Regulations 2015 (www.legislation.gov.uk/uksi/2015/102/regulation/57/made).
38 See Code of Practice 8 in relation to specialist investigations (fraud and bespoke avoidance) and Code of Practice in relation to HM Revenue & Customs investigations ‘where we suspect fraud’.
39 See The Bribery Act 2010: Guidance about procedures which relevant commercial organisations can put in place to prevent persons associated with them from bribing (Section 9 of the Bribery Act 2010) (www.justice.gov.uk/downloads/legislation/bribery-act-2010-guidance.pdf).
40 The CMA has adopted the OFT’s guidance on penalties (see www.gov.uk/government/ uploads/system/uploads/attachment_data/file/284393/oft423.pdf).
41 See SYSC 3.2.6R and SYSC 6.1.1R of the FCA Handbook (www.handbook.fca.org.uk/handbook/SYSC/).
42 In November 2015, the FCA fined Barclays Bank £72.6 million for failing to minimise the risk of being used to facilitate financial crime. In doing so, the FCA found that the bank had arranged and executed a £1.88 billion transaction for numerous ultra-high net worth politically exposed persons without conducting adequate due diligence or establishing the purpose and nature of the transaction. Importantly, the FCA did not find that the funds at issue had been produced, in whole or in part, by underlying criminal activity. The FCA nonetheless fined Barclays Bank for regulatory failings (see www.fca.org.uk/your-fca/documents/final-notices/2015/barclays-bank-plc-nov-2015).
43 See CPS Guidance on Corporate Prosecutions (www.cps.gov.uk/legal/a_to_c/corporate_prosecutions/).
44 Part 1 of the Criminal Justice Act 1993 applies to the sections of the Theft Act 1968 that have not been repealed.
45 So far, the Commission has recognised the following as providing adequate protection: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, New Zealand, Switzerland and Uruguay (see http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en. htm).
46 Case C-362/14.
47  2 AC 338.
48 See the Sentencing Council’s Definitive Guideline on Fraud, Bribery and Money Laundering Offences (www.sentencingcouncil.org.uk/wp-content/uploads/Fraud_bribery_and_money_laundering_offences -_Definitive_guideline.pdf).
49 See www.gov.uk/government/uploads/system/uploads/attachment_data/file/517020/Tackling_tax_ evasion-legislation_guidance_corporate_offence_of_failure_to_prevent_
50 See www.publications.parliament.uk/pa/bills/cbill/2015-2016/0158/16158.pdf.