I INTRODUCTION

The investigation and prosecution of corporate offences, historically, has been low on the list of priorities for the United Kingdom. In more recent years, however, sustained international criticism, the financial crisis and increasing public anger have prompted increased efforts by a range of government bodies to combat corporate offending. Recent data leaks, including the Panama and Paradise Papers and the controversy focusing on Unaoil, have added to the upward trajectory.

Several bodies are responsible for investigating and prosecuting corporate offending in England and Wales. These include the Serious Fraud Office (SFO), the Competition and Markets Authority (CMA), the Financial Conduct Authority (FCA), Her Majesty's Revenue and Customs (HMRC) and the Office of Financial Sanctions Implementation (OFSI). While there is some overlap in the offences each of these bodies can investigate and prosecute, their remits are largely separate. In addition, the overlaps that do exist have been addressed by memoranda of understanding that assign primacy in the vast majority of investigations and prosecutions (although concurrent investigations occasionally do occur).

Each of the aforementioned bodies has a wide range of powers. Typically, they include the execution of dawn raids (whether alone or with the assistance of partner law enforcement agencies, such as the police or the National Crime Agency (NCA)) and the compulsory production of documents and information. Non-compliance with lawful production orders constitutes a criminal offence in the United Kingdom.

Importantly, the serving of compulsory production notices tends to override any duties of confidence a recipient otherwise owes to a third party (except with respect to legal professional privilege, which can, unless waived, operate to prevent disclosure – see Section IV.iii). Financial institutions and professional advisers must therefore comply with such notices, absent professional privilege, without fear of being held liable to their clients for breach of confidence.

The SFO is responsible for investigating and prosecuting the most serious cases of fraud and other related economic crimes in the United Kingdom. A large part of its remit involves the investigation and prosecution of bribery and corruption offences as well as certain financial and competition law offences. The SFO's powers of investigation are derived from Section 2 of the Criminal Justice Act 1987 (CJA87), which permits the SFO to require persons to answer questions and produce documents.

The SFO has the power to conduct dawn raids (with the practical assistance of the police and the NCA) and conducted several high-profile dawn raids in 2015 and 2016, including on the premises of Soma Oil and Gas in July 2015 and Unaoil in March 2016.

Having previously suffered a high-profile defeat in a dawn raid judicial review claim brought by the Tchenguiz brothers,2 the SFO more recently secured a significant victory when a judicial review claim brought by Unaoil challenging a letter of request preceding a dawn raid by the Monégasque authorities was rejected by the Administrative Court in March 2017.3 The Unaoil decision followed the rejection of a judicial review claim brought by Soma in August 2016.4 Although Soma's judicial review claim was unsuccessful, the company did benefit from the judicial review process by obtaining a letter from the SFO stating that its investigation had not produced sufficient evidence to support bribery allegations. Unaoil's setback does not appear to have discouraged companies wishing to challenge the SFO's investigatory methods. The SFO opened an investigation into the UK subsidiaries of KBR, Inc in 2017 and the US company is now challenging the SFO's power to compel production of documents located overseas, pursuant to Section 2 of the CJA87.

Dawn raids, too, have been used historically by the UK competition authorities. Since April 2014, the CMA has taken over the competition functions of the now defunct Office of Fair Trading (OFT) and the Competition Commission. The CMA is now the main competition regulator in the United Kingdom, being responsible for ensuring compliance with the Competition Act 1998 (CA98) and Articles 101 and 102 of the Treaty on the Functioning of the European Union.

In carrying out its functions, the CMA has wide-ranging powers derived from the CA98 to investigate suspected infringements of competition law. These include the power to request information, whether in the form of documents or answering questions, and to conduct various on-site investigations, including dawn raids, examining and making copies of company books and records and requiring computerised information to be produced in a form that is readable.

Since April 2015, the FCA has had concurrent competition law powers for the financial services sector pursuant to which it may, inter alia, prosecute competition law infringements, conduct market studies and refer markets to the CMA for in-depth investigation. The FCA's main remit, however, is regulating the financial services sector and maintaining the integrity of the UK financial markets.

A wide range of investigatory powers has been conferred upon the FCA by Section 168(2) of the Financial Services and Markets Act 2000 (FSMA). Investigations of this type typically relate to allegations of insider dealing, market abuse, making misleading statements, giving misleading impressions or violating the general prohibition appearing in Section 19 of the FSMA.5 Relevant powers include the power to interview any person (whether the subject of the investigation or not), compel the production of documents and information and compel any person to give such assistance as he or she is 'reasonably able to give'.

HMRC is responsible for investigating tax and revenue-related offences in England and Wales. In doing so, it has a wide range of civil and criminal investigatory powers. Its civil powers derive from the Finance Act 2008 and include the power to obtain information and documents under compulsion and to inspect premises. HMRC's criminal powers are derived from a range of statutes, the main one being the Police and Criminal Evidence Act 1984 (PACE). The PACE confers a broad range of investigative powers on HMRC, including search and seizure and compulsory document production.

The OFSI is responsible for implementing the financial sanctions regime within the United Kingdom. The OFSI monitors compliance with the regime and is notified of any suspected violations. The OFSI has the power under the Policing and Crime Act 2017 (PCA) to impose monetary penalties for any breaches of the financial sanctions legislation. Under this new regime, a monetary penalty of up to £1 million can be imposed on a person if the OFSI is satisfied it is more likely than not that a particular person breached or failed to comply with the UK financial sanctions regime. If a breach or failure relates to particular funds or economic resources and it is possible to value them, the maximum fine the OFSI can impose is the greater of either £1 million or 50 per cent of the estimated value of the funds or resources. As such, when it is possible to put a value on the breach, the fine could be significantly in excess of £1 million.

The SFO, the CMA and the FCA are empowered to investigate and prosecute relevant offences falling within their remit. HMRC and the OFSI, by contrast, are only responsible for investigation. The prosecution of tax and financial sanctions offences has been assigned to the Crown Prosecution Service (CPS). The decision to prosecute is required to be made in accordance with the Full Code Test in the Code for Crown Prosecutors6 in relation to criminal offences and applicable codes of practice or guidance otherwise.

II CONDUCT

i Self-reporting

Against a backdrop of ever-increasing regulation and enforcement, self-reporting is an issue many corporates have to grapple with at some stage. The starting point for the majority will be the same: while there is, in general, no legal obligation to self-report in the United Kingdom, self-reporting may or may not – depending upon a variety of factors and circumstances – be advantageous.

The most well-developed self-reporting regime is operated by the CMA in relation to cartels, which provides for three types of immunity or leniency for corporates from the imposition of financial penalties.7 Whether full immunity is granted will depend largely upon the timing of the self-report. Greater credit is given the earlier the self-report is made. Broadly, the first to report, provided the self-report is made before the CMA has begun its own investigation, will qualify for leniency (subject to the satisfaction of additional criteria).

A discretionary sliding scale of leniency is offered to those who come forward after an investigation has begun or when the particular corporate is not the first to do so. The highest and broadest type of leniency, Type A, can offer full corporate immunity from fines and immunity from criminal prosecution for all current and former directors, officers and employees who cooperate with the CMA. Timely self-reporting, therefore, can be crucial in the context of competition infringements.

A less generous but nonetheless significant self-reporting regime is operated by the SFO. While the SFO's guidance on corporate prosecutions has made clear for some time that a self-report may be taken into account as a public interest factor tending against prosecution,8 only recently – with the advent of Bribery Act 2010 (BA) offences, the availability of deferred prosecution agreements (DPAs) and an increasingly aggressive approach by the SFO – has this guidance actually begun to prompt some self-reporting.

Standard Bank9 was the first company to enter into a DPA, having self-reported possible misconduct before having begun an internal investigation. In a contrasting case, the Sweett Group10 self-reported potential misconduct only after allegations of misconduct had appeared in the press. The difference in outcome is striking: the Sweett Group was convicted of a criminal offence while Standard Bank paid a civil fine (although it should be noted that a number of additional factors are likely to have contributed to the differential outcomes of the Standard Bank and Sweett Group matters).

The approach taken by Standard Bank was praised by the court. Further, in presenting the proposed DPA to the court, the SFO stated that Standard Bank's early self-report had been a major factor causing the SFO to seek to resolve its investigation of Standard Bank by means of a DPA. Meanwhile, the Sweett Group does not appear to have obtained any meaningful credit from the SFO or the court for what both apparently concluded had been an unjustifiably belated self-report.

A company anonymised as XYZ Limited was the second company to enter into a DPA, in July 2016.11 Like Standard Bank, XYZ self-reported following concerns that came to light during the implementation of a new global compliance programme. In approving the proposed DPA, the court placed considerable weight on the timing of XYZ's self-report and its 'genuinely proactive' approach to the wrongdoing that was discovered. The court also awarded a 50 per cent reduction in the fine levied against the company in settlement of the case in light of the company's early self-report.

The third corporate DPA represented a departure from the principles established in the Standard Bank and XYZ cases. In January 2017, Rolls-Royce became the first company to secure a DPA without having first self-reported to the SFO.12 As with XYZ, the court awarded Rolls-Royce a 50 per cent reduction in the fine levied in settlement of the case. While the court stated in its judgment that self-reporting continues to be 'highly relevant' when determining whether to approve a DPA, the court nonetheless was persuaded that the 'extraordinary cooperation' of Rolls-Royce rendered a DPA appropriate. Among other things, Rolls-Royce provided the SFO with access to memoranda of internal interviews in respect of which privilege could have been claimed, and deferred internal interviews to allow the SFO to question individuals before they were interviewed by company representatives.

It is unclear whether Rolls-Royce's ability to secure a DPA without first having self-reported will curb companies' enthusiasm for self-reporting in the future. The former head of the SFO, David Green QC, who retired in April 2018, had always advocated the benefits of self-reporting, repeating Sir Brian Leveson's proclamation from the XYZ DPA that 'incentivising self-reporting is a core purpose of DPAs'.13 Alun Milford, the General Counsel of the SFO, has pointed out that because it did not self-report its misconduct, Rolls-Royce started at a disadvantage. This was outweighed by its subsequent cooperation and provision of relevant information, which was 'far more extensive and of a different order' to what the SFO would have learned without the company's cooperation.14 Nevertheless, it remains to be seen what approach companies will take in the future now that a failure to self-report has not been deemed in itself to be an outright bar to securing a DPA.

The FCA has had a longer history than the SFO of taking significant and consistent enforcement action against the firms it regulates. Self-reporting by FCA-regulated firms is far more routine for the FCA than the SFO – indeed, it is largely compulsory. Pursuant to the FCA's high-level principles for business, regulated firms are required to deal with the FCA in an open and cooperative way, disclosing anything relating to the firm and the firm's corporate group of which the FCA reasonably would expect notice.15 Suspicion or evidence of wrongdoing by FCA-regulated firms falls within the scope of this requirement and thus should be – and generally is – reported to the FCA as a matter of course.

Since July 2015, the foregoing self-reporting obligations have been extended to competition law infringements.16 Consequently, FCA-regulated firms now are expected to self-report instances of significant infringements of competition law to the FCA. Self-reporting generally is regarded, as has been stressed in recent FCA pronouncements, to be a bare minimum requirement by the FCA17 and enforcement action is typically taken if that requirement is breached. Recent enforcement actions reflecting this trend ended with Deutsche Bank AG being fined £227 million for misconduct in manipulating LIBOR and EURIBOR and the bank's failure to deal with the FCA in an open and cooperative way18 and Sonali Bank (UK) Limited being fined £3.25 million for inadequate anti-money laundering controls and a similar failure to deal with the FCA openly and cooperatively.19

The decision to self-report in the United Kingdom is often influenced or driven by the application of the UK money laundering regime. The Proceeds of Crime Act 2002 (POCA) includes several money laundering offences predicated on the commission of one or more criminal offences that have produced revenues in or resulted in revenues being remitted into the United Kingdom. Broadly, the only way liability for the POCA offences can be avoided is by reporting the underlying criminal conduct. That is especially so for those operating in the regulated sector – for the most part, financial institutions and professional advisers – who are subject to function-specific reporting obligations under the POCA.

ii Internal investigations

Internal investigations have become increasingly common due largely to the increase in UK  enforcement action and the severity of penalties that increasingly are being imposed. While the authorities do not necessarily require corporates to carry out internal investigations when they suspect wrongdoing, they typically expect to see that some action has been taken when evidence of possible misconduct is discovered or reports of possible misconduct are received. The type of action that is expected varies, however, between and among the pertinent authorities.

Internal investigations may be conducted by either internal or external counsel. Internal counsel typically takes the lead in conducting internal investigations when the misconduct at issue is of a minor or routine nature. In cases involving more serious misconduct, and particularly when there is a tangible possibility of enforcement action, it is more typical for external counsel to take the lead.

The SFO has made it clear that the primary responsibility for investigating possible misconduct within the SFO's remit falls squarely upon the SFO.20 That said, SFO officials have said that they understand that 'up to a point' corporates will need to do some work to investigate possible misconduct, if only to determine preliminarily whether the evidence of misconduct that has been discovered or the report of misconduct that has been received warrants the SFO's attention.

At the same time, SFO officials have said repeatedly that they will not tolerate internal investigations that 'trample over the crime scene' and expect corporates to cooperate with the SFO's investigation rather than duplicating it. Further, SFO officials stress that they will not accept self-reports at face value, no matter how comprehensive or seemingly objective the reports appear to be, being committed to conducting their own investigation to establish the pertinent facts.21

The SFO's begrudging tolerance for internal investigations is in stark contrast with the encouragement that long has emanated from officials at the US Department of Justice (DOJ) and Securities and Exchange Commission (SEC). Given the SFO's rather paltry budget, at least when compared with the resources that have been given to the DOJ and the SEC, the SFO's attitude toward internal investigations is surprising.

In addition, it is not at all clear how a corporate-funded investigation would 'trample over the crime scene', particularly when such investigations are geared toward collecting and preserving potentially pertinent electronic and other evidence that may be lost by the mere passage of time or pursuant to the company's long-standing document retention programme. Further, the SFO has not explained how its approach to internal investigations can be squared with a company's duty, when suspecting past misconduct, to move promptly to avoid future misconduct – a responsibility that can be difficult to meet if the corporate is deprived of the ability to conduct a prompt internal investigation.

The SFO's approach to internal investigations is mirrored in important respects by the FCA.22 While encouraging internal investigations in some contexts, the FCA has discouraged them when the suspicion that has arisen relates to market abuse or other criminal conduct. In those circumstances, the FCA expects firms not to carry out their own investigation, purportedly because of the risk of the FCA's investigation being compromised or potential suspects being alerted. Importantly, the FCA – like the SFO – expects to be involved from an early stage to discuss the nature and scope of any internal investigation the particular company has proposed to undertake or commission.

Both the FCA and SFO expect corporates to provide them with the fruits of any internal investigation they have undertaken or commissioned and the underlying supporting materials. Although privileged material is said to be protected from mandatory production, the FCA and SFO often have demanded production of – at the very least – the factual narrative in any internal investigation report that has been prepared. In one recent case, a corporate reportedly negotiated a compromise agreement with the SFO, agreeing to provide an oral summary of the internal investigation report as well as underlying documents rather than the report itself. In other cases, corporates have chosen to provide the FCA and SFO with the full internal investigation report, seeking thereby to earn maximum cooperation credit.

Many have suggested, with good reason, that the decision of the High Court in Director of the Serious Fraud Office v. Eurasian Natural Resources Corporation Ltd23 will operate as a major deterrent to internal investigations in the United Kingdom if the High Court's decision in the ENRC case is upheld by the Court of Appeal. In this case, discussed in more detail below, the High Court ordered ENRC to hand over various documents to the SFO, rejecting a claim of litigation privilege in respect of most of the pertinent materials. The High Court's decision was sharply criticised by The Law Society, the independent professional body for solicitors in England and Wales.24

Internal investigations tend to be conducted routinely in a competition law context, typically to support leniency applications. The relatively low evidential threshold for such applications, coupled with the significant advantages of an early application, usually result in a more detailed internal investigation being carried out post-application. Both pre-application and post-application internal investigations must be carried out with extreme caution, however, because of the risk of 'tipping off' other participants in the suspected cartel activity. The CMA has issued guidance on how that should be managed.25

Importantly, while the CMA does not require a waiver of legal privilege as a requirement of leniency or otherwise, it does require corporates to keep a detailed note of all actions undertaken as part of any internal investigation they have conducted or commissioned, including recording the identities of any witnesses who were interviewed, the nature of the questions that were asked of them and their respective responses. The note is required to be retained until the conclusion of any proceedings the CMA initiates. Any refusal or inability to do so may be viewed by the CMA as an application not meeting the conditions for leniency.

iii Whistle-blowers

Whistle-blowers are afforded a number of workplace and non-workplace protections in England and Wales. Workplace protections derive from the Public Interest Disclosure Act 1998 (PIDA), which protects qualifying disclosures made to, inter alia, employers and 'prescribed persons', including the CMA, the SFO, the FCA and HMRC.

To qualify for protection, the disclosure must relate to a failure such as the commission of a criminal offence or breach of a legal obligation. The disclosure also must be motivated by a reasonable belief on the part of the whistle-blower that the failure occurred and that its disclosure is in the public interest.

If the disclosure satisfies the PIDA criteria, it will be protected and employees dismissed unfairly or suffering detriment as a result of their disclosure may seek potentially unlimited compensation from their employer. Companies are expected to have procedures for dealing with whistle-blowing, especially when regulated by the FCA.26 As a minimum, a company will be expected to consider whether any further steps are required as a result of any disclosure, such as whether further investigation or the implementation of remedial action is needed.

Non-workplace protection is given to witnesses and victims through the Code of Practice for Victims of Crime and the Witness Charter, which most prosecuting authorities, including the SFO and the FCA, are legally bound to apply. These provide broad protection to disclosures and the treatment of victims and witnesses. Importantly, however, the relevant UK authorities typically are reluctant to advise whether a particular disclosure will qualify as a protected disclosure under PIDA.

In 2014, the FCA and the Bank of England Prudential Regulation Authority carried out research27 on the impact of financial incentives to encourage whistle-blowing in the United States. They found no empirical evidence of incentives leading to an increase in the number or quality of disclosures received and believed that incentives could undermine effective internal whistle-blowing mechanisms. A response by the Department for Business, Innovation and Skills to a whistle-blowing consultation the same year set out the UK government's view that incentives should not form an integral part of the whistle-blowing framework.28 At present, only the CMA offers financial incentives for information on cartel activity and payouts are discretionary.

III ENFORCEMENT

i Corporate liability

Save when otherwise provided by statute, a corporate will be liable for the offences it commits just as it would be if it were an individual. As a corporate can act only through natural persons, liability is based on acts committed by its respective officers or employees in the course of employment. Liability is attributed through one of two means: vicarious liability or the identification principle.

Vicarious liability typically, but not invariably, arises from the commission of a strict liability offence, namely offences that do not require fault or intention on the part of the offender. Such offences are usually created by statute and are most common in quasi-regulatory areas of criminal law, such as health and safety and trading standards.

The 'identification principle' is, by contrast, fault-based and attributes to the company the acts and state of mind of those who represent the company's directing mind and will. The identification principle does not attribute to the company the acts and state of mind of all employees but only those who are serving on the company's board of directors, the managing director and other superior officers carrying out management functions.29

Because of the limited number of strict liability offences, most corporate prosecutions in the United Kingdom are based upon – and require application of – the identification principle. That often poses significant difficulty to prosecutors. The larger the company or the more diffuse its corporate structure, the more difficult it often is to attribute liability to the company. That has prompted widespread criticism of the identification principle, including by the Director of Public Prosecutions in relation to the 'phone hacking' scandal when the absence of corporate prosecutions was laid at the door of the identification principle.30 David Green QC, the former director of the SFO, had also expressed his preference that the test for corporate criminal liability be reconsidered, lamenting that email trails tend to dry up at a fairly junior level.31

One response to these difficulties has been the introduction of the 'failure to prevent' model of liability adopted in Section 7 of the BA with respect to bribery and, more recently, Part III of the Criminal Finances Act 2017 (CFA) with respect to facilitation of tax evasion offences. In 2017, the UK government conducted a consultation on possible reform of corporate criminal liability.32 Several possibilities were proposed in the consultation document, including (1) amending the identification principle by broadening the scope of those regarded as a directing mind of a company, (2) creating a new strict liability offence based upon principles of vicarious liability and (3) creating a new strict direct liability offence that focuses on the responsibility of a company to ensure that offences are not committed in its name. The consultation document also discussed the possibility of expanding the failure to prevent model to include other economic crimes. Economic crimes that might fall within any such future offence include conspiracy to defraud, false accounting and the fraud offences set out in Section 1 of the Fraud Act 2006 (FA06). If the proposed reforms were to be adopted, they would be likely to make corporate prosecution simpler. The UK government has not yet announced any definitive plans or legislative proposals to reform corporate criminal liability.

As regards representation, when both the corporate and its employees are being investigated, typically they are not represented by the same counsel. While joint representation sometimes occurs at the beginning of an investigation, the interests of the corporate and the corporate's employees often diverge early in the investigation, requiring separate representation. The costs of an individual's representation may be covered by director and officer liability insurance, although it is common for such policies to require any funds that are dispensed to be returned if the recipient of the funds ultimately is convicted of a criminal offence.

Individuals do not always have the right to legal representation at an interview, even when the interview occurs in a criminal context. By way of example, when a representative of the SFO is interviewing an individual pursuant to the SFO's powers under Section 2 of the CJA87, the SFO is not required to permit a solicitor to be present at the interview or wait for one to arrive before beginning the interview. Similarly, since the Divisional Court's decision in R (Lord, Reynolds and Mayger) v. Serious Fraud Office,33 the SFO has been empowered to – and often does – exclude company lawyers from attending employee interviews (even over the employee's objection).

By contrast, individuals have the right to legal representation when being interviewed as a criminal suspect. In such circumstances, the PACE Code of Conduct gives individuals the right to consult and communicate privately with a solicitor at any time during the interview.34 Interviews usually are carried out at a police station following arrest, although certain authorities – such as the SFO – often insist upon conducting the interviews on the SFO's own premises.

Other rights and duties of an individual being interviewed in a criminal context likewise depend upon the individual's status. The target of a criminal investigation can generally decline to answer the questions put to him or her, but an individual being interviewed as a witness must answer any and all questions that are asked.

If a target of a criminal investigation exercises his or her right to remain silent when being interviewed but provides at trial a response on which the target seeks to rely in defence, the court may draw an adverse inference from the target's silence during the interview. By contrast, a response that an individual who was not a target was required to provide when being interviewed generally cannot be used against that individual in a subsequent criminal prosecution.

ii Penalties

Sanctions for corporate misconduct have become increasingly severe in England and Wales with nominal fines or non-criminal, regulatory outcomes no longer being guaranteed. There has been a sea change in recent years in the approach taken by many UK prosecutors to corporate offending, with substantial financial penalties and other severe criminal consequences seeming to increase with each passing year.

The FCA collected a total of £22,216,446 in fines during 2016 for regulatory breaches, a significant drop from the previous year. However, the total fines levied by the FCA in 2017 rose to £229,515,303, an increase that is primarily attributable to Deutsche Bank's £163,076,224 settlement with the FCA in relation to the failings in the bank's anti-money laundering systems. However, regulatory fines and criminal prosecutions are only two of the FCA's many disciplinary and enforcement powers. The FSMA gives the FCA power to impose a range of regulatory sanctions on those it regulates, from mere public censure at one end to the suspension or cancellation of FCA authorisation and the imposition of substantial regulatory fines at the other.

The FCA's Decision Procedure and Penalties Manual35 sets out a non-exhaustive list of factors the FCA should consider when determining what action to take in a particular matter. These include the nature, seriousness and impact of the suspected breach, the conduct of the firm or approved person after the breach occurred or was discovered (including how quickly, effectively and completely the breach was brought to the FCA's attention), the disciplinary record and compliance history of the firm or approved persons, any published guidance by the FCA and any action taken by the FCA in similar cases. In addition, the FSMA gives the FCA power to prosecute criminal offences, such as insider dealing, pursuant to the Criminal Justice Act 1993 (CJA93) and breaches of the Money Laundering Regulations 2017 (MLR17).36

Like the FCA, the CMA has both civil and criminal powers with respect to competition law infringements. The civil remedies available to the CMA range from settlement, accompanied only by the making of certain commitments, to the imposition of financial penalties. Settlement is a voluntary process37 pursuant to which the infringing firm makes an unequivocal admission of liability and in return may receive a discount of up to 20 per cent of the penalty that otherwise would have been imposed. Commitments and directions are agreements between the firm and the CMA that, if not complied with, can be enforced through the courts.38

Commitments are accepted by the CMA only when the CMA deems, inter alia, its concerns to be capable of being fully addressed by the commitments. Similarly, directions are imposed only if the CMA is of the view that they are sufficient to end the particular infringement.39 The most significant civil power at the CMA's disposal is the power to impose financial penalties of up to 10 per cent of a firm's worldwide turnover in the business year preceding the date on which the CMA makes its decision.40

The CMA and the SFO can both criminally prosecute individuals who are suspected of having committed a cartel offence.41 By contrast, they can impose upon corporates only civil sanctions for anticompetitive conduct. Whether that will continue to be so remains to be seen, despite the criticism that appears to be growing in the United Kingdom of the traditional limitations on corporate criminal liability.

The SFO is responsible for prosecuting serious or complex fraud, bribery and other forms of corruption. It has two options for resolving such conduct in the case of corporates: entry into a DPA or a criminal prosecution. DPAs were introduced in the United Kingdom in February 201442 as a discretionary tool enabling prosecutors to enter into agreements with offending corporates, under the supervision of a judge, to suspend prosecution for a defined period of time so long as the corporate meets specified conditions during that time.

The use of DPAs looks likely to increase, with three having been entered into by the SFO in respect of bribery and corruption in the Standard Bank, XYZ and Rolls-Royce cases. In addition, a DPA was agreed in 201743 between the SFO and Tesco Stores Limited following an investigation into accounting practices at Tesco that led to profits being overstated by £326 million. The fines levied in the Rolls-Royce and Tesco cases alone totalled £368,075,145 (not including the disgorgement of profits in the Rolls-Royce case).

The Joint SFO and CPS Deferred Prosecution Agreements Code of Practice makes it clear that the SFO is 'first and foremost' a prosecutorial authority and that the SFO and the CPS will offer a DPA instead of pursuing a full prosecution only in exceptional cases.44 The public interest factors that prosecutors are supposed to take into account when coming to such a decision include the corporate's history of similar conduct, whether the conduct being addressed is part of the corporate's established business practices, whether the corporate had an effective compliance programme and whether the corporate self-reported the matter within a reasonable period after the offending conduct was discovered.45 Importantly, the court is involved throughout the DPA process and ultimately must approve any DPA that is proposed.

Criminal prosecution or resolution of offending by means of a DPA can have a significant effect on the corporate from a public procurement perspective. The Public Contracts Regulations 201546 provide for mandatory debarment when a corporate is convicted of certain criminal offences, such as the active bribery offences in Sections 1, 2 and 6 of the BA (although not the failure to prevent bribery offence in Section 7 of the BA). Mandatory debarment can sometimes be avoided if the corporate is able to demonstrate that it has adequately remediated the offending conduct. Absent such a showing, however, a criminal conviction triggers mandatory debarment. By contrast, entry into a DPA does not trigger mandatory debarment. Discretionary debarment may be ordered, however, depending upon the circumstances surrounding the DPA as well as in relation to any violation of Section 7 of the BA.

Corporate tax offences are resolved largely by HMRC, in line with its applicable Code of Practice, by means of a civil resolution.47 Factors that may contribute to a criminal outcome include a suspicion of deliberate concealment, deception, conspiracy or corruption or when there is a link to suspected wider domestic or overseas criminality.

Violations of the financial sanctions regime may lead to the imposition of a monetary penalty by the OFSI. Under the newly enacted PCA, the OFSI can impose a monetary penalty of up to £1 million on a person if it is satisfied that, on the lower civil standard of probabilities, the person breached or failed to comply with the financial sanctions regime. When the breach or failure relates to particular funds or economic resources and it is possible to value them, the maximum fine permitted is the greater of either £1 million or 50 per cent of the estimated value of the funds or resources. As such, when it is possible to put a value on the breach, the fine could well be significantly more than £1 million.

iii Compliance programmes

The existence of an effective compliance programme can be relevant to both liability and penalty, depending on the circumstances. While the existence of adequate procedures is a defence to the corporate offence of failing to prevent bribery in Section 7 of the BA, it nonetheless also may be taken into account when considering the issue of penalty.

Section 7 of the BA provides for a defence to the corporate offence of failing to prevent bribery by persons associated with a corporate when the bribery is intended to obtain or retain a business advantage for the corporate. The defence requires that the corporate has adequate procedures designed to prevent persons associated with it from engaging in bribery. To be deemed adequate, the procedures must accord with the six principles set out in the Ministry of Justice's (MOJ) guidance on the BA48 – proportionality, top-level commitment, risk assessment, due diligence, communication (including training), and monitoring and review. These are overarching principles and, as such, each set of procedures must be tailored to the individual corporate.

To date, no corporate has relied successfully upon the adequate procedures defence. The three DPAs entered into by the SFO thus far all have required changes to be made to the company's existing policies and procedures: Standard Bank agreed to commission an independent review of its anti-bribery and corruption controls, policies and procedures and XYZ agreed to carry out a review and submit annual compliance reports to the SFO. While Rolls-Royce some years earlier had hired Lord Gold to conduct an independent review of its compliance procedures, the terms of its DPA called for the company to complete the implementation of a compliance programme adhering to the review recommendations as well as the continued retention of Lord Gold as an independent specialist adviser.

In early 2018, the CPS brought a successful Section 7 prosecution against Skansen Interiors Limited, a refurbishment contractor with approximately 30 employees operating in England out of a small open office in London, in connection with bribes paid by a managing director to secure a £6 million contract with a developer in Manchester. After the company conducted an internal investigation, dismissed the implicated employees, adopted an anti-corruption policy and self-reported to and cooperated with the enforcement authorities, it was charged under Section 7 of the BA. At trial, Skansen argued that because, among other things, it espoused certain ethical corporate values, had adopted certain financial controls and had standard anti-bribery clauses in its contracts, it had in place adequate procedures in light of its small size and limited operational reach. The jury was not convinced and convicted the company. Because at the time of trial the company was dormant and had no assets, the only available sentence was absolute discharge. Indeed, it is reported that the CPS did not offer Skansen a DPA because it was a dormant company that was unable to pay a fine.49

Camilla de Silva, the SFO's Joint Head of Bribery and Corruption, has stated that Skansen's prosecution was a 'salient reminder' that a 'high bar' will need to be reached for an adequate procedures defence to succeed and that the starting point is to have substantial and bespoke compliance procedures that actually work.50 The case does provide an important reminder for all companies – no matter the size of their operations – to ignore anti-bribery compliance at their own peril. Beyond that, because juries do not provide an explanation of their verdict, it is difficult to draw any concrete conclusions about the scope of the adequate procedures defence from this case. However, there remains a lingering sense of unease and confusion about the decision by the CPS to bring a prosecution against a company that had self-reported and apparently cooperated extensively with the enforcement authorities, including by waiving privilege over certain documents, simply to send a message to others.

The CFA also provides that a company will have a defence to tax evasion facilitation offences if it maintains prevention procedures that are reasonable in all circumstances. While the concept of reasonable prevention procedures in the CFA appears to be distinct from adequate procedures in the BA at first sight, the HMRC guidance in relation to the CFA offences confirms that the reasonableness of the prevention procedures will be assessed against the same six principles referred to in the MOJ guidance on the BA.51

As regards competition offences, the CMA's Penalty Guidance52 makes it clear that compliance activities can merit in particular cases a penalty discount of up to 10 per cent. The starting point in that regard is neutral so that the mere existence of compliance efforts will not necessarily be treated as a mitigating factor. Evidence of adequate steps being taken to achieve a clear and unambiguous commitment to competition law compliance throughout the organisation (from the top down), and appropriate steps having been taken relating to competition law risk identification, risk assessment, risk mitigation and review activities, are often treated as mitigating factors.

For firms regulated by the FCA and therefore bound by the provisions of the FCA Handbook, the establishment and maintenance of effective systems and controls for compliance with applicable requirements and standards, and for countering the risk of the firm being used to further financial crime, is mandatory.53 When a firm has not adopted such measures, it should expect to incur liability that is commensurate with the inadequacy of the measures it has taken. In fact, the FCA has sometimes penalised firms for not having established effective compliance systems and controls even in the absence of any other misconduct.54

iv Prosecution of individuals

When a corporate is prosecuted, it is usual in England and Wales for enforcement action to be taken against culpable individuals too. Guidance, such as that setting out the common approach of the CPS and the SFO (and formerly the prosecutorial arm of HMRC),55 makes it clear that prosecution of a company is not a substitute for prosecution of criminally culpable individuals such as directors, officers or employees. When considering whether to offer a DPA to a company, the prosecuting authority is bound to opt for prosecution if it considers that the company has attempted to shield culpable individuals or withheld material that could jeopardise an effective investigation against them.56 The reason cited for that policy is that prosecution of culpable individuals provides a strong deterrent against future corporate wrongdoing. For example, while Tesco has agreed a DPA with the SFO, three former company directors are due to stand trial in September 2018 on fraud and false accounting charges. When enforcement action is taken against an individual, it can pose a number of issues for the corporate involved. In particular, corporates must be mindful of any employment law obligations they owe towards such employees and ensure that any action they take against them is commensurate with the misconduct that has been identified.

The most common step taken against employees suspected of wrongdoing during the course of an investigation (whether internal or external) is suspension. The timing of the suspension must be considered carefully, however, as suspension for the entire duration of an investigation may not be deemed to be fair and reasonable from an employment law perspective. Suspension therefore usually occurs only after the particular employee has been interviewed as a suspect or charges have been made against that individual.

Although there is no requirement for corporates to pay for an individual's legal representation (save for any provisions to the contrary in the individual's employment contract), it is common for corporates to do so in the early stages of an investigation. As the majority of those charged tend to be senior officers of a corporate – namely, those constituting its controlling mind and will – these individuals are often able to rely upon director and officer liability insurance, which may provide cover until the individual is found to be guilty or otherwise at fault (see above).

The recent case of R (on the application of AL) v. Serious Fraud Office57 brought to the fore the tensions that can arise when the SFO brings a prosecution against employees of a company that has secured a DPA with the SFO (in this case, XYZ) and the employees attempt to rely in their defence on information over which the company seeks to claim privilege, but which may be relevant to employees' defence. In this case, the defendants challenged the failure of the SFO to compel XYZ pursuant to the ongoing cooperation and disclosure terms of the DPA to surrender interview notes made by the company's lawyers during interviews with the defendants and other employees. The SFO requested the interview notes from XYZ, but the company refused to disclose them, citing privilege. The SFO did not accept the argument on the basis of recent developments in English law on privilege (see discussion in Section IV.iii), but ultimately relented. Although the court refused the defendants' application on other grounds, it nonetheless issued a stark rebuke of the SFO's failure to comply with its duty as a prosecutor to take reasonable steps to obtain the interview notes (including in light of the strong position that the SFO was in to challenge XYZ's privilege claim) thus jeopardising the defendants' right to a fair trial. Given the uncertainty already surrounding privilege over interview notes, the SFO may now be even more reluctant to accept oral proffers or summaries from companies wishing to secure a DPA, as the proffers or summaries may be deficient evidence when it comes to pursuing culpable individuals.

IV INTERNATIONAL

i Extraterritorial jurisdiction

Typically, jurisdiction over criminal conduct is state specific. A state will usually have jurisdiction only when some or all of the offence takes place within its territory or the accused or victim is a national of that state. The exception is when principles of universal jurisdiction apply, such as in relation to war crimes, or the relevant jurisdiction has enacted laws with extraterritorial effect.

In the United Kingdom, it is well established that statutes are not to be interpreted as having extraterritorial effect unless they expressly state otherwise. In recent years, a number of such statutes have been enacted. The effect of this is that UK authorities, depending on the circumstances of the particular case, may prosecute offences that took place overseas, whether wholly or in part, when there is some connection to the United Kingdom, such as through incorporation, nationality or residency.

Key offences with extraterritorial effect include:

    1. fraud under the FA06;
    2. dishonesty under the CJA93;58
    3. terrorism under the Terrorism Act 2000 and Terrorism Act 2006;
    4. bribery under the BA;
    5. money laundering under the POCA; and
    6. tax evasion facilitation offences under the CFA.59

The BA has exceptionally broad extraterritorial effect. Corporates that carry on a business or part of a business in the United Kingdom may incur liability under Section 7 for bribery committed anywhere in the world for their benefit by persons associated with them, irrespective of whether those persons have any other connection to the United Kingdom. Liability for both UK incorporated companies as well as those that merely carry on business or a part of a business in the United Kingdom therefore extends to acts committed on their behalf abroad.

The CFA may be deemed to have broad extraterritorial effect. Corporates that carry on a business or part of a business in the United Kingdom may incur liability under Part III thereof for tax evasion facilitation offences committed anywhere in the world by persons associated with them, irrespective of whether those persons have any other connection to the United Kingdom.

In relation to money laundering, Part 7 of the POCA makes it clear that liability for money laundering offences may be predicated on criminal conduct that occurred abroad. The only additional requirements are that such overseas criminal conduct constituted a criminal offence in the United Kingdom when it occurred and proceeds of the overseas criminal conduct have been transferred, in some manner, to the United Kingdom.

The BA, the CFA and the POCA are part of a trend in UK law to provide liability for offences taking place abroad. It remains to be seen whether this trend will continue following the conclusion of the UK government consultation on reforming corporate criminal liability, which also discusses the possibility of expanding the failure to prevent model to include other economic crimes.

ii International cooperation

With the internationalisation of business, it is becoming more and more common for cases to involve criminality or participants in more than one jurisdiction. Law enforcement and prosecutorial authorities are increasingly dealing with that challenge through a variety of formal and informal channels.

The United Kingdom has enacted a number of statutes to facilitate the sharing of information between and among domestic and overseas authorities for the investigation and prosecution of crime. These information gateways include Part XXIII of the FSMA, which permits the disclosure of confidential information for the purpose of allowing the performance of a public function, and Section 68 of the Serious Crime Act 2007, which permits public authorities to disclose information to other organisations to prevent fraud.

A number of memoranda of understanding (MOUs) exist between the various UK authorities and with their international counterparts. Domestic examples include the MOU on Tackling Foreign Bribery, of which the FCA, the SFO, the NCA and the City of London Police are signatories, the MOU between the CMA and the SFO, and the MOU between the CMA and the FCA in relation to concurrent competition powers. One international example is the MOU between the FCA and the SEC.

In addition to domestic statutes and MOUs, the United Kingdom has signed a number of multilateral and bilateral mutual legal assistance (MLA) treaties enabling prosecuting authorities to obtain evidence overseas. These include the European Convention on Mutual Assistance in Criminal Matters 1959, the Convention on Mutual Legal Assistance in Criminal Matters between the Member States of the European Union 2000, the United Nations Convention against Corruption 2003, the Commonwealth Scheme Relating to Mutual Assistance in Criminal Matters (1986) and various bilateral agreements with individual countries such as the United States. Section 7 of the Crime (International Co-operation) Act 2003 also provides for UK prosecutors to obtain overseas evidence through letters of request.

In addition to the formal means of information gathering mentioned above, law enforcement authorities can draw upon an array of informal information exchange networks. It is not uncommon for UK authorities to speak informally with their foreign counterparts. Issues of forum and investigation primacy tend to be resolved following informal discussions, particularly in reasonably straightforward or uncomplicated cases. More complicated cases may require prosecutors to engage the more formal MLA means of information exchange.

As a result of the foregoing measures, corporates being investigated in one jurisdiction should be conscious that information regarding the investigation, especially if touching other jurisdictions whether through relevant conduct or some other territorial nexus, will often be made available to law enforcement or prosecutorial authorities overseas. China, to cite only one example, recently initiated a bribery prosecution of a company that had previously been convicted of bribery in China by an overseas prosecutor.

A further possible consequence of MLA arrangements between states is the extradition of individuals. Two types of extradition exist in the United Kingdom: import extradition and export extradition. The former relates to a request to another state for the extradition of a person to the United Kingdom. The latter relates to a request by another state for the extradition of someone from the United Kingdom. Importantly, not all offences are extraditable offences.

The Extradition Act 2003 (the 2003 Act) regulates both import and export extradition. Part 1 of the 2003 Act regulates export extradition to category 1 states. These are EU Member States that have implemented the European Arrest Warrant mechanism. For the most part, dual criminality is required to be shown in that the conduct at issue must constitute an offence in the United Kingdom as well as in the state seeking extradition. Part 2 of the 2003 Act regulates export extradition to category 2 states – that is, to non-EU Member States.

Decisions regarding extradition to non-EU Member States are made by the UK Secretary of State. Various restrictions apply to extradition from the United Kingdom, such as whether the death penalty might be imposed or whether extradition to a third state could ensue following initial extradition. Import extradition is regulated by Part 3 of the 2003 Act. As with export extradition, the applicable mechanism for import extradition generally depends upon whether the relevant state is category 1 or 2. Whether such requests are granted is determined ultimately, of course, by the overseas state.

iii Local law considerations

One of the central issues in cross-border investigations, especially those involving the United States, is the application of the UK data protection regime. The General Data Protection Regulation prohibits the transfer of personal data from the United Kingdom outside the European Economic Area unless the recipient, jurisdiction or territory is able to ensure a UK-equivalent level of protection to those to whom the data belong. Whether a jurisdiction or territory is deemed to provide an adequate level of protection is decided by the European Commission.60

Until 2015, personal data were permitted to be transferred to certain US companies that had agreed to adhere to the Safe Harbour framework agreed between the European Commission and United States. But the Court of Justice of the European Union (CJEU) invalidated the Safe Harbour framework in October 2015 in Maximillian Schrems v. Data Protection Commissioner.61

In July 2016, the European Commission adopted the EU–US Privacy Shield, a replacement for the Safe Harbour regime that imposes obligations on US companies to protect EU citizens' personal data in accordance with certain principles, including the tightening of conditions for onward transfer of data to third parties and clear safeguards and transparency obligations on access by the US government. However, there have been lingering concerns about the domestic surveillance programmes operated by the US government and their interference with the data of EU citizens. The Irish High Court has concluded that the Privacy Shield has been unable to eliminate those concerns62 and has submitted preliminary reference to the CJEU asking it to decide questions affecting the validity of the Privacy Shield.63

Legal professional privilege is another issue that must be considered from the beginning of an investigation. England and Wales recognises both legal advice privilege and litigation privilege in relation to advice provided by both in-house and external counsel, with one exception in relation to competition law.

It has become increasingly common for authorities to seek the production of investigation materials, arguably subject to legal professional privilege, such as first account witness interviews, as a sign of cooperation. There are substantial difficulties with invoking privilege over such documents.

In 2016, the High Court issued an important decision on the unavailability of legal advice privilege in Re the RBS Rights Issue Litigation.64 The court upheld the restrictive approach to defining a 'client' that was adopted in Three Rivers (No.5)65 and rejected claims of privilege asserted by RBS over notes of internal interviews on the grounds that the pertinent group of employees and ex-employees did not constitute the client for the purpose of privilege. Consequently, the information provided by that group of RBS employees and ex-employees did not fall within the scope of legal advice privilege. The contention that the interview notes could still fall within the scope of legal advice privilege on the basis that they were 'lawyers' working papers' was also rejected by the court.

The decision of the High Court in the ENRC case further increased the difficulty in invoking privilege over litigation materials. The court ordered ENRC to hand over various documents to the SFO, rejecting a claim of litigation privilege in respect of most of the pertinent materials. The court's view was that litigation privilege required the company to be aware of circumstances that made prosecution a real likelihood as opposed to a mere possibility. The company's fear of a dawn raid and subsequent prosecution by the SFO was held to be insufficient to establish that prosecution was a real likelihood. Consequently, the court concluded that litigation privilege did not protect the majority of the documents sought by the SFO.

The decision in ENRC can be compared with the approach taken by Lord Justice Vos in the December 2017 case of Bilta (UK) Ltd (in liquidation) and others v. Royal Bank of Scotland and another.66 The court took the view that documents created by RBS during an internal investigation were covered by litigation privilege as they were created for the sole or dominant purpose of expected tax litigation with HMRC. Vos LJ took care not to draw a general principle from the approach taken in ENRC and instead emphasised the importance of taking a realistic and commercial view of the facts. In that regard, His Lordship appears to have been swayed by, among other things, the fact that RBS commenced its internal investigation after receiving a notice from HMRC of its decision to commence tax assessment. Notwithstanding the care taken to distinguish ENRC on the facts, however, the two decisions appear to be in tension with one another.

The foregoing decisions will doubtless generate much debate as to how best to protect notes of internal investigation interviews and other investigation materials from disclosure. ENRC is seeking to appeal the decision of the High Court, and the Court of Appeal is due to hear the case in Summer 2018. Unless the Supreme Court hears the issues raised by these cases, it is likely that real difficulty in invoking legal professional privilege will remain.

V YEAR IN REVIEW

Having so far survived a pledge by the ruling Conservative Party to merge it with the NCA, the SFO has continued its aggressive enforcement of the BA and other corporate crimes. In early 2017, the SFO completed its £497.25 million DPA with Rolls-Royce and £129 million DPA with Tesco and secured convictions against FH Bertling Ltd and seven of its employees in relation to bribery in Angola. At the same time, the SFO continues its probe into the alleged corrupt conduct by Airbus and Unaoil. A number of other companies have become embroiled in the Unaoil investigation, with the Swiss engineering company ABB, the US engineering and construction company KBR and UK oil services group Petrofac among the corporates now also the subject of SFO investigations. The SFO has also opened new investigations into alleged corrupt conduct by household names such as Rio Tinto, Amec Foster Wheeler and British American Tobacco.

There have been significant legislative developments, with the entry into force of the CFA introducing two new corporate criminal offences concerning the facilitation of tax evasion, and the PCA empowering the OFSI to impose financial penalties in respect of violations of the sanctions regime. These developments, with the UK government's consultation on the reform of corporate criminal liability, raise the possibility of an uptick in investigations and enforcement actions focused on corporates in the coming few years.

The CFA has also given powerful tools to the SFO and the NCA to counter money laundering, such as the unexplained wealth order (UWO).67 An UWO requires a person who is reasonably suspected of involvement in, or of being connected to a person involved in, serious crime to explain the nature and extent of their interest in particular property – and to explain how the property was obtained – when there are reasonable grounds to suspect that the respondent's known lawfully obtained income would be insufficient to allow the respondent to obtain the property. An UWO is an investigative tool; it is not, in itself, a power to recover assets. However, if the respondent fails to provide an explanation, the asset will be presumed to be recoverable. In early 2018, the NCA obtained UWOs against two properties totalling £22 million, which are believed to be owned by a Central Asian politician.

The past year also saw the promulgation of the MLR17, which gives effect to the European Union's Fourth Anti-Money Laundering Directive. The MLR17 is more prescriptive than its predecessor and provides additional detail on the customer due diligence measures required to be taken by regulated entities, an expansion in the definition of politically exposed persons, a requirement for regulated firms to conduct a money laundering risk assessment and the creation of new criminal offences for prejudicing investigations into a breach of the MLR17 or making false or misleading statements pursuant to a requirement imposed under the MLR17.

Finally, the decision of the High Court in ENRC will have important ramifications for litigation privilege in the United Kingdom, rendering it harder for corporates to advance arguments that litigation privilege applies to documents prepared during the course of an internal investigation and requiring lawyers to give even greater thought to how best to preserve privilege for their clients during the course of future investigations.

VI CONCLUSIONS AND OUTLOOK

Tackling corporate crime has become a key political priority for the United Kingdom in recent years. With it has come a raft of legislative measures aimed at providing additional routes to corporate liability and tougher sentencing.

The CFA created a new corporate criminal offence of failing to prevent an associated person from facilitating UK or foreign tax evasion – offences based on the strict liability 'failure to prevent' model used in the Section 7 BA offence. There is clearly a desire on the part of the UK government to tackle tax evasion and penalise those corporates deemed to be facilitating it. The desire to clamp down on broader economic crime is also evidenced in the United Kingdom Anti-Corruption Strategy 2017–2022, in which the government has pledged to consider possible expansion of the 'failure to prevent' model to other economic crimes in light of the findings from the 2017 consultation.

Similarly, the PCA has introduced extensive new provisions regarding financial sanctions breaches. Historically, very few prosecutions have been brought in the United Kingdom for breaches of financial sanctions. The PCA demonstrates the current UK government's intention to change that by increasing the maximum term of imprisonment for breaches from two to seven years and providing a new civil monetary penalty regime operated by the OFSI. In 2017, OFSI received reports of 133 suspected breaches of sanctions reaching an aggregate value of approximately £1.4 billion. Although the OFSI is yet to impose any public penalties for sanctions violations, the recent overhaul of the sanctions enforcement regime suggests that the coming years may see increased enforcement action for breach of financial sanctions.

Following the departure of David Green QC, the SFO has announced his successor as Lisa Osofsky, a former lawyer at the Federal Bureau of Investigation and regional head of investigations at a global compliance firm. Ms Osofsky will determine the direction that the SFO takes with regard to corporate criminal prosecution, but that will undoubtedly be informed by the need for continuity and certainty. Armed with a 'blockbuster' budget,68 the new director will be required to tackle high-profile trials, such as the retrial of former Tesco executives in September 2018. Ms Osofsky also will need to oversee the closure of the investigation into Airbus (it is rumoured that the SFO has been in talks with Airbus about a billion-pound settlement)69 and the appeal in the ENRC case, which will have important ramifications for a prosecutor's power to compel production of material that a company generates during the course of an internal investigation.

As the United Kingdom prepares to exit the European Union, Parliament passed the Sanctions and Anti-Money Laundering Act 2018 (SAMLA). The purpose of the SAMLA is to give power to the government to impose sanctions and anti-money laundering and counter-terrorism financing measures following the United Kingdom's exit, as the European Union has predominantly legislated in that area. The SAMLA grants very wide powers to the government to impose sanctions, for example, to further its foreign policy objectives or to promote respect for human rights, democracy, the rule of law and good governance. The SAMLA suggests that the United Kingdom outside the European Union will cooperate with its European partners on sanctions, but may also pursue unilateral sanctions where the European Union is stalled because of internal divisions.

It is clear that the investigation and prosecution of corporate wrongdoing has gained significant momentum in the United Kingdom in recent years. There is significant appetite to continue to clamp down hard on economic crime through legislative means and the provision of additional enforcement tools to UK prosecutors. Whether the pertinent authorities can continue to build on that momentum will be one of the stories to follow during the next year or two.


Footnotes

1 John Rupp is a partner, Alex Melia is an international counsel and Peter Ibrahim and Andris Ivanovs are associates at Steptoe & Johnson UK LLP.

2 Tchenguiz v. Serious Fraud Office [2012] EWHC 2254 (Admin) dealt with the execution of a search warrant on the business premises of prominent UK businessmen Robert and Vincent Tchenguiz for documents pertaining to the collapse of the Icelandic bank Kaupthing. The High Court held in the foregoing case that the Serious Fraud Office (SFO) search had been unlawful because the SFO had obtained the underlying warrant through misrepresentation and that it had failed to disclose salient facts to the judge who had issued the warrant.

3 Unaenergy Group Holding Pte Ltd & Ors, R (on the Application of) v. The Director of the Serious Fraud Office [2017] EWHC 600 (Admin). The High Court expressed reluctance in this case to permit challenges to the conduct of enforcement agencies, such as the SFO, acting in good faith to investigate serious criminality.

4 Soma Oil And Gas Ltd, R (on the Application of) v. Director of the Serious Fraud Office [2016] EWHC 2471 (Admin).

5 Section 19 of the Financial Services and Markets Act 2000 makes it a criminal offence to carry out any regulated activities in the United Kingdom without prior authorisation from the Financial Conduct Authority (FCA).

6 Crown Prosecution Service (CPS), 'The Code for Crown Prosecutors' (7th edn, 2013).

7 Although the Competition and Markets Authority (CMA) does carry out both civil and criminal investigations, only individuals may be prosecuted for the criminal cartel offence. Corporates are only liable to financial penalties.

8 See Director of Public Prosecutions, Director of the Serious Fraud Office, Director of the Revenue and Customs Prosecutions Office, 'Guidance on Corporate Prosecutions', https://www.cps.gov.uk/legal-guidance/corporate-prosecutions, accessed 11 May 2018.

9 [2016] Lloyd's Rep FC 102 and [2016] Lloyd's Rep FC 91.

10 SFO, 'Sweett Group' (November 2014), www.sfo.gov.uk/cases/sweett-group, accessed 11 May 2018.

11 [2016] Lloyd's Rep FC 509.

12 [2017] Lloyd's Rep FC 249.

13 Krystina Shveda, 'David Green: Rolls-Royce deserved DPA despite not self-reporting' (Global Investigations Review, 20 January 2017), http://globalinvestigationsreview.com/article/1080345/david-green-rolls-royce- deserved-dpa-despite-not-self-reporting, accessed 11 May 2018. See also Marieke Breijer, 'No self-report – no DPA' (Global Investigations Review, 2 March 2018), https://globalinvestigationsreview.com/article/1166243/david-green-no-self-report-%E2%80%93-no-dpa, accessed 11 May 2018.

14 Alun Milford, 'Deferred Prosecution Agreements' (Cambridge International Symposium on Economic Crime, Cambridge, 5 September 2017), https://www.sfo.gov.uk/2017/09/05/alun-milford-on-deferred- prosecution-agreements/, accessed 11 May 2018.

15 Principle 11 at FCA Handbook, PRIN 2.1.

16 FCA, 'FG15/8: The FCA's concurrent competition enforcement powers for the provision of financial services' (updated April 2018), www.fca.org.uk/static/documents/finalised-guidance/fg15-08.pdf, accessed 11 May 2018.

17 Jamie Symington, 'Internal investigations by firms' (Pinsent Masons Regulatory Conference 2015, 5 May 2015), www.fca.org.uk/news/speeches/internal-investigations-by-firms-#, accessed 11 May 2018.

18 FCA, 'Deutsche Bank fined £227 million by Financial Conduct Authority for LIBOR and EURIBOR failings and for misleading the regulator' (23 April 2015), www.fca.org.uk/news/deutsche-bank-fined- by-fca-for-libor-and-euribor-failings, accessed 11 May 2018.

19 FCA, 'FCA imposes penalties on Sonali Bank (UK) Limited and its former money laundering reporting officer for serious anti-money laundering systems failings' (12 October 2016), www.fca.org.uk/news/press-releases/fca-imposes-penalties-sonali-bank-uk-limited-money-laundering, accessed 11 May 2018.

20 Ben Morgan, 'Compliance and cooperation' (Global Anti-Corruption and Compliance in Mining Conference 2015, 20 May 2015), www.sfo.gov.uk/2015/05/20/compliance-and-cooperation, accessed 11 May 2018.

21 Matthew Wagstaff, 'The role and remit of the SFO' (11th Annual Information Management, Investigations Compliance eDiscovery Conference, 11 May 2016), www.sfo.gov.uk/2016/05/18/role-remit-sfo, accessed 11 May 2018.

22 FCA Handbook, EG 3.11.

23 [2017] EWHC 1017 (QB).

24 Max Walters, 'Erosion of Privilege Lambasted by Society' (The Law Society Gazette, 15 May 2017), https://www.lawgazette.co.uk/news/erosion-of-privilege-lambasted-by-law-society/5061097. article, accessed 11 May 2018.

25 See July 2013 Office of Fair Trading (OFT) guidance for leniency and no-action in cartel cases, adopted by the CMA at OFT, 'Applications for leniency and no-action in cartel cases' (London, July 2013, www.gov.uk/government/uploads/system/uploads/attachment_data/file/284417/OFT1495.pdf, accessed 11 May 2018.

26 The FCA has rules in relation to whistle-blowing requiring certain regulated firms to implement procedures for handling whistle-blowing disclosures as well as a senior manager as their whistle-blowing champion. See FCA, 'FCA introduces new rules on whistleblowing' (6 October 2015), www.fca.org.uk/news/fca-introduces-new-rules-on-whistle-blowin, accessed 11 May 2018.

27 Prudential Regulation Authority and FCA, 'Financial Incentives for Whistle-blowers' (July 2014), www.fca.org.uk/publication/financial-incentives-for-whistleblowers.pdf, accessed 11 May 2018.

28 Department for Business Innovation and Skills, 'Whistleblowing Framework Call for Evidence: Government Response' (London, June 2014), www.gov.uk/government/uploads/system/uploads/attachment_data/file/323399/bis-14-914-whistleblowing-framework-call-for-evidence-government-response.pdf, accessed 11 May 2018.

29 Tesco Supermarkets Ltd v. Nattrass [1972] AC 153 (HL).

30 The Director of Public Prosecutions stated that 'the law on corporate liability in the United Kingdom makes it difficult to prove that a company is criminally liable if it benefits from the criminal activity of an employee, conducted during their employment'. CPS Blog, 'No further action to be taken in Operations Weeting or Golding' (11 December 2015), www.cps.gov.uk/news/latest_news/no_further_action_to_be_taken_in_operations_weeting_or_golding, accessed 11 May 2018.

31 Tim Harvey, 'Man on a mission: an interview with David Green, CB, QC, Director of UK's Serious Fraud Office' (Association of Certified Fraud Examiners, December 2013), www.acfe.com/article.aspx?id=4294980221, accessed 11 May 2018.

32 Ministry of Justice (MOJ), 'Corporate Liability for Economic Crime: Call for Evidence' (January 2017), consult.justice.gov.uk/ digital-communications/corporate-liability-for-economic-crime/supporting_documents/corporateliability foreconomiccrimeconsultationdocument.pdf, accessed 11 May 2018.

33 [2015] EWHC 865 (Admin).

34 Home Office, Revised Code of Practice for the Detention, Treatment and Questioning of Persons by Police Officers: Police and Criminal Evidence Act 1984 (PACE): Code C (Her Majesty's Stationery Office, 2014) Paragraph 6.

35 FCA Handbook, DEPP 6.1.

36 The Money Laundering, Terrorist Financing and Transfer of Funds (Information on Payer) Regulations 2017, SI 2017/692.

37 Historically, settlement took place informally. Section 42 of the Enterprise and Regulatory Reform Act 2013, however, introduced a formal settlement procedure.

38 Competition Act 1998 (CA98), Sections 31E and 34.

39 CA98, Sections 32 and 33.

40 CA98, Section 36(8) and Competition Act 1998 (Determination of Turnover for Penalties) Order 2004, SI 2000/309.

41 Enterprise Act 2002, Section 188.

42 Pursuant to Schedule 17 of the Crime and Courts Act 2013

43 SFO, 'SFO agrees Deferred Prosecution Agreement with Tesco' (10 April 2017), www.sfo.gov.uk/ 2017/04/10/sfo-agrees-deferred-prosecution-agreement-with-tesco, accessed 11 May 2018.

44 SFO and CPS, 'Deferred Prosecution Agreements Code of Practice' (August 2016), Section 2.1, www.cps.gov.uk/sites/default/files/documents/publications/dpa_cop.pdf, accessed 11 June 2018.

45 Ibid., Section 2.8.

46 The Public Contracts Regulations 2015, SI 2015/102, Regulation 57.

47 Her Majesty's Revenue and Customs (HMRC), 'Code of Practice 9: HM Revenue & Customs Investigations where we suspect fraud', (HMRC Digital Service, June 2014).

48 MOJ, 'Guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing' (March 2011), www.justice.gov.uk/downloads/legislation/bribery-act-2010-guidance.pdf, accessed 11 May 2018.

49 Waithera Junghae, 'SIL prosecution “makes mockery” of UK criminal process' (Global Investigation Review, 12 March 2018), globalinvestigationsreview.com/article/1166539/sil-prosecution-%E2%80%9Cmakes-
mockery%E2%80%9D-of-uk-criminal-process, accessed 11 May 2018.

50 Camilla de Silva, 'The Prosecutor's Priorities: investigative techniques, priorities and future DPA use within the SFO' (ABC Minds Financial Services Conference, 15 March 2018), https://www.sfo.gov.uk/2018/03/16/camilla-de-silva-at-abc-minds-financial-services, accessed 11 May 2018.

51 HMRC, 'Tackling tax evasion: Government guidance for the corporate offences of failure to prevent the criminal facilitation of tax evasion' (1 September 2017), https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/672231/Tackling-tax-evasion-corporate-offences.pdf, accessed 11 May 2018.

52 CMA, 'CMA's guidance as to the appropriate amount of a penalty' (18 April 2018), https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/700576/final_guidance_penalties.pdf, accessed 11 June 2018.

53 FCA Handbook, SYSC 3.2.6R and SYSC 6.1.1R.

54 In November 2015, the FCA fined Barclays Bank plc £72.6 million for failing to minimise the risk of being used to facilitate financial crime. In doing so, the FCA found that the bank had arranged and executed a £1.88 billion transaction for numerous ultra-high net worth politically exposed persons without conducting adequate due diligence or establishing the purpose and nature of the transaction. Importantly, the FCA did not find that the funds at issue had been produced, in whole or in part, by underlying criminal activity. The FCA nonetheless fined Barclays Bank plc for regulatory failings. See FCA, 'Final Notice to Barclays Bank Plc' (25 November 2015).

55 Director of Public Prosecutions, Director of the Serious Fraud Office, Director of the Revenue and Customs Prosecutions Office, 'Guidance on Corporate Prosecutions', https://www.cps.gov.uk/legal-guidance/corporate-prosecutions, accessed 11 May 2018.

56 SFO and CPS, 'Deferred Prosecution Agreements Code of Practice' (August 2016), Section 2.9.1, www.cps.gov.uk/sites/default/files/documents/publications/dpa_cop.pdf, accessed 11 June 2018.

57 [2018] EWHC 856 (Admin).

58 Part 1 of the Criminal Justice Act 1993 applies to the sections of the Theft Act 1968 that have not been repealed.

59 Part III of the Criminal Finances Act 2017 (CFA).

60 So far, the European Commission has recognised the following as providing adequate protection: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, New Zealand, Switzerland and Uruguay. See European Commission, 'Adequacy of the protection of personal data in non-EU countries', https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en, accessed 11 June 2018.

61 Case C-362/14.

62 The Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems (High Court of the Republic of Ireland, unreported judgment of Ms Justice Costello, 3 October 2017, [2016 No. 4809 P]).

63 Ibid., unreported request for a preliminary ruling by Ms Justice Costello, 12 April 2018, [2016 No. 4809 P]).

64 [2016] EWHC 3161 (Ch).

65 Three Rivers District Council and Others v. The Governor and Company of the Bank of England [2003] EWCA Civ 474.

66 Bilta (UK) Ltd (in liquidation) and others v. Royal Bank of Scotland and another [2017] EWHC 3535 (Ch).

67 CFA, Sections 1 to 6.

68 Alexandra Rogers, 'SFO in talks to change its funding arrangements for “blockbuster” cases' (City A.M., 13 March 2018).

69 Reuters Staff, 'Airbus faces large fine in corruption probe – report' (Reuters, 15 September 2017),
https://www.reuters.com/article/britain-france-sfo/airbus-faces-large-fine-in-corruption-probe-report-idUSL5N1LW48Z, accessed 11 May 2018.