- Solicitors For Business
- Solicitors For You
- About Us
- News & Events
Deferred Prosecution Agreements: What and Why?
Deferred Prosecution Agreements explained
The government has introduced deferred prosecution agreements, which will give companies an alternative to prosecution. This video discusses the implications of these agreements:
Transcript an introduction
What I'm here to talk today about is the deferred prosecution agreement.
There are no deferred prosecution agreement arrangements in this country at the moment. They are going to be introduced in the next parliament. I'm putting together a response to the Ministry of Justice on our thoughts on the consultations. If anyone is interested then by all means you're very welcome to contribute because I certainly don't have all the ideas by any means and I would like to see what other people have got to think about it.
This is an agreement reached between an offending company and, and I'll use the American example for now, either their Department of Justice or the SEC, the Security and Exchange Commission in the US, to pay a fine over a particular period, and that's often two to three years, in turn for a discontinuance of proceedings that are initiated but not then pursued at the court in the US.
That agreement will then come with conditions, perhaps changes of governance, perhaps changes of staff, perhaps removal of staff, perhaps reinstatement of staff, and then of course the fine. When you think that in 2011 the Department of Justice and the SEC together entered 29 non-prosecution agreements and deferred prosecution agreements, there is a distinction. I'll very quickly deal with those at some point.
The average fine in each of those deferred or non prosecution agreements was around $100 million. These are big issues for companies, particularly when you think some of the agreements involve $150 million, $160 million, $200 million. The SEC and the DOJ in America are collecting billions from these agreements, and of course the Ministry of Justice here want some of that action because they can see that some of the countries or some of the companies, sorry in the US, have associations here that would have allowed them, in other words us, to collect that money to impose the deferred prosecution agreements if those arrangements had been in place.
So what really is the main problem with the arrangements that we've got at the minute? There are very, very few corporate prosecutions as you know; the problem is finding the directing mind, the problem is finding the directing will within the company to peruse individuals. Regulatory offences commonly result in large fines, but you don't tend to see individuals prosecuted.
Background and DPA chess
On 24th February 2014, an important weapon was added to the law enforcement armoury in the UK. The Deferred Prosecution Agreement is supposed to be a public, transparent agreement between an organisation and the prosecutor to defer (and ultimately withdraw) a prosecution as long as certain terms are met. This can include the payment of a stiff financial penalty, compensation, disgorgement of profits and the implementation of anti-bribery / corruption measures.
DPAs have finally crossed the Atlantic on a wave of promise, notwithstanding comments made by many in agreement with Lord Justice Thomas in the Innospec case. He branded attempts at implementing cross-jurisdictional settlements in criminal proceedings as repressing the discretion of judges, ultimately concluding that 'no such arrangements should be made again'. Critics with an eye on Innospec have been satisfied to a degree by the increased emphasis on early judicial involvement in the UK DPA arrangements. Most of the US DPAs are highly polished by the time a judge becomes involved. However, cases like Innospec remind the UK government that the US Foreign Corruption Practices Act (FCPA) is an important spanner in the law enforcement toolkit. It has been used with increasing success in recent years by the US Department of Justice (DOJ) and their Securities and Exchange Commission (SEC) to impose some dramatic financial penalties as part of their DPA arrangements.
The potential benefit to the exchequer is not lost on the UK government and although the FCPA attracts its fair share of criticism, it is no surprise that the Serious Fraud Office in particular is looking forward to flexing its new muscles in the UK version of the DPA. A number of cases with 'DPA potential' are under investigation and 2014 should see at least one interesting confrontation between two heavyweights, neither of whom have any intention of blinking first. Will it be the SFO with access to 'blockbuster funding' and bulldog rhetoric, or the corporation with stories of the SFO’s previous failures to properly manage the evidence? Will the SFO be able to convince its first customer that a DPA is the better option or will the customer call the SFO's bluff and invite an expensive prosecution?
Until relatively recently, the SFO found it difficult to shake a proper stick at organisations who decided not to self-report fraud or corruption within the organisation. Now, the SFO is assisted by -
- The Bribery Act 2010
- A change in personnel, including the notable appointment of proper expertise
- A move to nice(r) offices and perhaps culture
- New sentencing guidelines for offences committed by organisations
- Clearer codes for prosecutors
- A better funding regime in the form of ‘Blockbuster’ contingency assistance from the Treasury and
- A notable change in the substance of the speeches made by the SFO’s director David Green, especially in terms of civil remedies
All of this (and more) has enabled the SFO to say with more force: 'Come clean and engage with a DPA because you won't like the alternative'. The high standard of proof in establishing corporate criminal liability is still a fly in the SFO's enforcement soup, but this may change.
Critics are already beginning to rehearse the arguments originally used to smear the reputation of the FCPA - corporations should not be able to buy their way out of a prosecution, ultimately passing the cost of the penalty onto the public, shareholders and the job centre. An occasional high-profile board-level prosecution should go some way to answering those critics, but not all of the pieces are on the chess board yet and organisations will still take some convincing that a DPA is the better option. All of this assumes that organisations are properly advised on what they might be letting themselves in for.
What does the DPA aim to achieve?
The UK DPA is implemented through the addition of Part 12 of the Criminal Procedure Rules, and guidance on a more practical level is to be provided through a Code of Conduct published by the Director of Public Prosecutions and the Director of the Serious Fraud Office. The DPA attempts to act as an incentive to organisations undergoing investigation by offering a negotiated, court-approved, written settlement. By complying with the terms of the agreement, criminal prosecutions will be deferred and ultimately discontinued. The ongoing possibility of prosecution is meant to ensure compliance on the part of the company due to the potentially fatal consequences of criminal conviction. Furthermore, DPAs will avoid plenty of collateral damage to blameless employees and shareholders. At least that's the theory.
For prosecutors, the DPA is attractive as it avoids the huge expense and uncertainty that accompanies a criminal trial. For the organisation, it offers an opportunity to remedy unlawful activity without prosecution and can limit civil liability. Effectively, the DPA introduces a statutory basis for a type of 'plea bargaining' in England and Wales. Not all organisations will be invited to engage and negotiate a DPA. Each scenario will be considered on its own merits and phrases like 'meaningful self-reporting' and 'frank disclosure' will become an important part of the SFO repertoire. The Code of Practice will list factors that the prosecutor may take into account when deciding whether a DPA is appropriate, such as:
- Whether the offending represents isolated actions by individuals
- Whether the offending is not recent and the organisation is effectively a different entity
- Whether a conviction is likely to have disproportionate consequences
The SFO will want organisations to know that they must enter the process of negotiating a DPA with a clear understanding of the benefits and the consequences of failing to cooperate. Proper legal advice will be a fundamental part of that process because a DPA may echo through the organisation for many years after the event.
What does the DPA regime look like?
Section 45 of the Crime and Courts Act 2013 enacts Schedule 17, containing the DPA provisions that encompass fraud, bribery and money laundering. The prosecutor must either be able to show that the evidential stage of the Full Code Test in the Code for Crown Prosecutors is satisfied, or that there is "at least a reasonable suspicion based upon admissible evidence" that the crime has taken place along with "reasonable grounds for believing that a continued investigation would provide further admissible evidence within a reasonable period of time". The prosecutor must also establish that the public interest would be properly served by not prosecuting and instead entering into a DPA.
Applying the same evidential test in a multitude of scenarios across industry sectors will be a challenge in itself and defining the 'public interest' will invite any number of political arguments. Timely judicial intervention may discourage the overzealous and encourage common sense but there is no avoiding the culture change. The court is going to find itself playing a slightly different game and it is only a matter of time before someone tests the court's resolve.
A DPA must contain a statement of facts that relate to the alleged offence and the requirements expected of the organisation. Drafting these documents for US DPAs has been regarded by some as a dark art and time will tell whether the same practice creeps into the UK. Statements of facts in US DPAs may be the subject of scrutiny by shareholders, competitors, other law enforcement agencies and politicians in the age old practice of circling injured prey. Innospec is a prime example. Having settled an expensive civil claim in 2011, the offending corporation faces a new allegation from a competitor claiming that the bribes prevented the competitor from securing lucrative contracts.
The agreement must contain an expiry date and when this date is reached, the prosecutor will give notice that it does not want the proceedings to continue. After expiry, the organisation cannot be subjected to new proceedings for the same offence unless:
- The DPA has been terminated for breach; or
- Inaccurate, misleading or incomplete information was provided to the prosecutor and the organisation ought to have known that this was the case
Examples of requirements stipulated by a DPA include:
- Paying the prosecutor a financial penalty
- Giving compensation to any victims of the alleged offence
- A donation to charity or another third party
- Disgorging profits that have been made from the alleged offence
- Formulating and putting into existence a compliance programme
- Full cooperation in any investigation relating to the offence
- Reimbursing the prosecutor any reasonable costs incurred due to the investigation
The last bullet point is particularly interesting. Charging the costs of the investigation to the organisation is not a new concept in the UK. However, the scope for challenging the cost of investigations as part of the DPA arrangements will be an interesting battleground and organisations will need careful advice on how this particular cost should form part of their calculations.
The decision to act under a DPA will be reached before any proceedings have been commenced. Preliminary judicial approval will be sought before the prosecutor can draft the terms of the final agreement. The preliminary hearing will be in private and will determine whether to issue a declaration that entering into a draft DPA with the relevant organisation is likely to be in the interests of justice and that the terms contained are fair, reasonable and proportionate. The court is required to give reasons for its decision, but these will be private until the final DPA is approved. At the final hearing, the court will revisit whether the DPA is in the interests of justice and whether the terms are just, reasonable and proportionate. If the DPA is approved, reasoning will be given in open court. The terms of the DPA will be finalised and the agreement will be brought into force at the end of the hearing.
Following the final hearing (if approval has been given) the prosecutor must publish:
- The DPA
- The declaration of the court approving the final DPA
- The reasoning for this decision
- The previous declarations, whether these are positive or negative, at prior preliminary hearings
If things go wrong?
Throughout the duration of the DPA, the prosecutor will monitor compliance and is able to make an application to court if a breach is alleged, which will be determined by the court on the balance of probabilities. If a breach is found, the court can invite the parties to agree to a remedy for the failure or it has the option to terminate the DPA. The UK DPA will therefore operate with a greater level of judicial involvement in breach proceedings, but the prospect of breach litigation underlines the need to exercise the utmost care in negotiating the statement of facts and agreement terms. Even if a breach is not found, the application must be published by the prosecutor.
In the alternative scenario, whereby the DPA is not approved by the court, the prosecutor is not able to rely on the fact it conducted DPA negotiations or any draft DPA, unless:
- Any future proceedings against the organisation are for an offence consisting of the provision of inaccurate, misleading or incomplete information; or
- In proceedings for an alternative offence, there is a statement in evidence made by the organisation that is inconsistent with a statement made in the course of the DPA process
It is important to note that although these restrictions are present, admissible evidence from the proceedings includes:
- Other evidence obtained from investigations pursued as a result of anything said in any unsigned statements of facts or a draft DPA
- Pre-existing material provided by the organisation during the DPA process: and
- Information obtained by the prosecutor from other sources
The organisation will therefore need to exercise great care in the nature, extent and accuracy of disclosure because if a DPA is not approved, it may still be used as a springboard in a number of subtle ways to the organisation's ultimate prejudice.
The revised Code of Practice deals with these practical issues regarding DPAs and provides the guidance for the whole process from initially deciding whether a DPA is appropriate, to the drafting of the DPA, involvement of the court, purported breaches of DPAs and discontinuance.
Guidelines on prosecutions
The code for prosecutors is a public document setting out the general principles that Crown prosecutors should follow when making decisions on cases. This includes whether there is enough reliable and credible evidence against the defendant so there is a realistic prospect of conviction, and whether it is in the public interest for a prosecution to take place. Factors taken into consideration include the seriousness of the offence committed and the culpability of the individual involved.
Guidance on whether the corporate body will prosecute will also be sought from the Guidance on Corporate Prosecutions and, if it is relevant, the Joint Prosecution Guidance of the Director of the SFO and the Director of Public Prosecutions on the Bribery Act 2010. Guidance on Corporate Prosecutions is comprehensive from providing definitions of companies, explaining how liability may come about i.e. through vicarious liability or non-vicarious liability. Where offences are not strict liability, the identification principle is used, which acknowledges the existence of corporate officers who are the embodiment of the company when acting in its business, which may still be the case where the individual was acting in fraud.
The latter guidelines take a robust approach in tackling commercial bribery, but it is not restricted to these matters. It draws on the tests in the Code for Crown Prosecutors and it is stated that there is an inherent public interest in bribery being prosecuted to give practical effect to Parliament's intention. The guidance covers both active and passive bribery.
When deciding whether a DPA may be appropriate, the Code of Practice states that these must be kept in mind. When selecting which cases of fraud to prosecute, the SFO looks for the following features including cases:
- That undermine UK commercial/financial PLC in general
- Where the actual or potential loss involved are high
- Where actual or potential harm is significant
- In which there is a significant public interest element
Will the DPA live long and prosper?
The US has long relied on the DPA and as a result has adopted a mature process, supported by the courts. It continues to attract criticism, largely because of the power vested in the DOJ / SEC but the straightforward numbers and increasing reliance upon the US DPA suggests a good degree of success. In 2013, the US authorities presented evidence that 28 non-prosecution and deferred prosecution agreements produced almost $2.9 billion in financial penalties.
Whether this will be the case in the UK is questionable. A clear difference between English and US criminal law is the standard of proof required to establish corporate liability. English law requires a high standard, stating that the offence must be attributed to someone who at the relevant time was the ‘directing mind and will’ of the company or to be an ‘embodiment of the company’. Difficulties in meeting this standard have meant prosecutions have been very limited. Since 2000, only four companies have been convicted following prosecution by the SFO, largely due to this requirement.
The US apply a lower standard of proof, meaning that the threat of corporate prosecution is traditionally felt more by corporations with operations in the US. As a result, the DOJ / SEC can negotiate with more confidence. There are indications that changes are occurring in this area, including the strict liability offence contrary to Section 7 of The Bribery Act 2010 for corporates that fail to prevent bribery by not having adequate measures in place.
David Green (head of the SFO) has further debated the scope of available sanctions with prominent figures including the Attorney General, the Solicitor General and the Law Commission, to include a failure by corporates to prevent acts of financial crime committed by its employees. It is said that this power would be used in exceptional cases and this would particularly be the case where the company had directly profited from the criminal conduct of its staff.
There are a number of reasons why the UK DPA arrangements will not operate in quite the same way as the American cousin. Quite apart from the legislative differences, the political environment is different. The way in which many international organisations interact with their subsidiaries in the UK (and agents outside the UK) is different and, having regard to its relative size, the UK’s reliance on the financial markets is different. The law of unintended consequences will also have something to say, but perhaps the most interesting burden will rest upon the judiciary. The court's role may take time to settle, even though the intended role is clear enough through the response to the consultation process. The SFO's choice of case for a UK DPA could be critical in setting the tone, just as it was with the FCPA. If Innospec is any measure of the court's current resolve, David Green is preparing to shoulder an unenviable burden. He has been careful not to launch his appointment at the SFO with some swift showcase Bribery Act prosecutions. The pressure has been building and each advance in terms of funding or appointment of expertise has been followed by a tactical announcement; all part of reminding organisations that they should put adequate measures in place, self-report wrongdoing and act in the best of faith.
However, the SFO has made it clear that it will continue to prosecute if it is in the public interest to do so. DPAs (or civil recovery orders for that matter) will not be handed out automatically to those who self-report. Companies will be required to provide incriminating information at an early stage without a guarantee that a prosecution will not take place. Notwithstanding all of the guidance issued by the SFO, the MOJ and the government at large, nobody will want to cross the river first without some special assurances or a very large shove in the back.
Organisations operating across multiple jurisdictions
Many of the organisations with 'DPA potential' will be those with interests across several jurisdictions, in many cases involving areas of the world where bribery and corruption is commonplace. The Code of Practice will confirm that the prosecutor needs to reference any concurrent jurisdictional issues so a court can consider why a DPA is in the interests of justice (as well as being fair, reasonable and proportionate). The DPA will only deal with UK liability, although the activity giving rise to the UK liability can occur outside the UK.
Where liability falls outside the scope of the DPA or UK prosecution, it is expected that the practice will develop whereby (through cooperation with the UK prosecutors) organisations can expect investigations to continue in other jurisdictions. This may eventually create interesting scenarios whereby prosecutors and organisations in the UK and US argue about which DPA should apply and, ultimately, where part of the financial penalty or compensation should be paid. Given time and the participation of more jurisdictions, the concept of 'DPA shopping' might not be as ridiculous as it sounds now.
What is the SFO up to?
It is clear that the SFO aims to increase high-profile corporate prosecutions from 2014. The SFO has recently been granted additional ‘blockbuster funding’ from the UK treasury to aid in the bribery and corruption investigation into Rolls-Royce in China and Indonesia. Arrests have been made and since Rolls-Royce is the second largest maker of aircraft worldwide, the SFO's ability to proceed with treasury support is evidence of their commitment to focus on the 'top slice' of economic crime. Allegations of corruption are not new to the defence and aerospace industry, where intermediaries are often used and are sometimes difficult to control in jurisdictions where anti-corruption measures are not high on the agenda.
Whether a DPA will emerge from the Rolls-Royce investigation remains to be seen, but the SFO will almost certainly have a number of prospects to choose from by the end of the year. Arrests have been made as a result of the Libor enquiries and the pharmaceutical industry remains in the running. The construction industry warranted some recent attention and the Financial Conduct Authority (FCA) recently took over from where the FSA left off by dishing out some hefty fines to make its presence felt.
The SFO will still need to choose the first candidate carefully and every step taken in that case will be closely watched by anyone concerned in advising corporate clients regarding their exposure to the relevant risk. This could include advice on choice of markets, intermediaries, finance and subsidiaries in conjunction with advice on avoiding 'inadequate measures' liability contrary to Section 7 of The Bribery Act.
Sentencing Council: Fraud, bribery and money laundering: corporate offenders: Definitive Guideline
These guidelines apply to organisations sentenced on or after 1 October 2014, regardless of the date of offence. Releasing the guidelines ahead of the enactment of a new corporate offence appears odd at first, but it coincides with the new DPA regime and is in keeping with the continuing rationalisation of the sentencing exercise. The timing also acts as a reminder that a DPA or civil recovery order is not necessarily going to become the preferred option.
How will the court approach the exercise? It gets a bit technical from this point, but it is worth rehearsing because any organisation weighing the options will want as much certainty as possible.
Step One: Compensation
The court must consider making a compensation order requiring the offender to pay compensation for any personal injury, loss or damage that arises out of the offence in such an amount as the court considers appropriate. Priority is given to compensation over financial penalty.
Step Two: Confiscation
This must be considered if the Crown court thinks it is appropriate. Confiscation is an article in itself but recent events should not mask the Crown's ability to pursue significant sums by using existing provisions of The Proceeds of Crime Act 2002
Step Three: Determining the offence category
This is done in relation to culpability and harm. Culpability is demonstrated by the offending corporation's role and motivation, which may be demonstrated by one or more of the following non-exhaustive characteristics:
- High culpability includes aspects such as wilful obstruction of detection and involving others through pressure or coercion; whereas medium culpability includes factors such as - activity which is not unlawful from the outset
- Harm is represented by a financial sum with reference to the table provided in the guidelines. In cases of fraud, harm will normally be the actual or intended gross gain to the offender. In bribery cases, it will be the gross profit from the contract obtained, retained or sought as a result of the offending
Step Four: Starting point and category range
The harm figure from step three is multiplied by the relevant percentage figure representing culpability. The court can consider adjustment from this starting point and examples of aggravating and mitigating factors are given.
Step Five: Adjustment of the fine
The court should effectively step back and consider the overall effect of its orders in this step. It ought to achieve the removal of all gain, appropriate additional punishment and deterrence.
Step Six: Factors that would indicate a reduction
Step Seven: Reduction for guilty pleas
Step Eight: Court must consider ancillary orders
Step Nine: Totality principle
If sentencing an offender for more than one offence, consideration must be given to whether the total sentence is just and proportionate.
Step Ten: Reasons
Section 174 of the CJA 3001 imposes a duty to give reasons for, and explain the effect of, the sentence.
If DPAs are offered, negotiated, drafted, sanctioned and monitored appropriately, they offer organisations the opportunity to resolve some difficult problems they may have accumulated over the years without facing prosecution. They will also save prosecutors the uncertainty and expense that criminal trials involve. The first candidate will have to be chosen carefully. However, everyone will need to engage in the process with their eyes fully open and this could involve advising organisations on a wide range of risk topics.
The organisation's lawyers and the SFO are preparing to shoulder a hefty burden, but watching the judiciary deal with the first DPA could be most interesting. The DPA arrangements will require a significant cultural shift and if the SFO picks the wrong candidate for their first DPA, the court may find itself under pressure to wade a little deeper than it wants to, in order to micro-manage the exercise. If things go dreadfully wrong with individual cases, as they will from time to time, many will ask in years to come - was it really worth it? It is of some concern that as long as the fines keep rolling in and the economy improves, the government's unswerving answer will be 'yes'.
The first UK Deferred Prosecution Agreements
So that's a Deferred Prosecution Agreement?
Funny how a real world example focuses the mind. Not that long ago, the UK Bribery Act was seen as an impulse purchase; one of those garden tools at the back of the shed. It came with lots of instructions and good intentions but was never really going to have an impact. It has taken a little while but the Deferred Prosecution Agreement (DPA) between ICBC Standard Bank and the Serious Fraud Office is set to advertise the existence of the SFO's newest enforcement option in the UK. Applied through section 7 of the Bribery Act 2010 - failing to prevent bribery, the agreement acknowledges wrongdoing on the part of the bank's subsidiary, ensures that it cleans up its act and obliges the bank to sign some very large cheques in favour of a number of very grateful authorities. In return, the bank itself will not be prosecuted if it 'behaves' over the deferred period of three years. The DPA is significant because it is the first one of its kind in the UK and it is the first time a corporation has been sanctioned for failing to prevent bribery under section 7 of the UK Bribery Act.
The scores on the doors
The agreement was a cost-effective exercise for the SFO. The court awarded costs in favour of the SFO in the sum of £330,000 and this compares well with the much higher prosecution costs of a trial, which might not be recovered. As a result of the ICBC Standard Bank agreement, the 'consolidated fund' (i.e. the Treasury) will receive $16.8 million by way of a fine and the Tanzanian government will receive $7 million compensation for its trouble. The bank must also extract or 'disgorge' the profits made from the wrongdoing. This has been calculated as $8.4 million and will also be paid to the consolidated fund.
Price Waterhouse Cooper has been engaged to ensure implementation of the appropriate anti-bribery and corruption measures. It will agree the scope of its work with the SFO, although it will follow the lines of a S166 'skilled persons' report. It has not been appointed to formally monitor compliance with the DPA - an onerous and expensive undertaking for all involved. The SFO will ultimately take a view on the level of compliance over the three year deferred period by referring to the outcome of the PWC report(s).
What did the bank do wrong?
Interestingly, the agreement is based upon a failure to prevent bribery in an arrangement whereby government officials were paid $6 million to prefer the bank when raising finance for the Tanzanian government. The statement of facts describes how the money was paid by a subsidiary named Standic Bank Tanzania Ltd to a consultancy firm EGMA Ltd that, as it turn out, served no legitimate purpose. The money was subsequently withdrawn in cash and disappeared into the night, present whereabouts unknown. It was not alleged that ICBC Standard Bank itself was involved in the unlawful activity and the activity occurred before ICBC bought a 60% share in the business. Nevertheless, the availability of a DPA in this case demonstrates that one does not have to hold the smoking gun to be guilty of an offence and if you are thinking about buying a stake in a business engaged in an area of significant risk, make sure your due diligence is thorough.
Corporations will also notice that the statement of facts in this case runs to 55 pages, including extracts from interview transcripts. Indeed, some paragraphs could have been lifted from a prosecution case opening to a jury. This contrasts with much shorter statements in many US DPAs and although the ICBC Standard Bank was not obliged to make 'admissions' as one would in a guilty plea to a conventional indictment, it was obliged to agree the statement of facts. This will be of interest to many third parties, including shareholders or individuals who might become the subject of associated criminal litigation.
David Green, head of the SFO, has been teeing up the DPA for some time. In various speeches, he and his colleagues have been warning of the need for corporates to contemplate their relationships with wayward agents, know your client, make bribery and corruption a focal point in acquisition due diligence etc. Over time, gentle nudges have been turning into pokes in the back. The SFO wants businesses to self-report wrongdoing if it is to maximise its chances of avoiding a prosecution. Note that the SFO don’t necessarily want a polished internal fraud report from corporate lawyers who spend months undertaking their own investigations (although that's largely what they got in this case). Neither do they want to receive reports about things they already know. They want genuine and timely engagement, and it is no accident that the ICBC Standard Bank agreement was 'chosen' as the first DPA. The SFO had a number of candidates, but the first was always going to be a template and it had to be capable of withstanding public scrutiny. The SFO's announcement will have been carefully drafted.
Much was made of the level of cooperation between the bank and the SFO. The relevant activity was reported to the Serious and Organised Crime Agency (now the National Crime Agency) very soon after it was discovered and the bank disclosed material in circumstances where the SFO would have found it difficult to obtain that material if the bank had put up a fight. Not all companies will be able to disclose certain material held by third parties and many will not want to. The subtle distinction between 'can't' and 'won't' will certainly be an issue in other DPA negotiations.
Mr Green has been careful to avoid outright promises but, let's face it, the SFO cannot afford to prosecute everyone and even though it might have access to Treasury 'blockbuster funding' from time to time, a long string of prosecutions is not going to attract big investment to the UK. Neither would judges thank the SFO for snarling up Southwark Crown Court with endless consecutive mega-trials, some of which would probably collapse. This DPA also highlights the consequences of conviction after trial when considering the potential impact upon employees, shareholders and other innocent third parties. Until now, the prosecution toolkit has lacked a few spanners and although alternatives to prosecution have been in the box for some time (such as civil asset recovery under Part 5 Proceeds of Crime Act 2002), they just don't have the sex appeal of a DPA.
Legal culture v mathematics
David Green will be quick to point out that a DPA is not the default option and he might actually mean what he says. Our American cousins have been cooking up DPAs with less judicial intervention for years and much of the criticism in the US revolves around some obvious themes - corporations are buying their way out of prosecution. Shareholders and customers are paying for executive criminality. The SFO simply cannot afford to start the UK DPA journey with the notion that corporations need only self-report and form an orderly queue for their agreement. This approach would be incompatible with the greater level of judicial scrutiny in the UK and would not suit the enforcement culture, even though that 'culture' is not easily defined.
It is no surprise that the first UK DPA arose out of Section 7 UK Bribery Act. On the face of it, the wrongdoing was very serious - bribery of government officials to the tune of $6,000,000 where the money has not been recovered. However, section 7 permitted the court to focus on the limited role of ICBC Standard Bank and the level of cooperation meant that the wrongdoing suited a DPA very well. A greater challenge will arise when the SFO has to deal with more direct unlawful behaviour. To what degree will it (and the court) fit a square peg into a round hole?
To be fair, the higher level of judicial scrutiny will make it more difficult to squeeze a UK DPA into an inappropriate case. Although the preliminary hearings are in private, the ratification of a DPA prompts the publication of the earlier private hearings. Publication in this case did not reveal anything particularly controversial (the SFO would not have chosen a controversial example as its template case), but it will be interesting to see how the judiciary work through problems in court as use of the DPA develops.
However, the suitability of a DPA in this case was not without difficulties. The bank was the subject of regulatory intervention in 2014 for failing to conduct enhanced due diligence in relationships potentially involving politically exposed persons. The Financial Conduct Authority imposed a fine on Standard London (as it was then), but it seems that this episode did not preclude the suitability of a DPA in 2015. One wonders whether a corporation with a significant regulatory history might be less inclined to self-report a problem if it thinks that it will not be eligible for a DPA. The SFO will certainly not want to discourage self-reports for this reason because automatic DPA disqualification might drive wrongdoing underground and high level cooperation with the investigation is the key to a good DPA.
A second difficulty may arise when meeting the burden of proof in cases where a DPA is considered. Any decision to prosecute requires consideration of the Code for Crown Prosecutors and this involves establishing a 'reasonable prospect of conviction'. However, even though the SFO was prepared to name individuals responsible for offences of bribery in the present case, it did not assert a reasonable prospect of conviction. The SFO submitted that, through a consideration of some admissible evidence, it had - (i) established a reasonable suspicion that the company had committed an offence and (ii) it had reasonable grounds to believe that further investigation would produce more admissible evidence favouring a conviction. This is the lower threshold found in the DPA Code of Practice. The distinction was not important for this DPA but it could be critical in other DPA negotiations, especially if the SFO wants to secure convictions against individuals by using the evidence referred to in the statement of facts.
The benefit to the Treasury cannot be ignored and time will tell whether mathematics or culture prevails. In reality, politics will ensure that DPA money flows into the Crown's account while words such as independence, codes of practice, fairness and proportionality are pushed to the front of the enforcement shop window. We are told not to expect a high number of DPAs. However, the UK is practiced at learning from the US and then creeping into the same mistakes.
Let's not forget the USA
The US got in on the act as well. The Securities and Exchange Commission (SEC) charged ICBC Standard Bank with failing to disclose the relevant payments intended to influence a government decision. The action was settled with an internal administrative order, rather than a prosecution. The SEC directed ICBC Standard Bank to pay a $4.2 million civil penalty. It also ordered the disgorgement of $8.4 million profits, although this was satisfied by the disgorgement agreed in the UK DPA. No UK tax reduction in relation to the financial implications of the agreement can be applied by the company. The episode underlines the need to anticipate the potential involvement of other jurisdictions in deciding whether to self-report.
When might a DPA be relevant to me?
Like most complex things in the impenetrable world of legal stuff, the DPA concept is actually fairly simple.
Let's say you are a notable PLC. Look at your business; with whom do you deal? How do you deal with them and what is the result? What do you promise and how do you deliver? Stand back and look at the arrangement as if you are giving evidence? Do you feel OK?
To put it another way, think about a scenario in which someone wants to buy your business. Complex anti-bribery and corruption software is becoming awfully fashionable, able to spot red flags at increasing distances. Are you comfortable with the relationship between your South African affiliate sales team and the respective government department offering a lucrative public contract? Are you able to demonstrate compliance to your prospective purchaser.
Let's imagine that you can't. Problems have been developing over the last couple of years. You can put it right - at some commercial cost - but that won't deal with what has gone on before and you will almost certainly lose your buyer because they will fear a prosecution and possible shareholder action. What do you do? Cover it up and let the government contract run its course? Who's going to know?
The DPA now offers an alternative. It is not without pain, but can be the lesser of two commercial evils. Your buyer is very keen to proceed but wants some assurances before they agree to invest. A self-report is considered and you want to know whether your company (or perhaps individuals within the company) will be prosecuted in the event of disclosure. What can you learn from the ICBC Standard Bank agreement?
- A DPA is not something you can ask for and expect. It is offered by the SFO if criteria are met
- So far as possible, you need to identify exactly what has gone on and who was involved
- In doing so, don't destroy evidence and don't make the situation worse
- Avoid further offences such as tipping off
- Does the activity actually amount to a criminal offence?
- Might a whistleblower emerge?
- The timing of engagement with the SFO could be critical
- Get advice on whether this really is a matter for the SFO and a potential DPA
- Notionally calculate the profit from the unlawful activity
- Calculate the likely financial penalty and direct cost
- Discuss the relative reputational impact of prosecution and a DPA
- Think about the cost of monitoring during the potential deferment period
- What will it cost to implement changes to the AML and anti-bribery policies?
- Where relevant, prepare to engage with more than one jurisdiction
- Be mindful of the potential for satellite litigation from shareholders etc.
- Is your Directors and Officers / management liability insurance policy up to date and sufficient?
- If you don't self-report, will the SFO (or another prosecuting agency) come after the company anyway?
- To what degree will you have to cooperate with the SFO in any parallel criminal proceedings and will this cause conflict within the organisation?
- A conviction or a DPA could prevent the business from pitching for government contracts or from effectively entering certain markets. Negotiation could mitigate that cost
The list could go on, but these themes will be common to all board-level discussions in light of the ICBC Standard Bank DPA and it really comes down to this - now that we have a real example of a DPA to work with, what have you got to lose in the event of a self-report or a decision not to self-report, and what are the chances of prosecution? The full judgement of RT. Hon. Sir Brian Leveson provides many pointers including comments on the public interest, the concept of fairness in the proceedings and the responsibilities owed to shareholders, as well as the reputation of the banking community at large.
Preventing the problem
Where a corporation does not have a problem warranting a serious DPA discussion, but is interested in improving its anti-money laundering and bribery procedures, this DPA holds a few lessons. At the sharp end of the wrongdoing, it demonstrates that high risk can be diluted by 'layering' problems that, in isolation, only appear to require standard due diligence. When the unlawful activity is unravelled, it only then becomes clear that enhanced due diligence was essential. At the other end of the DPA, the judge's comments, the statement of facts and the outcome itself now make it easier for lawyers and accountants etc. to bring some real world advice to the boardroom table.
Engagement with the SFO
If a decision is made to self-report and the SFO expresses an interest, the journey has just started. Negotiations are exactly that and the agreement will have been the subject of some complex discussions. Either side could have withdrawn at various points in the knowledge that prosecution was an alternative and the judge could have refused to accept the proposal.
One also needs to remember that the subject of a DPA will be required to undertake certain tasks during the deferment period and a failure to comply can be the subject of expensive breach proceedings. This does not necessarily result in the termination of the DPA itself, but the risk of resuming the prosecution is always in the background. Let’s not forget that entering into a DPA involves charging the company with the criminal offence in the first instance and then deferring the prosecution. The indictment is withdrawn at the end of the deferment period when it is accepted that the subject has complied with the DPA terms. Even then, the subject cannot regard itself as absolutely free from scrutiny. The matter can be revisited in the event that the SFO subsequently detects bad faith or other wrongdoing in the negotiations leading to the original agreement. For that reason, the cleansing process needs to be thorough.
Entering into a DPA also obliges the corporation to assist the SFO with investigations relating to individuals suspected of criminality. In this case, the SFO specifically named two individuals and alleged that they committed Bribery Act offences. This has the obvious potential for conflict within the organisation. The ICBC Standard Bank was able to distance itself from the unlawful activity, especially since the two individuals are no longer employees of the subsidiary. However, there will be cases in which a company wants to self-report in circumstances where an employee denies the relevant allegation and conflict arises.
It is no coincidence that the DPA has been added to the toolkit at a point where greater compliance responsibility is being placed upon companies. For example, financial penalties levied by the FCA have been revised, new criminal offences have been added to the Financial Services Act 2000 and the SFO recently revised its Guidance on Corporate Prosecutions. Sentencing guidelines on fraud, bribery money laundering offences have been around since the middle of 2014 and although these revisions are beyond the scope of this piece, they necessarily form part of anticipating the advantages and disadvantages of pursuing a DPA. They provide a structure in which a corporation (and its advisors) can better judge what might result from a decision to engage with the SFO.