What do the next ten years hold for bribery and compliance law and enforcement?
A lot has happened over the last ten years in terms of bribery and compliance awareness and enforcement. The UK’s much heralded Bribery Act 2010 (“UKBA”) has replaced centuries’ old laws to become the global gold standard of bribery and corruption legislation. Deferred prosecution agreements (“DPA”s), once the preserve of the US Department of Justice (“DOJ”), are now available in several jurisdictions to resolve corporate misconduct. The importance of establishing a corporate culture that does not tolerate wrongdoing, backed by appropriate compliance policies and procedures, has never been greater. We have examined all these topics in previous articles. What, then, for the future?
Using our crystal ball we have identified four particular areas in which we predict there will be continued emphasis and development: moves to redefine or extend corporate liability for criminal wrongdoing; an increased emphasis on the public-private partnership to tackle financial crime; an increasing use of DPAs to resolve misconduct; and last, but most certainly not least, the continuing cooperation between global enforcement authorities to tackle and resolve large-scale bribery and corruption.
1. The re-examination of corporate criminal liability in the UK
The perceived challenges surrounding the prosecution of companies for criminal offences have been well-rehearsed over recent years. Enforcement authorities have highlighted the difficulties they say are presented by the “identification principle” under which it must be shown that a senior person representing the company’s directing mind and will was involved in or agreed to the relevant wrongdoing in order for that wrongdoing to be imputed to the company itself. The problem for prosecutors is that it can be very difficult to show that someone senior enough to be considered a directing mind and will was involved in or even knew about the misconduct, especially for larger companies, whose directors and senior officers may be far removed from the levels where criminal activities are typically alleged.
Any revision of the law relating to corporate criminal liability would naturally be fraught with controversy. Attributing criminal liability to corporates and other businesses, which can by their nature only act through natural persons, is considered by some to be legally inappropriate per se. Others argue that the challenges created by the current law weaken the reputation of the English justice system. Government pronouncements over the years have frequently suggested that reform may be on the cards. Calls for the review of English law regarding corporate criminal liability have also come from the Serious Fraud Office (“SFO”), anti-corruption NGOs and even the House of Lords Select Committee.
A Call for Evidence on Corporate Liability for Economic Crime published by the Ministry of Justice (“MoJ”) in January 2017 resulted in no clear consensus from respondents on what should replace the identification principle if it were to be revised. In November 2020 the Government asked the Law Commission to re-examine the issue. At the time of writing, a second Law Commission consultation (Corporate Criminal Liability – A discussion paper) had just closed. That consultation included a revival of the proposal first put forward in December 2014 by the MoJ (and subsequently reintroduced at the London Anti-Corruption Summit in May 2016 and reaffirmed by the then Attorney General the following September), to extend the “failure to prevent” concept of liability beyond section 7 of the UKBA to other economic crime offences as a new basis for corporate accountability. Were it to be accompanied by an “adequate procedures” defence, as in the UKBA, such a reform could potentially lead to a further overhaul of corporate culture and compliance programmes as organisations seek to protect themselves against additional criminal exposure. However, what exactly is meant by “economic crime” in this context is unclear. At the very least it would be likely to include fraud, money laundering and market abuse, although it could potentially be extended to other financial offences.
Whatever the outcome of this latest discussion, the question of how and when an English corporate should be held to account for the misconduct of those acting on its behalf is likely to be the topic of argument and debate for some time to come.
2. An increasing emphasis on the private-public response to financial crime
The idea that the detection and prevention of business crime is not just the preserve of government has been gathering traction for some time. Given the growing incidence of fraud, money laundering and related offences and the limited resources of enforcers, the private sector is increasingly being asked to step up and shoulder some of the burden.
The UK’s anti-money laundering (“AML”) regime already places stringent requirements on relevant persons to have systems and controls in place to identify, assess, manage and mitigate risk for the purposes of preventing and detecting money laundering and terrorist financing. It is likely that additional sectors will become subject to these requirements as criminals find new ways to carry out their activities. For example, following the transposition of the EU’s Fifth AML Directive into English law in January 2020, art dealers and auction houses became, for the first time, subject to the same obligations under AML legislation as financial institutions and estate agents. As criminals expand their financial operations, for example, by increasing their use of crypto-currencies, so the law will have to adapt to reflect the increased risk.
Not surprisingly, banks and other financiers take a very cautious and risk-adverse approach when deciding whether to report potentially suspicious activity, such as suspected money laundering. Just over 573,000 suspicious activity reports (“SARs”) were filed with the National Crime Agency (“NCA”) from 2019 to 2020, with the large volume of low-quality reports potentially putting significant strain on the NCA’s ability to deal with high-harm suspicious activity. SARs reform was included in the government's Economic Crime Plan of July 2019 and highlighted as one of the areas in which the private sector has a major role to play. In fact, the Economic Crime Plan was itself developed as a joint initiative between the public and private sectors, with input from major players in the banking and financial services industries.
The government has already indicated it will introduce new IT systems to improve data analytics and increase resources working in financial intelligence units responsible for processing SARs. But improved IT systems and increased intelligence come at a cost. In the March 2020 Budget, the government announced its intention to introduce a mandatory economic crime levy on regulated businesses as part of its commitment to tackle economic crime. A consultation seeking views on key aspects of the proposed levy, such as what it would pay for and how it should be calculated, as well gauging private sector views on contributing towards funding the fraud response, closed on 14 October 2020. At the time of writing no response had been published by the government. However, it is highly likely that the private sector will face increasing calls to help fund initiatives to tackle the threat and effects of financial crime. Those operating in the financial sector, and who may be assumed to benefit directly from the UK’s position as a global financial centre, may particularly find themselves expected to contribute.
3. An increasing use of DPAs to resolve corporate wrongdoing
When DPAs first became available, it was intended that they would provide a means of resolving alleged instances of economic crime by commercial organisations more quickly, cheaply and appropriately than under the existing procedures. The Crime and Courts Act 2013 designated the DPP and the Director of the SFO as prosecutors able to enter into DPAs and gave the Secretary of State powers to designate additional prosecutors in due course. The offences for which a DPA may be entered into number over 40 and include: statutory offences under the Theft Act 1968 (such as false accounting) and Fraud Act 2006; customs and excise offences; evasion offences (such as fraudulent evasion of VAT and failing to prevent facilitation of UK tax evasion); certain offences under FSMA 2000; and offences under the Financial Services Act 2012 (such as making misleading statements in relation to benchmarks, introduced in the context of the LIBOR-rigging scandal); and breaches of sanctions regulations. However, to date, only 12 DPAs have been entered into and almost all were in respect of bribery/ corruption offences.
While, arguably, the main practical outcome of the DPA regime so far has been the promotion of proportionate, effective and relevant corporate policies to prevent bribery and corruption by employees and agents, it seems something of a missed opportunity not to have deployed the carrot to incentivise similar developments in other high risk compliance areas. Offences particularly relevant to the financial services sector, such as breaches of financial sanctions regulations, failure to prevent the facilitation of tax evasion and unauthorised performances of regulated activities, all bear similarities to the bribery offences in that they are particularly susceptible to commission by rogue employees or agents without any knowledge or oversight of the company itself. It is that particular risk which makes the implementation of a robust compliance framework of paramount importance and the subject of regulatory scrutiny.
In the coming years, and for the financial services sector in particular, the practical impacts of changes in leadership at the regulators doing the scrutinising may be borne out. Giles Thomson, who took over Directorship of OFSI at the same time as the UK’s newly autonomous sanctions regime was implemented, flagged OFSI’s new power to issue general licences (in a similar way to the U.S. authorities) in his notice of appointment. While general licences are expected to be the exception rather than the norm, policies and procedures relating to sanctions (for which DPAs are already available) will need to be updated to take account of the divergence from the EU framework. It is therefore likely that we will only see increasing enforcement activity from OFSI and the NCA in this area. Similarly, the backlog of FCA investigations resulting from Mark Steward’s new “approach to enforcement”, combined with greater information sharing between authorities, may lead to a regulator such as the FCA passing information to the NCA where it receives evidence of criminal conduct, which would permit the misconduct to be resolved by way of a DPA rather than a purely regulatory outcome.
Another area in which we are seeing increased regulatory attention is in relation to the ESG agenda. As the framework develops around standards and (in particular) environmental standards and reporting, we may, ten years from now, see DPAs being entered into for offences such as the making of misleading statements and creation of false impressions under the Financial Services Act 2012 (for which they are already available) in respect of statements about ESG performance and/or the sustainability of certain investment products. Similarly, as the ESG agenda grows in prominence (noting the court’s statement that if the unprecedented (£90m) fine imposed on Southern Water in July encourages institutional shareholders to take a more active interest in their investments, that would be no bad thing), perhaps the scope of the DPA regime may even be expanded to include environmental offences themselves. Given that it is generally acknowledged that the practical impact of the DPA regime has been to encourage a notable improvement to preventative policies and procedures, extension of the regime in such a way can only be of benefit to companies and their wider stakeholders.
4. Continued and increasing cooperation between global enforcers
The UK Crime (Overseas Production Orders) Act marked the implementation into domestic law of the provisions of a 2019 agreement between the UK and U.S. to give law enforcement agencies on either side of the Atlantic efficient and effective access to electronic data for use in criminal investigations. The landmark agreement gave U.S. authorities, including the U.S. DOJ, the power to access data located outside the U.S directly from communication service providers, while the UK act authorised domestic law enforcement agencies, including the SFO, to apply for a court order to obtain data directly from communication service providers based outside the UK. The effect of the agreement is that law enforcement, when armed with appropriate court authorisation, may now go directly to tech companies or communication service providers based in the other country to access electronic data, rather than going through governments.
The framework for post-Brexit judicial and law enforcement co-operation between the EU and the UK was recorded in the EU-UK Trade and Cooperation Agreement (“TCA”) in December 2020. The TCA provided general agreement for authorities in the UK and EU, including police and customs, to assist each other with security related matters in relation to the prevention, investigation, detection and prosecution of criminal offences and the fight against money laundering and terrorist financing through direct transmission of information and requests for mutual assistance.
The TCA also committed the UK and EU to maintaining comprehensive AML and counter-terrorist financing regimes, including maintaining high standards of beneficial ownership transparency. It was envisaged that its provisions would be accompanied by additional Memoranda of Understanding in due course. While none has yet been published, the opportunity for negotiation of post-Brexit trade agreements in the coming years will undoubtedly involve a greater degree of information sharing between global enforcers.
The government’s announcement in June 2021 of its free trade agreement with Australia marked the first ‘new’ UK trade deal since Brexit. The agreement in principle, described by the International Trade Secretary Liz Truss as the “gold-standard” for a “sovereign trading nation”, includes a commitment to best-practice transparency and anti-corruption provisions. In the full legal text of the agreement, due to be finalised by the end of 2021, both countries will outline their shared ambition to combat the distorting impact of bribery and corruption on trade, including through the adoption of mutual cooperative provisions on embezzlement, money laundering, and asset recovery. If the drafting pen for the full legal agreement is held by any of the hands that were involved in the UK’s agreement with the U.S. in 2019, it would not be surprising to see similarly wide-ranging information gathering powers being awarded to Australian authorities and received in turn by the UK.