We aim to make this site as accessible as possible and therefore have provided the settings below to use if you are finding it difficult to view this website. See the SFO Accessibility Statement for more information.

Where it is appropriate to provide a Welsh translation, you can switch to Cymraeg. See the Welsh Language Commissioner website for more information.

Use the settings button in the bottom right corner of the page to access these settings again.

We would like to use Analytics Cookies on our website. 

Turn these on below if you are happy with us collecting information on how our site is used, in order for us to improve the overall experience of our website. 

All other cookies are necessary and therefore by continuing to browse this website, you are agreeing to the usage of these cookies.

 See the SFO Privacy Policy for more information. 

Analytics Cookies

Pinsent Masons and Legal Week Regulatory Reform and Enforcement Conference

24 Hydref, 2013 | Areithiau

David Green CB QC, Director, at the Pinsent Masons and Legal Week Regulatory Reform and Enforcement Conference.

I recently attended a private gathering of general counsel from a number of major multi-national corporations. I spoke on the subject of corporate self-reporting of instances of suspected criminality, including bribery and corruption.

There was then a Q&A session, during which 2 attendees indicated that the advice they were receiving from their external lawyers was that such matters should NOT be reported to the SFO, because “the SFO was not as helpful as it used to be”. There followed a vote on the issue, which was firmly in favour of self-reporting. Well they would, wouldn’t they.

I became DSFO in April 2012.

It is now a year since I changed the published SFO guidance on self-reporting by corporates.

The guidance I inherited contained an implied presumption that self-reported misconduct would be dealt with by civil settlement rather than prosecution.

I took the view that no prosecutor should appear to offer such a guarantee in advance. As a prosecutor, you can never anticipate what set of facts and conduct might be next in through the door.

I took the guidance back to the historic position agreed with the Director of Public Prosecutions: that we would apply the full code test for crown prosecutors to self-reported criminality. In other words, we ask (after our own investigation): is there sufficient evidence to prosecute, and if so, is a prosecution in the public interest?

The SFO’s message is carefully expressed and nuanced. Assume the evidential sufficiency test is passed. If a company made a genuine self-report to us (that is, told us something we did not already know and did so in an open- handed, unspun way), in circumstances where they were willing to cooperate in a full investigation and to take steps to prevent recurrence, then in those circumstances it is difficult to see that the public interest would require a prosecution of the corporate. Some parts of the blogosphere seem to have difficulty with this, writing that it means self-reporters will be prosecuted. It means no such thing.

Some corporate lawyers complain that the new approach (actually, the principled, established approach) creates “uncertainty”. I disagree: and I think that when they say “certainty” it is code for “guarantee”.

For the avoidance of doubt, the SFO continues to receive self-reports, and I anticipate the numbers will only rise as Deferred Prosecution Agreements (DPAs) bed in next year.

So why should a company self-report instances of suspected criminal misconduct to the SFO?

(i) A self-report at the very least mitigates the chances of a corporate being prosecuted. It opens up the possibility of civil recovery or a DPA.

(ii) There is the moral and reputational imperative: it is the right thing to do and it demonstrates that the corporate is serious about behaving ethically.

(iii) If the corporate chooses to bury the misconduct rather than self-report, the risk of discovery is unquantifiable. There are so many potential channels leading to exposure: whistle-blowers; disgruntled counterparties; cheated competing companies; other Criminal Justice agencies in the UK; overseas agencies in communication with SFO; and the SFO’s own developing intelligence capability, to name but a few.

(iv) If criminality is buried and then discovered by any of the above routes, the penalty paid by the corporate in terms of shareholder outrage, counterparty and competitor distrust, reputational damage, regulatory action and possible prosecution, is surely disproportionate.

(v) Last but not least, burying such information is likely to involve criminal offences related to money laundering under sections 327-9 of the Proceeds of Crime Act.

There are, I suggest, very powerful arguments in favour of self-reporting.

Once the decision to self-report has been made by the corporate, then the question of timing arises. Common sense suggests that an initial report of suspected criminality should be made to the SFO as soon as it is discovered. This surely protects the company against the SFO finding out by other means whilst the company investigates further. The corporate can then investigate in depth and report back to the SFO. The SFO will carry out its own assessment with possible use of S2A powers (in the case of bribery), and, if justified, the opening of a criminal investigation and the exercise of S2 powers.

One argument I have heard against self-reporting is that the SFO does not prosecute corporates, because it is said to be too difficult in our jurisdiction.

Certainly I am used to unfavourable comparisons being made of the SFO with US prosecutors in this area of activity.

The reason is simple: a US prosecutor uses the respondeat superior principle: a corporate is vicariously liable for the acts of its managers and employees.

In English law, the test for corporate criminal liability requires proof that the “controlling mind” of the company (ie, board level senior management) was complicit in the relevant criminality. Absent emails, or a cooperating witness, that is never an easy thing to show.

An answer to this would be to extend the principle contained in S7 of the Bribery Act 2010, which creates the corporate offence of a company failing to prevent bribery by its employees, with a statutory defence of adequate procedures.

The reach of the section could easily be extended to cover not just bribery but acts of fraud by employees.

I have heard objections to such a change:-

(a) That this would be punishing mere corporate negligence (to which I say, it would be about improving bad corporate culture).

(b) That prosecution of the corporate adds nothing to the prosecution of the guilty individuals (I am not proposing that a corporate should face prosecution in every case- far from it. But there will be cases where it is right and just that failure to prevent certain types of conduct should result in the corporate being marked with a criminal conviction).

(c) That it would simply punish the shareholders (shareholders, particularly large institutional shareholders, should be vigilant about where they invest and how the corporate in which they invest behaves).

I would argue that prosecution of a corporate would be appropriate where, for example, the company profited from fraud by its employees; where a particular illegal practice was common and tolerated in a particular sector; where deterrence was needed in a sector; or where a company has brought in a compliance regime but senior management had failed to ensure enforcement of that regime.

Such a change would also cure a problem inherent in the DPA regime. If prosecution of a corporate is currently difficult, why should a corporate agree to enter a DPA at all?

DPA’s represent a very useful addition to the prosecutors’ toolbox for use in appropriate circumstances. They avoid the collateral damage caused by a full blown prosecution of a corporate. They are not a panacea. But the problem I have highlighted (which admittedly will not necessarily arise in every case) needs to be addressed.

I think it comes to this: if the public interest demands more corporate prosecutions, then this change would help make that happen.

One last thing. To those who are impatient for the first prosecution under the Bribery Act:-

  • We still have cases under the old legislation under investigation and awaiting trial.
  • The new Act is not retrospective, and covers conduct after 1/7/2011.
  • Comparisons with the US are misleading. Prosecutions under the FCPA of 1977 did not hit their stride until well into this century.
  • The DoJ has only last November published detailed guidance on the act, based on the action taken under it thus far.
  • We have charged our first offences under our Bribery Act. There will be more. We have cases under development.
  • The SFO will bring the right cases at the time that is right for us.
  • More generally, the SFO currently has some 13 cases involving 34 defendants (2 of which are corporates) in the court system awaiting their trial. 8 of these trial are listed after April 2014.

So watch this space.