We aim to make this site as accessible as possible and therefore have provided the settings below to use if you are finding it difficult to view this website. See the SFO Accessibility Statement for more information.

Where it is appropriate to provide a Welsh translation, you can switch to Cymraeg. See the Welsh Language Commissioner website for more information.

Use the settings button in the bottom right corner of the page to access these settings again.

We would like to use Analytics Cookies on our website. 

Turn these on below if you are happy with us collecting information on how our site is used, in order for us to improve the overall experience of our website. 

All other cookies are necessary and therefore by continuing to browse this website, you are agreeing to the usage of these cookies.

 See the SFO Privacy Policy for more information. 

Analytics Cookies

The future of Deferred Prosecution Agreements after Rolls-Royce

8 Mawrth, 2017 | Areithiau

Ben Morgan, Joint Head of Bribery and Corruption, delivered this speech at a seminar for General Counsel and Compliance Counsel from corporates and financial institutions held at Norton Rose Fulbright LLP on 7 March 2017.

Good evening. I’m asked to address you now for about 20 minutes on the future of Deferred Prosecution Agreements after the Rolls-Royce resolution, which I’m sure you are all familiar with.

I obviously can’t give you chapter and verse in that time, so I’m going to cover some headline points, and we’ll see which of them provoke vigorous debate, and which are uncontroversial. I’ll just quickly explain what DPAs are, then we’ll have a look at the three that have taken place so far, and I’ll finish with some thoughts on what – against that background – I think the future of DPAs is.

First, so we are on the same page, let’s be clear what DPAs are. For this session, we are very squarely in the realm of the options that are available to a corporate when it is concerned about potentially criminal conduct taking place in its network somehow.

The traditional menu of options in terms of disposal of that kind of risk looks like this: no further action (if the evidence of public interest indicate that); civil recovery (if there is illegal benefit that needs to be corrected); and criminal charge (resulting in either a guilty plea, or a contested trial).

As I’m sure most of you know, Deferred Prosecution Agreements are a new kind of disposal of criminal risk in this jurisdiction, conceptually I suppose somewhere between a guilty plea and a civil recovery.

They involve the company and the SFO agreeing to suspend charges that would otherwise be prosecuted, provided that the company meets a series of terms.

Typically these would include:

  • a combination of financial sanctions;
  • some terms concerning enhancing compliance procedures including possibly a monitor; and
  • terms concerning ongoing cooperation, for example in the prosecution of individuals.

There is no set list of terms, and one of the attractions of DPAs is that bespoke terms can be created to suit a particular case, in a way that is not possible when a corporate is sentenced after a conviction.

It is important to note that the entire process is only effective if, after full scrutiny, it is approved by the court. This is a key and distinguishing feature of the UK DPA system. The judge is asked to give a declaration; first, that disposal of the matter by way of a DPA is in the interests of justice; and secondly that the terms are fair, reasonable and proportionate.

DPAs so far

In order to understand the future of DPAs, I think we first need to look at where we are now.

So far we have had three DPAs in the UK, each very different from the other, and each illustrating different ways this new tool can be used to address the cross border economic crime issues which so many of our cases entail.

The first was the ICBC Standard Bank DPA. This involved a major financial institution and conduct arising from a particular transaction; a fund-raising exercise for the government of Tanzania. A bank which, we must assume, engaged overwhelmingly in honest business, but as many organisations do had a pocket of behaviour that didn’t live up to the standards it set itself.

The bank reacted to the discovery of that conduct responsibly, immediately looking to correct the error that had occurred and accepting that it brought with it consequences – compensation needed to be paid back to the Tanzanian state, profit earned on the contract in question had to be disgorged, and a penalty had to be paid.

As a general point, where the financial circumstances permit, in this jurisdiction it is not acceptable for corporates to simply give back illegal gains if they are caught – there has to be an element of punishment and deterrence beyond that.

I think many people would agree that the Standard Bank case is exactly the kind of situation DPAs were first intended to be used for. There was a very substantial but narrow, self-contained problem in a large and complex business. The bank did everything right when it became aware of what had happened. There is little, if anything, more that a prosecution could have achieved that the DPA did not. In his judgments approving the DPA Leveson LJ commented on the appropriateness of the scheme more generally.

It is not for me to add to that, but it is helpful to identify important themes there that help us understand DPAs – they can suit bribery on a large scale; self-reporting is a good thing; and there are commercial positives for corporates and financial institutions who are seen to do the right thing.

The second DPA was a different situation, and showed another aspect of the utility of the regime. One of the policy reasons Sir Edward Garnier – Solicitor General at the time – had in mind when the scheme was introduced was to limit the negative effects of corporate criminal behaviour on innocent people – employees, pensioners and others reliant on the future of a company – suppliers, manufacturers or customers, for example.

The second DPA illustrated this in practice. XYZ as it is known at the moment for legal reasons is an SME. It too had cross-border corruption issues that it identified, and that it had the integrity to put right. The difference in this case is that they were so significant, relative to the financial means of the company, that the financial sanctions that ought to have flowed from the conduct in question would have had the certain outcome of putting the company out of business. In that case we were able to reach an agreement that provided for terms the company could just cope with and stay alive, and which the court considered to be in the interests of justice.

So DPAs can bring criminal sanction to companies but protect more innocent people from being harmed by what has happened.

And finally, so far, there is the Rolls-Royce DPA from January. This is an altogether different case again. A major corporate, but this time with conduct spreading widely throughout its business, over several decades, and over multiple jurisdictions. An SFO investigation lasting three years; involving over 70 members of staff at any one time; led by not one but four Case Controllers; a counsel team of 6 (including two silks); a defence team consisting of multiple partners and their associate teams from two of the elite law firms in the world, together with first-rate counsel from the equivalent chambers instructed by a sophisticated and very commercial in-house team at the company.

This was the biggest test yet of whether there was a limit to the circumstances in which a DPA could be appropriate.

The President of the Queens Bench Division began his judgment in Rolls by saying “My reaction when first considering these papers was that if Rolls Royce were not to be prosecuted in the context of such egregious criminality over decades, involving countries around the world, making truly vast corrupt payments and, consequentially, even greater profits, then it was difficult to see when any company would be prosecuted.” To the extent that the Rolls DPA has attracted criticism, this seems to be one of the main concerns raised – if not this case, then when would the SFO prosecute?

The answer to that comes in understanding one of the most fundamental features of the DPA regime, which is the requirement that companies are frank about what has happened, and when it comes to putting it right, cooperate fully with the SFO’s investigation. This is a serious commitment, and one that instinctively companies find very difficult to do. But in this case, to their credit, Rolls did exactly that. They provided us with unfiltered access to their own records – some 30 million documents; they agreed to independent review of those records for privilege; latterly, when our technology was up to it, they agreed to automated review of material for privilege and relevance; they reported frankly on areas of concern that we knew about, and brought to our attention areas we did not; they made available to us written accounts of interviews that took place during the evidence gathering exercise, enabling us to understand both what had happened and the strength of the various accounts given about that; they dealt with the press, and governments home and abroad in a responsible way that was agreed with us and that did not seek to influence their case, nor tip-off others connected to it. In short, as the Judge acknowledged, there is little more they could have done to put right what had happened.

And it was for that reason that the court was satisfied that notwithstanding the gravity of what had happened, on the right terms it could be in the interests of justice to resolve the conduct by way of a DPA rather than a trial.

In those circumstances, I’m afraid I do not agree at all with those who say we should nevertheless have prosecuted the company. Some commentators have accused us of a failure of nerve, implying I think that we would not have backed ourselves to take this huge company and its world class legal team to court. I can tell you now we absolutely would have done, and with confidence, too – but what, in these particular circumstances, would that have achieved?

People maybe overlook that even now we are prosecuting major corporates for similar conduct – the Alstom Group of companies. There will be others – not every company that we are interested in chooses to cooperate in the way Standard Bank or Rolls-Royce did.

A different angle here is that this case is over far sooner than it otherwise would have been.

There is quite rightly an imperative on us – and all public bodies – to achieve value for money. One of the effects of the Rolls DPA is that without sacrificing the quality of the outcome, the SFO has been able to shift more work with its resources. I see that as a highly positive thing. Let’s not forget too, that the company paid the full costs of the SFO’s investigation back immediately – £13m of public money returned, meaning the case has cost the public purse nothing at all. On the contrary, it has of course also yielded more than half a billion pounds to be paid to the Treasury over a number of years, although that is more a consequence of a principled approach to sentencing than an objective of our work.

So to the critics I ask again, what precisely is it that in this case a prosecution would have achieved that the DPA did not? And if you can think of anything, then how much more public money would it have taken to achieve that incremental difference? How much more time would it have taken? How many other cases would have remained un-done while we worked on that? A DPA will not be appropriate in every case; and where it is not we will and do prosecute. But the court was satisfied that it was here.

The future of DPAs

What does all of this mean then for the future of DPAs?

Let me give you six statements that for me represent the future of DPAs.

First. For those that behave responsibly, this is the new normal. I don’t necessarily mean ever increasing financial sanctions; what I mean is that disposal of corporate criminal risk through resolutions like those in Standard Bank, XYZ and Rolls-Royce will become increasingly common. I have seen lawyers from some firms in the press saying DPAs are not sufficiently attractive, are not here to stay, or have no significance compared to the impact of regulation. In my view – they are wrong; not least because for obdurate companies prosecution is the alternative.

Second. The benchmark for discounts on penalty appears to be becoming established, but so too is the benchmark for co-operation with the SFO that is necessary to achieve that. We have always said it is a high bar and nothing in our experience to date tells us otherwise. My expectation is that like Rolls, many resolutions that are approved will have complicating features. They will start with a “deficit”, and while companies cannot change what went wrong in the past, from the moment they became aware of it they can if they want to, close that deficit and reach a point where the court is satisfied that a DPA is a preferable outcome to a prosecution. They can do this by the way they behave and the decisions they make when they deal with us.

Third. Some of those who don’t engage with us on resolving their criminal risk will wish they had. I have said before that we are becoming more sophisticated in our understanding of how particular industries work, cultivating intelligence, joining the dots. That is not idle rhetoric; it is true. It’s still an odds game that some will win, but some will lose as well. For those that do, I would expect to see severe sentencing after trial. If the benefits of cooperating and receiving up to 50% discounts on penalty are to be understood, then it is only right that those who do not cooperate receive the most punitive sanction available under the Sentencing Council’s Guidelines if they are convicted after trial.

Fourth. Self-reporting is not dead; far from it. We have a steady flow of engagement from companies likes yours, advisers like these, and new cases coming on to the operational divisions all the time. That we first knew about some of the conduct in Rolls from an anonymous blog in China does not mean self-reporting is dead. It is still a key feature of the profile of a case suitable for resolution by DPA. The extent, and importantly the quality of information that we have before a company engages is a significant factor. Here, it was of a very limited nature, and the company ultimately reported and resolved conduct ranging far beyond what we already knew. This was part of the ‘deficit’ that needed to be closed. In this case, that was possible. Had we already had complete money flows relating to a corrupt procurement prior to engagement from the company, I suspect the deficit would have remained unbridged.

Fifth. There is an irresistible, double-edged trend of closer and better international cooperation when it comes to enforcement. The down-side, from a suspect company’s perspective, is that means better intelligence sharing, so we uncover criminality, and better evidence sharing so the perpetrators can be held to account whatever role they have had to play in the cycle of corruption – corporate payer, knowing executive, facilitating middle-man or corrupt decision maker.

The positive, however, is that when it comes to enforcement increasingly joined up, choreographed resolutions are possible. They are complicated and hard work, but we see their commercial value to companies under suspicion, so if that makes it any more palatable for them to do the right thing, we will work towards that. There have been, and will continue to be, if not “global” then at least multi-agency outcomes.

Finally. We are self-aware, self-critical, and not complacent. We have to constantly ask ourselves whether DPAs are working as well as they could. There is a very fine line to be struck between incentivising the corporate world to confront economic crime and put it right, and the UK falling subject to criticism that we are not hard enough on economic crime. To date, the court has been satisfied that the balance has been correctly struck in the three DPAs we have so far. It has become so after closely and vigorously scrutinised them, testing every part of their suitability, which we fully welcome.

So in the future you will not find us at the SFO slipping into a casual, commoditised practice of processing DPAs. You will instead find us agonising over the fine detail of each potential candidate – is it really the right thing to do this time? Has the company really done enough to shift the interests of justice away from prosecution? What, if anything can we do better when it comes to victims?  Is it right that a company can secure a DPA by sending just its legal team down to the courtroom, or ought there to be a more publically visible engagement with the process from the leadership?  We will continue to challenge ourselves to use the DPA legislation responsibly, and in a way that satisfies the interests of justice.

So there we are. A quick explanation of what DPAs are; a look at the current position; and my six statements about the future of DPAs.  Thank you for your attention, and I look forward to our discussion.


*This speech has been temporarily edited for legal reasons*