Professional Support Lawyer Johnny Shearman and Associate Elliott Fellowes discuss the recent publication of the SFO’s corporate cooperation guidelines.
Johnny and Elliott’s article was published in Accountancy Age and Financial Director, 22 August 2019, and in economia, 19 September 2019, and can be found here, here and here, respectively. A version of this article was also published in Fraud Intelligence, 10 October 2019, here.
The UK’s Serious Fraud Office (“SFO“) published its widely anticipated Corporate Cooperation Guidance on 6 August 2019. The five page memorandum sets out, for the first time, indicators of good practice which the SFO expects corporates to comply with in order to be seen as cooperative in the context of self-reporting to the SFO. Cooperation in this scenario is important as it is a relevant consideration for the SFO when deciding whether or not to invite a corporate to negotiate a Deferred Prosecution Agreement (“DPA“) or when taking charging decisions.
The Guidance was foreshadowed earlier this year by the SFO’s Director, Lisa Osofsky. A dual US/UK citizen, Ms Osofsky is clearly drawing on her US experience as the publication of the Guidance represents a move towards a similar approach as that of the US Department of Justice. However, whilst ostensibly helpful, the Guidance leaves key questions unanswered and arguably, still does not give corporates the certainty required to enable them to handle internal investigations without fear of some prejudice being attached to their actions.
Cooperation and Prosecution
Under both the DPA Code of Practice and the Guidance on Corporate Prosecutions (both also published by the SFO), cooperation with the SFO is regarded as a “public interest factor tending against prosecution when management has adopted a “genuinely proactive approach“”. Until now, it was unclear what a proactive approach to cooperation actually entailed. The Guidance clarifies this as assistance “that goes above and beyond what the law requires“. However, the Guidance also confirms that “even full, robust co-operation – does not guarantee any particular outcome” and that cooperation is only “one of many factors that the SFO will take into consideration” when determining how to resolve an investigation.
Therefore, whilst setting a very high bar as to what is required of a corporate to be deemed cooperative, the best the SFO can do in terms of a carrot to entice cooperation is to say that such cooperation will tend against prosecution. This appears to be a theme of the Guidance – corporates are expected to do a lot of the heavy lifting whilst the SFO keeps its cards close to its chest when it comes to the possible benefit of self-reporting.
The Guidance: Preservation and provision of information
The Guidance is split into two sections: preserving and providing material, and witness accounts and waiving privilege.
The first section sets out what the SFO expects to see in terms of how corporates deal with digital and hard copy evidence, financial records, industry and background information and general good practices. In broad terms, this is the type of good practice that corporates are routinely advised by their legal teams to do, however it is useful to have a clear indication of what is expected by the SFO in this regard.
For example, the SFO will look favourably on good record keeping practices, stating material should be presented in a structured manner (such as sorted by individual or issue for example) and provided promptly when requested. Audit trails detailing the acquisition and handling of hardcopy material should be created and individuals who can speak to the continuity of material identified. Industry knowledge and practices should be provided where relevant as well as information on other actors in the market.
One issue not addressed by this section is how corporates should provide material which is held abroad and subject to the General Data Protection Regulation (“GDPR“) or other domestic data protection legislation. The Guidance does not clarify how corporates are to manage conflicts arising from complying with a request from the SFO and a potential breach of the GDPR. It is likely that the SFO will deal with such issues on a case by case basis. However, in light of the levels of fine now available to regulators under GDPR, corporates may have to make a choice between full and robust cooperation with the SFO and the risk of a large fine for GDPR breaches.
The Guidance: Witness Accounts and Privilege
The second section of the Guidance is arguably more controversial than the first. It indicates the approach the SFO expects of corporates when performing witness interviews and how the privilege attached to that evidence should be handled if corporates are to be considered cooperative.
The Guidance provides that the SFO should be consulted before a corporate interviews potential witnesses or takes any other overt steps, in order to “avoid prejudice to the investigation“. What exactly is likely to be considered an “overt step” is vague in the Guidance. Although, it does state that witnesses’ recollections should not be tainted by the sharing of other individuals’ accounts or by showing documents to witnesses which they had not previously seen.
This recommended approach throws up a number of questions, not least how far should a corporate progress an internal investigation before consulting with the SFO (effectively, self-reporting). In most situations, corporates will want to undertake an internal investigation to determine the nature and extent of any wrongdoing, if any, before self-reporting and raising the possibility of enforcement action. Corporates will need to balance taking internal investigatory steps with the risk that the SFO might consider such steps to have tainted the investigation. On an initial reading, it seems impractical for corporates to be effectively prevented from conducting interviews with potential witnesses without first receiving the SFO’s blessing on the basis that to do so would be seen as uncooperative.
Taking this a step further, the potential dichotomy the Guidance creates is that corporates may look to engage with the SFO earlier than they might otherwise do so, and as a result hand over the conduct of the investigation in circumstances in which there is nothing for the SFO to, in fact, investigate. The other side of this is undertaking witness interviews and a more thorough internal investigation before self-reporting potential wrongdoing, only for the SFO to conclude that the investigation has been tainted and that there has been a lack of cooperation. Therefore, as matters stand, corporates and their legal teams will have to carefully consider and seek to reach a balance between these two outcomes.
The Guidance refers to the DPA Code of Practice which provides that cooperation “will include identifying relevant witnesses, disclosing their accounts and the documents shown to them“. The Guidance goes further and states that corporates should also provide any recordings, notes and transcripts of interviews as well as identifying a witness who can speak to the contents of the interviews.
If a corporate wishes to claim privilege over interview materials, the Guidance provides that this claim must now be certified by independent counsel. Whilst the motivation for this provision is clear (the SFO does not want corporates hiding behind privilege), a document is either privileged or it is not. If properly advised, the requirement for independent verification simply adds time and cost to a corporates already costly internal investigation. It also requires the corporate to hand over its (potentially) privileged documents to a third party, which it might understandably wish to avoid.
The Guidance stops short of stipulating that corporates must waive privilege over witness accounts and material and confirms that corporates will not be penalised for not doing so. However, the Guidance does state that a corporate will not attain the corresponding factor against prosecution found in the DPA Code if privilege is not waived. Arguably, this could be said to be a penalty in and of itself.
It may be that the SFO has been forced to rethink its approach to privilege following the decision in SFO v ENRC ( EWCA Civ 2006). In this case, the Court of Appeal held that litigation was in reasonable contemplation (and therefore litigation privilege attached to documents created for the purposes of an internal investigation), in circumstances where the self-reporting process would likely lead to criminal prosecution if a civil settlement were not reached. It appears the SFO is now using cooperation as the basis on which it can encourage corporates to volunteer information which might otherwise be subject to privilege, following the decision in ENRC.
The SFO’s position with regards to privilege, as set out in the Guidance, may also have an effect on parallel or follow-on proceedings to an SFO investigation. If a corporate decides to waive privilege over material for the purposes of cooperating with the SFO, it could be argued that this waiver extends to follow on civil proceedings, such that the corporate could not rely on privilege. This is because it could be said that confidentiality (a relevant factor for determining privilege) has been lost in the material disclosed. Therefore, any waiver of privilege will have to be carefully considered.
The clarification the Guidance does offer on what is to be considered cooperation with the SFO is welcomed, despite much of it being best practice already. Engagement by the regulatory authorities on this level is helpful as it allows corporates and their legal advisors to better understand what is expected of them when is it apparent that they should engage in a formal dialogue with a regulator. However, arguably the Guidance still leaves some ambiguity to the exact extent that corporates can and should undertake internal investigations before taking the significant step of contacting the SFO. This ambiguity is clearly to the benefit of the SFO when it comes to deciding whether the corporate has cooperated and if it should take further enforcement action or enter into a DPA.
This tension between the SFO wanting to be involved at an early stage in an investigation (when witnesses are being interviewed for example) whilst expecting corporates to investigate and self-report is likely to mean corporates will shoulder further costs attempting to comply with the Guidance. This is a key difference from the approach of US regulators, where the effective outsourcing of a government investigation to the corporates has been heavily criticised (see United States v Connolly, 16 CR 370 (S.D.N.Y.)). As it stands, the SFO remains able to push the burden and costs of self-reporting on to corporates whilst, in accordance with the Guidance, requiring corporates to go above and beyond to cooperate with the regulator.