Ethical business conduct: an enforcement perspective
6 March, 2014 | Speeches
David Green CB QC, Director, at PricewaterhouseCoopers.
The question I am asked to address presupposes that it is the function of law enforcement to define a good ethical business culture and to educate people towards that goal.
That expectation causes me some problems.
The role of the SFO is to investigate and to prosecute the topmost tier of serious and complex fraud and bribery.
As part of that process, we are engaging and will continue to engage in a straight-forward way, by a process which is now underpinned by statute and a Code of Practice, with companies which self-report misconduct to us.
We totally get the importance of generating trust and, in the right circumstances, legitimate expectation based on a track record of our dealings with companies who self-report.
But the SFO is not a regulator, an educator, an advisor, a confessor, or an apologist. I am not funded for any of those activities.
The SFO is a law enforcement agency dealing with top end, well-heeled, well-lawyered crime. We enforce the law in our specialist field.
It follows that I am not here to preach. The SFO does not do lectures on ethics. We do not issue guidance on how not to rob banks. I would not dream of telling you how I think you should behave.
It is for business and senior managers to decide appropriate standards of ethics and integrity in their commercial activities.
They have access to the best expertise and advice available from the law and accountancy sectors of the Bribery Act industry. That advice would doubtless take account of the legitimate profit motive, and the interests of employees, shareholders, investors and pensioners.
So I cannot help you on ethics. But the SFO will continue to engage with companies who want to do the right thing, and we are very interested in building trust.
So why should a company self-report suspected criminal misconduct to the SFO?
- Self-reporting does NOT automatically lead to criminal prosecution. We apply the full code test to material arising from a self-report. A formal criminal investigation is likely to have been launched by the SFO to test the material and the scale of the offending. The available evidence may well pass the evidential test. But if the company has taken appropriate disciplinary action against those responsible, made appropriate amendments to its compliance regime, compensated victims, and genuinely and proactively cooperated with the SFO investigation, it is hard to see how it would be in the public interest to prosecute the company, as opposed to individuals.
- A self-report at the very least significantly mitigates the chances of a corporate being prosecuted. It opens up the possibility of a DPA or civil recovery.
- There is a moral and reputational imperative to self-report: it is the right thing to do and demonstrates that the corporate is serious about behaving ethically.
- If the corporate chooses to bury the misconduct rather than self-report, the risks attendant on discovery are truly unquantifiable. And of course, there will be the long, anxious watches of the night when complicit senior managers lie awake and fret about being found out.
- There are so many potential channels through which corporate crime can come to light: whistle-blowers; disgruntled counterparties; cheated competing companies; other CJS agencies in the UK; overseas agencies in communication with SFO; and the SFO’s own developing intelligence capability (expanding, analytical, proactive and now linked to our national intelligence agencies).
- If criminality is buried and then discovered by any of those routes, the corporate will pay a heavy price in terms of shareholder outrage, counterparty and competitor distrust, reputational damage, regulatory action and likely prosecution of both individuals and the corporate.
- Burying such information is likely to involve criminal offences related to money laundering under sections 327-9 of POCA.
So there are very strong arguments in favour of self-reporting.
But what kind of opportunity and offer is presented by the arrival of DPAs to a company which is minded to self-report?
Prior to DPAs, we could prosecute or not prosecute a company, or maybe launch an action for civil recovery. If convicted, a company could be fined or wound up. That might well involve severe collateral damage to those (like employees, shareholders or pensioners) who had no part in the criminality prosecuted.
DPAs provide an alternative response to some corporate criminality, a response which avoids that collateral damage. The route to a DPA should also be cheaper, quicker and more certain for all parties.
The US model for DPAs has no statutory foundation; it has developed through practice. The downsides are that some judges feel they are used as rubber stamps for deals agreed between prosecutor and corporate and that the public may perceive a DPA as a “sweet-heart deal” which lacks transparency.
The British model for DPAs is adapted to the British context.
- It is a creature of statute, explained by a published Code of Conduct.
- It is available only in relation to corporates, not individuals.
- It is designed to take account of the frustration expressed by very senior judges in the Innospec and BAe hearings that they had been presented with fait accompli as to penalty agreed between prosecution and defence.
- The whole process, from preliminary hearing to application for approval to pronouncement of approval, takes place under judicial supervision.
- The judge has to be persuaded that the DPA is in the interests of justice, reasonable, fair and proportionate.
- The final hearing (the pronouncement of approval of the DPA, with reasons) will almost always be in open court.
- It is by invitation only.
- It is not a panacea.
- Prosecution remains an option and the prosecution of individuals remains likely.
- As experience is built up by all parties, this will generate consistency and therefore predictability around the likelihood of achieving a DPA.
DPAs are therefore a very useful addition to the Prosecutor’s toolkit. Doubtless problems will be raised and require experience and good sense to iron out. They include:-
- Whether the 30% guideline discount on the financial penalty (the same as that given on a guilty plea) is enough.
- The absence of any prohibition in the Act or Code on the supply by the prosecutor of information to third parties where permitted by law.
- Most of all: the identification principle in the English law of corporate liability. This means that, in order to prove corporate criminal liability, the prosecutor must prove complicity in the criminality on the part of the controlling mind (board members) of the corporate. The evidential chain tends to dry up above middle management. The problem may be this: if prosecution of a corporate is so difficult, why should a company enter into a DPA?
- I have suggested that the situation could easily be remedied by an amendment to S7 of the Bribery Act to create the corporate offence of a company failing to prevent acts of financial crime by its employees. We need to tackle corporate criminal liability for DPAs to have maximum bite.
With those matters in mind, why should a company seek and enter into a DPA ?
- It avoids a prosecution and the stigma of a possible conviction.
- Whilst a statement of facts must be agreed, there is no requirement for an admission of guilt.
- It can be in private until the final declaration.
- It speeds up the investigative process and saves on the costs and paralysis attendant on a full criminal investigation.
- It permits of at least some influence and control by the corporate, certainly more than that presented by a full criminal investigation.
- It provides closure and certainty.
- It will improve the company’s culture of compliance and prevention.
- It may avoid the disqualification from tendering for EU public contracts following a conviction. (although there is discretion in the EU to disqualify an individual where there has been an act of grave professional misconduct in the course of his business or profession)
So: what would the SFO expect from a corporate which was hoping for a DPA?
In essence: cooperation, cooperation, and cooperation.
The Code of Practice lists (non-exhaustively) factors which will militate against prosecution and towards a DPA. These include:-
- A waiver of privilege, where necessary. This applies particularly to privilege which is often claimed, dubiously, over accounts given by witnesses in internal investigations. Of course, waiver cannot be compelled, but waiver of privilege where necessary would be an obvious sign of cooperation.
- An admission of guilt: again, this cannot be required but the same applies.
- Prompt notification of the problem to the prosecutor.
- Full disclosure of the extent of wrongdoing: holding something back or trying to hide something would be anathema to the process.
- Compensation to victims.
- Disciplinary action against wrongdoers
- Appropriate amendment to corporate structures.
- I might add: don’t try and spin your way to a particular outcome by judicious leaking of selected information. Do not try and conduct DPA negotiations through the media.
Corporate self-reporting makes sense.
DPAs, while not perfect, represent a very useful addition to existing arrangements.
Maximum cooperation on the part of the corporate and its lawyers is an intrinsic part of the DPA process.