Speech to compliance professionals
29 March, 2016 | Speeches
Alun Milford, SFO General Counsel, speaking to an audience of compliance professionals at the European Compliance and Ethics Institute, Prague.
Thank you for the invitation to speak.
Let’s start with a few words about the SFO. Famously, we are a unique part of the UK’s law enforcement community in that we have powers both to investigate and to prosecute cases of top end financial crime.
To assist us in our work, we have strong powers of compulsion enabling us to require answers to questions or the production of documents. We have gateways for the supply and receipt of information across the regulatory, law enforcement and intelligence communities, here and abroad. We also have strong relationships with the NCA and the police who give us excellent operational support in our investigations. This leaves our teams – made up of investigators and lawyers, forensic accountants and analysts, IT professionals and external counsel – free to focus on investigating and, if appropriate, prosecuting cases. This way of working, known as the Roskill model after the chairman of the committee that recommended it, was designed to tackle the most challenging financial crime casework.
Shortly after he took over as Director in April 2012, David Green made clear that he wanted to focus the SFO on the work for which the Roskill model had been designed. We were set up simply to investigate and to prosecute cases involving serious or complex fraud, bribery and money laundering. We are a law enforcement agency, not a regulator, and we define our relationship with industry accordingly. More on that later.
Our Director also set out the criteria he would take into account when deciding which cases we should accept for investigation: the impact of the case on UK financial plc in general and the City of London in particular; the scale of losses, actual or potential; the extent of the gain, actual or potential; whether we were dealing with a new kind of fraud or whether there was some other public interest reason for taking the case on. The point is best illustrated by some of the cases he has actually taken on: LIBOR fixing, the investigation into Barclay’s capital raising, allegations of corruption in the conduct of business by GSK and Rolls Royce amongst others, allegations of fraud in the conduct of business by G4S and Serco. There are more, but you get the point.
That simply accounts for the start of the process. What about results? Not all cases go our way. But over the last two years we have seen convictions for fraud arising from LIBOR fixing and the collapse of the Weavering hedge fund, and from the CEO of a publicly listed company making a secret profit on deals he was meant to be negotiating for the company to cynical, highly organised investment frauds. We have seen convictions in corruption cases too. So, the senior Innospec employees who drove the corruption in Indonesia to which their employer had pleaded guilty four years earlier were convicted after trial. Both Smith and Ouzman Ltd and two of their directors were convicted after trial of paying bribes in Kenya and Mauritania. Cyril Sweett plc pleaded guilty to failing to prevent corruption. And, of course, we entered into a DPA with Standard Bank.
And the cases keep coming through. Over the next few months, there are listed a LIBOR-fixing trial and a string of overseas corruption trials – all brought by the Serious Fraud Office.
I give you this overview because I think it makes a number of points for me about the SFO as it now is.
- The Roskill model works. Whilst we cannot, and would never want to, guarantee convictions, we are able to investigate and then to prosecute to conviction genuinely difficult top end financial crime cases.
- As a law enforcement body, our remit focuses us entirely on this kind of crime and we ensure it is not beyond law enforcement’s reach.
- We are not, as some have suggested, focussed simply on corporates. We will follow the evidence to wherever it takes us. As the Smith and Ousman and Cyril Sweett cases show, if it takes us to corporates, we can prosecute them successfully if they choose not to co-operate. And as the Standard Bank case shows, we can work with co-operative companies to achieve a DPA that wins judicial approval.
There are a number of ways in which cases against a company might come into the SFO. We might learn of the allegation from a whistle-blower or a disgruntled business rival. The route into the company might be through the exposure of the recipient of a bribe or an agent through whom the bribe was paid, or more generally from the intelligence network we plug into. Sometimes, of course, the company tells us of the allegation itself, and then seeks to work constructively with us as Standard Bank did. We welcome that.
Regardless of how a case comes into us, it will be looked at first by our intelligence unit. Its members will assess whether the case seems to be something that meets our take-on criteria, and will undertake some preliminary enquiries. If then the Director agrees to open a criminal investigation, responsibility for it passes to a case controller on one of our casework Divisions, who will have day to day responsibility for the case. He or she will lead the multi-disciplinary team investigating it. The team will pursue all reasonable lines of enquiry, gathering in and reviewing potentially relevant documents from the company and elsewhere. It will interview witnesses and suspects. At the end of that process, we will make a charging decision.
How does that impact on corporate suspects? In principle, in the same way as we deal with anyone else. Companies are legal entities with rights and responsibilities, and we deal with them fairly, in accordance with published policy guidance. That starts with the Code for Crown Prosecutors and the famous two stage test for a prosecution. First, is there sufficient evidence for a realistic prospect of conviction? Secondly, if so – and only if so – is a prosecution required in the public interest? Guidance on the public interest is found in the Code and in separate specific guidance on corporate prosecutions and on the Bribery Act, both issued jointly by the Director of the Serious Fraud Office and the Director of Public Prosecutions. It is also to be found in the Code for Deferred Prosecution Agreements.
So it is towards the end of the investigation that we will decide how to deal with a corporate. If we judge that there is insufficient evidence against it, then that is the end of the matter so far as the corporate is concerned. Equally, if we consider we have sufficient evidence for a realistic prospect of conviction and the public interest warrants the corporate’s prosecution, we will prosecute. But if we think the public interest might not require a prosecution then we will consider a DPA.
The mechanics of this are, I think, well understood. The SFO, not the suspect company, can invite DPA negotiations. If the company takes up the offer, we will exchange confidentiality undertakings to enable the negotiations to take place privately. In those negotiations we will seek to reach agreement on a statement of facts, which sets out the extent of the company’s wrong-doing, and the terms on which the company should account for that wrongdoing. Such terms may include a financial penalty, broadly comparable with the fine a court would have imposed if the company had pleaded guilty on a full prosecution, disgorgement of profits, payment of compensation and the SFO’s costs, enforceable undertakings of co-operation and schemes for ensuring future compliance. Crucially, to be effective that agreement then needs judicial approval both as to the principle of a DPA with that company and its precise terms. The first hearing at which the question of such approval will be considered must be in private. If after that hearing the parties decide to pursue the agreement and finalise its proposed terms, they must apply again, this time in a public hearing, for a declaration from the judge that: the DPA is in the interests of justice; and the terms of the DPA are fair, reasonable and proportionate. If the judge agrees to make that declaration, he or she must give reasons for this. It is really important to the statutory scheme that those reasons are easily available. Therefore, subject always to the power of the court to delay publication to ensure a fair trial of others, the prosecutor must then publish the DPA and the judge’s declaration. Finally, criminal proceedings against the company are started and immediately suspended in accordance with the terms of the agreement.
Herein lies the advantage to the company; if it secures an agreement and complies with its terms, it will account to the court for its wrongdoing yet avoid a conviction and all the consequent damage that might do to its ability to conduct business in the future.
I would make two other points. First, it should be obvious that a company that does not accept any criminal liability on its part cannot enter into a DPA, whatever view we may take of the evidence against it. Whilst the DPA process does not require a formal admission of guilt, a company which considers it has nothing to account for cannot agree to a statement of facts which sets out wrongdoing it denies, or to the payment of a financial penalty consequent on that wrongdoing, or to the payment of compensation when it considers it owes none or to rehabilitative measures when it considers there is nothing to rehabilitate.
Secondly, it should also be obvious from a cursory review of the public policy guidance that we will not enter into a DPA with a company that has not co-operated with us. Our Director, who is the only person in the SFO empowered to enter into a DPA, has repeatedly emphasised this point and the published guidance couldn’t be clearer about it. So, the first of the public interest factors against prosecution listed in the DPA Code is co-operation. It states, “Considerable weight may be given to a genuinely proactive approach by (the organisation’s) management team when the offending is brought to their notice, involving within a reasonable time of the offending coming to light, reporting (the organisation’s) offending otherwise unknown to the prosecutor and taking remedial actions including, where appropriate, compensating victims. In applying this factor the prosecutor needs to establish whether sufficient information about the operation and conduct of (the organisation) has been supplied in order to assess whether (it) has been co-operative. Co-operation will include identifying relevant witnesses, disclosing their accounts and the documents shown to them. Where practicable it will involve making the witnesses available for interview when requested. It will further include providing a report in respect of any internal investigation including source documents.”
The Standard Bank case shows how this can be made to work in practice. The bank first came to us within days of learning it had a problem. We discussed next steps with them and they conducted an internal investigation, gathering in information from across its various businesses. Their written report was thorough and it served as a helpful spring-board for our own independent investigation. Their conduct was an object lesson in how to co-operate. In return, we were able to complete our investigation within a shorter period of time than if we had not had their co-operation. We were then able to agree with them a disposal that permitted them to account to a court for a failure to prevent corruption, including agreeing to make a compensation payment, whilst avoiding both a conviction in the UK and parallel FCPA proceedings in the US.
It is clear from this that we are not opposed to internal investigations in principle. It all depends on how the investigation is conducted and when we are notified of concerns within the company. Let’s deal with the latter first. We do not need to know of every allegation of crime immediately on it being made. Plainly, it is reasonable of a company to undertake an initial assessment of the strength of the complaint. But if that assessment reveals, let’s say, reasonable grounds to suspect corruption in the way the company or those associated with it conducted business, we want to know about it as soon as possible. We can then agree a way forward with the company or its representatives, as we did with Standard Bank.
When we sit down to talk, we will make clear that we are looking for co-operation for the duration of the investigation. We want the company to preserve information and to make it available to us. If an internal investigation was commissioned, we would want to satisfy ourselves of the forensic integrity of the data-gathering process. It is really important that the data gathering exercise is prompt, covert, co-ordinated and simultaneous. Collection of digital material needs to be forensically sound, with whole images being taken of digital collections which are then preserved. Back-up tapes should be preserved, and any rolling destruction processes stopped. Process methodology should be recorded. Those who gather data should record the steps they took personally to secure it. The methodology should be disclosed fully to the SFO, and be supported by witness statements. Crucially also, we will want to know what witnesses spoken to by those conducting the internal investigation had to say.
Why are witness first accounts so important to us? The immediate point is that they simply help us understand quickly what went on. Of course we can and we will go to speak to witnesses ourselves but companies who tell us what they were told during the course of an internal investigation plainly help us in the course of our inquiries. There is a second reason why we want witness accounts. As I have previously made clear, people who give an account to an internal investigation are liable to be witnesses in any criminal case we might bring. In considering the evidence witnesses might give us, we are duty-bound to assess its accuracy and integrity. So fundamental to prosecutors is that duty that it is set out in the Code for Crown Prosecutors. An important way in which accuracy or integrity is tested is by reference to first accounts. Plainly, if we do not have first accounts then our ability to assess witness credibility might be affected to the extent that we might not be able to call them as witnesses. Even where we have considered ourselves capable of calling such witnesses, we have become embroiled in hard-fought applications to stay the trial as an abuse of process on the basis that we could not give disclosure of first witness accounts. That we have, to date, defeated those claims does not mean that they or a version of them could never succeed: like privilege, all depends on the facts of the case. And that brings me to the question of privilege.
Let me be clear. We have no interest in communications between client and lawyer on questions of liability or rights. We are focussed on the underlying facts, including the accounts of witnesses spoken to in corporate investigations. We do not regard ourselves as constrained from asking for them even if they are privileged and, as with our colleagues in US DoJ who do operate under that constraint, our experience is that at least some corporates are not themselves constrained from letting us know what their investigators were told. As the saying goes, there are more solutions than problems.
Of course, there will be cases in which we are told that the corporate concerned does want to claim privilege over the witness accounts. Whether privilege in fact applies depends entirely on the facts of the case, something we will review very carefully. And then what?
- We will view as uncooperative false or exaggerated claims of privilege, and we are prepared to litigate over them: to do otherwise would be to fail in our duty to investigate crime.
- If a company’s assertion of privilege is well-made out, then we will not hold that against the company: to do otherwise would be inconsistent with the substantive protection privilege offers. We will simply judge the question of co-operation in our normal way against our published criteria.
- By the same token if, notwithstanding the existence of a well-made-out claim to privilege, a company gives up the witness accounts we seek, then we will view that as a significant mark of co-operation: here again, to do otherwise would be inconsistent with the substantive protection privilege offers.
- For the same reason, we will view as a significant mark of co-operation a company’s decision to structure its investigation in such a way as not to attract privilege claims over interviews of witnesses.
Let me finish with a few words on compliance, and some points I made in a speech a few months ago. Whilst we in the SFO are in favour of good compliance, we do not offer advice or assistance on compliance policies: a stance for which we have in the past been criticised. Our view is that others can and have been doing that work for some time now, often very well. Indeed, last summer the UK government published a report into awareness and impact of the Bribery Act among SMEs, in which it was recorded that of those SMEs who had read the Secretary of State’s guidance on the Bribery Act, 89% found it useful. Of those SMEs who had sought professional advice on Bribery Act compliance, 96% found it useful and good value for money.
Quite apart from the fact that there is no gap to plug, there is a principled reason for our stance. For us to take on an advisory role would be to assume functions which simply are not in our enabling legislation. We are simply investigators and prosecutors, and it is that capacity that we assess compliance after the event and in light of the particular circumstances of the case.
I would add this. Whilst it is not for us to give advice on anti-bribery compliance, the well-publicised guidance is something that we have in mind when we investigate cases. The guidance has plainly been drafted by people with an understanding of how bribery occurs. It will come as no surprise, therefore, that it gives an indication of some of the lines of enquiry that interest us.
Intermediaries and agents are a classic red flag, particularly where they are purporting to offer assistance in winning business in a country other than the one in which they are based. Only last year the OECD reported following a study of 427 foreign bribery cases from across the world that in the vast majority of such cases the bribery was carried out via an agent or intermediary. Agents or intermediaries are of real interest to us, therefore. Our natural curiosity is piqued further if those agents or intermediaries take the form of companies based in a jurisdiction that permits beneficial ownership to be concealed.
Finally, good, ethical companies can be victims of corruption, and this brings me to my final point. If a law abiding company, whose ethos and compliance systems do not allow it to pay bribes, loses out on business to a bribe-paying company, we want to know about it. It may be that we have jurisdiction to investigate that company even if it is not British. If we do not have such jurisdiction, we have good connections with overseas law enforcement authorities who might: 80% of world’s exports are made by the 41 member states of the OECD, all of whom are obliged to criminalise the bribery of foreign public officials. So, tell us about it. We’re all ears.