The role and remit of the SFO
18 May, 2016 | Speeches
Matthew Wagstaff, Joint Head of Bribery & Corruption, speaking at the 11th Annual Information Management, Investigations Compliance eDiscovery Conference.
Thank you very much for the opportunity to speak to you this evening.
My aim today is to provide something of an overview as to the current direction and priorities of the SFO, touching as well upon some recent developments of note and focusing in particular about our approach to internal investigations.
It may be helpful to begin by restating our role and remit. The SFO exists to tackle the most serious or complex cases of fraud, bribery and corruption. Our role is to investigate and, where appropriate, prosecute those cases that fall within that remit. Clearly, we cannot take on every case that comes across our radar; what this means in practice is that we will look carefully to determine whether any particular case is one that ought to be investigated by the SFO; that is to say, is the alleged offence likely to have a significant impact upon the UK’s reputation as a safe place to do business; would the investigation require the use of the SFO’s particular powers and operating model and is the scale or nature of the alleged offence such that there is a significant public interest to be met by commencing an investigation? If the answer to any of these questions is positive, then it is likely that the case is one that we would want to investigate.
The result of this is that our investigations tend to be some of the most complex or high-profile cases around. Currently, they include investigations into household names such as Rolls Royce, GlaxoSmithKline and Tesco. They also, as is well known, include ongoing investigations into allegations of fraud and collusion centred on the LIBOR benchmark rate.
In terms of results, we have built up a good trajectory over the last few months. Last year saw the much publicised conclusion of our first LIBOR trial, which resulted in the defendant’s conviction and a lengthy prison sentence, as well as the first conviction of a company for a s7 Bribery Act offence of failing to prevent bribery, and the first ever sentencing of a company for overseas corruption following a contested trial. Only last week we saw a defendant convicted of four counts of making corrupt payments to a foreign official in the Nigerian mint. In addition, of course, we’ve also seen earlier this year the conclusion of the UK’s first ever deferred prosecution agreement – a topic that I shall return to a little later. We’ve not had it all our own way, of course, and the acquittals in the second LIBOR trial obviously received a lot of publicity at the time. We certainly don’t expect to win every case we prosecute.
The point of this summary, however, is simply to highlight the fact that our current direction and priorities are dictated in large part by our role and remit. This may be an obvious point but it is, I think, one that is worth emphasising. We are not a regulator; it is not our role to give advice to companies on compliance or any other aspect of corporate governance. As I said just a moment ago, our only role is to investigate and, where the evidence and public interest justifies it, to prosecute.
I’ll turn to the question of internal investigations in just a moment but, before I do so, let me just briefly mention two other issues of interest.
The first is the question of corporate criminal liability. As many will know, it has long been the stated view of the SFO Director that there is a strong case for revisiting our laws of criminal attribution as they relate to corporates. The issue at stake is simply this: in circumstances where employees are able to engage in serious criminal conduct in the course of their employment as a result of a failure of corporate controls or an absence of compliance with regulatory requirements, is there not a case for saying that the corporate itself should be held to account for those failings? This is, of course, already the position in respect of bribery and will soon be the case in respect of tax evasion also. It might be argued, therefore, that having accepted the need for this approach in respect of these particular types of conduct, there is a certain logic in applying the same approach to economic crime more broadly. Well, you will have seen that the Prime Minister announced at last week’s Anti-Corruption Summit a consultation on a new offence of failure to prevent economic crime. We welcome that and look forward to contributing to the consultation in due course.
The other matter I wanted to just touch upon briefly was the Bribery Act itself. We are often asked: when will we see more prosecutions under the Act? Let me make three points in response to those questions:
- First, we have now begun to see the first few cases emerge – I mentioned earlier that we saw our first deferred prosecution agreement towards the end of last year; the conduct underpinning that case was a single s7 Bribery Act offence. Similarly, also towards the end of last year, we saw the Sweett Group plead guilty to a s7 offence; they were sentenced for that offence earlier this year and received a total financial penalty of £2.25 million. So, we have now seen the first few cases under the Act. There will be more.
- Secondly, these are complex cases involving vast quantities of material and, often, evidence and suspects which are located in numerous different jurisdictions. Investigating a major corporate entity for foreign bribery is a lengthy process and it takes time before reaching the point where a prosecutor can decide whether there is sufficient evidence to bring charges.
- Thirdly, the Act only came into force in July 2011 and is not retrospective. Where conduct we are investigating predates July 2011, therefore, any prosecution will be brought under the old legislation rather than the Bribery Act. Bearing in mind that the very nature of corrupt activity is such that it is designed to remain concealed from the eyes of law enforcement, it should perhaps come as no surprise that many of the cases we are investigating involves conduct that predates the Act. This will doubtless continue to be the case for some years to come.
With all that by way of background, then, let me now turn to the topic of internal investigations. Just before I deal directly with that issue, however, it is perhaps helpful to set the context. There have been two important developments in recent years which impact upon this issue. The first of these is our revised guidance to corporates who wish to self-report. The second is the introduction of Deferred Prosecution Agreements. I’ll deal with each in turn.
Firstly, then, our guidance to corporates who wish to self-report. Previous guidance implied that any corporate who approached us to report wrongdoing would be almost guaranteed to receive a civil as opposed to a criminal outcome. We took the view that approach was wrong in principle. The revised guidance now makes clear that we consider all of the evidence and we apply the Full Code Test as set out in the Code for Crown Prosecutors. That is not, of course, the same as saying that we will never consider alternatives to prosecution; indeed, the fact of a genuine and pro-active self-report is clearly a factor which will weigh very heavily with any prosecutor who is considering the application of the public interest limb of that Test. I will say more shortly about what a ‘genuine and pro-active self-report’ looks like.
Secondly, Deferred Prosecution Agreements. These are of course still a relatively new tool in our armoury – they only became available to prosecutors in February 2014 and, to date, there has only been a single settled DPA.
The rationale behind the introduction of DPAs is simple: they are intended to avoid lengthy and expensive prosecutions with all the prolonged uncertainty this can bring for victims, blameless employees and others who may be dependent on the fortunes of the company. Previously, when a company was convicted of a criminal offence, the sentencing court’s powers were largely limited to imposing a fine or putting the company out of business by winding it up. Both these outcomes can cause collateral damage to employees and shareholders who may be entirely blameless. DPAs provide a means of avoiding that. Clearly, they will not be appropriate in all cases involving corporate wrong-doing but they recognise that there will be cases where the public interest is best served by an outcome other than a full-blown criminal prosecution.
Given that we have thus far only seen one concluded DPA, there remain still some unanswered questions. Even so, much is clear. Full details are contained within the Code of Practice that was published jointly by the SFO and the CPS in February last year but, in summary, the following points are worth emphasising:
- Entering into a DPA is a transparent public event – once finalised, there is a requirement for the terms of the DPA to be published in full
- DPAs will be subject to close judicial scrutiny – no agreement can be finalised unless it is agreed by a judge to be in the interests of justice and that the terms of the DPA are fair, reasonable and proportionate. Indeed, anyone who has read the Standard Bank judgements, both the preliminary ruling and the final judgement, will have noted the degree of care and precision with which the judge approached his role in that case.
- Finally, DPAs are by no means a panacea nor are they a mechanism for a corporate offender to buy itself out of trouble. As I have already said, they will not be appropriate in every case. Prosecutors will only be willing even to enter into negotiations with a corporate and its advisers as to the possibility of a DPA if satisfied that it is in the public interest to do so.
What are the implications, then, of all this for a company who has identified or been alerted to potential wrongdoing and which wishes to commission its own internal investigation before deciding whether to approach the authorities? Let me suggest the following:
- We recognise that, ultimately, it is a matter for corporates, acting in accordance with their own procedures and exercising best judgement, to decide whether, and if so when, to make an approach to the SFO or some other authority. On the question of whether to approach us, I would say this: there is, I recognise, a school of thought which advocates ‘say nothing, do nothing and hope the SFO don’t find out’. Putting to one side any ethical obligations on corporates to self-report, there is of course no legal duty on a corporate to self-disclose to the SFO. Yet the dangers of not doing so should be obvious; not least because there is a real risk that others may do so. Whether it be a disgruntled employee acting as a whistle-blower or an aggrieved competitor, upset at the loss of business, or an investigative journalist chasing a story, there is every possibility that the conduct in question will find its way into the public domain in any event and, if that happens, we will find out. Not only so but it cannot be to a company’s credit to approach us about issues of which we are already aware. Put more positively, a company that is looking to maximise the possibility of a non-criminal disposal is much better advised to come to us rather than waiting to see if we will come to them.
- Similar issues arise as regards the timing of any approach. It is, I recognise, unrealistic to expect a corporate to pick up the phone to the SFO at the very moment they first become aware of potential wrong-doing. Corporates will want to take their own advice and will want to be satisfied that there is in fact a real issue of concern before they make their approach to us. Having said that, what I would say is: engage early. Once you have come to the view that the concerns raised are not fanciful but are real and substantive there is simply no reason, and therefore no merit to be gained, in delaying further.
- Thirdly, the management of internal investigations themselves. I need to preface any comments here by making clear that it is not for the SFO to give advice to corporates on what should or should not be included within a self-report. Obviously, we would expect any such report to be both thorough and accurate but, beyond that, what we won’t do is sit down with you and give you concrete guidelines as to what lines of enquiry to follow, what individuals to speak to or what documents to review. Put bluntly, that is not our job.
- What we do ask for, however, is – in the words of the DPA Code of Practice – ‘genuine unequivocal co-operation’. As Leveson LJ said in the Standard Bank DPA case:“… considerable weight must be attached [to] the fact that [the Bank] immediately reported itself to the authorities and adopted a genuinely proactive approach to the matter …”.
This, of course, like the decision whether to approach us at all, is a matter for the corporate concerned. You may decide that you have no wish to co-operate with our investigation; that the better tactic is simply to refuse to engage at all with us. If so, then you need to be clear as to the consequences of that decision – it is very much an all or nothing gamble. A decision by a corporate not to co-operate means that the decision for us is a stark one: either we prosecute, where the evidence and the public interest justify it, or we do not. It is very hard to see what other options might be available to us in such circumstances.
Let us imagine for one moment, however, that a corporate decides that it does wish to co-operate. Whatever the motive for that decision, be it prompted by a sense of wanting to do ‘the right thing’ or simply because it recognises that it makes commercial and practical sense to do so, it needs to know what co-operation looks like. This is, I recognise, an issue of real importance to many in this audience. It is also an issue that appears to have caused some confusion in the minds of many commentators. What I want to spend the rest of my time doing, therefore, is spelling out just what we in the SFO mean when we talk about ‘co-operation’.
Perhaps I can start by making clear what we do not mean when we talk about co-operation? Co-operation does not mean that we will expect corporates to waive the legal rights and protections to which they are entitled, including – where they are genuinely well-founded in fact and law – any claims to legal professional privilege. In saying this, I appreciate that there are those who accuse the SFO of double standards; of saying on the one hand that we respect a company’s right to privilege but then on the other hand insisting on access to, for example, witness accounts so as to, in effect, make waiver of privilege a condition of co-operation. My response to that is that requiring a corporate to provide us with the factual narrative that underpins any self-report does not, of itself, give rise to a demand that privilege be waived. And that is all that we want: the factual narrative. We want to know what happened and what the witnesses say happened. It really is that simple.
So: genuine co-operation does not require a company to waive privilege. More positively, what co-operation does mean is that we will expect corporates to work with us in identifying the full extent of the alleged wrong-doing. This will include, as I mentioned earlier, telling us about something that we do not already know. Plainly, a corporate which only provides information to us after we have already become aware of concerns from other sources cannot expect to derive the same level of credit as one which, of its own volition, notifies us of something of which we were previously unaware.
Co-operation will also mean that there is an acceptance of wrong-doing by the corporate in question. Reports which seek to do no more than exculpate the corporate of any criminal culpability are, for obvious reasons, unlikely to steer a prosecutor away from a decision to prosecute if it is subsequently determined that there is, in fact, sufficient evidence on which to bring a prosecution.
In addition, co-operation will recognise that the SFO cannot accept any self-report, no matter how comprehensive, at face value. We will always want to conduct our own independent investigation with a view to determining whether the matters set out in any report are in fact verified by the available evidence. Indeed, if a prosecutor does take the view that the case seems in principle to be an appropriate one for a DPA, it will be of critical importance that he can satisfy the judge that we have not simply taken a company’s version of events at face value and that there is a sound basis for concluding that what the company said is in fact accurate and fairly reflects the full extent of their criminality.
It follows from this that co-operation will also extend to assisting the SFO as it carries out its own investigation. This will mean, for example, not tipping off data custodians who may also be potential suspects and not carrying out its own enquiries in a manner that is likely to cause prejudice to our investigation. As I have mentioned already, it will mean providing us with access to any first witness accounts that may have been taken. Witness accounts, especially first witness accounts, are of crucial importance for us in testing the accuracy and integrity of our evidence. To quote once more from Leveson LJ in the Standard Bank case:
“Co-operation includes identifying relevant witnesses, disclosing their accounts and the documents shown to them. Where practicable it will involve making witnesses available for interview when requested.”
I’ve spent a fair bit of time on this topic but this is because it goes to the heart of the behaviours that we will expect to see from any corporate who wishes to contemplate the possibility of a DPA.
In conclusion, therefore, I would like to end by emphasising this point: we in the SFO are clear on our role and clear on the need to investigate allegations of corporate wrongdoing thoroughly. Where the evidence supports us, we will not hesitate to bring prosecutions. Yet that is not the only possible outcome. Hopefully, if I have achieved nothing else this afternoon, I have set before you some clear advantages in engaging with us in as early, open and honest a way as possible.
Thank you very much.