We aim to make this site as accessible as possible and therefore have provided the settings below to use if you are finding it difficult to view this website. See the SFO Accessibility Statement for more information.

Where it is appropriate to provide a Welsh translation, you can switch to Cymraeg. See the Welsh Language Commissioner website for more information.

Use the settings button in the bottom right corner of the page to access these settings again.

We would like to use Analytics Cookies on our website. 

Turn these on below if you are happy with us collecting information on how our site is used, in order for us to improve the overall experience of our website. 

All other cookies are necessary and therefore by continuing to browse this website, you are agreeing to the usage of these cookies.

 See the SFO Privacy Policy for more information. 

Analytics Cookies

Corporate criminal liability, AI and DPAs

21 June, 2018 | Speeches

Camilla de Silva, Joint Head of Bribery and Corruption, speaking at the Herbert Smith Freehills Corporate Crime Conference 2018.

Thank you for the invitation to speak at this impressive event, your 5th annual Corporate Crime and Investigations conference.  I know the previous Director of the SFO opened each of your four preceding conferences.  This calls to mind a piece of practical advice Sir David Green once gave me, which was to always follow a “poor performer” (those who know David will know he would have used slightly more colourful language than that), but his point in short was, it’s hard to follow a class act, but here goes.

I shall provide in essence an anti-corruption enforcement update from the SFO’s perspective. 

There are a number areas that I have been asked to talk about in particular which I will touch on during these remarks, namely:

  1. a) The announcement of the new Director;
  2. b) Our views on corporate criminal liability;
  3. c) DPAs and the use of Compliance Monitors;
  4. d) the use of artificial intelligence and technology;
  5. e) (and everyone’s favourite) Legal professional privilege

Those of you who follow these areas will appreciate that the legal and technological landscape in which the Serious Fraud Office operates is evolving rapidly.  In light of these developments, now, perhaps more than ever, it is widely recognised to be in the interests of responsible companies to enter into dialogue with us when they discover a problem.

So, I very much welcome the opportunity to speak today about this changing landscape and look forward to discussing the areas where we agree or disagree at the end of my talk and panel session which is to follow.

It’s an exciting time at the SFO right now.  As all of you in this room will know, Lisa Osofsky has recently been announced by the Attorney General’s Office as our new Director.  We have welcomed her into the office and she will be taking up her post as permanent DSFO towards the end of the Summer.  Our Interim Director, Mark Thompson, will continue in post until then.  Mark has made it clear that in the interim it will very much be, business as usual, at the SFO and that we continue the mandate set by the previous Director, Sir David Green

I, for one, am absolutely thrilled that Lisa will be heading up the office shortly.  I am really looking forward to working under her leadership and direction in the coming months and thereafter.  As an office we are all looking forward to Lisa building on the SFO’s successful record in the fight against economic crime and leading an emboldened SFO to greater heights. 

Lisa has quickly dispelled I think what could fairly be described as ‘fake news’ about her alleged views on the independence of our organisation and it’s useful to have that clarity from the start of her tenure.  The position of the office is clear, we are an independent organisation and will continue to be so, but we continue to support a multi-agency approach to economic crime, including the build of the new National Economic Crime Centre announced last December.

We have a single clear goal, to investigate and if appropriate, prosecute top end financial crime regardless of where the evidence takes us.  The decision whether to take on a case is by statute that of our Director’s alone.  We exercise independence in the investigation and prosecution of UK companies and individuals. This is crucial to judicial confidence, to business confidence and to public confidence.  The announcement of a power for the NCA to directly task the SFO builds on the existing power to give directions to the SFO to provide specified assistance, which the NCA has never felt the need to use.  The Home Secretary and Attorney General have governance over the NCA’s powers to direct the SFO, which is an important constitutional safeguard for the SFO’s independence.  In practice, we coordinate with partner agencies closely and regularly and we ensure the right cases go to the right agency.   Our priority and focus is clear, it remains on the top tier of economic crime.

Corporate Criminal Liability

I’ve been asked to talk about our view on corporate criminal liability.  In a seminar at the Cambridge Symposium last September I commented that, in my view, the current law relying primarily on the identification principle is an inadequate model for attribution to a corporate of criminal liability and that regular attendees to the Symposium will know this topic features regularly, perhaps highlighting there is a recognised problem and one that will not be resolved, I would argue, without an expansion of corporate criminal liability.  So, you won’t be surprised to learn it features again in the agenda this year.

I appreciate my message on this, may be a tough message for some to hear and that there are differing arguments and others will have opposing agendas to my own but it seems to me the clear answer to the problem, is the extension of economic criminal offences for corporations by a s.7 type “failure to prevent” offence. 

So, what is the case for reform?  Corporate criminal liability is the mechanism through which corporate entities can be liable for criminal offences.  It is a well-established legal concept, and there are several routes to getting there.   In order to convict a corporate the prosecutor must prove the “directing mind and will” of the company committed the acts amounting to the commission of an offence, and also had the criminal intent to commit those acts.  The identification principle, is one of those routes.  In short, we know, at its most narrow, the law attributes criminal liability to a corporation through the actions of a small number of individuals, its directors, and at its most expansive, applying the Meridian principles, it will be on a fact-specific analysis. 

If we are looking to prevent and control economic crime, there are 3 main problems with the current limited corporate liability: 

1)      It encourages bad corporate culture;

Our current system creates an obvious incentive to the members of company board to distance themselves from the company’s operations.  We have seen the effect of this in our casework, in a number of ways, the deliberate “don’t raise that with me” attitude, or turning a blind eye to risks of crimes taking place; the keeping decisions away from the Board and pushing down significant decision making onto non-exec Board members and associated lack of record keeping. This is the complete opposite of the policy rationale behind the Bribery Act 2010 of good corporate governance and incentivising good governance.

2)      It does not operate a fair playing field,

There isn’t a fair playing field, as reliance on the identification doctrine has made it easier to fix a small or medium size enterprise with corporate criminal liability, than a larger, more complex multi-national. This is because it is easier to attribute liability to the directing mind and will of a small company, perhaps with one or two directors who are the decision-makers, than a larger corporate where it is not possible to demonstrate who was “the controlling mind”, either because it was a decision of more than one individual, or because it is difficult to pierce the corporate veil.  If you think about it, that’s not that surprising.  The basis of the law is over a century old, designed and befitting business as it then was.  But if you look at the changes that have taken place in business in the intervening period – it can be no surprise that we are asking the question whether the law remains truly fit for purpose.

3)      It creates a two-tier approach to economic crime which is unprincipled.

At present we have a two tier law of corporate criminal liability in this country. The identification principle applies across the economic crime landscape and beyond, including of course to the substantive offences of bribery in the Bribery Act. Then, we have the failure to prevent bribery offence, and the recently enacted offence of failure to prevent the facilitation of tax evasion.  If the political and public will existed to ensure corporates became more accountable for criminal behaviour in their commercial practices, it is difficult to understand why, conceptually, this accountability should be limited to only two species of conduct.

Turning a blind eye to fraud and corruption is not good for UK plc, it drags our nation into disrepute. It undermines our financial centre. There is concern that our on-going adherence to the identification doctrine is making the UK a weak link in the fight against international financial crime. This can in turn impact our ability to retain forum in criminal cases which are properly justiciable in England.  I think it naïve to think that too rigorous an enforcement of anti-bribery and fraud matters by UK authorities is a bad thing and a burden on business post-Brexit, as others will take on this work, if we don’t.

We remain of the view that a more sensible and just approach is that embodied in S7 of the Bribery Act 2010.  This creates the offence of a commercial organisation “failing to prevent” bribery by its employees, and provides a responsible corporate with a statutory “reasonable or adequate procedures” defence. So the typical defence to bribery by an organisation prior to the BA would have been, “we didn’t know anything about the conduct” and that those associated with it “were acting without authority”. Such a statement would now amount to an admission and not a defence.  The corporate instead has to demonstrate adequate procedures, which those associated with it, nonetheless subverted and circumnavigated.  Extending this approach, a Corporate could be liable for failing to prevent certain types of criminal offence i.e. economic crime by their employees, subject to the important caveat of a statutory defence. 

Such an approach would assist in the development of good ethical corporate culture, support growth and encourage clean and stable markets; it would increase investor confidence, assist in more rapid prosecutions and dovetail well with deferred prosecution agreements.

Deferred prosecution agreements (DPAs) were introduced as a way of a body corporate, partnership or unincorporated association avoiding prosecution for economic offences by entering into an agreement on negotiated terms. A DPA must be approved by the Court and will only be granted, if, the court concludes entering into a DPA is in the interests of justice and its terms are fair, reasonable and proportionate. DPAs are available only at the prosecutor’s discretion and are only available to corporates, not individuals. Currently DPAs are available in cases of economic offences such as bribery, money laundering, fraud and so on. Subject to the corporate body complying with the terms of the DPA, the offences will not be prosecuted.

The terms of a DPA might include a financial penalty, costs, restitution for victims and will include disgorgement of profits of wrongdoing and implementation of reforming measures.

DPAs are not, the so-called, “cost of business”. The SFO sees DPAs, in appropriate cases, as enhancing public confidence in UK plc and the Criminal Justice System. In pursuance of that important aim, the SFO may also impose a compliance monitor, to positively and genuinely assist in changing corporate behaviour.  Where a monitor is necessary to achieve that aim such a condition will be included in the terms of the DPA. The DPA Code sets out the framework for the appointment of monitors and the appointment will depend on the factual circumstances of the case. 

Under the DPA regime in appropriate cases the SFO will seek assurance the Company has genuinely reviewed its internal controls, policies and procedures regarding compliance and as necessary, adopt new or modify existing controls, policies and procedures in order to ensure it complies with all applicable anti-corruption laws and most importantly that these are actually embedded into the business. The ultimate responsibility for identifying, assessing and addressing risks remains with the Board of Directors and is a critical factor in any DPA discussion.

The decision about whether to impose as a term of the DPA a monitor will be informed by the extent to which the programme of corporate governance enhancements is complete at the time of the DPA resolution and whether an ongoing independent review and sign off on-completion is considered necessary in the context of the deficiencies identified in the corporate compliance programme and corporate governance.  Monitors have always been available and we will use them in the right situations.  It’s a question of achieving a substantive outcome, and we have to-date focused on that, more than the method through which that might be achieved.

The SFO recently celebrated its 30 year anniversary. Over that time the SFO has seen an exponential rise in the amount of data in its cases. That trend is continuing upwards as company and individual data grows ever larger. The amount of data handled by the SFO’s digital forensics team has quadrupled in the last year. Using innovative technology is essential to perform our tasks, as investigators and prosecutors, given the volume of material we deal with.

So how does AI work in the context of our cases?  The SFO was the first to use AI in a criminal case in the UK, the RR DPA to assist the removal of Legally Professional Privileged documents. In that case, AI reduced the pool of documents needing to be reviewed by independent counsel by reducing the amount of potentially legally professional privileged material by 80%, scanning as many as 600,000 a day. What would have taken us almost 2 years to review, only took independent counsel some months. This is a clear saving of resource and tax payers’ money, but also resulted in a more accurate and consistent review.

We have recently adopted a new review platform called Axcelerate and are using this system on all new cases.  We are confident that our sophisticated review systems can help us consistently and more easily quickly pursue relevant lines of inquiry that we choose. It is able to recognise patterns, group information by subject, organise timelines, graphically depict search results and remove duplicates.

We believe that our systems will attract the confidence of the legal profession and the judiciary. Giving a lecture to public legal information website Bailii, Lord Chief Justice Lord Burnett of Maldon described the ability of computers to analyse vast quantities of data to predict outcomes as “one of the most exciting developments of the age” and predicted the technology would be utilised to prevent litigation and promote settlements.

We respectfully agree. We think our new technology will allow us to deliver justice sooner, at lower cost.

That said, AI does not replace lawyers or investigators – it is a tool which will enable us to more easily and quickly prioritise our reviews, reach the nub of the dataset and pursue relevant lines of inquiry that we choose.

We await with interest the outcome of the AG review of the disclosure regime and any guidance the AG may give as to the use of AI in the task of disclosure review of our data-heavy cases.

Finally to LPP and I’ll pick up the point on disclosure here as well, in the context of the recent ruling of the Administrative Court in the XYZ judicial review.

We recognise that a DPA is an attractive solution for a company. Herein lies the advantage; if it secures an agreement and complies with its terms, the company will account to the court for its wrongdoing yet avoid a conviction and all the consequent damage that might do to its ability to conduct business in the future. The bar is therefore necessarily a high one. 

The SFO will only invite a company to enter into an agreement to defer prosecution where the company has genuinely cooperated with the SFO. The DPA Code provides that co-operation will include identifying relevant witnesses, disclosing their accounts and the documents shown to them.

Frivolous claims to privilege over those records will be challenged and in specific circumstances, we are obliged to do so.

The SFO successfully challenged claims to legal advice and litigation privilege in declaratory relief proceedings against ENRC. The case is subject to appeal to be heard in a few days’ time, but in the case of the Court of Appeal in R (AL) v XYZ Ltd & Ors has confirmed that the argument that the law is uncertain pending clarification by further case law in the appellate courts is untenable.

This case, and those related cases subsequently decided – RBS v Bilta and HSE v Jukes – demonstrate that courts look for the actual evidence of a lawyer-client relationship for the purposes of legal advice privilege, and for the actual moment where the dominant purpose of relevant communications is in anticipation of adversarial litigation for litigation privilege.

The protection of litigation privilege has not disappeared or been eroded. Whether or not litigation privilege applies will depend on the facts of the case.

In practice, we expect companies to enter into dialogue with us about the basis and scope of any claim to LPP and the shape its internal investigation and timing of interviews. Such dialogue makes the process eminently more efficient for all concerned.  We are not interested in material that is genuinely privileged.  We do however reserve the right to question, probe and where necessary challenge assertions of privilege which are in our view, excessive.  That is what we did in our application for declaratory relief in ENRC.  The judgment in the case of XYZ illustrates the danger for us of not challenging excessively wide claims of privilege and being left unable to comply with our statutory disclosure obligations to ensure a fair trial of the individuals we charged in that case. 

So in conclusion, the economic crime landscape in which we operate is evolving rapidly. We are capitalising on this legal and technological innovation and we have the appetite and stamina to build on our record in the fight against economic crime. In much the same way as we are entering into dialogue with the business and legal community, we expect and hope that where appropriate that you, responsible companies will want to enter into dialogue with us.

For us, at the SFO, a new chapter is beginning: our independence is guaranteed and we have a new Director who will soon begin her 5-year term.  It’s a chapter that will be defined by optimism and a renewed vigour to continue the progress we have made.