A DPA is a court-approved agreement between a company under investigation and a government prosecutor. It allows for the suspension of prosecution, provided that the company meets certain conditions. DPAs became an alternative to prosecution in the UK on 24 February 2014, when Schedule 16 to the Crime and Courts Act 2013 came into effect.
At the time of writing, the Serious Fraud Office (SFO) is the only UK law enforcement agency to have negotiated DPAs. In October 2020, the SFO issued internal guidance on its approach to DPAs. This guidance, while not offering anything new, was of some value as it details what the SFO requires in order for it to grant a DPA, the rules regarding them and the approach taken to them by the SFO.
Important Issues for Corporates
While the guidance states that a company does not have to formally admit guilt when entering into a DPA, the SFO Director Lisa Osofsky has stated that DPAs require a company to admit to the misconduct. Companies are, it would seem, more likely to obtain a DPA if guilt is admitted.
The guidance makes it clear that co-operation is a “key factor to consider when deciding whether to enter into a DPA”. It confirms that co-operation includes self-reporting the wrongdoing to the SFO, taking remedial action and preserving evidence. But co-operation is no guarantee that a DPA will be offered. The guidance indicates that failing to waive privilege over documentation will not lead to a company being penalised – but it may mean the company is viewed as not providing the levels of co-operation that the SFO expects and requires for a DPA to be granted.
It also outlines the SFO’s expectations of a company if a parallel investigation is carried out by another agency, either UK-based or from another country. Early communication, consistency regarding admissions of fact or liability in the investigations and co-ordination of market announcements in the different jurisdictions are all expected from the company by the agency.
The latest guidance indicates that the SFO may be distancing itself from the previous habit of identifying individuals in a DPA; due to the need to comply with the Data Protection Act 2018 and the European Convention on Human Rights. But this less severe approach does not continue into the guidance’s approach to financial penalties. The guidance emphasises that a DPA should include a financial penalty and, where possible, compensation to victims, disgorgement of profits and payment of prosecution costs. The sentencing framework for setting fines should be followed, with any discount on a financial penalty under a DPA needing to be comparable to a fine imposed as a result of a guilty plea in a prosecution. The guidance recognises the precedent that has been set in many DPAs so far, where a 50% fine discount has been given as recognition of the level of cooperation given to the SFO.
The Task Facing Corporates
The new guidance is likely to be of use to corporates if and when they are seeking a DPA. The SFO has made it clear that co-operation, a lack of history of similar conduct, corporate reorganisation and the company having a proactive compliance programme (at the time of the offence and its reporting) are all factors that weigh against prosecution. The company having taken disciplinary action taken against the culpable individuals and how a conviction would affect the company's employees and shareholders and the public are also factors that the SFO will consider.
But it should be emphasised that the latest guidance does not detail what measures a company should be considering when conducting its own internal investigation before deciding whether to self-report wrongdoing. Arguably, it also falls short because it does not give corporates complete clarity regarding what the SFO expects from them in terms of co-operation; even though this is probably the SFO’s main consideration.
As a result, corporates will find it only marginally easier to “follow the signs’’ to gain a DPA. The onus remains on them, therefore, to respond appropriately to allegations of wrongdoing. This means investigating them and taking a course of action that is of mutual benefit to them and the SFO. For many, it will be worthwhile to seek specialist legal help.
Investigation
If a company finds out, either officially, unofficially or even from its own staff or third parties, that it is suspected of wrongdoing, an internal investigation has to be conducted immediately. This has to examine all aspects of the company’s activities – as the SFO will not restrict itself to looking at one particular problem if it believes others may exist.
If the company’s senior personnel do not know how they should proceed they have to take relevant legal advice. Only a carefully-devised and conducted internal investigation will enable a company to fully assess the extent of any wrongdoing – and ensure it can respond in an appropriate, credible way to allegations made against it by the SFO, another authority or a third party.
Importantly, an internal investigation gives the corporate the opportunity to self-report the problem. This will not magically remove the legal difficulties but with the SFO it will at least be logged as a form of co-operation. The SFO has made it clear that it encourages companies to self-report as early as possible, and doing so gives a company the chance to open discussions with the SFO. But consideration needs to be given to how and when self-reporting is done. A well-intentioned attempt by a corporate to “come clean’’ could be used against it if the self-reporting is not handled properly, while self-reporting and co-operating when the SFO is well aware of the wrongdoing can appear a pointlessly overdue and desperate attempt to seek leniency.
In August 2019, the SFO published a memo, “Corporate Co-operation Guidance’’, which defined co-operation as "providing assistance to the SFO that goes above and beyond what the law requires" and detailed 11 general practices that companies should consider when preserving material and giving it to the SFO. It included specific guidance relating to digital evidence and devices, hard copies and physical evidence, financial records and analysis of them, industry information and individuals. It also made it clear that the SFO wants companies to consult with it before taking steps such as interviewing potential witnesses and suspects and to provide information on “industry knowledge, context and common practices’’ and “other actors in the relevant market’’.
With the October 2020 guidance not making the issue of co-operation much clearer; the 2019 guidance remains a useful yardstick for companies looking to act in a way that will enhance its chances of a DPA. To take one example of its worth, the 2019 guidance stated that self-reporting needs to follow an internal investigation that has been thorough, methodical and has been conducted by professionals with the relevant experience and expertise.
Any efforts to engage with the SFO in such a situation need to be managed by those with in-depth experience of the relevant law, knowledge of the best way to enter and sustain dialogue with the SFO and an ability to identify and rectify the wrongdoing and areas of risk. Internal investigations are a vital tool in deducing the size, nature and cause of any wrongdoing and in shaping the best possible response. A corporate that does not take this course of action is likely to be reducing the chances of a DPA being offered.
Negotiation
While the importance of co-operation – and its value in dealings with the SFO – cannot be over-emphasised, negotiation is also a vital element when seeking a DPA. Corporates under investigation need to minimise the financial and reputational damage that can result from an investigation and, ideally, avoid being prosecuted. In such a pressured environment, it is often best for a corporate to call in experts that can take an informed, impartial look at what needs to be changed in order to prevent future problems and then convince the authorities of the corporate’s genuine intention to prevent any repeat of the wrongdoing.
This may sound like a company putting its fate into the hands of “outsiders’’. But if a company comes under investigation – or believes it is about to come under investigation – it needs to be open and honest about its problems and genuinely determined to put them right. This requires establishing what those problems are and how they should be disclosed to the SFO. From that point onwards, the dialogue with the SFO will be all-important.
No SFO investigators will automatically offer a DPA because the corporate has done the decent thing and reported its wrongdoing. At this stage, it is more than likely the SFO will have enough evidence for a prosecution. The challenge then is to convince it that a prosecution is in nobody’s interest. Much of that challenge will rest on the ability to negotiate, argue a case and use findings from a properly-conducted internal investigation to convince the SFO that a DPA is the most appropriate outcome.
Conclusion
The latest SFO guidance is useful while not being especially enlightening. It offers some assistance to corporates looking to avoid prosecution and obtain a DPA. But it also emphasises the challenges facing any corporate in such a situation, while doing little to make them any less daunting. The onus, it seems, is still on the corporate to navigate the right course to a DPA; either by itself or with outside help.