This article is an extract from GTDT Market Intelligence Anti-Corruption 2023. Click here for the full guide.

---

1 What are the key developments related to anti-corruption regulation and investigations in the past year in your jurisdiction, and what lessons can compliance professionals learn from them?

We have continued to see mixed results from criminal investigations by UK authorities over the past year. In 2022, the UK’s Serious Fraud Office (SFO) was plagued by a series of setbacks, including: the quashing of convictions in the Unaoil trial, The Calvert-Smith and Altman Reviews (see below for further discussion), and critical comments of the SFO’s conduct from the Commercial Court in ENRC v Dechert, Gerrard and SFO. These set-backs have led to harsh criticism, with a January 2023 article in The Times, titled ‘Put the Serious Fraud Office out of its Misery’, calling for a merger of the SFO with the UK’s financial regulator, the Financial Conduct Authority (FCA). While 2023, has showed some successes for the SFO in securing both corporate and individual convictions, it is clear that changes must be made in the way it conducts investigations and secures convictions.

The SFO has, however, achieved recent positive results in ongoing cases against corporates. In November 2022, a multinational trading and mining company was ordered to pay over £280,965,092.95 after an SFO investigation revealed that it paid bribes of over US$28 million for preferential access to oil across several African countries. The company also pleaded guilty to corruption charges in the US and Brazil, with the total penalty exceeding £1.2 billion. In sentencing the company to the sizeable fine, Mr Justice Fraser commented that: ‘This is a significant overall total. Other companies tempted to engage in similar corruption should be aware that similar sanctions lie ahead.’

Equally, the SFO has had some successes in achieving convictions against individuals. In April 2023, the SFO secured convictions against senior executives at Balli Steel, a British steel trading firm that collapsed in 2013. The executives received sentences of over three years each, while the CEO, Nasser Alaghband, following a guilty plea in February 2023, was sentenced to six and a half years. The SFO’s investigation commenced after the firm’s collapse, at the time of which it owed an estimated £835 million to its creditors, and revealed that the executives and Alaghband had fraudulently acquired lines of credit to prop up the failing business. Separately, in June 2023, the SFO charged the former CEO and former CFO of London Mining plc for conspiring to make corrupt payments in return for preferential treatment in Sierra Leone. These charges followed an investigation that was opened in 2016 and focused on two counts of corruption between the years of 2009 to 2012 and 2010 to 2014. A trial date has now been set for January 2025.

Aside from the SFO, over the past year a recent AML development has been the passing of The Economic Crime (Transparency and Enforcement) Act 2022, which took effect in the UK on 15 March 2022, with Russia’s invasion of Ukraine expediting its passage through Parliament. The act aims to make it easier to identify, trace and disrupt the flow of laundered money into the UK through the implementation of three key charges. (1) Companies House is now required to introduce a Register of Overseas Entities, which details beneficial ownership information for foreign entities that own UK property; (2) Unexplained Wealth Orders, first implemented by the Criminal Finances Act 2017, have expanded to include a broader range of individuals, and it will now be easier, and less costly, to apply; (3) The UK sanctions regime has been amended, with the most significant change being that a person no longer has to know, suspect or believe, that they were breaching sanctions prohibitions.

Additionally, in upcoming corruption legislation, the Economic Crime and Corporate Transparency Bill has proceeded through the House of Lords and is set to be reviewed as part of the final stages before coming into law. The bill, as currently drafted, introduces an offence for failure to prevent fraud. The offence attaches liability to a relevant body (e.g., a corporate entity) by way of the commission of an offence by an associated person or employee of that corporate entity. The introduction of this offence follows the trend in the UK Bribery Act 2010 and Criminal Finances Act 2017 of attaching direct accountability to firms for failing to put in place adequate systems and controls to prevent these offences, and is aligned with the conclusions of the Law Commission’s June 2022 paper on corporate criminal liability.

While both the act and the bill could provide much needed ammunition to take aim at the commission of corruption and movement of the proceeds of corruption or in the UK, questions remain as to how effective implementation will be given the shortage of resources to enforce these measures.

2 What are the key areas of anti-corruption compliance risk on which companies operating in your jurisdiction should focus?

While there are undoubtedly commonalities of anti-corruption compliance risk across jurisdictions, industries and sectors, the key first step for any compliance professional responsible for anti-corruption compliance is to conduct a risk assessment. This will allow the business to understand and mitigate against the specific risks it faces. Conducting a risk assessment is also a key pillar in demonstrating the existence of a business having in place ‘adequate procedures’ to prevent bribery, this being the only defence to a charge of having failed to prevent bribery under section 7 of the Bribery Act 2010.

Any risk assessment is likely to highlight third-party relationships as a key area of risk. The section 7 offence mentioned above makes it an offence for organisations that fail to prevent persons associated with it from committing bribery, where the bribe is paid with the intention to obtain or retain business or a business advantage for the company. An ‘associated person’ is widely defined as any natural or legal person who performs services for or on behalf of the company. A broad range of persons may meet this definition, such as employees, subsidiaries, joint venture partners, consultants, agents, etc. The DPA examples referenced in our answer to question 1 demonstrate the risk that third parties present to companies as a result of section 7, and this should be a particular focus for companies who rely on third parties in the course of business. Risk mitigation in respect of third parties may include due diligence, anti-bribery and corruption training, and contractual clauses relating to anti-bribery and corruption.

The extraterritorial effect of the Bribery Act 2010 means that geographical bribery and corruption risk must also be a key area of focus for companies operating in the United Kingdom. The statutory offences apply to active and passive bribery in the public and private sectors, even where that bribery has no connection with the UK and is performed abroad. Indeed there is a specific offence of bribing a foreign public official. Many of the bribery cases investigated by the SFO to date have involved conduct that took place overseas, often performed by third parties in higher-risk jurisdictions. Companies operating in jurisdictions at higher risk of bribery and corruption should therefore take extra care.

Anti-corruption risk naturally evolves over time. The covid-19 pandemic, for example, brought novel corruption risks, as no doubt the current geopolitical crisis will. Compliance professionals need to be agile in their response to such changing corporate environments and ensure that risk mitigation measures flex and adapt accordingly.

3 Do you expect the enforcement policies or priorities of anti-corruption authorities in your jurisdiction to change in the near future? If so, how do you think that might affect compliance efforts by companies or impact their business?

As noted above, two reviews into high-profile failures by the SFO were published in late 2022, being the review by Sir David Calvert-Smith into R v Akle & Anor, and the review of Brian Altman KC into R v Woods & Marshall. In the former, the review highlighted the SFO’s failure to implement: proper quality assurance, adequate resourcing, guidance, and compliance with its own policies and procedures. In the latter, the review similarly emphasised the SFO’s failure to carry out proper disclosure during trial, where disclosable documents were not so disclosed due to mismanagement and lack of guidance.

It is not surprising, therefore, that the SFO’s Business Plan for 2023–2024 emphasises a need to increase its workforce to meet the additional needs of pursuing fraud, bribery and corruption in today’s world. The plan points to the disclosure regime, and the increasing need for very large amount of data to be reviewed, as the reason for this increase in workforce.

Additionally, the SFO announced in July 2023 that, from September 2023, its new director would be Nick Ephgrave, former assistant commissioner of London’s Metropolitan Police Force. The first non-lawyer to be appointed as director of the SFO, Ephgrave’s selection suggests a possible new focus on rigorous and properly managed investigations, rather than prosecutions.

The SFO’s Business Plan 2022-2023 referred to what the director of the SFO, Lisa Osofksy termed the SFO’s ‘year of the trial’ with eight cases then expected to be brought to trial. These cases included cases for individuals in the Axium Legal Financing Fund, Global Forestry Investments, Harlequin Group, Balli Group, Greenergy and G4S. This was a substantial number compared to previous years. Of the above listed cases, only Greenergy and G4S did not proceed in criminal trials. For the former, the SFO dropped their investigation, and for the latter, decided not to proceed with the trial of certain executives as it was no longer in the public interest.

An interesting shift by the SFO in recent years has been its move away from bribery-related investigations, which tend to have a multinational element, to a focus on domestic fraud. Since 2021, the SFO has opened four new investigations, which are ongoing in 2023, (Raedex Consortium Group, Gavin Woodhouse and Associates, the Alpha and Green Park Group, and Arena Television Limited), all of which focus on fraud and money laundering. As a continuance of this domestic focus, in June 2023, the SFO signed ‘Principles of Co-operation’ (the Principles) with the UK’s financial regulator, the FCA. Under the Principles, both organisations agree that their senior leaders will meet on a regular basis to discuss ongoing investigations and ensure ‘the effective and consistent discharge of their functions through co-operation and co-ordinated enforcement action’. The Principles further empower the parties to conduct joint investigations with a single case team.

Conversely, the recent DPA’s entered into by the SFO concern bribery offences rather than fraud. This is perhaps an indication of the SFO’s preference to pursue fraud offences at trial, possibly due to barriers in gathering evidence from abroad created by the Supreme Court’s ruling in in R (on the application of KBR, Inc) v Director of the Serious Fraud Office, which removed the SFO’s ability to compel the production of documents from entities with no nexus to the UK.

Another tool likely to be deployed more frequently by the SFO is in the form of account forfeiture orders, introduced by the Criminal Finances Act 2017, as they provide the SFO with another enforcement instrument. In March 2023, the SFO recovered over US$7,699,204 from convicted money launderer, Mario Ildeu de Miranda from an account linked to systemic bribery in Brazilian state-owned entity, Petrobras. This was the largest amount seized by the SFO from a single account and was the product of an investigation that traced funds through Switzerland, Malta, Portugal, the UAE, Bahamas and the UK. SFO director, Lisa Osofsky, commented that: ‘Over two years, we unpicked a complex web of transactions across the world…ensuring that the UK cannot be used as a hiding place for criminal assets.’

4 Have you seen evidence of continuing or increasing cooperation by the enforcement authorities in your jurisdiction with authorities in other countries? If so, how has that affected the implementation or outcomes of their investigations?

International cooperation remains at the forefront of the SFO’s priorities. The SFO’s Business Plan for 2023-2024 states that one of its four key objectives is to ‘collaborate with partners in the UK and overseas to ensure there is no safe haven for those who commit serious financial crime’. In addition, in the wake of the conviction of the mining company referenced above, Lisa Osofsky, director of the SFO, commented: ‘This significant investigation . . . is the result of our expertise, our tenacity and the strength of our partnership with the US and other jurisdictions.’

This theme was also evident during one of the first SFO trials of 2023, which saw the convictions of two executives behind fraudulent schemes to obtain loans to bolster the company’s finances and allow it to continue trading while avoiding repayment of those loans. The SFO states that the investigation involved a ‘record breaking degree’ of international corporation, with law enforcement partners in 36 separate jurisdictions assisting in the provision of information and evidence.

It is anticipated that international cooperation will only become more ingrained, and more fruitful, given the increasingly global and cross-border nature of corruption and financial crimes, and the vast global penalties that have been seen to ensue. As a result, compliance professionals should take care to ensure that they develop a global response to any multi-jurisdictional or international issues that may arise in their businesses, seeking guidance on potential pitfalls and planning accordingly. This might include, for example, seeking early advice on the availability of legal privilege in each of the relevant jurisdictions; understanding whether a limited waiver of privilege in one will constitute full waiver in another; or having regard to differing data privacy regimes and the degree of data collection and review that will be permissible.

5 Have you seen any recent changes in how the enforcement authorities handle the potential culpability of individuals versus the treatment of corporate entities? How has this affected your advice to compliance professionals managing corruption risks?

DPAs are the predominant method through which corporate entities are held to account for bribery and corruption in the UK. They are not, however, available to individual defendants in lieu of prosecution. There have been four DPAs concluded with companies in the UK that have been followed by unsuccessful prosecutions of the individuals allegedly involved in the wrongdoing that was the subject of the DPA. The most recent being the case against three former directors of G4S Care and Justice Services (UK) Ltd, which collapsed mid-trial following the SFO’s decision to no longer proceed with the prosecution on the basis that it had ceased to be in the public interest. The starkness of this prosecution failure was amplified by the fact that the SFO had already requested an adjournment of a year to address disclosure issues (the reason for its withdrawal of the case), and stated to the Court that it would take months longer for these issues to be resolved.

In March 2023, however, one individual had follow on involvement in a DPA concluded with Bluu Solutions in 2021, Roger Dewhirst, pleaded guilty to accepting or agreeing to receive bribes. This marked the first individual to be convicted following a DPA, despite there being 12 DPAs since their introduction in 2014. It is significant, however, that this successful conviction followed a guilty plea, whereas three other executives in the same case, who pleaded not-guilty, were unanimously acquitted. These cases have therefore produced contradictory outcomes with regard to corporates (accepting criminal liability) and individuals (all subsequently acquitted) based on the same evidence.

This apparent inability to date of the SFO to convict individuals following a DPA risks undermining its policy of encouraging corporate self-reporting and cooperation. Where corporate liability is predicated on the individual guilt of senior directors who are subsequently acquitted at trial, companies and advisers may question the merits of entering into a DPA at an early stage (and, in doing so, admit corporate liability and pay significant fines) instead of putting the SFO to proof and taking its chances with an investigation or even prosecution. In any event, before making any decisions about entering into a DPA, a company should always ensure that it has received full and detailed advice on the merits of doing so.

6 Has there been any new guidance from enforcement authorities in your jurisdiction regarding how they assess the effectiveness of corporate anti-corruption compliance programmes?

The most recent guidance was published on 17 January 2020 when the SFO released guidance (the Guidance) on its evaluation of corporate compliance programmes, which forms part of its operational handbook. The Guidance informs the SFO’s decisions on any particular case, including whether a prosecution is in the public interest, whether DPA negotiations should take place, whether the ‘adequate procedures defence’ is available to a corporation under section 7 of the Bribery Act 2010, and whether the extent and nature of the compliance programme will be a relevant factor for sentencing.

The Guidance covers the stages at which the SFO may consider the state of an organisation’s compliance programme, how the assessment of that compliance programme fits within the SFO’s investigation, and the principles against which the SFO will consider the compliance programme. The Guidance does not, however, provide a detailed breakdown of what the SFO considers to be an effective programme. Rather, it states that an organisation’s compliance programme should be assessed based on the six principles outlined in the Ministry of Justice’s 2011 guidance on the Bribery Act 2010, and provides a summary of each. Those principles are: (1) proportionate procedures; (2) top Level commitment; (3) risk assessment; (4) due diligence; (5) communication; and (6) monitoring and review.

There continues to be only a small number of prosecutions under the Bribery Act 2010 that reach the trial stage. This means there is very limited case law as to how the guidance will be applied in practice.

7 How have developments in laws governing data privacy in your jurisdiction affected companies’ abilities to investigate and deter potential corrupt activities or cooperate with government inquiries?

Data protection remains a key focus at the outset (and during) investigations. It is important for advisers and companies to conduct a data protection impact assessment and legitimate interest assessment to consider the potential impact of data processing on individuals and any damage the processing might cause. This should consider elements such as the legitimacy of the interest in processing the data; the necessity of the processing for that interest; the nature of the data to be processed; the manner in which the data is processed; the expected benefit for the controller versus the impact of the processing on the data subject; and the reasonable expectations of the data subject.

The company will typically have a legitimate interest in investigating suspected wrongdoing but data protection controls may need to be put in place, for example, regarding the manner of document collection and review. Such additional safeguards may include narrowing searches of data, for example, by using appropriate tagging of emails, focusing on narrow and bespoke search strings, and only reviewing correspondence relevant to the investigation.

---

The Inside Track

What are the critical abilities or experience for an adviser in the anti-corruption area in your jurisdiction?

Natural curiosity, healthy scepticism and the ability and tools to dissect vast swathes of information, data and evidence. These attributes are key to conducting investigations when all the facts of the case are not yet clear. It is also important for advisers to have emotional intelligence and strong interpersonal skills to elicit information from interviewees effectively. Experience working with, or for, anti-corruption regulators, such as the SFO, is also useful. This allows advisers to understand how the regulators are likely to act in a particular situation and the tactics they may deploy.

What issues in your jurisdiction make advising on anti-corruption compliance challenging or unique?

The use of DPAs has led to a dearth of defended prosecutions, resulting in a lack of judicial guidance on the UK’s anti-corruption laws. For example, there is no case law considering what constitutes ‘adequate procedures’ for the purposes of section 7 of the Bribery Act 2010. This led to the recommendation by the Law Commission in its 2022 report on corporate criminal liability that the defence be available on the basis of ‘reasonable’, rather than ‘adequate’, procedures. Until such time as this position is clarified, uncertainty remains as to the exact requirements of the defence.

What have been the most interesting or challenging anti-corruption matters you have handled recently?

Cross-jurisdictional matters involving variably the SFO, SEC and the French National Financial Prosecutor have required a delicate approach and balancing of multinational legislation, including, in particular, the French Blocking Statute. We have also supported a number of clients through difficult decision-making in relation to whether and when to make a self-report to the SFO. This is always a nuanced and carefully balanced decision-making process, and it will not always be in the client’s best interests to make a report.