Since the U.K. Bribery Act (the “Act”) came into force on 1 July 2011, companies have grappled with a number of key questions arising under the Act. These questions have included the extent of cooperation required from a corporation to benefit from any credit from the Serious Fraud Office (“SFO”) and also the basis on which a company’s compliance programme might be deemed adequate in order that the company can avail itself of the “adequate procedures” defence to any charge under section 7 of the Act.
Compliance officers and in-house counsel received further guidance in the first of these areas – i.e., what steps must be taken in order to receive credit from the SFO for doing so – in summer 2019 when the SFO published its Corporate Co-Operation guidance. Illumination with regards the latter area, however, has mostly been found in the Ministry of Justice’s 2011 guidance (the “MOJ Guidance”) regarding such procedures as well as the limited information that can be gleaned from the handful of prosecutions and DPAs under the Act and occasional public comments from people including Lisa Osofsky (the current Director of the SFO) and Sara Lawson QC (the SFO’s General Counsel).
Some additional guidance in the area of what an “adequate” compliance programme may look like became available on 17 January 2020 in the form of a somewhat unheralded update to the SFO’s Operational Handbook (the “Handbook”) entitled Evaluating Compliance Programs (the “Guidance”). The Handbook itself is, per its own disclaimers, published solely in the interests of transparency and intended for the SFO’s own internal guidance. Nevertheless, does the Guidance shed further light on the longstanding principles set out in the MOJ Guidance and provide companies with a clearer steer as to assessing the adequacy of their own compliance programmes?
The Guidance notes that prosecutors will need to assess the efficacy of a compliance programme for different periods – depending on the decision being considered, the past, present or future state of the compliance programme may be relevant:
- The state of the compliance programme at the time of offending will be key to a decision to prosecute – the Guidance on Corporate Prosecutions (“GCP”) notes that an ineffective compliance programme at the time of the offence is a public interest factor in favour of prosecution – as well as assessing the likelihood of an “adequate procedures” defence to a section 7 charge under the Act. Additionally, efforts made by a company to implement some form of compliance programme, even if ultimately insufficient to establish the “adequate procedures” defence, may be considered for sentencing purposes.
- The current state of the compliance programme also must be considered as part of a decision whether to prosecute. The GCP states that remedial actions and a genuinely proactive and (now) effective compliance programme will be public interest factors against prosecution. The state of the compliance programme is, additionally, an important factor when determining the suitability of a particular case for a deferred prosecution agreement (“DPA”) and also when any sentencing is undertaken.
- Finally, the possible future state of a compliance programme also must be considered. A compliance programme not yet fully effective might, in the right circumstances, render a company a good candidate for a DPA containing specific terms regarding the development of that programme (e.g. training).
The Guidance certainly sheds light on the importance of the assessment of a compliance programme, the different decisions that such assessment impacts and how an assessment can be carried out – early on in an investigation and with information obtained from a variety of sources. However, individuals tasked with creating and developing compliance programmes likely will not find in the Guidance much in the way of additional clarity or illumination as to how a programme ultimately will be assessed.
The Guidance reiterates the six principles set out in the MOJ Guidance, i.e. proportionate procedures, top level commitment, risk assessment, due diligence, communication and monitoring and review. However, with respect to each, the various principles are merely restated with no additional clarification or examples provided. Whilst the Guidance notes that compliance programmes must not merely be paper exercises, there is little in the way of detailed guidance or specificity that companies can act upon. Of course, per the very text of the Guidance itself, its intended usage is internal, its publication purely for transparency reasons, and, accordingly, the function of the document was never to provide detailed clarification to companies or to form a UK counterpart to the US Department of Justice’s April 2019 Evaluation of Corporate Compliance Programs.
Irrespective of the intended function of the Guidance, the ultimate conclusion remains the same; those individuals tasked with the creation and ongoing development of compliance programmes that have pored over public pronouncements from the likes of Osofsky and Lawson in order to discern further clues as to the SFO’s views on the adequacy of compliance procedures should, pending any publication of any further guidance by the SFO, continue to do so for the foreseeable future.