LONDON—I met my spy monitoring the Serious Fraud Office this week at his offices in Westminster.
I had been in London for four days already, seeing compliance officers and audit partners and software vendors and barristers. My mission was to better understand the challenges of running a compliance program in the United Kingdom and in Europe, so Compliance Week can structure a useful agenda for the European compliance conference we will be holding in October.
Crucial to all conversations about compliance in Britain these days is speculation about the SFO's enforcement of the Bribery Act—When will it happen? How large will the fines be? Who will be targeted?—so my spy and I settled into a conference room to talk about precisely that. Tea and biscuits were served.
First, he told me, expect the last delay in vigorous enforcement of the Bribery Act to end soon. That delay has been the lack of a legal structure under British law to allow deferred-prosecution agreements, which are the tool of choice in the United States to end criminal proceedings against businesses accused of misconduct. In the U.K., however, DPAs with an American level of sophistication don't exist—which means corporations aware of misconduct have no incentive to self-disclose and cooperate, since they're far more likely to face aggressive prosecution.
The Crime and Courts bill working its way through the Parliament will sweep away that roadblock, by allowing the SFO offer deferred-prosecution agreements. DPAs are spelled out in Schedule 16 of the legislation, and American readers will immediately see the parallels with our own DPA structure. The Crime and Courts bill will also give the SFO more power to impose larger fines and more power to reduce those fines for cooperation, all with the aim of inducing companies to self-disclose misconduct, cooperate on investigations, and walk away with a DPA rather than a conviction.
The legislation is now in its final stages of adoption; the House of Commons will pick up the bill for further review next week. In all likelihood, my spy tells me, the bill will become law by June.
What happens then? Well, remember that the Bribery Act went into effect in 2011 with much fanfare—and we've seen no enforcement since then. Building successful cases does take time, my spy noted, and he fully expects the SFO to be ready for some sort of enforcement action within the year, regardless of any new path for DPAs. But with the ability to issue DPAs in hand, suddenly the SFO has much more flexibility to resolve cases more quickly. So my spy expects one or two high-profile cases with big fines and penalties, but also more mundane cases of Bribery Act enforcement too, since the DPAs will be a useful means to get companies to cooperate and resolve problems.
I asked my spy whether the SFO might offer opinion releases about the Bribery Act, something the U.S. Justice Department has been doing for 20 years with the Foreign Corrupt Practices Act. His opinion: not likely. He believes the SFO does not want to come across as giving advice to companies, since the companies to will simply take that advice in the opinions and use it to determine how to avoid prosecution—which is subtly, but crucially, different from how to avoid unethical business practices in the first place.
What the SFO wants, my spy told me, was to encourage good business practices from the start. He therefore expects more detailed charging decisions and also more detailed declinations, such as the U.S. Justice Department published when it decided not to prosecute Morgan Stanley for FCPA violations last year. The Justice Department went on at length to praise Morgan Stanley's compliance efforts, and how they constituted a good-faith compliance program—even though one specific employee ignored the program and violated the FCPA anyway. The employee was charged, while Morgan Stanley was not; my spy says he would not be surprised to see similar enforcement actions happen in Britain.
We then moved onto another question: Can industries somehow establish their own best practices for anti-corruption, and quietly pressure regulators into accepting them?
I've encountered that idea of industry action before, most vividly in Latin America, where corporate compliance officers have been trying accion colectiva: sharing information about which corrupt government officials are demanding what bribes, so all companies can pledge not to deal with those people. Even those compliance executives practicing accion colectiva are slightly paranoid that they'll run afoul of anti-trust regulations, and my spy in London said he wouldn't expect to see anything as drastic as that happening on British soil any time soon.
On the other hand, he added, Britain does have the BS 10500 standard from the British Standards Institute, which offers an anti-bribery management system. That system, in turn, is based on the six principles of compliance with the Bribery Act published by the U.K. Justice Ministry. My spy hopes that industries will seize on that standard to craft industry-specific good business practices—because, he said, prosecutors will have a much harder time challenging practices approved by a whole industry than practices approved by you, your CEO, and your board.
I left my spy pleased with his report, and I'll be sure to visit him more often. While I can't identify him, he does have knowledge of the SFO's operations and priorities, as well as experience representing corporations sitting across from the SFO in court. Female Compliance Week readers will be sad to know that my spy is not Daniel Craig, alas, but he does get the job done just as well.