Extracting compliance lessons from U.K. bribery cases

The first ever company to contest the “adequate procedures” defense under Section 7 of the U.K. Bribery Act has been defeated in court. The case, in combination with the four total deferred prosecution agreements secured by the Serious Fraud Office over the last few years, offers plenty of compliance lessons applicable to all companies operating under the jurisdiction of the Bribery Act.

Section 7 of the U.K. Bribery Act states that a company is guilty of bribery if an “associated person”—such as an employee or contractor—pays a bribe in exchange for (1) obtaining or retaining business for the company or (2) obtaining or retaining an advantage in the conduct of business. Section 7 also contains a corporate defense where the company can show it had “adequate procedures” in place designed to prevent people from engaging in misconduct.

In the first-ever trial to contest the “adequate procedures” defense, a Southwick Crown Court jury on Feb. 21, following a two-day trial, found London-based refurbishment company Skansen Interior guilty of failing to prevent bribery. In the Skansen case, the underlying dispute concerned two payments totaling £10,000 ($14,232) made by Stephen Banks, former managing director of Skansen, to Graham Deakin, the then-project manager of property company DTZ Debenham Tie Leung, to secure two office refurbishment contracts worth £6 million ($9M). Skansen won those contracts. Banks reportedly attempted to make a third bribery payment of £29,000 ($41,272), before it was blocked by Skansen’s CEO Ian Pigden-Bennett, who was brought on board in 2014.

The court did not publicize details of the case, but Pigden-Bennett told media outlet MLex in an interview that he had immediately dismissed Banks and commercial director, Peter Smith, after uncovering evidence that suggested Banks had paid bribes. Pigden-Bennett said he then filed a “Suspicious Activity Report” with the National Crime Agency and reported the suspected bribery to the City of London police.

What’s unusual about the case is that it was not brought by the SFO. “From out of left field, we have the first prosecution from the Crown Prosecution Service,” says Polly Sprenger, a partner at law firm Katten Muchin Rosenman in its London office. Thus, extracting lessons from the case itself makes things a bit trickier for compliance and legal professionals, who have looked primarily to the SFO for guidance on matters like self-reporting and undertaking internal investigations, she says.

The Crown Prosecution Service (CPS) is an enforcement body that prosecutes criminal cases that have been investigated by the police and other investigative organizations in England and Wales. To charge someone with a criminal offence, Crown prosecutors must be satisfied that there is sufficient evidence to provide a realistic prospect of conviction and that prosecuting is in the public interest.

At trial, Skansen pointed to the fact that it was a small company of 30 employees operating in a single office and, thus, did not feel it was necessary to have an anti-bribery policy, particularly since the company had policies in place encouraging employees to conduct dealings with third parties ethically and transparently. Additionally, Skansen argued that its multilevel system of approvals for invoices further constituted adequate procedures for the prevention of bribery.

Guidance from the Ministry of Justice accompanying the Bribery Act makes clear that “adequate bribery prevention procedures ought to be proportionate to the bribery risks that the organization faces.” The guidance goes on to state that, “to a certain extent, the level of risk will be linked to the size of the organization and the nature and complexity of its business, but size will not be the only determining factor.”

The guidance continued, “Small organizations are unlikely to need procedures that are as extensive as those of a large multinational organization. For example, a very small business may be able to rely heavily on periodic oral briefings to communicate its policies, while a large one may need to rely on extensive written communication.”

In the Skansen case, the CPS argued that Skansen made little effort to foster a culture of compliance, including that it did not actively communicate its policies to employees or have a system in place to ensure employees had read or had been periodically trained on those policies. Furthermore, the CPS argued, that no one at Skansen had overall responsibility for anti-bribery compliance; nor did employees have any way to report concerns, other than directly to senior management who, in this case, were involved in the wrongdoing. 

“The case is perhaps a salient reminder to corporates to ensure their compliance procedures are sufficiently robust and the high bar that will need to be reached for a Section 7 defense to succeed.”
Camilla de Silva, Joint Head of Bribery and Corruption, SFO

One question the judge raised to CPS was why it bothered to bring a prosecution against a company that had been dormant since 2014 and had no assets to pay a financial penalty and where the only appropriate sentence was absolute discharge. In response, during the hearing, CPS said it wanted to send a message to others in the industry, because “no ongoing benefit could be achieved by a DPA,” the CPS stated.

Sprenger says the CPS’s reasoning makes sense: “Even though it’s not a perfect case, there was clear evidence of criminality; the statutory defense of having in place ‘adequate procedures’ to prevent bribery was not supported by the evidence, so to turn away from the prosecution of the corporate would have been to almost ignore the activity,” she says.

Compliance lessons

“The case is perhaps a salient reminder to corporates to ensure their compliance procedures are sufficiently robust and the high bar that will need to be reached for a Section 7 defense to succeed,” Camilla de Silva, joint head of bribery and corruption at the SFO, commented during remarks at the ABC Minds Financial Services conference on March 15. While having compliance procedures in place is a starting point, she added, “it is more about the substance of the procedures and about them actually working in the first place.”

The SFO has publicly stated many times that it will not give advice on what a good compliance program looks like, or provide official guidance on adequate procedures. “We are a prosecution agency, not a regulator,” de Silva said.

But, de Silva added, that is not to say that compliance professionals do not already have a variety of additional guidance to reference—in particular, the DPAs that the SFO entered with Standard Bank in November 2015, and with Rolls Royce in January 2017. “The compliance-related comments contained in the Rolls Royce and Standard Bank DPA documents, whilst obviously being fact-specific, could be a useful source of information from a compliance perspective, as to where issues arose, suggestions for enhancements, and what is needed for remediation,” de Silva said. “They warrant careful study.”

In the Rolls-Royce case, for example, the company took steps to place its ethics and compliance personnel in key positions of seniority and appoint additional compliance officers “who were sufficiently empowered and whose reporting lines were independent of the business divisions,” de Silva said. Rolls-Royce also appointed local ethics advisers in areas and jurisdictions of high risk to the business, she noted.

Self-reporting

The Standard Bank and Rolls-Royce DPAs warrant the attention of compliance professionals for another significant reason, as well: They collectively provide insight into the weight the SFO gives when deciding whether to prosecute a case. Rolls-Royce, for example did not self-report and still received a DPA, a decision that SFO General Counsel Alan Milford said was the result of Rolls-Royce’s overall cooperation.

“True, the absence of a self-report meant that it started at a disadvantage,” Milford said, but for several years after, Rolls-Royce provided the SFO “with a consistently high degree of cooperation, including bringing to our attention wrongdoing we had hitherto been unaware of,” he said. “Let me emphasize this point: This was not a case in which we had much information to start with. There was a lot therefore that we could, and did, learn from the company.”

In examining the Skansen and Rolls-Royce cases side-by-side, the broader message is that the mere act of self-reporting misconduct to U.K. authorities—be it the CPS or SFO—provides no guarantee that a company will not be prosecuted.

The SFO’s prosecution against British property management, construction, and surveying company the Sweett Group is a further example of this. In February 2016, the SFO sentenced and ordered the Sweett Group to pay £2.25 million ($3.2M) concerning the company’s activities in the United Arab Emirates. The conviction and punishment represented the first under Section 7 of the Bribery Act.

Sweett pleaded guilty in December 2015 to a charge of failing to prevent an act of bribery intended to secure and retain a contract with Al Ain Ahlia Insurance Company (AAAI) in violation of Section 7 of the Bribery Act. According to court documents, Sweett had attempted to conceal its wrongdoing from the SFO by contacting AAAI, seeking a letter stating that the fees paid were legitimate finder’s fees, rather than bribes.

Instead of ceasing the corrupt payments, Sweett set up of an escrow account to hold monies to pay out after the SFO’s investigation had “gone away,” a client alert from law firm Burges Salmon stated. Calling this a “cynical commercial decision” made to deliberately mislead the SFO, Judge Beddoe commented that “Sweett’s delay in acknowledging that the payments were ‘so obviously a bribe’ damaged Sweett’s credibility and was a key factor in determining that Sweett had not been sufficiently cooperative,” Burges Salmon said in its client alert.

“The Skansen case tells us that making a report to law enforcement as a victim of crime could result in you being prosecuted for that crime, so don’t make any report until you’ve analyzed the legal position carefully,” Sprenger says. “Is there any possibility that this will interpreted by prosecutors or law enforcement as an offense committed by the company, rather than against the company?”

“Looking at this from the outside, it appears the company was thinking it was the victim of the crime, as opposed to potentially being perceived as the perpetrator of the crime,” Sprenger adds. “Most corporate defendants in bribery cases don’t feel like a criminal defendant; they act, behave, and feel like people in the corporate environment doing their job. What you have to get your head around is understanding that, even though you feel like you have not done anything wrong, an external, critical eye—such as the one the prosecutor will bring—may take a different view.”

SFO DPAs analyzed

In her remarks, de Silva shared some of the most extensive details ever provided as to when the SFO might enter a DPA. The first factor is timing. “DPAs are a reward for openness,” she said. The sooner a company comes in, self-reports, and the more a company is transparent with the SFO, the more it will be rewarded. Compliance and legal professionals should also review the SFO’s guidance on corporate self-reporting.

The second factor is the extent and scope of investigations. “What work has already been done to investigate, and what access to that are you willing to provide to us?” For example, the SFO wants interview recordings or interview notes of employees or others, “so what is the company’s strategy on how they capture them and solutions to possible challenges to sharing them?”

Another factor in internal investigations is the handling of evidence. “The data needs to be identified, collected, preserved, and analyzed in a way that does not tip off potential suspects into deleting data and protects its integrity and continuity,” de Silva said. “We need to understand the methodology, what’s been captured and from where, and the use of search terms and be provided with the metadata.”

A third factor is the thoroughness of the investigation. “For our part, we need to be clear that the internal investigation has been complete and that it goes as high up the corporate food chain as possible,” de Silva said.

Prudent compliance and legal professionals will want to keep an eye on cases that come from U.K. enforcement authorities down the road to distill further compliance lessons, and particularly any DPA that comes from the SFO. Since 2015, four companies have resolved bribery allegations by entering DPAs with the SFO, including Tesco Stores and one company whose name has not been released. Concluded de Silva, “This body of information may become an increasingly useful source for compliance teams and their advisers as more SFO DPAs are entered.”