Evaluating Compliance Programmes - The Serious Fraud Office’s Guidance
Rahman Ravelli’s Aziz Rahman details the main points in the Serious Fraud Office’s just-published guidance on assessing the compliance programmes of companies under investigation.
Following the publication in August 2019 of its “Corporate Co-operation Guidance’’, the Serious Fraud Office (SFO) has now issued its guidance “Evaluating Compliance Programmes’’, which it will use to assess how effective the compliance programmes are of those companies that it is investigating.
Such assessment, the new guidance says, will help the SFO determine whether the prosecution of a company is in the public interest or whether a company could be considered worthy of negotiations relating to a deferred prosecution agreement (DPA) being offered as an alternative to prosecution. This latest guidance will assist the SFO in determining whether the company’s compliance programme can be considered good enough for the company to be able to mount the defence that it had adequate procedures in place in relation to a charge under Section 7 of the Bribery Act 2010; that it failed to prevent bribery. It will also aid the SFO in assessing whether the compliance programme is relevant regarding any sentence that may be imposed on the company.
Stages of Compliance Assessment
The new guidance states that prosecutors have to assess the state of a company’s compliance programme at a number of stages:
- At the time of offending: The Guidance on Corporate Prosecutions states that it is a public interest factor in favour of prosecution if "The offence was committed at a time when the company had an ineffective corporate compliance programme." A company has a defence against a Section 7 Bribery Act offence if, when the bribery was committed, the company had in place "adequate procedures designed to prevent persons associated with [it] from undertaking such conduct." If a company had put in place bribery prevention measures that were insufficient for the purposes of a defence to a Section 7 charge they may still be a mitigating factor when it comes to sentencing.
- The current state of the compliance programme: While a company may have a poor compliance programme at the time of the offence any subsequent strengthening of the programme can, according to the Guidance on Corporate Prosecutions, be relevant to the decision to charge if such remedial action has led to the company now having “a genuinely proactive and effective corporate compliance programme". It will also be a factor in considering if a company is suitable for a DPA and when a court is considering the sentence to be imposed following a successful prosecution.
- Compliance in the future: The new guidance states that a DPA may still be appropriate even when a company does not have a fully-effective compliance programme, as one can be insisted on as a condition of the DPA. A requirement that the company changes its current programme, its policies or its training can built into the DPA, as can monitoring of such changes.
Investigating a Company’s Compliance Programme
The new guidance states that compliance material is considered to be "relevant information" for the purposes of the Criminal Justice Act 1987. It adds that compliance issues should be examined early in an investigation and should be considered as part of the overall investigation strategy. It says that decisions need to be made, therefore, regarding which of the SFO’s investigatory tools – such as voluntary disclosures and interviews, compelled disclosure of documents and information and interviews under the Police and Criminal Evidence Act 1984 - will be most effective and at what stage and in what order they should be employed.
According to the guidance, assessment of a company’s compliance can be arranged around the six principles in the Bribery Act guidance published in 2011 by the Ministry of Justice.
These principles are:
- Proportionate Procedures: A commercial organisation's procedures to prevent bribery by persons associated with it should be proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisation's activities. That risk should be determined by conducting an assessment as a first step. The procedures should be clear, practical, accessible and effectively implemented and enforced.
- Top-Level Commitment: Senior figures at a company should be committed to preventing bribery by persons associated with it and should foster a company culture in which bribery is never acceptable. This commitment should involve setting bribery prevention policies and ordering the design, operation and monitoring of bribery prevention procedures.
- Risk Assessment: A commercial organisation should assess the nature and extent of its exposure to external and internal risks of bribery being carried out on its behalf by persons associated with it. Such risk assessment should evolve in line with the evolution of the business and the new risks that arise. Issues such as the country or sector where business is being carried out, business arrangements, employee training, hospitality, bonuses, financial controls and messages from the company’s senior figures should all be assessed.
- Due diligence: A company should apply due diligence procedures, taking a proportionate and risk-based approach regarding anyone who does or will perform services on behalf of it. It should take “considerable care’’ when entering certain business relationships due to the circumstances that produced those relationships. Particular care should be taken in relation to mergers and acquisitions.
- Communication and training: A company must ensure that its bribery prevention policies and procedures are embedded in its working and understood throughout the organisation through internal and external communication - including training - that is proportionate to the risks it faces. Training should be continuous, regularly monitored and tailored, when necessary, to high-risk functions such as purchasing, contracting, distribution and marketing, and to high-risk locations.
- Monitoring and Review: A company must monitor and review its procedures designed to prevent bribery by persons associated with it. Improvements should be made whenever necessary. Periodic internal reports for top management and seeking external verification of the programme's effectiveness can also be of great value.
This article was also published on Lexology.com.