FINANCIAL CRIME: CORPORATES: An Introduction to London (Firms)

Financial Crime: Corporates  

The role of the corporate 

What is the role of corporates in the fight against financial crime? In the decade or so since the coming into force of the Bribery Act 2010, the UK government’s preferred answer to that question has become increasingly clear. Under the ‘failure to prevent’ model, corporates are held accountable for the actions of their employees (and other ‘associated persons’), unless they can show that they had adequate procedures in place to prevent such behaviour. The Bribery Act (specifically, Section 7, which created the corporate offence) brought about a sea change in corporates’ attitude towards bribery, and the government has since sought to capitalise on that success.

The Serious Fraud Office (SFO) has principally made use of Section 7 in conjunction with its power, under the Crime and Courts Act 2013, to reach Deferred Prosecution Agreements (DPAs) with corporates it believes are guilty of financial crime. The vast majority of DPAs so far have been agreed in bribery cases, while prosecutions under the Bribery Act (including under Section 7) have, until the guilty pleas of Glencore and Petrofac in 2021, been comparatively rare. But, notably, these DPAs – in bribery cases like Rolls-Royce and Airbus, and others like Serco and Tesco – have invariably not been accompanied by convictions of individuals. This is striking because, under conventional rules of corporate liability as well as under the ‘failure to prevent’ model, a corporate cannot be guilty of an offence unless an individual is also guilty. So how has this come about?

A question of risk 

The obvious answer to this is that corporates value commercial certainty. They will factor in the costs and risks of prosecution (which will be substantial, even if the eventual result is a dismissal or an acquittal) before deciding whether to crystallise those risks into the financial penalties and other requirements (such as monitoring) that a DPA would involve. As part of that process, they will also consider how best to deal with individual suspects, which will involve not only difficult decisions about suspensions and dismissals, but also complex considerations about individuals’ representation and the status of material subject to Legal Professional Privilege (LPP). They will also consider issues about preservation and access to evidence, the relevance of other jurisdictions, and any reporting obligations that may exist, including under proceeds of crime laws.

For an individual, while similarly complex issues will also have to be considered, the potential impacts of a conviction – including the risk of imprisonment – will almost inevitably be weighed up rather differently. An individual may challenge the prosecution’s case in ways that a corporate would not, and a case that the SFO may have thought watertight when negotiating a DPA might nevertheless implode spectacularly at trial. While none of that impugns the rationality of the corporate’s decisions in negotiating a DPA, it might legitimately raise questions for the SFO and the courts.

The direction of travel 

Despite these challenges, the ‘failure to prevent’ model has been used again, in the context of facilitating tax evasion, under the Criminal Finances Act 2017 (the CFA), and the Law Commission has proposed various options for new ways to attribute the guilt of individuals to corporates, including the potential for adapting or extending the model. While the difficulties of effecting such changes are abundantly clear, there can be no doubting the desire of the SFO and other prosecutors to make the attempt.

The limits of law enforcement 

Meanwhile, the SFO’s own goals in litigation against ENRC, KBR, and (most spectacularly) Unaoil have helped re-establish the limits on its powers and reinforce a long-standing impression, fuelled by what its director calls ‘vocal and ill-informed detractors’, that it is simply not fit for purpose. While neither Brexit nor COVID-19 have (as some feared) had significant effects on the abilities of law enforcement more generally, and the growth of private prosecutions has rendered the landscape more complex, the cynical corporate may still be forgiven for thinking that its real prospects of being convicted (or even prosecuted) in the UK are low.

It is worth adding two caveats to that approach, however. The first is that there are significant and increasing sectors of business in the UK where the risks are very different. Businesses in the financial sector, for instance, regularly face significant fines and even prosecutions (notably NatWest) for breaching anti-money laundering (AML) rules, while an increasing range of offences – covering issues from financial sanctions to medical devices – are now subject to civil penalty regimes, for which convictions are unnecessary (and, in the case of financial sanctions, a strict liability approach now applies). Civil powers to freeze and obtain forfeiture of funds in bank accounts under proceeds of crime laws present an additional risk, particularly where banks become aware of suspicious activity. Businesses in some sectors – such as the extractive industries, public sector procurement in some jurisdictions, and medicinal cannabis – face these issues more often than others.

A responsible approach 

The second caveat is that there are of course important – and, again, increasing – imperatives on corporates to adopt and enforce procedures against financial crime, beyond the basic risk of being prosecuted. Most major UK brands now consider the environmental, social, and governance (ESG) agenda as a core ingredient of their business, and even newer and smaller corporates will have become familiar with their legal obligations in areas such as data protection, health and safety, and modern slavery. In due course, perhaps, AML, anti-bribery, the CFA, and sanctions obligations will be considered in the same way, as part of the basic framework of doing business as a corporate entity in the UK.

For the time being, however, the criminal-regulatory landscape for any corporate, whether large or small, that does business in the UK is complicated. Few can afford, or would want, either to spend unnecessary effort or expense on doing whatever government or law enforcement would prefer them to do, in ignorance of what the law technically requires. And yet, at the same time, to take the cynical approach of doing the minimum required, or to rely on inadequate enforcement, increasingly carries risks of its own. For a well-informed, responsible corporate, taking steps to tackle the myriad risks of financial crime must be (and, if not, it must become) an integral part of doing business.

John Binns and Richard Sallybanks  

BCL Solicitors LLP