The Serious Fraud Office’s new corporate guidance released today is a much needed and welcome part of the SFO’s new strategy to ramp up enforcement against corporate fraud and corruption. But will it work and what’s missing?
Spring in its step
There is no doubt that under its new director, Nick Ephgrave, the SFO has a new spring in its step. Last November it announced a new bribery investigation into French defence giant Thales. In April it charged an insurance company with ‘failure to prevent bribery’ in what might be its first contested trial on what compliance procedures companies need in order to comply with the Bribery Act. And in a prosecution “first”, it is pursuing a company for breaching a Deferred Prosecution Agreement.
The SFO has also been on a drive to show real international leadership on fighting bribery. In a very canny move in February, Ephgrave visited Indonesia to strengthen its collaboration with the country’s Corruption Eradication Commission. Indonesian authorities previously threatened to sue the SFO for failure to share proceeds of Airbus’s record £840 million fine for bribery including in Indonesia.
Meanwhile, in March, as the Trump administration called a pause on foreign bribery enforcement, the SFO announced a new joint taskforce with Swiss and French prosecutors to combat international bribery and corruption.
These are all signs of an agency that is genuinely rediscovering its mojo and morale which were badly battered under its previous director.
New deal for corporate criminals
In this context the SFO’s attempts to reignite corporate deals – or Deferred Prosecution Agreements – couldn’t be more important. The last DPAs that the SFO signed were nearly four years ago in the summer of 2021. The last really big DPA – which led to a bribery fine of £615 million for gambling company Entain in 2023 – was brought by the Crown Prosecution Service.
New investigations into foreign bribery dwindled under the SFO’s previous director with just 5 investigations announced versus 16 under the Director before that, and there was widespread anecdotal evidence, since confirmed by Ephgrave, that corporate self-reports to the agency have dried up.
The new corporate guidance is clearly an attempt to show that the SFO is open for negotiation – offering the carrot of much quicker responses by the SFO, clear timelines for opening an investigation and concluding a DPA, and a commitment that where there is a self-report and exemplary cooperation, a DPA is almost guaranteed.
The guidance also lays out the agency’s robust expectations for when a DPA will be considered and what kind of cooperation it considers to be ‘exemplary’. These are ambitious and set a high bar – which is good – including that a company must identify “all” persons involved both internally and externally, and making clear that ‘obfuscation’ of the role of individuals would be considered uncooperative.
So, are these enough to shift the dial and get companies beating their way to Ephgrave’s door?
While they are genuinely welcome, there are some real considerations at play which are likely to undermine the incentives for corporate wrongdoers to fess up.
Waiting for the knock on the door
The first consideration is that the guidance, like all previous SFO guidance, fails to make a meaningful distinction between companies that proactively come forward about their wrongdoing, and those that wait til the knock on the door and then decide to cooperate with the SFO.
This means that there is little real incentive for companies to do anything other than take a wait-and-see approach to whether the SFO has anything on them.
Unless there is genuinely more credit (such as a greater reduction in fine) given to companies that self-report rather than waiting, well intentioned compliance folk will struggle to persuade hard-headed boards that it is in the shareholders’ interests to be the first mover.
The previously top enforcer of foreign bribery, the US Department of Justice, made this distinction and ensured greater credit for genuine self-reports. This is easily fixable in the UK if there is the will to do so.
Going to court is so much easier
The second consideration is that there are just too many incentives for companies to opt for a guilty plea in the courts instead.
A company that refuses to cooperate until the SFO’s investigation is court-ready has the advantage that there will be less charges to face than a DPA – prosecutors always have to reduce the scope of the offending they can charge to make a case manageable. A reduction in the chargeable conduct means a reduction in the fine that can be imposed.
A company that enters a DPA does get a bigger fine reduction (up to 50%) than a company that enters a guilty plea (30%), but arguably there needs to be a much greater risk that companies will face much higher fines in the courts if they do not come forward.
Glencore and Petrofac – the two largest companies pleading guilty to bribery following SFO investigation in recent years – faced fines that represented just 0.4% and 1% respectively of their annual global average turnover. By contrast in France, when UBS refused a corporate deal for tax evasion which would have included a fine of €1 billion, French courts whacked it with a €3.7 billion fine (although this was subsequently reduced on appeal to €1.8 billion).
Additionally, a company will not have to have any corporate monitor imposed by a court – as happens with a DPA. This is no small consideration when a monitorship can cost a company tens of millions of pounds and takes a lot of effort and external scrutiny. An easy solution would be to make sure that courts can also impose corporate probation orders upon conviction.
These are issues that the newly announced Fisher review should be looking into. If the UK really wants to make its DPA regime work – and there are good reasons to do so, not least because of the significantly improved corporate behaviour it would result in as well as increased corporate fine revenues – then it needs to ensure that the consequences companies face in court when they chose not to self-report and cooperate are much heftier.
One of these consequences that could be sharpened almost immediately is that companies convicted (whether through plea or not) should face a realistic and meaningful prospect of being put on the UK’s new debarment register. Up to now there has been almost no prospect of this happening. But with new exclusion and debarment rules now in place, there is no surer way to make sure companies sit up than making sure they will lose government contracts if they do not cooperate.
Wrapping up
This is timely guidance. There is no doubt that increased SFO enforcement will start to make companies take the agency seriously again. And Ephgrave is right to push whistleblower rewards as a way to increase flows of intelligence of corporate wrongdoing to law enforcement and put pressure on companies to get in first. But ultimately, this guidance on its own isn’t going to be the game changer it needs to be without some significant tweaks to the system it sits in.
Meanwhile, the SFO missed a serious trick by failing to make sure the guidance requires companies that want a DPA to help with identifying and providing redress to victims. Whether it’s victims of fraud or overseas bribery, companies should face the brunt of work on identifying victims and coming up with serious offers of redress. Compensation for those most harmed by corporate wrongdoing at the end of the day is fundamental to the credibility of corporate crime enforcement.
