UK companies will be expected to keep their corporate compliance programmes under review to ensure that they are "genuinely proactive and effective", according to new guidance published by the Serious Fraud Office (SFO).
The guidance (8-page / 2.3MB PDF), which forms part of the internal operational handbook which informs the work of the SFO, sets out how the prosecutor will assess the effectiveness of the compliance programmes of the companies which it investigates. It does not, however, set out in any detail what a 'good' compliance programme will look like in practice.
The SFO will consider the effectiveness of a company's compliance programme in all cases, according to the guidance. Examples given include whether prosecution is in the public interest, whether an organisation should be invited to negotiate a deferred prosecution agreement (DPA) and whether an organisation has a defence of 'adequate procedures' available against a charge of failure to prevent bribery.
The guidance also indicates that the SFO will consider the effectiveness of a company's compliance programme at various stages throughout an investigation and, in some cases, once that investigation has concluded.
It says: "[T]he state of the compliance programme at the time of offending is relevant for some decisions; its current state is relevant for other decisions; and, if a DPA is under consideration, how it could change going forward can also be relevant".
Corporate compliance expert Olga Tocewicz of Pinsent Masons, the law firm behind Out-Law, said: "The SFO has long maintained that it is not a regulator. Its role is to investigate and prosecute cases of the most complex bribery, corruption and fraud, not to advise organisations on compliance or corporate governance structures. As such, it is not unexpected that the compliance guidance does not provide any detailed analysis of what an 'adequate procedures' defence may look like".
"The guidance is clear, however, that the SFO's investigation teams should begin to explore an organisation's compliance in the early stages of an investigation, and compliance issues should feed into the investigation strategy," she said.
"The guidance also reminds readers that the quality of a compliance programme is also likely to be relevant to the SFO's decision-making process when considering whether or not to charge; and to sentencing, where a judge may consider that whilst a corporate had in place a compliance programme that was insufficient to demonstrate adequate procedures, it did make efforts to put in place some preventative measures which may reflect lesser culpability," she said.
Compliance programmes are expected to be proportionate, risk-based and regularly reviewed, and cannot be merely a 'paper exercise', according to the guidance. The SFO expects companies to keep "a variety of written records" of both the compliance programme and its operation.
The guidance does not set out what an effective compliance programme should look like in practice. Rather, it refers to the six principles developed by the Ministry of Justice (MoJ) in its 2011 statutory guidance to the 'adequate procedures' defence under the Bribery Act as "a good general framework for assessing compliance programmes". The six principles are proportionate procedures; top-level commitment; risk assessment; due diligence; communication and training; and monitoring and review.
The MoJ guidance states that a company's procedures to prevent bribery by persons associated with it should be clear, practical, accessible and effectively implemented and enforced; and proportionate to the risks that that company faces. Senior figures at the company should be committed to preventing bribery and should foster a company culture in which bribery is never acceptable.
Risk assessments should be regularly reviewed, evolving in line with the evolution of the business; and due diligence should be proportionate and risk based, with particular care taken in relation to mergers and acquisitions. Bribery prevention policies and procedures should be embedded in the working practices of the organisation and supported via continuous, tailored training, and procedures should be reviewed and improvements made whenever necessary.
The guidance also incorporates warnings to investigators that "individual cases differ". Investigators are reminded to "maintain an open investigative mind-set, testing and corroborating evidence from a number of sources".