Squaring the circle? What the UK SFO co-operation guidance means for global businesses

The UK Serious Fraud Office recently issued its long-awaited guidance on corporate cooperation. We look here at the key points arising, how the guidance compares and contrasts with the US position and what that means in practice for companies faced with potential exposure on both sides of the Atlantic. 

On 6 August 2019, the UK Serious Fraud Office (SFO) issued its long-awaited Corporate Co-Operation Guidance (the Guidance).  The Guidance lists actions that companies being investigated by the SFO for corporate crimes can take to increase their chances of earning ‘co-operation credit’—including, potentially, a decision by the SFO not to prosecute or to seek a deferred prosecution agreement (DPA) in lieu of prosecution—while making clear that even robust co-operation does not guarantee any particular outcome or benefit.

While the Guidance does not go as far as it could on defining the benefits of co-operation, it does provide useful and concrete guidance on how the SFO views cooperation—and that is a significant step forward. 

One of the practical concerns expressed by many global businesses is the challenge of navigating similar—but sometimes importantly different—demands by enforcement authorities in the US, UK and elsewhere.  The Guidance brings into focus the interplay between the UK and US regimes in a number of areas, but unfortunately does not expressly address the perennial problem of how to balance these demands when they diverge. 

We look here at the key points arising from the Guidance, how it contrasts with the position in the US and the practical implications where the two regimes differ. 

Key messages for companies seeking co-operation credit in SFO investigations

The Guidance lists several dozen ‘indicators of good practice’ that the SFO may take into account when assessing whether a company is genuinely co-operative.  Importantly, the list is neither exhaustive nor prescriptive:  the SFO acknowledges that each case will be different and a co-operating company will not necessarily display all of the enumerated behaviours, or achieve a particular outcome even if it does.

The co-operative behaviours can be summarised in six key points.  Most of these have been made previously; either in speeches by SFO officials or in judgments in corporate enforcement cases, but the Guidance draws them together in one place for the first time and adds a few new or amplified expectations.

Global companies will note that these points diverge, in some respects, from the approach taken by other prosecutors, including the US Department of Justice (DOJ), underlining the importance of taking a global approach to an investigation from the outset.  We discuss some of these divergent points in the next section.  

The key hallmarks indicating co-operation are:

1. Preserve and produce data in a forensically sound manner.  For example, the Guidance advises companies to ensure that the digital integrity of material is preserved; to identify the reasons for any data loss, deletion or destruction; and to create and maintain an audit trail on the acquisition and handling of data including digital material and devices, hard copy files and financial material.  While this standard is already well known to global companies, preserving the integrity of data (and later collecting it) may require a significant effort. In terms of governance around this issue, companies may consider evaluating, in advance of any investigation, what data sources they have, how data is preserved and stored and over what time period, and how it can be accessed at a later date.

2. Provide information to the SFO in a useful, structured way.  This includes, for example, providing compilations of selected documents where requested by the SFO and making relevant personnel available to explain the organisation’s financial records and information

3. Brief the SFO on the relevant background, including on the industry, the facts at issue, other actors in the market and other potentially interested authorities. This is already common practice in many investigations, and can provide a helpful opportunity for the company to provide context and industry knowledge.

4. Take care to protect the reliability of witness accounts.  The Guidance specifically requests that companies consult in a timely way with the SFO before interviewing potential witnesses or suspects. The SFO is particularly concerned to ensure companies do not take steps that could potentially taint the recollection of witnesses—for example if a witness is shown documents of which s/he was not previously aware.

5. Do not lightly assert privilege.  The language of the Guidance is particularly strong on this point, signalling the SFO is continuing its robust stance and willingness to test claims of privilege over internal investigation materials. The Guidance sets out specific expectations regarding the disclosure of ‘witness accounts’ (discussed next) and establishes two new procedural expectations for companies seeking to assert privilege:  first, to provide certification by independent counsel supporting any claim of privilege, and second, to provide ‘privilege logs’ itemising each document withheld on the basis of privilege and the basis on which each is privileged.  These new procedures would, if implemented, generally make asserting privilege meaningfully more time consuming and expensive.  At the same time, they may also signal that, if these procedural steps are taken, there is a clearer path for a company to assert privilege while maintaining a co-operative stance.  

6. Provide the SFO with witness accounts and related materials—and if doing so involves the waiver of privilege, that will also be an indicator of co-operation.  The Guidance reiterates the SFO’s previous DPA guidance that, when the SFO is considering a company’s  cooperation for the  purposes of deciding whether to offer a DPA, it will expect the  company to disclose ‘witness accounts’ and documents shown to witnesses.  The existing DPA guidance does not specify what the SFO  means by ‘witness accounts’—and in some of the DPA cases to date the SFO has accepted summaries of discussions with witnesses (including ‘oral proffers’) as sufficient for these purposes.   But the Guidance now adds a new express expectation that companies seeking co-operation credit should also provide any recordings, notes and/or transcripts of witness interviews and identify a witness competent to speak to the contents of each interview. 

The SFO states that companies that retain a legitimate claim to privilege over such witness material will not be penalised for asserting that claim (where backed up by an independent certification). That said, it is not yet clear whether the SFO will expect such companies to work harder in other areas to 'make up' for the lack of credit they would have otherwise received for disclosing privileged materials.  

The SFO has elsewhere made clear that in evaluating the quality of a company’s cooperation, it will view the waiver of privilege  as a ‘strong indicator of cooperation’ and an ‘important factor’ in deciding whether to offer a DPA.  Some will undoubtedly question whether the distinction the SFO has drawn in this context is a meaningful one.  From the perspective of companies facing the threat of prosecution, they may question if there is a practical difference between failing to achieve a  credit and being penalised.  

Four areas of focus for companies facing both US and UK exposure

1. Data preservation and production

The Guidance codifies the SFO’s expectations around the identification, preservation and production of data, apparently encouraging an ‘up-skill’ in UK practice that would bring it more in line with the US norm.  Indeed, in a few respects, the Guidance goes beyond common practice in the US, such as the expectation that a company will identify and seek to preserve data held by third parties.  With that said, there is nothing in the Guidance that obviously contradicts US best practices on data matters—welcome news to companies looking to adopt a single approach in both jurisdictions, whether in the context of co-operation or more generally in the conduct of internal investigations.

2. Exculpatory evidence

In recent years, both the SFO and DOJ have emphasised the importance of holding individuals accountable for criminal behaviour.  An essential element of corporate co-operation on both sides of the Atlantic has been the identification of bad actors, together with sharing evidence of their misconduct with the authorities.  

The Guidance repeats this overarching objective in its introductory remarks.  In doing so it provides a helpful signpost to companies faced with choices about how to focus, structure and document internal investigations, which we think makes it possible that a company can make those choices in a way that simultaneously meets the expectations of US and UK authorities. 

However, the Guidance also articulates a new and controversial expectation that a co-operative company will also assist the SFO in identifying documents or information capable of assisting a potential accused or undermining the case for the prosecution (typically called ‘exculpatory material’).  This may be a result of the criticisms the SFO faced last year in the case of R(AL) v SFO. In that case, the English High Court made plain its view that the SFO had not complied with its duty, as a prosecuting authority, to take steps to obtain relevant materials (in that case interview notes) so that they could be disclosed in the criminal proceedings against an individual in accordance with the defendant’s Article 6 right to a fair trial.

Although there is no obvious counterpart requirement in US guidance, we do not think this absence necessarily reflects a significant difference in practice.  In the US, companies normally do provide exculpatory material to the authorities in the course of an investigation, as such material forms part of the factual picture and is relevant to arguments companies may wish counsel  to advance on their behalf (especially due to broader corporate attribution in the US). In the US, such advocacy is not incompatible with cooperation, so long as a company is fully forthcoming with the available facts. 

With all of that said, to the extent that the requirement in the Guidance seeks to establish a new procedure that places a burden on cooperating companies to specifically help protect the rights of individuals, there is no exact comparator in the US. 

Whether the expectation of providing ‘exculpatory material’ will result in tension between US and UK practice will depend, in part, on the extent to which the SFO can be said to be directing the investigative efforts of the company when seeking this exculpatory material—as we discuss next. 

3. Co-ordination of investigative steps

At a number of places the Guidance emphasises that a co-operative company is expected not only to share information with the SFO, but also proactively to co-ordinate its investigative efforts.  Most obviously, the Guidance states that a co-operative company will consult with the SFO before interviewing witnesses, disciplining employees ‘or taking other overt steps’ in relation to individuals, and (as discussed above) will assist the SFO in identifying exculpatory material.  

Global companies will note that these requests go beyond what is generally expected of a co-operating company by US prosecutors.  DOJ guidance makes clear that it 'will not take any steps to affirmatively direct a company’s internal investigation efforts.'

This is an area where the two countries’ guidance meaningfully diverges, particularly in the area of witness interviews, where DOJ will only ask a company’s counsel to avoid taking action (or to ‘stand down’) in limited circumstances and for brief periods of time.  Moreover, if—as it seems—the SFO is encouraging early consultation so that it can seek to confine or postpone a company’s fact-finding efforts, a company may well have to navigate between the competing expectations of US and UK agencies. There is a clear risk that steps a company must take to meet DOJ’s high standards for providing ‘timely’ and ‘proactive cooperation’ may, from the SFO’s perspective, be viewed as uncooperative behaviour that could  ‘prejudice the investigation[.]’

The SFO’s approach contrasts particularly sharply with the message coming out of the Southern District of New York’s 2 May 2019 decision in U.S. v. Connolly—which cautioned US authorities not to become involved in directing the day-to-day aspects of internal investigations lest they trample on individual constitutional rights. Indeed, the behaviour at issue in Connolly,  from which DOJ was cautioned to stand back, related to close DOJ involvement in the company's approach to witness interviews - the precise topic on which the SFO’s Guidance instructs ever-closer consultation.

As such, achieving the right landing for a company with possible exposure in both jurisdictions will require a sensitive understanding of all players at the table and careful calibration of the timing, content and strategy of any co-operative efforts.

4. Production of interview notes and privilege 

The most striking point of difference between the Guidance and US practice is on the treatment of interview notes—that is, notes taken by lawyers from interviews with individuals within an organisation with first-hand knowledge of the potential misconduct or related subjects.

In the US, federal prosecutors may not consider a company to be non-cooperative (or even less cooperative) based on a decision to assert privilege or work product protection, including over interview notes.

By contrast, in the UK, the Guidance makes clear that companies will only get co-operation credit for sharing witness accounts if they also produce copies of any recordings or notes of interviews—even if the company considers those materials  to be privileged. As already noted, companies should still be able to claim cooperation credit in other areas—but whether the SFO will expect companies to do more in other areas to ‘make up’ for not obtaining a credit for waiving privilege in witness materials remains to be seen.  

This will be a difficult strategic decision for many companies to make. There  is the risk that providing privileged materials to the SFO – even on a limited waiver basis – could impact the privilege protections available in other jurisdictions, potentially bringing the documents within reach of prosecutors, regulators or civil litigants when they might otherwise have been protected. For companies facing possible exposure to both the SFO and DOJ, this can in many circumstances be an impossible circle to square—such that some companies will choose not to waive privilege in the UK precisely because of their US concerns. 

This is an important issue that must be assessed individually in each case, based on the facts, the interest of other authorities, other legal exposures and the nature of the claim to privilege.  Unfortunately, the Guidance does not wrestle with the practical implications for companies  the different approaches to privilege across jurisdictions and the potential collateral effect elsewhere of a waiver in the UK. 

Verdict:  greater transparency, but unanswered questions

Overall, Boards wrestling with what to do about investigations should welcome the Guidance as providing a helpful codification of the SFO’s expectations for co-operation.  Even though companies may find some of the specific points challenging, the new level of transparency with which the SFO has set out its expectations will make it easier for Boards accurately to consider the potential costs of co-operation as a factor in their response strategy.

With that said, the Guidance is notably silent on some important topics that are highly relevant to a company’s decision about whether and how to co-operate with the SFO.  

For example—and in contrast to recent guidance issued by the French authorities as well as the DOJ’s policy against ‘piling on’—the Guidance does not mention whether or how the SFO will take into account the competing incentives a company may face from authorities in jurisdictions other than the UK.  This is a particularly curious omission given the emphasis in recent speeches by SFO personnel on ever-closer cross-border co-operation, and the fact that it is a perennial area of difficulty for Boards and in-house counsel faced with allegations of potential criminal conduct.  

Further, the Guidance does not discuss how the SFO will take a company’s remedial efforts into account during an investigation, whether in the context of assessing co-operation or otherwise.  This is a particularly notable omission, not only because voluntary remedial action is very often an appropriate consequence of investigations, but also because remediation is specifically identified in the DPA Code of Practice as a relevant element of co-operation that the SFO must take into account when deciding whether to seek a DPA as an alternative to prosecution.  This is again in contrast to the position in the US, where DOJ have been much clearer about how its prosecutors will evaluate remediation, including in the context of corporate compliance programmes.   One explanation for the difference may be that, because there is no ‘adequate procedures’ defence to US corporate crimes, DOJ has more room to issue guidance on the topic of compliance without affecting the legal position it may take in future prosecutions. 

Finally, a third relevant topic on which the Guidance is silent is the extent and nature of ‘credit’ available to a genuinely co-operative company.  This contrasts most strikingly with DOJ’s FCPA Corporate Enforcement Policy , which sets out the presumption of a declination or, alternatively, specific reductions in penalties for companies that self-report, co-operate fully, and take appropriate remedial action.  

It therefore remains to be seen whether the SFO’s treatment of co-operating companies will go far enough to incentivise the kind of behaviour that the SFO would like to encourage.  With that said, this is not necessarily unexpected given we are still in the early stages of a radically different approach to corporate crime in the United Kingdom.  Both the DPA as a tool to resolve criminal allegations and the concept of corporate liability for ‘failure to prevent’ criminal activity are still relatively new, and in this context it is understandable that the concrete benefit of corporate co-operation within this framework remains under development, including by the SFO.     

***

If you would like to discuss any of these issues please do contact your usual Freshfields contact or a member of our global corporate crime team. 

With thanks to Daniel Braun, partner in our Washington DC office, and Olivia Radin, partner in our New York office, for their assistance with this article.