The SFO's 10th DPA – the price of right (and wrong) – Part 2

Second instalment

This blog post continues our discussion of the Serious Fraud Office’s (SFO) deferred prosecution agreement (DPA) with an English engineering company. 

As mentioned in the previous instalment, this DPA is part of a global settlement pursuant to which the company agreed to pay a total of $177m to resolve investigations by UK, US and Brazilian authorities.

Our first blog post on this topic examined Edis LJ’s characterisation of the legacy business’ criminal conduct. As a reminder, Edis LJ noted that the conduct was particularly egregious and discussed it within the context of the ethical drivers of self-reporting.

This second instalment reflects on the fact that the criminal conduct was unusually far-removed from the company as it exists today. This proved to be significant in Edis LJ’s judgment. Indeed, Edis LJ suggests that this was the most significant factor in deciding whether or not to approve this DPA. We will in parallel consider a few practical implications for companies.

'Twice-removed'

A striking feature of this judgment is the distance between the conduct being resolved and the entity that will ultimately bear the consequences of that conduct through the terms of the DPA. That company is described by Edis LJ as 'twice-removed' from the criminal conduct: the successor of not one, but two corporate acquisitions (in 2014 and 2017). It is significant because the ultimate successor company, as an innocent party, will bear the burden of the DPA, whilst the former corporate entity has changed dramatically since these acquisitions and employees involved in the relevant conduct are said to have since left the group.

However, it is not just the passage of time that creates the distance in this resolution. Edis LJ notes that the first acquirer of the relevant business did not appear to be aware of the conduct when it purchased the legacy business in October 2014. Similarly, when the second acquisition took place in October 2017, the ultimate successor company, whilst conscious of a potential investigation, did not appear to appreciate or be wilfully blind to the conduct and its potential consequences, as it did not discount its purchase price to reflect a potential penalty.

Prosecutors in the US and France have also been looking at this issue of legacy business.  For instance, Beam Suntory Inc. (Beam) was criticised by the US Department of Justice in October 2020 in a $19m enforcement action. Beam was pulled up for not conducting thorough due diligence, either pre or post-transaction, when it acquired Beam Global Spirits & Wine (India) Private Limited ('Beam India'). The SFO’s treatment of the company in this tenth DPA echoes the US Department of Justice’s approach that calls for thorough due diligence where feasible. Likewise, in Europe, the Criminal Division of France’s Supreme Court ruled in November 2020 that acquirers may be held criminally responsible for the acts of an acquired subsidiary in certain circumstances.

Edis LJ also makes much of the fact that the current company is both under entirely new management and that none of the individuals complicit in the activity remain within or connected to the organisation. This contrasts with the case in Beam, in which existing management of Beam India were retained without any risk assessment, diligence or anti-corruption training.

For LJ Edis, this was an 'extremely important part' of this DPA. Not only did it result in a meaningful reduction of the financial penalty, Edis LJ emphasises that the DPA would not have gone ahead if the criminal activity were not so remote from the corporate in its present form.

This emphasis on a change in a company’s culture continues a thread that was introduced in the DPA with Sarclad Limited in 2016. Cultural change in a company is an important factor when considering whether a DPA is appropriate and something that features heavily in the external communications about DPAs from senior SFO officers. Effectively, this means in practice that a court will consider whether the leadership of the organisation is the same as it was at the time of the misconduct; and separately, whether responsible individuals are appropriately held to account, all feeding into the question of the degree of confidence that exists that the same issues will not happen again.

In a corporate acquisition or investment context, there is a reassuring message here. If you buy a problem, even if reprehensible, with an innocent mind, then a DPA is not off the table. Indeed, an innocent mind will be a significant factor taken into account by authorities down the line. As such the 'moral' actions of a board that subsequently becomes aware of an issue are distinct from those of the board that presided over a problem, and the people who were protagonists of it.

At least four things appear relevant to the judge’s assessment of the suitability of the current form of the company to participate in a DPA: 

1. management had completely turned over; 
2. the individual perpetrators had exited the company; 
3. the buyers had done reasonable diligence and not identified a concrete problem; and
4. perhaps most importantly, management had independently of the issue (of which they were unaware) implemented a new ethical culture and compliance program.

The issues discussed in this blog will remain relevant as the global economy and M&A market begin to rebound from COVID-19. In some sectors, this may lead to a sellers’ market, with curtailed deal schedules and less time to conduct diligence. Against this background, it is vital for every acquirer engaging in cross-border M&A to develop a compliance risk strategy through a combination of diligence, risk assessment and integration efforts.

Again, the importance of post-acquisition integration and compliance enhancement (whether driven by a concrete concern, or more prophylactically) is not a surprise – this has been a theme of guidance for some time. However, this is a practical, rather than abstract, example for corporates and investors of the impact that reviewing their practices of post-acquisition or post-investment compliance enhancement can have. Those practices might prevent a problem completely, but if they have an unwelcome surprise and such a problem arises anyway, then they have value in that context as well.

Further questions?

This instalment draws to a close our two-part blog series on the SFO’s 10th DPA. If you would like to discuss this DPA, its lessons for your organisation or any other issues relating to corporate crime, please do get in touch with the Freshfields corporate crime team or your usual Freshfields contact.