The with backdrop of a global pandemic, John Hartley looks at the modern structure of global corporate investigations.
It is a small world and getting smaller. The speed at which COVID-19 spread across the world when most easily transmitted by being within two meters of each other is a clear indication of just how small the world is getting. In the United Kingdom, early contact tracing showed that one of the initial clusters of cases came from one person’s short overseas conference in Singapore. Businesses and networks operate on a global scale with an incredibly high volume of interaction, preferably in person. So, with the backdrop of this in mind it highlights the fact that the world is connected by more than just transport links. Parent companies, subsidiaries, branch offices, non-governmental organizations (NGOs) and global high net worth individuals are littered around the globe—all vying for success and indeed survival. All governed by different frameworks of legislation.
Conducting a cross-border investigation is one of the biggest challenges facing corporations and law enforcement today. There are obstacles at every step of a cross-border investigation, including initially receiving a claim or allegation; complying with foreign data privacy laws; using the appropriate staff and resources; respecting diverse employee rights; and remediating across borders. Understanding the pitfalls can help companies avoid critical missteps. In a global economy, cross jurisdictional investigations are on the increase and set to remain so.
What was very interesting during the recent pandemic was to see a decline of internal investigations. Initially, of course, this was to be expected, with the speed of the global lockdown and new ways of remote working being adopted. However, as the world started to adapt to the various online platforms the investigations did not really seem to pick up. From a law enforcement perspective, it was the perfect opportunity to sieve through the existing backlog of cases and to “clear the decks.” However, the internal investigations seemed to stay relatively quiet despite the availability of technology to allow interviews and document reviews. This is indicative perhaps of the need to physically sit opposite someone and gauge their reactions rather than the interviewee being able to disable their camera. However, it also is not conducive to allow certain activity to go unchecked and the longer it may go on, the greater the risks to the company.
Director of the Serious Fraud Office (SFO), Lisa Osofsky, remains committed to shoring up the fragile relationships with the American counterparts. A US citizen herself, undertaking one of the toughest prosecution roles in Europe, she knows how important it will be to have a good working relationship—both above and below the surface. “Our kinds of cases are becoming increasingly multijurisdictional and complex, so cooperation to achieve global settlements like Rolls-Royce are ever more important. Strengthening and deepening the relationships that make this happen is going to be a major focus for me.”
To this end, in 2016 the Department of Justice (DOJ) had a lawyer seconded to the SFO specifically to work on US cases and in 2018 Osofsky recruited Peter Pope, the US-qualified co-head of Jenner and Block’s London investigations practice, on secondment to “assist with building and consolidating relationships with authorities in jurisdictions and to act as an adviser in case reviews on compliance issues.” These initiatives particularly assist with informal intelligence sharing and are set to continue along the same trajectory.
In the United States it is the Federal Bureau of Investigation (FBI) that predominantly takes the lead in investigating white collar crime and liaises with other agencies such as the Internal Revenue Service (IRS) and Securities and Exchange Commission (SEC). The FBI considers international cooperation an essential part of its framework when investigating complex, cross jurisdictional money laundering matters.
This move towards a more collaborative approach between US and UK enforcement agencies is demonstrated by the following cases.
- Loyal Bank Ltd—Conspiracy to defraud the United States by failing to comply with the Foreign Account Tax Compliance Act (FATCA). The investigation involved assistance from the City of London Police, the UK’s Financial Conduct Authority and the Hungarian National Bureau of Investigation, in addition to US authorities.
- LIBOR & EURIBOR—Conspiracy related to manipulating the LIBOR global benchmark rate. Authorities in the United States and United Kingdom participated in the expansive investigation of numerous global financial institutions leading to the convictions of several traders and vast fines.
- WT Consulting Group—An SEC investigation into securities fraud and conspiracy to commit securities fraud charges for manipulating the share price of HD View 360. Joint investigation of UK-based Beaufort Securities conducted by US and UK authorities.
- TFS-ICAP—–UK-based brokerage firm TFSICAP Ltd. and its US-based affiliate, TFS-ICAP LLC pleaded guilty to a misdemeanor violation of the Martin Act for posting fake trades in emerging market forex currency options.
- Danske Bank—On October 4, 2018, Danske Bank disclosed that it had received requests for information from the DOJ in connection with suspicious payments of up to €200 billion ($230 billion) that were authorized by its Estonian branch between 2007 and 2015. In September 2018, Danske Bank published an independent report that disclosed multiple failings in its money laundering controls. The findings led authorities in Denmark and the United Kingdom to open criminal investigations into the Danish bank.
With an increase around the globe of sanctions and more “domestic” legislation now containing extra-territorial clauses it is imperative that companies with links in different jurisdictions have a clear understanding of the law and enforcement approach in each. Corporations and their advisers should aim to achieve coordination between the relevant enforcement agencies as far as possible, and clear agreements between them as to relevant subject matter disclosures.
Directors Duties and Liabilities in a Global Market
There is a high degree of commonality with how directors are treated in different jurisdictions. Certainly, in the United Kingdom there has been a trend towards increasing personal accountability for company directors. For years insolvency practitioners have been able to attempt to claw back any payments that may not have been for the benefit of the company, and the new Finance Act 2020 will give Her Majesty’s Revenue and Customs (HMRC) the power to recover any taxes personally from a director in cases of tax avoidance or evasion. It is understood that directors themselves also may be liable personally for any company wrongly claiming COVID-19 bail out and job retention funds.
It is also true that in the United Kingdom, many offenses under the Companies Act can hold a director personally liable with potentially unlimited fines.
The modern view is that risk exists both within and without an organization, and directors must consider not only internal compliance but also the fluctuating risk posed by contextual threats. Although issues raised by COVID-19 may not have been fully anticipated, companies should have reacted to the increased possibility of fraud, bribery and corruption. If your business was, for example, concerned in a personal protective equipment (PPE) supply chain, then an enhanced risk assessment may well have been sensible. Good management of risk may enhance the value of the business and make it more competitive. Positive engagement, regular review, follow up and attention to detail are required here, as is good recordkeeping.
While directors can rely on expert advice and day-to-day compliance can be delegated to appropriate levels, responsibility always remains with the board and must be regularly reviewed, action taken and followed up. The whole board is responsible for this, not merely the director individually charged with administration of relevant areas. Reviews must be thorough, frequent, and relevant, because these days, demonstration of compliance depends on evidence of audited risk assessment, which is regularly reviewed, and commitment to achieving compliant outcomes.
With an increased emphasis on corporate responsibility, companies must be proactive and seek advice on, and implement where necessary, prevention policies (such as bribery, tax evasion, and slavery). Indeed, if there is no policy in place there must have been a consideration by the board as to why not.
The personal penalties for a director can be significant and it is surprising how little is known of them. Taking the UK Bribery Act as an example, the personal penalties can be:
Up to 10 years imprisonment;
Automatic debarment from tendering for public contracts; or
Financial investigation (confiscation proceedings) under the Proceeds of Crime Act.
Individuals investigated in the United States under the Foreign Corrupt Practices Act (FCPA) can be subject to even greater fines and lengths of imprisonment.
Key UK Law Enforcement Authorities with Extra-Territorial Reach
- The Serious Fraud Office (SFO)—Set up with special powers under the Criminal Justice Act 1987 for the investigation and prosecution of large and complex corporate fraud and corruption. Unusually for UK law enforcement agencies, it combines investigative and prosecution functions. The Bribery Act 2010 sets out the offences which, even if they occur overseas, may be tried in the United Kingdom. This is similar in nature to the FCPA.
- National Crime Agency (NCA)—The NCA can use extensive civil recovery powers where there is no ability to do so in criminal cases. The NCA often are engaged to freeze or recover assets in the United Kingdom under the Proceeds of Crime Act in cases linked to Sanctions breaches.
- Her Majesty’s Revenue and Customs—Investigates tax-related offending, which is then prosecuted by the Crown Prosecution Service (CPS). The Criminal Finance Act 2017 introduced legislation (similar to the FATCA) which allows the agency to investigate offshore entities associated with UK tax evasion.
- Financial Conduct Authority (FCA)—The regulator of the financial services industry. As a regulator, the FCA can impose civil sanctions for misconduct, but also may prosecute regulated firms or individuals for specific market-related offences, such as insider trading and market manipulation. Frequently, cases involving global financial services companies fall within the scope of both the FCA and the SEC and there is a high degree of information sharing as seen in the London Inter-Bank Offered Rate (LIBOR) and Euro Interbank Offered Rate (EURIBOR) investigations.
- UK Office of Financial Sanctions Implementation (OFSI)—Although not a prosecutor, OFSI has significant additional powers to impose financial penalties for breaches of financial sanctions measures. In cases where an investigation is warranted the NCA will do so.
Difficulties in Cross Jurisdictional Investigations
When interest is piqued from multiple jurisdictions in the same misconduct, there will inevitably be significant cause for disagreements and conflict between the respective enforcement agencies.
Notwithstanding the existence of treaties such as the Hague Convention, some agencies will still use official diplomatic channels and tools such as a Letter Rogatory or a formal request for Mutual Legal Assistance. Such requests flow through the Foreign Office as opposed to contacting an enforcement agency directly. The fierce competition between authorities cannot be overlooked. Often, particularly in regulated sectors, you can add in even further layers of investigatory bodies—each considering different perspectives and having a different agenda. However, it is fairly well established that local investigators will conduct interviews with any suspects or witnesses in their jurisdiction.
We have seen many examples however of cases being investigated ‘quietly’ without formally notifying the local law enforcement agency just in case it might trigger a separate investigation that might in any other scenario take precedence and therefore cause a delay.
Cross jurisdictional investigations take a very long time—that is a fact. The SFO’s ill-fated investigation into Barclays alleged Qatar bribery took five years. The SFO recently has announced charges being brought against an Airbus subsidiary, GPT Special Project Management, nearly 10 years after allegations were made.
Aside from the voluminous task of examining material, considerations around how witnesses and potential suspects are treated can also create discord between enforcement agencies. If one agency takes one stance this may have a severe effect on the ability of another agency to carry out its own investigations. Such issues can be deeply contentious. In the United Kingdom, generally speaking, if a person is compelled to answer questions then they are unlikely to be a defendant in criminal proceedings as it would be prejudicial to use a compelled statement as evidence. In practice, complications can arise when such an individual later becomes a suspect in a criminal investigation and other agencies may want to prosecute that same person. Such issues and frictions arose in the LIBOR series of cases that led to prior convictions being quashed on appeal.
Similarly, there can be significant tension around extradition for prosecutions. When involved in the EURIBOR prosecutions we saw the German and French courts refusing to agree to the extradition of certain individuals, pre-charge, to the United Kingdom by indicating that there was no mutually recognized offense.
A right of silence does not apply when an authority such as the SFO or FCA exercises specific statutory powers by issuing a notice compelling a witness to answer questions or produce documents. The same is true if a foreign agency is using this route to gather local information and material.
Frequently corporations will be expected to respond to inquiries simultaneously from agencies inside and outside the United Kingdom, and there are no general, formal rights on the part of a company to seek to stay a UK investigation pending the outcome of a foreign investigation or set of criminal proceedings that may have commenced prior to the UK law enforcement agencies becoming involved.
There is no UK policy analogous to the ‘antipiling on’ policy that exists in the United States. However, in situations of concurrent jurisdiction, there are memoranda of understanding between the various law enforcement and regulatory authorities in the United Kingdom. These provide a framework for co-operation between organizations that have (or may have) jurisdiction to prosecute an offense and for determining ‘primacy’ to investigate and prosecute offenses.
From a defense point of view, such interagency rivalries can provide opportunities. A legal team representing an individual under investigation by agencies in more than one country should be taking time to assess the potential conflicts between the investigators in order to determine the best course of action. We saw the competing interests of various parties in the case of Tom Hayes, the UBS trader convicted in the United Kingdom of manipulating LIBOR. Hayes was also charged in the United States for the same offenses and in order to avoid extradition to the United States he initially sought to assist the UK authorities.
As a result of the increase in cross-border cooperation and coordination, it has to be said that focus on the FCPA alone is inadequate for companies that may be subject to anti-corruption laws in multiple jurisdictions because legal requirements differ from country to country. For example, both the FCPA and the United Kingdom’s Bribery Act prohibit offering or paying bribes to foreign officials, but only the latter prohibits commercial or private sector bribery and agreeing to receive bribes.
Production of Documents
The SFO may investigate any suspected offense that appears to the Director on reasonable grounds to involve serious or complex fraud. The SFO’s powers to compel the production of evidence under Section 2 of the Criminal Justice Act 1987 can be exercised in any case in which it appears to the director that there is good reason to do so for the purpose of investigating the affairs, or any aspect of the affairs, of any person. This tool can be used, as highlighted above, by any foreign jurisdiction who requests mutual legal assistance.
Additionally, and only in relation to possible bribery and corruption with an international dimension, the SFO may apply the even lower test under Section 2A of the Criminal Justice Act 1987 of whether there is an ‘appearance’ that bribery and corruption may have taken place to initiate a preinvestigation (and use its powers under Section 2 to determine whether a formal investigation should be undertaken). Therefore, the Section 2A powers can only be exercised for the purpose of enabling the SFO to decide whether to open a formal investigation.
In the case of The Queen on the Application of KBR Inc v. The Director of the Serious Fraud Office, the High Court clarified its position concerning the SFO’s powers to compel the production of documents held outside of the United Kingdom by companies incorporated outside of the United Kingdom.6 The court held that the SFO may compel the disclosure of documents held overseas by foreign companies where there is a “sufficient connection” to the United Kingdom.
Whether, when, and how a company should report potential misconduct requires an increasingly global perspective in all senses of the risks and benefits involved. Around the world enforcement actions in relation to bribery, money laundering, tax evasion, and the #metoo movement are continuing to rise and international co-operation between authorities has never been higher on the agenda.
Many jurisdictions are moving towards Deferred Prosecution Agreements (DPAs) and protected whistleblowing regimes, as part of a general and growing trend towards incentivizing corporate self-reporting.
Key benefits of self-reporting include the ability to manage the timing and content of the information being provided to the authorities, the potential for securing a DPA (or other negotiated settlement), reducing any financial penalties, minimizing or managing reputational fallout, and achieving an earlier and more predictable resolution than may otherwise be possible.
Particular risks include potential disruptive and damaging action by investigating authorities, damage to share prices, the removal or suspension of senior management, costly internal investigations, regulator involvement and the potential loss or waiver of privilege over key material. The still relatively small body of DPAs, together with guidance setting out the circumstances in which they will be contemplated and entered into, provide some direction as to whether self-reporting may produce a negotiated outcome.
All these considerations play out against the backdrop of an obvious tension between self-reporting with the mitigation of speedy co-operation on the one hand and taking the time to investigate an allegation sufficiently to understand whether, when and what to report on the other.
The Court of Appeal’s 2018 decision in The Director of the Serious Fraud Office v. Eurasian Natural Resources Corporation Ltd (ENRC) emphasizes the importance (for the purposes of asserting legal privilege) of recording clearly and in good time the points at which a firm considers that it is involved in the self-reporting process and that litigation or criminal prosecution is in reasonable contemplation.
The Court of Appeal held that documents prepared for ENRC by counsel during an internal investigation were protected by litigation privilege, thereby prohibiting the SFO from compelling ENRC to produce these documents. Although the decision preserves privilege over interview notes and other internal investigation documents, companies conducting internal investigations should still adopt a cautious approach.
Effective self-reporting will clearly indicate a good corporate culture. Companies that have taken the necessary steps to institute a good culture supported by robust protocols will expect that any matters involving wrongdoing are quickly reported internally via its whistleblowing procedures and escalated and reported to the relevant authorities, as appropriate.
Companies often think that choosing to selfreport will enable them to retain control over the information that they disclose. In practice, however, the SFO and FCA’s insistence on effective and complete self-reporting means that companies will have to provide as complete an account as possible of the wrongdoing concerned, and hand over any investigative work-product already created.
Public companies also will have to give careful consideration to their obligations to make market announcements. Given the stance adopted in the United Kingdom perhaps the only true benefit to self-reporting is that the corporation has some control over the timetable (as compared, for instance, with a dawn raid) and is therefore able (having taken advice on any market abuse risks) to notify key stakeholders of the self-report and to prepare an appropriate media strategy.
Self-reporting to a regulator in one jurisdiction may draw the attention of other regulators, domestically or abroad. Matters are frequently complicated because the benefits and risks of reporting are seldom consistent or certain across jurisdictions, and authorities in different countries seldom have the same procedures, techniques or demands in conducting their investigations and taking enforcement action.
Companies increasingly choose to co-operate with regulators and enforcement bodies, in some cases very extensively. In some cases, this is just a matter of being a good corporate citizen and maintaining integrity and credibility in the eyes of stakeholders, government, and the general public.
Sometimes there will be considerable stakeholder pressure (for example, from a new board or shareholders), and sometimes there is an ongoing relationship with the investigating authority to think about.
Companies are increasingly expected to co-operate with regulatory agencies and criminal authorities, even when such co-operation is voluntary. The DPAs companies have entered into with the SFO demonstrate this expectation.
In addition to considering whether and when to notify any relevant authorities, the company also will have to assess whether it would be in its interests to conduct an internal investigation. Internal investigations are of course not infringed by borders or jurisdiction, but it remains an important decision as, once commenced, an internal investigation can be difficult to stop or limit without damaging the company’s credibility. Likewise, if no investigation was commenced when there was such an opportunity then this too could reflect poorly— particularly if the matter ends up being considered for a DPA.
Should an enforcement agency become involved then this may limit the scope of any possible internal investigation as the authorities may seize material, prohibit the company from conducting interviews, or require the company to delay until after the authority has interviewed the individuals concerned. In recent years there has been considerable scrutiny over legal privilege as to what aspects of an internal investigation may be provided to an enforcement agency.
In UK law, there are generally no formal legal obligations on a company to conduct an internal investigation into its own affairs. However, conduct rules applicable to some companies by the bodies that regulate them may mean an internal investigation is strongly recommended or even required. Directors also owe a duty to exercise reasonable care, skill and diligence which may have considerable bearing if a matter came to light that could potentially cause concern.
Generally, from an effective compliance perspective, a company should always investigate an issue as soon as it comes to light, in order to enable the company to take the necessary steps.
Alongside the decision as to whether and when to conduct an internal investigation is the decision as to whether to instruct external legal counsel to advise on or even take conduct. In addition to providing investigations expertise and increased resources, the engagement of external counsel can also bolster the independence of the investigation, which is important in a criminal or regulatory context, and provide an external viewpoint to balance the views of internal stakeholders.
The European Union, United Kingdom, United States, and many other countries all operate a sanction list of designated countries, entities, and individuals. Generally speaking, any name on a respective list will have their assets frozen and it will be an offense to assist anyone on the list to circumvent a sanction.
In the United Kingdom the lists are overseen by the Office of Financial Sanctions Implementation (OFSI) and in the United States by the Office of Foreign Asset Control (OFAC).
On July 6, 2020, the United Kingdom introduced its first ever autonomous sanctions regime under the Sanctions and Anti-Money Laundering Act 2018. The first sanctions under the “Magnitsky regime” target certain Saudi citizens allegedly involved in the murder of Jamal Khashoggi. Further UK regimes will be introduced on December 31, 2020.
These Magnitsky sanctions are to address human rights abuses and introduce a level accountability for human rights breaches. The UK sanctions will include asset freezes and travel bans. The legislation will allow the sanctions to be used all over the world, on an individual and any of their connected entities.
Should it transpire that a designated person or entity is attempting to conduct business then an enforcement agency (the NCA in the United Kingdom) will take action and intervene—most commonly freezing assets and bank accounts under the Proceeds of Crime Act while an investigation is commenced as to whether civil recovery proceedings criminal charges should be brought.
In recent times we have seen an uptick in purchase agreements and shareholder agreements making reference to a company being liable for ensuring compliance with “global economic sanction laws.” Therefore, while not overseen by any enforcement agency, it is clear that businesses and those entering into shareholder agreements are very wary of being embroiled in a sanctions related issue, thus placing an extra burden on the directors and management.
Immunity and Leniency
There is the possibility of immunity or leniency for individuals who assist or co-operate in the investigation or prosecution of criminal offenses in the United Kingdom.
Section 71 of the Serious Organised Crime and Police Act 2005 (SOCPA) allows certain prosecutors, including the SFO, to grant any person immunity from prosecution in England and Wales or Northern Ireland by issuing a written immunity notice. The immunity notice, which will specify the criminal offenses for which no proceedings can be brought, ceases to have effect if the person fails to comply with the conditions contained in the notice. The use of Section 71 is very rare.
Section 73 of SOCPA provides a slightly more common approach that offers an incentive of a reduced sentence to defendants who provide assistance to an investigator or prosecutor, provided a guilty plea has been tendered.
UK authorities are increasingly participating in global settlements, particularly with their US counterparts. The most significant global fine levied in recent times is the $4bn agreement with Airbus which followed a four-year investigation by the United Kingdom, France, and the United States. This agreement was endorsed by the United Kingdom’s High Court in January 2020.
It may be too early to identify any trends, although one distinct feature has emerged that is the central role of the UK judiciary. The DPA model introduced in the United Kingdom departs significantly from its US counterpart by being conditional on substantial judicial review and approval—not simply a rubber stamp.
The increase in international cooperation is set to feed the upturn in agencies working together to coordinate sanctions against companies where criminal activity has been committed in multiple jurisdictions. Before the Airbus settlement above, Rolls-Royce reached an agreement with the SFO, DOJ, and Brazilian authorities, with the DPA requiring the company to assist domestic and foreign
law enforcement agencies in the future and acknowledged that Rolls-Royce may face further proceedings in countries not covered by the settlement.
Companies facing proceedings in more than one jurisdiction could seek to settle each set of proceedings individually, but the idea behind a global settlement is to coordinate these negotiations. In theory, a global settlement should be a win-win scenario for both the company and the investigating authorities. The attractiveness of a settlement is likely to vary considerably depending on the form of settlement available, for example, the advantages to a company of agreeing to a DPA in the United Kingdom are likely to be very far removed from the advantages of agreeing to a DPA in the United States.
Cooperation and coordination among regulatory authorities across borders is likely to continue and expand just as much as the extra-territorial reach of lawmakers. Company structures are becoming more and more complex and intertwined with local economies, and the legislation needs to keep up. Given the developments in (and the global expansion of ) anti-corruption laws, companies need to keep abreast and determine which measures apply to their operations, examine their compliance programs and develop the relevant policies and training programs to enable company personnel to meet compliance requirements. Key to this too is conducting the appropriate due diligence on any foreign acquisition. The responsibility of all the above is largely shouldered by the board even where day-to-day management of policy implementation is delegated to management.
At each stage of a cross-border investigation, there are unique challenges that require forethought and planning to manage the risks and to respond swiftly and appropriately. No longer can companies rely on procedures and resources used for domestic investigations. Instead, they must be customized to comply with different local laws and to respect diverse cultures and customs. When allegations can arise from almost anywhere around the world, at any time, and in virtually any language, every company must act now to ensure it is adequately prepared for the challenge.
First published by The Investment Lawyer in October 2020