The U.K. Serious Fraud Office’s Historic Deferred Prosecution Agreement Resolving Bribery Act Charges

Stay up-to-date with the latest developments in securities law through access to both news and all statutes and regulations. Find relevant corporate filings through a searchable EDGAR database. And...

By Sunil Gadhia, Jonathan Kelly, Breon Peace and Jennifer Kennedy Park, of Cleary Gottlieb Steen Hamilton LLP.

On November 30, 2015, the U.K. Serious Fraud Office (SFO) settled bribery charges against ICBC Standard Bank PLC (Standard Bank).

The settlement was historic for two reasons:

• it was the first time ever that the SFO had entered into a Deferred Prosecution Agreement (DPA), and

• it was the first notable outcome for the SFO for an offence of failure of a commercial organisation to prevent bribery.

What Does It Mean for You?

These developments should be of particular note to those in senior business roles, risk and legal management and those responsible for internal corporate compliance programmes within businesses that fall within the wide jurisdictional ambit of the U.K. Bribery Act 2010 , as well as those who are or may be engaged in bribery-related investigations in the U.K. or abroad.

The decision provides important guidance and substance as to one of the key features of the Bribery Act 2010. After a great deal of anxious commentary about the “systems and controls” offence at the time the legislation was introduced, and a relatively long gestation period since then, this case provides the market with guidance on what to do, what not to do, and the sanctions if you get it wrong.

Board members, and those that advise them, will need to take careful note. They will need to benchmark closely and objectively their own systems, controls and procedures against Standard Bank's experience.

The settlement marks the first time that the SFO has utilised the DPA procedure, which enables it to resolve prosecutions of corporations, partnerships and unincorporated associations (but not individuals) by deferring prosecution of the offender, imposing penalties broadly equivalent to what would be expected in the event of a guilty plea, and dismissing criminal charges at the end of the period of deferral, provided that all conditions of the agreement have been complied with.

While DPAs have been a common tool for resolving corporate prosecutions in the United States for at least 20 years, they have also increasingly become the target of critics who assert that they are inappropriately used in cases that should more appropriately be resolved through a guilty plea or conviction. With the Standard Bank settlement, the U.K. enters the fray -- and the SFO has indicated that it will be increasingly interested in resolving corporate criminal cases through DPAs.

Whilst the fact that this is the first U.K. DPA case is eye-catching, of more practical significance for businesses is what they should learn from the first significant case in which the SFO has concluded a case under Section 7 Bribery Act 2010, which criminalises a business's failure to prevent bribery. There is a comparatively short history of prosecutions by the SFO under the Bribery Act -- the first convictions, of two individuals engaged in a 23 million pound (U.S.$34.3 million) biofuel scam, were in December 2014 -- but the SFO has been vocal about taking a more aggressive posture with respect to prosecution of bribery. The Standard Bank settlement is a significant development in those efforts, and the case merits close study in order to capture important learning points.

Background -- Tanzanian Bribes

The case arose after Standard Bank identified and self-reported an incident arising from a fundraising transaction for the Government of Tanzania jointly led by Standard Bank and its sister company, Stanbic Bank Tanzania Limited. Stanbic had agreed to pay U.S.$6 million to a company called EGMA, which counted among its shareholders the Commissioner of the Tanzania Revenue Authority and the former CEO of the Tanzanian Capital Markets and Securities Authority. According to the SFO, the payments were made with the intention of influencing representatives of the Government of Tanzania to improperly show favour to Standard Bank in the process of appointing it to act on the transaction. The fee charged to the Government of Tanzania was increased by U.S.$6 million to meet the cost of the bribe. The “vast majority” of the payments were withdrawn in large cash amounts from EGMA's account with Stanbic and, accordingly, could not be traced further.

Under the DPA, to resolve its liability under the Bribery Act, Standard Bank was required to agree to a statement of facts and admit its truth; pay penalties of over U.S.$30 million, comprising compensation of U.S.$6 million plus interest, a financial penalty of U.S.$16.8 million and disgorgement of profits of U.S.$8.4 million; commission an independent review of its anti-bribery and anti-corruption controls; and continue to co-operate fully with the SFO and, as directed by the SFO, any other agency or authority, domestic or foreign, and multilateral development banks, in any and all matters relating to the matters at issue.

In return, the SFO agreed to suspend the indictment for three years and, thereafter, discontinue it, subject to compliance by Standard Bank with the terms of the DPA.

Section 7 Bribery Act 2010 -- The Importance of Corporate Compliance

The corporate offence of failure to prevent bribery adopts a rather unusual structure, under which an organisation is deemed to be guilty of an offence if a person associated with it pays a bribe, unless the entity can prove that it has in place adequate procedures designed to prevent bribery.

Specifically, Section 7 reads as follows:

(1) A relevant commercial organisation (“C”) is guilty of an offence under this section if a person (“A”) associated with C bribes another person intending --

(a) to obtain or retain business for C, or

(b) to obtain or retain an advantage in the conduct of business for C.

(2) But it is a defence for C to prove that C had in place adequate procedures designed to prevent persons associated with C from undertaking such conduct.


For these purposes, a “relevant commercial organisation” is a body incorporated in any part of the U.K. and carrying on business anywhere, any body corporate carrying on business in any part of the U.K. wherever incorporated and analogous partnerships.

A person is “associated” with the organisation if it “performs services for or on behalf of” that organisation, and this in turn is to be determined by “reference to all the relevant circumstances”.1 On the facts of this case, it was unsurprising that Standard Bank's sister bank and employees of it who were part of the relevant deal team were “associated” persons for the purposes of the Section 7 offence. However, the scope of “associated” persons whose acts of bribery can give rise to liability for businesses is an area of continuing uncertainty, and it is to be hoped that future cases will shed much needed further light.

It should be noted that the violation of Section 7 is a strict liability offence. There is no requirement to establish any mental element (or mens rea) on the part of the organisation.

The defence under the Bribery Act based on implementation of a corporate compliance programme distinguishes the Bribery Act from, for example, the Foreign Corrupt Practice Act (FCPA) in the United States. While U.S. prosecutors are encouraged to consider the existence of a corporate compliance programme and its adequacy in determining whether to charge a violation of that act, U.S. Justice Department guidance clearly establishes that “[t]he existence of a corporate compliance program, even one that specifically prohibited the very conduct in question, does not absolve the corporation from criminal liability under the doctrine of respondeat superior [i.e., that an employer is responsible for the actions of its employees]”.2

The Deficiencies in Standard Bank’s Compliance Programme

The Statement of Facts accompanying Standard Bank's DPA discusses the bank's compliance control environment in detail, identifying deficiencies in the policies established by Standard Bank (particularly “know your customer” policies), the implementation of those policies through the Standard Bank group, the training received by key employees, and the level of managerial oversight. The deficiencies identified by the SFO point to ways in which other businesses might improve their own policies in order to manage the risk of this type of criminal liability.

In particular, the SFO identified that:

• Standard Bank had in place anti-bribery and anti-corruption policies, but it was not clear that those policies applied to the transactions at issue. In particular, while the bank pointed to its “Introducers and Consultants” policy as evidence of a policy prohibiting the types of payments at issue, “[n]one of the SB deal team thought that [the policy] applied. The policy was not clear. If the policy did apply, it was inadequately communicated to the SB deal team and/or that they were not properly trained to apply the policy in circumstances where a third party was being engaged by its sister company”. The thrust of this particular aspect was the absence of procedures and an understanding of what was required when two entities within the Standard Bank group were involved in a transaction and where one such entity engaged a third party consultant.

• The bank lacked an appropriate framework for identifying transactions in high risk environments and applying enhanced due diligence in those situations; rather, the SFO concluded, Standard Bank adopted a rigid structural approach to due diligence that permitted transactions of this nature to escape detection.

• Although Standard Bank had an internal procedure for escalating and considering transactions with counterparties where there was a risk of money laundering, the procedure was not adhered to with respect to the transactions at issue.

• While Standard Bank had a training programme in place, “the effectiveness ... must be in doubt given that no [Standard Bank] deal team member raised any concern about this transaction”; the SFO also noted that certain of the trainings given on bribery and corruption instructed employees that standard policies did not apply to transactions that were not conducted in the name of the bank or for its own balance sheet, creating ambiguity.


As a result of these deficiencies, the SFO identified, as evidence of the deficiency of Standard Bank's internal controls, the facts that the bank 1) engaged in business in a high risk country and made a significant payment to a third party based solely on a bank account-level “know your customer” check, rather than an enhanced due diligence process; 2) failed to identify or deal adequately with the presence in the transaction of a politically exposed person; 3) focused on the formal structure of the transaction, ignoring the broader risk, and therefore failing to implement appropriate due diligence; and 4) did not employ staff who were “adequately alive to bribery and corruption risks”, including many who were not aware of internal policies that Standard Bank asserted prohibited the conduct in question.

The Hallmarks of an Effective Anti-Bribery Compliance Programme

Businesses -- both in and outside the financial services industry -- should have anti-bribery controls which have been designed and implemented thoughtfully and skillfully. It is not enough that they look good on paper. Employees must understand them and be properly trained on them. The policies in place should withstand scrutiny. Businesses with U.K. and U.S. connections need to keep a close eye on the enforcement landscape and the expectations of law enforcers and regulators in relation to compliance programmes in both jurisdictions.

Authorities in the U.K. and the U.S. have published detailed guidance on what they consider to be effective anti-bribery controls.

In the U.K., whether a corporate compliance programme is adequate to prevent bribery is considered in light of the “Six Principles” established in guidance issued by the Ministry of Justice pursuant to the Bribery Act. The principles are3:

• Proportionate procedures: A commercial organisation's procedures to prevent bribery by persons associated with it are proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisation's activities. They are also clear, practical, accessible, effectively implemented and enforced.

• Top-level commitment: The top-level management of a commercial organisation (be it a board of directors, the owners or any other equivalent body or person) are committed to preventing bribery by persons associated with it. They foster a culture within the organisation in which bribery is never acceptable.

• Risk assessment: The commercial organisation assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented.

• Due diligence: The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.

• Communication (including training): The commercial organisation seeks to ensure that its bribery prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication, including training, that is proportionate to the risks it faces.

• Monitoring and review: The commercial organisation monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.


In the U.S., guidance from the U.S. Justice Department and the U.S. Securities and Exchange Commission explains that evaluation of the adequacy of a compliance programme by those agencies will follow “a common-sense and pragmatic approach … making inquiries related to three basic questions: Is the company's compliance program well designed? Is it being applied in good faith? Does it work?”4 The agencies go on to describe what they consider to be the “hallmarks” of an effective programme.5

For financial institutions in particular, the remarks of Assistant Attorney General Leslie Caldwell of the U.S. Justice Department in a speech on March 16, 2015, provide detailed and valuable guidance on the Justice Department's expectations in relation to effective compliance programs.6

Deferred Prosecution Agreements -- The Crime and Courts Act 2013

The ability of the SFO to enter into a DPA is governed by Section 45 and Schedule 17 Crime and Courts Act 20137 .

At a high level, the following are the key features of a DPA under English law:

• DPAs can be used to resolve criminal cases only against companies, partnerships and unincorporated associations (not individuals), and are available only for certain offences, which are primarily economic in nature (including, for example, fraud, certain tax offences, forgery, certain offences under the Financial Services and Markets Act 2000, certain offences under the Proceeds of Crime Act 2000);

• Prosecutors have unfettered discretion to decline to resolve a prosecution through a DPA; on the other hand, where a DPA is pursued, it is subject to court approval;

• A DPA must be approved by the Crown Court pursuant to a declaration that the DPA is in the interests of justice and is fair, reasonable and proportionate; and

• The amount of any financial penalty must be broadly comparable to the fine a court would have imposed on conviction for the alleged offence following a guilty plea.


The Prosecutor’s Discretion in Deciding Whether to Use a DPA

Pursuant to the Crime and Courts Act 2013, the Crown Prosecution Service (CPS) and the SFO have published formal guidance for prosecutors to use in considering whether to dispose of a case via a DPA, and the procedure to follow to do so.8 That guidance emphasises that a criminal defendant does not have the right to demand a DPA, and sets out the factors that weigh in favour of prosecution, and those that weigh against prosecution (and so in favour of a DPA):

Factors Favouring Prosecution:

• a history of similar conduct;

• the alleged conduct is part of the established business practices of the organisation;

• the offence was committed at a time when the organisation had no or an ineffective corporate compliance programme which has not been significantly improved;

• the organisation has previously been warned, sanctioned or charged with an offence but failed to take adequate steps to prevent future unlawful conduct or continued with the conduct;

• failure to notify the wrongdoing within a reasonable time;

• reporting the wrongdoing but failing to verify it, or reporting it knowing or believing it to be inaccurate, misleading or incomplete; and

• significant levels of harm caused by the conduct.


Factors Favouring a DPA:

• a high level of co-operation;

• no history of similar conduct;

• the existence of a proactive corporate compliance programme, both at the time of offending and at the time of reporting, but which failed to be effective in this instance;

• the conduct is an isolated incident, for example, by a rogue director;

• the offending is not recent and the organisation is effectively in a different form (for example, because it has been taken over, the management team has changed or new processes are in place to prevent similar conduct);

• a conviction is likely to have a disproportionate effect on the organisation; and

• a conviction is likely to have collateral effects on third parties.


Co-Operation -- The Indispensable Ingredient

The SFO places particular emphasis on the importance of co-operation. In a speech in March 2015, Ben Morgan, the SFO's Joint Head of Bribery and Corruption, said:

You can expect no credit for doing your minimum legal duty. You don't have to cooperate with us, it is your choice. If you do want to then you have to move beyond that, really make the effort to make our job of investigating a possible crime easier. That is what it takes -- not the “impression of cooperation”, saying one thing while really working a more guarded agenda (we know all about that) but actually helping us, being fully frank and honest with us, as little by little, some companies now are.9


Mr Morgan has made further comments as recently as December 3, 2015, emphasising that co-operation is essentially a non-negotiable pre-requisite for a DPA:

Q: Is cooperation the one factor that would have to be present for a DPA? A: Cooperation, and of course, the gravity of the conduct. I think it probably would to be honest. I am trying to imagine a situation where a company met all the criteria set out in the code, but the company had not worked with us. Even here, I think, the answer is no -- a DPA would not be appropriate.10


In the U.S., the remarks of Assistant Attorney General Leslie Caldwell of the U.S. Justice Department in a speech on May 12, 2015, are also very instructive on the subject of co-operation.11

In addition, the U.S. Securities and Exchange Commission, which has responsibility for enforcing the issuer-specific provisions of the U.S. FCPA, announced in November 2015 a policy under which DPAs are available only to companies that self-report misconduct.12

The guidance published by the SFO and the CPS emphasises that co-operation must be pro-active, not merely a failure to engage in obstructive behaviour:

Considerable weight may be given to a genuinely proactive approach adopted by P's management team when the offending is brought to their notice, involving within a reasonable time of the offending coming to light reporting P's offending otherwise unknown to the prosecutor and taking remedial actions including, where appropriate, compensating victims.

In applying this factor the prosecutor needs to establish whether sufficient information about the operation and conduct of P has been supplied in order to assess whether P has been co-operative.

Co-operation will include identifying relevant witnesses, disclosing their accounts and the documents shown to them. Where practicable it will involve making the witnesses available for interview when requested. It will further include providing a report in respect of any internal investigation including source documents.13


This mirrors the guidance given to federal prosecutors in the U.S., which likewise stresses the importance of pro-active co-operation.

In both the U.S. and the U.K., it appears to be clear that an important part of co-operating will be providing information necessary to establish a criminal violation by corporate employees, officers and other individuals. Recent guidance from the U.S. Justice Department, in the form of a September 9, 2015, memorandum from Deputy Attorney General Sally Yates emphasises that, “[i]n order for a company to receive any consideration for cooperation … the company must completely disclose to the Department all relevant facts about individual misconduct”14 .

While the U.K. has not formally adopted a similar guidance, the structure of Section 7 of the Bribery Act -- under which corporate liability flows from the conclusion that a “person” associated with the company has paid a prohibited bribe -- suggests that providing the information necessary to establish that underlying violation will be viewed by the SFO as a necessary part of corporate co-operation.

The Requirement of Court Approval

To become effective, a DPA must be examined by the court and approved before it becomes effective. There is a process by which a preliminary hearing is held before the court in private to determine whether entry into the proposed DPA is “likely to be in the interests of justice” and whether the terms of the proposed DPA are “fair, reasonable and proportionate”. The court is required to give reasons for its decision.

There is then a final court hearing for definitive approval of the terms of the DPA, following which the DPA becomes effective and is required to be published by the prosecutor.

The role of the court in approving the substance of a DPA is particular to the U.K. approach to DPAs. The Judge, Sir Brian Leveson, President of the Queen's Bench Division, took care to emphasise the role of the court in the U.K., which is prominent both through the two-step approval process and the requirement for the court to give reasons for its decision: “there is no question of the parties having reached a private compromise without appropriate independent judicial consideration of the public interest: furthermore, publication of the relevant material now serves to permit public scrutiny of the circumstances and the agreement”.15

A Fine Broadly Comparable to Conviction Following a Guilty Plea

The financial penalty in a DPA is required to be broadly comparable to the fine that a court would have imposed following conviction after a guilty plea (Schedule 17(5)(4)). The Judge, Sir Brian Leveson, said that, for the purposes of the court's approval, “the most difficult assessment was as to the appropriate financial penalty”.16.

The maximum penalty for committing an offence under Section 7 Bribery Act 2010 is an unlimited fine, and penalties are determined in accordance with the applicable Sentencing Council Guidelines for bribery offences. These provide that the court must consider making a compensation order (in this case, Standard Bank was ordered to pay U.S.$6 million compensation with interest), that the court may consider confiscation of benefits of the offence (in this case, U.S.$8.4 million disgorgement of profits was ordered), and that the level of the further fine is to be determined based on the culpability of the organisation and the harm caused.

To determine the level of the fine for a Section 7 offence:

• The offence is categorised as one of “high culpability”, “medium culpability” or “lesser culpability”. Factors such as corruption of local or national government officials or ministers, committing the offence over a sustained period of time, wilful obstruction of detection (for example, by destroying evidence or misleading investigators) and having a “culture of wilful disregard of commission of offences by employees or agents with no effort to put effective systems in place” all point towards high culpability.

• Harm caused is usually measured by reference to the gross profit from the contract obtained, retained or sought as a result of the offending. However, the Sentencing Council Guidelines also envisage an alternative measure of the likely cost avoided by failing to put in place appropriate measures to prevent bribery.

• The penalty is then determined by multiplying the amount of the harm by a multiplier based on the level of culpability, as follows:

• high culpability: starting point: 300%, range: 250% to 400%,

• medium culpability: starting point: 200%, range: 100% to 300%,

• lesser culpability: starting point: 100%, range: 20% to 150%.

• The precise level of the multiplier within the range is based on aggravating and mitigating factors.

• The court is then required to “step back” and ensure that the fine is “substantial enough to have a real economic impact which will bring home to both management and shareholders the need to operate within the law”.


It will be apparent that very substantial financial penalties are possible for bribery offences. As discussed below, Standard Bank was subject to a financial penalty of U.S.$16.8 million, which was based on a multiplier of 300 percent of the U.S.$8.4 million profit achieved, with a one-third reduction to reflect the discount a court would give for an early guilty plea. Taken with the compensation and disgorgement of profits elements, the total penalty was U.S.$31.2 million.

Protection of Settlement Negotiations

The Crime and Courts Act 2013 also provides key procedural protections for defendants who seek to negotiate a DPA with the prosecutor, but are ultimately unsuccessful. These are broadly similar -- but not coterminous with -- the familiar protections afforded to “without prejudice” communications in civil cases. Under Schedule 17, drafts of the DPA, draft statements of fact, the fact of having entered into negotiations, and “material that was created solely for the purpose of preparing the DPA or statement of facts” may not be entered into evidence in a subsequent prosecution, except in limited circumstances. While it remains to be tested through litigation, this provision potentially provides an avenue for a defendant to provide potentially incriminating information to the prosecutor in the context of negotiating and finalising a DPA, whilst avoiding the potential that such evidence may be adduced in evidence should the DPA negotiations fail.

The Utility of Resolving Criminal Cases Through DPAs

There can be significant advantages for both prosecutors and corporate defendants in resolving criminal cases through DPAs rather than conviction. Some of the advantages for law enforcement were set out earlier this year in a speech U.S. Assistant Attorney General Leslie Caldwell delivered on the topic of corporate criminal prosecution:

DPAs and [Non-Prosecution Agreements] are useful enforcement tools in criminal cases. Through those agreements, we can often accomplish as much as, and sometimes even more than, we could from a criminal conviction. We can require improved compliance programs, remedial steps or the imposition of a monitor. We can require that the banks cooperate with our ongoing investigations, particularly in our investigations of individuals. We can require that such compliance programs and cooperation be implemented worldwide, rather than just in the United States. We can require periodic reporting to a court that oversees the agreement for its term. These agreements can enable banks to get back on the right track, under the watchful eye of the Criminal Division and sometimes a court.17


Entering into a DPA rather than proceeding to a conviction or pleading guilty to a charge presents a number of benefits for corporate defendants as well, including:

• potentially avoiding being disabled from certain types of business -- including those requiring service in a fiduciary capacity -- on account of having been convicted of an offence;

• avoiding a conviction that may lead to debarment from participation in public procurement exercises, pursuant to Article 45 of the EU Public Sector Procurement Directive, implemented in the U.K. by the Public Contracts Regulations 2006;

• maintaining the ability to engage in certain types of securities offerings (including under the Well-Known Seasoned Issuer programme in the United States) for which conviction would be disqualifying; and

• potentially avoiding a “repeat offender” uplift in penalties for future violations on account of a prior conviction.18


At the same time, the practice of resolving corporate criminal cases through DPAs has increasingly come under scrutiny in the U.S. -- with some (including in the judiciary) pointing to the use of the device as reflecting a double standard as between corporate and white collar defendants and those convicted of more ordinary crimes (for which DPAs are less common).

For example, U.S. federal judge Jed Rakoff wrote in a book review in February 2015:

The preference for deferred prosecutions also reflects some less laudable motives, such as the political advantages of a settlement that makes for a good press release, the avoidance of unpredictable courtroom battles with skilled, highly paid adversaries, and even the dubious benefit to the Department of Justice and the defendant of crafting a settlement that limits, or eliminates entirely, judicial oversight of implementation of the agreement.19


And, in September 2015, the U.S. Justice Department was criticised by many for entering into a three-year DPA with General Motors (under which the automotive giant agreed to pay U.S.$900 million and accept an independent monitor) in a case alleging that its deliberate failure to disclose a faulty engine switch in GM automobiles resulted in 124 deaths.

The result has been a series of decisions in the U.S. in which courts have taken an increasingly active role in reviewing and policing the enforcement of DPAs entered into by federal prosecutors -- a significant departure from what was, until recently, a matter left effectively to the prosecutor's unfettered discretion.20

While the role of the English court in approving and monitoring the implementation of DPAs is far more explicit than in the U.S., it remains to be seen how active English courts are in scrutinising DPAs entered into by prosecutors -- particularly the extent to which judges in the Crown Court independently balance the factors set out in the Crime and Courts Act 2013, as opposed to deferring to the judgment of the senior prosecutors who, under the Act, must approve the decision to resolve a case through a DPA.

Key Differences Distinguish DPA Practice in the U.K.

For those familiar with DPA practice in the U.S., the procedure under the Crime and Courts Act 2013 will seem at once familiar and foreign. The discretion of the prosecutor to impose conditions in exchange for deferred prosecution is the same, but there are a number of differences that distinguish the U.K. practice in significant ways.

Among the key distinctions are:

• Explicit court approval is required in the U.K., and the court must reach findings of fairness, reasonableness, and proportionality;

• The U.K. Crime and Courts Act 2013 establishes a guideline for the fine that must be imposed (in contrast, this is a matter of discretion in the U.S.);

• The decision as to whether there has been a breach of a U.K. DPA is left to the court, on application from the prosecutor (in contrast, in the U.S., declaration of a breach is typically in the prosecutor's own discretion); and

• Variation of a DPA, once approved by the court, also requires court approval.


In sum, the DPA procedure in the U.K. is considerably more formalised and substantially more subject to court oversight than its American cousin.

Increasing Focus by Regulators and Law Enforcers on Compliance and Internal Controls

The SFO's settlement with Standard Bank is not unique in its focus on the deficiency of a bank's internal controls to prevent improper conduct. Over the past few years, authorities in the U.K. have increasingly highlighted deficient internal systems and controls as justification for aggressive enforcement action. In the financial services sector, for example, there have been a number of recent enforcement actions taken against firms found in violation of the Financial Conduct Authority's (FCA's) “Principle 3” -- the obligation of a firm to organise and control its affairs responsibly and effectively.

These include:

• 1.4 billion pounds (U.S.$2.1 billion) in fines imposed on six banks by the FCA in November 2014 and May 2015 for deficient systems and controls -- particularly related to potential conflicts of interest -- in their spot foreign exchange businesses;

• a 227 million pound (U.S.$338.3 million) fine imposed on Deutsche Bank AG in April 2015 in relation to LIBOR/EURIBOR;

• enforcement action against Aviva Investors Global Services Limited by the FCA in February 2015 for failing to effectively manage conflicts of interest;

• censures imposed on the Co-Operative Bank PLC by the FCA and the Prudential Regulation Authority (PRA) in August 2015 for failure to implement appropriate controls, and inappropriate overriding of the controls in place, related to the management of its corporate loan book; and

• 56 million pounds (U.S.$83.4 million) in fines imposed on the Royal Bank of Scotland by the FCA and the PRA in November 2014 for failing to effectively manage IT risks.


The FCA has also recently imposed a 72 million pound (U.S.$107.3 million) penalty on Barclays Bank PLC in relation to its financial crime processes. Whilst that case did not involve Principle 3, it identified failings in how processes intended to prevent financial crime were applied in relation to a single transaction, and provides a further timely reminder of the continued scrutiny and focus on financial crime risks which can be closely analogous to bribery and corruption risks.

The SFO's settlement with Standard Bank strikes a similar posture, and sends the same message: Authorities expect businesses to have in place a robust internal compliance programme that not only reads well on paper, but also is actively implemented in a deliberate and effective way and becomes a genuine part of the business's culture. In the arena of corruption and bribery, businesses that fail to prioritise compliance risk criminal prosecution.

Future Developments

How the DPA tool will be used by prosecutors in the U.K. -- and how it will be perceived by the public -- remains very much to be seen. It is widely anticipated that there will be further DPAs in the coming months, as understanding and practice around use of and negotiation of DPAs develops, and they become cemented as part of the SFO's armoury.

There is also little doubt that the SFO will continue its enforcement activities in the bribery and corruption space and that the SFO will proceed with further corporate bribery cases. In this regard, the SFO has already announced that Sweett Group PLC, the listed quantity surveyor, has admitted an offence under Section 7 Bribery Act 2010 in relation to activities in the United Arab Emirates and elsewhere,21 and we expect further developments.


1 Section 8, Bribery Act 2010.

2 U.S. Justice Dep't, United States Attorneys' Manual Sec. 9-28.800.

3 The Ministry of Justice's guidance is available at:

4 A Resource Guide to the U.S. Foreign Corrupt Practices Act, available at:

5 These include 1) commitment from senior management and a clearly articulated policy against corruption, 2) code of conduct and compliance policies and procedures, 3) oversight, autonomy and resources, 4) risk assessment, 5) training and continuing advice, 6) incentives and disciplinary measures, 7) third-party due diligence and payments, 8) confidential reporting and internal investigation, 9) continuous improvement: periodic testing and review, and 10) mergers and acquisitions: pre-acquisition due diligence and post-acquisition integration.

6 Assistant Attorney General Caldwell Remarks at the ACAMS Anti-Money Laundering & Financial Crime Conference, March 16, 2015, available at:

7 It should be noted that, while the Bribery Act 2010 applies in Scotland, the DPA procedure does not. DPAs are available only in England, Wales and Northern Ireland.

8 This guidance is available at:

9 Ben Morgan, Joint Head of Bribery and Corruption, at the Global Anti-Corruption and Compliance in Mining Conference 2015, May 20, 2015, available at:

10 Global Investigations Review, interview with Ben Morgan, December 3, 2015, available at: .

11 Assistant Attorney General Leslie R. Caldwell Delivers Remarks at the New York City Bar Association's Fourth Annual White Collar Crime Institute, May 12, 2015, available at:

12 ACI's 32nd FCPA Conference Keynote Address, November 17, 2015, available at:

13 SFO and CPS, Deferred Prosecution Agreements Code of Practice, available at:

14 Memorandum from Deputy Attorney General Sally Yates, “Individual Accountability for Corporate Wrongdoing”, September 9, 2015, available at:

15 Serious Fraud Office v Standard Bank plc, November 30, 2015, para. 21.

16 Serious Fraud Office v Standard Bank plc, November 30, 2015, para. 16.

17 Assistant Attorney General Caldwell Remarks at the ACAMS Anti-Money Laundering & Financial Crime Conference, March 16, 2015, available at:

18 Although it remains to be seen, and the law does not currently provide make clear, whether a DPA will be considered a prior offence for sentencing purposes in the U.K.

19 Jed S. Rakoff, “Justice Deferred is Justice Denied”, The New York Review of Books, February 19, 2015, available at:

20 United States v. Saena Tech Corporation, No. 14 Cr. 66 (D.D.C. October 21, 2015) (“Court involvement in the deferral of a prosecution was specifically intended by Congress when it passed this legislation.”); United States v. Fokker Servs., B.V., 79 F. Supp. 3d 160 (D.D.C. 2015); United States v. HSBC Bank USA, No. 12 Cr. 763 (E.D.N.Y. July 1, 2013).

21 SFO, “Sweett Group PLC admits to bribery offence”, December 2, 2015, available at


The SFO's Deferred Prosecution Agreement with Standard Bank is available at

The Statement of Facts accompanying the Deferred Prosecution Agreement is available at

The Crown Court's preliminary judgment regarding the Deferred Prosecution Agreement is available at

The Crown Court's full judgment regarding the Deferred Prosecution Agreement is available at

The Ministry of Justice's guidance on the Bribery Act is available at

The Serious Fraud Office and Crown Prosecution Service's Deferred Prosecution Agreements Code of Practice is available at

The U.S. Justice Department and U.S. Securities and Exchange Commission's A Resource Guide to the U.S. Foreign Corrupt Practices Act is available at

Sunil Gadhia and Jonathan Kelly are Partners in the London office, and Breon Peace and Jennifer Kennedy Park are Partners in the New York office, of Cleary Gottlieb Steen Hamilton LLP. The authors may be contacted at,, and

Request Securities & Capital Markets on Bloomberg Law