Two key innovations have transformed UK corporate crime enforcement over the past decade, but their ultimate effectiveness remains in question. Neil Swift of Peters & Peters traces the evolution of failure-to-prevent offenses and deferred prosecution agreements, highlighting how recent guidance promises more certainty for self-reporting organizations while the SFO struggles with a shaky record on prosecuting individual wrongdoers.
Two measures significantly enhanced the ability of the UK’s Serious Fraud Office (SFO) to hold errant organizations to account for criminal misconduct. One was the introduction of the corporate “failure to prevent” model of criminal liability, through first the offense of failure to prevent bribery and that of failure to prevent the facilitation of tax evasion. The other was the introduction of deferred prosecution agreements (DPAs).
Failure-to-prevent model
Until the introduction of “failure to prevent” offenses, it was difficult to prosecute an organization for a criminal offense. The prosecution was required to prove that a person who embodied the “directing mind and will” of an organization was guilty of the offense. In practice, this meant a board director or similar. The difficulties were amplified in the case of large and multinational companies.
Although there are differences in the wording of the failure-to-prevent offenses, they each possess three fundamental elements. The first is that a person associated with an organization commits an offense — whether bribery, facilitating another’s tax evasion or, now, fraud. The second is that the person committed the offense while acting in that capacity or to further the organization’s business (i.e. the offending was not in their personal capacity). The third is that the organization did not have adequate or reasonable procedures designed to prevent that offending.
If those elements can be proven, an organization can be convicted of a criminal offense and face the direct consequence of criminal fines, costs and confiscation and the indirect consequence of disbarment from public contracts.
The Carrot and the Stick: UK’s SFO Clarifies Self-Reporting Benefits for Corporate Offenders
New director promises faster investigations and clearer outcomes for organizations that proactively disclose bribery offenses
Read moreDetailsDeferred prosecution agreements
DPAs are agreements reached between a prosecutor and an organization, allowing the organization to be penalized for criminal offenses without a conviction.
They commonly provide for the disgorgement of profits, payment of a financial penalty (reduced in comparison to a fine) and costs, cooperation with the prosecution of individuals and the taking of steps to minimize the possibility that similar misconduct will happen again. Significantly, there is no automatic disbarment.
There is no entitlement to a DPA. An organization must be invited to enter negotiations. If so invited, the prosecutor then has to be satisfied that there is (or would be, if the investigation continued) sufficient evidence to prosecute and that a DPA rather than a prosecution would be in the public interest.
A code of practice sets out a non-exhaustive list of factors for a prosecutor to consider in weighing the public interest, although ultimately it is for a judge to approve each proposed DPA. Some of those public interest factors relate to the offending itself, but there are two the company is able to influence through its conduct after discovering the offending: self-reporting and cooperation.
Evolution of the DPA
Although in force since 2011, it was not until after DPAs were introduced that the SFO secured its first resolution for failing to prevent bribery in a 2015 case involving Standard Bank. Since then, there have been 11 DPAs, eight of which included an offense of failure to prevent bribery.
Put simply, an organization facing prosecution for failure to prevent faces an uphill struggle to satisfy a court that notwithstanding the incident of bribery that took place, its procedures to prevent the same from happening were nevertheless adequate.
Leaving aside the question of whether an organization would be better off letting the SFO put together its best case and then plead guilty to it, the DPA regime relies on organizations preferring the certainty, shorter timescale and preferable optics of cooperating to achieve a DPA when faced with the choice.
Over time, the gateway to DPAs has widened. The Rolls Royce DPA, approved in 2017, demonstrated that exceptional cooperation could trump the absence of a self-report. The SFO had sought information from Rolls Royce following allegations made publicly. Only then did the company commence an internal investigation. Although failing to notify the SFO of the wrongdoing is a factor in favor of prosecution, what the judge described as “extraordinary” and “genuine” cooperation meant that Rolls Royce was offered a DPA instead, albeit one which involved paying more than £510 million in financial penalties, disgorgement of profit and SFO costs.
Failure to prevent fraud & self-reporting
Given the effectiveness of “failure to prevent” as a means of combatting bribery, both through incentivizing companies to put in place compliance procedures and its effectiveness in holding companies criminally to account, the Economic Crime and Corporate Transparency Act 2023 introduced the offense of failure to prevent fraud.
Large organizations commit an offense if their employees, agents, subsidiaries or other associated persons commit a fraud with the intention of benefitting the organization or its clients.
The organization will have a defense if it had reasonable fraud-prevention measures in place. ECCTA obliged the government to issue guidance on what reasonable procedures might look like. To give businesses the opportunity to put the guidance into effect, the offense does not come into force until September.
Perhaps to kickstart enforcement of the new offense, the SFO has recently updated its guidance on self-reporting. There is still no guarantee that an organization will achieve a DPA, but the new guidance states explicitly that an organization that self-reports promptly and cooperates fully will be invited to enter DPA negotiations unless exceptional circumstances apply.
The idea is to remove some of the uncertainty for organizations around self-reporting. Until now, organizations and their advisers had to weigh the likelihood that the SFO would exercise its discretion to invite the organization to negotiate a DPA. Organizations and their advisers will need to consider the factors for and against a DPA set out in the DPA code of practice to determine the likelihood that they will be able to achieve a DPA.
SFO outlook
The director of the SFO will hope that the combination of expanded corporate criminal liability and more certainty for those who self-report will lead to more outcomes against organizations. At the moment, the SFO’s unfortunate record of having been unable to successfully prosecute (with the exception of one guilty plea) any individuals whose conduct formed the basis of a DPA counts against it.
The challenge for the SFO will be to demonstrate that there is a real risk of prosecution and conviction to incentivize organizations to come forward and self-report. The groundwork has been laid to enhance the incentive to self-report, but more work needs to be done to demonstrate that there is a real risk for those who do not.
Neil Swift is a partner in the business crime and investigations team at Peters & Peters. He advises individual and corporate clients on investigation, prosecution and enforcement action taken by the Serious Fraud Office (SFO), Financial Conduct Authority and HM Revenue & Customs. He has considerable experience advising key participants in high-profile and international financial crime and corruption cases, often as part of multi-disciplinary and multi-jurisdictional teams. 
