The Serious Fraud Office (SFO) has released new guidance on its website – as part of its Operational Handbook – setting out key considerations when evaluating an organisation’s compliance programme. As the guidance notes, this is relevant for all SFO cases involving an organisation, from assessing whether or not a prosecution is in the public interest to determining whether the organisation has “adequate procedures” under section 7 of the Bribery Act 2010. It is also relevant to whether or not an organisation should be invited to negotiations for a Deferred Prosecution Agreement (DPA) and, for those convicted, whether any reduction in sentence for demonstrating a good compliance programme.
The guidance is only slightly longer than seven pages and the detail of it will be of interest to all compliance teams, but some key points to highlight include:
- Any compliance programme must be effective and “not simply a paper exercise” - this is a key concept that should be familiar to most businesses and their compliance teams. A policy that sits in a drawer will never have the desired effect and any policy should be implemented with training and education.
- The past, present and future state of a compliance programme may be considered by the SFO when deciding how to proceed – the official guidance on Corporate Prosecutions states there is a public interest in prosecuting an organisation if it did not have an effective compliance programme in place at the time of any alleged offending. If, since that date, the organisation has genuinely taken proactive and effective steps to enhance its compliance programme then this would weigh against bringing a prosecution. Similarly, the opportunity to put in place future improvements with proper engagement by the organisation is likely to increase its chances of negotiating a DPA. Therefore, the whole history of an organisation’s programme may be relevant – there is never a wrong time to make improvements.
- Material relating to the compliance programme is likely to be targeted early in an investigation and focused on – the guidance states that teams should begin to explore compliance issues early in an investigation. Likewise, it is expected that organisations should have a variety of written records of its compliance programme and its operation. This material could be obtained through a variety of ways by the SFO. In particular, the guidance notes that compliance material is “relevant information” for the purpose of the Criminal Justice Act 1987, under which “section 2” notices and interviews can be ordered.
- An assessment of a compliance programme is likely to focus on the six principles set out in the Ministry of Justice’s 2011 Bribery Act guidance – the guidance explicitly states that it is helpful to arrange an assessment around these six principles. By way of reminder, the principles are: (1) proportionate procedures; (2) top level commitment; (3) risk assessment; (4) due diligence; (5) communication (including training); and (6) monitoring and review.
Compliance programmes must be reviewed and updated continuously in order to be effective.
However, the release of this guidance by the SFO provides a welcome reminder for organisations to review their arrangements and is a useful framework against which to test any policies and procedures currently in place.
The guidance can be accessed at the link below under “Evaluating a Compliance Programme”.
A key feature of any compliance programme is that it needs to be effective and not simply a ‘paper exercise’. A compliance programme must work for each specific organisation, and organisations need to determine what is appropriate for the field in which it operates. It is critical that the compliance programme is proportionate, risk-based and regularly reviewed.