DPAs: A new weapon against corporate crime

A deferred prosecution agreement (DPA) is a new enforcement tool in the UK, available as from 24 February 2014, introduced by the Crime and Courts Act 2013, enabling prosecutors, in certain circumstances and subject to certain conditions, to deal with corporate economic crime without pursuing a full prosecution. This follows the publication of the finalised Code of Practice on 14 February 2014 by the Director of Public Prosecutions (namely the head of the Crown Prosecution Service (CPS) in England and Wales) and the Director of the Serious Fraud Office (SFO).

Rationale and comparison with the US

The past few years have seen an increasing political imperative in the UK to hold corporates to account for criminal conduct,
with DPAs being promoted as part of the UK government’s commitment to combat economic crime more effectively¹.

The UK may have realised somewhat late the potential value of DPAs: they have been common practice in the US for many years, with the first corporate DPAs dating back to the early 1990s. Their use has increased markedly: since 2000, the US Department of Justice has entered into 273 publicly disclosed DPAs and non-prosecution agreements (NPAs)², which have led to monetary penalties totalling more than $40bn (€29bn)³. The recent news that JPMorgan Chase has agreed to pay $1.7bn underlines the value and significant potential benefits of a DPA.

Sceptics may ponder whether the driving force behind the UK embracing DPAs at a time of financial austerity where a major concern in the Ministry of Justice has been the cost of lengthy and complex fraud trials was financial. Money received by a prosecutor under a DPA is to be paid into the Consolidated Fund⁴ (the government’s general bank account at the Bank of England). The terms of a DPA may include payment of “any reasonable costs of the prosecutor in relation to the alleged offence or the DPA”⁵.

However, the structure of the process, which places the judiciary at the centre of the consideration of the appropriateness of a DPA, is designed to dispel, or at least reduce, such concerns. This distinguishes the UK regime from that in the US: the UK authorities have emphasised the requirement for effective judicial scrutiny – and not a rubber-stamping – of DPAs. Negotiations between a prosecutor and a corporate must be transparent⁶ and “ensure that the proposed DPA placed before the court fully and fairly reflects [the corporate’s] alleged offending”⁷. The court ultimately decides whether a DPA is in the interests of justice and its terms fair, reasonable and proportionate. It makes a declaration to that effect⁸, at which stage a DPA comes into force. The court determines whether a corporate has failed to comply with the DPA’s terms; and if so, whether to invite the prosecutor and corporate to agree proposals to remedy the failure or whether to terminate the DPA⁹.

The US have no such detailed rules for judicial oversight of DPAs; rather, the role of the courts has often been restricted to approval of the length of deferral periods and dismissal of charges following successful completion of those periods. However, US courts are starting to take a more active role in considering whether particular DPAs are in the public interest. For example, in approving the DPA entered into with HSBC in December 2012, the court asserted its supervisory authority stating that “a pending federal criminal case is not window dressing. … By placing a criminal matter on the docket of a federal court, the parties have subjected their DPA to the legitimate exercise of that court’s authority”¹⁰.

Another major distinction between the US and the UK is that, unlike in the US, there is a high threshold in the UK to meet the test for corporate criminal liability, requiring a prosecutor to prove that misconduct was authorised at the highest levels of an organisation. The director of the SFO has described this as “the problem inherent in the DPA regime”¹¹. Thus, it is expected that UK DPAs are likely to be used most frequently in the case of a suspected s7 Bribery Act 2010 offence, which introduced a strict liability offence for commercial organisations for a failure to prevent bribery. The director has called for an extension of the s7 principle, advocating a corporate offence of a company failing to prevent crimes of dishonesty or fraud by its servants or agents, subject to a statutory adequate procedures defence¹².

How will prosecutors decide

The code gives guidance on the general principles to be applied in determining whether a DPA is likely to be appropriate in a given case¹³. The starting point is the application of a modified version of the traditional two-stage prosecutor’s test for bringing prosecutions, which requires a prosecutor to consider first whether the evidential test is met and then whether a prosecution is in the public interest. The evidential stage usually involves the prosecutor being satisfied that there is enough evidence to provide a “realistic prospect of conviction” before considering whether a prosecution is in the public interest. However, the code allows the prosecutor to consider the public interest earlier, enabling a prosecutor to avoid what is often a lengthy and costly investigation, provided there is a reasonable suspicion that the commercial organisation has committed the offence and there are “reasonable grounds” for believing that a continued investigation would provide further evidence capable of establishing a realistic prospect of conviction¹⁴.

The code is clear that “the SFO and the CPS are first and foremost prosecutors”¹⁵; that a DPA is a discretionary tool¹⁶; and the prosecutor is not obliged to invite a commercial organisation to negotiate a DPA, nor is a commercial organisation obliged to accept any invitation made¹⁷.

Further, the director has stated his commitment to prosecute the “topmost tier of serious and complex fraud, bribery and corruption”¹⁸. While the director of the SFO describes DPAs as “a welcome addition to the prosecutor’s tool kit for use in appropriate circumstances”¹⁹, he is clear that “there will be cases where a company should be marked with a conviction”²⁰.

The director emphasised this on the publication of the final code, stating: “The most important features of the DPA regime outlined in the code are judicial oversight, and unequivocal co-operation from the corporate. Prosecution remains the preferred option for corporate criminality”²¹. The code reflects both the co-operation expected and the fact that prosecution remains the preferred option. Yet, it is also clear that one public interest factor alone may outweigh other factors tending in the opposite direction²², arguably leaving a prosecutor with considerable discretion in deciding how to pursue a particular case.

The code sets out factors for and against prosecution²³. The (non-exhaustive) list of public interest factors tending against prosecution includes co-operation by the company (the code states that this will include identifying relevant witnesses, disclosing their accounts and the documents shown to them; making witnesses available for interview, where practicable; and disclosing any internal investigation report) as well as the fact that a company’s board has changed²⁴. In terms of the co-operation expected, and any self-report by the company, the director has recently stated that he expects this to include waiver of legal professional privilege, which “is often claimed, dubiously, over accounts given by witnesses in internal investigations.”²⁵ This is likely to be an area of considerable debate over the coming months. A further factor against prosecution is that a conviction is likely to have disproportionate consequences for a corporate, under domestic law, the law of another jurisdiction, including but not limited to that of the EU²⁶. This is directed to the potential for debarment from public procurement contracts under regulations implementing EU directives that render ineligible any bidders convicted of offences, including fraud or bribery²⁷. Companies convicted of the s7 offence of failing to prevent bribery are subject to discretionary exclusion rather than the mandatory ban. A DPA would give a contracting authority a discretion to debar a company²⁸, which prosecutors may seek to use as a negotiating tool.

The director expects the numbers of self-reports to increase following the introduction of DPAs²⁹, and has recently reinforced the SFO’s approach in this regard by stating that a self-report opens up the possibility of a DPA or civil recovery, rather than a prosecution³⁰.

Content and incentives to enter into a DPA

A DPA must contain a statement of facts, which may (but need not) include admissions by the corporate (although the director has recently stated that he considers that an admission of guilt will be an indicator of cooperation by the company)³¹. A statement of fact must “give particulars relating to each alleged offence” and “include details where possible of any financial gain or loss, with reference to key documents that must be attached”³².

The likely terms of a DPA will comprise a fine, but may include other matters, for example, compensation of victims³³. Any financial penalty agreed must be “broadly comparable to a fine that the court would have imposed… following a guilty plea”³⁴. The discretion available when considering a financial penalty is broad, and reference will be had to various factors, including any relevant Sentencing Council (SC) guidelines³⁵. Recent SC guidance for the sentencing of corporate offenders suggests that levels of fine will be high and should “substantial enough to have a real economic impact which will bring home to both management and shareholders the need to operate within the law”³⁶.

Proponents of DPAs in the US regard them as appropriate for resolving even the most challenging criminal allegations in targeted, efficient ways, which they consider exact meaningful punishment, often through hefty financial penalties and rigorous compliance reforms, while avoiding serious collateral consequences of criminal convictions³⁷. On the publication of the final code, the director referred³⁸ to the use of DPAs avoiding “collateral damage to employees and shareholders who may be blameless”³⁹.

Despite the challenges for the prosecution in meeting the test for corporate criminal liability (other than for s7), corporates being investigated by a more enthusiastic SFO, whose avowed intention is to bring more corporate prosecutions, may take a pragmatic decision to agree to a DPA, particularly if this enables them to negotiate a resolution with other regulators and prosecutors across the globe (since large corporate investigations are likely to involve cross-jurisdictional issues). Nevertheless, the co-operation expected as against the uncertainty of a DPA being approved means that DPAs remain, at this stage, a leap in the dark.

Approach towards prosecuting individuals

A corporate’s decision whether to enter into a DPA is likely to include consideration of the position of individuals who may face prosecution, which itself could have reputational knock-on consequences for the corporate, depending in particular on the seniority of the individuals involved. There is no comfort to be taken from either the public pronouncements of the SFO or the code on this point. In setting out the factors tending against prosecution, and in the context of a corporate self-reporting, the code (going further than the draft code did) states that “Co-operation will include identifying relevant witnesses, disclosing their accounts and the documents shown to them”⁴⁰. The code states that: “It must be remembered that when [the corporate] self-reports it will have been incriminated by the actions of individuals. It will ordinarily be appropriate that those individuals be investigated and where appropriate prosecuted”⁴¹. This echoes the Guidance on Corporate Prosecutions, to which a prosecutor must have regard⁴², which makes it clear that the prosecution of a company should not be seen as a substitute for the prosecution of criminally culpable individuals, which, it states, provides a strong deterrent against future corporates offending⁴³.

The code also states that the prosecutor “must not agree additional matters with [the corporate] which are not recorded in the DPA and not made known to the court”⁴⁴ – however, this does not preclude a prosecutor from taking the view that, following a DPA with a corporate, it is not in the public interest to prosecute the individuals, particularly where other, for instance regulatory, action may be taken.

The US experience may also provide some insight into what happens in reality: DPAs are generally entered into without corresponding prosecutions of individuals, a practice recently questioned by US District Judge Jed Rakoff, who referred to DPAs as satisfying prosecutors who “believe that [they] have helped prevent future crimes; the company is happy because it has avoided a devastating indictment; and perhaps the happiest of all are the executives, or former executives, who actually committed the underlying misconduct, for they are left untouched”⁴⁵.

Given the stance of the SFO, which has set itself against the culture of “cosy off-record chats”⁴⁶, and given the criticism by Lord Justice Thomas in R v Innospec Ltd about entering into civil agreements that glossed over corporate criminality⁴⁷, it is likely that the SFO will want to show that DPAs do not represent a way for corporates to buy their way out of trouble or a way of letting culpable individuals off the hook. Whether, in practice, it will succeed in that aim is another question.

Effect of DPAs in other European countries

A key concern of corporates entering into DPAs with prosecutors in the UK is the extent to which any information passed to the prosecutor, or created during the negotiations, may be used in subsequent or parallel criminal or regulatory proceedings. This is dealt with in para 13 of Schedule 17 to the Act, which limits the use of certain information obtained or created during DPA negotiations. This limitation includes material showing that the subject of the DPA entered into negotiations for a DPA, including any draft of the DPA, any draft of a statement of facts intended to be included in the DPA and any statement indicating that the subject of the DPA entered into such negotiations. It also includes “material that was created solely for the purpose of preparing the DPA or statement of facts”⁴⁸. However, that material apart, the code expressly states that there is no limitation on the use to which other information obtained by a prosecutor during the DPA negotiation period may subsequently be put during criminal proceedings brought against the subject of the DPA⁴⁹. In light of this, there is a real prospect for information derived from DPA negotiations to flow between UK and other overseas authorities; and there may be circumstances in which European prosecutors may wish to use such information to bring action against the subject of a DPA.

There is also a growing movement in Europe towards criminal liability for corporates, with many European jurisdictions focusing on whether the corporate had proper systems and controls to prevent an offence from occurring. Given the likely focus of DPAs, initially at least, on the s7 offence (and assuming the adequate procedures defence is not met), this may pave the way for other jurisdictions to bring action. It will also mean that corporates need to consider their exposure outside the UK in entering into DPAs.

Judith Seddon is director of business crime & regulatory enforcement at Clifford Chance LLP