The science of compliance: SFO releases guidance on how it will assess corporate compliance programmes
The SFO’s Operational Handbook1 has been updated with new guidance on how it will evaluate corporate compliance programmes (https://www.sfo.gov.uk/publications/guidance-policy-and-
While the guidance is far less prescriptive than many corporates would wish and, in many respects, repeats well-trodden ground for the SFO and adds little that is truly new, some aspects of it are of interest.
The guidance makes it clear that, in evaluating a compliance programme, prosecutors will assess the state of a compliance programme at different periods in time for different purposes:
- the state of the compliance programme at the time of offending;
- the current state of the compliance programme; and
- how the compliance programme could change going forwards.
The guidance also confirms that “[a]n organisation with a poor programme at the time of wrongdoing may, nonetheless, have strengthened its programme by the time of the charging decision. This would be relevant to a charging decision under the Guidance on Corporate Prosecutions…”
As such, whilst the only procedures that are relevant to the assessment of adequacy for the purpose of corporate liability under section 7 are those in place at the time of the alleged offence, the guidance helpfully outlines that the ultimate outcome of an SFO investigation will require more than this evidential snapshot. The likelihood that the SFO will charge the corporate entity or offer a DPA (and the severity of any potential sentence) will be impacted by the degree of correction of the control environment and other aspects of the compliance programme after the event and the extent to which there is still work to be done going forwards. Accordingly, corporates must ensure that, in the event a compliance incident triggers a criminal investigation, steps are taken to properly assess the root cause
of the issue, take related remedial measures, and enhance the compliance programme, as doing so may help reduce the risk of prosecution, increase the prospect of a DPA and/or reduce any sentence imposed by the court.
The guidance makes it clear that SFO investigation teams should begin to explore (and obtain evidence in respect of) a company’s compliance programme very early in any investigation. This confirms that, when under an SFO investigation (whether following a self-report or otherwise) companies should expect to be asked to provide detailed information about compliance programmes early on in an investigation.
The guidance also places heavy reliance on the “Six Principles” set out in the statutory guidance under the Bribery Act 2010 (http://www.justice.gov.uk/downloads/legislation/bribery-act-2010-guidance.pdf),
referring to them as “a good general framework for assessing compliance programmes”:
- Principle 1 – proportionate procedures
- Principle 2 – top level commitment
- Principle 3 – risk assessment
- Principle 4 – due diligence
- Principle 5 – communication (including training)
- Principle 6 – monitoring and review
The focus on the six principles is unsurprising and serves to emphasise their importance (as statutory guidance) and the need for organisations to focus on the six principles when designing and improving their compliance programmes.
The guidance emphasises not only the importance of having a robust compliance programme in place, but also being able to evidence it. It is in this respect that the guidance is most lacking in that it does not provide any real further insight into the questions that companies should be expected to be asked by the SFO regarding the operation of their compliance programme or the methodology that the SFO
will use to test it. Tracking and evidencing the effectiveness of a compliance programme can be a challenge for most organisations, but there are tools available to assist, including Baker McKenzie’s Compliance Cockpit. The Compliance Cockpit is a holistic risk assessment and risk monitoring tool that can be used to track improvements to, and the effectiveness of, a compliance programme on a global scale. (https://www.globalcompliancenews.com/wp-content/uploads/sites/43/2018/05/Baker-McKenzie-Compliance-
1 The SFO Operational Handbook is an internal-facing document which is for use by SFO investigation teams. It is of relevance to corporates because it provides an insight on the approach that the SFO will take to certain issues.