Cross-Border White Collar Crime and Investigations Review
Headlines in this article
Related news and insights
Blog Post: 13 March 2024
Publications: 05 March 2024
Publications: 20 February 2024
Publications: 06 February 2024
Higher tax related money laundering risks for financial institutions
Our analysis of the most significant financial crime and investigations developments over the past 12 months provides a revealing picture of the increasingly complex and challenging regulatory and enforcement landscape facing businesses around the world.
More countries are introducing or amending financial crime laws, new types of businesses are being brought into the scope of existing laws, and there are increased expectations on corporate behaviour from a wider range of stakeholders.
In response, in-house counsel need to help their businesses adapt to new expectations, and mitigate the impact of the risks that arise.
This year’s review is divided into two complementary sections:
- Challenges and priorities for 2024 – we highlight current and emerging challenges for in-house investigations teams and white-collar crime lawyers and share our thoughts on how to manage the associated risks.
- Country-by-country analysis – we review key developments in selected jurisdictions during 2023.
What to prioritise in 2024
Increased scrutiny of internal investigations
The conduct of internal investigations is coming under more scrutiny by enforcement authorities, employees and other stakeholders.
- Conduct of internal investigations - there is a growing body of rules and expectations about how such investigations should be conducted so that the basis of the investigation is transparent (is it independent?), fair (in relation to the treatment of interviewees or the skills of those investigating) and robust (eg the collection and review of data). For example, in France a new joint guide on anti-corruption internal investigations contains ‘best practices’ for conducting an internal investigation. The Disciplinary Court of the Dutch Bar Association has ruled on specific requirements for when a lawyer is carrying out an ‘independent’ investigation, eg on the independence of the investigator and their interactions with parties involved. Similar calls are being voiced in other jurisdictions. In China there are rules which affect how data/evidence can be collected for an internal investigation. Law reforms in the UK mean that internal interviews of senior managers need to be handled even more carefully.
- Privilege and confidentiality of documents - there have been challenges in many jurisdictions concerning whether privilege attaches to documents created during an internal investigation, and a recent legislative attempt to extend legal professional privilege to in-house lawyers’ legal advice in France has failed. A failure to adhere to these rules or expectations risks legal and/or reputational consequences.
How to respond: Be sensitive to the expectations of authorities (which may become involved only at a later stage) when conducting an internal investigation. The rules are evolving, so seek up-to-date advice. It will often be easier to design the internal investigation to factor those expectations in at the outset, rather than reverse-engineer it afterwards. Take local law advice when investigations concern operations or individuals based overseas. There may be special rules, eg about the treatment of interviewees, how data can be collected, or how the investigation can be structured to take advantage of available privileges.
The new ‘senior manager’ test for corporate attribution in the UK means, that before conducting an interview during an internal investigation, consider whether the individual meets the new ‘senior manager’ test. If so, that person’s conduct can be attributed to the company in respect of economic crimes. Consider how to structure the interview to get considered and reliable evidence rather than a knee-jerk reaction. Achieving that may be easier if the individual receives independent legal advice.
Enhanced whistleblowing laws
The implementation of the EU Whistleblowing Directive in many Member States during 2023 has accelerated the need for businesses to ensure that their whistleblowing reporting lines and policies conform to the new rules. There is an expanded category of workers who can make a whistleblower report (now including interns, temporary workers and new recruits who have not started work), and new rules on where/how reporters can make a report, how the report is triaged, and protections for the whistleblower. Individuals can claim damages for retaliation and there is a reversed burden of proof on the issue of causation between reporting and retaliation.
How to respond: Implementing the new rules will no doubt give greater confidence for whistleblowers to come forward in those jurisdictions, so businesses should expect more internal investigations to be conducted. They should therefore be ready to receive and triage these reports, train those who may be involved, and ensure that any resulting internal investigation is carried out in accordance with applicable laws and expectations.
What is the impact of the EU Whistleblowing Directive for businesses? - Jasmin Hense
Employees and workers in the value chain
Businesses continue to face legal and reputational risk arising from how those who work for them directly, or for businesses in their value chain, are treated. In Australia modern slavery laws are being strengthened, and a new anti-slavery commissioner is being appointed. The French Civil Court ordered a French company to improve its compliance programme following the use of undocumented workers by subcontractors. In many countries there is a growing prevalence of workplace investigations in response to allegations of misconduct, sexual harassment, discrimination, bullying or retaliation. Non-governmental organisations (NGOs) and other activists are trying novel ways of using existing laws to tackle modern slavery issues, eg money laundering law has been used in the UK to try and force the authorities to take action over cotton imported from regions where modern slavery is alleged to be a risk.
Businesses face increasing pressures and obligations globally in respect of supply chain due diligence and modern slavery disclosures which result from new and proposed legislation in jurisdictions such as Belgium, France, Germany, the U.S. and the Netherlands. The European Parliament and the EU Council said on 14 December that they have reached a provisional agreement on a corporate sustainability due diligence directive that aims to introduce rules for companies to protect human rights and the environment. Businesses therefore cannot afford to consider the enforcement risks in only one jurisdiction.
How to respond: Businesses should already be considering supply chain issues and taking steps to address risks such as modern slavery. Careful thought will need to be given to how these types of investigations are structured, bearing in mind the chance of follow-on civil or regulatory action. These issues often intersect with others in relation to environmental concerns or corruption, particularly where third parties are involved. Take an integrated (not siloed) approach to managing ESG issues across a business’ third party ecosystem.
Corruption risk and third parties/intermediaries
Use of third parties/intermediaries remains a high corruption risk. Almost all FCPA and other corruption cases involve the use of third parties or intermediaries to make corrupt payments to win work or obtain confidential data. Enforcement authorities took action in 2023 on corrupt payments made to third parties, including those concealed as, eg consultancy fees, sponsorship or charitable donations. Australia is implementing reforms to its foreign bribery regime. The U.S. Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs has been updated and has an increased focus on managing third-party relationships. Looking further ahead, the EU Commission is proposing a new directive on combatting corruption which will contain harmonised definitions of criminal offences and increased criminal sanctions.
How to respond: Policies and procedures around the use of such business partners must be properly implemented and reviewed on a regular basis. Ensure that commercial pressures are not trumping adequate due diligence. Compliance and finance functions need to be properly resourced with staff who have the right level of experience, seniority, and clear accountability. Not only will these measures help prevent misconduct, they will also be a mitigating factor should there be any enforcement action.
Data analytics offer insights to drive compliance programmes, and authorities’ expectations in this regard are increasing. Compliance teams should consider whether they use data effectively to: (i) monitor third parties, using real-time data, throughout the lifecycle of the business relationship; (ii) save time and costs; and (iii) inform the design, implementation and effectiveness of compliance programmes. If using an external data company, evaluate the parameters/limits of what they offer, eg how are they defining a state-owned entity or politically exposed person?
Financial services firms should consult the new Wolfsberg Guidance published in 2023.
Environment-related financial crime risk
Authorities are under pressure to clamp down on crime associated with the environment and climate change. Money laundering is being used as a proxy offence for environmental crimes, eg a criminal complaint was filed by several NGOs against four major French banks accused of laundering the proceeds of illegal deforestation in Brazil.
There is enforcement action relating to greenwashing. While now most is of a regulatory nature, a knowingly dishonest representation about green credentials could trigger criminal liability for fraud, including for a business. There is likely to be pressure to use criminal enforcement in serious cases.
There are bribery and corruption risks associated with the dash for growth and investment in ‘Net-Zero’ related projects such as carbon offsetting and renewable power projects, many of which involve dealing with overseas public officials to win contracts or manage local community issues.
How to respond: A holistic approach to the ‘E’ in ESG requires the bringing together of expertise from a mixture of compliance skillsets (anti-bribery and corruption, anti-money laundering, tax). Businesses should monitor legal and regulatory obligations globally and map them to existing policies and processes, eg third-party risk management, contracting/procurement, M&A and financial and regulatory reporting. Conduct a risk and control assessment. If there are gaps, create a prioritised plan to plug them.
Tax evasion and public procurement fraud
Governments in many jurisdictions are keen to recoup losses from tax evasion. A new UK corporate criminal offence of ‘failure to prevent fraud’ catches cheating the public revenue. France has introduced a new criminal offence relating to the facilitation of tax fraud, intensified scrutiny of the banking sector, and has collaborated with German authorities in conducting dawn raids on major French banks. The Dutch tax and criminal authorities announced their focus on combatting dividend stripping, and publicly invited market participants to come forward with information on these practices. Corporate tax evasion enforcement has been active in Germany, and this is expected to continue in 2024. The European Public Prosecutor has been very active, with a specific mandate to tackle fraud on the EU. Its most recent Annual Report reveals that it had conducted 1,117 active investigations by the end of 2022, of which 47% were related to VAT fraud.
Public procurement fraud is also costly for the public purse. The UK’s new ‘failure to prevent fraud’ offence is capable of being deployed to prosecute a UK or non-UK company that has defrauded the UK Government in a public procurement context. The UK Public Sector Fraud Authority, formed after the pandemic, has a specific remit to tackle public sector fraud. There are specific new procurement-related offences, eg in South Africa, Italy and Poland, aimed at ensuring transparency and reducing corruption and other interference with procurement processes.
How to respond: Businesses that contract with public authorities should ensure that those representing the business receive financial crime compliance training. The only defence in the UK to a ‘failure to prevent fraud’ offence, which can bite on UK and non-UK companies, is having reasonable procedures in place to prevent fraud. Businesses should conduct a risk assessment on where the risk of fraud lies in their organisations and implement fraud controls if they have not already done so. This may also be a good time to review whether the business still has ‘reasonable prevention procedures’ in place in relation to the UK’s ‘failure to prevent the facilitation of tax evasion’ offence, introduced in 2017. It is possible that a clamp down on tax evasion in some jurisdictions may cast the spotlight on those that facilitated it.
AML compliance for financial gatekeepers
Expect tougher anti-money laundering and counter-terrorist financing laws. A broader range of gatekeepers are increasingly being bought into the anti-money laundering/counter-terrorist financing framework, with regulations being expanded in many jurisdictions to catch virtual asset service providers and fintechs. While automation and AI can do some of the heavy lifting on AML compliance, enforcement shows that performance of AI will only be as good as (1) the data it relies on, and (2) the quality of the human decision making at the point when the system raises a red flag. We expect to see continued scrutiny and rigorous enforcement in this area, particularly around weak systems and controls. The focus on this area is illustrated by the plan to create an EU-wide authority to fight money laundering.
How to respond: All types of business, not just those in finance, should identify money laundering risks and implement controls, with appropriate senior management oversight, to mitigate them. Compliance functions must be adequately resourced. Staff should be sufficiently experienced and feel empowered to independently question decisions taken by others.
Lower bar for corporate criminal exposure
Law reform on corporate criminal liability. The goal of legislative reform in several jurisdictions is to make it easier to convict large companies of criminal offences. In the UK there is a new ‘failure to prevent fraud’ offence for businesses, and changes to the UK identification doctrine mean the conduct of ‘senior managers’ in respect of economic crimes (and soon all crimes) can now be attributed to their employers.
How to respond: Any analysis of corporate exposure following allegations of misconduct should factor in the jurisdictions involved, and the risk of corporate (and individual) liability. Care should be taken during internal interviews of senior individuals so as not to elicit inaccurate evidence on knowledge/intent.
Businesses should reduce their financial crime risk and maximise their chance of successfully mounting an ‘adequate procedures’ defence, where applicable, by implementing an effective compliance programme. Businesses which formulated their policies some years ago should review relevant guidance, update policies, provide regular training to staff and ensure that senior and middle management set the right tone in their behaviour and communications. This is particularly important given the widespread adoption of hybrid working in some sectors. Data analytics offer insights to drive compliance programmes and authorities’ expectations in this regard are increasing. Compliance teams should consider whether they use data effectively to inform the design, implementation and effectiveness of compliance programmes.
What are they key reforms impacting corporate criminal liability risk? - Stacey McEvoy
Corporate culture and effective compliance
Expect more scrutiny of how corporate culture and compliance interact. Authorities want to understand an organisation’s culture and how it ensures that its employees understand and comply with the rules. The design and effectiveness of a compliance programme will be scrutinised. Large global companies with sophisticated policies and procedures have fallen foul of financial crime laws where the culture of the organisation tolerates misconduct. We expect to see continued scrutiny by authorities on ‘tone from the top’ and the tone from within (ie middle management). The U.S. DOJ has made announcements concerning how organisations police the use of personal devices and ephemeral messaging. Executive compensation and incentives (and particularly clawback) are also a focus. These issues are also very topical in the UK given the removal of the bankers’ bonus cap.
How to respond: How an organisation responds to issues that arise is seen as a litmus test for the effectiveness and resilience of its culture. The continued implementation of the EU Whistleblowing Directive across many EU Member States highlights the importance of whistleblowing programmes that are fit for purpose.
Chief Compliance Officers and other senior leaders with compliance responsibilities will want to keep fully up to date with evolving expectations of regulators, especially given that they are an enforcement focus for the SEC, and new DOJ certification requirements for post-enforcement compliance programmes in the U.S.
Conflicting laws driven by geopolitics
Expect increasing global geopolitical tensions to ensnare more businesses. The dynamics of geopolitics and national security concerns mean that businesses can increasingly end up as pawns, often being stuck between conflicting requirements that necessitate delicate navigation.
The U.S. authorities are increasingly viewing traditional enforcement actions through a national security lens. The data and national security laws in China need to be carefully considered during any investigation which has a Chinese nexus. Many countries in Europe are tightening their sanctions frameworks and increasing sanctions enforcement, and the EU has successfully concluded negotiations for a new directive harmonising criminal law standards and penalties for sanctions violations across the EU.
How to respond: Businesses will need to consider the commercial, legal and enforcement context to adopt a sensible path through these national security-driven and often conflicting requirements.
Data – protecting yours (and others’)
Expect continued attention from regulators and enforcement agencies as they double down on data protection. More jurisdictions are introducing data protection laws or national security laws which apply to a business that needs to move or use data during an internal or external investigation.
How to respond: Understand the legal and enforcement context that applies to any use or movement of company records, documents or any other data during an investigation. There is no substitute for being attuned to the attitudes of authorities and third parties involved, and knowing the options when navigating a path that deals with data privacy and other legal concerns while at the same time enabling the business to investigate allegations of misconduct or meet requests from foreign regulators.
Expect enforcement agencies to want to see evidence stored abroad. Criminal authorities are keen to have the ability to access data held abroad relating to a business under investigation. There have been law reforms or proposed law reforms aimed at making it easier for authorities to obtain data directly from foreign third-party communication service providers. There have been legal challenges over authorities’ ability to access data or compel production of documents abroad.
How to respond: Lawyers involved with external investigations need to understand the proper remit of authorities’ powers to order or seek disclosure of data held abroad (eg by a holding company or by a third-party communications service provider). This insight should inform a workable, risk-reducing approach to disclosure as well as capitalise on cooperation credit if a company decides to provide documents that go beyond what an authority is legally entitled to compel.
Expect cybersecurity to remain a priority. Businesses face hefty fines, and cybersecurity remains a favourite on many authorities’ compliance and enforcement agendas. The pandemic provided a breeding ground for cyber criminals to infiltrate organisations on a scale not seen before, with ransomware as the malware of choice for many seeking to cause maximum disruption to businesses.
How to respond: The most effective way to address the threat of these attacks is to invest in strong defences, experienced personnel and implementing robust processes and procedures so that a business stands ready to react, respond and remediate any incidents that occur.
Should we expect to see more enforcement related to cyber resilience? - Rachel Green
The risk/benefit analysis on ‘cooperation’
Expect to have to weigh up the pros and cons of cooperation. Many developed regimes encourage a business under investigation to cooperate with the authorities to obtain ‘credit’ which can, in turn, mean a greater prospect of avoiding a corporate conviction and help to secure a discounted fine. In 2023 the U.S. introduced new incentives for businesses to disclose misconduct even where there are aggravating factors. The Hong Kong SFC has emphasised the importance of voluntary and prompt reporting. In France, March 2023 revised guidelines on internal corruption investigations advise companies to inform the criminal authorities ‘as soon as possible’.
How to respond: Sometimes businesses receive large discounts on fines for cooperation during an investigation, despite not having self-reported. There are many factors to consider when deciding whether to self-report, including the perceived benefits regarding a discount on fine, the options available to a prosecutor in any given jurisdiction, and whether the authorities are likely to find out anyway, eg from the extensive cross-border cooperation which is now the norm between many jurisdictions. Consider whether penalty discounts for self-reporting/cooperation are sufficiently differentiated from a business that is convicted following a guilty plea or does not initially self-report. The degree of cooperation that a business will want to engage in should be informed by an understanding of the advantages and disadvantages, its approach in other jurisdictions, and an analysis of the risk of corporate criminal liability, which varies by jurisdiction.
Unsanctioned communication channels
Unauthorised use of unmonitored personal devices and encrypted communication applications. This is widespread, and poses significant enforcement risk, particularly to those in regulated sectors. It also impairs the ability of internal investigators to access and uncover facts quickly should an allegation of misconduct arise. The U.S. DOJ has issued new guidance in this area for all businesses, not just those that operate in highly regulated sectors.
How to respond: General Counsel and Heads of Risk must ensure that employment policies and agreements are fit for purpose, and actively policed. One approach is for policies to make clear that personal devices cannot be used for business purposes in any circumstances, and then to reiterate this message in the regular compliance training and communication programme. Privacy and employment laws can pose additional challenges to consider if access to a personal device becomes necessary. A common practice is developing to retain pool counsel or independent counsel for individual employees to review and identify responsive correspondence from an employee’s personal device. Obtaining consent to access a personal device, particularly during the throes of an investigation, can create tensions, as well as test your policies and employment agreements.
Investigate how technology can help to quickly search data to pinpoint key communications during an investigation. Using technology to do the heavy lifting at the document review stage often saves costs in the longer term and narrows the scope of manual review needed.
Our lawyers have a vast amount of strength and depth in many geographical areas and are used to helping our clients navigate all these issues to reach effective and practical solutions. If you would like to discuss any of the issues arising in this publication with our team, please contact amy.edwards@allenovery.com.
Country executive summaries
Regulators and enforcement authorities in Australia intensified their efforts to curb white collar crime in 2023. They targeted fraud, money laundering, tax evasion, cybercrime, and corruption across multiple industries, including the financial services and consulting sectors. These enforcement efforts have been, and will continue to be, bolstered by the introduction of key amendments to legislation.
In Belgium, we continue to see increased investigation and prosecution of corruption, fraud, modern slavery and workplace misconduct, especially in the construction, transportation and financial sectors.
Investigations are boosted by a continued trend of a professional speak-up culture as well as the new Belgian Whistleblowing Act, which grants protection to whistleblowers who report wrongdoing.
The EU continues to shape the criminal law framework and enforcement practice in Belgium. The European Public Prosecutors Office launched an array of new cases in 2023, a new legislative package which aims to facilitate cross-border access to e-Evidence in criminal matters, and a new directive has been proposed to protect the environment through criminal law. Sanctions enforcement seems to be gaining more priority, with the EU having reached political agreement on how to harmonise criminal law standards and penalties for sanctions violations across the EU.
2023 was a year mixing old and new themes. Data issues were still a major challenge for multinational corporations conducting internal investigations in China. Data compliance remained a key area of enforcement, despite some relaxation of regulations to facilitate the digital economy and cross-border business.
Commercial bribery enforcement also became more active, as the authorities marked the 30th anniversary of the PRC Anti-Unfair Competition Law. The revision of the PRC Anti-Espionage Law raised some concerns about national security enforcement, but also clarified enforcement rules and powers.
The "compliance in lieu of prosecution" programme offered some opportunities for companies to avoid prosecution for minor corporate crimes, if they improved their compliance systems under the Procuratorate's supervision.
The healthcare and pharmaceutical sector faced a large-scale anti-corruption campaign.
Environmental, Social and Governance litigation continues to be a hot topic, before both the French commercial and criminal courts.
The number of French-style deferred prosecution agreements (Convention Judiciaire d’Intérêt Public, CJIP) between corporates and public prosecutors, in particular the National Financial Prosecutor’s Office, is still on the rise.
The fight against tax fraud and laundering the proceeds thereof has been a priority for French criminal authorities, who continue to launch extensive investigations into major financial institutions and request cross-border cooperation from their foreign counterparts as soon as there is a foreign nexus.
New laws are currently being debated in the French Parliament to introduce a new facilitation of tax fraud criminal offence and to increase resources allocated to the detection and punishment of tax fraud committed against the French Treasury.
German authorities have intensified and accelerated their enforcement activities in 2023, following a slowdown of both investigations and court proceedings during the pandemic. This had led to a surge of dawn-raids in corporate crime cases, including at private homes of senior executives. Criminal tax matters were again the focus of enforcement activities, with further criminal trials on cum/ex transactions, new investigation proceedings into cum/cum transactions and enquiries by public prosecutor’s offices into transfer pricing arrangements and the tax residency of foreign companies. The German legislator introduced a series of new criminal and administrative offences and announced plans to establish a Federal Office for Countering Financial Crimes (Bundesamt zur Bekämpfung der Finanzkriminalität).
Hong Kong has seen cryptocurrencies grow in popularity, highlighting the need for appropriate licensing regimes (implemented in the form of virtual asset service providers), bolstered by active enforcement actions. While some have criticised the regulators for taking too little action too late, it is clear that the SFC takes investor protection seriously and will continue to do so into 2024. Any unlicensed activities harming investors, particularly those of a fraudulent nature, will not be tolerated. Outside of the crypto markets, prompt reporting and voluntary cooperation with authorities are crucial for earning cooperation credit and leniency, while proposed legislative reforms in crowdfunding, cybersecurity, stablecoins, and personal data (including fines for data breach) are on the horizon.
After the pandemic induced economic slowdown, 2023 has seen a revitalisation of criminal investigations by Italian enforcement authorities, particularly on tax fraud and evasion, and money laundering. These include several large cross-border tax fraud investigations instigated by the European Public Prosecutors Office.
In-house legal teams and boards of Italian and foreign companies doing business in Italy should keep appraised of legislative changes introduced at local and EU level. New EU-derived rules on whistleblowing, implemented in Italy in 2023, are likely to lead to more internal and external investigations.
The list of Italian economic crime offences capable of triggering corporate criminal liability has been expanded. Many of the new offences relate to public procurement, so we expect to see an uptick in enforcement in this area.
Law enforcement agencies focused on sanctions compliance, environmental protection matters, money laundering and bribery-related inquiries. Dawn raids were conducted primarily by the Office of Competition and Consumer Protection, only being assisted by the police.
In-house legal teams were frequently involved in responding to cybersecurity incidents, data leaks and frauds.
Significant criminal law amendments were introduced in 2023, including tightening white collar crime laws. A new offence of ‘obstructing a private tender’ was introduced. Shareholders also gained a new right to report management action that has put a company at risk of financial loss and to request prosecution.
More investigations by the Polish Financial Supervision Authority are expected. Its new Criminal Matters Department focuses on market abuse, manipulation, and insider trading. It has declared fighting market abuse in particular to be a top priority.
Due to the upcoming government change in Poland, extensive investigations concerning state-owned entities and their counterparties on various projects and investments are imminent.
The EU Whistleblowing Directive will finally be implemented into the Polish legal system. Once this happens, an increased number of reports is expected which is likely to lead to more internal and governmental investigations.
As anticipated, the Financial Action Task Force grey-listed South Africa in 2023, despite a variety of reforms proposed and enacted to avoid this. The predominant view is that FATF took action due to the ongoing consequences of ‘state capture’ – the four-year-long Judicial Commission of Inquiry into Allegations of State Capture, Corruption and Fraud in the Public Sector including Organs of State identified a number of deficiencies in South Africa’s investigative, prosecutorial and anti-money laundering framework. A detailed response plan, recently published by the Presidency of South Africa, describes how the government is taking action to respond to the wide-ranging and damning conclusions of the Zondo Commission.
The Presidency, parliament, law enforcement and regulators continue to pursue criminal prosecutions and administrative penalties against offenders, recovering funds and implementing necessary legislative and institutional reforms.
2023 was marked by several new and continuing trends in the Netherlands. The scope of legal privilege remained a contentious issue with the criminal authorities. Internal investigations by lawyers increasingly faced scrutiny by authorities and courts, especially regarding their independence.
Important trends included investigations into dividend stripping, increased attempts by non-governmental organisations and special-interest groups to mobilise criminal and regulatory authorities to take enforcement action, and workplace investigations in response to misconduct in the corporate environment. We expect these trends to continue in 2024.
During 2023 the UAE implemented significant legislative and structural reforms in a number of areas including: financial crime compliance, data protection, corporate accountability and whistleblowing, and virtual assets regulation.
In the anti-money laundering, counter-terrorist financing and sanctions space, the UAE has continued to enhance its regulatory regime, with a view to securing removal from the Financial Action Task Force’s ‘grey list’ of jurisdictions under enhanced monitoring. In June 2023, the FATF recognised the significant progress made by the UAE. Now that the required regulatory structures are in place, the key area for further development is enforcement activity. There has already been a dramatic increase in UAE enforcement activity and regulatory engagement over the course of 2023 (compared with 2022) and this trend is expected to continue in 2024.
Major reform to the rules on attribution for corporate criminal liability in 2023 means that it is now easier to prosecute a company for economic crimes. The old ‘directing mind and will’ test was replaced as from 26 December 2023 with a new ‘senior manager’ test which means that a broader range of employees can trigger corporate criminal liability.
A new ‘failure to prevent fraud’ offence was enacted, which applies to a large company (UK or non-UK) that fails to prevent an associated party from committing fraud in order to benefit the company or its clients. This offence will come into force late 2024. The only defence is having reasonable procedures in place to prevent fraud. Guidance is expected on reasonable procedures in Spring 2024.
Changes in leadership at the SFO, coupled with expanded pre-investigation powers, may see a reinvigoration of enforcement activity.
2023 was another eventful year in corporate enforcement.
A major shift has been the emphasis on national security interests in corporate criminal enforcement, including in FCPA cases, sanctions evasion, and corporate espionage. This focus has also driven a significant increase in enforcement resources.
There have been novel efforts to incentivize companies to disclose misconduct, including enhancing prosecutor discretion to offer a declination even where there are aggravating circumstances, provided that there has been prompt self-disclosure, cooperation, and the company’s compliance program was in shape at the time of the misconduct. The actions (or inaction) of compliance officers are being increasingly scrutinized.
Revisions to the Evaluation of Corporate Compliance Programs (ECCP) puts a renewed focus on financial incentives and disincentives (including insisting that companies claw back compensation from executives who have engaged in wrongdoing). The revised ECCP also contains heightened expectations regarding corporate management of employee use of ephemeral messaging, eg WhatsApp.
Ever deepening cooperation between the U.S. government regulators and their international counterparts continues to evolve, with the first ever U.S./Columbia and U.S./South Africa coordinated resolutions.
