Cross-Border White Collar Crime and Investigations Review
A summary of the key legislative and enforcement developments in cross-border white collar crime.
In-house counsel advising on investigations and financial crime risk at large multinational companies have had to contend with a plethora of developments over the past 12 months, not least the additional pressures from Covid-19. Whilst there was a softening of pace on some types of investigations by authorities, most are now back up and running.
More countries are introducing or amending financial crime laws, new types of businesses are being brought into the scope of existing laws, and there is a flow of guidance from enforcing authorities. Investigations lawyers and compliance specialists need to be nimble footed to help organisations adapt to new expectations, and mitigate the impact of issues that arise.
The Allen & Overy Cross-Border White Collar Crime and Investigations Review analyses the latest developments and trends, and highlights the most significant among the current and emerging issues that white collar crime and investigations in-house counsel should prioritise in the year ahead.
Looking ahead - managing key challenges this year
- Understand the evolving risk of corporate criminal liability
- Increase focus on culture and compliance
- Using, moving and not losing data
- Benefit from greater transparency on expectations of 'cooperation'
- Be alive to the pinch points on privilege
- Understand enforcement risk post Covid-19
- Don’t take your eye off intermediaries
- Adapt to stricter AML and CTF regimes
- Navigate conflicting laws driven by geopolitics
Understand the evolving risk of corporate criminal liability
Proposed and actual legislative reform in several jurisdictions is aimed at making it easier to convict large companies of a criminal offence. Some jurisdictions have adopted, or are considering adopting, the UK Bribery Act 2010 s7 model of ‘failure to prevent’ bribery. There is pressure on the UK government for this type of offence to apply to a broader category of financial crimes. This ‘failure to prevent’ model is echoed in the EU’s 6th Anti-money laundering directive (6MLD), whereby criminal liability is extended to corporates where a money laundering offence is committed for their benefit by an individual in a leading position within that corporate or where a lack of supervision or control by such individual has made possible the commission of a money laundering offence.
Any analysis of corporate exposure following allegations of misconduct should factor in the jurisdictions involved, and the risk of corporate (and of course individual) liability. Companies should reduce their financial crime risk, and maximise their chance of successfully mounting an ‘adequate procedures’ defence, where applicable, by implementing an effective compliance programme. There has been increased guidance from some authorities (in the US and UK) on how they evaluate corporate compliance programmes. Companies which formulated their policies some years ago should review relevant guidance, update policies, provide regular training to staff and ensure that both senior and middle management set the right tone in their behaviour and communications. This is particularly so given the accelerated move to remote working.
Increase focus on culture and compliance
Recent enforcement suggests that just having policies and procedures in place, even if externally certified, will not necessarily be adequate either to prevent financial crime in an organisation or to provide an 'adequate procedures' defence for a company faced with prosecution under the increasingly popular 'failure to prevent' type offences. How the policies and procedures are embedded in an organisation is critical to making them effective. The ABAC policies and procedures of a large global company were not enough to save it from a large fine in 2020 as the company had a ‘corporate culture which permitted bribery’. We expect to see even more scrutiny by authorities on 'tone from the top' and the tone from within (i.e. middle management).
How an organisation responds to issues that arise is seen as one of the litmus tests for the culture of an organisation. The identification of incidents through a proper compliance and whistle blower programme, a prompt and objective investigation, and appropriate remediation may be viewed positively by the authorities.
Using, moving and not losing data
More jurisdictions are introducing data protection laws or national security laws which impact data transfer. We expect to see increased data protection enforcement, with large fines, as existing data protection regimes begin to mature.Those involved with conducting internal investigations will need to:
- ensure protection of personal data, for example when reviewing employee devices and communications;
- check local laws to see whether there are any restrictions on transferring data across borders; and
- keep up to date on how these laws are being enforced – for example, China and Hong Kong have introduced new laws impacting data.
Data analytics offers insights to drive compliance programmes and authorities’ expectations in this regard are increasing. The US DOJ’s recent refinements to its guidance on corporate compliance programmes calls on prosecutors to consider: “Do any impediments exist that limit access to relevant sources of data and, if so, what is the company doing to address the impediments?”
Compliance teams should consider whether they use data effectively enough to inform the design, implementation and effectiveness of compliance programmes.
Finally, not losing data is a corporate imperative. Companies face hefty fines, and cybersecurity remains a favourite on many authorities’ compliance and enforcement agendas.
Benefit from greater transparency on expectations of 'cooperation'
Many developed regimes encourage a company under investigation to cooperate with the authorities in order to obtain 'credit' which can, in turn, mean a greater chance of avoiding a corporate conviction and help to secure a discounted fine. We see increasing transparency from some authorities on exactly what is expected and in-house counsel should make sure they are aware of guidance (e.g. from the UK SFO, US DOJ and French PNF) when dealing with the authorities.
Corporate appetite for cooperation will depend on the perceived benefits. In the UK, for example, there are concerns that DPA penalty discounts applied so far for companies that have genuinely self-reported are not sufficiently differentiated from a company that was convicted (following a guilty plea) or did not initially self-report but which was subsequently offered a DPA based on exceptional cooperation during an SFO investigation.
The degree of cooperation that a company will want to engage in should be informed by an understanding of the advantages and disadvantages, its approach in other jurisdictions, and also an analysis of the risk of corporate criminal liability, which varies by jurisdiction and, as above, is another evolving area of law.
Be alive to the pinch points on privilege
There is often a tension between an authority's expectations of cooperation, and rules on legal professional privilege. Some authorities are hardening their stance on privilege, eg by demanding either third-party certification of privilege claims or exercising or demanding more power to determine the applicability of legal privilege in particular cases.
In-house counsel are advised to continue to consider carefully how to manage issues of privilege and cooperation, perhaps adopting a tiered approach with 'crown jewel' privilege claims (for example communications with external lawyers) and other privilege claims which it may be less uncomfortable about waiving (for example, notes of interviews with some employees). Any decision to waive privilege must be informed by an analysis of the possible use that an authority may make of the material, including possible onward transmission by the authority to a third party.
Understand enforcement risk post Covid-19
Whilst there is some enforcement in most business sectors, there continues to be a higher level of enforcement worldwide, and record breaking fines, against some of the perceived 'facilitators' of financial crime such as financial services firms, in a number of areas including in particular AML and the facilitation of tax evasion. We are also seeing increased enforcement involving cryptocurrencies, life sciences and social media.
For all types of business, Covid-19 created the perfect storm for increased financial crime risk owing to the combination of volatile markets, economic pressure to perform, government financial relief packages, compliance staff and technology investment cuts, and home working. Whilst some authorities were impacted by Covid-19, most are now back up and running and will be under pressure to help recoup government finances by seeking out and fining businesses involved in misconduct during the pandemic.
If not already in hand, now is the time for businesses to redouble their efforts on compliance and accurate reporting/disclosures to the markets. Public companies should verify that there are robust policies and procedures in place designed to prevent the misuse of material non-public information and ensure that disclosures adequately address risks created by Covid-19.
Don’t take your eye off intermediaries
The use of intermediaries remains a high corruption risk. Like many previous years, enforcement actions in 2020 related to payments made to third parties concealed as, for example, consultancy fees, sponsorship or charitable donations. In the aftermath of the pandemic, and Brexit, we may see companies seeing to win work in new jurisdictions, including those that are less developed.
Companies must ensure that their policies and procedures around the use of such business partners are properly implemented, and reviewed on a regular basis to reflect the business as it evolves.
Adapt to stricter AML and CTF regimes
During 2020 we saw many more countries introducing or updating AML laws, even in countries which have historically had weak AML controls. We expect to see continued close scrutiny and large fines in this area, particularly around weak systems and controls. More types of companies and advisors are being brought within the scope of AML and CFT regulation as the law makers try to keep up with the money launderers and those who finance terrorism. The implementation of the EU's 5th Anti-money laundering directive has bought crypto asset exchange providers, custodian wallet providers, high value art market participants (e.g. art dealers and freeport operators) and high value property letting agents (previously it was just estate agents) into scope.
More countries are expanding the types of ‘predicate offence’ that can give rise to money laundering. For example, the EU’s 6MLD mandates predicate offences in all Member States to include environmental crimes, tax crimes and cybercrime, as well as more traditional examples such as the trafficking of drugs and humans, fraud and corruption. 6MLD also opens the door to corporate criminal liability for money laundering (see above).
All types of business, not just those in finance, should identify money laundering risks and implement controls, with appropriate senior management oversight, to mitigate them.
Navigate conflicting laws driven by geopolitics
Multinationals will be familiar with the financial crime laws in jurisdictions where they operate. As more countries amend their financial crime laws it is important that compliance takes account of new requirements. The dynamics of geopolitics at present means that businesses can end up being stuck between conflicting requirements that require delicate navigation (e.g. sanctions, trade controls, access to data). Businesses are also increasingly popular tools for exerting pressure on human rights abusers – 2020 saw the first EU and UK global human rights sanctions regimes being implemented.
Despite the geopolitics, there is undoubtedly more collaboration between some jurisdictions either informally or formally (such as the new European Prosecutors Office which is expected to bare its teeth in 2021). Any investigation that has touch points in more than one jurisdiction will likely involve the authorities talking behind the scenes at the investigation, charging and settlement stages. This will impact strategic decisions around interactions with authorities during investigations.
Our lawyers have a vast amount of strength and depth in many geographical areas and are used to helping our clients navigate all these issues to reach effective and practical solutions. If you would like to discuss any of the issues arising in this publication with our team, please contact firstname.lastname@example.org.
Australian regulatory authorities continue to pursue an aggressive enforcement agenda, with consequential increases in the workload of in-house litigation and investigation teams. The current regulatory agenda is being encouraged by a number of factors, including ongoing public criticism and fallout from the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, as well as substantial increases in funding by the Government for key regulators, including the Australian Transaction and Reports Analysis Centre. While the impact of Covid-19 appears to have resulted in a slight pause in the overall level of enforcement action, that trend is likely to be reversed as the Australian economy begins its recovery from the effects of the pandemic. The financial sector continues to draw much of the attention of regulators, but public statements by some regulators, as well as recent reforms, have radically changed the compliance landscape. Boards of all companies, regardless of sector, are under unprecedented pressure to manage conduct risk effectively.
The focus of Belgian prosecutors has increased with respect to sanctions, corruption and money laundering. Cyber criminality rising during the Covid-19 pandemic inevitably calls for a prosecutorial response. The College of Attorneys General still encourages the settling of financial and economic criminal cases, which effectively translates into a continuing increase in criminal settlements. Cross-border cooperation between judicial and regulatory authorities is intense, particularly in connection with the transfer of information, both at an EU and global level. Financial intermediaries continue to be targeted in fraud matters, especially in complex cross-border cases. We expect the focus on business responsibility for human rights to increase in 2021.
Despite a tumultuous 2020, China remains on track to complete an ambitious legislative plan, with clear acceleration of major white collar crime legislation and laws that will impact cross-border investigations. 2020 saw a new Securities Law issued, the long-awaited Provisions on the Unreliable Entity List adopted, a new Export Control Law enacted, a significant amendment to the criminal law passed, and the release of a new proposed Personal Information Protection Law that potentially impacts cross-border investigations.
We also observed increased enforcement activity against financial institutions as China’s economy recovered from the pandemic, exemplified by rigorous enforcement against intermediaries for due diligence failures in the capital markets, and against banks and third-party payment institutions for anti-money laundering violations. Following the rapid legislative progress this year, we expect a deluge of enforcement in the years to come.
France has asserted itself as a hub for white collar crime enforcement in recent years. Spearheaded by the National Financial Prosecutor’s Office (PNF), the white collar criminal enforcement landscape continued to evolve in 2020 towards greater collaboration with overseas enforcement authorities, record-breaking corporate settlements, and some unprecedented large fines.
The PNF came under heavy fire in 2020 after numerous scandals concerning alleged political pressure and aggressive methods. Eric Dupond-Moretti, a former lawyer, and outspoken critic of the PNF’s methods, was chosen to be the new Minister of Justice in July 2020. This criticism may curb the expansion of the French white collar crime enforcement arsenal and push the legislator towards a more balanced rapport between companies and enforcement authorities.
The criminal enforcement environment in Germany remains robust. Criminal investigations into cum/ex trades are being pursued with high intensity. After the first criminal trial on cum/ex trades ended with convictions of the two defendants and a confiscation against a German bank in March 2020, new trials are currently being prepared or have already started. Besides this, the Wirecard scandal shocked Germany in June 2020 and resulted in criminal allegations and investigations. Furthermore, criminal investigations into the diesel emissions scandal are still affecting many car manufacturers and car components suppliers.
A revised draft bill of a German Corporate Sanctions Act is currently being negotiated in the German Federal Parliament (Bundestag). The Corporate Sanctions Act, expected to be passed by September 2021, will introduce a new system of sanctions for corporate crimes and will impact the conduct of internal investigations.
German authorities are also focusing on the prevention of money laundering and terrorist financing. In line with European legislation, this has led to stricter regulations under the German Money Laundering Act and a draft bill to significantly expand the scope of application of the money laundering offence in the German Criminal Code.
Hong Kong saw the enactment of the National Security Law (NSL) in 2020. Corporations or financial institutions are likely to be carrying out detailed and on-going internal analysis to ensure their businesses are NSL-compliant from different perspectives, including anti-money laundering and data protection. Although financial regulatory enforcement actions remain relatively quiet during the Covid-19 pandemic, Hong Kong financial regulators continue to focus on “high-impact” cases and senior management accountability, and thematic reviews to ensure proper market standards are met. The Hong Kong Monetary Authority (HKMA) is expected to implement a mandatory reference checking scheme to address the “rolling bad apples” phenomenon. On the anti-corruption front, the Court of Final Appeal handed down a judgment in line with the modern anti-corruption legislation in challenging secret payments received by agents. Appellate guidance in an uncertain area of law concerning cyber fraud is expected soon.
Despite Covid-19, there was no stagnation in the investigation and prosecution of white collar crime in the Netherlands. The Dutch regulators and the Dutch Public Prosecution Service remained focused on the fight against money laundering and corruption. A collective transaction monitoring entity was established by five Dutch Banks to jointly monitor payment transactions for signals that may indicate money laundering. For large Dutch out-of-court settlements, a policy reform entered into force which introduces an assessment by an independent review committee. The Netherlands remains an active jurisdiction for cross-border white collar crime and investigations in 2020 and we expect this trend to continue in 2021.
The judicial commissions of inquiry into allegations of corruption and other forms of white collar crime have dominated the South African media cycle. The State Capture scandal remained a key issue in South Africa in 2020, with a number of enforcement actions commencing in 2020. At the same time, the Covid-19 pandemic has seen a wave of new corruption allegations, particularly regarding the procurement of personal protective equipment. In 2021, we expect to see further prosecutions and enforcement action, as well as civil recovery action in respect of misappropriated public funds.
United Arab Emirates
The UAE’s approach to white collar crime has come under particular scrutiny over the past year following scheduled reviews by international organisations and a number of high profile cases involving UAE companies.
The UAE has continued to develop and bolster its efforts to tackle white collar crime, both within its “onshore” jurisdictions and within the various “offshore” free zones, most prominently the Dubai International Financial Centre and the Abu Dhabi Global Market, which are subject to the same criminal law but which have their own compliance and regulatory regimes.
Recent legislation has expanded the remit of local regulators beyond financial institutions to cover other high risk sectors of the UAE economy. This has been the case for both onshore regulators (such as the UAE Central Bank) and offshore regulators, such as the DIFC’s Dubai Financial Services Authority and the ADGM’s Financial Services Regulatory Authority.
The implementation and enforcement of this new legislative framework is likely to be a major policy focus for the UAE in the coming years.
The UK has high ambitions to fight financial crime, though 2020 saw mixed success for enforcement authorities. While there were three more deferred prosecution agreements (DPAs), including the first with a non-UK company relating to conduct abroad, there were some high-profile failures of corruption prosecutions against individuals whose employers had already entered into DPAs and paid fines for the same alleged conduct. A failed prosecution of a large international bank saw the UK’s rules on corporate attribution examined and reaffirmed, adding fuel to the fire for those seeking reform to make it easier to hold large companies criminally liable. Looking ahead, we expect to see proposals unveiled later this year for reform of corporate criminal liability. There will be increased financial crime risk and enforcement resulting from the perfect storm of market volatility, financial pressures and home working resulting from Covid-19 (eg market abuse, fraud, tax evasion offences). The pressure on UK companies to enter new (perhaps emerging) markets post-Brexit may mean a higher corruption risk.
U.S. enforcement activity was down overall in 2020, with some notable exceptions. The overall scale of white collar criminal prosecutions in 2020 reached a record low. However, FCPA enforcement remained active, there was a burst of enforcement activity in the crypto space, and the size of financial penalties remained substantial. We also saw an increase in activity in antitrust enforcement and sanctions activity. In terms of policy, the DOJ and the SEC have become more transparent about the requirements of cooperation credit and have increased transparency and guidance for FCPA investigations. Enforcement focus was particularly evident with respect to healthcare and biotech industries, social media companies, the financial services industry, and cryptocurrency. The U.S. continues to increase its cooperation and coordination with other authorities as part of the investigation process. While President Trump’s administration winds down, we expect that President‑elect Joe Biden’s Justice Department will ramp up white collar crime enforcement, returning to a practice of increased scrutiny of corporate wrongdoing.
Download the Cross-Border White Collar Crime and Investigations Review
The 'Cross-Border White Collar Crime and Investigations Review' analyses the latest developments and trends, and highlights the most significant among the current and emerging issues that white collar crime and investigations in-house counsel should prioritise in the year ahead.