Skip to content

United Kingdom

The UK has high ambitions to fight financial crime, but 2019 saw mixed success for enforcement authorities. Whilst there were some successful prosecutions of individuals, and some decision making by the SFO (Serious Fraud Office) on legacy cases, there were some high-profile failures of SFO corruption prosecutions against individuals where their employers had already entered into deferred prosecution agreements (DPAs) and paid huge fines, for the same alleged conduct. The Office of Financial Sanctions Implementation saw its first three sanctions fines – but at quite low levels. Looking ahead, in the year of the Bribery Act’s 10th birthday, there was a significant start for the SFO with the ground breaking multi jurisdictional DPA with Airbus. Both the SFO and the Financial Conduct Authority (FCA) have stated their intention to make greater use of money-laundering related offences. We await the outcome of an appeal of KBR v SFO on the UK authorities’ ability to order a company to produce documents from overseas parent companies

Investigations trends/developments

Don’t rush into a DPA: A number of high-profile SFO corruption investigations of individuals have been dropped or the individuals acquitted, after their companies had already entered into DPAs (Rolls Royce, Sarclad, Guralp Systems, Tesco). The unsuccessful prosecution of individuals following the agreement of DPAs has highlighted the tensions where the illegal conduct in DPA statements of facts, agreed between the SFO and the corporate entity, is attributed to individuals who are subsequently acquitted at trial for the same conduct, or not even charged. Although the dial moves somewhat where companies are investigated for the “failure to prevent” offence under the UK Bribery Act in circumstances where they may not be able to fall back on the adequate procedures defence, the results may cause companies to consider carefully their position if invited to enter into DPA negotiations, given the difficulty the SFO has encountered in securing corruption-related convictions of individuals and the lack of track record of corporate convictions for bribery offences committed by their controlling minds.  

Parent companies may need to take responsibility: The UK’s fifth DPA, between the SFO and Serco Geografix Ltd, was the first to involve a group company (the parent) taking on substantial obligations, even though it was not liable for the underlying wrongdoing (fraud and false accounting by a subsidiary). Under a separate undertaking, responsibility fell on the parent for the payment of the financial penalty and to undertake the obligations required under the Serco DPA – ensuring that these are implemented by its subsidiaries. Read more.

SFO clarifies its approach to compliance programmes: The SFO updated its own operational guidance, adding a new chapter on compliance programmes.  The addition provides some limited insight into how the SFO will evaluate past, present and future compliance programmes when making decisions on, eg whether to prosecute, whether a company has a defence under s7 Bribery Act 2010 (ie “adequate procedures”), whether to offer a DPA, the terms of a DPA and sentencing. There is however no further guidance on the meaning of “adequate procedures”, which remain ill-defined and perhaps one of the most useful aspects of the guidance are the footnotes linking to the US DoJ and OECD guidance.

Documents and data stored abroad:  The SFO is keen to gets its hands on material stored abroad. SFO guidance for companies on co-operation issued in 2019 states that good practice for self-reporting includes providing “relevant material that is held abroad where it is in the possession or under the control of the organisation. The question of what is in the possession or control of an organisation will be difficult to determine where organisational structures are complex. A 2018 ruling said that the SFO can compel production of documents held extraterritorially by a U.S. parent company, even where that parent company is not the focus of the UK investigation, if there is a “sufficient connection” between that company and a UK company under investigation (KBR v SFO).  The KBR ruling was applied by the Court of Appeal in the civil context too, which held in January 2019 that a tax notice could be served on an individual overseas (Jimenez v HMRC).  The KBR appeal is due to be heard in October 2020. The outcome will impact the conduct of cross-border investigations. Read more.

The Crime (Overseas Production Orders) Act 2019 in conjunction with a new U.S./UK data sharing agreement will allows UK law enforcement agencies to apply to an English court to obtain electronic data directly from U.S. communication service providers, without the involvement of the U.S. authorities.  This means that large U.S. communications and social media companies may find themselves on the receiving end of English court orders to disclose communication records, to assist with criminal investigations.  There are tricky issues concerning the time frames for responding to such a request (seven days), confidentiality, privilege and data protection.  The extent to which these orders will be enforceable in the U.S. also remains to be seen. 

Financial Conduct Authority focus on financial crime: The number of FCA open enforcement investigations relating to financial crime has increased by 1.367% in the last six years; and the number of Skilled Person Reviews commissioned by the FCA into financial crime issues has increased by 100% in the last six years. In 2017/18 and 2018/19 financial crime was the most “popular” topic for Skilled Person Reviews, representing 38% and 41% respectively of the Skilled Person Reviews commissioned by the FCA in those years.  However, criminal enforcement is still a rarity despite the FCA’s avowed intent to pursue more criminal charges for the most egregious breaches of the money laundering rules.

The FCA openly said in 2019 that it wants to use its criminal powers to prosecute the most egregious breaches of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on Payer) Regulations 2017 (MLR)  (these impose more onerous obligations on certain types of business considered to be at higher risk of money laundering, eg financial services, accountancy, estate agents, law firms),  but to date nothing has hit that mark (yet). The FCA appears to be opening investigations and keeping the possibility of both civil (regulatory) and criminal action open throughout its lengthy investigations. These “dual track” investigations potentially present challenges for investigations lawyers, particularly as regards the treatment of individuals.  For example, how should subjects deal with a scenario where they may be interviewed under caution, and perfectly properly exercise their right to silence, only to be compelled to answer questions on overlapping subject matter? Lengthy investigations can place a particular strain on individuals concerned, giving rise to mental and physical health risks that need to be managed and which can disrupt the progress of matters. Such issues are, at present, largely dealt with on an ad hoc, investigation-by-investigation basis. Further guidance and clarity on dealing with these situations could benefit investigation subjects.

Whistle-blowers – playing an important role in the surfacing of wrongdoing: Across all sectors there is greater recognition of the importance of empowering workers, as the eyes and ears of their organisations, to expose malpractice. The financial services regulators are arguably taking the lead on driving best practice in this space. Following the introduction of a new whistleblowing regime in September 2016 for large financial institutions, and a review of how firms have implemented these rules at the end of 2018, the FCA is of the view that there is more work to be done. As part of the regulator’s vigilance in this area, it is challenging firms to demonstrate how, for example, the identity of whistleblowers are protected in the course of investigations, and what measures and safeguards are in place to protect whistleblowers from retaliation. As a result firms are busy stress testing their whistleblowing and investigation arrangements and ensuring their training encourages the raising of concerns and their appropriate handling. Firms outside of this sector may benefit from some of its lessons learned and the structural framework it has now adopted to facilitate and protect those who wish to come forward with concerns.

Cartels: Following the failure to secure convictions in the Steel Tanks cartel trial, and a guilty plea in the Concretes case, there have been no recent criminal prosecutions of individuals for criminal cartel behaviour and the UK Competition and Markets Authority (CMA) has not publicised any criminal investigations that may be ongoing, if any. There has however been a significant uptick in the CMA using their Competition Directors Disqualification powers against individuals where they have pursued the connected entities using their civil powers. The CMA is establishing a digital unit which will, among other things, look into monitoring the use by companies of AI and machine learning technologies. There is also greater attention on bid-rigging and work done to help public bodies spot potential issues. Whether or not this and their intelligence-led approach to investigations will lead to more criminal investigations remains to be seen. For more information on recent civil enforcement activity by the CMA and others, please see the Allen & Overy Global Cartel Enforcement Report.

Sanctions a slow start for OFSI: OFSI, created in 2016, imposed its first three penalties in 2019. These were for breaches of financial sanctions, by a bank (fined GBP5000), a foreign exchange provider (GBP10,000) and a tier one international telecoms carrier (GBP146,000). The creation of OFSI suggested that the historically low level of financial sanctions enforcement in the UK was likely to change.  It has not been a quick change, with these three penalties at a relatively low level

Cybercrime and data protection: The ICO has criminal powers but, to date, its criminal prosecutions for data protection breaches have been against individuals or small companies.  However, on the regulatory front, following the increase in the level of fines they can impose, in July 2019 the Information Commissioner’s Office issued a notice of its intention to fine British Airways GBP183 million and Marriott GBP99m for infringements of the General Data Protection Regulation caused by cyber-breaches. Both parties have made representations which the ICO is considering. More significant fines are expected in 2020.

Significant law reforms impacting corporate criminal liability

There have not been any changes in the law relating to substantive financial crime offences for corporates in 2019, save for some new company types being brought under the umbrella of the UK’s anti-money laundering regulations (see below). We are still awaiting the outcome of a 2017 consultation on whether there should be a new corporate criminal offence relating to a failure to prevent any type of economic crime – this new law could be modelled on the s7 Bribery Act 2010 offence. There was no mention of this in the Autumn Queen’s Speech so it looks like it is not a government priority.  A recent SFO failure to indict a large company on charges relating to fraud allegedly involving very senior individuals may however motivate the SFO to continue calling for this new offence. 

The UK Solicitor General has confirmed plans to implement changes to the UK’s Suspicious Activity Reporting regime, as recommended by the UK Law Commission, to make it more effective. This may help to deal with OECD recommendations, in its Phase 4 Report (March 2019) for the UK to improve corruption detection through AML reporting mechanisms. If implemented, this may lead to an increase in financial crime being detected from SARs.   

Internal investigations – key developments

The UK SFO issued long awaited guidance on what to expect if a company self-reports to the SFO.  The new guidance appears to offer more flexibility on when to self-report, referring to the need for reporting within a reasonable time of the suspicions coming to light, preserving available evidence and providing it promptly in an evidentially sound format. The guidance states that organisations should consult in a timely way with the SFO before interviewing potential witnesses or suspects, taking personnel/HR actions or taking other “overt” steps. Where privilege is claimed, the SFO will require a schedule of material withheld for privilege (including the basis for the claim) and organisations will be expected to provide certification by independent counsel that the material in question is privileged. Read more.

Sectors targeted by law reforms or enforcement action

The UK SFO issued long awaited guidance on what to expect if a company self-reports to the SFO.  The new guidance appears to offer more flexibility on when to self-report, referring to the need for reporting within a reasonable time of the suspicions coming to light, preserving available evidence and providing it promptly in an evidentially sound format. The guidance states that organisations should consult in a timely way with the SFO before interviewing potential witnesses or suspects, taking personnel/HR actions or taking other “overt” steps. Where privilege is claimed, the SFO will require a schedule of material withheld for privilege (including the basis for the claim) and organisations will be expected to provide certification by independent counsel that the material in question is privileged. Read more.

Cross border co-ordinated enforcement activity

Companies must now assume that most authorities are speaking to their overseas counterparts, and plan accordingly. Continuing the trend of greater cross-border information sharing and co-ordinated investigations, the UK enforcement authorities continue to regularly co-operate with their overseas counterparts. The Director of the SFO has publicly stated on many occasions the importance she attaches to international co-operation. Both the SFO and the FCA have had secondees from overseas enforcement authorities. For the Airbus DPA (signed January 2020), the UK had co-ordinated with the U.S. and France to reach co-ordinated settlements, which were all announced on the same day. 

The signing of the U.S./UK data sharing agreement in 2019 (see above) reinforces the trend towards increased cross-border cooperation between the UK and U.S. 

The SFO 2018/2019 Annual Report records receiving 41 Mutual Legal Assistance (MLA) requests and European investigation Orders (EIO), and issued 104 MLAs and EIOs to overseas authorities during the 12 months until 31 March 2019

Financial crime issue predictions for 2020

  • As follow-on civil claims on the back of criminal enforcement continue (and given the increased presence of specialist claimant firms in the UK), the need for investigations lawyers to carefully consider future civil litigation disclosure issues when co-operating with the authorities remains.
  • Disputes on privilege issues, and access to documents and data held abroad.
  • Conflicting demands by different authorities relating to document disclosure (see, for example, a 2019 decision which highlighted the care required by a party seeking to use or pass on, voluntarily or under compulsion, to the U.S. authorities documents disclosed by an opposing litigant in English civil litigation).
  • Managing dual-track regulatory/criminal investigations (see above)
  • Greater focus on compliance and culture will likely mean that compliance personnel continue to come under closer scrutiny in an investigation. Having policies and procedures will not be enough if the culture is not supporting the right behaviours.
  • Related to the above, there is a greater focus by regulators on non-financial misconduct and crime. The uptick in complaints of sexual harassment following #metoo shows no sign of retreat and will likely broaden out to include instances of severe bullying, in particular, by senior leaders.
  • Compelled interviews of senior members of companies under investigation to test “tone from the top” in investigations under s7 Bribery Act 2010
  • Careful trade-off when considering whether to self-report wrong-doing, taking into account the cost/benefit analysis of a DPA and enforcement risk.
  • Data security.
  • Data protection questions will inevitably remain in cross-border investigations Read more.

This article is part of the Cross-border White Collar Crime and Investigations Review.  Read our overviews and insights in other jurisdictions here.

“Distinguished investigations practice with extensive experience dealing with enforcement agencies around the globe. Features considerable strengths across a range of key jurisdictions such as Asia-Pacific, the USA and continental Europe as well as in its UK base.”

Chambers Global 2020, Global-wide Corporate Investigations


“Allen & Overy LLP’s corporate crime team is “practical and pragmatic”, and "is as adept at representing large multinational companies such as international financial institutions in business-critical investigations.”

Legal 500 UK 2019, Regulatory Investigations and Corporate Crime

Download the Cross-Border White Collar Crime and Investigations Review

The 'Cross-Border White Collar Crime and Investigations Review' analyses the latest developments and trends, and highlights the most significant among the current and emerging issues that white collar crime and investigations in-house counsel should prioritise in the year ahead.