Skip to content

United Kingdom

The UK has high ambitions to fight financial crime, though 2020 saw mixed success for enforcement authorities.

While there were three more deferred prosecution agreements (DPAs), including the first with a non-UK company relating to conduct abroad, there were some high-profile failures of corruption prosecutions against individuals whose employers had already entered into DPAs and paid fines, for the same alleged conduct. A failed prosecution of a large international bank saw the UK’s rules on corporate attribution examined and reaffirmed, adding fuel to the fire for those seeking reform to make it easier to hold large companies criminally liable.

Looking ahead, we expect to see proposals unveiled later this year for reform of corporate criminal liability. There will be increased financial crime risk and enforcement resulting from the perfect storm of market volatility, financial pressures and home working resulting from Covid-19 (eg market abuse, fraud, tax evasion offences). The pressure on UK companies to enter new (perhaps emerging) markets post-Brexit may mean a higher corruption risk.


Investigations trends/developments

Don’t rush into a DPA

There have been no successful prosecutions of individuals following Deferred Prosecution Agreements (DPAs) and the corporate attribution rules mean that it can be difficult for prosecuting authorities to successfully prosecute corporate entities for criminal conduct. In 2020 some very high-profile post-DPA prosecutions by the SFO against individuals either collapsed or led to acquittal. This caused debate about whether the companies involved were wise to have entered into DPAs for conduct in which those individuals were alleged to have been involved. Did the weakness of the SFO’s cases against the individuals reveal inherent weaknesses in the case against the companies? Proponents of DPAs point to the benefits of finality and certainty rather than having a corporate prosecution hanging over a company for a number of years. Others question whether, given the continued difficulty that the SFO has suffered in successfully prosecuting large companies in criminal cases, companies should be rushing to enter into DPAs.

Rules on corporate attribution examined and reaffirmed 

The failed prosecution against a large bank has reinforced the narrow scope of corporate attribution in English law. The court decided that the conduct of the Chief Executive Officer and four senior individuals could not be attributed to the bank. The court reaffirmed the test for corporate attribution for crimes involving mens rea: the prosecutor must prove the guilt of the “directing mind and will” of the company. The ruling has added further fuel to the fire for those calling for reform of English law on corporate criminal liability.

Extraterritorial reach of UK Bribery Act 2010 confirmed

Of interest to non-UK companies, the 2020 DPA with a global aerospace company, reached as part of a coordinated settlement with French and U.S. authorities, was the first, given the lack of UK conduct, to apply to a non-UK company through it ‘carrying on a business’ in the UK. The judgment did not examine the test in any detail, save that it found that the UK nexus (which was agreed as part of the DPA) was the Dutch parent company’s “strategic and operational management” of UK subsidiaries. This means that a non-UK parent company’s management of UK-incorporated subsidiaries may make the parent subject to the Bribery Act, even for conduct that is unrelated to the UK.

Access to documents held abroad

Also of interest for non-UK companies, the UK Supreme Court heard the KBR v SFO appeal on the question of whether powers granted to the SFO to compel individuals or companies to produce evidence, have extraterritorial effect. This will determine whether the SFO has power to order KBR, a U.S. company, to produce documents held abroad in relation to the SFO’s investigation into a UK subsidiary. A 2018 Court of Appeal ruling in the case said that the SFO can compel production of documents held extraterritorially by a U.S. parent company, even where that parent company is not the focus of the UK investigation, if there is a “sufficient connection” between that company and a UK company under investigation. The outcome will impact the conduct of cross-border investigations. Read more.

Cross-border coordinated enforcement activity

Companies must assume that most authorities are speaking to their overseas counterparts, and plan accordingly. Continuing the trend of cross-border information sharing and coordinated investigations, the UK enforcement authorities continue to cooperate with overseas counterparts. The Director of the SFO has publicly stated on many occasions the importance she attaches to international cooperation. Both the SFO and the FCA have secondees from overseas enforcement authorities.

In 2020 the SFO worked closely with the U.S. and French authorities to reach the world’s largest-ever bribery and corruption coordinated resolution, imposing a record-breaking EUR3.6 billion fine on a global aerospace company. For this DPA, the SFO and PNF had worked as part of a Joint Investigations Team, which is an EU mechanism.

The UK-EU Trade and Cooperation Agreement, implemented in the UK by the EU (Future Relationship) Act 2020, contains provisions on cooperation in criminal matters, including for mutual legal assistance and the freezing and confiscation of criminal property. It is too early to tell how this new regime will operate, but it is unlikely to be as timely or effective for law enforcement authorities as the EU-wide mechanisms pre-Brexit. Informal cooperation is likely to continue, but for now we may see the investigation of serious crime involving Member States taking longer.

There has also been some cooperation at the legislative level. A new UK/U.S. bilateral agreement for accessing electronic data in cases of serious crime has entered into force in the UK. The agreement permits UK law enforcement agencies to apply to an English court to obtain electronic data directly from U.S. communication service providers, without the involvement of the U.S. authorities, a mutual legal assistance treaty or any of the other cumbersome routes currently used. There are tricky issues concerning the time frames for responding to such a request, confidentiality, privilege and data protection. The extent to which these orders will be enforceable in the U.S. also remains to be seen. Read more here.

Significant law reforms impacting corporate criminal liability

The scope of the UK’s money laundering regime was broadened in 2020 to include crypto asset exchange providers, custodian wallet providers, high-value art market participants (eg art dealers and freeport operators) and high-value property letting agents (where previously it was just estate agents). An expanded definition of ‘tax adviser’ means that those who offer material aid or assistance on tax matters also come within scope. The Money Laundering Regulations 2017 (MLRs) were also amended to allow law enforcement to request a wide range of account information from credit institutions to help them identify account holders and beneficial owners of funds. There are also non-substantive Brexit related changes to the UK’s AML laws to ensure that the regime works with the UK outside the EU.

A new autonomous UK sanctions regime came into force on 1 January 2021 as a result of Brexit. While many of the UK sanctions are very similar to the EU equivalents, there are some important differences (for example over the meaning of ‘ownership and control’). Companies will need to review their sanctions compliance and screening procedures.

The UK introduced a Global Human Rights Sanctions Regime in 2020, imposing asset freezes and travel bans on persons, in Myanmar, Russia, Belarus, Saudi Arabia, North Korea, Venezuela, The Gambia and Pakistan, accused of being involved with human rights abuses. This new regime was the UK government’s first use of its new “Magnitsky” power under the Sanctions and Money Laundering Act 2019.

Looking ahead, law reform of corporate criminal liability has gathered impetus. The SFO and others are keen for there to be more ‘failure to prevent’ type corporate criminal offences along the lines of the ‘failure to prevent’ bribery offence and ‘failure to prevent’ the facilitation of tax evasion offence that are currently on the UK statute book. The Law Commission has been asked to consider corporate criminal liability even more broadly, not just economic crime. It is expected to report in 2021. After the failed bank prosecution (above) there is even more pressure on the government to reform the law to make it easier to find a large company criminally liable.

Internal investigations – key developments

The SFO published its own internal guidance on DPAs, which provides information about the circumstances in which the SFO will consider offering a DPA to a company. There is nothing hugely revealing in the guidance over and above what we have already heard in speeches, inferred from previous DPAs or seen in the CPS DPA Code of Practice. It confirms that cooperation will be considered ‘in the round’. For example, we have seen from previous DPAs that self-reporting misconduct is not a pre-condition to a company being offered a DPA. The guidance confirms that self-reporting within a reasonable time is an important aspect of cooperation but a failure to do so is not a bar to a DPA. Previous cases have shown that a failure to self report can be atoned for by later exceptional cooperation. Even a failure to offer exceptional cooperation throughout does not preclude a DPA, although it may affect the fine discount – a DPA entered into in 2020 contained a fine discount of 40% (rather than the more common 50%) as the company was said to have only fully cooperated quite “late in the day”. There will of course be other factors to take into account on the delicate decision of whether to self-report, such as whether corporate liability (absent a failure to prevent offence) is likely to be proved and whether there are already obligations to report to another authority (eg a regulator or because of AML concerns).

On privilege and waiver, the guidance confirms that waiving privilege will be seen as cooperative, but a company cannot be penalised for not waiving privilege.

For evidence collection and review during an internal investigation which involves data being transferred to the UK from an EU Member State, the EU/UK Trade and Cooperation Agreement contains a four to‑six‑month transition period on data protection, during which time the UK is not treated as a “third country” under the EU GDPR. This means that, for now, businesses do not need to change their compliance processes regarding transfers of personal data between the UK and the EU. It is hoped that during this transition period we will see the European Commission make a decision on the adequacy of the UK’s data protection laws allowing for free transfer on a more permanent basis. The UK had already indicated separately and independently that it regards the EU as offering adequate protection.

Sectors targeted by law reforms or enforcement action

There will inevitably be pressure on law enforcement bodies to prioritise investigations into pandemic-related crime during 2021. This may result in the SFO taking forward more fraud cases than new bribery cases in the short term. The FCA will be keen to investigate allegations of market abuse during the pandemic. Outside pandemic-related enforcement:

  • We expect to see greater focus on tax evasion enforcement. For the ‘failure to prevent’ facilitation of tax evasion offence HMRC (which is responsible for domestic tax evasion offences, while overseas tax evasion falls within the SFO’s remit) reports that it has 13 corporate investigations ongoing across a range of sectors, and 18 live opportunities under review.
  • We expect to see FCA enforcement in the UK related to Cum-ex. The FCA has been carrying out a number of investigations relating to Cum-ex,[1] whereby shares have been traded quickly to earn duplicate tax refunds on dividend payments. There are related investigations throughout Europe. Any financial institution with the potential for cum-ex exposure (eg if it has a dividend arbitrage desk) should assess its exposure.
  • While we are yet to see FCA criminal enforcement of AML breaches, in 2020 there were some very large corporate fines for AML systems and controls failings. AML enforcement may receive a boost if the government delivers on its plans to overhaul the suspicious activity reporting regime. This may help to deal with the OECD recommendations in the Phase 4 Report (March 2019) for the UK to improve corruption detection through AML reporting mechanisms. If implemented, this may lead to an increase in financial crime being detected from SARs.

Financial crime issue predictions for 2021

  • Post-Covid-19: crime rises when individuals are under financial pressure. The combination of remote working, reduced compliance budgets, volatile markets and financial pressure may lead to increased risk of financial crimes such as market abuse, fraud and misleading the market. GCs will need to be agile to respond to this risk, and ensure that compliance policies and speak-up programmes are refreshed and firmly embedded culturally in their organisations.
  • Delay: the UK’s coronavirus lockdown has had an impact on the ability of some authorities to effectively pursue their investigations. We expect to see a knock-on effect on charging decisions going forward. More prolonged SFO investigations are likely to result despite the SFO wanting to speed up its work. This is not good news for companies and individuals who are currently the subject of already lengthy investigations.
  • Brexit: we may see businesses seek to penetrate new markets, clients and industry sectors in 2021. This may bring a higher corruption risk.
  • Culture: the only defence for corporates faced with bribery or facilitating tax evasion allegations is ‘adequate’ or ‘reasonable’ procedures. We expect to see a focus on the non-executive and senior board members’ tone from the top and corporate culture as authorities probe just how embedded compliance policies and procedures are. Senior managers may also be asked about the ‘tone from the middle’ or, as the FCA has termed, the ‘tone from within’.
  • Disputes on privilege issues, and access to documents and data held abroad will continue.
  • Careful trade-off is required when considering whether to self-report wrongdoing, taking into account the cost/benefit analysis of a DPA and enforcement risk.
  • Data protection questions will inevitably remain in cross-border investigations, read more.

This article is part of the Allen & Overy Cross-border White collar Crime and Investigations Review. Please visit the review homepage for our overviews and insights in other jurisdictions. 

[1] Bloomberg reports 14 active investigations into firms, and six into individuals, by the FCA. 



Download the Cross-Border White Collar Crime and Investigations Review

Silhouettes of people meeting

The 'Cross-Border White Collar Crime and Investigations Review' analyses the latest developments and trends, and highlights the most significant among the current and emerging issues that white collar crime and investigations in-house counsel should prioritise in the year ahead.