United Kingdom

• Investigations – important trends or developments  
• Important law reforms impacting corporate criminal liability
• Internal investigations – key developments  
• Cross-border coordination 
• Sectors targeted by law reforms or enforcement action 
• Predictions for 2023   

Investigations – important trends or developments  

A mixed year for the SFO 

Disclosure by the SFO should be an area of focus for any defendant in an ongoing investigation. The SFO has, in two independent reviews, been the subject of repeated criticism for disclosure failings which led to the acquittal of individuals in two prominent cases. The Brian Altman KC report made a series of recommendations to improve the way in which the SFO conducts disclosure following the acquittal of individuals allegedly linked to frauds committed by two UK companies (the companies had both entered into DPAs). Another independent report, by Sir David Calvert Smith, this time concerning disclosure in cases against individuals linked to the Unaoil corruption scandal, found multiple failings including inappropriate interaction between the Director of the SFO and a third party.

The SFO will take some solace from its fine of GDP 280 million against a major commodities trader and mining company, which had pleaded guilty to overseas bribery. The case is the first‑ever use of the s1 offence of active bribery under the Bribery Act 2010 (in addition to a s7 charge) against a company. Previous convictions and DPAs under the Act have relied purely on the s7 ‘failure to prevent bribery’ corporate offence.

Other good news in 2022 for the SFO was: 

• The Economic Crime Bill is expected to extend the SFO’s pre-investigation powers to all types of crime. Currently it can only exercise these powers in cases involving fraud and overseas corruption.
• The Law Commission concluding that there is a consensus on the need to reform corporate criminal liability – see further below. 

No publicity until after charge 

A person under a criminal investigation has a reasonable expectation of privacy before they are charged, including when the allegations relate to corruption, bribery and fraud by a company in a foreign country, ruled the Supreme Court in 2022 in Bloomberg v ZXC. The court dismissed an appeal by a financial news service over its reporting of an investigation by an unnamed UK law enforcement body. The chief executive of a regional division of the company had sued the news service for misuse of private information after it reported details of a letter of request sent to a foreign government seeking mutual legal assistance in relation to the investigation. The ruling means that negative publicity associated with a criminal matter involving a business and/or individual should not be reported in the press until after an individual (or the company) is charged. 

 A focus on AML and kleptocracy 

A new Kleptocracy cell has been formed within the UK’s National Crime Agency to focus on money laundering, corruption and sanctions evasions targeting corrupt Russian assets. Also, under the Economic Crime Bill, the NCA has been given power to issue information orders even where no suspicious activity report (SAR) has been submitted (currently this can only be done after a bank has submitted an SAR), which is likely to lead to more information orders being issued. Penalties for non-compliance include prosecution and fines.

The number of open FCA investigations concerning financial crime is in decline. However, in terms of enforcement outcomes, financial crime, and AML in particular, comes out on top. Since October 2021, 11 fines have been imposed on firms relating to financial crime systems and controls. This represents around half^[2] of all fines imposed on firms by the FCA in that period, compared with only two financial crime‑related outcomes in the previous year. To a certain extent, this is the result of a high number of open financial crime investigations in previous years working their way through the enforcement process and reaching a conclusion. Nonetheless, it is clear that financial crime remains a high priority for the FCA and it remains intent on sending this message.

The targets of the FCA’s AML enforcement activity have generally been brokers and banks.

Important law reforms impacting corporate criminal liability  

Proposal to reform corporate criminal liability  

The UK Law Commission concluded in July 2022 that there is a consensus on the need for reform of the English law rules on corporate criminal liability. The Commission proposed a number of options aimed at making it easier to make a company (and in particular large companies) criminally liable. While not going nearly as far as U.S.‑style vicarious liability, the preferred options included: 

• a new corporate ‘failure to prevent fraud’ offence – using the same model of liability as the failure to prevent bribery, and failure to prevent facilitation of tax evasion offences that we already have under the Bribery Act 2010 and Criminal Finances Act 2017 respectively
• amending the identification principle so that the conduct of a broader range of individuals (extended to ‘senior management’ not just the ‘directing mind and will’) can be attributed to the company, bringing the UK more in line with Canada
• a need for further consideration of new failure to prevent offences for ill treatment/neglect in the care sector, human rights abuses and computer misuse 
• new civil options to punish corporate fraud, including an administrative penalty regime for failing to prevent fraud, and new public reporting obligations on fraud prevention procedures 
• some amendments to individual officer liability.

This is the first time that the Law Commission has acknowledged a consensus on the need for reform. A government response is awaited. Efforts to include a new ‘failure to prevent fraud, false accounting and money laundering’ offence in the Economic Crime Bill have so far stalled. Want to know more? – see our blog. 

Reforms to tackle dirty money 

The financial services and professional services sectors have been the subject of much of the law reform in 2022 on money laundering and proliferation financing. They are also among the prime targets for reforms made to sanctions law, shortly after Russia invaded Ukraine. The Economic Crime (Transparency and Enforcement) Act 2022 toughened up UK financial sanctions laws, introducing strict liability for the civil offence of a breach of financial sanctions (replacing the old test of ‘knew’ or had ‘reasonable cause to suspect’). Now, a person’s intent or knowledge surrounding a breach of sanctions is irrelevant to the question of whether the UK sanctions enforcer, OFSI, has the power to impose a civil monetary penalty. Changes made in the Act make it easier for the authorities to obtain Unexplained Wealth Orders and also risk banks indirectly being put under the spotlight for the activities of their customers, due to media coverage of  these types of orders.

The Economic Crime Bill, which is currently making its way through Parliament, is also aimed at making the UK a less friendly haven for dirty money and at preventing UK shell companies from being used for dubious purposes. Measures include changes to information sharing within the private sector by allowing banks to notify other banks if they are exiting a relationship for money laundering concerns, or where another bank asks for information for financial crime prevention/detection purposes. In addition, it: 

• contains enhanced powers for law enforcement agencies to quickly and easily seize crypto assets 
• proposes reforms of Companies House, including enhanced powers to query and request information, new identity verification measures, and enhanced data sharing with law enforcement and other stakeholders
• tightens transparency requirements for limited partnerships. 

The Bill also tries to lighten the administrative burden for firms. There are changes made to enable firms to be able to pay away suspected criminal property (CP) in two new situations: (i) when exiting a client, provided the payment is not over GBP 1000; and (ii) where there are legitimate funds still in the account which are at least equal to value of the criminal property.

Internal investigations – key developments  

Chat 

Chat applications are increasingly used in the workplace, allowing workers to easily communicate and collaborate with each other. With much of the workforce now working from home at least part of the time, the enhancements in business efficiency and productivity gained from the tools means that the trend is here to stay. As a result, we are seeing more and more chat data in scope for investigations; merely searching standard document types such as efiles and emails is often no longer sufficient. This poses some novel challenges during an internal (and external) investigation for data preservation, collection, document review and production to the authorities. This area is the subject of ever-growing regulatory scrutiny, including by the UK Financial Conduct Authority (FCA). 

Document hygiene and the risk of follow-on litigation 

When communicating internally during an internal investigation, companies must be alive to the risk of follow‑on litigation, and the resulting disclosure obligations. There are currently a number of investor class actions pending off the back of financial crime‑related enforcement action.^[3]  It is too early to tell whether these types of claims will gain much traction. Companies need to assess the risk of such investor action as it may impact decisions made on self-reporting, privilege and cooperation. 

Sectors targeted by law reforms or enforcement action  

As mentioned above, the financial services and professional services sectors have been on the receiving end of much of the law reform in 2022 aimed at stemming the flow of dirty money into the UK. It has also been the subject of FCA enforcement action, specifically on AML systems and controls failings, a real area of focus for the FCA. Financial crime penalties continue to be among the highest financial penalties imposed on firms, in the regulated financial services sector, by the FCA. Penalties imposed on firms in financial crime cases, since 1 October 2021, total GBP 619.7 million^[4], including a criminal fine of GBP264 million^[5]. The NCA is recovering over GBP 50 million of what a major bank had proactively identified as criminal property in a first of its kind civil recovery action in which the account holders were not named in the court proceedings.

The property sector has been targeted by new requirements for overseas owners of UK property to disclose their beneficial ownership and keep it up to date. Entities which fail to comply will face restrictions on selling, leasing and charging their properties, will not be able to obtain legal title to certain newly acquired property and both the entities and their officers may be subject to criminal sanctions or civil penalties.

A House of Lords Committee targeted the telecoms sector, stating it must do more to tackle phishing emails and smishing texts before they reach victims. It recommended that powers should be swiftly introduced via the Online Safety Bill to make telecoms companies more accountable for fraud facilitated through their services (and a duty to report on tech, telecoms and ISPs of details of fraud reports to law enforcement and regulators). The telecoms sector will also be impacted by the coming into force of the UK/U.S. Data Access Agreement coming into force (see more below). 

The digital asset ecosystem remains high on the agenda for law reformers and enforcement authorities. Having already been brought into the fold of AML supervision in January 2020, in 2022 a new ‘travel rule’ was introduced requiring certain information on the originator and beneficiary of non-domestic crypto‑asset transfers to ‘travel’ with the transfer. Since August 2022 crypto-asset exchange providers and custodian wallet providers have also been included in reporting obligations under financial sanctions laws. The House of Commons Treasury Committee is conducting an inquiry into the use of the crypto-asset industry for money laundering and sanctions evasion.

Finally, the government has announced it will launch a call for evidence to look at the legislative framework that underpins the senior managers and certification regime (SMCR) and the FCA and PRA will review their regulatory frameworks for the SMCR. Both the FCA and the PRA have undertaken reviews of the SMCR in the past. Neither resulted in changes being made to the SMCR, but rather noted how successful the SMCR had been in terms of improving culture and driving up standards of conduct across the financial services industry. Against this backdrop, it is hard to see either regulator being in favour of sweeping changes to the SMCR that significantly dilute its requirements. 

Cross-border coordination 

Companies should assume that UK authorities are speaking to their overseas counterparts. The Director of the SFO has publicly stated on many occasions the importance attached to international cooperation. Both the SFO and the FCA have secondees from overseas enforcement authorities. Two of the FCA’s financial crime enforcement outcomes this year, relating to anti-bribery and corruption systems and controls failings, also involved fines and disgorgement or restitution to the Department of Justice in the U.S. The UK sanctions enforcer, OFSI, entered into a new enhanced partnership with its U.S. counterpart, OFAC, this year.

The UK/U.S. Data Access Agreement came into force on 1 October allowing for reciprocal direct access to communications data in cases of serious crime. From a UK perspective, this means that the FCA or SFO can obtain a UK court order which can be served directly on a ‘Covered Provider’ in the U.S. A U.S. court can make an order which can be served directly on a UK Covered Provider. A Covered Provider includes social media platforms, messaging services, data hosting, cloud storage – basically any business that provides clients with ability to communicate, process or store data. It is aimed at making it much quicker to access electronic data in investigations of serious crime. There are some data protection issues, and it is likely that we will see some challenges to these types of orders.

Predictions for 2023   

• Crime increases when individuals are under financial pressure. The cost‑of‑living crisis coupled with the combination of remote working, reduced/thinly spread compliance budgets, volatile markets and stressed supply chains increases the risk of financial crimes such as corruption, market abuse, fraud and misleading the market. Money mules are an issue that has been highlighted by the FCA. GCs and Heads of Risk will need to be agile to respond, and ensure that compliance policies and speak-up programmes are refreshed and firmly embedded culturally in their organisations. Training may need to be updated to reflect increased hybrid working. 
• We are likely to see a government response to the Law Commission options for reform on corporate criminal liability. Any new ‘failure to prevent fraud’ offence would require GCs to consider whether existing anti-fraud controls are sufficient. This may dovetail with wider corporate governance reforms, which are billed to include a new reporting duty for directors of large companies on steps taken to detect and protect against material fraud.
• The unauthorised use of unmonitored personal devices and encrypted communication applications is widespread, and poses significant enforcement risk particularly to those in regulated sectors. It also impairs the ability of internal investigators to find facts quickly should an allegation of misconduct arise. GCs and Heads of Risk must ensure that policies are fit for purpose, and actively policed. 
• Climate change funding (e.g. carbon offsetting programmes or low carbon development or renewable energy) often involves dealing with governments, and therefore presents a higher corruption risk. We expect to see more companies adding ESG to financial crime risk screens as bribery and corruption risk surfaces in carbon offset schemes. Many are already doing so. 
• More companies are likely to have to conduct internal investigations focusing on ESG (environmental, social and governance) issues, for example into treatment of workers in their supply chains. Careful thought will need to be given to how these investigations are structured, bearing in mind the chance of follow-on civil or regulatory action. 
• Disputes on privilege issues and access to documents and data held abroad will continue as enforcement authorities seek to explore the limits of their powers. GCs will need to be aware of the current interpretation of the authorities’ powers, and also any obstacles in meeting these requests, e.g. around data privacy and location of documents. There are likely to be early challenges to the use of the UK/U.S. Direct Access Agreement, including around privilege and data privacy. 
• As ever, careful thought needs to be given on deciding whether to self-report, when there is a choice. GCs need to be well informed of any legal obligations to report or immunity incentives to do so, eg antitrust). If there is a choice, and for the SFO in particular, GCs need to understand the cost/benefit analysis of self‑reporting. Typically, up to 50% discount to the financial penalty is given for a self-report and cooperation which leads to a deferred prosecution agreement. Conversely, based on prior cases, a one‑third discount may be offered for an early guilty plea.
• In the financial services sector, we expect the FCA to intensify its financial crime focus on new market entrants such as e-money firms and crypto businesses.
• Data collection, retention, monitoring and reporting will become increasingly important. The FCA, in particular, has promised to become a more data-driven regulator and will be relying on better analysis of automated data collection as well as web scraping and social media monitoring to identify harm and intervene more quickly. 

This article is part of the Allen & Overy Cross-border White collar Crime and Investigations Review. Please visit the review homepage for our overviews and insights in other jurisdictions.