Global Investigations Review - The law and practice of international investigations

The Guide to Monitorships - First Edition

Monitorships in the United Kingdom

Ropes & Gray

Monitorships are assuming an increasingly important role in corporate crime enforcement in the United Kingdom. Before the introduction of deferred prosecution agreements (DPAs) into the UK legal system, monitors were appointed under negotiated settlements entered into between cooperating corporate entities and enforcement authorities, but the statutory foundations for their appointment were less solid, and appointments were largely the product of prosecutorial improvisation. Monitors were perceived squarely as a feature of the US corporate crime enforcement landscape and their appointment in the United Kingdom drew significant judicial opprobrium.

Indeed, Lord Garnier QC, the architect of the statutory scheme introducing DPAs in the United Kingdom, has made clear that ensuring that DPAs provided (and were seen to provide) a mechanism for cooperating corporates to address historic misconduct constructively and efficiently was one of the UK government's key objectives. In the parliamentary debates that preceded the introduction of the legislation, the use of an independent monitor was one of the 'tough requirements' cited as something to which a company may be required to adhere, to avoid prosecution.2 Recalling the lengthy discussions leading to their introduction, Lord Garnier emphasised that the UK government had to strike a careful balance. It was at pains to avoid encouraging the development of any perceived 'gravy train' for professional services firms (which would have seriously undermined public and judicial confidence) but recognised the useful role that could be played by monitors to ensure that corporates followed up on the promises they made during settlement discussions.

Certainly, the introduction of DPAs cleared a path for monitorships to become a more common way of concluding criminal investigations involving corporate entities in the United Kingdom. Camilla da Silva, joint head of bribery and corruption at the Serious Fraud Office (SFO), noted in a speech in June 2018 that monitorships are considered as a tool 'to positively and genuinely assist in changing corporate behaviour'.3 As may be expected, given her previous experience as a US prosecutor and a monitor in private practice, Lisa Osofsky, the director of the SFO, appointed in September 2018, has also hinted at the potential utility of monitorships, saying that:

favourable dispositions will not be available to corporations unless and until their compliance systems work . . . in a way that good practices are embedded into the corporate structure so that they cannot simply be undone when no longer convenient . . . Corporate rehabilitation requires a strong, ongoing compliance function. Window dressing will not suffice. Expect [the SFO] to ask tough questions on this subject, as [the SFO is] not in the habit – nor will [it] ever be – of recommending DPAs for recidivists.4

It should not be assumed that monitorships in the United Kingdom will become as prevalent as they are in the United States, or that where they are used they will be as extensive in scope as their US counterparts. But with the SFO focusing on corporate integrity, it can be expected that the place of corporate monitorships in UK corporate crime enforcement practice will solidify. This chapter identifies the various statutory and other contexts in which monitorships (or equivalent arrangements) may arise in the United Kingdom; examines the shape they may take and lessons that may be drawn from analogous, longer established arrangements; and considers some specific issues that may be encountered in practice.

The nature and scope of UK monitorships

The appointment of a monitor at the conclusion of an investigation into corporate misconduct by UK enforcement authorities is less routine than in the United States. Where monitors are appointed in the United Kingdom, the scope of their engagements is typically significantly narrower than under corresponding US arrangements.

In the United Kingdom, improvements to compliance arrangements and changes to key personnel are effectively preconditions to the commencement of DPA (or other) negotiations and court approval of proposed settlements. Corporate entities seeking to demonstrate a clean break with historic misconduct will commonly have put in place arrangements akin to those that may be ordered under monitorship programmes in other jurisdictions long before agreements are made with enforcement authorities or ratified by courts.

This differs significantly from the position in the United States. The threshold applied by the US Department of Justice (DOJ) when deciding whether corporate entities have cooperated sufficiently to realistically expect to enter into a negotiated settlement is lower than that expected by the SFO and Crown Prosecution Service (CPS) in the United Kingdom. In the United States, remediation typically follows once a deal has been finalised.

The Crime and Courts Act 2013 (CCA) and the accompanying guidance permit and contemplate the possible appointment of monitors in appropriate cases but stop significantly short of prescribing or even encouraging it. The Deferred Prosecution Agreements Code of Practice (the DPA Code), which the SFO and the CPS are required to take into account when negotiating, applying to the court for and overseeing DPAs, sets out the roles, duties and mechanics of appointing monitors as a term of a DPA. The DPA Code sounds a note of caution in this regard,5 stating:

An important consideration for entering into a DPA is whether [the corporate entity] already has a genuinely proactive and effective corporate compliance programme. The use of monitors should therefore be approached with care. The appointment of a monitor will depend upon the factual circumstances of each case and must always be fair, reasonable and proportionate.6

This guidance reflects the comments of Lord Justice Thomas, who in R v. Innospec in 2010, expressed significant concerns about the costs of what he considered an expensive corporate probation order.7 The fact that a settlement incorporating a three-year monitorship had been agreed between UK and US prosecutors meant that he was constrained from giving effect to his concerns but made clear his profound scepticism about the need for the installation of a monitor at all. He pointed in particular to the steps already taken to address the root causes of historic misconduct, including replacing key senior executives, and the fact that the company's auditors were aware of wrongdoing.

Statutory frameworks for monitorships in the United Kingdom

In the United Kingdom, a monitorship – or an arrangement similar to a monitorship – can arise pursuant to various statutory and contractual frameworks. As already touched upon, the most recent and high-profile of these is the CCA, which enables them to be used to oversee a compliance programme imposed under a DPA.8 A review of the monitorships imposed under the CCA is set out below.

It is not the only scheme that may be used, however. The other statutory and contractual frameworks in which monitorships or similar arrangements may arise are discussed in more detail below.

Deferred prosecution agreements

Monitors appointed under UK DPAs have been, and are likely to continue to be, deployed in a more targeted manner than has been the case under US DPAs to date.9 Consistent with the guidance set out in the DPA Code (and the concerns expressed by Lord Justice Thomas in R v. Innospec), the monitorship components of settlements agreed to date (summarised in the table below) could more accurately be described as quasi-monitorships.

Date Company Summary of conduct Monitorship elements
November 2015 Standard Bank PLC Standard Bank's sister company, Stanbic Bank Tanzania had paid $6 million to a local Tanzanian partner to induce favourable treatment of a $600 million proposal made by Standard Bank. Required to commission a report on the company's anti-bribery and corruption (ABC) policies, including advice and recommendations on use of third-party intermediaries, ABC training systems and the effectiveness of their ABC programme and its awareness among employees. DPA concluded on 30 November 2018 as all terms had been complied with.
July 2016 XYZ Between June 2004 and June 2012 the company's employees and agents systematically used bribes to win contracts in foreign jurisdictions. None. XYZ's chief compliance officer was required to prepare annual reports for submission assessing the implementation of the company's new ABC policies.
January 2017 Rolls- Royce PLC Rolls-Royce hired commercial agents across multiple jurisdictions, making tens of millions of dollars of corrupt payments to individuals to secure contracts.

Rolls-Royce had previously appointed a compliance monitor to conduct an independent review of the company's ABC compliance programme, who had completed two interim reports between 2013 and 2014. The DPA requires Rolls-Royce to:

  • use best endeavours to procure the production of a third interim report by 31 March 2017;
  • deliver that report to the SFO within five days of its completion;
  • within 24 months of that report being produced, complete, to the compliance monitor's satisfaction, the actions recommended in all interim reports; and
  • procure a final report from the compliance monitor in respect of the implementation of all actions recommended in interim reports, provided he or she is satisfied.
April 2017 Tesco Stores Limited From February to September 2014, financial statements were improperly amended by 'pulling forward' income that should properly have resided in subsequent reporting periods, creating an overstatement of their profits. Within a month of the DPA being issued, Tesco was required to commission an accountancy firm to produce multiple reports and implementation plans commenting on:
  • controls applied to recognition of income;
  • operation of Tesco's commercial income governance body;
  • segregation of duties between commercial and finance; and
  • training and policies implementation.

The DPA Code states that a monitor's primary responsibility is to 'assess and monitor [the corporate's] internal controls, advise of necessary compliance improvements that will reduce the risk of future recurrence of the conduct subject to the DPA and report specified misconduct to [the SFO or the CPS as appropriate]'.10 The specific tasks of the monitor will vary widely and will typically be set out in the terms of the DPA, but can include the monitoring of any facet of the company's compliance programme.11 The appointment of a monitor, however, will not absolve the company's board of directors from the ultimate responsibility for identifying, assessing and addressing risks. The terms of the DPA will usually require the company to consent to the monitor's co-operation with the prosecuting authority.12

The DPA Code requires corporates to afford monitors 'complete access to all relevant aspects of the company's business during the course of the monitoring period as requested by the monitor'.13 The terms of the DPA will typically require that the company permits the monitor to have access to any material the monitor could reasonably request to fulfil his or her function.14 The DPA Code acknowledges though that a corporate subject to a monitoring arrangement may not be required to produce material subject to legal professional privilege (whether to the monitor or anyone else). The reports produced by the monitor are confidential, with disclosure restricted to the prosecution authority, the company and the court (unless otherwise permitted by law).15

Whether corporate entities entering into agreements with enforcement authorities that contain monitorship components should expect to be asked to produce privileged documents to monitors (and indeed the extent to which they are required to produce such documents in response to requests from monitors) is discussed more fully below. The extent to which monitors may be able or required to make onward disclosure of material provided to them in the course of their engagement is also considered below.

The DPA Code affords corporates and their representatives a much greater role in identifying appropriate candidates to act as monitors than was contemplated under previous legislation. As part of the DPA negotiations, corporates provide to the relevant prosecuting authority details of three potential monitors, including their relevant qualifications, specialist knowledge and experience, disclose any associations the potential monitors have had with the company, and identify their preferred monitor.16 The DPA Code directs the CPS and the SFO that they should ordinarily accept the company's preferred monitor but confirms that the relevant authority may reject the choice if it considers that there may be a potential conflict of interest or that the preferred candidate does not have sufficient experience or authority.17 Although not identical, these and other provisions of the DPA Code are reflective of guidance on the selection of monitors under US DPAs and non-prosecution agreements.18

If a monitorship is proposed to be a feature of the DPA, once agreement is reached on the identity of the monitor, the relevant prosecuting authority and the corporate entity will provisionally agree a detailed work plan for the first year, including the proposed method of review and frequency of reporting to the prosecutor.19 An outline work plan will be agreed to govern the monitor's activities for the remainder of the monitorship period. The work plan and outline work plan will also need to address costs of the monitorship, since monitorship costs (including reasonable costs associated with monitorships incurred by the prosecuting authority) are paid by the corporate.20 Some of the practical aspects of measuring the progress of ongoing monitorships and managing costs are discussed below.

The length of the monitorship will be agreed in the DPA following negotiations between the company and the prosecuting authority. It may be initially shorter than the term of the DPA itself, but can never exceed the term of the DPA. The monitor can recommend terminating or suspending the monitorship, if the company's policies and procedures are functioning properly without the need for further monitoring; or the monitor can recommend extending the monitorship, if the company has been, or will be, unable to successfully satisfy its obligations by the end of the monitorship period. The decision to terminate, suspend or extend the monitorship will ultimately be taken by the prosecuting authority.21

An important feature of the DPA regime is that the DPA, including any monitorship proposed, must be approved by the court. Sir Brian Leveson noted when reviewing (and ultimately approving) the proposed DPA between the SFO and Standard Bank that, in the United Kingdom, 'a DPA requires the informed, independent opinion of a judge before it can be effected; the agreement of the parties is not enough' and that the court will consider the prospective terms of the DPA 'individually and collectively, in order to determine whether to grant a declaration . . . that entering into it is likely to be in the interests of justice and that its proposed terms are fair, reasonable and proportionate'.22

Serious crime prevention orders

Serious crime prevention orders (SCPOs) are governed by Part I of the Serious Crime Act 2007 (SCA). They were added to the statute book substantially before the introduction of the UK DPA regime, but were not specifically directed towards corporate crime. Although they have been used to impose restrictions on individuals (in some cases in respect of the activities of corporate entities) following conviction, mainly in cases concerning serious and organised crime, there are no reported instances of authorities using them to resolve white collar investigations.

Under the SCA, when a corporate defendant is convicted of a 'serious offence' (which includes fraud, bribery and money laundering offences) the Crown Court can, on the application of the SFO or the CPS in England and Wales, impose an SCPO enabling the authority to contract with a person to provide monitoring services (the authorised monitor). An SCPO can also be imposed without there having been a criminal trial if the High Court is satisfied that a corporate has been involved in serious crime (which means committing or facilitating a serious offence, whether in England and Wales or elsewhere) and where there are reasonable grounds to believe that the order would protect the public by preventing, restricting or disrupting the company's involvement in serious crime.23

An SCPO may require the person subject to it to provide information or documents to the authorised monitor or answer questions posed by the authorised monitor.24 If deemed appropriate by the court, the person subject to the SCPO may also be required to pay some or all of the costs associated with the authorised monitor's engagement.25 Any documents or information produced to the authorised monitor under the SCPO will be retained by the relevant enforcement authority for as long as it considers necessary.

SCPOs are available to various enforcement authorities but have principally been used by the CPS (although there have been examples of their use by the Financial Conduct Authority (FCA) in cases concerning unauthorised business). It is possible that the SFO and other authorities may explore their potential application in larger scale cases (although they would only be made as a part of the sentencing process following conviction rather than as part of a negotiated settlement).

Civil recovery orders

Civil recovery orders (CROs) (under Part 5 of the Proceeds of Crime Act 2002 (POCA)) are civil orders available to the CPS, SFO, FCA and other enforcement authorities as a tool to conclude criminal investigations (whether or not there has been a parallel prosecution).26 They allow enforcement authorities to recover 'property obtained as a result of unlawful conduct'.27 As civil remedies, the hurdles to be overcome by enforcement authorities are considerably lower than in criminal proceedings. Property is still susceptible to a CRO even if the 'unlawful conduct' was carried out by another person as it is only necessary for authorities to establish facts to the civil standard and there is no necessity to show from which particular offence or offences the property in question has been generated.

Before the introduction of DPAs, CROs were seen by enforcement authorities and cooperating corporate entities as a relatively attractive way of concluding investigations through negotiation. There is no equivalent to the DPA Code in respect of CROs and no constraints on the appointment of monitors under them (beyond those required to settle any civil proceedings, namely acceptable wording for a consent order and associated settlement documents). As noted in the table below, in some cases involving monitors, the latitude the CRO framework has afforded to cooperating corporate entities to negotiate settlements perceived as relatively favourable to them, and the limited extent to which the court may influence the contents of agreements, has drawn significant judicial criticism.

Date Company Summary of conduct Amount recovered Monitorship
October 2008 Balfour Beatty PLC Irregularities concerning payments made as part of a joint venture bid to secure £22.5 million of work on the construction of the Alexandria Library in Egypt £2.25 million Included a form of external monitoring for an agreed period
July 2011 Macmillan Publishers Limited Improper payments were made in relation to a tender to supply educational books to South Sudan £11.3 million recovered through a CRO External monitor imposed to report to SFO and World Bank
July 2012 Oxford Publishing Limited Two subsidiaries of Oxford Publishing operating in Kenya and Tanzania made facilitation payments in connection with tenders for school books £1.9 million recovered through a CRO (in addition to a £2 million voluntary payment to sub-Saharan African non-profit groups) External monitor imposed to report to SFO and World Bank

The appointment of monitors was acknowledged in the CROs referred to above by way of relatively bland clauses included in consent orders. In contrast to the comparatively detailed provisions of the DPA Code, very little information is available in the public domain about the processes by which monitors appointed under CROs have been selected, the extent of any input allowed by the companies concerned and whether any agreement was reached in relation to the circumstances in which monitorship arrangements may be terminated early or extended.

Outside Scotland, where DPAs are not available as a tool to conclude investigations, CROs involving the appointment of monitors are now likely to be a thing of the past, at least to conclude investigations concerning offences in respect of which DPAs are now available and more likely to be used.

It is possible that CRO's incorporating monitorships could be used in different contexts. For example, at the time of writing, there have been no publicised orders made since the definition of 'unlawful conduct' was amended, for the purposes of the civil recovery regime in Part 5 of POCA, to include 'gross human rights abuses or violations' (under the 'Magnitsky amendment' introduced in the United Kingdom through the Criminal Finances Act 2017).28 Such orders are expected to be few and far between (if indeed any are made at all). At the time of writing, there are no indications that enforcement authorities are contemplating using CROs based on this provision to recover property in the hands of corporate entities.29 It is conceivable though, particularly given the breadth of the definition of 'gross human rights abuses or violations', that applications for any such orders could be an area in which authorities may seek the appointment of monitors.

Appointment of skilled persons by the UK financial services regulators

The FCA and the Prudential Regulation Authority (PRA) have the supervisory power, conferred by Sections 166 and 166A of the Financial Services and Markets Act 2000 (FSMA), to appoint or to require firms they regulate to appoint an external third party, a 'skilled person', to undertake a review of a particular business area of that firm or to examine a particular issue. The power has historically been heavily used by the FCA in particular (and the predecessor Financial Services Authority from which it and the PRA emerged). Published data shows a steady decline in skilled persons appointed from 95 in 2010–2011 to 79 in 2018–2019 (with a spike of 113 in 2012–2013). It is possible that this decline is attributable at least in part to the controversy surrounding the publication of a Section 166 report in February 2018, following intervention by the Treasury Committee.30

The appointment of a skilled person is a supervisory tool, rather than part of the enforcement processes of the FCA or the PRA. For example, between September 2012 and September 2014, over 95 per cent of FCA-ordered skilled person reports did not lead to enforcement action.31 Rather, the purpose of appointing a skilled person is to diagnose, monitor, limit or reduce identified risk or remedy crystallised risk.32 The appointing firm bears the cost of the skilled person's work, which is typically significant. The average cost of FCA skilled person reports in 2017–2018 was £2,872,413.33

Skilled persons are usually appointed from specialist panels maintained by the regulators. Relevant guidance indicates that the FCA 'will normally contact the [subject of the report] before finalising its decision to require a report or the updating or collection of information by a skilled person' to 'provide an opportunity for discussion about the appointment, whether an alternative means of obtaining the information would be better, what the scope of a report should be, who should be appointed, who should appoint, and the likely cost'.34

However, in practice, the scope for firms to influence the identity of the skilled person or the scope of their engagement is usually relatively limited.

The skilled person's obligation is to cooperate with and ultimately report to the FCA (or PRA as the case may be). As a matter of practice, the skilled person will give the firm an opportunity to comment on the drafts of the report before it is finalised.35

Contractual monitoring arrangements

Arrangements similar to monitorships can arise in other contexts. Consistent with regulatory guidance on mitigating anti-corruption, anti-money laundering and trade compliance risks, equity investors will usually seek to negotiate the inclusion of contractual compliance protections in deal documents. Where specific and material compliance concerns are identified during the pre-investment stage, investors may seek to include robust compliance undertakings that will govern a corporate entity's post-acquisition compliance programme. Such undertakings could require the investee company to work with the investor's external compliance counsel to adopt compliance policies and procedures, develop a compliance function staffed by appropriately qualified compliance personnel, conduct a forensic audit, and take any other steps to address identified compliance concerns. In these situations, the investor's external compliance counsel will effectively assume a quasi-monitorship role by taking the lead to drive the investee company's satisfaction of the compliance undertakings and addressing identified risk areas.

Practical points

As already noted, monitorships are still a comparative rarity in the United Kingdom. As such, there is not yet as established a body of practice in the United Kingdom relating to when and how monitors should be appointed and how they should carry out their engagements as in the United States. Each situation in which a monitor has been or may be appointed will raise specific questions and issues. Careful analysis at the outset to identify and explicitly deal with questions likely to arise during the course of the monitorship, will minimise and mitigate uncertainty and friction during the life of the monitorship. Some questions likely to arise are addressed below.

Cross-border monitorships

Can or should a monitor be appointed under a settlement with more than one enforcement authority?

Nothing prevents enforcement authorities from appointing a single monitor to oversee compliance arrangements in multiple jurisdictions. This course has been taken in numerous settlements with US authorities. However, enforcement authorities are increasingly recognising the benefits of retaining specialists in different jurisdictions.

Privilege

Can a monitor require access to legally privileged material?

No. The DPA Code acknowledges that: 'Any legal professional privilege that may exist in respect of investigating compliance issues that arise during the monitorship is unaffected by [CCA], this DPA Code or a DPA'.36

In many instances, this will not cause particular problems, as monitors will be less concerned with the contents of legal advice than the fact that it has been taken and appropriate action taken in response to it.

Enforcement authorities or monitors are of course not precluded from requesting that corporate entities provide privileged material voluntarily (whether on a limited waiver basis or more generally), although in most cases they and their representatives will be reluctant to do so given the potential for material to be disclosed further and used in or precipitate further litigation or investigations.

Can a monitor assert privilege in connection with his or her engagement?

Yes. Although monitors are often themselves lawyers, it will usually be necessary and prudent for them to seek specialist advice on particular aspects of their engagement. Communications passing between a monitor and his or her advisers may be subject to privilege in the same way as those passing between any lawyer and his or her client.

Data protection considerations

What are monitors' obligations in relation to data?

Particularly in the context of fact-finding aspects of their appointments, monitors are likely to have to gather and review corporate documents, employee emails, data stored on work devices and other company data. That data could include personal data, collection, storage and processing of which could be subject to the Data Protection Act 2018 and the General Data Protection Regulation (or equivalents in other jurisdictions).

The monitor will need to assess his or her role under applicable data protection laws and may need to work with the corporate entity to ascertain an appropriate basis for the monitor's receipt, processing and storage of the personal data. Where relevant data is located in jurisdictions outside the United Kingdom, the monitor will need to work with the corporate entity to determine which data privacy laws may affect the data transfer to the United Kingdom and ensure that there is an appropriate basis under local law for the transfer, processing and storage of data.

It will usually be prudent for the monitor to seek specialist advice in the particular jurisdictions in which they are operating and to document in writing the corporate entity's and monitor's rights and obligations (including any appropriate indemnities) in relation to personal data.

Managing the relationship between monitor and subject entity

How should monitors deal with the senior management of the company?

In most instances, whether pursuant to a DPA or a skilled person review, the corporate entity concerned will not have anticipated a monitorship. Some degree of resistance from the company's senior management, who may regard dealing with a monitor as an expensive distraction from running the business, is therefore to be expected. The company is likely to treat the monitor as an unwelcome guest particularly if it has already expended significant resources in investigating misconduct and bolstering its compliance programme as part of the settlement negotiations with the enforcement authority.

The monitor will have a clear mandate enshrined in the terms of his or her appointment and should focus on carrying it out diligently, but the monitor should be sensitive in doing so and cognisant of the remedial steps the company has taken to date. The monitor should take time in the initial phase of the monitorship to understand the steps that the company has taken and is planning to take to improve the pertinent aspects of its compliance programme as those facts should inform the monitor's work plan and formulate a basis for the organic, self-sustaining growth of the company's compliance programme.

If the monitor's approach is perceived to be too intrusive, the company's management may accuse the monitor of impeding the company's business, or, at best, be less receptive to recommendations. However, the nature and purpose of tasks inherent in a monitorship may not always seem congruent with the objectives and priorities of senior managers, who owe duties to shareholders and others to maximise commercial performance. Transparent and effective communication by monitors is key to striking an appropriate balance in objectively monitoring the pertinent areas of the corporate entity's business, and discharging obligations to the prosecuting authority on the one hand and avoiding unnecessary friction with the company on the other. To the extent permitted by the terms of his or her appointment, the monitor should give the company advance notice of, and an opportunity to comment on, any recommendations, findings or reports that the monitor will make to the enforcement authority.

The monitor should also aim to be transparent and upfront with the company about his or her working methods, including fees and expenses. This involves, for example, giving the company sufficient advance notice of any proposed meetings, document requests or employee interviews. The monitor should alleviate the company's concerns about the potential costs of the monitorship – considering in advance the proposed staffing and likely expenses, identifying cost efficiencies and offering cost solutions is likely to lead to a better working relationship between the company and the monitor.

There will be occasions when it is necessary for details of the tasks being undertaken by the monitor, and the reasons for them, to be kept confidential from senior managers. However, to the greatest extent possible, a constructive working relationship should be fostered by the release of as much information as is appropriate in the particular circumstances of each engagement to enable senior managers to understand the progress of the engagement, any areas where they may be able to assist with resources or information and the reasons why the monitor requires details on particular aspects of the business. Both monitors and corporate entities should bear in mind that the engagement will proceed more smoothly, is likely to be concluded more quickly and will result in more sustainable improvements to compliance systems and controls if an appropriately collaborative approach is taken.

What should monitors do if the relationship with the corporate entity deteriorates?

The monitor should work to repair his or her relationship with the company, but also critically assess why it may be deteriorating. If the relationship is being undermined by the company's perceived unwillingness to cooperate with the monitor's reasonable performance of his or her duties (e.g., by resisting disclosure to the monitor of information that reasonably would aid the monitor in the performance of his or her mandate), the monitor should evaluate whether those are matters that may have to be reflected in his or her reports to the enforcement authorities.

The monitor should be mindful, however, that his or her report to the enforcement authorities is a powerful tool that should be used only when genuine need demands it. The monitor should understand that he or she is not appointed to impose his or her will on the company; rather, the monitor's role is to aid the company's journey to developing robust compliance policies and procedures that address the cultural and controls deficiencies that led to the original misconduct and that work for that particular company's business model.

In many cases, external reporting to the enforcement authority of perceived friction or disagreements will not be necessary. For example, lack of cooperation when seeking information from junior or middle-ranking staff is likely to be more effectively dealt with, in the first instance at least, by a report to senior managers of the corporate entity, and joint steps by the corporate entity and the monitor to adequately explain to the affected staff the purpose of the monitorship and the benefits of collaborating with reasonable requests made by the monitor.

Similarly, a company's perceived reluctance or struggle to change certain practices or adopt certain procedures should prompt the monitor to assess the suitability of the proposed course of action, as well as the strength of buy-in from all relevant parts of business for that course of action. The monitor should work with key stakeholders in the company to formulate an approach that fits the company's operations and risk profile. That process may require the monitor to encourage the company to work with him or her collaboratively to come up with appropriate compliance solutions, rather than adopting off-the-shelf policies and procedures. The monitor should also work with key stakeholders in the company to educate all relevant parts of the business on the company's compliance risks and the benefits of investing in compliance.

How should monitors deal with auditors?

The purpose of an audit is to provide an objective and independent examination and evaluation of a corporate entity's financial statements. If the monitor during his or her monitorship term encounters issues that may have an impact on the accuracy of financial statements, it is likely that the monitor would be bound by his or her confidentiality obligations to the corporate entity and would not be able to disclose the matter to auditors. In this instance, the prudent course of action is for the monitor to urge the company to investigate the matter and, if necessary, work with the company to bring the matter to the auditor's attention. The monitor should also assess whether the issue is one that would need to be included in the monitor's report to the enforcement authority pursuant to the terms of the monitorship.

How should monitors deal with the media?

The monitor will owe confidentiality obligations to the company and the enforcement authority. Unless there are exceptional circumstances, as a matter of professionalism, the monitor should avoid engaging with the press.

Information gathering

Which steps should monitors take to ensure that relevant documents are preserved, and when?

Monitors' evidence preservation plans and priorities will be similar to those applicable to conducting an internal investigation or responding to a regulatory investigation. The monitor may have to work with the company to preserve data (for example, by disabling automatic email deletion) and amend or disapply the company's document retention policies, or issue document hold notices in respect of categories of documents relevant to the scope of his or her engagement.

Where the monitor has been appointed pursuant to a settlement with enforcement authorities, it is likely that document preservation measures will already have been implemented when the company conducted its own internal investigation. The monitor should assess with the company whether those preservation measures need to be kept in place during the monitorship period.

When should monitors conduct fact-finding interviews? Are the subjects of interviews entitled to separate representation? Are monitors required to give Upjohn (or similar) warnings?

Depending on the terms of his or her appointment, the monitor may need to conduct fact-finding interviews with the company's employees. Those interviews could focus on particular compliance incidents or aspects of the company's compliance programme.

When compliance incidents occur (or even if none have occurred, if it is part of the monitor's stated task to conduct spot checks to ensure the effectiveness of particular compliance functions or systems), the monitor may want to conduct interviews with personnel with relevant first-hand knowledge. These interviews are quite separate from interviews conducted by the corporate entity's in-house or external counsel, and are conducted for a different purpose. Neither the monitor nor the corporate entity will be able to preclude the employees from engaging their own counsel at their own expense. Separately, however, the corporate entity is likely to wish to ensure that the company's legal representative is present during the monitor's interview with an employee to ensure that the corporate entity's privileged information is not disclosed.

Although the monitor is not required to give an Upjohn (or similar) warning to an employee at the beginning of an interview, the monitor should nonetheless take care to clarify his or her role and the purpose of the interview, and remind the employee of the confidentiality of the interview.

Confidentiality and market obligations

To whom do monitors owe duties of confidentiality? What is the extent of these duties?

Under the DPA regime, the reports of the monitor are confidential, with disclosure limited to the company, the prosecuting authority and the court. The monitor owes a duty of confidentiality to all three involved, but this duty of confidentiality can be overridden, if permitted by law (for example, if required pursuant to disclosure in civil litigation). Monitors' reports are exempt from disclosure under the Freedom of Information Act 2000.

Currently, there are no reported examples of instances of claimants in separate civil litigation seeking or obtaining disclosure of monitors' reports such as those seen in some cases in the United States. However, this is not to say that the confidentiality of reports prepared by monitors in the United Kingdom is unassailable or that attempts of this kind will not be made in future. One particular factor for monitors and corporate entities alike to bear in mind is that the UK Parliament has shown itself to be willing to publish confidential documents where it considers it to be in the public interest to do so (particularly where all or some of the contents of reports have previously been leaked).37

Which practical steps should the company and monitors take to protect inside information?

Where the company's shares are listed on a stock exchange, the company will have obligations with respect to the management and disclosure of inside information. The company may have to place the monitor on an insider list owing to the nature of the information that the monitor will have access to during the term of his or her appointment.38 The company will also need to ensure that the monitor has systems in place to keep inside information strictly confidential that could prejudice the company's legitimate interests if disclosed.

Reporting the outcome of monitorships

What format should monitors' reports take?

The monitor should discuss with the prosecuting authority at the outset of the monitorship what format the monitor's reports should take. The prosecuting authority may find it preferable to receive periodic informal reports, with a formal report delivered at agreed milestones. The monitor should supplement any written report with offers to guide the authority through the report by phone or during an in-person meeting.

Should the monitor share his or her draft report with the company?

To the extent permitted by the terms of his or her appointment, the monitor should give the company advance notice of any reports that the monitor will make to the enforcement authority. The monitor should explain his or her findings and recommendations to the company and allow it to comment on those findings and recommendations. While the monitor has an independent duty to the enforcement authority to provide an objective report, the monitor should strive to avoid surprising the company with his or her findings, and formulate recommendations in collaboration with the company that achieve the objectives of the monitorship and that can be owned by the company long after the monitor's mandate is finished.


Footnotes

1 Judith Seddon is a partner, Chris Stott is a senior attorney and Andris Ivanovs is an associate at Ropes & Gray International LLP. The authors would like to gratefully acknowledge the assistance of Michael Harris of Ropes & Gray International LLP, London.

2 Hansard, House of Commons Debate, 14 January 2013, Vol 556, Col 655.

3 Camilla de Silva, SFO joint head of bribery and corruption, 'Corporate criminal liability, AI and DPAs' (Herbert Smith Freehills Corporate Crime Conference, London, 21 June 2018), https://www.sfo.gov.uk/2018/06/21/corporate-criminal-liability-ai-and-dpas/ (accessed 30 January 2018).

4 Lisa Osofsky, SFO director, 'Keynote address' (35th International Conference on the Foreign Corrupt Practices Act, Washington, DC, 4 December 2018), https://www.sfo.gov.uk/2018/12/04/keynote-address-fcpa-conference-
washington-dc (accessed 30 January 2019). The use of the term 'recidivist' could be seen as another potential sign that the there could be closer alignment between US and UK enforcement authorities given the current SFO director's background. Under the FCPA Corporate Enforcement Policy of the Justice Manual, criminal recidivism is one factor that can weigh in favour of a criminal resolution of a case as opposed to a declination.

5 Paragraph 6, Schedule 17, CCA 2013. DPAs are only available in England, Wales and Northern Ireland. Although negotiated settlements have been reached in Scotland, these have taken the form of civil recovery orders.

6 DPA Code, Paragraph 7.14.

7 [2010] Crim LR 665.

8 Section 45 and Schedule 17, Crime and Courts Act 2013 – see Paragraph 5(3)(e), Schedule 17.

9 Although US monitorships have been more expansive than in the United Kingdom, there are indications that the US DOJ is seeking to impose more stringent controls on their scope and the associated costs. In October 2018, Assistant Attorney General Brian Benczkowski released a memorandum detailing the process whereby compliance monitors are to be appointed as part of negotiated settlements between corporate entities and the US DOJ, setting out criteria for the appointment of monitors (attaching greater importance to improvements already made to compliance systems and controls) and changes to key personnel before the settlement. This will, in theory, bring the United States more in line with the United Kingdom's approach; https://www.justice.gov/opa/speech/file/1100531/download.

10 DPA Code, Paragraph 7.12.

11 DPA Code, Paragraph 7.21.

12 e.g., SFO v. Rolls-Royce PLC, Deferred Prosecution Agreement (17 January 2017), Paragraph 31.

13 DPA Code, Paragraph 7.14.

14 e.g., SFO v. Standard Bank, Deferred Prosecution Agreement, Paragraph 29, SFO v. Rolls-Royce PLC, Paragraph 30 and SFO v. Tesco Stores Limited, Deferred Prosecution Agreement (10 April 2017), Paragraph 31.

15 DPA Code, Paragraph 7.20.

16 DPA Code, Paragraph 7.15.

17 DPA Code, Paragraph 7.17.

18 e.g., US Assistant Attorney General Brian Benczkowski's 11 October 2018 memorandum 'Selection of Monitors in Criminal Division Matters' – https://www.justice.gov/opa/speech/file/1100531/download accessed 11 February 2019. In particular, it remains to be seen whether the SFO will follow the DOJ in expressly taking into consideration diversity and inclusion criteria when appointing monitors. For the US approach, see United States of America v. Panasonic Avionics Corporation, Deferred Prosecution Agreement (30 April 2018), Paragraph 12.

19 DPA Code, Paragraph 7.18.

20 DPA Code, Paragraph 7.13 and 7.18.

21 DPA Code, Paragraph 7.19.

22 SFO v. Standard Bank PLC, Approved Judgment (30 November 2015), Paragraph 64.

23 SCA, Sections 1 and 2.

24 SCA, Section 39(3) and Section 5(5).

25 SCA, Section 39(4).

26 25 POCA, Section 240(2) and Section 316.

27 26 POCA, Section 242.

28 See POCA, Section 241A (introduced by Criminal Finances Act 2017, Section 13). This, and corresponding amendments to asset recovery legislation in other jurisdictions, bears the name of Sergei Magnitsky, a Russian lawyer arrested in 2008 after making allegations that Russian officials had been involved in large-scale tax fraud. He later died in custody in 2009.

29 To show that a 'gross human rights abuse or violation' has occurred, the relevant enforcement authority must establish (on a balance of probabilities) that a person has been subjected to torture or other cruel, inhuman or degrading treatment or punishment in consequence of that person seeking, (1) to expose illegal activity carried out by or at the instigation or with the consent or acquiescence of a public official or a person acting in an official capacity, or (2) to obtain, exercise, defend or otherwise promote human rights and fundamental freedoms (POCA, Section 241A (2) to (4)). Conduct connected with a gross human rights abuse or violation is defined relatively widely by Section 241A(5) to include conduct involving, for example, 'acting as an agent for another in connection with activities relating to conduct constituting the commission of a gross human rights abuse or violation', 'profiting from such activities' (Section 241A(5)(c)) and 'materially assisting such activities' (Section 241A(5)(d)). The latter is in turn defined broadly as including 'providing goods or services in support of the carrying out of the activities, or otherwise providing any financial or technological support in connection with their carrying out' (Section 241A(8)). Conduct occurring outside the United Kingdom is caught by this definition if it would constitute the commission of an indictable or either-way offence in the United Kingdom (Section 241(2A)). The boundaries of these seemingly broad provisions have not yet been tested in reported cases (whether in respect of conduct by corporate entities or more generally). It is conceivable though that in due course they could be directed towards the operations of corporate entities involved in, for example, the extractive, garment manufacturing and hospitality industries (possibly in conjunction with those contained in the Modern Slavery Act 2015 where equivalent provisions exist in relevant national law). 'Public official' is not defined for these purposes, but analogous terms under other legislation suggest that it would be construed widely to encompass senior employees of state-owned enterprises. See Bribery Act 2010, Section 6(5)(b)(ii) and Paragraph 22 of Ministry of Justice guidance (https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/181762/bribery-act-2010-guidance.pdf) and Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Regulation 35(14)(g). This may indicate that enforcement authorities could seek to recover the proceeds of contracts with state-owned enterprises alleged to be involved in 'gross human rights abuses or violations' under CROs.

30 https://www.parliament.uk/business/committees/committees-a-z/commons-select/treasury-committee/news-
parliament-2017/rbs-global-restructuring-group-s166-report-17-19/; and request made to the Financial Conduct Authority pursuant to the Freedom of Information Act 2000, January 2019.

31 FCA, Freedom of Information: Right to know request (January 2015), https://www.fca.org.uk/publication/foi/foi3789-response.pdf (accessed 30 January 2019).

32 FCA Handbook, SUP 5.3.1G. See also PRA Supervisory Statement (SS7/14) 'Reports by Skilled Persons' (June 2014) (updated September 2015), Paragraph 1.5.

33 FCA Annual Report and Accounts 2017/18 (19 July 2018) Appendix 1. These figures stand in stark contrast with the costs of a PRA skilled person reports. In 2017–2018, PRA commissioned 16 skilled person reports. The total estimated cost of commissioned skilled person reviews was £6.3 million and the cost per review ranged from £40,700 to £2.3 million. See PRA Annual Report 1 March 2017 – 28 February 2018 (14 June 2018), p. 29.

34 FCA Handbook, SUP 5.4.2G.

35 FCA Handbook, SUP 5.4.13G.

36 35 DPA Code, Paragraph 7.14.

37 See footnote 9. See also Omers Administration Corporation and Others v. Tesco Plc [2019] EWHC 109 (Ch), in which the High Court required Tesco to disclose to the claimants in civil litigation SFO's compelled interview transcripts and notes that Tesco, subject to confidentiality restrictions, obtained from the SFO as part of its DPA negotiations. The case is a reminder that courts will consider confidentiality of documents, but confidentiality alone is unlikely to be a bar to disclosure. In general, where documents are relevant, the needs of justice are 'very likely to favour production,' unless the information is available from another source without disproportionate difficulty. The courts are likely to adopt a similar approach if a civil litigant sought production of monitor's reports to the enforcement authority.

38 36 FCA Handbook, DTR 2.8.

Previous Chapter:Monitorships in Switzerland

Next Chapter:US-Ordered Cross-Border Monitorships