Global Investigations Review - The law and practice of international investigations

The Guide to Monitorships - Second Edition

11. Monitorships in the United Kingdom

Ropes & Gray

Monitorships are assuming an increasingly important role in corporate crime enforcement in the United Kingdom. Before the introduction of deferred prosecution agreements (DPAs) to the UK legal system, monitors were appointed under negotiated settlements entered into between cooperating corporate entities and enforcement authorities, but the statutory foundations for their appointment were less solid and appointments were largely the product of prosecutorial improvisation. Monitors were perceived squarely as a feature of the US corporate crime enforcement landscape and their appointment in the United Kingdom drew significant judicial opprobrium.

Indeed, Lord Garnier QC, the architect of the statutory scheme introducing DPAs in the United Kingdom, has made clear that ensuring that DPAs provided (and were seen to provide) a mechanism for cooperating corporates to address historic misconduct constructively and efficiently was a key objective for the UK government. In the parliamentary debates that preceded the introduction of the legislation, the use of an independent monitor was one of the ‘tough requirements’ cited as something to which a company may be required to adhere, to avoid prosecution.[2] Recalling the lengthy discussions leading to their introduction, Lord Garnier emphasised that the UK government had to strike a careful balance. It was at pains to avoid encouraging the development of any perceived gravy train for professional services firms (which would have seriously undermined public and judicial confidence) but recognised the useful part that could be played by monitors to ensure that corporates followed up on the promises they made during settlement discussions.

Certainly, the introduction of DPAs cleared a path for monitorships to become a more common way of concluding criminal investigations involving corporate entities in the United Kingdom. As may be expected, given her previous experience as a US prosecutor and a monitor in private practice, Lisa Osofsky, the director of the UK’s Serious Fraud Office (SFO), appointed in September 2018, has also hinted at the potential utility of monitorships, saying that:

favourable dispositions will not be available to corporations unless and until their compliance systems work . . . in a way that good practices are embedded into the corporate structure so that they cannot simply be undone when no longer convenient. . . Corporate rehabilitation requires a strong, ongoing compliance function. Window dressing will not suffice. Expect [the SFO] to ask tough questions on this subject, as [the SFO is] not in the habit – nor will [it] ever be – of recommending DPAs for recidivists.[3]

It should not be assumed that monitorships in the United Kingdom will become as prevalent as they are in the United States, or that, where they are used, they will be as extensive in scope as their US counterparts. However, with the SFO focusing on corporate integrity, it can be expected that the place of corporate monitorships in UK corporate crime enforcement practice will solidify.

Indeed, as detailed later in this chapter, there are some indications that the SFO may be moving towards a more routine use of monitorships in cases when DPAs mandate improvements to corporate organisations’ compliance arrangements (if the SFO is not satisfied that monitorship or quasi-monitorship arrangements put in place during the course of the investigation or DPA negotiation process are sufficient).

This chapter identifies the various statutory and other contexts in which monitorships (or equivalent arrangements) may arise in the United Kingdom, examines the shape they may take and lessons that may be drawn from analogous, longer-established arrangements, and considers some specific issues that may be encountered in practice.

The nature and scope of UK monitorships

The appointment of a monitor at the conclusion of an investigation into corporate misconduct by UK enforcement authorities is less routine than in the United States. Where monitors are appointed in the United Kingdom, the scope of their engagement is typically significantly narrower than under corresponding US arrangements.

In the United Kingdom, improvements to compliance arrangements and changes to key personnel are effectively preconditions to the commencement of DPA (or other) negotiations and court approval of proposed settlements. Corporate entities seeking to demonstrate a clean break with historic misconduct will commonly have put in place arrangements akin to those that may be ordered under monitorship programmes in other jurisdictions long before agreements are made with enforcement authorities or ratified by courts.

This differs significantly from the position in the United States. The threshold applied by the US Department of Justice (US DOJ) when deciding whether corporate entities have cooperated sufficiently to expect realistically to enter into a negotiated settlement is lower than that expected by the SFO and the Crown Prosecution Service (CPS) in the United Kingdom. In the United States, remediation follows once a deal has been finalised.

The Crime and Courts Act 2013 (CCA) and the accompanying guidance permit and contemplate the possible appointment of monitors in appropriate cases but stop significantly short of prescribing or even encouraging it. The Deferred Prosecution Agreements Code of Practice (the DPA Code), which the SFO and the CPS are required to take into account when negotiating, applying to the court for DPAs and overseeing DPAs, sets out the roles, duties and mechanics of appointing monitors as a term of a DPA. The DPA Code sounds a note of caution in this regard,[4] stating:

An important consideration for entering into a DPA is whether [the corporate entity] already has a genuinely proactive and effective corporate compliance programme. The use of monitors should therefore be approached with care. The appointment of a monitor will depend upon the factual circumstances of each case and must always be fair, reasonable and proportionate.[5]

This guidance reflects the comments of Lord Justice Thomas (as he then was), who (in R v. Innospec in 2010) expressed significant concerns about the costs of what he considered an expensive corporate probation order.[6] The fact that a settlement incorporating a three-year monitorship had been agreed between UK and US prosecutors meant that he was constrained from giving effect to his concerns but made clear his profound scepticism about the need for the imposition of a monitor at all. He pointed in particular to the steps already taken to address the root causes of historic misconduct, including replacing key senior executives, and the fact that the company’s auditors were aware of wrongdoing.

Statutory frameworks for monitorships in the United Kingdom

In the United Kingdom, a monitorship – or an arrangement similar to a monitorship – can arise pursuant to various statutory and contractual frameworks. As already touched upon, the most recent and high-profile of these is the CCA, which enables them to be used to oversee a compliance programme imposed under a DPA.[7] A review of the monitorships imposed under the CCA is set out below.

It is not the only scheme that may be used, however. The other statutory and contractual frameworks in which monitorships or similar arrangements may arise are discussed in more detail below.

Deferred prosecution agreements

Monitors appointed under UK DPAs have been, and are likely to continue to be, deployed in a more targeted manner than has been the case under US DPAs to date.[8] Consistent with the guidance set out in the DPA Code (and the concerns expressed by Thomas LJ in R v. Innospec), the monitorship components of settlements agreed to date (summarised in the table below) could more accurately be described as quasi-monitorships.

Date Company Summary of conduct Monitorship elements
November 2015 Standard Bank PLC Standard Bank’s sister company, Stanbic Bank Tanzania, had paid US$6 million to a local Tanzanian partner to induce favourable treatment of a US$600 million proposal made by Standard Bank.

Required to commission a report on the company’s anti-bribery and corruption (ABC) policies, including advice and recommendations on the use of third-party intermediaries, ABC training systems and the effectiveness of their ABC programme and its awareness among employees.

DPA concluded on 30 November 2018 as all terms had been complied with.

July 2016 Sarclad Limited Between June 2004 and June 2012, the company’s employees and agents systematically used bribes to win contracts in foreign jurisdictions.

None.

Sarclad’s chief compliance officer was required to prepare annual reports for submission assessing the implementation of the company’s new ABC policies.

January 2017 Rolls-Royce PLC Rolls-Royce hired commercial agents in multiple jurisdictions, making tens of millions of dollars of corrupt payments to individuals to secure contracts.

Rolls-Royce had previously appointed a compliance monitor to conduct an independent review of the company’s ABC compliance programme, who had completed two interim reports between 2013 and 2014. The DPA required Rolls-Royce to:

  • use best endeavours to procure the production of a third interim report by 31 March 2017;
  • deliver that report to the SFO within five days of its completion;
  • within 24 months of that report being produced, complete, to the compliance monitor’s satisfaction, the actions recommended in all interim reports; and
  • procure a final report from the compliance monitor in respect of the implementation of all actions recommended in interim reports, provided he or she is satisfied.
April 2017 Tesco Stores Limited From February to September 2014, financial statements were improperly amended by ‘pulling forward’ income that should properly have resided in subsequent reporting periods, creating an overstatement of their profits.

Within a month of the DPA being issued, Tesco was required to commission an accountancy firm to produce multiple reports and implementation plans commenting on:

  • controls applied to recognition of income;
  • operation of Tesco’s commercial income governance body;
  • segregation of duties between commercial and finance; and
  • training and policies implementation.
July 2019 Serco Geografix Limited Between 2011 and 2013, the company engaged in a fraudulent scheme (with another group company) to artificially deflate its profits on a government contract and thereby avoiding the government’s recouping some of those profits.

None. Serco Group Plc, the company’s ultimate parent, was required to report annually to the SFO that it had undertaken and continues to undertake remediation and implementation of compliance measures and internal controls, policies and procedures to ensure (throughout its operations, including those of the company):

  • an effective system of internal accounting controls resulting in fair and accurate books, records and accounts; and
  • a rigorous compliance programme designed effectively to prevent and detect violations of applicable fraud and ABC laws.
October 2019 Güralp Systems Limited Between November 2003 and May 2015, the company made payments to a South Korean public official as an inducement or reward for his exploiting of his position at a government authority to influence the award of contracts to the company.

.None.

The company’s compliance officer was required to submit annual reports on the company’s implementation of its ABC policies and procedures.

January 2020 Airbus SE Payments made through external consultants in Sri Lanka, Malaysia, Indonesia, Taiwan and Ghana in relation to the sale of civilian and military aircraft.

Airbus required to continue to implement and review compliance improvements agreed with the SFO. Specific elements include replacement of senior management at executive committee level, creation of a board subcommittee dealing with ethics and compliance, recruitment of compliance professionals, revisions to the code of conduct and associated training, strengthening of internal escalation processes, and contractual credit governance and prohibition on the use of external consultants.

The UK DPA also acknowledges the appointment of a monitor under the terms of a simultaneous settlement agreed with French prosecutors.

The DPA Code states that a monitor’s primary responsibility is to ‘assess and monitor [the corporate’s] internal controls, advise of necessary compliance improvements that will reduce the risk of future recurrence of the conduct subject to the DPA and report specified misconduct to [the SFO or the CPS as appropriate]’.[9] If the DPA requires a company to agree to implement a compliance programme or change its existing compliance programme, the prosecutor needs to be able to assess, and the company needs to satisfy the prosecutor of, the company’s compliance with the terms of the DPA mandating such reforms. According to the SFO’s guidance on evaluating compliance programmes, published and incorporated into its Operational Handbook in January 2020, a monitor appointed at the company’s expense is ‘likely’ in such circumstances.[10] This has been interpreted in some quarters as an indication that Lisa Osofsky is seeking to bring to bear her previous experience (as an investigator and prosecutor in cases pursued in the United States and as a monitor in private practice) on her role as Director of the SFO. Whether this indication translates into greater numbers of monitors being appointed under DPAs in the United Kingdom will become clearer as more investigations during which the SFO applies this guidance come to fruition. However, the number of cases in which a monitor is appointed to oversee adherence by corporate organisations to the terms of DPAs may be limited. Clearly whether it is deemed necessary to appoint a monitor to verify and report back to the SFO on prescribed improvements to compliance arrangements will be a matter for negotiation in every case, and corporate organisations and their advisers will, in many cases, be able to make strong arguments that such a step is unnecessary and disproportionate.

The CPS has not issued corresponding specific guidance on how it will evaluate compliance programmes and when it may consider it necessary for a monitor to be appointed. Cases in which it will be dealing with these types of questions are likely to be relatively rare. When these questions do arise in cases handled by the CPS, it may draw on the guidance it has published in relation to the appointment of authorised monitors under serious crime prevention orders (see section below).

The specific tasks of monitors appointed under DPAs will vary widely, and typically will be set out in the terms of the DPA, but can include the monitoring of any facet of the company’s compliance programme.[11] The appointment of a monitor, however, will not absolve the company’s board of directors from the ultimate responsibility for identifying, assessing and addressing risks. The terms of the DPA will usually require the company to consent to the monitor’s cooperation with the prosecuting authority.[12]

The DPA Code requires corporates to afford monitors ‘complete access to all relevant aspects of the company’s business during the course of the monitoring period as requested by the monitor’.[13] The terms of the DPA typically will require that the company permits the monitor to have access to any material the monitor could reasonably request to fulfil his or her function.[14] The DPA Code acknowledges, though, that a corporate subject to a monitoring arrangement may not be required to produce material subject to legal professional privilege (whether to the monitor or anyone else). The reports produced by the monitor are confidential, with disclosure restricted to the prosecution authority, the company and the court (unless otherwise permitted by law).[15]

Whether corporate entities entering into agreements with enforcement authorities that contain monitorship components should expect to be asked to produce privileged documents to monitors (and indeed the extent to which they are required to produce such documents in response to requests from monitors) is discussed more fully below. The extent to which monitors may be able or required to make onward disclosure of material provided to them in the course of their engagement is also considered below.

The DPA Code affords corporates and their representatives a much greater role in identifying appropriate candidates to act as monitors than was contemplated under previous legislation. As part of the DPA negotiations, corporates provide to the relevant prosecuting authority details of three potential monitors, including their relevant qualifications, specialist knowledge and experience, disclose any associations the potential monitors have had with the company and identify their preferred monitor.[16] The DPA Code directs the CPS and the SFO that they should ordinarily accept the company’s preferred monitor but confirms that the relevant authority may reject the choice if it considers that there may be a potential conflict of interest or that the preferred candidate does not have sufficient experience or authority.[17] Although not identical, these and other provisions of the DPA Code are reflective of guidance on the selection of monitors under US DPAs and non-prosecution agreements.[18]

If it is proposed that a monitorship be a feature of the DPA, once agreement is reached on the identity of the monitor, the relevant prosecuting authority and the corporate entity will provisionally agree a detailed work plan for the first year, including the proposed method of review and frequency of reporting to the prosecutor.[19] An outline work plan will be agreed to govern the monitor’s activities for the remainder of the monitorship period. The work plan and outline work plan will also need to address costs of the monitorship, since monitorship costs (including reasonable costs associated with monitorships incurred by the prosecuting authority) are paid by the corporate.[20] Some of the practical aspects of measuring the progress of ongoing monitorships and managing costs are discussed below.

The length of the monitorship will be agreed in the DPA following negotiations between the company and the prosecuting authority. Initially, it may be shorter than the term of the DPA itself but can never exceed the term of the DPA. The monitor can recommend terminating or suspending the monitorship, if the company’s policies and procedures are functioning properly without the need for further monitoring, or the monitor can recommend extending the monitorship, if the company has been, or will be, unable to satisfy its obligations successfully by the end of the monitorship period. The decision to terminate, suspend or extend the monitorship will be taken by the prosecuting authority.[21]

An important feature of the DPA regime is that the DPA, including any monitorship proposed, must be approved by the court. Sir Brian Leveson noted when reviewing (and ultimately approving) the proposed DPA between the SFO and Standard Bank that, in the United Kingdom, ‘a DPA requires the informed, independent opinion of a judge before it can be effected; the agreement of the parties is not enough’ and that the court will consider the prospective terms of the DPA ‘individually and collectively, in order to determine whether to grant a declaration . . . that entering into it is likely to be in the interests of justice and that its proposed terms are fair, reasonable and proportionate’.[22]

Serious crime prevention orders

Serious crime prevention orders (SCPOs) are governed by Part I of the Serious Crime Act 2007 (SCA). They were added to the statute book substantially before the introduction of the UK DPA regime, but were not specifically directed towards corporate crime. Although they have been used to impose restrictions on individuals (in some cases in respect of the activities of corporate entities) following conviction, mainly in cases concerning serious and organised crime, there are no reported instances of authorities using them to resolve white-collar investigations.

Under the SCA, when a corporate defendant is convicted of a ‘serious offence’ (which includes fraud, bribery and money laundering offences), the Crown Court can, on the application of the SFO or the CPS in England and Wales, impose an SCPO enabling the authority to contract with a person to provide monitoring services (the authorised monitor). An SCPO can also be imposed without there having been a criminal trial if the High Court is satisfied that a corporate has been involved in serious crime (which means committing or facilitating a serious offence, whether in England and Wales or elsewhere) and where there are reasonable grounds to believe that the order would protect the public by preventing, restricting or disrupting the company’s involvement in serious crime.[23]

An SCPO may require the person subject to it to provide information or documents to the authorised monitor or answer questions posed by the authorised monitor.[24] If deemed appropriate by the court, the person subject to the SCPO may also be required to pay all or some of the costs associated with the authorised monitor’s engagement.[25] Any documents or information produced to the authorised monitor under the SCPO will be retained by the relevant enforcement authority for as long as it considers necessary.

SCPOs are available to various enforcement authorities but have principally been used by the CPS (although there have been examples of their use by the Financial Conduct Authority (FCA) in cases concerning unauthorised business). It is possible that the SFO and other authorities may explore their potential application in larger-scale cases (although they would only be made as a part of the sentencing process following conviction rather than as part of a negotiated settlement).

Civil recovery orders

Civil recovery orders (CROs) (under Part 5 of the Proceeds of Crime Act 2002 (POCA)) are civil orders available to the CPS, SFO, FCA and other enforcement authorities as a tool to conclude criminal investigations (whether or not there has been a parallel prosecution).[26] They allow enforcement authorities to recover ‘property obtained as a result of unlawful conduct’.[27] As civil remedies, the hurdles to be overcome by enforcement authorities are considerably lower than in criminal proceedings. Property is still susceptible to a CRO even if the ‘unlawful conduct’ was carried out by another person as it is only necessary for authorities to establish facts to the civil standard and there is no necessity to show from which particular offence or offences the property in question has been generated.

Before the introduction of DPAs, CROs were seen by enforcement authorities and cooperating corporate entities as a relatively attractive way of concluding investigations through negotiation. There is no equivalent to the DPA Code in respect of CROs and no constraints on the appointment of monitors under them (beyond those required to settle any civil proceedings, namely acceptable wording for a consent order and associated settlement documents). As noted in the table below, in some cases involving monitors, the latitude the CRO framework has afforded to cooperating corporate entities to negotiate settlements perceived as relatively favourable to them, and the limited extent to which the court may influence the contents of agreements, has drawn significant judicial criticism.

Date Company Summary of conduct Amount recovered Monitorship
October 2008 Balfour Beatty PLC Irregularities concerning payments made as part of a joint venture bid to secure £22.5 million of work on the construction of the Alexandria Library in Egypt £2.25 million Included a form of external monitoring for an agreed period
July 2011 Macmillan Publishers Limited Improper payments were made in relation to a tender to supply educational books to South Sudan £11.3 million recovered through a CRO External monitor imposed to report to SFO and World Bank
July 2012 Oxford Publishing Limited Two subsidiaries of Oxford Publishing operating in Kenya and Tanzania made facilitation payments in connection with tenders for school books £1.9 million recovered through a CRO (in addition to a £2 million voluntary payment to sub-Saharan African non-profit groups) External monitor imposed to report to SFO and World Bank

The appointment of monitors was acknowledged in the CROs referred to above by way of relatively bland clauses included in consent orders. In contrast to the comparatively detailed provisions of the DPA Code, very little information is available in the public domain about the processes by which monitors appointed under CROs have been selected, the extent of any input allowed by the companies concerned and whether any agreement was reached in relation to the circumstances in which monitorship arrangements may either be terminated early or extended.

Outside Scotland, where DPAs are not available as a tool to conclude investigations, CROs involving the appointment of monitors are now likely to be a thing of the past, at least to conclude investigations concerning offences in respect of which DPAs are now available and more likely to be used.

It is possible that CROs incorporating monitorships could be used in different contexts. For example, to date, there have been no publicised orders made since the definition of ‘unlawful conduct’ was amended, for the purposes of the civil recovery regime in Part 5 of POCA, to include ‘gross human rights abuses or violations’ (under the ‘Magnitsky amendment’ introduced in the United Kingdom through the Criminal Finances Act 2017).[28] These orders are expected to be few and far between (if indeed any are made at all). There are no indications to date that enforcement authorities are contemplating using CROs based on this provision to recover property in the hands of corporate entities.[29] It is conceivable though, particularly given the breadth of the definition of ‘gross human rights abuses or violations’, that applications for any such orders may be an area in which authorities could seek the appointment of monitors.

Appointment of skilled persons by the UK financial services regulators

The FCA and the Prudential Regulation Authority (PRA) have the supervisory power, conferred by Sections 166 and 166A of the Financial Services and Markets Act 2000, to appoint or to require firms they regulate to appoint an external third party, a ‘skilled person’, to undertake a review of a particular business area of that firm or to examine a particular issue. The power has been heavily used historically by the FCA in particular (and the former Financial Services Authority from which the FCA and the PRA emerged). Published data shows a steady decline in skilled persons appointed, from 95 in 2010–2011 to 34 in 2018–2019 (with a spike of 113 in 2012–2013). It is possible that this decline is attributable at least in part to the controversy surrounding the publication of a Section 166 report in February 2018, following intervention by the Treasury Committee.[30]

The appointment of a skilled person is a supervisory tool, rather than part of the enforcement processes of the FCA or the PRA. For example, between September 2012 and September 2014, more than 95 per cent of FCA-ordered skilled person reports did not lead to enforcement action.[31] Rather, the purpose of appointing a skilled person is to diagnose, monitor, limit or reduce identified risk or remedy crystallised risk.[32] The appointing firm bears the cost of the skilled person’s work, which is typically significant. The average cost of FCA skilled person reports in 2018–2019 was approximately £1.5 million.[33]

Skilled persons are usually appointed from specialist panels maintained by the regulators. Relevant guidance indicates that the FCA ‘will normally contact the [subject of the report] before finalising its decision to require a report or the updating or collection of information by a skilled person’ to ‘provide an opportunity for discussion about the appointment, whether an alternative means of obtaining the information would be better, what the scope of a report should be, who should be appointed, who should appoint, and the likely cost’.[34]

However, in practice, the scope for firms to influence the identity of the skilled person or the scope of their engagement is usually relatively limited.

The skilled person’s obligation is to cooperate with, and ultimately report to, the FCA (or PRA, as the case may be). As a matter of practice, the skilled person will give the firm an opportunity to comment on the drafts of the report before it is finalised.[35]

Contractual monitoring arrangements

Arrangements similar to monitorships can arise in other contexts. Consistent with regulatory guidance on mitigating anti-corruption, anti-money laundering and trade compliance risks, equity investors will usually seek to negotiate the inclusion of contractual compliance protections in deal documents. Where specific and material compliance concerns are identified during the pre-investment stage, investors may seek to include robust compliance undertakings that will govern a corporate entity’s post-acquisition compliance programme. These undertakings could require an investee company to work with an investor’s external compliance counsel to adopt compliance policies and procedures, develop a compliance function staffed by appropriately qualified compliance personnel, conduct a forensic audit and take any other steps to address identified compliance concerns. In these situations, the investor’s external compliance counsel will effectively assume a quasi-monitorship role by taking the lead to drive the investee company’s satisfaction of the compliance undertakings and addressing identified risk areas.

Practical points

As already noted, monitorships are still a comparative rarity in the United Kingdom. As such, there is not yet an established body of practice in the United Kingdom relating to when and how monitors should be appointed and how they should carry out their engagements as in the United States. Each situation in which a monitor has been or may be appointed will raise specific questions and issues. Careful analysis at the outset to identify and explicitly deal with questions likely to arise during the course of the monitorship will minimise and mitigate uncertainty and friction during the life of the monitorship. Some of the questions likely to arise are addressed below.

Cross-border monitorships

Can or should a monitor be appointed under a settlement with more than one enforcement authority?

Nothing prevents enforcement authorities from appointing a single monitor to oversee compliance arrangements in multiple jurisdictions. This course has been taken in numerous settlements with US authorities. However, enforcement authorities are increasingly recognising the benefits of retaining specialists in different jurisdictions.

Privilege

Can a monitor require access to legally privileged material?

No. The DPA Code acknowledges: ‘Any legal professional privilege that may exist in respect of investigating compliance issues that arise during the monitorship is unaffected by [CCA], this DPA Code or a DPA’.[36]

In many instances, this will not cause particular problems, as monitors will be less concerned with the content of legal advice than the fact that it has been taken and appropriate action taken in response to it.

Enforcement authorities or monitors are of course not precluded from requesting that corporate entities provide privileged material voluntarily (whether on a limited waiver basis or more generally), although in most cases they and their representatives will be reluctant to do so, as they are likely to have concerns about waiver, given in particular the potential for material to be disclosed further and used in, or to precipitate, further litigation or investigations.

Can a monitor assert privilege in connection with his or her engagement?

Yes. Although monitors are often themselves lawyers, it will usually be necessary and prudent for them to seek specialist advice on particular aspects of their engagement. Communications passing between a monitor and his or her advisers may be subject to privilege in the same way as those passing between any lawyer and his or her client.

Data protection considerations

What are monitors’ obligations in relation to data?

Particularly in the context of fact-finding aspects of their appointments, monitors are likely to have to gather and review corporate documents, employee emails, data stored on work devices and other company data. That data could include personal data, collection, storage and processing of which could be subject to the Data Protection Act 2018 and the retained General Data Protection Regulation (or equivalents in other jurisdictions).

The monitor will need to assess his or her role under applicable data protection laws and may need to work with the corporate entity to ascertain an appropriate basis for the monitor’s receipt, processing and storage of the personal data. Where relevant data is located in jurisdictions outside the United Kingdom, the monitor will need to work with the corporate entity to determine which data privacy laws may affect the data transfer to the United Kingdom and ensure that there is an appropriate basis under local law for the transfer, processing and storage of data.

It will usually be prudent for the monitor to seek specialist advice in the particular jurisdictions in which they are operating and to document in writing the corporate entity’s and monitor’s rights and obligations (including any appropriate indemnities) in relation to personal data.

Managing the relationship between monitor and subject entity

How should monitors deal with the senior management of the company?

In most instances, whether pursuant to a DPA or a skilled person review, the corporate entity concerned will not have anticipated a monitorship. Some degree of resistance from the company’s senior management, who may regard dealing with a monitor as an expensive distraction from running the business, is therefore to be expected. The company is likely to treat the monitor as an unwelcome guest, particularly if it has already expended significant resources in investigating misconduct and bolstering its compliance programme as part of the settlement negotiations with the enforcement authority.

The monitor will have a clear mandate enshrined in the terms of his or her appointment and should focus on carrying it out diligently, but the monitor should be sensitive in doing so and cognisant of the remedial steps the company has taken to date. The monitor should take time in the initial phase of the monitorship to understand the steps that the company has taken and is planning to take to improve the pertinent aspects of its compliance programme as those facts should inform the monitor’s work plan and formulate a basis for the organic, self-sustaining growth of the company’s compliance programme.

If a monitor’s approach is perceived to be too intrusive, a company’s management may accuse the monitor of impeding the company’s business or, at best, be less receptive to recommendations. However, the nature and purpose of tasks inherent in a monitorship may not always seem congruent with the objectives and priorities of senior executives, who owe duties to shareholders and others to maximise commercial performance. There may be particular tensions when monitors are installed in financial services firms as senior executives, subject to individual accountability regimes, may seek particular information or assurances from monitors to satisfy themselves and regulators that they are complying with their personal regulatory obligations. Transparent and effective communication by monitors is key to striking an appropriate balance in monitoring the pertinent areas of the corporate entity’s business objectively and, on one hand, discharging obligations to the prosecuting authority and, on the other, avoiding unnecessary friction with the company. To the extent permitted by the terms of his or her appointment, the monitor should give the company advance notice of, and an opportunity to comment on, any recommendations, findings or reports that the monitor will make to the enforcement authority.

The monitor should also aim to be transparent and up front with the company about his or her working methods, including fees and expenses. This involves, for example, giving the company sufficient advance notice of any proposed meetings, document requests or employee interviews. The monitor should alleviate the company’s concerns about the potential costs of the monitorship – considering in advance the proposed staffing and likely associated expenses, identifying cost efficiencies and offering cost solutions is likely to lead to a better working relationship between the company and the monitor.

There will be occasions when it is necessary for details of the tasks being undertaken by a monitor, and the reasons for them, to be kept confidential from senior executives. However, to the greatest extent possible, a constructive working relationship should be fostered by the release of as much information as is appropriate in the particular circumstances of each engagement to enable senior executives to understand the progress of the engagement, any areas where they may be able to assist with resources or information, and the reasons why the monitor requires details about particular aspects of the business. Both monitors and corporate entities should bear in mind that the engagement will proceed more smoothly, is likely to be concluded more quickly and will result in more sustainable improvements to compliance systems and controls if an appropriately collaborative approach is taken.

What should monitors do if the relationship with the corporate entity deteriorates?

The monitor should work to repair his or her relationship with the company but also critically assess why it may be deteriorating. If the relationship is being undermined by the company’s perceived unwillingness to cooperate with the monitor’s reasonable performance of his or her duties (e.g., by resisting disclosure to the monitor of information that reasonably would aid the monitor in the performance of his or her mandate), the monitor should evaluate whether those are matters that may have to be reflected in his or her reports to the enforcement authorities.

The monitor should be mindful, however, that his or her report to the enforcement authorities is a powerful tool that should be used only when genuine need demands it. The monitor should understand that he or she is not appointed to impose his or her will on the company; rather, the monitor’s role is to aid the company’s journey towards developing robust compliance policies and procedures that address the culture and controls the deficiencies that led to the original misconduct and that work for that particular company’s business model.

In many cases, external reporting to the enforcement authority of perceived friction or disagreements will not be necessary. For example, lack of cooperation when seeking information from junior or middle-ranking staff is likely to be dealt with more effectively, in the first instance at least, by a report to senior executives of the corporate entity, and joint steps by the corporate entity and the monitor to explain adequately to the affected staff the purpose of the monitorship and the benefits of collaborating with reasonable requests made by the monitor.

Similarly, a company’s perceived reluctance or struggle to change certain practices or adopt certain procedures should prompt the monitor to assess the suitability of the proposed course of action, and the strength of buy-in from all relevant parts of business for that course of action. The monitor should work with key stakeholders in the company to formulate an approach that fits the company’s operations and risk profile. That process may require the monitor to encourage the company to work with him or her collaboratively to come up with appropriate compliance solutions, rather than adopting off-the-shelf policies and procedures. The monitor should also work with key stakeholders in the company to educate all relevant parts of the business about the company’s compliance risks and the benefits of investing in compliance.

How should monitors deal with auditors?

The purpose of an audit is to provide an objective and independent examination and evaluation of a corporate entity’s financial statements. If the monitor encounters issues during his or her monitorship term that may affect the accuracy of financial statements, it is likely that the monitor would be bound by his or her confidentiality obligations to the corporate entity and would not be able to disclose the matter to auditors. In this situation, the prudent course of action is for the monitor to urge the company to investigate the matter and, if necessary, work with the company to bring the matter to the auditor’s attention. The monitor should also assess whether the issue is one that would need to be included in the monitor’s report to the enforcement authority pursuant to the terms of the monitorship.

How should monitors deal with the media?

The monitor will owe confidentiality obligations to the company and the enforcement authority. Unless there are exceptional circumstances, as a matter of professionalism, the monitor should avoid engaging with the press.

Information gathering

What steps should monitors take to ensure that relevant documents are preserved, and when?

Monitors’ evidence preservation plans and priorities will be similar to those applicable to conducting an internal investigation or responding to a regulatory investigation. The monitor may have to work with the company to preserve data (for example, by disabling automatic email deletion) and amend or disapply the company’s document retention policies, or issue document hold notices in respect of categories of documents relevant to the scope of his or her engagement.

If the monitor has been appointed pursuant to a settlement with enforcement authorities, it is likely that document preservation measures will already have been implemented when the company conducted its own internal investigation. The monitor should assess with the company whether those preservation measures need to be kept in place during the term of the monitorship.

When should monitors conduct fact-finding interviews? Are the subjects of interviews entitled to separate representation? Are monitors required to give Upjohn (or similar) warnings?

Depending on the terms of his or her appointment, the monitor may need to conduct fact-finding interviews with the company’s employees. Those interviews could focus on particular compliance incidents or aspects of the company’s compliance programme.

When compliance incidents occur (or even if none has occurred, if it is part of the monitor’s stated task to conduct spot checks to ensure the effectiveness of particular compliance functions or systems), the monitor may want to conduct interviews with personnel with relevant first-hand knowledge. These interviews are quite separate from interviews conducted by the corporate entity’s in-house or external counsel and are conducted for a different purpose. Neither the monitor nor the corporate entity will be able to preclude the employees from engaging their own counsel at their own expense. Separately, however, the corporate entity is likely to wish to ensure that the company’s legal representative is present during the monitor’s interview with an employee to ensure that the corporate entity’s privileged information is not disclosed. The monitor will need to consider, however, to what extent the presence of company’s counsel at interviews may stifle an employee’s candidness and willingness to express their concerns.

Although the monitor is not required to give an Upjohn (or similar) warning to an employee at the beginning of an interview, the monitor should nonetheless take care to clarify his or her role and the purpose of the interview, and remind the employee of the confidentiality of the interview.

Confidentiality and market obligations

To whom do monitors owe duties of confidentiality? What is the extent of these duties?

Under the DPA regime, monitors’ reports are confidential, with disclosure limited to the company in question, the prosecuting authority and the court. Monitor owe a duty of confidentiality to all three but this duty of confidentiality can be overridden if permitted by law (for example, if required pursuant to disclosure in civil litigation). Monitors’ reports are exempt from disclosure under the Freedom of Information Act 2000.

Currently, there are no reported examples of instances of claimants in separate civil litigation seeking or obtaining disclosure of monitors’ reports such as those seen in some cases in the United States. However, this is not to say that the confidentiality of reports prepared by monitors in the United Kingdom is unassailable or that attempts of this kind will not be made in future. One particular factor for monitors and corporate entities alike to bear in mind is that the UK Parliament has shown itself to be willing to publish confidential documents when it considers it to be in the public interest to do so (particularly when all or some of the content of reports has previously been leaked).[37]

What practical steps should the company and monitors take to protect inside information?

If the company’s shares are listed on a stock exchange, the company will have obligations with respect to the management and disclosure of inside information. The company may have to place the monitor on an insider list owing to the nature of the information to which the monitor will have access during the term of his or her appointment.[38] The company will also need to ensure that the monitor has systems in place to maintain strict confidentiality in respect of inside information that, if disclosed, could prejudice the company’s legitimate interests.

Reporting the outcome of monitorships

What format should monitors’ reports take?

The monitor should discuss with the prosecuting authority at the outset of the monitorship the format the monitor’s reports should take. The prosecuting authority may find it preferable to receive periodic informal reports, with a formal report delivered at agreed milestones. The monitor should supplement any written report with offers to guide the authority through the report by phone or during a face-to-face meeting.

Should the monitor share his or her draft report with the company?

To the extent permitted by the terms of his or her appointment, the monitor should give the company advance notice of any reports that the monitor will make to the enforcement authority. The monitor should explain his or her findings and recommendations to the company and allow it to comment on those findings and recommendations. Although the monitor has an independent duty to the enforcement authority to provide an objective report, the monitor should strive to avoid surprising the company with his or her findings, and formulate recommendations in collaboration with the company that achieve the objectives of the monitorship and that can be owned by the company long after the monitor’s mandate is finished.


Footnotes

1 Judith Seddon is a partner, Chris Stott is a senior attorney and Andris Ivanovs is an associate at Ropes & Gray International LLP. The authors would like to gratefully acknowledge the assistance of Michael Harris of Ropes & Gray International LLP, London.

2 Hansard, House of Commons Debate, 14 January 2013, Vol. 556, Col. 655.

3 Lisa Osofsky, Director, Serious Fraud Office [SFO], Keynote address at 35th International Conference on the Foreign Corrupt Practices Act, Washington, DC, 28 November 2018, at https://www.sfo.gov.uk/2018/12/04/keynote-address-fcpa-conference-washington-dc (last accessed 27 March 2020). The use of the term ‘recidivist’ could be seen as another potential sign that there could be closer alignment between US and UK enforcement authorities given the current SFO director’s background. Under the Corporate Enforcement Policy of the US Foreign Corrupt Practices Act (Justice Manual 9-47.120), criminal recidivism is one factor that can weigh in favour of a criminal resolution of a case as opposed to a declination.

4 Crime and Courts Act 2013 [CCA 2013], Paragraph 6, Schedule 17. Deferred prosecution agreements [DPAs] are only available in England, Wales and Northern Ireland. Although negotiated settlements have been reached in Scotland, these have taken the form of civil recovery orders.

5 The Deferred Prosecution Agreements Code of Practice [DPA Code], Paragraph 7.11.

6 [2010] Crim LR 665.

7 CCA 2013, Section 45 and Schedule 17 – see Paragraph 5(3)(e), Schedule 17.

8 Although US monitorships have been more expansive than in the United Kingdom, there are indications that the US Department of Justice [US DOJ] is seeking to impose more stringent controls on their scope and the associated costs. In October 2018, the then Assistant Attorney General Brian A Benczkowski released a memorandum titled ‘Selection of Monitors in Criminal Division Matters’ [Benczkowski Memorandum], detailing the process whereby compliance monitors are to be appointed as part of negotiated settlements between corporate entities and the US DOJ, setting out criteria for the appointment of monitors (attaching greater importance to improvements already made to compliance systems and controls) and changes to key personnel before the settlement. In theory, this will bring the United States more in line with the United Kingdom’s approach; see https://www.justice.gov/opa/speech/file/1100531/download.

9 DPA Code, Paragraph 7.12.

10 SFO Operational Handbook, ‘Evaluating a Compliance Programme’, January 2020, Page 3.

11 DPA Code, Paragraph 7.21.

12 e.g., SFO v. Rolls-Royce PLC, Deferred Prosecution Agreement (17 January 2017), Paragraph 31.

13 DPA Code, Paragraph 7.14.

14 e.g., SFO v. Standard Bank, Deferred Prosecution Agreement, Paragraph 29; SFO v. Rolls-Royce PLC, Paragraph 30; SFO v. Tesco Stores Limited, Deferred Prosecution Agreement (10 April 2017), Paragraph 31.

15 DPA Code, Paragraph 7.20.

16 DPA Code, Paragraph 7.15.

17 DPA Code, Paragraph 7.17.

18 e.g., Benczkowski Memorandum – at https://www.justice.gov/opa/speech/file/1100531/download (last accessed 27 March 2020). In particular, it remains to be seen whether the SFO will follow the US DOJ in expressly taking into consideration diversity and inclusion criteria when appointing monitors. For the US approach, see United States of America v. Panasonic Avionics Corporation, Deferred Prosecution Agreement (30 April 2018), Paragraph 12.

19 DPA Code, Paragraph 7.18.

20 DPA Code, Paragraphs 7.13 and 7.18.

21 DPA Code, Paragraph 7.19.

22 SFO v. Standard Bank PLC, Approved Judgment (30 November 2015), Paragraph 64.

23 Serious Crime Act 2007 [SCA], Sections 1 and 2.

24 SCA, Sections 39(3) and 5(5).

25 SCA, Section 39(4).

26 Proceeds of Crime Act 2002 [POCA], Sections 240(2) and 316.

27 POCA, Section 242.

28 See POCA, Section 241A (introduced by Criminal Finances Act 2017, Section 13). This, and corresponding amendments to asset recovery legislation in other jurisdictions, bears the name of Sergei Magnitsky, a Russian lawyer arrested in 2008 after making allegations that Russian officials had been involved in large-scale tax fraud. He died in custody in 2009.

29 To show that a ‘gross human rights abuse or violation’ has occurred, the relevant enforcement authority must establish (on a balance of probabilities) that a person has been subjected to torture or other cruel, inhuman or degrading treatment or punishment in consequence of that person seeking (1) to expose illegal activity carried out by or at the instigation or with the consent or acquiescence of a public official or a person acting in an official capacity, or (2) to obtain, exercise, defend or otherwise promote human rights and fundamental freedoms (POCA, Section 241A, Paragraphs (2) to (4)). Conduct connected with a gross human rights abuse or violation is defined relatively widely by Section 241A(5) to include conduct involving, for example, ‘acting as an agent for another in connection with activities relating to conduct constituting the commission of a gross human rights abuse or violation’, ‘profiting from such activities’ (Section 241A(5)(c)) and ‘materially assisting such activities’ (Section 241A(5)(d)). The latter is in turn defined broadly as including ‘providing goods or services in support of the carrying out of the activities, or otherwise providing any financial or technological support in connection with their carrying out’ (Section 241A(8)). Conduct occurring outside the United Kingdom is caught by this definition if it would constitute the commission of an indictable or either-way offence in the United Kingdom (Section 241(2A)). The boundaries of these seemingly broad provisions have not yet been tested in reported cases (whether in respect of conduct by corporate entities or more generally). It is conceivable though that, in due course, they could be directed towards the operations of corporate entities involved in, for example, the extractive, garment manufacturing and hospitality industries (possibly in conjunction with those contained in the Modern Slavery Act 2015, under which equivalent provisions exist in relevant national law). ‘Public official’ is not defined for these purposes, but analogous terms under other legislation suggest that it would be construed widely to encompass senior employees of state-owned enterprises. See UK Bribery Act 2010, Section 6(5)(b)(ii) (https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/181762/bribery-act-2010-guidance.pdf) and Paragraph 22 of Ministry of Justice guidance, and Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Regulation 35(14)(g). This may indicate that enforcement authorities could seek to recover the proceeds of contracts with state-owned enterprises alleged to be involved in ‘gross human rights abuses or violations’ under civil recovery orders.

30 See ‘Treasury Committee publishes RBS-GRG report’ (February 2018), at https://www.parliament.uk/business/committees/committees-a-z/commons-select/treasury-committee/news-parliament-2017/rbs-global-restructuring-group-s166-report-17-19/; and request made to the Financial Conduct Authority [FCA] pursuant to the Freedom of Information Act 2000, January 2019.

31 FCA, ‘Freedom of Information: Right to know request’ (January 2015), at https://www.fca.org.uk/publication/foi/foi3789-response.pdf (accessed 30 January 2019).

32 FCA Handbook, SUP 5.3.1G. See also Prudential Regulation Authority [PRA] Supervisory Statement (SS7/14) ‘Reports by Skilled Persons’ (June 2014) (updated September 2015), Paragraph 1.5.

33 FCA Annual Report and Accounts 2018/19 (31 March 2019), Appendix 1. These figures stand in stark contrast with the costs of a PRA skilled person reports. In 2018–2019, the PRA commissioned 17 skilled person reports. The total estimated cost of commissioned skilled person reviews was £4.2 million and the cost per review ranged from £84,000 to £499 billion. See PRA Annual Report 1 March 2018–28 February 2019 (21 May 2019), p. 43.

34 FCA Handbook, SUP 5.4.2G.

35 id., at SUP 5.4.13G.

36 DPA Code, Paragraph 7.14.

37 See footnote 9. See also Omers Administration Corporation and Others v. Tesco Plc [2019] EWHC 109 (Ch), in which the High Court required Tesco to disclose to the claimants in civil litigation the SFO’s compelled interview transcripts and notes that Tesco, subject to confidentiality restrictions, obtained from the SFO as part of its DPA negotiations. At the time of writing, an appeal is pending, but the case is a reminder that courts will consider confidentiality of documents, but confidentiality alone is unlikely to be a bar to disclosure. In general, when documents are relevant, the needs of justice are ‘very likely to favour production’, unless the information is available from another source without disproportionate difficulty. The courts are likely to adopt a similar approach if a civil litigant sought production of a monitor’s reports to the enforcement authority.

38 FCA Handbook, DTR 2.8.

Previous Chapter:10. Switzerland-ordered Monitorships

Next Chapter:12. US Ordered Cross Border Monitorships