United Kingdom-Ordered Monitorships

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

Monitorships are assuming an increasingly important role in corporate crime enforcement in the United Kingdom. Before the introduction of deferred prosecution agreements (DPAs) to the UK legal system, monitors were appointed under negotiated settlements entered into between cooperating corporate entities and enforcement authorities, but the statutory foundations for their appointment were less solid and appointments were largely the product of prosecutorial improvisation. Monitors were perceived squarely as a feature of the US corporate crime enforcement landscape and their appointment in the United Kingdom drew significant judicial opprobrium.

Indeed, Lord Garnier QC, the architect of the statutory scheme introducing DPAs in the United Kingdom, has made clear that ensuring that DPAs provided (and were seen to provide) a mechanism for cooperating corporates to address historic misconduct constructively and efficiently was a key objective for the UK government. In the parliamentary debates that preceded the introduction of the legislation, the use of an independent monitor was one of the ‘tough requirements’ cited as something to which a company may be required to adhere, to avoid prosecution.^[2] Recalling the lengthy discussions leading to their introduction, Lord Garnier emphasised that the UK government had to strike a careful balance. It was at pains to avoid encouraging the development of any perceived gravy train for professional services firms (which would have seriously undermined public and judicial confidence) but recognised the useful part that could be played by monitors to ensure that corporates followed up on the promises they made during settlement discussions.

The introduction of DPAs cleared a path for monitorships to become a more common way of concluding criminal investigations involving corporate entities in the United Kingdom. As may be expected, given her previous experience as a US prosecutor and a monitor in private practice, Lisa Osofsky, the director of the UK’s Serious Fraud Office (SFO), appointed in September 2018, has spoken about the holistic approach available through DPAs and monitorships to improve corporate integrity, stating in September 2020 that:

the direction of travel for Deferred Prosecution Agreements . . . is to use to the full the unique leverage DPAs give us to drive better corporate citizenship – in effect, to make better companies . . . DPAs are not only a way of incentivising cooperating companies and avoiding collateral damage to employees, suppliers, investors and customers . . . they are also a way also of ensuring companies admit their fraud and corruption and turn their attention to cleaning house. A conviction and a fine do not reap the same benefits. If companies violate the terms of the DPA, their admission of wrongdoing in the statement of facts can be used against them in a subsequent prosecution. This is invaluable.
The agreement with outsourcing giant G4S earlier this summer was a step change – a DPA with teeth. That DPA means that a major government supplier will be the subject of close scrutiny over the upcoming years to ensure its house stays in order and that UK taxpayers get the value they should from these very substantial contracts.^[3]

It should not be assumed that monitorships in the United Kingdom will become as prevalent as they are in the United States, or that, where they are used, they will be as extensive in scope as their US counterparts. However, it is worth noting Lisa Osofsky’s comments in June 2021 on using DPAs to improve corporate citizenship in cooperating corporates:

DPAs encourage offending companies to uphold the law and become good corporate citizens. They can also prevent unnecessary economic damage where a conviction could put the company out of business and destroy jobs.
DPAs demand full co-operation. In short, companies have to come out with their hands up. They must demonstrate a commitment to rooting out wrongdoing and fulfil all the obligations by a deadline.^[4]

With such a focus on corporate integrity from Lisa Osofsky and the SFO, it can be expected that the place of corporate monitorships in UK corporate crime enforcement practice will solidify.

Indeed, as detailed later in this chapter, there are some indications that the SFO may be moving towards a more routine use of monitorships in cases when DPAs mandate improvements to corporate organisations’ compliance arrangements (if the SFO is not satisfied that monitorship or quasi-monitorship arrangements put in place during the course of the investigation or DPA negotiation process are sufficient).

This chapter identifies the various statutory and other contexts in which monitorships (or equivalent arrangements) may arise in the United Kingdom, examines the shape they may take and lessons that may be drawn from analogous, longer-established arrangements, and considers some specific issues that may be encountered in practice.

The nature and scope of UK monitorships

The appointment of a monitor at the conclusion of an investigation into corporate misconduct by UK enforcement authorities is less routine than in the United States. Where monitors are appointed in the United Kingdom, the scope of their engagement is typically significantly narrower than under corresponding US arrangements.

In the United Kingdom, improvements to compliance arrangements and changes to key personnel are effectively preconditions to the commencement of DPA (or other) negotiations and court approval of proposed settlements. Corporate entities seeking to demonstrate a clean break with historic misconduct will commonly have put in place arrangements akin to those that may be ordered under monitorship programmes in other jurisdictions long before agreements are made with enforcement authorities or ratified by courts.

This differs significantly from the position in the United States. The threshold applied by the US Department of Justice (US DOJ) when deciding whether corporate entities have cooperated sufficiently to expect realistically to enter into a negotiated settlement is lower than that expected by the SFO and the Crown Prosecution Service (CPS) in the United Kingdom. In the United States, remediation follows once a deal has been finalised.

The Crime and Courts Act 2013 (CCA) and the accompanying guidance permit and contemplate the possible appointment of monitors in appropriate cases but stop significantly short of prescribing or even encouraging it. The Deferred Prosecution Agreements Code of Practice (the DPA Code), which the SFO and the CPS are required to take into account when negotiating, applying to the court for DPAs and overseeing DPAs, sets out the roles, duties and mechanics of appointing monitors as a term of a DPA. The DPA Code sounds a note of caution in this regard,^[5] stating:

An important consideration for entering into a DPA is whether [the corporate entity] already has a genuinely proactive and effective corporate compliance programme. The use of monitors should therefore be approached with care. The appointment of a monitor will depend upon the factual circumstances of each case and must always be fair, reasonable and proportionate.^[6]

This guidance reflects the comments of Lord Justice Thomas (as he then was), who (in R v. Innospec in 2010) expressed significant concerns about the costs of what he considered an expensive corporate probation order.^[7] The fact that a settlement incorporating a three-year monitorship had been agreed between UK and US prosecutors meant that he was constrained from giving effect to his concerns but made clear his profound scepticism about the need for the imposition of a monitor at all. He pointed in particular to the steps already taken to address the root causes of historic misconduct, including replacing key senior executives, and the fact that the company’s auditors were aware of wrongdoing.

Statutory frameworks for monitorships in the United Kingdom

In the United Kingdom, a monitorship – or an arrangement similar to a monitorship – can arise pursuant to various statutory and contractual frameworks. As already touched upon, the most recent and high-profile of these is the CCA, which enables them to be used to oversee a compliance programme imposed under a DPA.^[8] A review of the monitorships imposed under the CCA is set out below.

It is not the only scheme that may be used, however. The other statutory and contractual frameworks in which monitorships or similar arrangements may arise are discussed in more detail below.

Deferred prosecution agreements

Monitors appointed under UK DPAs have been, and are likely to continue to be, deployed in a more targeted manner than has been the case under US DPAs to date.^[9] Consistent with the guidance set out in the DPA Code (and the concerns expressed by Thomas LJ in R v. Innospec), the monitorship components of settlements agreed to date (summarised in the table below) could more accurately be described as quasi-monitorships.

Date	Company	Summary of conduct	Monitorship elements
November 2015	Standard Bank PLC	Standard Bank’s sister company, Stanbic Bank Tanzania, had paid US$6 million to a local Tanzanian partner to induce favourable treatment of a US$600 million proposal made by Standard Bank	Required to commission a report on the company’s anti-bribery and corruption (ABC) policies, including advice and recommendations on the use of third-party intermediaries, ABC training systems and the effectiveness of their ABC programme and its awareness among employees. DPA concluded on 30 November 2018 as all terms had been complied with
July 2016	Sarclad Limited	Between June 2004 and June 2012, the company’s employees and agents systematically used bribes to win contracts in foreign jurisdictions	None. Sarclad’s chief compliance officer was required to prepare annual reports for submission assessing the implementation of the company’s new ABC policies
January 2017	Rolls-Royce PLC	Rolls-Royce hired commercial agents in multiple jurisdictions, making tens of millions of dollars of corrupt payments to individuals to secure contracts	Rolls-Royce had previously appointed a compliance monitor to conduct an independent review of the company’s ABC compliance programme, who had completed two interim reports between 2013 and 2014. The DPA required Rolls-Royce to: use best endeavours to procure the production of a third interim report by 31 March 2017; deliver that report to the SFO within five days of its completion; within 24 months of that report being produced, complete, to the compliance monitor’s satisfaction, the actions recommended in all interim reports; and procure a final report from the compliance monitor in respect of the implementation of all actions recommended in interim reports, provided he or she is satisfied
April 2017	Tesco Stores Limited	From February to September 2014, financial statements were improperly amended by ‘pulling forward’ income that should properly have resided in subsequent reporting periods, creating an overstatement of their profits	Within a month of the DPA being issued, Tesco was required to commission an accountancy firm to produce multiple reports and implementation plans commenting on: controls applied to recognition of income; operation of Tesco’s commercial income governance body; segregation of duties between commercial and finance; and training and policies implementation
July 2019	Serco Geografix Limited	Between 2011 and 2013, the company engaged in a fraudulent scheme (with another group company) to artificially deflate its profits on a government contract and thereby avoiding the government’s recouping some of those profits	None. Serco Group Plc, the company’s ultimate parent, was required to report annually to the SFO that it had undertaken and continues to undertake remediation and implementation of compliance measures and internal controls, policies and procedures to ensure (throughout its operations, including those of the company): an effective system of internal accounting controls resulting in fair and accurate books, records and accounts; and a rigorous compliance programme designed effectively to prevent and detect violations of applicable fraud and ABC laws
October 2019	Güralp Systems Limited	Between November 2003 and May 2015, the company made payments to a South Korean public official as an inducement or reward for him exploiting of his position at a government authority to influence the award of contracts to the company	None. The company’s compliance officer was required to submit annual reports on the company’s implementation of its ABC policies and procedures
January 2020	Airbus SE	Payments made through external consultants in Sri Lanka, Malaysia, Indonesia, Taiwan and Ghana in relation to the sale of civilian and military aircraft	Airbus required to continue to implement and review compliance improvements agreed with the SFO. Specific elements include replacement of senior management at executive committee level, creation of a board subcommittee dealing with ethics and compliance, recruitment of compliance professionals, revisions to the code of conduct and associated training, strengthening of internal escalation processes, and contractual credit governance and prohibition on the use of external consultants. The UK DPA also acknowledges the appointment of a monitor under the terms of a simultaneous settlement agreed with French prosecutors
July 2020	G4S Care and Justice Services (UK) Ltd	Between August 2011 and May 2012, the company dishonestly misled the Ministry of Justice as to the extent of its profits. This was to avoid contractual obligations to share the value of any cost reductions, which would have negatively affected the company’s revenues	Although the DPA recognised the steps the company had made in improving its compliance controls, it nevertheless required G4S to: adopt or modify existing controls, policies and procedures in order to (1) ensure the making and keeping of fair and accurate books, records and accounts and (2) effectively prevent and detect violations of applicable fraud and ABC laws; create and fill a group-level head of internal audit and compliance role with an individual who is appropriately resourced and reports to the company’s audit committee and chief financial officer; and engage at the company’s own expense a monitor who is independent and approved by the SFO to review the company’s compliance programme both (1) at the beginning of the programme and (2) prior to the end of the DPA’s term. The company must then produce two plans for the SFO that detail the implementation of the reviewer’s recommendations
October 2020	Airline Services Limited	Between 2011 and 2013, the company used an agent, who was also retained by Lufthansa as a consultant, to secure an illegal advantage when competing for Lufthansa fleet plane refurbishment contracts	None. The company stopped trading in 2018 and is now dormant. It was kept open to facilitate the SFO’s investigation and to discharge the requirements of the DPA. As such, the DPA does not include any compliance remediation and only has a one-year term
July 2021	Amec Foster Wheeler Energy Limited	Between 1996 and 2014, the company was responsible for using corrupt agents and intermediaries in the oil and gas sector. The DPA relates to 10 offences in Nigeria, Saudi Arabia, Malaysia, India and Brazil	None. Although the company had deficiencies in its corporate compliance programme, it was acquired in 2017 by John Wood Group plc, which, it was recognised, had made substantial changes to the company in terms of controls, policies, procedures and culture. However, in conjunction with the DPA, John Wood Group was required to give an undertaking that it would report annually to the SFO on its group-wide ethics and compliance programme and continually review and, if necessary, amend its ethics and compliance programme in a manner consistent with the company’s obligations under the DPA
July 2021	Two unnamed UK-based companies^[10]	Although reporting restrictions currently apply, according to the SFO press release, both DPAs share a common Statement of Facts. The charges relate to offences under Sections 1 and 7 of the UK Bribery Act 2010, with bribes paid in respect of multimillion-pound contracts in the United Kingdom^[11]	According to the SFO press release, a parent company in both DPAs is required to report to the SFO at regular intervals on compliance and has also undertaken to support a comprehensive compliance programme

The DPA Code states that a monitor’s primary responsibility is to ‘assess and monitor [the corporate’s] internal controls, advise of necessary compliance improvements that will reduce the risk of future recurrence of the conduct subject to the DPA and report specified misconduct to [the SFO or the CPS as appropriate]’.^[12] If the DPA requires a company to agree to implement a compliance programme or change its existing compliance programme, the prosecutor needs to be able to assess, and the company needs to satisfy the prosecutor of, the company’s compliance with the terms of the DPA mandating such reforms. According to the SFO’s guidance on evaluating compliance programmes, published and incorporated into its Operational Handbook in January 2020, a monitor appointed at the company’s expense is ‘likely’ in such circumstances.^[13] This has been interpreted in some quarters as an indication that Lisa Osofsky is seeking to bring to bear her previous experience (as an investigator and prosecutor in cases pursued in the United States and as a monitor in private practice) on her role as Director of the SFO. Whether this indication translates into greater numbers of monitors being appointed under DPAs in the United Kingdom will become clearer as more investigations during which the SFO applies this guidance come to fruition. However, the number of cases in which a monitor is appointed to oversee adherence by corporate organisations to the terms of DPAs may be limited. Clearly, whether it is deemed necessary to appoint a monitor to verify and report back to the SFO on prescribed improvements to compliance arrangements will be a matter for negotiation in every case, and corporate organisations and their advisers will, in many cases, be able to make strong arguments that such a step is unnecessary and disproportionate.^[14]

The CPS has not issued corresponding specific guidance on how it will evaluate compliance programmes and when it may consider it necessary for a monitor to be appointed. Cases in which it will be dealing with these types of questions are likely to be relatively rare. When these questions do arise in cases handled by the CPS, it may draw on the guidance it has published in relation to the appointment of authorised monitors under serious crime prevention orders (see section on these orders, below).

The specific tasks of monitors appointed under DPAs will vary widely, and typically will be set out in the terms of the DPA, but can include the monitoring of any facet of the company’s compliance programme.^[15] The appointment of a monitor, however, will not absolve the company’s board of directors from the ultimate responsibility for identifying, assessing and addressing risks. The terms of the DPA will usually require the company to consent to the monitor’s cooperation with the prosecuting authority.^[16]

The DPA Code requires corporates to afford monitors ‘complete access to all relevant aspects of the company’s business during the course of the monitoring period as requested by the monitor’.^[17] The terms of the DPA typically will require that the company permits the monitor to have access to any material the monitor could reasonably request to fulfil his or her function.^[18] The DPA Code acknowledges, though, that a corporate subject to a monitoring arrangement may not be required to produce material subject to legal professional privilege (whether to the monitor or anyone else). The reports produced by the monitor are confidential, with disclosure restricted to the prosecution authority, the company and the court (unless otherwise permitted by law).^[19]

Whether corporate entities entering into agreements with enforcement authorities that contain monitorship components should expect to be asked to produce privileged documents to monitors (and, indeed, the extent to which they are required to produce such documents in response to requests from monitors) is discussed more fully below. The extent to which monitors may be able or required to make onward disclosure of material provided to them in the course of their engagement is also considered below.

The DPA Code affords corporates and their representatives a much greater role in identifying appropriate candidates to act as monitors than was contemplated under previous legislation. As part of the DPA negotiations, corporates provide to the relevant prosecuting authority details of three potential monitors, including their relevant qualifications, specialist knowledge and experience, disclose any associations the potential monitors have had with the company and identify their preferred monitor.^[20] The DPA Code directs the CPS and the SFO that they should ordinarily accept the company’s preferred monitor but confirms that the relevant authority may reject the choice if it considers that there may be a potential conflict of interest or that the preferred candidate does not have sufficient experience or authority.^[21] Although not identical, these and other provisions of the DPA Code are reflective of guidance on the selection of monitors under US DPAs and non-prosecution agreements.^[22]

If it is proposed that a monitorship be a feature of a DPA, once agreement is reached on the identity of the monitor, the relevant prosecuting authority and the corporate entity will provisionally agree a detailed work plan for the first year, including the proposed method of review and frequency of reporting to the prosecutor.^[23] An outline work plan will be agreed to govern the monitor’s activities for the remainder of the monitorship period. The work plan and outline work plan will also need to address costs of the monitorship, since these costs (including reasonable costs associated with monitorships incurred by the prosecuting authority) are paid by the corporate.^[24] Some of the practical aspects of measuring the progress of ongoing monitorships and managing costs are discussed below.

The length of the monitorship will be agreed in the DPA following negotiations between the company and the prosecuting authority. Initially, it may be shorter than the term of the DPA itself but can never exceed the term of the DPA. The monitor can recommend terminating or suspending the monitorship, if the company’s policies and procedures are functioning properly without the need for further monitoring, or the monitor can recommend extending the monitorship, if the company has been, or will be, unable to satisfy its obligations successfully by the end of the monitorship period. The decision to terminate, suspend or extend the monitorship will be taken by the prosecuting authority.^[25]

An important feature of the DPA regime is that the DPA, including any monitorship proposed, must be approved by the court. Sir Brian Leveson noted when reviewing (and ultimately approving) the proposed DPA between the SFO and Standard Bank that, in the United Kingdom, ‘a DPA requires the informed, independent opinion of a judge before it can be effected; the agreement of the parties is not enough’ and that the court will consider the prospective terms of the DPA ‘individually and collectively, in order to determine whether to grant a declaration . . . that entering into it is likely to be in the interests of justice and that its proposed terms are fair, reasonable and proportionate’.^[26]

Serious crime prevention orders

Serious crime prevention orders (SCPOs) are governed by Part I of the Serious Crime Act 2007 (SCA). They were added to the statute book substantially before the introduction of the UK DPA regime, but were not specifically directed towards corporate crime. Although they have been used to impose restrictions on individuals (in some cases in respect of the activities of corporate entities) following conviction, mainly in cases concerning serious and organised crime, there are no reported instances of authorities using them to resolve white-collar investigations against corporates.

Under the SCA, when a corporate defendant is convicted of a ‘serious offence’ (which includes fraud, bribery and money laundering offences), the Crown Court can, on the application of the SFO or the CPS in England and Wales, impose an SCPO enabling the authority to contract with a person to provide monitoring services (the authorised monitor). An SCPO can also be imposed without there having been a criminal trial if the High Court of England and Wales is satisfied that a corporate has been involved in serious crime (which means committing or facilitating a serious offence, whether in England and Wales or elsewhere) and where there are reasonable grounds to believe that the order would protect the public by preventing, restricting or disrupting the company’s involvement in serious crime.^[27]

An SCPO may require the person subject to it to provide information or documents to the authorised monitor or answer questions posed by the authorised monitor.^[28] If deemed appropriate by the court, the person subject to the SCPO may also be required to pay all or some of the costs associated with the authorised monitor’s engagement.^[29] Any documents or information produced to the authorised monitor under the SCPO will be retained by the relevant enforcement authority for as long as it considers necessary.

SCPOs are available to various enforcement authorities but have principally been used by the CPS (although there have been examples of their use by the Financial Conduct Authority (FCA) in cases concerning unauthorised business). It is possible that the SFO and other authorities may explore their potential application in larger-scale cases (although they would only be made as a part of the sentencing process following conviction rather than as part of a negotiated settlement).

Civil recovery orders

Civil recovery orders (CROs) (under Part 5 of the Proceeds of Crime Act 2002 (POCA)) are civil orders available to the CPS, SFO, FCA and other enforcement authorities as a tool to conclude criminal investigations (whether or not there has been a parallel prosecution).^[30] They allow enforcement authorities to recover ‘property obtained as a result of unlawful conduct’.^[31] As civil remedies, the hurdles to be overcome by enforcement authorities are considerably lower than in criminal proceedings. Property is still susceptible to a CRO even if the ‘unlawful conduct’ was carried out by another person as it is only necessary for authorities to establish facts to the civil standard and there is no necessity to show from which particular offence or offences the property in question has been generated.

Before the introduction of DPAs, CROs were seen by enforcement authorities and cooperating corporate entities as a relatively attractive way of concluding investigations through negotiation. There is no equivalent to the DPA Code in respect of CROs and no constraints on the appointment of monitors under them (beyond those required to settle any civil proceedings, namely acceptable wording for a consent order and associated settlement documents). As noted in the table below, in some cases involving monitors, the latitude the CRO framework has afforded to cooperating corporate entities to negotiate settlements perceived as relatively favourable to them, and the limited extent to which the court may influence the contents of agreements, has drawn significant judicial criticism.

Date	Company	Summary of conduct	Amount recovered	Monitorship
October 2008	Balfour Beatty PLC	Irregularities concerning payments made as part of a joint venture bid to secure £22.5 million of work on the construction of the Alexandria Library in Egypt	£2.25 million	Included a form of external monitoring for an agreed period
July 2011	Macmillan Publishers Limited	Improper payments were made in relation to a tender to supply educational books to South Sudan	£11.3 million recovered through a CRO	External monitor imposed to report to SFO and World Bank
July 2012	Oxford Publishing Limited	Two subsidiaries of Oxford Publishing operating in Kenya and Tanzania made facilitation payments in connection with tenders for school books	£1.9 million recovered through a CRO (in addition to a £2 million voluntary payment to sub-Saharan African non-profit groups)	External monitor imposed to report to SFO and World Bank

The appointment of monitors was acknowledged in the CROs referred to above by way of relatively bland clauses included in consent orders. In contrast to the comparatively detailed provisions of the DPA Code, there is very little information in the public domain about the processes by which monitors appointed under CROs have been selected, the extent of any input allowed by the companies concerned and whether any agreement was reached in relation to the circumstances in which monitorship arrangements may be either terminated early or extended.

Outside Scotland, where DPAs are not available as a tool to conclude investigations, CROs involving the appointment of monitors are now likely to be a thing of the past, at least to conclude investigations concerning offences in respect of which DPAs are now available and more likely to be used.

It is possible that CROs incorporating monitorships could be used in different contexts. For example, to date, there have been no publicised orders made since the definition of ‘unlawful conduct’ was amended, for the purposes of the civil recovery regime in Part 5 of POCA, to include ‘gross human rights abuses or violations’ (under the ‘Magnitsky amendment’ introduced in the United Kingdom through the Criminal Finances Act 2017).^[32] These orders are expected to be few and far between (if indeed any are made at all). There are no indications to date that enforcement authorities are contemplating using CROs based on this provision to recover property in the hands of corporate entities.^[33] It is conceivable though, particularly given the breadth of the definition of ‘gross human rights abuses or violations’, that applications for any such orders may be an area in which authorities could seek the appointment of monitors.

Appointment of skilled persons by the UK financial services regulators

The FCA and the Prudential Regulation Authority (PRA) have the supervisory power, conferred by Sections 166 and 166A of the Financial Services and Markets Act 2000, to appoint or to require firms they regulate to appoint an external third party, a ‘skilled person’, to undertake a review of a particular business area of that firm or to examine a particular issue. The power has been heavily used historically by the FCA in particular (and the former Financial Services Authority from which the FCA and the PRA emerged). Published data shows a steady decline in the number of skilled persons appointed, from 95 in 2010–2011 and a spike of 113 in 2012–2013 to 34 in 2018–2019. It is possible that the decline was attributable at least in part to the controversy surrounding the publication of a Section 166 report in February 2018, following intervention by the Treasury Committee.^[34] However, the number of skilled persons appointed has since begun to rise again, with 57 in 2019–2020 and 68 in 2020–2021, which may be attributable to a greater focus on financial crime, firms’ controls and risk management frameworks and conduct of business issues.

The appointment of a skilled person is a supervisory tool, rather than part of the enforcement processes of the FCA or the PRA. For example, between September 2012 and September 2014, more than 95 per cent of FCA-ordered skilled person reviews did not lead to enforcement action.^[35] Rather, the purpose of appointing a skilled person is to diagnose, monitor, limit or reduce identified risk or remedy crystallised risk.^[36] The appointing firm bears the cost of the skilled person’s work, which is typically significant. The total cost incurred by firms subject to skilled person reviews in 2020–2021 was £39.4 million.^[37]

Skilled persons are usually appointed from specialist panels maintained by the regulators. Relevant guidance indicates that the FCA ‘will normally contact the [subject of the report] before finalising its decision to require a report or the updating or collection of information by a skilled person’ to ‘provide an opportunity for discussion about the appointment, whether an alternative means of obtaining the information would be better, what the scope of a report should be, who should be appointed, who should appoint, and the likely cost’.^[38]

However, in practice, the scope for firms to influence the identity of the skilled person or the scope of their engagement is usually relatively limited.

The skilled person’s obligation is to cooperate with, and ultimately report to, the FCA (or PRA, as the case may be). As a matter of practice, the skilled person will give the firm an opportunity to comment on the drafts of the review before it is finalised.^[39]

Contractual monitoring arrangements

Arrangements similar to monitorships can arise in other contexts. Consistent with regulatory guidance on mitigating anti-corruption, anti-money laundering and trade compliance risks, equity investors will usually seek to negotiate the inclusion of contractual compliance protections in deal documents. Where specific and material compliance concerns are identified during the pre-investment stage, investors may seek to include robust compliance undertakings that will govern a corporate entity’s post-acquisition compliance programme. These undertakings could require an investee company to work with an investor’s external compliance counsel to adopt compliance policies and procedures, develop a compliance function staffed by appropriately qualified compliance personnel, conduct a forensic audit and take any other steps to address identified compliance concerns. In these situations, the investor’s external compliance counsel will effectively assume a quasi-monitorship role by taking the lead to drive the investee company’s satisfaction of the compliance undertakings and addressing identified risk areas.

Practical points

As monitorships are still a comparative rarity in the United Kingdom, there is not yet an established body of practice relating to when and how monitors should be appointed and how they should carry out their engagements as in the United States. Each situation in which a monitor has been or may be appointed will raise specific questions and issues. Careful analysis at the outset to identify and explicitly deal with questions likely to arise during the course of the monitorship will minimise and mitigate uncertainty and friction during the life of the monitorship. Some of the questions likely to arise are addressed below.

Cross-border monitorships

Can or should a monitor be appointed under a settlement with more than one enforcement authority?

Nothing prevents enforcement authorities from appointing a single monitor to oversee compliance arrangements in multiple jurisdictions. This course has been taken in numerous settlements with US authorities. However, enforcement authorities are increasingly recognising the benefits of retaining specialists in different jurisdictions.

Privilege

Can a monitor require access to legally privileged material?

No. The DPA Code acknowledges: ‘Any legal professional privilege that may exist in respect of investigating compliance issues that arise during the monitorship is unaffected by [CCA], this DPA Code or a DPA.’^[40]

In many instances, this will not cause particular problems, as monitors will be less concerned with the content of legal advice than the fact that it has been taken and appropriate action taken in response to it.

Enforcement authorities or monitors are not precluded, of course, from requesting that corporate entities provide privileged material voluntarily (whether on a limited waiver basis or more generally), although in most cases they and their representatives will be reluctant to do so, as they are likely to have concerns about waiver, given in particular the potential for material to be disclosed further and used in, or to precipitate, further litigation or investigations.

Can a monitor assert privilege in connection with his or her engagement?

Yes. Although monitors are often themselves lawyers, it will usually be necessary and prudent for them to seek specialist advice on particular aspects of their engagement. Communications passing between a monitor and his or her advisers may be subject to privilege in the same way as those passing between any lawyer and a client.

Data protection considerations

What are monitors’ obligations in relation to data?

Particularly in the context of fact-finding aspects of their appointments, monitors are likely to have to gather and review corporate documents, employee emails, data stored on work devices and other company data. That data could include personal data, of which collection, storage and processing could be subject to the Data Protection Act 2018 and the retained General Data Protection Regulation (or equivalents in other jurisdictions).

The monitor will need to assess his or her role under applicable data protection laws and may need to work with the corporate entity to ascertain an appropriate basis for the monitor’s receipt, processing and storage of the personal data. Where relevant data is located in jurisdictions outside the United Kingdom, the monitor will need to work with the corporate entity to determine which data privacy laws may affect the data transfer to the United Kingdom and ensure that there is an appropriate basis under local law for the transfer, processing and storage of data.

It will usually be prudent for the monitor to seek specialist advice in the particular jurisdictions in which he or she is operating and to document in writing the corporate entity’s and monitor’s rights and obligations (including any appropriate indemnities) in relation to personal data.

Managing the relationship between monitor and subject entity

How should monitors deal with the senior management of the company?

In most instances, whether pursuant to a DPA or a skilled person review, the corporate entity concerned will not have anticipated a monitorship. Some degree of resistance from the company’s senior management, who may regard dealing with a monitor as an expensive distraction from running the business, is therefore to be expected. The company is likely to treat the monitor as an unwelcome guest, particularly if it has already expended significant resources in investigating misconduct and bolstering its compliance programme as part of the settlement negotiations with the enforcement authority.

The monitor will have a clear mandate enshrined in the terms of his or her appointment and should focus on carrying it out diligently, but the monitor should be sensitive in doing so and cognisant of the remedial steps the company has taken to date. The monitor should take time in the initial phase of the monitorship to understand the steps that the company has taken and is planning to take to improve the pertinent aspects of its compliance programme as those facts should inform the monitor’s work plan and formulate a basis for the organic, self-sustaining growth of the company’s compliance programme.

If a monitor’s approach is perceived to be too intrusive, a company’s management may accuse the monitor of impeding the company’s business or, at best, be less receptive to recommendations. However, the nature and purpose of tasks inherent in a monitorship may not always seem congruent with the objectives and priorities of senior executives, who owe duties to shareholders and others to maximise commercial performance. There may be particular tensions when monitors are installed in financial services firms as senior executives, subject to individual accountability regimes, may seek particular information or assurances from monitors to satisfy themselves and regulators that they are complying with their personal regulatory obligations. Transparent and effective communication by monitors is key to striking an appropriate balance in monitoring the pertinent areas of the corporate entity’s business objectively and, on one hand, discharging obligations to the prosecuting authority and, on the other, avoiding unnecessary friction with the company. To the extent permitted by the terms of his or her appointment, the monitor should give the company advance notice of, and an opportunity to comment on, any recommendations, findings or reports that the monitor will make to the enforcement authority.

The monitor should also aim to be transparent and up front with the company about his or her working methods, including fees and expenses. For example, this involve giving the company sufficient advance notice of any proposed meetings, document requests or employee interviews. The monitor should alleviate the company’s concerns about the potential costs of the monitorship – considering in advance the proposed staffing and likely associated expenses, identifying cost efficiencies and offering cost solutions is likely to lead to a better working relationship between the company and the monitor.

There will be occasions when it is necessary for details of the tasks being undertaken by a monitor, and the reasons for them, to be kept confidential from senior executives. However, to the greatest extent possible, a constructive working relationship should be fostered by the release of as much information as is appropriate in the particular circumstances of each engagement to enable senior executives to understand the progress of the monitorship, any areas where they may be able to assist with resources or information, and the reasons why the monitor requires details about particular aspects of the business. Both monitors and corporate entities should bear in mind that the engagement will proceed more smoothly, is likely to be concluded more quickly and will result in more sustainable improvements to compliance systems and controls if all parties adopt an appropriately collaborative approach.

What should monitors do if the relationship with the subject deteriorates?

The monitor should work to repair the relationship with the company but also critically assess why it may be deteriorating. If the relationship is being undermined by the company’s perceived unwillingness to cooperate with the monitor’s reasonable performance of his or her duties (e.g., by resisting disclosure to the monitor of information that reasonably would help in the performance of the monitor’s mandate), the monitor should evaluate whether those are matters that may have to be reflected in his or her reports to the enforcement authorities.

The monitor should be mindful, however, that his or her report to the enforcement authorities is a powerful tool that should be used only when genuine need demands it. The monitor should understand that he or she is not appointed to impose his or her will on the company; rather, the monitor’s role is to aid the company’s journey towards developing robust compliance policies and procedures that address the deficiencies in culture and controls that led to the original misconduct and that work for that particular company’s business model.

In many cases, external reporting to the enforcement authority of perceived friction or disagreements will not be necessary. For example, lack of cooperation when seeking information from junior or middle-ranking staff is likely to be dealt with more effectively, in the first instance at least, by a report to senior executives of the corporate entity, and joint steps by the corporate entity and the monitor to explain adequately to the affected staff the purpose of the monitorship and the benefits of collaborating with reasonable requests made by the monitor.

Similarly, a company’s perceived reluctance or struggle to change certain practices or adopt certain procedures should prompt the monitor to assess the suitability of the proposed course of action, and the strength of buy-in from all relevant parts of business for that course of action. The monitor should work with key stakeholders in the company to formulate an approach that fits the company’s operations and risk profile. That process may require the monitor to encourage the company to work with him or her collaboratively to come up with appropriate compliance solutions, rather than adopting off-the-shelf policies and procedures. The monitor should also work with key stakeholders in the company to educate all relevant parts of the business about the company’s compliance risks and the benefits of investing in compliance.

How should monitors deal with auditors?

The purpose of an audit is to provide an objective and independent examination and evaluation of a corporate entity’s financial statements. If the monitor encounters issues during the term of the monitorship that may affect the accuracy of financial statements, it is likely that the monitor would be bound by confidentiality obligations to the corporate entity and would not be able to disclose the matter to auditors. In this situation, the prudent course of action is for the monitor to urge the company to investigate the matter and, if necessary, work with the company to bring the matter to the auditor’s attention. The monitor should also assess whether the issue is one that would need to be included in the monitor’s report to the enforcement authority pursuant to the terms of the monitorship.

How should monitors deal with the media?

The monitor will owe confidentiality obligations to the company and the enforcement authority. Unless there are exceptional circumstances, as a matter of professionalism, the monitor should avoid engaging with the press.

Information gathering

What steps should monitors take to ensure that relevant documents are preserved, and when?

Monitors’ evidence preservation plans and priorities will be similar to those applicable to conducting an internal investigation or responding to a regulatory investigation. The monitor may have to work with the company to preserve data (for example, by disabling automatic email deletion) and amend or disapply the company’s document retention policies, or issue document hold notices in respect of categories of documents relevant to the scope of his or her engagement.

If the monitor has been appointed pursuant to a settlement with enforcement authorities, it is likely that document preservation measures will already have been implemented when the company conducted its own internal investigation. The monitor should assess with the company whether those preservation measures need to be kept in place during the term of the monitorship.

When should monitors conduct fact-finding interviews?

Depending on the terms of the appointment, the monitor may need to conduct fact-finding interviews with the company’s employees. Those interviews could focus on particular compliance incidents or aspects of the company’s compliance programme.

When compliance incidents occur (or even if none has occurred, if it is part of the monitor’s stated task to conduct spot checks to ensure the effectiveness of particular compliance functions or systems), the monitor may want to conduct interviews with personnel with relevant first-hand knowledge. These interviews are quite separate from interviews conducted by the corporate entity’s in-house or external counsel and are conducted for a different purpose.

Are the subjects of interviews entitled to separate representation?

Neither the monitor nor the corporate entity will be able to preclude the employees from engaging their own counsel at their own expense. Separately, however, the corporate entity is likely to wish to ensure that the company’s legal representative is present during the monitor’s interview with an employee to ensure that the corporate entity’s privileged information is not disclosed. The monitor will need to consider, however, to what extent the presence of company’s counsel at interviews may stifle an employee’s candidness and willingness to express their concerns.

Are monitors required to give the subjects of interviews Upjohn (or similar) warnings?

Although the monitor is not required to give an Upjohn (or similar) warning to an employee at the beginning of an interview, the monitor should nonetheless take care to clarify his or her role and the purpose of the interview, and remind the employee of the confidentiality of the interview.

Confidentiality and market obligations

To whom do monitors owe duties of confidentiality? What is the extent of these duties?

Under the DPA regime, monitors’ reports are confidential, with disclosure limited to the company in question, the prosecuting authority and the court. Monitors owe a duty of confidentiality to all three but this duty can be overridden if permitted by law (for example, if required pursuant to disclosure in civil litigation). Monitors’ reports are exempt from disclosure under the Freedom of Information Act 2000.

Currently, there are no reported examples of instances of claimants in separate civil litigation seeking or obtaining disclosure of monitors’ reports such as those seen in some cases in the United States. However, this is not to say that the confidentiality of reports prepared by monitors in the United Kingdom is unassailable or that attempts of this kind will not be made in future. One particular factor for monitors and corporate entities alike to bear in mind is that the UK Parliament has shown itself to be willing to publish confidential documents when it considers it to be in the public interest to do so (particularly when all or some of the content of reports has previously been leaked).^[41]

What practical steps should the company and monitors take to protect inside information?

If the company’s shares are listed on a stock exchange, the company will have obligations with respect to the management and disclosure of inside information. The company may have to place the monitor on an insider list owing to the nature of the information to which the monitor will have access during the term of his or her appointment.^[42] The company will also need to ensure that the monitor has systems in place to maintain strict confidentiality in respect of inside information that, if disclosed, could prejudice the company’s legitimate interests.

Reporting the outcome of monitorships

What format should monitors’ reports take?

The monitor should discuss with the prosecuting authority at the outset of the monitorship the format the monitor’s reports should take. The prosecuting authority may find it preferable to receive periodic informal reports, with a formal report delivered at agreed milestones. The monitor should supplement any written report with offers to guide the authority through the report by phone or during a face-to-face meeting.

Should the monitor share his or her draft report with the company?

To the extent permitted by the terms of his or her appointment, the monitor should give the company advance notice of any reports that the monitor will make to the enforcement authority. The monitor should explain his or her findings and recommendations to the company and allow it to comment on those findings and recommendations. Although the monitor has an independent duty to the enforcement authority to provide an objective report, the monitor should strive to avoid surprising the company with his or her findings, and formulate recommendations in collaboration with the company that achieve the objectives of the monitorship and that can be owned by the company long after the monitor’s mandate is finished.

Footnotes

¹ Judith Seddon is a former partner at Ropes & Gray International LLP. Andris Ivanovs is an associate at Ropes & Gray International LLP. The authors gratefully acknowledge the assistance of Michael Harris and Toby Morris of Ropes & Gray International LLP, London.

² Hansard, House of Commons Debate, 14 January 2013, Vol. 556, Col. 655.

³ Lisa Osofsky, Director, Serious Fraud Office (SFO), Keynote address to the Cambridge Symposium on Economic Crime (7 September 2020), at https://www.sfo.gov.uk/2020/09/07/lisa-osofsky-speaking-at-a-presentation-hosted-by-the-cambridge-symposium-on-economic-crime/ (last accessed 2 Feb. 2022). Further detail about the DPA with G4S Care and Justice Services (UK) Ltd referred to in Lisa Osofsky’s address is given later in this chapter.

⁴ Lisa Osofsky, Director, SFO, ‘We’re defending the UK as a safe place for business’ speech (30 June 2021), at https://www.sfo.gov.uk/2021/06/30/were-defending-the-uk-as-a-safe-place-for-business/ (last accessed 2 Feb. 2022).

⁵ Crime and Courts Act 2013 (CCA 2013), Paragraph 6, Schedule 17. Deferred prosecution agreements (DPAs) are only available in England, Wales and Northern Ireland. Although negotiated settlements have been reached in Scotland, these have taken the form of civil recovery orders.

⁶ The Deferred Prosecution Agreements Code of Practice (DPA Code), Paragraph 7.11.

⁷ [2010] Crim LR 665.

⁸ CCA 2013, Section 45 and Schedule 17 – see Paragraph 5(3)(e), Schedule 17.

⁹ As recently as 2018, the US Department of Justice (US DOJ) indicated that it was seeking to impose more stringent controls on the scope and the associated costs of monitorships. In October 2018, the then Assistant Attorney General Brian A Benczkowski released a memorandum titled ‘Selection of Monitors in Criminal Division Matters’ (Benczkowski Memorandum), detailing the process whereby compliance monitors are to be appointed as part of negotiated settlements between corporate entities and the US DOJ, setting out criteria for the appointment of monitors (attaching greater importance to improvements already made to compliance systems and controls) and changes to key personnel before the settlement. However, the US DOJ has reversed course. In October 2021, Lisa Monaco, Deputy Attorney General of the US DOJ, stated in an address to the American Bar Association’s 36th National Institute on White Collar Crime that she was ‘rescinding’ any previous guidance that ‘suggested that monitorships are disfavoured or are the exception’. Concurrently, the US DOJ released a memorandum on 28 October 2021 revising existing corporate criminal enforcement practices, including the statement: ‘In general, the Department should favor the imposition of a monitor where there is a demonstrated need for, and clear benefit to be derived from, a monitorship.’ See https://www.justice.gov/opa/speech/file/1100531/download and https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-gives-keynote-address-abas-36th-national-institute (websites last accessed 2 Feb. 2022).

¹⁰ At the time of writing, reporting restrictions apply.

¹¹ SFO, ‘SFO secures two DPAs with companies for Bribery Act offences’ (20 July 2021), see https://www.sfo.gov.uk/2021/07/20/sfo-secures-two-dpas-with-companies-for-bribery-act-offences/ (last accessed 18 Feb. 2022).

¹² DPA Code, Paragraph 7.12.

¹³ SFO Operational Handbook, ‘Evaluating a Compliance Programme’ (January 2020), see https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/evaluating-a-compliance-programme/ (last accessed 2 Feb. 2022).

¹⁴ In October 2020, the SFO published a chapter on DPAs from its internal Operational Handbook, which noted that the SFO can consider ‘[l]ess onerous alternatives to a monitorship . . . such as an external reviewer’. It remains to be seen whether the SFO will explore such alternatives and how different, as a matter of practice, they will be from monitorships. SFO Operational Handbook, ‘Deferred Prosecution Agreements’ (October 2020), see https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/deferred-prosecution-agreements-2/ (last accessed 2 Feb. 2022).

¹⁵ DPA Code, Paragraph 7.21.

¹⁶ e.g., SFO v. Rolls-Royce PLC, Deferred Prosecution Agreement (17 January 2017), Paragraph 31; SFO v. G4S Care and Justice Services (UK) Limited, Deferred Prosecution Agreement (17 July 2020), Paragraph 38.

¹⁷ DPA Code, Paragraph 7.14.

¹⁸ e.g., SFO v. Standard Bank, Deferred Prosecution Agreement, Paragraph 29; SFO v. Rolls-Royce PLC, Paragraph 30; SFO v. Tesco Stores Limited, Deferred Prosecution Agreement (10 April 2017), Paragraph 31; SFO v. G4S Care and Justice Services (UK) Limited, Paragraph 36.

¹⁹ DPA Code, Paragraph 7.20.

²⁰ ibid., Paragraph 7.15.

²¹ ibid., Paragraph 7.17.

²² e.g., Benczkowski Memorandum – at https://www.justice.gov/opa/speech/file/1100531/download (last accessed 18 Feb. 2022). In particular, it remains to be seen whether the SFO will follow the US DOJ in expressly taking into consideration diversity and inclusion criteria when appointing monitors. For the US approach, see United States of America v. Panasonic Avionics Corporation, Deferred Prosecution Agreement (30 April 2018), Paragraph 12.

²³ DPA Code, Paragraph 7.18.

²⁴ ibid., Paragraphs 7.13 and 7.18.

²⁵ ibid., Paragraph 7.19.

²⁶ SFO v. Standard Bank PLC, Approved Judgment (30 November 2015), Paragraph 64.

²⁷ Serious Crime Act 2007 (SCA), Sections 1 and 2.

²⁸ SCA, Sections 39(3) and 5(5).

²⁹ ibid., Section 39(4).

³⁰ Proceeds of Crime Act 2002 (POCA), Sections 240(2) and 316.

³¹ POCA, Section 242.

³² See ibid., Section 241A (introduced by Criminal Finances Act 2017, Section 13). This, and corresponding amendments to asset recovery legislation in other jurisdictions, bears the name of Sergei Magnitsky, a Russian lawyer arrested in 2008 after making allegations that Russian officials had been involved in large-scale tax fraud. He died in custody in 2009.

³³ To show that a ‘gross human rights abuse or violation’ has occurred, the relevant enforcement authority must establish (on a balance of probabilities) that a person has been subjected to torture or other cruel, inhuman or degrading treatment or punishment in consequence of that person seeking (1) to expose illegal activity carried out by or at the instigation or with the consent or acquiescence of a public official or a person acting in an official capacity, or (2) to obtain, exercise, defend or otherwise promote human rights and fundamental freedoms (POCA, Section 241A, Paragraphs (2) to (4)). Conduct connected with a gross human rights abuse or violation is defined relatively widely by Section 241A(5) to include conduct involving, for example, ‘acting as an agent for another in connection with activities relating to conduct constituting the commission of a gross human rights abuse or violation’, ‘profiting from such activities’ (Section 241A(5)(c)) and ‘materially assisting such activities’ (Section 241A(5)(d)). The latter, in turn, is defined broadly as including ‘providing goods or services in support of the carrying out of the activities, or otherwise providing any financial or technological support in connection with their carrying out’ (Section 241A(8)). Conduct occurring outside the United Kingdom is caught by this definition if it would constitute the commission of an indictable or either-way offence in the United Kingdom (Section 241(2A)). The boundaries of these seemingly broad provisions have not yet been tested in reported cases (whether in respect of conduct by corporate entities or more generally). It is conceivable though that, in due course, they could be directed towards the operations of corporate entities involved in, for example, the extractive, garment manufacturing and hospitality industries (possibly in conjunction with those contained in the Modern Slavery Act 2015, under which equivalent provisions exist in relevant national law). ‘Public official’ is not defined for these purposes, but analogous terms under other legislation suggest that it would be construed widely to encompass senior employees of state-owned enterprises. See UK Bribery Act 2010, Section 6(5)(b)(ii) (https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/181762/bribery-act-2010-guidance.pdf (last accessed 2 Feb. 2022)) and Paragraph 22 of Ministry of Justice guidance, and Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Regulation 35(14)(g). This may indicate that enforcement authorities could seek to recover the proceeds of contracts with state-owned enterprises alleged to be involved in ‘gross human rights abuses or violations’ under civil recovery orders.

³⁴ See ‘Treasury Committee publishes RBS-GRG report’ (February 2018), at https://committees.parliament.uk/committee/158/treasury-committee/news/98862/treasury-committee-publishes-rbsgrg-report/ (last accessed 2 Feb. 2022); and request made to the Financial Conduct Authority (FCA) pursuant to the Freedom of Information Act 2000 (January 2019).

³⁵ FCA, ‘Freedom of Information: Right to know request’ (January 2015), at https://www.fca.org.uk/publication/foi/foi3789-response.pdf (last accessed 2 Feb. 2022).

³⁶ FCA Handbook, SUP 5.3.1G. See also Prudential Regulation Authority (PRA) Supervisory Statement (SS7/14) ‘Reports by Skilled Persons’ (June 2014) (updated September 2015), Paragraph 1.5.

³⁷ FCA Annual Report and Accounts 2020/21 (31 March 2021), Appendix 2. The FCA’s annual headline figure includes the 2020–2021 costs of skilled person reviews that continued from prior years. In contrast, in 2020–2021, the PRA commissioned 17 skilled person reviews. The total estimated cost of commissioned skilled person reviews was £4.6 million and the cost per review ranged from £62,000 to £0.9 million (but note that the total cost for PRA-appointed skilled persons in 2019–2020 was much higher, at £23.4 million for 29 reviews). See PRA Annual Report 1 March 2020–28 February 2021 (17 June 2021), p. 49.

³⁸ FCA Handbook, SUP 5.4.2G.

³⁹ ibid., at SUP 5.4.13G.

⁴⁰ DPA Code, Paragraph 7.14.

⁴¹ See footnote 9. See also Omers Administration Corporation and Others v. Tesco Plc [2019] EWHC 109 (Ch), in which the High Court of England and Wales required Tesco to disclose to the claimants in civil litigation the SFO’s compelled interview transcripts and notes that Tesco, subject to confidentiality restrictions, obtained from the SFO as part of its DPA negotiations. The case is a reminder that courts will consider confidentiality of documents, but confidentiality alone is unlikely to be a bar to disclosure. In general, when documents are relevant, the needs of justice are ‘very likely to favour production’, unless the information is available from another source without disproportionate difficulty. The courts are likely to adopt a similar approach if a civil litigant sought production of a monitor’s reports to the enforcement authority.

⁴² FCA Handbook, DTR 2.8.