Cooperating with the Authorities: The UK Perspective
This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight
This chapter considers corporate cooperation with regulatory agencies and law enforcement authorities in the United Kingdom. It discusses why a corporate may choose to cooperate, what cooperation means in practice, and the potential outcomes and implications of cooperation.
Cooperation differs from compulsion. Compulsion refers to authorities exercising statutory powers that require a corporate to take, or refrain from taking, certain actions, with penalties for non-compliance, whereas cooperation means providing the authorities with assistance ‘that goes above and beyond what the law requires’. The expectation that corporates will cooperate with authorities has grown in recent years, and the concept and components of cooperation have been increasingly explored and detailed by the authorities, the courts and commentators. Nevertheless, when and why a corporate cooperates and what it entails will depend on the case.
15.2 Why cooperate?
Cooperation may be beneficial for several reasons, including securing less serious outcomes, such as mitigation of financial penalties or other sanctions; entry into a deferred prosecution agreement (DPA); and the authorities not taking enforcement action. It may also enable a corporate to retain some level of control over an investigation.
There is increasing pressure on corporates from the public, stakeholders and the government to act as good corporate citizens by cooperating with authorities. A decision to cooperate is, however, likely to result in additional burdens that go beyond what an authority can compel a corporate to do in relation to, for example, the provision of materials and information, the ceding of control over aspects of an investigation, and pre- and post-resolution compliance remediation and monitoring requirements.
If a corporate chooses not to cooperate, the authority will likely utilise available compulsory powers to progress its investigation, and the corporate may lose some of the credit and good will it would have gained by cooperating.
15.2.1 Corporates may avoid prosecution
A corporate’s cooperation is a factor that an authority may take into account when considering whether to enter into a DPA enabling it to avoid prosecution if it adheres to the DPA’s terms.
Generally speaking, the more serious the offence, the less likely a DPA (as opposed to prosecution) will be considered to be in the public interest. Nevertheless, in the Rolls-Royce DPA, the court acknowledged that, notwithstanding the gravity of the wrongdoing, on the right terms it was in the interests of justice to resolve the conduct with a DPA rather than a trial. The level of Rolls-Royce’s cooperation was key to this conclusion.
Legislative changes to the identification doctrine for corporates in the United Kingdom will expand the basis on which corporates can incur primary liability for criminal conduct in relation to a number of financial crimes. These changes are designed to expand the scope of the persons to whom the Serious Fraud Office (SFO) can attribute conduct to a corporate, thereby making it easier for corporates to be successfully prosecuted. This may increase a corporate’s appetite for cooperation, in the hope that prosecution can be avoided.
While DPAs are generally seen as preferable to a criminal conviction – allowing corporates to obtain a lower financial penalty and to avoid some of the reputational damage and the broader commercial implications a criminal conviction may entail – DPAs are also likely to entail additional obligations (e.g., future cooperation and self-reporting, compliance programme upgrades and assurance), which in some circumstances may include entities of the corporate group not directly involved in the wrongdoing.
15.2.2 Cooperation can lead to reduced penalties
If the misconduct is substantiated, corporates considered to have fully cooperated will receive a significant reduction in penalties. They may even avoid a penalty altogether if, for example, the nature of the conduct is considered minor or there is no public interest in prosecuting the corporate. Conversely, attempts to conceal misconduct may result in a more severe sentence.
The stage at which a corporate is deemed to have cooperated with the authority is likely to impact the level of any reduction in penalties. For example, in recent years, corporates entering into DPAs have benefited from a 50 per cent discount in the fine to reflect the level of cooperation. In contrast, in G4S Care and Justice Services (UK) Ltd, the fine reflected a 40 per cent discount, with the judge finding that the corporate’s cooperation was ‘less than full . . . until a relatively late stage’ and was not ‘exemplary’ until over four years after reporting to the SFO, at which point ‘co-operation intensified very significantly’.
Certain regulated persons may be required to cooperate with the authorities; nevertheless, proactive cooperation can still lead to reduced penalties, including non-pursuit of enforcement action, reduced charges or lighter sanctions. The Enforcement Guide of the Financial Conduct Authority (FCA) makes clear that if agreement is reached at an early stage, the settlement discount scheme allows a reduction in the financial penalty or a period of suspension, restriction or condition that would otherwise be imposed. Conversely, there is a potential to receive an increased penalty, in the regulated sector, if a corporate is not perceived to have met the requirements for cooperation.
15.2.3 Control in the investigative process
Few corporates will take lightly the financial implications of a prolonged investigation, or the time management and business interruption it entails, nor can corporates afford to be dismissive of the effects of a drawn-out process on employee morale. For many, gaining clarity and certainty and being able to focus on day-to-day business will be an absolute priority. By cooperating from an early stage, corporates may have some control over what, if any, admissions are made and the public narrative presented by the relevant authority.
While a corporate will not dictate the schedule or priorities of the investigating authority, it may help ensure that the investigation progresses promptly and efficiently (e.g., by bringing key evidence to the authority’s attention and providing it with relevant industry information), ensuring an outcome at the earliest possible opportunity.
15.2.4 External pressures
As well as increased public expectations of good corporate conduct, there may also be considerable stakeholder pressure to cooperate. Further, corporates may have to consider ongoing relationships with investigating authorities in the context of previous enforcement proceedings or if the corporate is in an industry that faces heavy regulatory scrutiny. The desire of the corporate to be, and be seen to be, a good corporate citizen can also play into the decision to cooperate.
An example of these external pressures being considered when granting a DPA can be seen in obiter comments by the judge considering the Amec Foster Wheeler Energy Limited (Amec Foster Wheeler) DPA. The judge noted that self-reporting is ‘a matter of ethical corporate governance’ and there is a ‘moral duty on all citizens in this respect which extends at least equally to corporations’. This judgment was the first in which a judge considered that a DPA articulated a moral standard for self-reporting separate from any legal requirements and outside the context of penalty reduction.
15.2.5 Regulatory requirements
In addition to the requirement to cooperate for entities in certain regulated sectors, corporates should consider that misconduct may come to the attention of the SFO or other authorities via third parties. This may be through whistleblower reports or media leaks, or under regulatory requirements on certain regulated third parties to report (e.g., the Proceeds of Crime Act).
15.2.6 Multi-agency and cross-border investigations
Corporates must be cognisant of the potential involvement of authorities across multiple jurisdictions. Authorities in different jurisdictions may take a very different view on how an internal investigation is conducted and what cooperation means. This is particularly important as cooperation between authorities (domestic and international) increases, with authorities cooperating in various ways (e.g., through informal channels of communication, information gateways and memoranda of understanding).
Corporates should assume that authorities share, or will share, information and materials and are likely to obtain evidence from multiple sources, not just from the corporates themselves. Accordingly, a coherent strategy should be formulated from the outset, considering all relevant jurisdictions when deciding whether to cooperate and what it entails. For example, they should consider (1) what enquiries or internal investigations should be conducted, (2) which authorities are likely to be more influential or proactive, (3) whether a consistent approach should be taken in relation to explanations, documents and privilege and (4) if entering settlement discussions, whether it would be beneficial or possible to engage with all authorities at the same time.
Corporates may find it sensible to engage in an open and pragmatic dialogue with each authority and be proactive in encouraging the authorities to take the same approach with each other whenever possible, to avoid duplication of work (and consequential resource implications for the corporate) and ensuring consistency of approach. Ultimately, if more than one agency has a legitimate basis on which to enforce, it is usually preferable to bring the matter to a combined resolution.
15.2.7 Considerations prior to cooperation
While the decision to cooperate and the extent to which it would be beneficial is complex and fact-specific, fulsome cooperation with an authority is often time- and cost-intensive and requires significant commitment, potentially over a protracted period; continual and genuine assistance; prompt self-reporting; and access to hard-copy materials, electronic data and potential witnesses. It may also reduce the amount of control a corporate has over the process (e.g., the authorities may want to conduct any first witness interviews themselves).
Multiple agencies with differing requests may be involved, and, in some cases, costly obligations may last beyond the conclusion of an investigation (e.g., compliance monitoring obligations imposed under a DPA or a requirement to cooperate with the prosecution of individuals).
A key factor that will determine a corporate’s appetite for cooperation is whether it is a victim, witness or subject of the investigation and whether this is likely to change during the investigation. If, for example, the corporate is a witness, it may be subject to compulsory requests, such as compelled requests for information. While proactive cooperation may enhance its relationship with its regulator or enforcement body, and be consistent with its corporate governance values, a corporate may have good reason to be circumspect in dealings with the authorities in an investigation. This may be so when a corporate witness has an ongoing commercial relationship with the corporate suspect (e.g., an auditor–client relationship), requiring the witness to consider its obligations to the client and the potential legal exposure resulting from disclosure.
If a corporate does not consider there to be a strong case against it, or if the authority faces challenging jurisdictional issues, it might decide not to cooperate, requiring the authority to prove its case using its compulsory powers, or subjecting the authority to challenge where appropriate.
15.3 What does corporate cooperation mean in the United Kingdom?
Authorities have declined to be prescriptive or exhaustive as to what cooperation means. Although an increasing body of publicly available statements, guidance and precedent enforcement actions provide greater guidance as to what might constitute cooperation, the precise requirements for each matter vary case by case, and no authority has produced a comprehensive checklist of matters needed for it to deem cooperation sufficient. Nevertheless, a number of general themes are relevant across the UK enforcement landscape.
15.3.1 Genuine and ongoing cooperation
Authorities expect cooperation to be genuine, proactive and continual. When a resolution of an investigation is under consideration, cooperation is a dominant public interest factor against prosecution. Considerable weight is given to a ‘genuinely proactive approach’ by a corporate that becomes aware of potential misconduct. Public interest will be a focus of the court in its assessment of a proposed DPA.
Cooperation will be considered in the context of the corporate’s general attitude and approach to an investigation. Corporates that make incorrect or unsubstantiated arguments about the underlying nature of the misconduct risk being deemed uncooperative, while those that fully cooperate can earn significant leniency in terms of the eventual disposal of a matter.
The SFO, the FCA and the Office of Financial Sanctions Implementation (OFSI), among other authorities, have indicated that a corporate should self-report as promptly as possible to be considered to be cooperating. How early it does so is a factor the authorities consider when deciding how to handle the matter.
The authorities generally do not expect corporates to report all allegations of criminal behaviour as soon as they become aware of them, so a balance needs to be struck. Allegations must be considered and verified to a certain extent before any self-reporting. The level of investigation required to ‘verify’ wrongdoing is undefined and may entail a difficult judgement call for the corporate and its advisers.
When assessing whether a self-report was voluntary and complete, the authorities consider the information provided and the time at which the corporate came forward. Generally, disclosure will not be considered voluntary if the authorities already have the required documents or the corporate knows an investigation is imminent. Companies should therefore consider the following factors if they wish to maximise their cooperative stance:
- Where possible, the alleged criminal conduct should be reported to the authorities before it otherwise becomes aware of it. A corporate should consider the possibility of whistleblowers and be aware of reports to other authorities in the United Kingdom or overseas.
- The corporate is entitled to conduct an initial assessment of the allegation. As soon as reasonable grounds to suspect wrongdoing are identified, there is an expectation that these will be flagged.
- The extent to which a corporate involves the prosecutor in the early stages of an investigation is a relevant factor in assessing cooperation.
The rest of this section summarises the approach to cooperation taken by the primary UK enforcement authorities: the SFO, the FCA and OFSI.
126.96.36.199 Serious Fraud Office
In August 2019, the SFO published an extract of its operational handbook, providing guidance to SFO personnel on how to assess corporate cooperation (the SFO Guidance). The SFO Guidance lists various ‘indicators of good practice’ that the SFO may consider when assessing whether a corporate has been genuinely cooperative. The list is neither exhaustive nor prescriptive: the SFO makes clear that each case will turn on its own facts and circumstances.
Although reference is made throughout the SFO Guidance to the DPA Code of Practice, cooperation need not automatically lead to a DPA. A corporate subject to criminal prosecution by the SFO may cooperate with the SFO’s investigation and proceedings and, if convicted, may receive a corresponding reduction in the penalty pursuant to the relevant Sentencing Council guidelines. On the other hand, considering the public interest test that traverses criminal investigations in the United Kingdom, a DPA would not be offered or approved by the courts if the corporate had not cooperated.
Genuine, proactive and ongoing cooperation
The SFO expects cooperation to be genuine, proactive and ongoing in each component of cooperation (i.e., self-reporting, investigation governance, preservation and provision of documents, facilitation of access to witnesses and questions of privilege).
In general, whether a corporate has been genuinely cooperative is a question of fact. For example, the court heavily criticised Sweett Group’s conduct for attempting to ‘divert the attention of the SFO away from further enquiry of the contract’ under scrutiny by attempting to obtain a letter characterising the offending payment its subsidiaries had made as a legal finder’s fee under United Arab Emirates law. On the other hand, in Rolls-Royce, the court approved a DPA with a 50 per cent discount to the monetary penalty that would otherwise have been required. This represented the one-third discount that is usually available for an early guilty plea plus an additional 16.7 per cent discount in recognition of Rolls-Royce’s ‘extraordinary co-operation’. The SFO has since agreed to a similar discount in several DPAs where it considered the level of genuine cooperation warranted it.
For cooperation credit to be acknowledged, the SFO will expect genuine and continual cooperation throughout the investigation. Cherry-picking components of cooperation or ceasing to genuinely cooperate with the SFO at any point will undermine a corporate’s claim to having cooperated fully and jeopardise the benefits derived from cooperation.
A key expectation for cooperation is that a corporate self-report its misconduct to the SFO within a reasonable time of the suspicions of misconduct coming to light. Authorities will consider whether the report was voluntary and complete. Disclosure is generally not considered voluntary if the authorities have already requested documents or the corporate is aware that an investigation is imminent. The SFO maintains dedicated corporate self-reporting guidance, which notes that self-reporting may be taken into account as a public interest factor tending against prosecution if it forms part of a ‘genuinely proactive approach adopted by the corporate management team when the offending is brought to their notice’.
Although the failure to self-report does not bar DPA negotiations, it is considered when assessing whether a DPA is in the public interest. In the absence of self-reporting, a corporate is likely to need to demonstrate significantly more subsequent cooperation to earn a comparable degree of leniency. In Rolls-Royce, no self-report was made at the outset, but ‘extraordinary’ cooperation was offered during the investigation, resulting in the SFO and the court giving the same degree of leniency in the DPA as if Rolls-Royce had self-reported.
Timing is important when assessing whether a report is considered for cooperation credit. A balance must be struck between acting proactively following discovery of the allegations and formation of a reasonable understanding of the scope and seriousness of the alleged misconduct. The exact time frame for reporting is case-specific: in Standard Bank, the alleged misconduct was reported ‘within a matter of days of it coming to its attention’, and in Sarclad, after becoming aware of concerns, the company took immediate action by retaining a law firm to undertake an internal investigation and a self-report followed six weeks later – promptness that was commended by the court.
Reporting too quickly may be damaging for a corporate, which will have an interest in ensuring that it is not needlessly self-reporting and opening itself up to protracted, intrusive and costly enquiries from an authority. Further, for certain authorities, including the SFO, reporting wrongdoing but failing to verify it or believing it is inaccurate or incomplete is a factor in favour of prosecution or higher sanctions. The extent and level of investigation required to verify the allegations remains a judgement call for the corporate and its advisers.
Internal investigation governance
The SFO expects genuine and constructive cooperation following a self-report, meaning any internal investigation should be approved by, and done in cooperation with, the SFO. It is likely the SFO will want to have a reasonable degree of involvement in the early stages of an internal investigation. For example, it expects to be able to discuss work plans, timetabling, interviewing and actions regarding personnel and to give directions (e.g., relating to data capture and processing) and ‘other overt steps’. The SFO will expect a corporate seeking a DPA to provide a copy of any internal investigation report, including source documents.
Preserving and providing evidence
The SFO Guidance focuses on preserving and providing evidence, with several factors listed as potential indicators of good practice. In light of recent high-profile court cases collapsing because of disclosure failures, it is likely that the preparation and provision of documents, and related methodology considerations, will remain a key area of focus where the corporate’s shortcomings may significantly devalue any cooperation credit.
The SFO has expressed particular concern regarding the proper preservation of relevant digital data. For example, the SFO Guidance advises companies to ensure that the digital integrity of material is preserved to identify the reasons for any data loss, deletion or destruction, and to create and maintain an audit trail on the acquisition and handling of data.
Preserving the integrity of data (and its collection) may require significant and proactive effort. Companies may consider evaluating, before any investigation, their existing data sources and how they are stored and accessed, and whether historical data (especially message-based systems, which are an increasingly important source of potential evidence) are retained and could be retrieved if needed. For example, Standard Bank provided documents from email servers held in Africa, inboxes, hard drives and shared drives, paper files, CCTV images and recordings of telephone calls: this material would otherwise have been inaccessible to the SFO without the deployment of various compelled notices and engagement with international authorities and, even then, the SFO may not have been able to obtain everything Standard Bank willingly disclosed.
The SFO Guidance also provides that cooperation may involve providing material from overseas when it is in the organisation’s possession or control, and identifying and facilitating access to data held by third parties. This again demonstrates the SFO’s expectation that cooperation should go ‘above and beyond what is required by law’, given that its compulsory powers may not extend to all such material. A particularly difficult situation to manage is the request for or provision of potentially personal data, such as from personal messaging and social media platforms. This can raise difficult and conflicting legal questions.
Finally, regarding the provision of information, the SFO has emphasised the importance of holding individuals accountable for criminal behaviour. The SFO Guidance repeats this overarching objective and articulates an expectation that a cooperative corporate assist the SFO in identifying documents or information capable of assisting a potential accused or undermining the case for the prosecution (typically called ‘exculpatory material’).
Facilitating access to witnesses
The SFO has expressed particular concern regarding ‘first accounts’ from witnesses being free from prejudice. A witness’s first account is crucial, and the circumstances in which it is obtained can be critical to the credibility and efficacy of the evidence in a trial. Discrepancies between a first account and subsequent testimony, or being unable to demonstrate consistency (i.e., if the prosecutor cannot produce a first account), can undermine the prosecution case.
As such, the SFO places particular significance on obtaining first access to witnesses or to notes or summaries of first accounts. It may expect corporates not to interview witnesses before consulting it, or may request that a corporate not interview potential witnesses before a compelled interview has been carried out or a witness statement obtained. When a corporate is able to interview witnesses, the SFO may wish to have a say in how the interview is carried out and to receive copies of any work-product generated following each interview.
The SFO expects cooperating corporates to make employees and (when possible) third parties available for SFO interviews, including arranging for them to return to the United Kingdom if necessary and to the extent that they are able to do so.
Witness accounts and waiving privilege
In recent years, the authorities, especially the SFO, have focused on the legal professional privilege often applying to communications generated during an investigation, particularly in relation to notes of witness accounts. This focus is underpinned by the SFO’s desire to ensure that it has obtained all relevant information to which it is entitled and that it is able to discharge its disclosure obligations during any prosecution of individuals. The SFO has made clear that it considers as a ‘significant mark of cooperation a company’s decision’ to waive privilege over notes of witness interviews. Rolls-Royce received credit for voluntarily disclosing, with limited waiver of privilege, memoranda from more than 200 interviews conducted in its internal investigation. Standard Bank and Sarclad, on the other hand, are understood not to have provided notes (or referred to first-account witness interviews) in their internal investigation reports to avoid waiving privilege, instead providing oral summaries.
The decision in R(AL) v. SFO demonstrates the difficulties that this approach can create. The court made plain its view that the SFO had not complied with its duty, as a prosecuting authority, to take further steps to obtain witness interview notes from the company’s investigation so that they could be disclosed in the criminal proceedings against individual employees in accordance with the individual defendant’s right to a fair trial under Article 6 of the European Convention on Human Rights. The SFO was required to ‘assess claims for privilege properly and not cursorily and superficially’.
Maintaining a proper assertion of privilege should be a ‘neutral’ factor as far as obtaining credit for cooperation is concerned, and the DPA Code of Practice recognises that nothing in the DPA process alters the fact that privilege is a fundamental right; however, the SFO Guidance (published after the cases above) signals the SFO’s preference for corporates to waive privilege over witness accounts such that it is in a position to discharge its disclosure obligations to prospective individual defendants.
While the SFO Guidance states that failure to waive privilege would not satisfy the corresponding factor against prosecution in the DPA Code of Practice (i.e., there would be no ‘positive’ cooperation credit), such a failure ‘will not be penalised by the SFO’. That said, it is not yet clear whether the SFO will expect such companies to work harder in other areas to make up for the lack of credit they would otherwise have received.
The SFO Guidance establishes two procedural expectations for corporates seeking to assert privilege: first, they should provide certification by independent counsel supporting any claim of privilege; and, second, they should provide ‘privilege logs’ itemising each document withheld and the basis on which each is privileged. Although time-consuming and expensive, these procedures may signal that, if the steps are followed, there is a clearer path for a corporate to assert privilege while maintaining a cooperative stance. It also underscores the need to appropriately consider privilege in internal investigations from the outset.
For corporates seeking credit for cooperation by waiving privilege over witness accounts, the SFO Guidance makes clear that they should provide any recordings, notes and transcripts of witness interviews and identify a witness competent to speak about the content of each interview.
188.8.131.52 Financial Conduct Authority
Many of the considerations relevant to the SFO are also relevant to a corporate seeking to cooperate with the FCA. The FCA Handbook Enforcement Guide (the Enforcement Guide) contains a dedicated, if brief, section on cooperation. Considering recent enforcement actions and public statements by the FCA, the below discusses some of the considerations relevant to FCA investigations.
Genuine and ongoing cooperation
A key overarching principle relevant to the FCA’s decision-making is whether a corporate has genuinely cooperated in its investigation. There are some key differences between the SFO’s and the FCA’s regimes. Most notably, the FCA is both a regulatory and an enforcement authority.
The Enforcement Guide notes that the FCA takes into account a corporate’s engagement with the FCA both before and during the investigation: if the authorised firm under investigation has historically engaged with the FCA openly and constructively, the FCA may take this into account. Historical cooperation, however, will not excuse an absence of full cooperation during the investigation itself.
The Enforcement Guide states that a relevant factor when considering whether a firm has cooperated is whether it self-reported the alleged misconduct to the FCA. An FCA-regulated business may be required to self-report to the FCA sooner than to other authorities owing to mandatory anti-money laundering reporting requirements.
Further, FCA-regulated companies must consider whether their obligation to disclose anything it would reasonably expect notice of applies and how the disclosure may impact the company’s stance on cooperation with other law enforcement authorities.
Internal investigation governance
The Enforcement Guide recognises that there may be good reasons for a firm to conduct its own internal investigation; however, although a firm is not obliged to share the report of its findings (which may typically take the form of a privileged document prepared by external counsel), the voluntary provision of a report, whether privileged or not, ‘is welcomed by the FCA and is something the FCA may take into account when deciding what action to take, if any’.
The Guide invites corporates to consider whether to discuss the scope of the report (and the investigation itself) with the FCA in circumstances in which (1) it has informed the FCA of an issue of potential regulatory concern or (2) the FCA has indicated that an issue or concern has resulted or may result in a referral to the FCA. A corporate will need to weigh the facts and circumstances to determine whether, and at what point, it will engage with the FCA with respect to its internal investigation and subsequent report.
In respect of the regulated sector, the FCA has highlighted the importance of sharing privileged information generated during internal investigations for firms to be considered cooperative, recognising ‘the needs and the rights of firms to claim and protect their rights to legal privilege where appropriate’ but stressing that ‘it should be possible to strike the right balance’ and share appropriate documents with the FCA. This position was reiterated in strong terms in a recent speech by the co-head of enforcement, Therese Chambers.
Legitimate claims over privilege could not reasonably be held to constitute ‘aggressive diversionary tactics’; however, the FCA appears to be signalling that over-inclusive blanket claims to privilege, when certain documents may not, in fact, be privileged, will be considered diversionary and non-cooperative behaviour and may be subject to challenge. This underscores the need to ensure that claims to privilege are robust.
Unlike other authorities, for which compliance remediation may be part of a resolution, the FCA Enforcement Guide states that the remediation of systems and controls can be a relevant consideration as to the enforcement action the FCA may take. This, again, reflects the dual regulatory and enforcement role of the FCA with respect to its regulated firms.
184.108.40.206 Office of Financial Sanctions Implementation
OFSI may impose potentially significant monetary penalties on companies and individuals for breaches of financial sanctions laws. It has published enforcement guidance (the OFSI Guidance) that states that it ‘values co-operation throughout its investigations’.
The OFSI Guidance focuses on OFSI’s expectations regarding reporting. Specifically, it expects breaches of financial sanctions to be disclosed ‘as soon as reasonably practicable after discovery’: while a corporate may ‘take some time to assess the nature and extent of the breach, or seek legal advice, this should not delay an effective response to the breach’, and it is better to contact OFSI ‘early’, suggesting a corporate ‘could make an early disclosure with partial information on the basis that it is still working out the facts and will make a further disclosure as soon as possible’.
OFSI states that it may still give cooperation credit in circumstances in which the corporate was not the first to voluntarily report the activity (provided the person was not prompted to disclose because OFSI or another agency was already investigating the matter). Further, even if a corporate failed to voluntarily disclose the potential breach, subsequent cooperation may result in credit being granted to the defendant.  That said, OFSI’s recent enforcement action against Hong Kong International Wine and Spirits Competition Ltd noted that the defendant had ‘made materially complete disclosures and fully cooperated with OFSI throughout its investigation’, yet ‘did not make a voluntary disclosure . . . and therefore a penalty reduction discount was not applied’. This suggests that OFSI ascribes significant cooperation credit on the initial and prompt self-disclosure.
15.4 What are the possible outcomes and implications of cooperation?
Cooperation – even full cooperation – does not guarantee any particular outcome, and no checklist exists that can cover every case. Cooperation can result in a corporate securing a less serious outcome, such as reduced financial penalties or other sanctions, a DPA rather than a criminal prosecution or a decision by the authorities to take no enforcement action. There are also other possible outcomes and consequential implications of cooperation, which are discussed further in this section.
15.4.1 Compliance and remediation
Authorities have been focusing increasingly on corporates’ compliance programmes. For example, the SFO considers the quality of a compliance programme to be relevant to whether a prosecution is in the public interest, whether the corporate should be invited into DPA negotiations and what the terms of the DPA should include. A corporate’s compliance programme (as at the time of the alleged misconduct) is also relevant to whether it has an ‘adequate procedures’ defence under section 7 of the UK Bribery Act 2010 of failing to prevent bribery or a ‘reasonable prevention procedures’ defence to a charge of failing to prevent the facilitation of tax evasion under the Criminal Finances Act 2017. It is also relevant to sentencing. The ICO has similarly highlighted the importance of adequate compliance programmes.
A corporate should therefore expect that in cooperating with the SFO (and probably other authorities), it will need to be prepared to commit significant resources to explaining (both at the time of the alleged misconduct and currently) and enhancing its compliance environment.
15.4.2 Monitoring and reporting
In connection with compliance and remediation, as part of a resolution, the relevant authority might also agree to detailed ongoing monitoring or reporting requirements to ensure future compliance. This may take the form of providing reports and plans to the SFO to demonstrate ongoing compliance and reform or the imposition of a compliance monitor or external reviewer. Such arrangements can be both time-consuming and costly for the corporate throughout the period to which it is subject to the obligations.
15.4.3 Ongoing cooperation
As part of any resolution, particularly in the case of a DPA, a corporate may be subject to onerous ongoing cooperation requirements. This can include an obligation on the corporate, for the duration of the DPA, to (1) retain material (often at significant expense), (2) cooperate with any related investigations into, and prosecutions of, individuals, (3) cooperate with other SFO investigations, and (4) report misconduct to the SFO.
15.4.4 Changes in personnel
Recent DPAs have focused on a change in a corporate’s cultural framework. This is an important factor when considering whether a DPA is appropriate and features heavily in external communications about DPAs from senior SFO personnel. In practice, this means the SFO will consider whether corporate leadership is the same as at the time of the misconduct and whether responsible individuals have been appropriately held to account. This informs the SFO’s degree of confidence that the misconduct will not be repeated.
In Amec Foster Wheeler, cultural change resulted in a meaningful reduction of the fine. The court stated that the DPA would not have been approved if the criminal activity were not so remote from the corporate in its present form. This emphasis on a change in culture continues a thread introduced in Sarclad.
Corporates are increasingly expected to cooperate fully with the authorities. The DPAs that corporates have entered into with the SFO demonstrate this expectation, but this behaviour is increasingly expected from regulators and enforcement bodies across the spectrum. Many of the factors and considerations explored in this chapter are relevant to any corporate facing a potential enforcement action in the United Kingdom. While the authorities considered above focus on financial misconduct, similar principles may apply to authorities investigating non-financial corporate misconduct.
From the corporate perspective, there are many potential benefits to cooperating fully with authorities; however, with a requirement to provide significant and multifaceted commitment at every stage of an investigation and the fact that authorities can sometimes make unreasonable or unrealistic demands, cooperation can present its own challenges.
 Marcus Thompson, Shruti Chandhok and Patrick Navein are partners, and Jack Davies, Georgia Cooper-Dervan and Harry Brignal are associates, at Kirkland & Ellis International LLP. The authors wish to acknowledge the contributions of Matthew Bruce, Ali Kirby-Harris, Ben Morgan and Ali Sallaway for their contributions to previous editions of this chapter.
 Serious Fraud Office (SFO) Operational Handbook, Corporate Co-operation Guidance, www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/corporate-co-operation-guidance (SFO Guidance).
 Deferred Prosecution Agreements (DPA) Code of Practice, Code of Practice, para. 2.8.2.
 Serious Fraud Office v. Rolls-Royce, Approved Judgment, Case No. U20170036  Lloyd’s Rep FC 249 (Rolls-Royce), paras. 61–64.
 Economic Crime and Corporate Transparency Act 2023.
 See, e.g., Sentencing Council, Fraud, Bribery and Money Laundering Offences: Definitive Guideline (1 Oct. 2014), p. 50, www.sentencingcouncil.org.uk/wp-content/uploads/Fraud-Bribery-and-Money-Laundering-offences-definitive-guideline-Web.pdf.
 Serious Fraud Office v. G4S Care and Justice Services (UK) Limited, Case No. U20201392  7 WLUK 303.
 ibid., para. 26,
 ibid., para. 23, 40.
 See, e.g., Financial Conduct Authority (FCA) Handbook, Principle 11.
 ibid., EG 2.1.4.
 Director of the Serious Fraud Office v. Amec Foster Wheeler Energy Limited  (Amec Foster Wheeler), paras. 19–20.
 See disciplinary appeal court decision in The Hague, Case No. 220240D, ECLI:NL:TAHVD:2023:59 (2 June 2023), which restricted defence counsel’s ability to conduct an internal investigation, the findings of which would not be considered independent.
 For instance, the FCA considers relevant a firm’s pattern of cooperation both in the period leading up to the investigation and during the investigation itself. See also FCA Handbook, EG 2.12.1. The Competition and Markets Authority (CMA) similarly requires continuous and complete cooperation, as well as refrainment from further participation in cartel activities (see ‘Leniency and no-action applications in cartel cases: OFT1495’, www.gov.uk/government/publications/leniency-and-no-action-applications-in-cartel-cases; ‘Applications for leniency and no-action in cartel case’, OFT (July 2013), www.gov.uk/government/uploads/system/uploads/attachment_data/file/284417/OFT1495.pdf).
 DPA Code of Practice, para. 2.8.2(i); FCA Handbook, EG 2.12.1.
 Other authorities have similarly stressed the importance of corporate cooperation by the entities they are investigating, including the Information Commissioner’s Office (ICO), which can impose fines for data protection breaches. ICO, Regulatory Action Policy, p. 24, www.ico.org.uk/media/about-the-ico/documents/2259467/regulatory-action-policy.pdf; FCA Handbook, EG 2.12.
 See, e.g., ‘OFSI enforcement and monetary penalties for breaches of financial sanctions’ guidance (31 Aug. 2023), para. 3.44 (OFSI guidance). For example, OFSI reduced the fine imposed on Standard Chartered Bank for breaches of financial sanctions by 30 per cent in light of the bank’s voluntary disclosure: OFSI, Imposition of Monetary Penalty – Standard Chartered Bank, https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/876971/200331_-_SCB_Penalty_Report.pdf. For the ICO’s position, see ICO, Regulatory Action Policy, p. 24. For the FCA’s position, see the FCA Handbook, EG 2.12.1.
 DPA Code of Practice, para. 2.9.2.
 For the SFO’s position, see a speech by Lisa Osofsky, SFO Director, at the Royal United Services Institute in London (3 Apr. 2019), www.sfo.gov.uk/2019/04/03/fighting-fraud-and-corruption-in-a-shrinking-world (Osofsky speech). The FCA ‘expect firms to be able to judge how serious a problem is and where it falls on a continuum between urgent notification and potentially no need to tell us at all’ (speech by Jamie Symington, Director in Enforcement, at the Pinsent Masons Regulatory Conference 2015 (5 Nov. 2015), www.fca.org.uk/news/speeches/internal-investigations-firms (Symington speech)). OFSI notes that breaches should be disclosed ‘as soon as reasonably practicable after discovery’ and that ‘it is reasonable for a person to take some time to assess the nature and extent of the breach, or seek legal advice’ (OFSI guidance, para. 3.44).
 SFO prosecutors must consider ‘the totality of the information that the Company has provided, the extent to which the offending was previously known, if at all, to the SFO, and the extent to which the Company is providing it voluntarily, that is without the threat of imminent disclosure by a third party or compulsion’ (SFO, ‘Deferred Prosecution Agreements’, www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/deferred-prosecution-agreements). OFSI ‘will consider the facts and timing of each disclosure individually’ but does not consider disclosure to be voluntary if it comes after it or other regulators have used their powers to compel disclosure of information or if ‘the person has been prompted to disclose the facts because OFSI is assessing a case’ (OFSI guidance, para. 3.36).
 DPA Code of Practice; see, e.g., Osofsky speech; OFSI guidance, para. 3.32.
 See DPA Code of Practice, para. 2.9.2. For example, in the Standard Bank case, the alleged misconduct was reported ‘within a matter of days of it coming to its attention’ (Serious Fraud Office v. Standard Bank plc, Statement of Facts prepared pursuant to para. 6(1) of Schedule 17 to the Crime and Courts Act 2013 (Standard Bank, Statement of Facts), para. 4). The court noted that considerable weight was to be attached to the swift and proactive self-reporting (Serious Fraud Office v. Standard Bank plc, Approved Judgment, Case No. U20150854  Lloyd’s Rep FC 102 (Standard Bank, Approved Judgment), para. 27). In Sarclad, after unearthing concerns, Sarclad took immediate action by retaining a law firm to undertake an independent internal investigation and a self-report came six weeks later. The court commended this promptness and cooperation (Serious Fraud Office v. Sarclad Ltd, Approved Judgment, Case No. U20150856  7 WLUK 220;  Lloyd’s Rep FC 509 (Sarclad), para. 11).
 Certain other authorities also operate a leniency regime for self-reporting, including the CMA and the ICO. The ICO states that failure to cooperate is an aggravating factor when assessing penalties. For the CMA, see ‘Leniency and no-action applications in cartel cases: OFT1495’ and ‘Applications for leniency and no-action in cartel case’, OFT (July 2013). For the ICO, see ICO, Regulatory Action Policy, pp. 24 and 28, www.ico.org.uk/media/about-the-ico/documents/2259467/regulatory-action-policy.pdf. An example of the ICO’s tough approach is the £400,000 fine and criminal penalty handed to Keurboom Communications after Keurboom failed to comply with an information notice regarding a breach of the Privacy and Electronic Communication Regulations (ICO Monetary Penalty Notice to Keurboom Communications Ltd, www.co.org.uk/media/action-weve-taken/enforcement-notices/2014013/mpn-keurboom-ltd-20170503.pdf).
 SFO Guidance.
 R v. Sweett Group (19 Feb. 2016) (unreported), Sentencing Remarks.
 Rolls-Royce, para. 19.
 See footnote 19.
 SFO, ‘Corporate self-reporting’, www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/corporate-self-reporting.
 DPA Code of Practice, paras. 2.8.1 and 2.9.
 See footnote 18.
 DPA Code of Practice, para. 2.9.2. For example, in Standard Bank, the alleged misconduct was reported ‘within a matter of days of it coming to its attention’ (Standard Bank, Statement of Facts, para. 4). The court noted that considerable weight was to be attached to the swift and proactive self-reporting (Standard Bank, Approved Judgment, para. 27). In Sarclad, after unearthing concerns, Sarclad took immediate action by retaining a law firm to undertake an independent internal investigation and a self-report came six weeks later. The court commended this promptness and cooperation (Sarclad, para. 11).
 DPA Code of Practice, para. 2.8.1(vi).
 For the SFO, see DPA Code of Practice, para. 2.9.2. For the FCA, see Symington speech and Speech by Therese Chambers, Joint Executive Director of Enforcement and Market Oversight, FCA, at the City & Financial FCA Investigations and Enforcement Summit (1 June 2023), www.fca.org.uk/news/speeches/do-right-thing.
 For the SFO, see DPA Code of Practice, para. 2.9.2, and SFO Guidance. For the FCA, see Symington speech.
 DPA Code of Practice. For the FCA, see, e.g., FCA Handbook, EG 3.11.
 Where providing data voluntarily to the SFO or when dealing with overseas data, a corporate will have to consider the applicable data privacy laws and take steps accordingly. This may involve proactive and early engagement with the SFO on any potential limitations to the corporate’s ability to provide the SFO with the expected data.
 Standard Bank, Statement of Facts, para. 4. Similarly, Sarclad identified and provided relevant information, such as email caches, that extended the investigation beyond the SFO’s original scope (Sarclad). Rolls-Royce agreed to provide the SFO with unfiltered access to its records – some 30 million documents – and permitted the SFO to conduct its own digital review to identify potentially privileged documents (Rolls-Royce). Similarly, Airbus collected more than 30 million documents and assisted in the prioritisation of documents (Serious Fraud Office v. Airbus, Approved Judgment, Case No. U20200108  1 WLUK 435, para. 74).
 DPA Code of Practice, para. 2.9.3.
 SFO Guidance, Preserving and providing material, para. 6(i). Further, the court in Rolls-Royce, para. 20(i)) cited Rolls-Royce’s deferring of internal interviews until the SFO had first completed its interviews as evidence of their cooperation with the SFO.
 Speech by Alun Milford, then General Counsel, SFO, to an audience of compliance professionals at the European Compliance and Ethics Institute, Prague (29 Mar. 2016).
 Rolls-Royce, para. 20(ii).
 R(AL) v. SFO and others  EWHC 856 (Admin).
 There have been a number of high-profile decisions in relation to interview notes that have led to substantial development of this topic. For example, in RBS Rights Issue Litigation  EWHC 3161 (Ch), the High Court rejected claims of legal advice privilege over memoranda of employee interviews prepared by the bank’s lawyers, as ‘client’ was interpreted to cover only individuals authorised to seek and receive advice from the lawyers. The employees interviewed by the lawyers were therefore not considered to be clients of the bank’s lawyers. The FCA has also noted that the practice of reading out notes instead of providing written documents is ‘unhelpful and unwelcome’ (see Symington speech , supra note 19).
 DPA Code of Practice, para. 3.3.
 SFO Guidance.
 FCA Handbook, EG 2.12.1.
 FCA Principles for Businesses, Principle 11.
 FCA Handbook, EG 3.11.2.
 ibid., EG 3.11.4.
 Symington speech.
 Speech by Therese Chambers, Joint Executive Director of Enforcement and Market Oversight, FCA, at the City & Financial FCA Investigations and Enforcement Summit (1 June 2023), www.fca.org.uk/news/speeches/do-right-thing.
 OFSI guidance, para. 3.42.
 ibid., para. 3.44.
 ibid., para 3.47.
 OFSI guidance. For example, OFSI noted that TransferGo Limited, despite not offering voluntary disclosure, subsequently (during OFSI’s investigation) ‘fully cooperated with OFSI and promptly provided all information which was requested of it’ (OFSI, ‘Imposition of Monetary Penalty – TransferGo Limited’ (June 2021), https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1008859/050821_-_TransferGo_Penalty_Report.pdf).
 OFSI, ‘Imposition of Monetary Penalty – Hong Kong International Wine and Spirits Competition Ltd’ (2 Feb. 2022), https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1106745/Notice_of_Imposition_of_MP_-_HKIWSC.pdf.
 See, e.g., Rolls-Royce.
 SFO, ‘Evaluating a Compliance Programme’, p. 1, www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/evaluating-a-compliance-programme.
 For the ICO, a ‘wilful or negligent approach to compliance’ is an aggravating factor indicating that more serious regulatory action should be taken (ICO, Regulatory Action Policy, p. 11, www.ico.org.uk/media/about-the-ico/documents/2259467/regulatory-action-policy.pdf).
 See, e.g., Serious Fraud Office v. Rolls-Royce, Deferred Prosecution Agreement (17 Jan. 2017), para. 27.
 See, e.g., G4S, para. 35.
 Amec Foster Wheeler, para. 29.