United Kingdom: Whistleblowers and Self-Reporting
It is now generally accepted that a corporate is taking a significant risk if allegations that are made – by whistleblowers, by current or former employees, by auditors, by the media, or which emerge through other means – are not taken seriously and, usually, investigated. While an internal investigation may not lead to a self-report,1 the introduction in February 2014 of deferred prosecution agreements (DPAs) in the UK means that the incentive to investigate and potentially self-report has increased. Any US nexus for the company or the problem adds to the incentive to conduct an investigation and self-report if appropriate, so as to mitigate any penalty in due course, assuming the conduct merits prosecution.
The increasing role of whistleblowers in bringing potential misconduct to the attention of authorities can create a powerful incentive for companies to self-report wrongdoing – knowing that, if they do not, the authorities may receive the information from someone else. This certainly appears to be true in the US.2
In the US, under the Dodd-Frank Act, the US Securities and Exchange Commission (SEC) created an Office of the Whistleblower, which is able to provide rewards (ranging between 10 and 30 per cent of the money collected) to individuals who come forward with information that leads to a penalty of over US$1 million. As a result, the number of reports has increased by more than 20 per cent: in fiscal year 2016, the SEC received over 4,200 tips and issued awards totalling over US$57 million, including six of the 10 highest awards it has made to date.3 Other US regulators operate similar programmes.4 For example, the Commodities and Futures Trading Commission announced an award of over US$10 million to a whistleblower in April 2016, which remains its largest to date.5 The US Department of Justice has been piloting its own whistleblower programme in relation to Foreign Corrupt Practices Act enforcement cases.
In the UK, the Serious Fraud Office (SFO) launched a whistleblowing ‘hotline’ in 2011 – SFO Confidential – but only a small number of referrals were received through this channel, which was replaced by a new online reporting mechanism in January 2016.6 The UK’s Financial Conduct Authority (FCA) managed 1,014 intelligence cases involving whistleblower reports during the 2015/16 financial year, a number roughly approximate to preceding years.7 The FCA has previously indicated that it expects to see an increase in the proportion of reports that lead directly to enforcement action or other intervention, or that provide intelligence of significant value.8
Questions concerning how to deal with internal disclosures made by whistleblowers and, in those circumstances, whether, when and how to self-report matters to authorities are issues that frequently go hand in hand. The decisive and effective management of these issues can help to bring about a swift conclusion to damaging and disruptive action by investigating authorities, or pre-empt any such investigation. They typically involve balancing complex questions of fact and law – criminal, regulatory and employment.
In terms of self-reporting, DPAs underline the benefits that may potentially be derived from proactively self-reporting historic misconduct. Although the DPAs concluded to date in the UK, the first of which was approved in November 2015, have been held up by prosecution as models of how corporates should self-report and cooperate, some significant practical questions remain about what exactly corporations must do to benefit from these arrangements, and the limits of permissible challenge to the demands of prosecuting authorities.
This chapter examines how authorities are using and interpreting self-reporting and whistleblowing frameworks and identifies key considerations for corporate organisations and their advisers. Although many of the points made are equally applicable in other jurisdictions, it focuses primarily on the whistleblowing and self-reporting frameworks in place in the UK. The extraterritorial reach of several pieces of key legislation (most notably the Bribery Act 2010) and the comparatively aggressive stance of UK investigating and prosecuting authorities (principally the SFO) mean that developments there are of interest to corporate organisations operating around Europe and the Middle East, even if they are based, or undertake most of their activities, outside the UK.
The current legal landscape
Whistleblowing and self-reporting are both increasingly considered to be fundamental to the ‘culture’ of an organisation. Regulators and enforcement authorities remain preoccupied with promoting cultural change across organisations and businesses in the aftermath of the corporate scandals that have been headline news over recent years.
Authorities and regulators emphasise the importance of challenge; hand in hand with which are appropriate whistleblowing procedures, which employees are expected to be able to use without fear of reprisal.
The SEC has indicated that it has been told by US in-house lawyers, compliance professionals and law firms representing companies that since the implementation of the Whistleblower Programme, companies have reviewed and enhanced their internal compliance functions to further encourage employees to view internal reporting as an effective means to address potential wrongdoing without fear of reprisal or retaliation.9
In the UK, the FCA requires firms to adopt and maintain appropriate internal procedures that will encourage workers with concerns to blow the whistle internally about matters that are relevant to the functions of the FCA or Prudential Regulation Authority (PRA).10 Under rules that entered into force on 7 March 2016 and with which firms have been required to comply since 7 September 2016, the FCA and the PRA have required forms to formalise whistleblowing procedures.11 The principal aim of these rules is to ensure that all employees are encouraged to report suspected misconduct, confident that their concerns will be considered and that there will be no personal repercussions.In-scope firms are also required to allocate responsibility for whistleblowing under the Senior Managers Regime and Senior Insurance Managers Regime to a ‘whistleblowers’ champion’ (who is likely to be a non-executive director).12 The champion has responsibility for overseeing the effectiveness of internal whistleblowing arrangements, including arrangements for protecting whistleblowers against detrimental treatment, preparing an annual report to the board about their operation and reporting to the FCA where, in a case before an employment tribunal contested by the firm, the tribunal finds in favour of a whistleblower. These rules apply to banking and insurance sector firms,13 and apply as non-binding guidance to all other authorised firms. The government intends to extend the new regime to the wider financial services sector in 2018. Consequently, the important role of whistleblowers is only likely to increase.
Under section 348 of the Financial Services and Markets Act 2000, confidential information received by the FCA in the course of its statutory duties may prevent it from disclosing information to individual whistleblowers. Section 348 is unlikely to protect information generated by the FCA, or information that is already available in the public domain. The FCA, therefore, has an important role to play in deciding what information should properly be disclosed in relation to investigations.
Under the Bribery Act 2010 (under section 7 of which a relevant commercial organisation commits an offence where a person associated with it bribes another person intending to obtain or retain business or a business advantage for the organisation, unless it can show that it had in place adequate procedures to prevent such bribery), the Ministry of Justice’s statutory guidance on adequate procedures also recommends that companies have in place procedures for the reporting of bribery ‘including “speak up” or “whistleblowing” procedures’.14 There is no doubt that the effect of the adequate procedures defence under the Bribery Act 2010 has been to prompt many companies to adopt or enhance anti-corruption compliance programmes. In addition, in discussing self-reporting, the SFO has been keen to emphasise in its speeches the various avenues through which it may come to hear of alleged criminal conduct including ‘from whistleblowers and disgruntled business rivals. […] Any such source can give us, or more particularly the Director, reasonable grounds to suspect the commission of an offence involving serious fraud, bribery or corruption and, with it, the power to open a criminal investigation.’15
The DPA Code of Practice16 sets out public interest factors for and against prosecution, which, the Director of the SFO has stated, were designed to incentivise self-reporting and effective compliance controls and encourage corporates to demonstrate that they are ‘serious about behaving ethically’. Consistent with the emphasis on good corporate governance is the fact that a self-report, among other things, is relevant at later stages in the criminal justice process: sentencing guidelines on the sentencing of corporates introduced in October 2014 (to which courts have regard when determining financial penalties under DPAs) refer to a corporate’s culture as relevant to determining its sentence in the event of a conviction for bribery offences, among others, in the UK: a culture of wilful disregard for the commission of offences will lead to a corporate being placed at the most culpable end of the spectrum and facing the heaviest fines available.17 Further, the amended Public Contracts Regulations 2015 introduced on 26 February 2015 allow blacklisted companies to bid for public contracts if they prove, among other things, that they have ‘clarified the facts and circumstances in a comprehensive manner by actively collaborating with the investigating authorities’.18
For corporate organisations, the benefits of proactively bringing matters to the attention of enforcement authorities are potentially significant. While there can never be any guarantee that notifying issues to enforcement authorities will elicit a forgiving approach, where disclosures by whistleblowers or previously undiscovered documents reveal credible concerns, doing so will usually maximise the chances of forging as favourable an outcome as possible.
Arrangements for self-reporting are relatively well developed in the UK. In February 2014, the UK enshrined in statute arrangements enabling cooperating corporate organisations to enter into DPAs with prosecuting authorities.19 These arrangements allow for investigations to be concluded without an immediate prosecution provided the corporate organisation concerned abides by particular conditions, which will usually include the payment of a substantial fine and the implementation of remedial measures, sometimes including the potentially costly appointment of a monitor. Although the concept of DPAs originates from the US, the versions of these agreements introduced in the UK differ importantly from their US cousins. As amply demonstrated by developments in March 2016 in the US appeal courts, which confirmed the relatively limited role of judges in determining the contents of DPAs in the US,20 the principal difference is that even where prosecuting authorities are prepared to enter into negotiations and agree proposed terms, those terms require the approval of senior judges in the UK.
A developing line of concluded DPAs is providing increasingly clear indications of what is expected of corporate in terms of self-reporting and ongoing cooperation, and of the advantages potentially available to corporates in terms of securing enhanced discounts on financial penalties and drawing a line under historic misconduct. In November 2015, Sir Brian Leveson approved the first DPA to be concluded in the UK, agreed between Standard Bank and the SFO in respect of conduct that could have been prosecuted using the section 7 offence.21 Since then, three further DPAs have followed, with a company known as XYZ (whose identity will be made public upon the completion of other linked criminal proceedings) in July 2016,22 with Rolls-Royce PLC in January 201723 and with Tesco Stores Limited in April 2017. These have provided various indications of when the SFO and judges will consider that corporates have made approaches sufficiently expeditiously and demonstrated appropriately high levels of proactive assistance to the SFO. In doing so, they have echoed the DPA Code of Practice and public statements made by senior figures at the SFO, reinforcing that negotiated outcomes are most likely to follow where there is a short period of time between the discovery of the relevant conduct and it being reported to the SFO, the extent to which the SFO is allowed to influence the company’s internal investigation and access the material derived from that investigation.
Conversely, they have drawn attention to the prosecution of Sweett Group in 2016, also for the corporate offence of failure to prevent bribery under the section 7 offence, which followed swiftly after the conclusion of the first DPA as indications of its continuing ability and readiness to prosecute where it does not consider that corporates are sufficiently cooperative. Without commenting on specific cases, they have previously made clear that assertions of privilege that they regard as exaggerated or false and refusals to make available witnesses’ first accounts or to allow access to witnesses prior to interviews during internal investigations are unlikely to enable them to conclude that a corporate is acting sufficiently cooperatively for a negotiated outcome to be appropriate.24
In practice, whether it is realistic for a corporate to expect that an investigation will be resolved by way of a DPA remains highly fact sensitive. Cases, and in particular the DPAs concluded to date, do not yet provide definitive guidance to corporates as to how to approach discussions with the SFO having self-reported apparent historic misconduct. Although, for example, the SFO and the Court have been prepared to entertain DPAs in cases where a self-report has occurred where allegations of misconduct have already been in the public domain, in all cases so far that have led to DPAs, the corporates concerned have provided extremely high levels of cooperation. As more discussions and settlements follow, further clarity will be provided to corporates and their representatives as to the SFO’s (and the Court’s) expectations and as to where the dividing line lies in terms of raising challenges.
Although the UK criminal courts can in some (very rare) circumstances recognise cooperation by individuals with criminal investigations by granting immunity or imposing reduced sentences,25 there are no equivalent provisions enabling individuals to enter into such negotiated settlements with prosecuting authorities. Indeed, it is likely that prosecuting authorities will continue to make the provision of assistance by cooperating corporate organisations against individuals directly involved in misconduct a condition of entering into DPAs.
Protection for whistleblowers
So far as the whistleblowers themselves are concerned, as alluded to earlier, they are generally protected from reprisals. In the UK, whistleblowers are protected by statute. Specifically, the Public Interest Disclosure Act 1998 (PIDA 1998) gives workers making ‘protected disclosures’ the right to complain to an employment tribunal where they are dismissed or suffer any other type of detriment as a result of doing so.26 It also provides that clauses purporting to prevent workers from making ‘protected disclosures’ are void.27 However, this protection is not automatic. In contrast with arrangements in place in the US, disclosures made to parties other than the worker’s employer do not fall within this definition if they are made for the purposes of personal gain. In order to benefit from the protection of PIDA 1998, it is usually necessary for the worker to have sought to resolve the matter internally prior to making a disclosure to an external agency. Under the FCA and PRA’s rules, regulated firms’ whistleblowing arrangements must offer the same protections to any disclosures, including those that do not qualify as protected disclosures under PIDA.28
In other jurisdictions around Europe and the Middle East, although statutory protection for whistleblowers is in place to varying degrees, it is not as broad as that in place in the UK. Indeed, in some jurisdictions, the relatively rigid interpretation of EU data protection legislation or cultural mores have inhibited the development of whistleblowing frameworks and the extent to which they are used in practice. In some instances, disparities in the level of protection available to employees making disclosures have given rise to (hitherto unsuccessful) attempts by non-UK nationals employed under contracts governed by the laws of other jurisdictions to bring claims for unfair dismissal in the UK based upon whistleblowing disclosures.29
As noted above, the factors influencing whether or not a DPA may be considered appropriate were designed to incentivise self-reporting. However, in the DPA Code of Practice and the SFO’s public pronouncements concerning the circumstances in which DPAs will be considered appropriate, the SFO has sought to perform a delicate balancing act. It remains keen to encourage corporate organisations to come to it voluntarily with details of misconduct (a position that has historically been based at least in part on significant pressure on the relatively modest resources available to it). However, it has been careful to make clear that it considers its primary role to be the prosecutor of the ‘top slice’ of economic crime in the UK. During his tenure, its director, David Green QC CB, has made it abundantly clear that the SFO is not prepared for negotiated settlements to become the norm or for corporate organisations to expect that they will automatically follow self-reports.
Adding colour to the SFO’s expectations and, in the eyes of many defence practitioners, exceeding the parameters of what the SFO may reasonably require, other senior figures have suggested that the SFO will only consider self-reporting corporate organisations to be genuinely cooperating where they provide unfettered access to witnesses’ first accounts. They have also made clear that the SFO will not consider itself constrained from enquiring into the circumstances in which internal investigations have been conducted prior to a self-report being made. Its statements in connection with the DPAs concluded to date and the Sweett case show that this remains its position.
Notwithstanding statements by the SFO that nothing in their guidance or public statements of policy is intended to alter the law on legal professional privilege, which safeguards the confidentiality of communications between lawyers and clients in the UK, the relatively narrow definition of cooperation to which it has committed itself will, in many cases, inevitably require waivers of this privilege. This may have the knock-on effect of deterring corporate organisations from coming forward in many cases, particularly where there are concerns about the potential for details of matters informing the commencement of or discovered in the course of internal investigations to become disclosable in follow-on litigation pursued by third parties claiming that they have sustained losses as the result of alleged misconduct. Many corporate organisations considering self-reporting historic misconduct harbour concerns that such a robust stance on the part of the SFO may limit the chances of a self-report leading to the negotiation of a proposed DPA to be placed before a court. They also remain troubled at the prospect that information provided during negotiations may form the basis for the construction of a case against them should negotiations fail. Until further guidance emerges from cases featuring more contentious issues, they are likely to remain cautious.
In the UK (as is the case in other jurisdictions around Europe and the Middle East), whistleblower reports account for a proportion, although by no means the majority, of the investigations commenced by the SFO. They have led to some relatively high-profile successful prosecutions, although to date these have largely concerned individuals rather than corporate organisations.30 More, including some of the SFO’s current flagship investigations and prosecutions into large corporates, are expected to follow. In September 2013, the SFO commenced criminal proceedings against Gyrus Group Limited, the UK subsidiary of Olympus Corporation in connection with a worldwide fraud valued at approximately US$1.7 billion. That investigation flowed from the widely publicised whistleblowing disclosure made by Michael Woodford, the former CEO of Olympus, although the investigation has since been discontinued following a Court of Appeal judgment in February 2015, which ruled that English law does not criminalise the misleading of auditors by the company under audit. Separately, a whistleblower’s report led (at least in part) to the four-year SFO investigation in relation to Rolls-Royce PLC, which culminated in the largest penalty imposed to date under a DPA.
As noted above, while the SFO receives substantial numbers of direct whistleblower reports, constraints on resources, among other factors, mean that only the minority of these progress to formal investigations and prosecutions.
Investigating complaints by whistleblowers internally
There is no one ‘correct’ approach to investigating complaints by whistleblowers. What is necessary and appropriate when following up on disclosures will vary significantly depending upon factors including the jurisdictions, personnel and business areas involved or implicated. It is possible though to identify several key principles to help corporate organisations respond decisively and consistently and to protect their interests when they receive reports of alleged misconduct.
Clear communication underpins a successful response to a whistleblowing disclosure. It is crucial to have in place carefully delineated channels to enable staff responsible for receiving disclosures (whether through a dedicated hotline or other less formal channels) to escalate them quickly and to the right people. In particular, policies and procedures should name a designated member of the senior management of the corporate organisation (probably in its legal or compliance function) who should have a direct reporting line to the board or audit committee. Provision should also be made for how to deal with disclosures naming members of the board or the designated senior manager responsible for handling whistleblowing reports.
Not every whistleblowing report will justify the expenditure of time and resources on comprehensive internal investigations or will involve reports to authorities. When evaluating complaints made by whistleblowers, it is clearly important to guard against complacency or undue cynicism. However, level-headedness and even-handedness pay dividends. Allegations should be viewed dispassionately and, where possible, empirically tested by reference to readily available documents or by means of interviews with relevant individuals (who should be reminded of the importance of confidentiality).
Where initial enquiries show disclosures to be well founded, organisations’ responses should be guided by clear protocols. These should set out the circumstances in which external legal counsel should be instructed (which will usually be necessary at an early stage in order to preserve any applicable privileges). They may also deal with how and when other external specialist resources such as forensic IT consultants or accountants may be sourced. Appropriate senior individuals within the organisation’s human resources function should be identified to coordinate its approach towards the whistleblower and to deal with any disciplinary action in relation to other employees that may be necessary.
Once notified of the fact of serious allegations made in a whistleblowing report, it is of particular importance that the senior management of the organisation are kept appraised of the progress of enquiries into the matters disclosed by the whistleblower. As alluded to elsewhere in this chapter, once evidence emerges establishing that complaints appear to be well founded, the window within which corporate organisations may receive maximum credit for self-reporting actual or suspected misconduct to the appropriate authorities is relatively short.
The FCA and PRA’s new whistleblowing rules may require some regulated firms to enhance existing whistleblowing procedures. Such firms should have appointed a whistleblowers’ champion. When selecting a whistleblowers’ champion, due consideration should be given to that individual’s responsibility for ‘ensuring and overseeing the integrity, independence and effectiveness of the firm’s policies and procedures on whistleblowing and for ensuring staff who raise concerns are protected from detrimental treatment’.
Deciding whether, when and how to self-report
In many jurisdictions, corporate organisations (and, in some circumstances, individuals) are under regulatory obligations positively to self-report actual or suspected misconduct or allegations of such misconduct. However, where there is no obligation to self-report, deciding whether to do so voluntarily is among the most critical decisions to be taken upon receipt of a whistleblowing disclosure or discovery of material suggesting historic wrongdoing.
When determining whether self-reporting is appropriate, corporate organisations and their advisers have to balance a series of risk and other factors. There will be times when a self-report is likely to be the only sensible approach – particularly where a whistleblower has made serious allegations. In other, less clear-cut cases, while self-reporting may help to establish or maintain a favourable dialogue with authorities should a formal investigation follow or confer benefits should the matter be deemed suitable for a negotiated outcome, doing so is not without risk. Bringing matters to the attention of authorities voluntarily may prompt scrutiny that may otherwise have been legitimately avoided or may result in long and costly investigations and negotiations.
Before making a self-report, it may be necessary to take investigative steps to test the information giving rise to concerns and to ensure that any report made to authorities is as complete and accurate as possible. How long this takes will depend on a range of factors including when the alleged conduct took place, how many individuals are alleged to have been involved and the availability of relevant documents and individuals for interview. It is increasingly common for authorities to insist on being involved in internal investigations, particularly in relation to whether, how or when witness interviews are conducted and this is something to be borne in mind. It is crucial, however, to ensure that steps are taken immediately to preserve all relevant documents and that such investigations are carefully scoped and proceed expeditiously.
Where corporate organisations determine that it is necessary to make a report to authorities, the challenges facing them are to demonstrate that any self-report has been made in a timely fashion, has been made genuinely voluntarily (ie, not simply because public disclosure or a regulatory or criminal investigation is imminent) and contains enough meaningful information to enable the authority concerned to make an informed assessment as to how to proceed. In some jurisdictions, self-reporting before others secures immunity or leniency under statute. Even in jurisdictions where this is not specifically provided for, corporate organisations contemplating self-reporting should aim to be the first to do so to maximise credit. Generally, authorities will acknowledge that internal investigations into complex matters which may have occurred many years ago take time, and give credit for initial notifications once key facts have been established accompanied by indications that a fuller report will follow the completion of a more thorough investigation. As noted above, it is increasingly common for authorities to insist on being involved in determining the scope and timing of internal investigations (if a corporate wishes to be regarded as cooperative) and for authorities to insist on the provision of witnesses’ first accounts as a condition of their being prepared to entertain the prospect of a negotiated settlement.
Self-reports to authorities are not generally made in a set format, but instead usually take the form of a preliminary notification (normally verbal) soon after receiving notice of potential wrongdoing followed by a more detailed written or oral report after further investigation. The nature and scope of disclosures to authorities vary significantly between, and often within, jurisdictions and may depend on whether the issues cross borders. Specifically, whether it is possible to preserve any applicable privileges by providing reports orally rather than in writing will depend on the circumstances.
Whichever format is used to report matters to authorities, corporate organisations and their advisers should assume that information provided to one enforcement authority will be passed to others and that referrals may be made where they have parallel jurisdiction over some or all aspects of the corporate’s activities. They should also not assume that disclosure to one means that others are aware of the matter and full assessments should be made of whether it is necessary to make separate notifications to other specific authorities (whether in the same jurisdiction or elsewhere) who may expect to be told of the alleged misconduct or of the fact of other investigations by or at the behest of enforcement authorities.
- It may depend, for example, on the nature and seriousness of the offence, whether it is a one-off or systemic issue and whether it can be remediated swiftly.
- Simon Wolfe, Mark Worth, Suelette Dreyfus, A. J. Brown, 2014, Whistleblower protection laws in G20 countries, Blueprint for Free Speech, viewed 18 January 2017, www.transparency.de/fileadmin/pdfs/Themen/Hinweisgebersysteme/Whistleblower-Protection-Laws-in-G20-Countries-Priorities-for-Action.pd.
- SEC Office of the Whistleblower 2016 Annual Report on the Dodd-Frank Whistleblower Programme, www.sec.gov/files/owb-annual-report-2016.pdf.
- Other authorities such as the Internal Revenue Service have had whistleblower programmes for many years.
- FCA Annual Report 2015/16 (at page 35), www.fca.org.uk/publication/corporate/annual-report-2015-16.pdf.
- Speech by Mary Jo White, ‘The SEC as the Whistleblower’s Advocate’, 30 April 2015.
- SYSC 18.2.2 [G].
- FCA Policy Statement PS15/24 containing its rules applicable to deposit takers with assets over £250 million. The rules are set out in the FCA Handbook at: SYSC 18.1, SYSC 18.3, SYSC 18.4 and 18.5. The PRA rules are set out in its Policy Statement PS24/15, the PRA General Organisational Requirements Rulebook (applicable to CRR Firms) and its Whistleblowing Rulebook (applicable to solvency II firms) and PRA Supervisory Statement SS 39/15 (applicable to deposit takers with assets greater than $250 million, PRA designated investment firms and insurers).
- FCA Handbook SYSC 18.4 and PRA SS 39/15.
- Insurance and reinsurance firms within the scope of Solvency II, the Society of Lloyd’s and managing agents.
- Ministry of Justice Guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing, at paragraph 1.7.
- Speech by Alun Milford, General Counsel SFO, ‘The Use of Information to Discern and Control Risk’, 2 September 2014.
- Deferred Prosecution Agreements Code of Practice, published jointly with the Crown Prosecution Service (February 2014), www.sfo.gov.uk/media/264623/deferred%20prosecution%20agreements%20cop.pdf.
- Sentencing Council’s definitive guidelines for fraud, bribery and money laundering offences, October 2014.
- The Public Contracts Regulations 2015, Regulation 57(15).
- Crime and Courts Act 2013, section 45 and Schedule 17.
- See United States of America v Fokker Services BV.
- For full details and links to the statement of facts, judgments and formal agreement, see www.sfo.gov.uk/2015/11/30/sfo-agrees-first-uk-dpa-with-standard-bank/.
- For full details and links to the statement of facts, judgments and formal agreement, see www.sfo.gov.uk/2017/01/17/sfo-completes-497-25m-deferred-prosecution-agreement-rolls-royce-plc/.
- For full details and links to the statement of facts, judgments and formal agreement, see www.sfo.gov.uk/2016/07/08/sfo-secures-second-dpa/.
- See, for example, a speech given by Alun Milford, SFO General Counsel on 29 March 2016, www.sfo.gov.uk/2016/03/29/speech-compliance-professionals/.
- Serious Organised Crime and Police Act 2005, sections 71 and 73.
- Employment Rights Act 1996, section 43B.
- Employment Rights Act 1996, section 43J.
- www.fca.org.uk/static/documents/consultation-papers/cp15-04.pdf at paragraph 2.15.
- See, for example, Smania v Standard Chartered Bank  I.C.R. 436.
- See, for example, prosecutions of individuals associated with Torex Retail PLC, www.sfo.gov.uk/press-room/latest-press-releases/press-releases-2013/final-conviction-in-torex-retail-false-accounting-case.aspx.