A guest post from Gibson Dunn attorneys Sacha Harber-Kelly and Steve Melrose.
Mr. Harber-Kelly is a former prosecutor at the SFO and was appointed to lead the SFO’s engagement in the cross-governmental working group which devised the DPA legislative framework, and subsequently appointed to draft the DPA Code of Practice, which sets out how prosecutors will operate the DPA regime.
On October 23, 2020, the UK Serious Fraud Office published a new chapter from its internal Operational Handbook, which it describes as “comprehensive guidance on how we approach Deferred Prosecution Agreements (DPAs), and how we engage with companies where a DPA is a prospective outcome.”
At the time of its publication, the Director of the SFO, Lisa Osofsky, remarked, “Publishing this guidance will provide further transparency on what we expect from companies looking to co-operate with us.” Director Osofsky’s full remarks are here.
The 2020 DPA Guidance (“the Guidance”) is here.
In Director Osofsky’s remarks, it is worth observing that she states “DPAs require the company to admit to the misconduct, pay a financial penalty and agree to adhere to conditions set out by the prosecutor to ensure future co-operation and compliance.”
In fact, the underlying statute that created DPAs is clear that a party need not admit guilt and the new Guidance, when addressing the content of the Statement of Facts, also makes plain it is not necessary. There has therefore been no change in the law or the SFO’s requirements with respect to completing a DPA.
The Guidance contains very little new content compared with what is already set out in the DPA Code of Practice (published in January 2014), which is referenced almost 100 times in the Guidance. It should not be forgotten that the DPA Code of Practice remains in force and is the lead document for consideration, with its publication and consideration required by law and it having been laid before Parliament.
So What Is New?
- The Guidance contains a section on “Parallel Investigations” with other agencies that counsels the prosecutor to ensure that they coordinate early with other agencies and de-conflict. The purpose of the Guidance is to facilitate smooth and expeditious investigations that do not prejudice one another. Whilst this detail is not in the DPA Code of Practice, it is covered extensively in other prosecution guidance.
- There is a section in the Guidance on the naming of individuals in the Statement of Facts that accompanies the DPA and contains a description of the conduct. The Guidance counsels the prosecutor to consider redaction or anonymization. In practice, this has been the case for the majority of Statements of Fact agreed to date; alternatively, publication has been delayed until the conclusion of the trial of individuals to avoid prejudice to their trials.
- Under “Corporate compliance programmes,” the prosecutor is counselled when requiring remediation terms to consider whether it is necessary and proportionate to require the company to adopt the use of data analytics to test compliance controls and behaviour.
- The section on “Monitors” is interesting for what it does not say, rather than what it does say. It does not repeat the guidance provided in the DPA Code of Practice that “An important consideration for entering into a DPA is whether [the Company] already has a genuinely proactive and effective corporate compliance programme. The use of monitors should therefore be approached with care.” The language in the DPA Code of Practice signals a presumption that those offered a DPA are unlikely to be required to have a monitor in place. Rarely will a term requiring a monitor be consistent with the DPA Code of Practice and therefore meet the statutory requirement for terms to be “fair, reasonable and proportionate.”
- On “Sale or merger” the Guidance suggests that DPAs should include a term that requires the consent of the SFO to such a sale or merger. This is new but so far has not featured as a term in any of the DPAs agreed to date. Prior DPAs make it a requirement to make it a term of a subsequent sale or merger that the acquirer be bound by the terms of the DPA.
- The section on “Compensation” provides more detail than the DPA Code of Practice. However, it does no more than rehearse the well-established criminal law principles that determine when compensation should be sought and awarded, and which have been applied by the Court in prior DPAs.
- Under a heading enticingly titled “Calculating the profits to be disgorged,” the Guidance disappoints in saying only that “Calculating the profits achieved on account of the relevant conduct may not be a straightforward exercise; and it may be helpful to obtain accountancy expertise.”
- The last four DPA’s have imposed an obligation to self-report serious new misconduct that becomes known during the term of the DPA. In a section of the Guidance headed “Compliance with terms,” it states that “If any suspected wrongdoing relating to the Company is self-reported, or is otherwise discovered, during the term of the DPA, the prosecutor should consider what if any impact such conduct has on the Company’s obligations under the DPA, the SFO’s investigation of the Company [sic].” If a company self-reports pursuant to a term in a DPA, it will not be in breach. But if it were discovered that the company failed to self-report, that may, subject to the rules of evidence, be treated by the SFO as a breach. Further, the self-reporting or discovery of new serious misconduct has the potential for the SFO to seek a variation of the terms of the DPA in order to amend or supplement its terms.
The commission of a further serious offence, let alone the suspicion of one during the term of a DPA, would not amount to a breach of a DPA without an express term to that affect. To date, no DPA has contained such a term. In most instances, it would be impractical given the length of time it typically takes to investigate and prosecute new cases. By the time the SFO established that an offence had been committed, the DPA will likely have expired. Any breach proceedings in respect of the DPA must commence during the term of the DPA. A term that would make it possible to breach a DPA in the event of an unproven suspicion would arguably not be fair, reasonable and proportionate.
Self-reporting features in a non-exhaustive list of public interest factors in the DPA Code of Practice that point in favour of a DPA instead of prosecution. Each of the specified public interest factors along with others that might be case-specific are to be balanced by the prosecutor in exercising their discretion whether to conclude a case by way of a DPA. It has always been the case that self-reporting is not essential, albeit a factor that will carry considerable weight. This was affirmed in the January 2020 Airbus DPA where the court said “…there is no necessary bright line between self-reporting and co-operation.” If it were unclear, the Guidance now makes this plain at footnote 15, which provides, “[t]he failure of a Company to self-report is not a bar to DPA negotiations per se but must be considered as a factor when assessing whether a DPA is in the public interest.” 
The Guidance also makes clear that a self-report does not have to be immediate by stating, “Voluntary self-reporting suspected wrongdoing within a reasonable time of those suspicions coming to light is an important aspect of co-operation.” This mirrors the language in the DPA Code of Practice, so it also does not mark a change in policy.
The Guidance does not materially assist companies to understand what the SFO expects in terms of co-operation beyond what was previously published. Those aspects of the Guidance that are not already in the DPA Code of Practice are found in alternative guidance or in prior DPAs, are matters of procedure addressed specifically to prosecutors or are light on detail.
Consistent with Director Osofsky’s commendation of the SFO’s most recent DPA for having “real teeth,” the Guidance suggests that the SFO is considering seeking increasingly onerous terms in DPAs. The challenge for the SFO will be that, should it continue down such a track, the incentives that a DPA is designed to offer will be diminished, ultimately disincentivizing the co-operation they are designed to encourage.
FCPA Institute - Zoom (Oct. 27-29)
Elevate your FCPA knowledge and practical skills. Nine hours of integrated and cohesive instruction led by Professor Koehler (an FCPA expert with teaching experience). Learn more, spend less. Professional credential available.
 Crime and Courts Act 2013, Schedule 17, paragraph 5(1). See also DPA Code of practice, paragraph 6.3 which confirms guilt need not be admitted but the contents and meaning of key documents referred to in the Statement of Facts will require admission.
 “There is no requirement for formal admissions of guilt in respect of the offences charged on the indictment.” Guidance, section “Statement of Facts”
 Crime and Courts Act 2013, Schedule 17, paragraph 6.
 Such as the Director of Public Prosecutions’ “Guidance on the handling of cases where the jurisdiction to prosecute is shared with prosecuting authorities overseas,” “Annex A – Eurojust Guidelines For Deciding ‘Which Jurisdiction Should Prosecute?’” and the “Agreement for Handling Criminal Cases with Concurrent Jurisdiction between the United Kingdom and the United States of America.”
 Crime and Courts Act 2013, Schedule 17, paragraphs 7(1)(b) and 8(1)(b).
 At the time of writing there remains an unpublished DPA in respect of Airline Services Limited.
 See also Crime and Courts Act 2013, Schedule 17, paragraph 10.
 Crime and Courts Act 2013, Schedule 17, paragraph 9(1).
 DPA Code of Practice, paragraphs 2.6 and 2.8.
 See also SFO v Airbus SE, January 31, 2020 at paragraph 68.
 DPA Code of Practice, paragraph 2.8.2 i.