FCPA Update December 2015 Volume 7 Number 5 1 FCPA Update A Global Anti‑Corruption Newsletter Also in this issue: 21 The SEC’s Most-Recent Nudge to Self-Report: Will it Make a Difference? 26 The FCA Imposes £72 Million Financial Penalty on Barclays for Financial Crime Failings 30 Property Alliance Group Ltd v. Royal Bank of Scotland Plc Click here for an index of all FCPA Update articles If there are additional individuals within your organization who would like to receive FCPA Update, please email ssmichaels@debevoise.com or pferenz@debevoise.com www.debevoise.com The United Kingdom’s First Deferred Prosecution Agreement In November 2015, anti-bribery enforcement and regulation in the United Kingdom entered a new era with the first UK Deferred Prosecution Agreement (“DPA”). The DPA, between the Serious Fraud Office (“SFO”), the UK’s leading prosecutor of bribery and other economic crimes, and UK-based ICBC Standard Bank plc, contains valuable lessons about both DPAs and the UK Bribery Act 2010 (the “Act”) for all companies operating, even to a limited extent, in the United Kingdom.1 Continued on page 2 1. See Deferred Prosecution Agreement between the Director of the Serious Fraud Office and Standard Bank plc (now known as ICBC Standard Bank plc), Nov. 26, 2015 [hereinafter “DPA”]; Serious Fraud Office v Standard Bank Plc (now known as ICBC Standard Bank Plc) (Nov. 4, 2015) (Case No: U20150854) [hereinafter “Preliminary Judgment”]; Serious Fraud Office v Standard Bank Plc (now known as ICBC Standard Bank Plc) (Nov.

30, 2015) (Case No: U20150854) [hereinafter “Full Judgment”]; and the Statement of Facts in respect of Serious Fraud Office v Standard Bank Plc (now known as ICBC Standard Bank Plc [hereinafter “Statement of Facts”). . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement I. Background Continued from page 1 2 DPAs have for years been a feature of criminal enforcement in the United States, but have not been used in other countries. The main reasons for this are concerns over the risks of sweetheart deals between prosecutors and companies and, relatedly, concerns that companies should not be allowed to buy their way out of criminal prosecution. At the same time, certain foreign prosecutors have noted with envy or admiration the ability of US prosecutors to use DPAs to achieve substantial negotiated settlements in circumstances where a traditional prosecution would be difficult. A. The Law To provide this powerful tool to UK prosecutors, the UK government introduced DPAs into English law in February 2014.2 As with US DPAs, a UK DPA is an agreement whereby a prosecutor agrees to suspend and ultimately abandon prosecution in return for various actions from a company, typically including financial payments, cooperation and changes to systems and procedures. The UK DPA has one crucial difference from its older US cousin: the courts are much more involved. In the United States, at least until recently, courts have played a minor role in scrutinizing DPAs, and in any event do not become involved until late in the process.3 Under the UK’s DPA law, by contrast, court approval is required at least twice for every DPA – before terms are agreed in principle, and before a final agreement is approved – and the court is required to consider carefully whether a DPA is in the interests of justice, and to provide detailed reasoning. It would seem that, by this requirement, the UK government hoped to avoid the perceived problems of sweetheart deals and lenient treatment.

At the same time, it is possible that the incentive for companies to enter into a DPA is diminished by the fear of having a settlement – including the settlement amount – scrutinized by a senior judge. Nonetheless, the fact that reasoned judgments are provided should be of great assistance to corporations: such judgments should provide practical and detailed guidance as to what the UK courts consider companies are required to do in order to be eligible for DPAs. Continued on page 3 2. See “The Year 2014 in Anti-Bribery Enforcement: New Records, New Trends, and New Complexity as Anti-Bribery Enforcement Truly Goes Global,” FCPA Update (Jan. 2015, Volume 6, Number 6), http://www.debevoise.com/~/media/files/insights/publications/2015/01/fcpa_ update_jan_2015.pdf. 3. See United States v. Saena Tech.

Corp., 2015 WL 6406266 (D.D.C. Oct. 21, 2015); United States v.

Fokker Servs. B.V., 79 F. Supp.

3d 160 (D.D.C. Feb. 5, 2015); United States v. HSBC Bank USA, NA, 2013 WL 3306161 (E.D.N.Y.

July 1, 2013). www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 2 3 This, the first published DPA, is valuable not only in that respect but also because it is the first significant court decision which deals in depth with the Bribery Act, including its novel corporate offence, and the new UK sentencing guideline for corporations. The judgment will provide assistance to companies in understanding their liabilities and responsibilities under the Act. B. The Facts4 The subject of the DPA is ICBC Standard Bank plc (“Standard Bank”), a joint venture between South Africa’s Standard Bank Group Ltd5 and the Industrial and Commercial Bank of China (“ICBC”) (although at the time of the relevant events ICBC held no interest in Standard Bank). Early in 2012, the government of Tanzania mandated Standard Bank and its sister company Stanbic Bank Tanzania Ltd (“Stanbic”), both part of the Standard Bank Group, to raise funds by way of a private placement. Standard Bank’s involvement was required because Stanbic was not licensed to deal with non-Tanzanian investors in the debt market. “This, the first published DPA, is valuable not only in that respect but also because it is the first significant court decision which deals in depth with the Bribery Act, including its novel corporate offence, and the new UK sentencing guideline for corporations.” Standard Bank and Stanbic’s combined fee was 2.4%, 1% of which was to be paid to a Tanzanian company, Enterprise Global Market Advisors Limited (“EGMA”). EGMA had three shareholders, one of whom was the Commissioner of the Tanzania Revenue Authority and thus a foreign public official. There was no sign that EGMA provided any services in connection with the transaction.

Standard Bank did not conduct due diligence or know-your customer (“KYC”) checks on EGMA, leaving those entirely to Stanbic. Standard Bank and Stanbic raised $600 million for the government. The two banks received a total fee of $14.4 million, $6 million of which was paid to EGMA into a Stanbic account in March 2013. Almost all that amount was withdrawn in significant cash tranches within 10 days, with the assistance of the Stanbic managers who had worked on the placement.

The speed and nature of the withdrawals led Continued on page 4 4. See Preliminary Judgment, ¶¶ 8 – 23. 5. Not to be confused with the UK’s Standard Chartered Bank plc, an unrelated entity. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 3 4 various staff members at Stanbic to make reports through compliance channels which were escalated to the Standard Bank Group’s head office in South Africa towards the end of March, after which the group acted quickly. The head office in South Africa began an internal investigation and informed Standard Bank in the United Kingdom sometime in the first half of April 2013. On 18 April 2013, before Standard Bank had even begun its own internal investigation, it reported the matter to the United Kingdom’s Serious and Organised Crime Agency (“SOCA”) (now known as the National Crime Agency (the “NCA”)), followed by a report to the SFO on 24 April 2013. Standard Bank agreed with the SFO that it would conduct its internal investigation and share the results with the SFO. Following the delivery of a written report by Standard Bank in July 2014, the SFO commenced its own investigation, concluding that Stanbic and/or some of its senior executives – all of which it considered to be associated persons of Standard Bank – had committed bribery by promising and/or giving EGMA $6 million in order to induce a representative or representatives of the Tanzanian government to show favour to Standard Bank and Stanbic in appointing them to run the private placement. It determined that the associated persons had caused the bribe to be paid in order to obtain or retain business or a business advantage for Standard Bank, thus engaging Standard Bank’s liability under section 7 of the Bribery Act – the socalled “corporate offence” – which makes it a crime for a commercial organisation to fail to prevent bribery by its associated persons.

The SFO further concluded that Standard Bank lacked “adequate procedures” to prevent bribery and thus would not have a realistic prospect of raising that as a defence to the corporate offence. C. Terms of the DPA6 Standard Bank and the SFO agreed the following terms as part of the DPA, all of which were approved by the judge: 1. A fine of $16.8 million; 2. Disgorgement of $8.4 million; 3.

Compensation of $6 million to be paid to the government of Tanzania; 4. Review and enhancement of Standard Bank’s corporate compliance programme; 5. Payment of the SFO’s costs; and 6.

Continued cooperation with the SFO. We will analyse these terms – particularly the payments – in detail in this article. Continued on page 5 6. See the DPA, ¶¶ 9 – 38. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement II. Analysis Continued from page 4 5 While this is the first instance in which a court has considered the Bribery Act in relation to a significant case of corporate bribery involving a large financial institution, the admissible evidence gathered was not tested before a jury. Furthermore, the offence in question was the failure by Standard Bank to prevent bribery, which is prohibited by section 7 of the Bribery Act, a strict liability offence that does not require the prosecutor to establish any mental element on the part of the defendant organisation or its own employees. A. Bribery Act The judgments of Lord Justice Leveson therefore provide only indirect guidance into how the predicate bribery offences themselves will ultimately be tried in the UK courts. They provide more useful insight into the level of evidence sufficient for a DPA in respect of the corporate offence. 1. Relationship between the corporate offence and the underlying offence The corporate offence of failure to prevent bribery by an associated person is a derivative offence. That is, the charge cannot be established unless the prosecution can also prove that the associated person committed one of the underlying bribery offences. However, the prosecution does not need to secure a conviction for the underlying offence. Section 7(1) of the Act states that a commercial organisation is guilty of an offence if its associated person “bribes another person” while intending to obtain or retain business or a business advantage for the organisation.

And section 7(3) of the Act states that, for the purposes of the corporate offence, an associated person “bribes another person” only if the associated person “is, or would be guilty” (emphasis added) of one of the underlying offences in the Bribery Act “whether or not [the associated person] has been prosecuted for such an offence” and regardless of whether the UK courts have jurisdiction over the associated person. That is, the corporate offence can be established even if there has been no conviction for the underlying offence and no such conviction is sought. So what must the prosecution show in terms of the underlying offence? This case answers the question in part. Continued on page 6 www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 5 2. 6 Underlying bribery offences There are two underlying offences in the Bribery Act that can engage section 7 corporate liability: bribing another person (section 1) and bribing a foreign public official (section 6). The SFO here concentrated solely on section 1, though arguably, given the involvement of the government of Tanzania and the Commissioner of the Tanzanian Tax Authority, section 6 might also have been available. The persons committing the bribery, according to the SFO, were Stanbic and/ or two of its most senior executives, Bashir Awale and Shose Sinare. The SFO alleged that they “promised or gave a financial advantage to EGMA intending that advantage to induce a representative of the [government of Tanzania] improperly to show favour to [Standard Bank] and [Stanbic] in appointing or retaining them for the purposes of the transaction.”7 This would constitute a bribe because, under section 1, bribing another consists of making a payment to induce (or reward) “improper performance” by another person. The SFO does not appear to have had access to the Stanbic executives, and those executives did not even cooperate with the internal investigation; the SFO received no documentation from EGMA or the government of Tanzania; and both the SFO and the court accepted that the Standard Bank employees knew nothing about any bribes. In other words, there was, perhaps unsurprisingly, no direct evidence available to the SFO and thus the judge to the effect that Stanbic or its executives paid a bribe. The circumstantial evidence and inferences it gave rise to were, nonetheless, substantial.

The fact that one of EGMA’s shareholders, Mr. Kitilya, was, at the time of the transaction, acting Commissioner of the Tanzanian Tax Authority and thereby a serving member of the Tanzanian government, was, of itself, a significant red flag. There was no evidence that EGMA provided any actual services. Standard Bank was informed by Stanbic of the proposed involvement of a local Tanzanian partner only after the Tanzanian government had been informed.

Once EGMA was retained, a previously slow moving transaction proceeded quickly. And after EGMA was paid $6 million, it promptly withdrew most of that amount in cash. These factors led the judge to conclude that the “only inference”8 to be drawn was that Stanbic’s senior executives intended EGMA’s 1% fee to induce Mr Kitilya (and possibly others) to show favour to Stanbic and Standard Bank’s proposal. Whether this was overstating the matter, no other evidence was put forward (or possibly capable of being put forward) to explain the arrangement, and the strength of the suspicions it gave rise to justified the judge’s conclusion in a DPA context.

Had the Continued on page 7 7. See Statement of Facts ¶ 202. 8. See Preliminary Judgment, ¶ 11. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 6 7 section 7 offence been tried before a jury, it is less certain that circumstantial evidence alone would have sufficed to establish the underlying bribery offence to the standard required by section 7. The fact that circumstantial evidence as to the actions of “associated persons” alone may suffice to make out the underlying bribery offence and thus trigger section 7 liability is, of course, an important wake-up call to all companies subject to the Bribery Act that engage third parties in their global operations. “The fact that circumstantial evidence as to the actions of ‘associated persons’ alone may suffice to make out the underlying bribery offence and thus trigger section 7 liability is, of course, an important wake-up call to all companies subject to the Bribery Act that engage third parties in their global operations.” 3. Failure to Prevent Bribery Once the underlying offence by an associated person is established, the corporate offence is automatically made out, unless the defence of adequate procedures can be shown (discussed below). In that sense, therefore, the “failure” in “failure to prevent bribery” is an act of omission, rather than commission. Nonetheless, it is worth going through exactly how Standard Bank failed here: other companies can certainly learn from its mistakes. It is first worth reiterating that it is no part of the corporate offence that any employee at the commercial organisation had corrupt intent. Lord Justice Leveson underlined that “no allegation of knowing participation in an offence of bribery is alleged either against Standard Bank or any of its employees; the offence is limited to an allegation of inadequate systems to prevent associated persons from committing an offence of bribery.”9 Though Standard Bank was acting jointly with Stanbic on the transaction, there was no evidence that the Standard Bank deal team itself interacted directly with EGMA or knew anything about it.

There was also a lack of communication between Standard Bank and Stanbic in relation to the engagement of EGMA. Yet this lack of Continued on page 8 9. See Full Judgment, ¶ 11. A similar message was stated at Preliminary Judgment, ¶ 46. www.debevoise.com .

FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 7 8 action, it appears, is what got Standard Bank into trouble; if it had communicated or interacted more with its counterparts, the problem might have been ended before it began. Florian von Hartig, the Standard Bank deal team leader (who was the only Standard Bank team member to be named in the DPA papers), stated to the SFO that Standard Bank had “no contact”10 with EGMA. The SFO’s interviews revealed that the “deal team members did not even share a common understanding about the basis for EGMA’s involvement.”11 Furthermore, Mr. von Hartig was held to have interpreted Standard Bank’s compliance policies – about which the judge said there was common ground that they were “unclear and did not provide sufficient specific guidance”12 – as not requiring any enquiry into EGMA. Therefore, in spite of the “obvious red flags”13 surrounding EGMA’s involvement, the Standard Bank deal team relied entirely upon Stanbic to make appropriate enquiries and raise any concerns, raising none themselves.

Significantly, Mr. von Hartig set out in an email to his team that Stanbic was responsible for KYC checks on EGMA and that no shortcuts would ever be acceptable.14 By implication, Standard Bank did not need to conduct any KYC checks – and indeed, it did not. Standard Bank’s failure to have any meaningful role in vetting the EGMA involvement looks irresponsible at the least given the questions that presented themselves on any view of the transaction. At worst, it could be construed as a demonstration of wilful blindness, but it was not necessary for the SFO to prove wilful blindness, and nowhere in the Statement of Facts or the DPA does it state that anyone at Standard Bank “must have known” that there was something suspicious going on.

It is the failure alone to prevent the underlying bribery that makes Standard Bank criminally liable. 4. Adequate procedures In this case, the SFO alleged, and Lord Justice Leveson agreed, that the material disclosed was insufficient to enable Standard Bank to rely on the defence of adequate procedures, as per section 7(2) of the Act. It is clear from the evidence presented that Standard Bank’s procedures were hefty and voluminous – but they were not “adequate,” as summarised by the judge: Continued on page 9 10. See Statement of Facts, ¶ 32. 11. Id., ¶ 151. 12. See Preliminary Judgment, ¶ 14. 13. See Statement of Facts, ¶ 154. 14. Id. at ¶ 156. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 9 The applicable policy was unclear and was not reinforced effectively to the Standard Bank deal team through communication and/or training. In particular, Standard Bank’s training did not provide sufficient guidance about relevant obligations and procedures where two entities within the Standard Bank Group were involved in a transaction and the other Standard Bank entity engaged an introducer or a consultant. The United Kingdom’s First Deferred Prosecution Agreement Continued from page 8 In the event, Standard Bank engaged as joint lead manager with Stanbic in a transaction with the government of a high risk country in which a third party received US $6 million with the protection of only KYC checks relevant to opening a bank account. The checks in relation to that third party were conducted by Stanbic, a sister company in respect of which Standard Bank had no interest, oversight, control or involvement. It did not undertake enhanced due diligence processes to deal with the presence of any corruption red flags regarding the involvement of a third party in a government transaction, relating to a high risk country. There were also failings in terms in not identifying the presence of politically exposed persons and not addressing the arrival of a third party charging a substantial fee.

In essence, an anticorruption culture was not effectively demonstrated within Standard Bank as regards the transaction at issue.15 The Statement of Facts notes various ways in which the procedures were inadequate, or implemented inadequately. For example, Standard Bank was satisfied with confirmation from Stanbic that its KYC checks on EGMA had been completed, having been provided with a two-page checklist from Stanbic of its KYC steps.16 While that KYC form appeared to have acknowledged the account opening as high risk, it was unclear on what basis this assessment had been reached and, crucially, this categorisation was missed by the Standard Bank deal team. A combination of inadequate internal policies, poor training and communication, and a lack of coordination between group entities, meant that Standard Bank’s policies and procedures – and, importantly, the way they were implemented – were inadequate for the risks the bank faced, especially in more high-risk jurisdictions. Group compliance/AML procedures are clearly inadequate if they create a situation in which relevant information about a local third party partner is not shared between all group companies involved in the transaction in respect of which the local partner is retained. Continued on page 10 15. See Preliminary Judgment, ¶¶ 20 – 21. 16. See Statement of Facts, ¶¶ 155 – 62. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 9 10 Group-wide policies should also clearly state that responsibility for ensuring that all third party dealings are ethical and lawful lies with all group employees working on a mandate. In an era in which multinational sales and deal teams frequently work on cross-border matters and across various group entities, the expectation within businesses must be that teams, and especially senior managers, each ensure that appropriate, ongoing checks are made as to the manner in which business is generated. “In an era in which multinational sales and deal teams frequently work on cross-border matters and across various group entities, the expectation within businesses must be that teams, and especially senior managers, each ensure that appropriate, ongoing checks are made as to the manner in which business is generated.” 5. Associated person This case is the first to give some meaning to what is and is not an associated person. Under the Bribery Act, an associated person of a commercial organisation is one “who performs services for or on behalf of ” that organisation,17 which is to be determined “by reference to all the relevant circumstances and not merely by reference to the nature of the relationship” between the relevant parties.18 Section 8(3) of the Bribery Act provides some examples of who can be an associated person: an employee, agent or subsidiary. But that list is non-exhaustive, and, it is now clear from the DPA, merely illustrative: the concept of an associated person has a broad application. Stanbic’s Mr.

Awale and Ms. Sinare, who between them liaised with EGMA, were alleged by the SFO19 to have been performing services on behalf of Standard Bank and therefore to be Standard Bank’s associated persons – a conclusion neither Standard Bank nor the judge disagreed with. This may seem strange at first sight, and an unwarranted expansion of the set of people whose actions can lead to liability for a company: these two individuals, employees of a Tanzanian company, were found to be associated persons of a British bank that was not the Tanzanian company’s parent or subsidiary. Indeed, Continued on page 11 17. See Bribery Act 2010 [hereinafter “Bribery Act”], § 8(1). 18. Id.

at § 8(4). 19. Their seniority within Stanbic actually meant that corporate liability attached to Stanbic itself. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 10 11 Stanbic was variously described by the judge as “a sister company the management of which is unconnected to [Standard Bank]”20 and an entity “in respect of which Standard Bank had no interest, oversight, control or involvement.”21 Yet a review of the facts shows that the conclusion is less surprising, and there is real sense in holding Standard Bank liable for actions of the Stanbic employees. First, it was common ground between Standard Bank and the SFO, based principally on the mandate documentation signed with the Tanzanian government, that Standard Bank and Stanbic “were acting jointly and on behalf of one another in respect of arranging this transaction.”22 That is, the two companies were partners, each assisting the other. Further factors supporting the position of Stanbic and its two senior executives as associated persons were described as follows: • Standard Bank and Stanbic were the “lead manager” under the mandate letter with the Tanzanian government; • Their fees for acting as lead manager were split 50/50; • They carried out different but complementary roles within the transaction with Standard Bank providing the technical expertise and Stanbic maintaining the client relationship; • Members of both deal teams liaised closely with one another about the transaction; • Standard Bank was responsible for much of the contractual drafting and had a significant level of control over the overall structure of the deal; and • The fee letter they both signed stated that both were acting in collaboration with EGMA.23 This was held to be enough to render Stanbic and its executives associated persons of Standard Bank. Following this judgment, it should be understood that where affiliates in the same group are jointly involved in transactions and fulfilling different roles, they will not be able to hide behind corporate structures to avoid liability. If the affiliates are working on a common endeavour and ultimately sharing the fees earned, the acts of one will be attributed to those of the other and engage its liability. Continued on page 12 20. See Preliminary Judgment, ¶ 26. 21. Id. at ¶ 21. 22. See Statement of Facts, ¶ 127. 23. Id.

at ¶ 129. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 11 12 Indeed, there is no reason why the conclusion needs to be limited to affiliates of the same group: where two companies are in a joint venture, it is a consequence of this judgment that the employees of one company acting on behalf of both members of the joint venture may thereby become the associated person of both parties.24 The policy reason for this result is equally clear: the corporate offence of the Bribery Act was set up in a way to overcome the problems of companies hiding behind their lack of responsibility for far-flung agents (and even employees); the Act makes this clear by referring to the primacy of “all the relevant circumstances” in determining who is an associated person. Clearly, where a company benefits from the actions of a co-venturer – as Standard Bank did in jointly winning the mandate – it should be held responsible if that co-venturer engages in bribery in the pursuit of the joint mandate. The same considerations appear to have driven the conclusion on the other element of the associated person test, namely that the associated person must have paid the bribe in order to benefit the commercial organisation that is subject to section 7 liability. B. Sentencing Guidelines The disposition of the DPA is particularly important from the point of view of sentencing. By contrast with the United States, where centrally mandated sentencing guidelines, with their ranges and permutations, have been a recognised feature of the law for some time, the UK sentencing regime has remained mostly ad hoc and based on individual precedent, not statute. Last year, however, the United Kingdom’s Sentencing Council introduced the first ever sentencing guideline for fraud, bribery and money laundering by corporate offenders.25 The guideline requires courts to apply a multi-step process that includes, in addition to a fine, compensation, confiscation and various “adjustments.” Significantly, the guidelines must be applied in the same way in DPAs and contested prosecutions. Continued on page 13 24. Interestingly, the Ministry of Justice’s 2011 Guidance on the Bribery Act contained an extended discussion about associated persons and joint ventures, at paragraphs 40 – 42, yet the discussion was not referred to (or apparently applied) by the court. 25. See ‘Corporate Offenders: Fraud, Bribery and Money Laundering,’ Fraud, Bribery and Money Laundering Offences, Definitive Guideline (Oct. 1, 2014), https://www.sentencingcouncil.org.uk/wp-content/uploads/Fraud_bribery_and_money_laundering_offences_-_ Definitive_guideline.pdf [hereinafter “Guidelines”]. www.debevoise.com .

FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 12 13 On paper, the guidelines promised a much harsher sentencing regime in the United Kingdom than before. This case – the first application of the guidelines – has confirmed that promise. At least in the United Kingdom, an era of more US-style financial penalties is coming to pass. It is worth going through each step applied by the judge and then “stepping back,” much as the guidelines invite the court do so when adjusting the fine.26 The first stage is compensation.27 In that respect, the court considered that the $6 million apparently paid in a bribe constituted overpayment by the Tanzanian government. The original structure of the deal would have required that the government pay only $8.4 million; once EGMA was brought in as a local partner, the government agreed to pay $14.4 million.

Accordingly, the judge saw that $6 million (plus interest of more than $1 million) as “the loss suffered” by the government. This money will therefore be paid to the Tanzanian government.28 One can see the logic to this decision, which also establishes the principle that any money paid by a government (or commercial customer) which is used to bribe a government official, is a loss to that government and should be compensated. The second stage is confiscation29 or, as described by the judge, “disgorgement of profit.” The court ordered that Standard Bank disgorge $8.4 million, being the entire fee earned by Standard Bank and Stanbic. This is more open to challenge than the compensation figure. First, the $8.4 million is the sum paid to both companies – Standard Bank in fact was paid only $4.2 million, with Stanbic receiving the remainder. One could argue that $4.2 million was the more appropriate figure. Second, no allowance was made for Standard Bank’s costs, so disgorgement of profits looks like disgorgement of revenue. (We shall return to this below.) However it may not be entirely fair to criticise the judge for using those figures: this amount was actually “the proposal” of Standard Bank and the SFO, which the judge did not disturb.

This is one of a number of indications that courts are more likely to police the terms of a DPA for excessive leniency than for excessive rigour. Continued on page 14 26. Id., “Step Five,” page 52. 27. See Preliminary Judgment, ¶¶ 39 – 41. 28. This is not the first time the Tanzanian government has benefitted from an agreed UK settlement. In the BAE case, BAE paid just under £30 million to Tanzania, in lieu of a fine. 29. See Preliminary Judgment, ¶ 42. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 13 14 Future companies negotiating a DPA should try to limit confiscation to the profit they actually earned, but prosecutors will certainly be emboldened by this precedent to seek more than that. The third stage is the important one of setting the financial penalty.30 The guidelines calculate this, in the American style, by multiplying harm by culpability. For bribery offences, harm is normally defined as “the gross profit from the contract obtained, retained or sought as result of the offending.”31 Culpability is characterized as either low, medium or high, depending on the characteristics of the offence. It is then further adjusted by mitigating and aggravating factors to reach a final multiplier of the harm, which can be between 20% and 400%. The most significant question was what Standard Bank’s culpability would be. “Future companies negotiating a DPA should try to limit confiscation to the profit they actually earned, but prosecutors will certainly be emboldened by this precedent to seek more than that.” In this case, because government officials were involved – and even though the charge was one of failing to prevent bribery and the judge accepted that the evidence did not reveal any intention or knowledge of bribery on the part of Standard Bank executives or employees – the judge thought culpability should be somewhere between the medium end of the high range and the high end of the medium range. He accepted the SFO’s choice of the latter. This view put the multiplier around 300%, which was then multiplied by the gross profit. As with confiscation, the gross profit was taken to be the $8.4 million earned by both banks, again without taking any account of costs, for a figure of $25.2 million. The judge was then required to “step back”32 and assess whether the total level of sentence was reasonable. He concluded that it was reasonable (unsurprisingly, since it had been agreed by the parties).

He then, as mandated by the guideline, applied Continued on page 15 30. Id. at ¶¶ 43 – 58. 31. See Guidelines, page 49. 32. See Preliminary Judgment, ¶ 53. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 14 15 a reduction for pleading guilty,33 since Standard Bank’s reporting and cooperation amounted to such a plea. This took one-third off the financial penalty only, reducing it to $16.8 million. In total, therefore, Standard Bank earned $4.2 million in fees, from which it would have to deduct overhead and other costs – and agreed to pay out more than $32 million (including the SFO’s costs).34 One has to wonder if it was worth it, and if Standard Bank could have achieved a lower penalty by contesting the matter, particularly the SFO’s calculation of gross profit. Clearly, the high financial cost was the price Standard Bank was prepared to pay to resolve the matter without a conviction. Other companies may not be so willing, especially those in industries where the difference between revenues and profits may be more significant than it is for banks. Indeed, because the penalty assessed under a DPA is supposed to be the same as would be awarded following a plea of guilty following a prosecution, the DPA’s sentencing regime does not seem to afford cooperating companies any financial advantage or incentive.

The SFO’s joint head of bribery and corruption, Ben Morgan, agreed with this in a magazine interview,35 pointing to what he saw as the non-financial incentives of speed, lower costs and reputation. Companies will also be concerned by how quickly the judge decided that Standard Bank’s actions merited high culpability, in a case involving only the corporate offence and not active bribery. Indeed, his initial view was more stringent than the SFO, which recommended only medium culpability, at the high end of the range. The wrongdoing in this case may have been more apparent than in many other cases, so future breaches of the corporate offence may receive a lower level of culpability. But companies considering reporting or accepting active involvement in bribery, not just a breach of the corporate offence, should be aware that the starting point will be high culpability, and probably the high end thereof – if, that is, a DPA is even available to them.

We discuss this in the next section. Continued on page 16 33. Id. at ¶ 57. 34. It may be argued that assessing a fine, and compensation, and confiscation, is unfair triple-dipping. However, that is embedded in the relevant statutory schemes, so is clearly the will of Parliament. 35. See Rahul Rose, “Asking US about foreign bribery fines is the ‘new norm’, SFO corruption head says,” Global Investigations Review (Dec.

3, 2015), http://globalinvestigationsreview.com/article/4705/asking-us-foreign-bribery-fines-new-norm-sfo-corruption-head-says. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 15 C. 16 Eligibility for a DPA This case provides the first answer to the important question: what must a company do to get a DPA? Part of the answer lies in a company’s power: self-report and show exemplary cooperation. But the remaining requirements may not be so simple, as they appear to depend on the offence that was committed in the first place. 1. Seriousness of the offence A key part of the DPA regime is that while it is for the prosecutor to decide whether to negotiate a DPA with a defendant, it is for the court to decide whether to approve a DPA, having reviewed the prosecutor’s application. The prosecution must explain why entering into the DPA would be in the “interests of justice,”36 and the court must make a declaration that entering the DPA would indeed be in the interests of justice.37 The prosecutors themselves must consider whether entering a DPA would be in the “public interest.”38 The tests may be subtly different. In its application in this case, the SFO presented the judge with a number of factors. In considering these factors and setting out the interests of justice test, the judge stated: “The first consideration must be the seriousness of the conduct for the more serious the offence, the more likely it is that prosecution will be required in the public interest and the less likely it is that the a DPA will be in the interests of justice.”39 Applying this principle to the facts, the judge made much of the fact that the evidence did “not demonstrate with the appropriate cogency that anyone within Standard Bank knew that two senior executives of Stanbic intended the payment to constitute a bribe, or so intended it themselves.”40 This is fortunate for Standard Bank, but it creates an unpleasant prospect for companies accused of an active bribery offence, especially where executives of the company did have such knowledge.

Are DPAs available to them? Similarly, this case concerned a single isolated incident. In the United States, alleged multiple bribery violations by a number of subsidiaries at a corporate group Continued on page 17 36. See Criminal Procedure Rules 2015, 11.3(3)(i)(i). 37. See Crime and Courts Act 2013, Schedule 17, §§ 8(3) and 7(2). 38. See DPA Code, ¶ 1.2(ii). 39. See Preliminary Judgment, ¶ 25 (emphasis added). 40. Id. at ¶ 26. www.debevoise.com .

FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 16 17 are not necessarily an impediment to a DPA.41 But given the facts of this case, and the judge’s stance, one has to wonder if a company accused of multiple acts of bribery over a number of years could ever receive a DPA in the United Kingdom. These questions remain unanswered for now. The judge’s opinion means that where the offences are serious, at a high level, widespread, or repeated, it may be an uphill task to convince the court that a DPA is in the interests of justice. As prosecutors will not want their proposed DPAs rejected by the court, they too will need convincing. “The judge’s opinion means that where the offences are serious, at a high level, widespread, or repeated, it may be an uphill task to convince the court that a DPA is in the interests of justice.” 2. Cooperation There is nothing companies can do to change the past. But once they uncover issues, their actions are in their own hands.

And if they want DPAs as a means of resolving a matter involving legally prohibited conduct, it is clear both from the DPA Code and from this case that they will need to take very seriously the task of cooperating with the prosecutors. Standard Bank’s cooperation was exemplary in this case, from start to finish. It self-reported almost immediately, before it had even begun fully to have investigated the matter. It coordinated the scope and nature of its own investigation with the SFO, provided a report and then cleared the field for the SFO to conduct its own investigation. The extent of the cooperation was described by the judge: Furthermore, co-operation includes identifying relevant witnesses, disclosing their accounts and the documents shown to them: see para.

2.8.2 (i) of the DPA Code of Practice. Where practicable it will involve making witnesses available for interview when requested. In this regard, Standard Bank fully cooperated with the SFO from the earliest possible date by, among other things, providing a summary of first accounts of interviewees, facilitating the interviews of current employees, providing timely and complete responses to requests for information and material and providing access to its document Continued on page 18 41. See, e.g., DOJ Press Rel.

No. 11-446, “Johnson and Johnson Agrees to Pay $21.4 Million Criminal Penalty to Resolve Foreign Corrupt Practices Act and Oil-for-Food Investigations” (Apr. 11, 2011), http://www.justice.gov/opa/pr/johnson-johnson-agrees-pay-214-millioncriminal-penalty-resolve-foreign-corrupt-practices-act. www.debevoise.com .

FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement 18 review platform. The Bank has agreed to continue to cooperate fully and truthfully with the SFO and any other agency or authority, domestic or foreign, as directed by the SFO, in any and all matters relating to the conduct which is the subject matter of the present DPA. Suffice to say, this selfreporting and cooperation militates very much in favour of finding that a DPA is likely to be in the interests of justice.42 Continued from page 17 This sets the bar high for other companies – but at least they now know what they need to do. There are a number of points of interest. First, the judge was silent about privilege.

This is significant because SFO officials have in recent years accused companies of standing behind unjustified claims of privilege, and have intimated that waivers might be necessary.43 The judge’s silence will keep this issue alive, although in one area of potential dispute his words may have some effect. One aspect of Standard Bank’s cooperation that he praised was the provision of a “summary of first accounts of interviewees”; much may depend on the precise meaning of the word “summary” but his words may indicate that the SFO will need to be content with summaries, rather than, as they have often asked for, the actual memoranda produced by company counsel as part of their investigation.44 There is also an interesting question as to the background to Standard Bank’s decision to self-report. The SFO and the court both accepted Standard Bank’s early self-report as a high point of cooperation.

However, as noted, Standard Bank first reported not to the SFO but, one week before, to SOCA. Under the UK’s Proceeds of Crime Act 2002, banks and other regulated companies have an affirmative obligation to report suspicions of money-laundering to SOCA/the NCA, through so-called Suspicious Activity Reports (“SARs”); failure to do so is in fact a criminal offence.45 Standard Bank’s self-report was thus likely driven, in no small part, by the affirmative reporting obligation that it was under in any event to raise the issues with SOCA/NCA.46 This point is not expressly dealt with in the judgment. Continued on page 19 42. See Preliminary Judgment, ¶ 30. 43. See, e.g.,the speech by Ben Morgan, Joint Head of Bribery and Corruption at the Serious Fraud Office, “Deferred Prosecution Agreements: What Do We Know So Far?” (July 1, 2014), http://www.sfo.gov.uk/about-us/our-views/other-speeches/speeches-2014/ben-morganspeech-to-uk-aerospace-and-defence-industry-seminar-.aspx. 44. See Morgan, note 34, supra; see also Preliminary Judgment, ¶ 30. 45. See Proceeds of Crime Act 2002, § 330. 46. SOCA/the NCA will inform the SFO of SARs that report suspicions of bribery, so it is foolish to make such a report to SOCA/the NCA without telling the SFO too. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 18 3. 19 The process The case has also given some interesting pointers to the process the SFO and the courts are expected to take. In particular, while DPAs require at least two hearings before the court – first private, later public – there will not necessarily be much time between them. In this case, the application ahead of the first hearing was lodged on 4 November; the second hearing took place on 30 November: less than four weeks between the two. It is clear that the SFO will not want to go to the court until it has prepared not just its proposal for a DPA, but also all of the DPA’s terms as well. III. Conclusion For better or worse, the Americanisation of law enforcement is continuing, at least so far as the United Kingdom is concerned.

Far-reaching anti-corruption laws, sentencing guidelines that require calculators, DPAs – all these American imports are forming a greater part of English law. This point was brought home all the more clearly by the judge, when he said that part of his “stepping back” exercise in assessing the penalty was not only to ask himself what would the DoJ do – but actually to ask them. The DoJ stated that the penalty he proposed was the same as what would have been imposed had the matter been dealt with in the United States, and “intimated” that they would close their own inquiry if it was resolved in the United Kingdom.47 This “useful check” of the US authorities’ thinking is sure to become a part of corporate sentencing from now on. Companies have often complained that they are treated inconsistently by authorities in different jurisdictions; that complaint may be answered, though not in a way they wanted. Also, it was not entirely the case that the US authorities dropped their interest in the matter: the US Securities and Exchange Commission reached an agreed civil penalty with Standard Bank of $4.2 million for failing to disclose the $6 million paid to EGMA to American investors participating in the private placement. Finally, in this article, we have tried to answer two questions that any company faced with a bribery or related problem will be asking itself.

First, is a DPA advisable? Second, is it even achievable? In trying to answer these questions, we must remember that this is just a single case and, which is worth repeating, that it is the first case to start grappling with what a DPA is or should be. At least one other DPA is said to be in the works as of this writing, and more are to follow – so there will be more data points over time. But some preliminary answers are emerging. Continued on page 20 47. See Preliminary Judgment, ¶ 58. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The United Kingdom’s First Deferred Prosecution Agreement Continued from page 19 20 Whether entering a DPA is advisable will obviously be a decision that will rely a great deal on the facts of any particular case. There may be little financial incentive to do so. But the SFO’s points about time, costs and reputation bear considering, particularly in situations in which a corporate offence, with its relatively low burden of proof, is to be charged. As to whether a DPA is advisable, much will – obviously – depend on the judge. Lord Justice Leveson, who it appears will remain active in this sphere for a while, has made clear that he considers that, taking the interests of justice into account, DPAs should be available only exceptionally, thus raising the question whether they would be available at all in cases of active corporate bribery (rather than the derivative corporate offence). Any such narrow conclusion would place an extraordinary, and unintended, limitation on the scope of UK DPAs.

Nonetheless, further judicial pronouncements are required before this question can be answered with any confidence. Karolos Seeger Matthew Getz Alex Parker Karolos Seeger is a partner, and Matthew Getz and Alex Parker are international counsel, in the London office. They are members of the Litigation Department and the White Collar Litigation Practice Group. The authors may be reached at kseeger@debevoise.com, mgetz@debevoise.com, and aparker@debevoise.com.

Full contact details for each author are available at www.debevoise.com. Continued on page 21 www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 21 The SEC’s Most-Recent Nudge to Self-Report: Will it Make a Difference? In recent months, senior leaders of the U.S. Department of Justice (“DOJ”) have garnered significant headlines by publicizing a renewed focus on prosecuting individuals for white-collar offenses, including under the FCPA. These efforts include various changes to departmental procedure and decision-making, as highlighted in the so-called “Yates Memorandum” announced by Deputy Attorney General Sally Quillian Yates on September 10, 2015.1 As we have written previously, the Yates Memorandum underscores a number of important factors for companies to consider in deciding whether to self-report possible wrongdoing to the DOJ.2 For companies also subject to oversight by the U.S. Securities and Exchange Commission (“SEC”), a recently announced change in policy has likewise attracted public attention and complicated further the already difficult decision of whether to self-report evidence of misconduct.

A few weeks ago, in remarks to the American Conference Institute’s annual conference on FCPA enforcement, SEC Director of Enforcement Andrew J. Ceresney stated that self-reporting – and not merely robust cooperation – will be a pre-requisite to the SEC’s agreeing to certain forms of leniency. In particular, he highlighted self-reporting in FCPA cases as a requirement for corporate entities to resolve matters through civil Deferred Prosecution Agreements (“DPAs”) and Non-Prosecution Agreements (“NPAs”), as opposed to other forms of resolution.3 This new policy raises challenging questions, both as to how the SEC will implement the policy and how the policy will affect companies’ decisions relating to self-reporting. Continued on page 22 1. See Mem.

of the Deputy Attorney General, “Individual Accountability for Corporate Wrongdoing” (U.S. DOJ Sept. 9, 2015), http://www. justice.gov/opa/speech/deputy-attorney-general-sally-quillian-yates-delivers-remarks-new-york-university-school.

See also Assistant Attorney General Leslie R. Caldwell Delivers Remarks at American Conference Institute’s 32nd Annual International Conference on the Foreign Corrupt Practices Act (Nov. 19, 2015), http://www.justice.gov/opa/speech/assistant-attorney-general-leslie-r-caldwell-speaksamerican-conference-institute-s-31st. 2. See Helen V.

Cantwell, Matthew E. Fishbein, Bruce E. Yannett, and David A.

O’Neil, “‘The “Yates Memorandum’: Has DOJ Really Changed Its Approach To White Collar Criminal Investigations and Individual Prosecutions?” (Sept. 15, 2015), http://www.debevoise.com/insights/ publications/2015/09/the-yates-memorandum-has-doj-really-changed. 3. Andrew J. Ceresney, “ACI’s 32nd FCPA Conference Keynote Address” (U.S.

SEC Nov. 17, 2015), http://www.sec.gov/news/speech/ceresneyfcpa-keynote-11-17-15.html. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The SEC’s Most-Recent Nudge to Self-Report: Will it Make a Difference? Continued from page 21 22 The SEC’s New Policy In announcing the new SEC policy, Director Ceresney observed that “[s]elf-reporting is critical to the success of the SEC’s cooperation program,” given that it allows misconduct to be identified “more quickly and reliably,” and, more generally, gives the agency “a significant head start on our investigations.”4 The agency therefore has provided an array of benefits to self-reporting entities, “from reduced charges and penalties, to deferred or non-prosecution agreements – known as DPAs and NPAs – in instances of outstanding cooperation, or in certain instances in which the violations are minimal, no charges.”5 Against this background, Ceresney said, “[i]f the Enforcement Division finds the violation through its own investigation or from a whistleblower, the consequences to the company will be worse and the opportunity to earn additional cooperation credit may well be lost.”6 Announcing the SEC’s new policy, he then added that “the Enforcement Division has determined that going forward, a company must self-report misconduct in order to be eligible for the Division to recommend a DPA or NPA to the Commission in an FCPA case.”7 Ceresney noted that “self-reporting is not enough,” and whether the agency will take the “extraordinary” step of entering into a DPA or NPA will depend on a range of factors, including self-policing, remediation, and cooperation.8 How the SEC’s New Approach to Self-Reporting Differs From the DOJ’s The SEC’s new policy contrasts with the manner in which, at least publicly, the DOJ has indicated it will be approaching cases in a similar posture to those at the SEC. While continually emphasizing how self-reporting can assist a company as the Department considers whether to bring charges, the DOJ has never suggested that self-reporting is a pre-requisite to a criminal law DPA or NPA. And many such resolutions in recent years have been concluded without self-reporting, as that term is generally understood.9 While self-reporting has for many years been an important factor in the DOJ’s determination to decline to prosecute certain companies, Continued on page 23 4. Id. 5. Id. 6. Id. 7. Id. 8. Id. 9. For example, in the past five years, at least twenty-five companies have reached Deferred Prosecution Agreements with the DOJ in FCPA matters. Only six of these cases (AGA Medical, Diebold, Johnson & Johnson, Maxwell Technologies, Orthofix, and Tyson Foods) occurred in cases initiated by a voluntary disclosure.

Nineteen settlements (AGCO, Bilfinger SE, Biomet, Data Systems & Solutions, Dallas Airmotive, Inc., Eni S.p.A./Snamprogetti, Fiat, Flowserve Pompes SAS, JGC Corp., Marubeni Corporation (2014), Novo Nordisk A/S, Parker Drilling Company, Shell, Smith & Nephew, Technip S.A., Total S.A., TransOcean, Volvo AB, and Willbros Group) occurred in cases where there had been no initial voluntary disclosure. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The SEC’s Most-Recent Nudge to Self-Report: Will it Make a Difference? Continued from page 22 23 not all DOJ declination cases have resulted from self-reporting.10 And the Yates Memorandum, while placing a premium on robust cooperation with respect to the prosecution of individuals, is noticeably silent on how self-reporting is affected by its new provisions, which, absent further guidance, suggests that self-reporting will continue to play the “one-of-many-factors” role that it plays now in DOJ-led FCPA enforcement and charging decisions. “This difference in how the two U.S. agencies charged with enforcing the FCPA address decisions whether to enter into DPAs and NPAs may be driven in part by the different enforcement tools available to each agency. For example, even in adjudicated cases, SEC dispositions do not give rise to the same potentially severe collateral consequences as a criminal conviction.” This difference in how the two U.S. agencies charged with enforcing the FCPA address decisions whether to enter into DPAs and NPAs may be driven in part by the different enforcement tools available to each agency.

For example, even in adjudicated cases, SEC dispositions do not give rise to the same potentially severe collateral consequences as a criminal conviction. The desire to take all steps possible to avoid a criminal conviction may be a significant incentive in and of itself to selfreport to the DOJ, given that any possible factor could lead to a decision not to bring charges, depending on the facts. And if the DOJ does not need expressly to condition the availability of a non-conviction resolution (such as a DPA or NPA) on a company’s self-reporting to sufficiently incentivize companies to self-report misconduct, the Department can avoid, to that extent, claims that it improperly coerces companies to self-report. Whatever the motive for and rationale behind the SEC’s new policy, it remains to be seen whether it will actually result in a raft of new self-reporting to the agency. Given the ever-present risk that self-reporting to the SEC will lead to a parallel DOJ investigation, companies seeking an SEC DPA or NPA will still need to contend with the risk of criminal law enforcement.

Of course, where the SEC agrees to a DPA or Continued on page 24 10. For example, of 35 DOJ declinations in FCPA cases that have been made public between January 2012 and June 2015, 17 (3M Company, Agilent Technologies, DynCorp, Grifols S.A., Huntsman International, Image Sensing Systems, Inc., Koninklijke Philips Electronics NV, Layne Christensen Co., Morgan Stanley, Owens-Illinois Group, PetroTiger, Raytheon, Sensata Technologies, Stryker Corporation, W.W. Grainger, LyondellBasell Industries NV, and SL Industries, Inc.) followed voluntary disclosure while 18 (Academi/Blackwater, Allianz, Allied Defense Group, Baxter International, Dialogic, Inc., Deere & Company, EHRC Energy, Eli Lilly, Hercules Offshore, Medtronic, Merck, Nabors Industries, News Corporation Schlumberger N.V., Twenty-First Century Fox, Inc., Wynn Resorts, and Zimmer Holdings ) followed a DOJ or SEC-initiated investigation. www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The SEC’s Most-Recent Nudge to Self-Report: Will it Make a Difference? Continued from page 23 24 NPA, one might reasonably expect the DOJ would be less likely to pursue a more aggressive enforcement posture, i.e., actively prosecuting FCPA criminal charges in situations in which the SEC would choose to resolve an FCPA matter through a DPA or an NPA. Still, for the SEC’s new policy to succeed, there will need to be a substantial showing by the agency that self-reporting is likely to lead to the most favorable forms of disposition before both agencies. Indeed, if both a civil DPA and NPA are truly unavailable in the absence of selfreporting, the SEC policy could backfire in the sense that it creates a potential incentive to cooperate less, not more, in a case in which the SEC opens an investigation after learning of a matter through channels other than self-reporting. Companies that might under prior policy have cooperated robustly, may see less point to doing so, let the statute of limitations run, and wait to see whether the SEC can prove its case with the evidence it obtains. This is especially true in light of the SEC’s statement that self-reporting is “not enough” to assure the SEC will be willing to resolve a matter by a DPA or NPA. Given all the factors that an issuer will need to consider when deciding whether to self-report, including the pressures and costs of being in a mode of robust cooperation with an ongoing government investigation, the notion that self-reporting is not enough to assure a DPA or NPA, let alone a declination, may persuade issuers to refrain from self-reporting. Yet in situations in which an issuer subject to SEC jurisdiction is confident that no case can be made that a criminal books and records or internal controls prosecution can be initiated, and no actionable FCPA primary bribery charge could be lodged by either agency, the SEC’s new policy may have meaningful bite and encourage self-reporting of civil books and records and internal controls issues that might not otherwise see the light of day.

While this scenario assumes a company can know with some confidence that the law’s requirements for proof beyond a reasonable doubt of intentional misconduct would not be met with respect to a criminal FCPA accounting provisions breach, self-reporting in such cases could be beneficial both to companies, which could buy down their risk of a more serious form of FCPA disposition, and the SEC, which is charged with civil FCPA enforcement with respect to issuers, control persons, and those who aid and abet them. Beyond these practical considerations lies the argument that the SEC’s new Continued on page 25 www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The SEC’s Most-Recent Nudge to Self-Report: Will it Make a Difference? Continued from page 24 25 policy is inappropriately coercive. It could also well be argued that only Congress or administrative agencies implementing regulations promulgated through formal notice-and-comment rule making have the authority to require self-reporting, as has been done for federal contractors under certain circumstances.11 But given the dynamics of FCPA enforcement, it may take a brave company indeed to put the new policy to the legal test. Conclusion The SEC’s new policy of conditioning the entry of a civil DPA or NPA on a self-report to the agency adds new complexity to an already complex decision for companies subject to the SEC’s jurisdiction over FCPA matters. Firms subject to both DOJ and SEC jurisdiction will be watching carefully to see how the SEC actually enforces the new policy. In this situation, as in so many in law enforcement, it will be important to see whether the law will truly reward companies that self-report. Paul R.

Berger Sean Hecker Andrew M. Levine Bruce E. Yannett Steven S.

Michaels Paul R. Berger is a partner in the Washington, DC office. Sean Hecker, Andrew M.

Levine and Bruce E. Yannett are partners, and Steven S. Michaels is a counsel, in the New York office. They are members of the Litigation Department and the White Collar Litigation Practice Group.

The authors may be reached at prberger@debevoise.com, shecker@debevoise.com, amlevine@debevoise.com, beyannett@debevoise.com and ssmichaels@debevoise.com. Full contact details for each author are available at www.debevoise.com. Continued on page 26 11. 73 Fed. Reg. 67,064 (Nov.

12, 2008), codified at 48 C.F.R. Parts 2, 3, 9, 42, 52 (2015). www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 26 The FCA Imposes £72 Million Financial Penalty on Barclays for Financial Crime Failings On November 25, 2015, the Financial Conduct Authority (the “FCA”) issued a Final Notice imposing a financial penalty on Barclays Bank plc (“Barclays”) of £72,069,400, comprising disgorgement of £52,300,000 and a penalty of £19,769,400. Other than the amount of the fine, the case is noteworthy because there was no allegation or finding of criminality by the FCA on the part of Barclays or its clients. The FCA imposed the penalty on the basis that Barclays had breached Principle 2 of the FCA’s Principles for Businesses – “[a] firm must conduct its business with due skill, care and diligence” – because it had failed to implement adequate money laundering checks and controls in relation to a high value transaction. This is the largest fine for financial crime failings ever imposed by the FCA or its predecessor (the Financial Services Authority). It serves to indicate the seriousness with which the FCA is treating senior management failings to properly implement internal compliance procedures.

Although this particular action related to money-laundering prevention, and is therefore most relevant for in-house legal staff and compliance professionals, the broad authority of the FCA to investigate financial firms’ conduct means it is also noteworthy in other contexts, including anti-bribery compliance. Background Barclays was retained by a number of ultra-high net worth politically exposed persons on a structured finance transaction worth £1.88 billion, arranged and executed between May 23, 2011 and November 24, 2014. The transaction, described within Barclays as an “elephant deal” due to its size, comprised investments in notes backed by underlying warrants and third party bonds and involved a number of companies across multiple jurisdictions and the use of a trust structure. Inadequate Enhanced Customer Due Diligence Pursuant to the Money Laundering Regulations 2007 (the “Regulations”), UK firms are required to undertake a number of customer due diligence measures as a matter of course on any transaction. The Regulations require that, when a client is classified as a “politically exposed person,” enhanced customer due diligence is undertaken by the retained entity to mitigate the attendant increased risks of financial crime. Continued on page 27 www.debevoise.com .

FCPA Update December 2015 Volume 7 Number 5 The FCA Imposes £72 Million Financial Penalty on Barclays for Financial Crime Failings Continued from page 26 27 In this case, Barclays had classified its clients as “Sensitive PEPs” in accordance with its own internal policies and the Regulations. Consequently, there was a greater level of risk of exposure to bribery or corruption in dealing with such clients. The FCA noted a number of other factors in relation to the risk associated with the transaction, including that: • he transaction was complex, of a significant size and involved multiple t jurisdictions; • arclays had experienced difficulties obtaining documentation and B information from the clients; • arclays had agreed to very onerous client confidentiality terms, including an B indemnity of up to £37.7 million payable to its clients if Barclays breached a confidentiality agreement; • uring the transaction, the clients had requested Barclays to make a payment d of several tens of millions of US dollars to a third party, a request that was later withdrawn; • arclays had agreed to extend a line of credit in the amount of up to 60% of B the value of assets involved in the transaction; • unds invested in the transaction were sent to Barclays in over 20 separate f transfers and the clients’ names did not appear on the transfer documentation; and • etters attesting to the source of the transaction funds were general in nature. l Taking such factors into account, the FCA found that the due diligence Barclays performed was inadequate and not proportionate to the potentially high risks of financial crime associated with its clients and the transaction. Senior Management Oversight and Approval Lacking The Regulations require senior management to have a sufficient understanding of any financial crime risks before approving a business relationship with clients. The FCA found that Barclays had “a lack of centralised co-ordination” of roles and responsibilities noting that “there was no consistent understanding among the senior managers” as to who would be approving the engagement and the nature of the approvals required. It also found that there was an overreliance by senior management on approvals from the legal and compliance functions when the ultimate responsibility lay with management to assess the financial crime risks. Continued on page 28 www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 The FCA Imposes £72 Million Financial Penalty on Barclays for Financial Crime Failings Continued from page 27 28 Further, Barclays management were found to have failed to sufficiently understand the risks and not complied with the bank’s own internal procedures, making what the FCA termed “inappropriate exceptions” for the clients in order to facilitate the business relationship. Insufficient Checks The FCA concluded that Barclays had failed to establish an adequate understanding of the purpose and intended nature of the clients’ investments in the transaction, having only obtained one oral explanation in relation to one of those investments. Furthermore, the bank was found to have overly relied on publicly available information as to the clients’ source of wealth and funds without confirming findings with the clients themselves and verifying them independently through documentation, internal checks and third party intelligence. “[The fine] serves to indicate the seriousness with which the FCA is treating senior management failings to properly implement internal compliance procedures.” Inadequate Monitoring and Record Keeping Barclays was deemed to have failed to conduct necessary, ongoing monitoring of the financial crime risks associated with the business relationship, arising from the politically exposed status of the clients. The FCA highlighted the fact that Barclays had only maintained hard copy, and not digital, records in respect of the enhanced due diligence on the transaction and was therefore unable to respond promptly to the FCA’s requests for information. This is the seventh penalty imposed on Barclays since 2009 by the FCA (and its predecessor), bringing the sum of total fines to nearly £500 million. This disciplinary history was considered to be an aggravating factor in the FCA’s calculation of the fine. Barclays qualified for a 30% discount on the pure financial penalty portion of the fine having agreed to settle at an early stage of the investigation. Continued on page 29 www.debevoise.com .

FCPA Update December 2015 Volume 7 Number 5 The FCA Imposes £72 Million Financial Penalty on Barclays for Financial Crime Failings Continued from page 28 29 Analysis The notice highlights the importance of ensuring that due care and attention is devoted, at all levels of a financial institution, to ensuring that internal money-laundering checks and procedures are properly implemented. The FCA continues to focus on the actions and attitude of senior management. It is evidently not enough for senior management to seek to rely on approvals from legal and compliance departments if insufficient steps have been taken by the organisation as a whole to ensure that adequate information about clients and their business has been obtained, irrespective of the potential value of that business. Karolos Seeger Alex Parker Karolos Seeger is a partner, and Alex Parker is an international counsel, in the London office. They are members of the Litigation Department and the White Collar Litigation Practice Group.

The authors may be reached at kseeger@debevoise.com and aparker@debevoise.com. Full contact details for each author are available at www.debevoise.com. The authors wish to thank trainee associates Hannah Bohm-Duchen and Mark McCloskey for their assistance. Continued on page 30 www.debevoise.com .

FCPA Update December 2015 Volume 7 Number 5 30 Property Alliance Group Ltd v. Royal Bank of Scotland Plc In a potentially helpful judgment for investigations lawyers, the High Court in London has recently confirmed, in Property Alliance Group Ltd v. Royal Bank of Scotland Plc,1 that legal advice privilege applies, under English law, to client-lawyer communications where such communications consist of memoranda summarising the status and coordination of regulatory investigations. This case, like all privilege disputes, turned very much on its particular facts.

The decision should, however, provide some assurance to clients and practitioners alike that confidential, lawyerproduced memoranda, containing summaries of meetings on regulatory issues, can properly be considered privileged so long as such documents form part of a broader continuum of communications in which legal advice is being provided. The privilege issue arose in underlying commercial litigation due for trial in May 2016 related to the LIBOR manipulation issues affecting the banking industry. In this case, the Property Alliance Group (“PAG”), a UK developer, has alleged that Royal Bank of Scotland (“RBS”) induced it, through implied misrepresentations occurring between 2004 and 2008, to enter into four interest rate swap agreements tied to the three-month GBP LIBOR rate. RBS has denied any misconduct in relation to the setting of any GBP LIBOR rates. In order to deal with the ongoing investigations by regulators in a number of jurisdictions, RBS formed an Executive Steering Group (“ESG”) to liaise with a number of specialist legal advisers. Extensive disclosure was ordered in the course of the underlying litigation. An issue arose as to whether certain memoranda produced by RBS’s external lawyers in the course of the broader LIBOR-related regulatory issues and involving the ESG (the “ESG Documents”) should be made available for inspection by PAG.

In practice under English procedure, if documents were to be available for inspection, copies could be obtained by PAG and deployed at the main trial, with the potential for those documents to become a matter of public record. The ESG Documents fell into two categories: (1) confidential memoranda in table form in which RBS’s main legal advisers “informed and updated” the bank on the progress, status and issues arising in the LIBOR investigations; and (2) confidential notes/summaries also prepared by RBS’s main legal advisers concerning discussions between ESG and its external lawyers. Such was the contention surrounding the status of the ESG Documents that the presiding judge appointed another judge, Continued on page 31 1. [2015] EWHC 3187 (Ch). www.debevoise.com . FCPA Update December 2015 Volume 7 Number 5 Property Alliance Group Ltd v. Royal Bank of Scotland Plc Continued from page 30 31 Mr. Justice Snowden, to determine the issue. One reason for this was that Snowden J. was himself able to view the ESG Documents without fear of undermining the underlying trial proceedings. Snowden J. considered a number of factors in determining that the ESG Documents were privileged, including: • he law firm which had authored all of the ESG Documents had specifically T been retained to advise RBS on LIBOR-related issues and was present at the ESG meetings. • he ESG Documents were drafted in order to be presented and discussed T at the ESG meetings, or to summarize a previous meeting, and informed and updated the ESG as to the progress, status and issues arising out of the ongoing regulatory investigations into LIBOR. • The ESG Documents were designed to help the ESG direct RBS’s strategy, including decisions as to areas in which legal advice was required. Considering and applying the leading English case law on legal advice privilege, Snowden J.

cited the principle that “legal advice is not confined to telling the client the law; it must include advice as to what should prudently and sensibly be done in the relevant legal context” and referred to the “continuum of communication and meetings between the solicitor and client . . .

[w]here information is passed . . .

to the other as part of the continuum aimed at keeping both informed so that advice may be sought and given.”2 Snowden J. referred also to the English court’s previous finding that “all communications between a solicitor and his client relating to a transaction in which the solicitor has been instructed for the purpose of obtaining legal advice will be privileged . .

. provided that they are directly related to the performance by the solicitor of his professional duty as legal adviser of his client.”3 Applying these general principles to the facts, Snowden J. held that: • BS had engaged the lawyers who had authored the ESG Documents in R “a relevant legal context” to provide advice and assistance which undoubtedly “related to the rights, liabilities and obligations of RBS, and the remedies that might be granted against it.”4 Continued on page 32 2. See Balabel v.

Air India [1988] Ch 317, page 330D-G. See also Property Alliance Group Ltd v. Royal Bank of Scotland Plc [2015] EWHC 3187 (Ch), ¶¶ 19 – 25. 3. See Three Rivers District Council v.

Bank of England (No. 6) [2004] UKHL 48, [2005] 1 ac 610, ¶ 111. See also Property Alliance Group Ltd v Royal Bank of Scotland Plc [2015] EWHC 3187 (Ch), ¶ 23. 4. See Property Alliance Group Ltd v Royal Bank of Scotland Plc [2015] EWHC 3187 (Ch), ¶ 27. www.debevoise.com .

FCPA Update December 2015 Volume 7 Number 5 Property Alliance Group Ltd v. Royal Bank of Scotland Plc Continued from page 31 32 • he ESG documents “form[ed] part of a continuum of communication and T meetings . . . where information is passed .

. . so that advice may be .

. . given.”5 • he ESG Documents were produced as “an integral part of [RBS’ external T lawyers] provision of legal advice and assistance to the ESG” rather than “as a simple matter of administrative convenience.”6 As a matter of broader policy Snowden J.

also held that: “There is a clear public interest in regulatory investigations being conducted efficiently and in accordance with the law … lawyers must be able to give their client candid factual briefings as well as legal advice, secure in the knowledge that any such communications and any record of their discussions and the decisions taken will not subsequently be disclosed without the client’s consent.”7 In an era in which UK regulators and prosecutors have indicated that they may be open to challenging in court privilege claims by subjects of their investigations, it is both timely and helpful to have this confirmation of the position in relation to legal advice privilege. Karolos Seeger Alex Parker Karolos Seeger is a partner, and Alex Parker is an international counsel, in the London office. They are members of the Litigation Department and the White Collar Litigation Practice Group. The authors may be reached at kseeger@debevoise.com and aparker@debevoise.com.

Full contact details for each author are available at www.debevoise.com. The authors wish to thank trainee associates Hannah Bohm-Duchen and Mark McCloskey for their assistance. 5. Id. at ¶ 29. 6. Id.

at ¶ 42. 7. Id. at ¶ 45. www.debevoise.com . FCPA Update FCPA Update is a publication of Debevoise & Plimpton LLP 919 Third Avenue New York, New York 10022 +1 212 909 6000 www.debevoise.com Washington, D.C. +1 202 383 8000 London +44 20 7786 9000 Paris +33 1 40 73 12 12 Frankfurt +49 69 2097 5000 Moscow +7 495 956 3858 Hong Kong +852 2160 9800 Shanghai +86 21 5047 1800 www.debevoise.com Paul R. Berger Co‑Editor‑in‑Chief +1 202 383 8090 prberger@debevoise.com Bruce E. Yannett Co‑Editor‑in‑Chief +1 212 909 6495 beyannett@debevoise.com Sean Hecker Co‑Editor‑in‑Chief +1 212 909 6052 shecker@debevoise.com Karolos Seeger Co‑Editor‑in‑Chief +44 20 7786 9042 kseeger@debevoise.com Andrew M. Levine Co‑Editor‑in‑Chief +1 212 909 6069 amlevine@debevoise.com David A.

O’Neil Co‑Editor‑in‑Chief +1 202 383 8040 daoneil@debevoise.com Steven S. Michaels Executive Editor +1 212 909 7265 ssmichaels@debevoise.com Matthew Getz Co‑Managing Editor +44 20 7588 4180 mgetz@debevoise.com Erich O. Grosz Co‑Managing Editor +1 212 909 6808 eogrosz@debevoise.com Philip Rohlik Co‑Managing Editor +852 2160 9856 prohlik@debevoise.com Jane Shvets Deputy Managing Editor +1 212 909 6573 jshvets@debevoise.com Ashley Fillmore Assistant Editor +1 212 909 6137 afillmore@debevoise.com Please address inquiries regarding topics covered in  this publication to the editors. All content (c) 2015 Debevoise & Plimpton LLP.

All rights reserved. The articles appearing in this publication provide summary information only and are not intended as legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein. Any discussion of U.S. federal tax law contained in these articles was not intended or written to be used, and it cannot be used by any taxpayer, for the purpose of avoiding penalties that may be imposed on the taxpayer under U.S.

federal tax law. Please note: The URLs in FCPA Update are provided with hyperlinks so as to enable readers to gain easy access to cited materials. .