Kickback Training – What It Doesn’t Cover

Refusing kickback

One individual puts up hand to stop money being handed by another person.

Effective training prepares contractors and providers to recognize more than kickbacks. The example below reveals that not all kickback violations are intuitively obvious. What seems a clear violation to those familiar with anti-kickback and false claims statutes, may seem just a straightforward business arrangement to someone unfamiliar with them. After all, what is wrong when providers perform the activities for which they are reimbursed, no one lies, and no false documents are created? Read More Continue Reading

Criminal Finances Act 2017 – New Corporate Offences of Failing to Prevent Facilitation of Tax Evasion

The United Kingdom’s National Risk Assessment of money laundering and terrorist financing in October 2015 identified three priority risks faced by the UK and concluded that a more robust enforcement response is required. These changes were to be underpinned by a partnership between the government and the private sector to effect a significant change in the law.

In April 2016, the UK government published its action plan on anti-money laundering and counter-terrorist finance, setting out the steps to address such risks and resulting in the commissioning of the Criminal Finances Act 2017 (the “Act”), which received royal assent on 27 April 2017. The Act will come into force on 30 September 2017.

The Act is intended to strengthen the UK government’s ability to confiscate the proceeds of crime; to improve the international reach of enforcement; and to extend the applicability of enforcement to also cover investigations under the Terrorism Act 2000. The Act will bring about the most significant changes to the anti-money laundering and terrorist finance regime in the UK since enactment of the Proceeds of Crime Act 2012.

We previously published an article on a widely anticipated new offence of corporate failure to prevent economic crime (which offence would have incorporated the failure to prevent fraud, money laundering and false accounting), but the Act has not included this offence.   However, the Act does include two new corporate criminal offences for the failure to prevent the facilitation of tax evasion, whether in the UK (Section 45) or abroad (Section 46).   The Act also includes provisions relating to:

  1. The seizure and forfeiture of the proceeds of crime stored in UK assets, extending the current law to include value stored in bank accounts and high-value property.
  2. “Unexplained Wealth Orders”—increased powers to require those suspected of corruption to explain the source of their funding. In order to obtain an unexplained wealth order, the value of the unexplained funds must exceed £100,000 in value and the court must be satisfied that there are reasonable grounds for suspecting that funds have been unlawfully obtained.
  3. The sharing of information between regulated companies when requested from each other or when the National Crime Agency requests that information be shared.
  4. An extension of the current moratorium period in which Suspicious Activity Reports can be investigated.
  5. Two new corporate offences of the failure to prevent facilitation of tax evasion.
  6. Disclosure Orders for money laundering investigations, extending the powers already in existence for corruption and fraud investigations.
  7. Combating the financing of terrorism so that the existing legal regime for investigations into criminal finance can also apply to investigations relating to offences under the Terrorism Act 2000.

The UK government has issued draft guidance on the new corporate offences for the failure to prevent tax evasion, and the guidance confirms the government’s belief that a “relevant body” should be criminally liable when it fails to prevent those who act for it, or on its behalf, from criminally facilitating tax evasion. The guidance defines a ”relevant body” as an incorporated body (typically a company) or partnership; ”relevant body” does not include natural persons, i.e., individuals (as opposed to legal persons, which include entities).

The new offences will be committed when a relevant organisation fails to prevent an associated person from criminally facilitating the evasion of a tax, whether the tax evaded is owed in the UK or in a foreign country. The guidance is similar to the guidance to the UK Bribery Act 2010 (“Bribery Act”), which sets out six key principles that organisations should adopt, including the following:

  1. Risk assessment;
  2. Proportionality of risk-based prevention procedures;
  3. Top level commitment: Tone from the top;
  4. Due diligence;
  5. Communication (including training); and
  6. Monitoring and review.

Organisations should start to consider now whether they have reasonable procedures in place to prevent someone acting for them (or on their behalf) from facilitating tax evasion in the UK or in a foreign country.

A “prevention procedures” defence is available to corporate bodies, similar to the “adequate procedures” defence that is available under the Bribery Act. For a corporate body to avail itself of the “prevention procedures” defence under the Act, it must prove that it had “such prevention procedures as it was reasonable in all the circumstances to expect… or [that] it was not reasonable in all the circumstances to expect [the company] to have any.”

Some businesses will not be required to put in place prevention procedures where it is considered unreasonable to do so. For smaller businesses and certain low risk industries, the guidance sets out minimal steps that should be taken nevertheless, including the release of a statement from the board proscribing the illegal activities, training of staff, and implementation of clear reporting and whistleblowing procedures.

If you are unclear on the steps that your business should take, or if you would like us to help you review or design prevention procedures, please contact a member of our team.

Changes to Whistleblowing Regulation under French Data Protection Law

In June 2017 the French data protection authority, the CNIL, published a revised norm for reporting systems ( “AU-004”) that will permit the implementation of the changes recently  introduced by the new French Anti-corruption Law “Sapin II” (as set out in our previous article “New French Anti-corruption Law Sapin II”).

To read more about the change to the French data protection regulation.

Cell Phone Warrant – Issues in Split Decision

Agents Executing CellPhone Warrant

Riley v. California sparks disagreement about a cellphone warrant in United States v. Griffith, No. 13-3061, 2017 U.S. App. LEXIS 15636 (D.C. Cir., Aug. 18, 2017). In Riley, the Supreme Court requires a warrant to search a cellphone found incident to arrest. Issues in Griffith include requirements for a cellphone warrant in a suspect’s home, whether a phone can be searched after execution of a cellphone warrant, the good faith exception to the exclusionary rule, and personal liability for police.

These issues summarized below are discussed in more detail in our article in Law360 (available by subscription here). We predict more litigation about this warrant because the dissent explicitly hopes the Circuit en banc or the Supreme Court will intervene “to cure today’s grievous error.” Read more. Continue Reading

Summary of U.S. Department of Justice’s Guidance, “Evaluation of Corporate Compliance Programs”

Summary of Compliance Guideline

The Criminal Division’s Fraud Section of the U.S. Department of Justice (the “DOJ”) has released guidance on how the DOJ will determine the effectiveness of a company’s corporate compliance program.  The guidance, entitled Evaluation of Corporate Compliance Programs[1] (the “Compliance Guideline”), provides examples of topics and sample questions that are frequently used by the DOJ in the evaluation of a corporate compliance program.

While the topics and questions are not new, the Compliance Guideline does reinforce the message that the DOJ’s focus is on the concrete steps a company’s leadership takes to foster a corporate culture of compliance.  The Justice Department’s Compliance Counsel, Hui Chen, emphasized the difference between a “paper program” and a “real program.”  “The answers are not in the glossy diagrams of a company’s ‘core values’ or their training slides; rather, they are in what happens in real life, in the smallest details that manifest themselves in the company’s daily operations.”[2]

The Compliance Guidelines provide useful insights for compliance professionals on what to expect in the event of a DOJ investigation and furthermore provide a framework to assess a company’s compliance program, strengthen existing polices, and identify areas that need improvement.  While the DOJ does not use an established formula in assessing the effectiveness of corporate compliance programs, the Compliance Guideline does provide transparency into factors the DOJ will take into consideration when evaluating the adequacy of a company’s compliance program.  The DOJ is careful to note that the Compliance Guideline is not a checklist or a formula and that many of the topics are found in the United States Attorney’s Manual, the United States Sentencing Guidelines, the Fraud Section corporate resolution agreements, the DOJ and Security and Exchange Commission’s A Resource Guide to the U.S. Foreign Corrupt Practices Act, the Organization for Economic Co-operation and Development Council’s Good Practice Guidance on Internal Controls, Ethics, and Compliance, the United Nations Office on Drugs and Crime, and the World Bank.

Topics and Questions – What the DOJ Will Look to When Evaluating a Compliance Program

The Compliance Guideline sets forth eleven topics and questions investigators may ask when evaluating the adequacy of a compliance program.  These are factors prosecutors will take into consideration when conducting an investigation of a corporate entity, determining whether to bring charges, and negotiating plea or other agreements.  Companies should use these topics and questions to serve as best practices to measure corporate compliance programs and further refine existing programs

  1. Analysis and Remediation of Underlying Misconduct

During the course of an investigation, the DOJ will look through audit reports, complaints, and prior investigations of similar misconduct for any missed prior opportunities to detect the misconduct.  Companies must ensure there are no system vulnerabilities or accountability lapses in detecting issues.  Similarly, companies should have a system in place to expose vulnerabilities and implement corrective measures to reduce the risk of repeat misconduct.

  1. Senior and Middle Management

The Compliance Guideline reiterates that compliance starts at the top and the DOJ will look to whether management properly sets the tone for the company.  The onus will be on senior management, through words or actions, to foster and encourage an ethical culture.  Not only should leadership take concrete actions in the company’s compliance and remediation efforts, management at all levels must model appropriate behavior to employees.  Further, management has a responsibility to ensure appropriate information is shared among different components of the company – including the board of directors.  The board and senior management will need to examine pertinent information in their exercise of oversight, have access to compliance expertise, and the board and external auditors should be holding regular sessions with compliance and control functions.

  1. Autonomy and Resources

Whether a company’s compliance department is internal or functions are outsourced to an external firm, investigators will be inspecting to determine whether the compliance department is autonomous and can remain objective from the rest of the company.  A company will want to make sure compliance personnel are independent, have the appropriate experience and qualifications for their role and responsibilities, maintain a level of stature that is comparable to other departments within the company, have access to key decision-makers such as the board of directors, are evaluated by appropriate senior management, have a low turnover rate, and play a role in the company’s strategic and operational decisions.  Compliance and control personnel must be empowered to identify, escalate, and address problems.

  1. Policies and Procedures

It’s not enough to merely have compliance policies and procedures in place, the DOJ will be looking at a company’s process for designing and implementing the policies and procedures, the company’s ability to evaluate the usefulness of policies and procedures, and whether the departments or functions have ownership of and are held accountable for their oversight.  In examining the compliance policies and procedures, the DOJ will examine whether there has been clear guidance and training for the key gatekeepers (e.g., the persons who issue payments or review approvals) in the control processes.  The gatekeepers must be aware of the process in order to properly raise concerns.  Further, the policies and procedures must be adequately disseminated and accessible to all employees.

Compliance personnel will need to be responsible for operational integration of the policies and procedures, consult with the appropriate officers or business segments, and roll out the policies and procedures while making sure employees fully understand them.  So as to avoid future misconduct, the company must have controls in place to detect and prevent the misconduct, restrict or rigidly control access to funding to prevent abuse, and have a process in place to manage outside vendors.  Employees in each department with approval authority or certification responsibilities will need to know what to look for, and when and how to escalate concerns.

  1. Risk Assessment

There needs to be a methodology to identify, analyze and address risks for misconduct within the company.  The DOJ will examine the type of information or metrics a company has collected to detect misconduct and how that information or metric is being used to inform the company’s compliance program of possible as well as manifested risks.

  1. Training and Communications

The DOJ will focus on the type of training provided to employees who work in high-risk and control positions.  Corporations must ensure: (1) employees in relevant control functions are receiving adequate and effective training; (2) high-risk and control employees are receiving tailored training that addresses the risks in the area where a misconduct may occur; and (3) appropriate analysis is undertaken of which employees should be trained and on what subjects.

In addition to identifying the employees that must receive appropriate training, companies will want to ensure the training is effectively communicated.  The DOJ will look to whether the format of the training (i.e. web-based, in-person seminar, interactive, etc.) and the language that training was conducted in is appropriate for the intended audience.  Further, the DOJ will examine whether the company has measured the effectiveness of training that is given.

Leadership will need to communicate to employees the company’s position on any misconduct that has occurred, including when an employee is terminated for failure to comply with a company’s policies and procedures.  Further, companies must ensure employees have adequate access to resources that provide guidance on compliance policies and procedures.

  1. Confidential Reporting and Investigation

The DOJ will look to whether the company has implemented an effective and confidential reporting mechanism, including the ability to evaluate the risk level or seriousness of reports.  Once a report comes in, the company must timely respond to the complaint, adequately analyze and identify the misconduct, and determine the persons involved.  If an investigation is warranted, it must be remain independent, properly scoped and documented, and if appropriate, involve all levels of senior leadership up to the board of directors.  In response to the investigation, remediation must be appropriate in light of the investigation findings.

  1. Incentives and Disciplinary Measures

It is imperative for a company to implement appropriate disciplinary measures upon identifying misconduct.  All individuals involved in the misconduct must take accountability for their role, particularly employees that have a management role in the company.  Disciplinary actions must be fair and consistent for all employment levels.

In addition to disciplining misconduct, a company should have a process in place to incentivize good behavior.  The DOJ will look for concrete examples of incentives for compliance and ethical behavior such as promotions and rewards.

  1. Continuous Improvement, Periodic Testing and Review

A well-rounded compliance program will need to undergo periodic review and auditing to test controls and identify system vulnerabilities.  Investigators will examine the types of audits or control testing a company conducts on their compliance programs, audit findings, whether remediation progress is reported to management and the board on a regular basis, how management and the board follow-up on those reports, and how often internal audits are conducted in high-risk areas.  Additionally, compliance policies, procedures, and practices will need to be periodically reviewed and risk assessments will need to be continuously updated.

  1. Third-Party Management

When relying on third parties outside of a company’s control, the company will want to implement a risk-based process to manage those third parties.  The business rationale for using a third party will need to be appropriately documented, including payment terms and the work to be performed.   Due diligence on third parties must be conducted to identify red flags and the company will need a process to identify and monitor compliance issues, including methods of remediation such as suspension or termination of the third party relationship.

  1. Mergers and Acquisitions

Mergers and acquisitions must undergo a due diligence process to identify misconduct or the risk of misconduct.  The company will need a process for tracking and remediating misconduct or misconduct risks identified during the due diligence process.  Further, the company will need a process for implementing their compliance policies and procedures at the new entity.

[1] The U.S. Department of Justice Criminal Division’s Fraud Section publication of the Evaluation of Corporate Compliance Programs may be found here.

[2] Hui Chen, DOJ Compliance Expert, Interview on Corporate Compliance with Andrew Weissmann and Hui Chen (Feb. 2, 2016).

Exclusion from Healthcare Programs for a Misdemeanor?

Even a misdemeanor guilty plea can have far reaching ramifications in the healthcare industry. The Sixth Circuit recently upheld a decision of the Department of Health and Human Services (HHS) that a healthcare provider was subject to mandatory exclusion following a guilty plea to misdemeanor misbranding. As the court recognized, trial counsel had anticipated this possibility and warned the provider about potential exclusion.

Pharmacist Parrino consistently filled prescriptions for Pulmicort with a less potent amount of budesonide. He resolved the investigation by pleading guilty to introducing misbranded drugs into interstate commerce in violation of 21 U.S.C. §§ 331(a) and 352(a). Because misdemeanor misbranding is a strict liability crime, Parrino did not need to admit that he intended to prepare the medications incorrectly as part of the plea. HHS nevertheless decided its mandatory exclusion authority applied, excluded Parrino from federal healthcare programs for five years, and effectively ruined Parrino’s livelihood as a pharmacist during that time. Parrino appealed the decision by claiming that permissive (rather than mandatory) exclusion authority applied to misbranding. He also argued that HHS violated his fundamental right to property by acting arbitrarily when it excluded him for a strict liability offense that lacked intentional misconduct.

Disagreeing with a decision from the Fourth Circuit, the Sixth Circuit agreed with the Ninth, Tenth, and First Circuits that a healthcare provider has no “fundamental right to participate in federal health care programs.” The court reasoned that no property right is created when someone is allowed to become a provider to federal healthcare programs because the government makes “no clear promises” of entitlement to the provider and federal health care programs are not intended to benefit providers. Deciding that the type of exclusion was not crucial, the court held that HHS needed only a rational basis to justify excluding the pharmacist. Under this standard of review, the court readily upheld the rationality of excluding a pharmacist who filled sub-potent medications and wasted government funds.

In an instructive footnote, the court referred to Parrino’s attempt to withdraw his guilty plea based a claim of ineffective assistance of counsel when he learned that HHS planned to exclude him. On that issue, the court held that counsel was effective by providing sufficient notice of the possibility of exclusion, even though counsel predicted exclusion would considered under the permissive standard rather than the mandatory standard.

Major Changes on Whistleblowing in France

Whistle blower word cloud conceptFrom January 1, 2018, there will be an obligation on almost all employers to implement reporting/whistleblowing schemes.

France has historically been very reluctant to support workplace whistleblowing, especially anonymously. Whistleblowing schemes were effectively only authorized in 2005 to permit US companies to comply with their SOX obligations. Those regulations were very restrictive, limited to employees and only in relation to certain legal breaches.

However, since December 2016, we now have a law relating to “transparency, the fight against corruption and modernization of business life,” also known as “Sapin 2.” This has introduced a number of changes, including the obligation to implement whistleblowing schemes and anti-corruption compliance programs.

Definition of Whistleblower

Sapin 2 Law defines a whistleblower (in French “lanceur d’alerte”) as:

  • Any individual (i.e., not limited to employees)
  • Acting in good faith
  • Reporting or revealing a crime, a serious and manifest breach to an international treaty, a serious breach of a law or regulation, or a serious threat or harm to the public interest
  • Of which he or she has personal knowledge

Tiered Reporting

The whistleblower must:

  • First make his or her disclosure to a direct or indirect supervisor or another person appointed by the employer for this purpose
  • Only if this is not followed up with any action, then disclose to the relevant judicial or administrative authority, or to his or her professional adviser
  • And then as a last resort, the report may be made public, e.g., to the media

The disclosure may also be filed with the Defender of Rights (“Défenseur des droits”) and directed to the organization responsible for collecting them in the relevant industry sector.

Interfering with the making of a whistleblowing disclosure to the employer or to the courts is punishable by up to one year’s imprisonment and a €15,000 fine (€75,000 for corporates).

Mandatory Implementation of Reporting Schemes

The new law requires that:

  • As of January 1, 2018, companies with more than 50 employees must implement schemes that protect whistleblowers
  • Businesses with more than 500 employees (or that belong to a group whose parent company is in France and has more than 500 employees) and turnover of more than €100 million must implement internal reporting procedures for bribery and corruption as part of a more extensive compliance program
  • Companies providing financial services (as defined under the French Monetary and Financial code) must implement reporting schemes for breaches of EU or French financial market regulation, including the Financial Markets Authority

Principles Governing Reporting Schemes

  • Reporting schemes must protect the identity of the whistleblower, the identity of any person incriminated and the information collected. The disclosure of any of these details carries up to two years’ imprisonment and a €30,000 fine (€150,000 for corporations).
  • The organization shall appoint a person responsible for receiving whistleblowing reports (“référent”) who may be an employee or an external service provider.
  • The procedures used must be adequately publicized and should note that they are authorised by the CNIL.
  • The procedure shall specify how the whistleblower (i) may make his or her disclosure; (ii) provides supporting information or documents; and (iii) provides the necessary contact information to allow an exchange with the recipient.
  • The procedure must also specify how the organization will (i) provide certain information to the whistleblower and the incriminated person; (ii) guarantee strict confidentiality; and (iii) destroy information after a set period of time.

Breach of Secrecy by the Whistleblower

A whistleblower will not be liable for breaching a secrecy obligation by law provided that:

  • The disclosure is necessary and proportionate for the protection of the interests at stake, and
  • The reporting procedures provided by law are complied with

However, Sapin 2 does not allow a whistleblower to disclose information covered by doctor/patient or client/lawyer professional secrecy or national security.

No Retaliation

Whistleblowers are protected from retaliation in the hiring process, in terms of access to an internship or professional courses or in salary or otherwise. However, where the report is made in bad faith, the employee can:

  • Face disciplinary sanctions by the employer
  • Be held liable for “slanderous denunciation” punishable by up to five years’ imprisonment and a fine of up to € 45,000
  • Be subject to private individual or corporate claims for damages (damages to the public image, reputation, etc.)

Data Protection Issues

For a Sapin 2 procedure to be compliant with French data protection rules, the employer must obtain prior authorization from the CNIL. It can either:

  • Apply for an ad hoc authorization, which is time consuming and burdensome, or
  • Opt for self-certification to the CNIL, stating that the whistleblowing scheme conforms with the CNIL’s AU-004 rules

However, AU-004 does not currently actually permit total compliance with changes introduced by Sapin 2 with regard to the scope of permitted reporting and the people allowed to whistle blow. Changes to AU-004 are, therefore, expected before January 1, 2018. Some of these may evolve under the General Data Protection Regulation, which comes into effect on May 25, 2018.

Labor Law Issues

There are several preliminary steps that must be followed by a business implementing a whistleblowing scheme. These may include:

  • Prior information and consultation with the employees’ representatives and consultation with the Hygiene and Safety Committee (if any)
  • A possible modification of the “Règlement intérieur” (internal disciplinary rules). They need to be submitted to the Works Council and as the case may be, to the Health and Safety Committee, as well as to the Labor Inspectorate

Non-compliance could prevent the organization from taking disciplinary measures against employees based on the information collected through the scheme.

We can assist your organization with the implementation of whistleblowing schemes in France that will comply with this new regulation.

Applying Escobar — Decisions on Materiality, Falsity and Other Issues

June 16, 2017, marks the one-year anniversary of the precedent-setting U.S. Supreme Court decision in Universal Health Services v. United States ex rel. Escobar (Escobar), which approved the implied false certification theory as a basis for liability under the False Claims Act (FCA). Because the decision impacts every provider who supplies goods and services to the federal government, all eyes are on how the lower courts have applied the decision. On the anniversary of Escobar, Tom Zeno and Rebecca Worthington review recent FCA decisions on questions of materiality, falsity and other FCA concerns in an article for Bloomberg BNA Health Fraud Report.

Click here to read a summary and access the full-text of the article over on our Triage Health Law Blog.

Tabcorp fined $45 million

Gaming company Tabcorp has been fined $45 million for breaching anti-money laundering and anti-terrorism financing laws. The Federal Court found that Tabcorp broke the law on 108 occasions over five years.

The fine imposed by the Federal Court is the highest civil penalty in Australian corporate history.

The multi million dollar fine was handed down after a civil penalty proceedings was brought against Tabcorp by AUSTRAC, the Federal Government’s financial intelligence and regulatory agency. In July 2015, AUSTRAC filed papers in the Federal Court against the three Tabcorp group companies for extensive, significant and systemic noncompliance with Australia’s anti-money laundering and counter-terrorism financing legislation

AUSTRAC CEO Paul Jevtovic addressed the media in Sydney yesterday, where he said that it sends an unequivocal message to gaming companies:

“There can be no doubt that this was a serious failure in the corporate governance and the size of the penalty reflects a consistent and extensive noncompliance. Quite simply Tabcorp failed in its obligations. The noncompliance arises from a corporate culture that is indifferent to money laundering and terrorism financing requirements,” he added. Cultures such as this put the community at risk with crimes committed by organised crime groups and “serious criminals” and others who could divert their “criminal wealth” to the “black market” and fund other illegal activities such as drug trafficking. Tabcorp failed to give AUSTRAC reports about suspicious matters on time or at all. Tabcorp has admitted these suspicions related to unlawful activity including money laundering and credit card fraud and has admitted that it had insufficient processes for consistent management oversight, assurance and operational execution of the money laundering program.”

Notably,  money laundering, terrorism and financing function was at times “underresourced” in the organisation and senior managers did not receive regular reports on the issue.

In a statement, Tabcorp chief executive David Attenborough confirmed the $45 million settlement and said the company had cooperated with AUSTRAC.

Key points:

  • The $45 million penalty is believed to be the highest in Australian corporate history
  • The Federal Court found Tabcorp failed to alert regulators to reports of suspicious behaviour on 108 occasions over more than five years.
  • Tabcorp has admitted that the suspicions related to unlawful activity including money laundering and credit card fraud, which was not reported to the Australian Transaction Reports and Analysis Centre (AUSTRAC).
  • Justice Perram found that in one case, Tabcorp failed to alert authorities to a customer who collected $100,000 in winnings.

If you would like further information, please contact a member of our team.

Details of the Rolls-Royce DPA emerge

Last week, we published the details of the expected Deferred Prosecution Agreement (DPA) that was yet to be approved by the UK’s High Court on 17 January 2017.

The Serious Fraud Office (“SFO”) has since now confirmed, that the DPA was approved by Sir Brian Leveson, President of the Queen’s Bench Division, and the DPA, Statement of Facts and Judgment have now all been published. The DPA enables Rolls-Royce (Rolls-Royce Plc and Rolls-Royce Energy Systems Inc.) to account for criminal conduct spanning three decades in seven jurisdictions and involving three business sectors.

The allegations against Rolls-Royce arise out of the conduct of its Civil Aerospace business (“Civil”), Defence Aerospace business (“Defence”) and former Energy business (“Energy”) and relate to the sale of aero engines, energy systems and related services. The key components of the bribery involved agreements to make corrupt payments to intermediaries, and the failure by Rolls-Royce to prevent bribery.

Rolls-Royce employs over 40,000 people in more than 50 countries and was described by Sir Brian Leveson as “a jewel in the UK’s industrial crown”.   This is the largest investigation of the SFO to date, spanning over four years, including the arrests of overseas intermediaries, including searches of their premises and interviewing individuals using the SFO’s powers of compulsory interview.

Despite the bribery that has come to light, it is reported in the Statement of Facts, that Rolls-Royce had a number of written policies and committees in place, relevant to the company’s  appointment of intermediaries, and had in fact appointed a ‘Big 4’ accountancy firm in 2009, to complete an Anti-Bribery and Corruption (“ABC”) Compliance review. It appears that Rolls-Royce responded to the recommendations of the 2009 review by issuing a more detailed ABC policy, including the need for proper identification of intermediaries, and risk assessments to be carried out. Rolls-Royce later employed Lord Gold to carry out a further investigation into the company’s approach to bribery and corruption in 2013, and it appears Lord Gold is to continue his work with Rolls-Royce as part of the terms of the DPA (discussed in further detail below).

The UK draft indictment (contained within the Statement of Facts) included 12 counts of alleged bribery, that can be categorised as follows:

  • Conspiracy to Corrupt – Civil Indonesia (1), Civil Thailand (3), Energy Russia (1)
  • False Accounting – Defence India(2)
  • Failure to Prevent Bribery – Energy Indonesia (1), Energy Nigeria (1), Civil Indonesia (1), Civil China (1), Civil Malaysia (1)

The key terms upon which the agreement was approved, and prosecution deferred, were:

(i) The past and future cooperation of Rolls-Royce;

(ii) Rolls-Royce’s disgorgement of profit of £258,170,000;

(iii) Rolls-Royce’s payment of a financial penalty of £239,082,645;

(iv) Rolls-Royce’s payment of costs of £13,000,000 (TBC); and

(v) Rolls-Royce, at its own expense, agreeing to complete the Compliance Program and actions required.

The payments of the disgorgement and financial penalty, have been agreed to be paid in four instalments, the first being £119 million by 30 June 2017, then three further payments in 2019, 2020, and 2021. This will allow Rolls-Royce a ‘year off’ from making any payment in 2018.

Further conditions Rolls-Royce must meet, are to maintain all material gathered as part of its internal investigation and intermediary review for the term of the agreement, it must co-operate fully with any ongoing investigations and/or prosecutions brought by the SFO (which would include the investigations ongoing in relation to individuals), and to comply with a specific Compliance Program.

The Compliance Program is set out in Section F of the DPA, and builds upon the previous involvement and work of Lord Gold. So far, Lord Gold has produced two interim reports.  Rolls-Royce is required to obtain a third and final report by 31 March 2017, and within three months of receipt of this report, Rolls-Royce is to produce an Implementation Plan and provide a copy of  the planto the SFO.

The DPA requests that Rolls-Royce must request specific input from Lord Gold in relation to:

  1. Rolls-Royce’s offer or agreement to provide “concessions” in the form of cash or credits, or through any other means, directly or indirectly to customers;
  2. the geographical distribution, number and professional competence of Rolls-Royce compliance employees;
  3. the tailoring of compliance training to meet jurisdictional risks; and
  4. the effective anti-bribery and corruption policies, procedures and controls of Rolls-Royce Power Systems.

The Implementation Plan must be ‘to the satisfaction of Lord Gold’, and it is identified that the ultimate responsibility for identifying, assessing and addressing risks remains with the Board of Directors of Rolls-Royce.

The DPA is valid for a specific term, up to the 17 January 2022; or a date after 17 January 2021, on which the Serious Fraud Office (SFO), following a reasonable request from Rolls-Royce, confirms in writing that the DPA has concluded and does not provide protection against prosecution for any conduct not disclosed, and the SFO has reported that the investigation into the conduct of individuals will continue.

Given the seriousness of the crimes, and the “egregious criminality over decades”, it has been questioned whether a DPA was appropriate to be granted in these circumstances, and whether Rolls-Royce “got off lightly”. Some commentary has queried whether a prosecution was not brought, due to the the company being ignorant of what was occurring. This was not the case, as Leveson stated in his Judgment, that senior management and the controlling minds of the company were involved, and knew about misconduct in 2010, and failed to report it.   It was made clear however, that none of the current senior management involved were still at the company, after a series of resignations had occurred.

A driving factor in the Court’s approval of the settlement, appears to have included economic concerns over prosecuting the company, including the consequences on individuals employed by the company and the reduction in competition in an already concentrated market. Furthermore, had Rolls-Royce been prosecuted, the criminal conviction might have rendered it ineligible to contract with certain public bodies.

However, despite the enormity of the fines, and the fact that the company has apologised “unreservedly” in the press this week, Rolls-Royce could still be said to have “got[ten] off lightly” in this matter. The company’s share value having increased by almost 4.4% on Tuesday. This reportedly adds almost as much to the company’s market value as the size of the penalty it has to pay.

We anticipate the fall-out from this matter may continue, with the former CEO of Rolls-Royce, Sir John Rose, already being called to lose his knighthood following the announcement, the ongoing investigations by the SFO of individuals, and the impact on long term share value remaining to be seen.

The DPA is considered a huge success for the SFO, and SFO Director David Green, demonstrating the power and ability of the regulatory authority to carry out long term, global investigations.

The US Department of Justice has published its own deferred prosecution agreement with Rolls-Royce concerning the company’s energy division.  The company has agreed to pay the US regulator nearly $170 million, and $25.6m to Brazilian regulators as part of the global resolution of this matter.

If you require further information please contact a member of our team.