Changes to Whistleblowing Regulation under French Data Protection Law

In June 2017 the French data protection authority, the CNIL, published a revised norm for reporting systems ( “AU-004”) that will permit the implementation of the changes recently  introduced by the new French Anti-corruption Law “Sapin II” (as set out in our previous article “New French Anti-corruption Law Sapin II”).

To read more about the change to the French data protection regulation.

Cell Phone Warrant – Issues in Split Decision

Agents Executing CellPhone Warrant

Riley v. California sparks disagreement about a cellphone warrant in United States v. Griffith, No. 13-3061, 2017 U.S. App. LEXIS 15636 (D.C. Cir., Aug. 18, 2017). In Riley, the Supreme Court requires a warrant to search a cellphone found incident to arrest. Issues in Griffith include requirements for a cellphone warrant in a suspect’s home, whether a phone can be searched after execution of a cellphone warrant, the good faith exception to the exclusionary rule, and personal liability for police.

These issues summarized below are discussed in more detail in our article in Law360 (available by subscription here). We predict more litigation about this warrant because the dissent explicitly hopes the Circuit en banc or the Supreme Court will intervene “to cure today’s grievous error.” Read more. Continue Reading

Summary of U.S. Department of Justice’s Guidance, “Evaluation of Corporate Compliance Programs”

Summary of Compliance Guideline

The Criminal Division’s Fraud Section of the U.S. Department of Justice (the “DOJ”) has released guidance on how the DOJ will determine the effectiveness of a company’s corporate compliance program.  The guidance, entitled Evaluation of Corporate Compliance Programs[1] (the “Compliance Guideline”), provides examples of topics and sample questions that are frequently used by the DOJ in the evaluation of a corporate compliance program.

While the topics and questions are not new, the Compliance Guideline does reinforce the message that the DOJ’s focus is on the concrete steps a company’s leadership takes to foster a corporate culture of compliance.  The Justice Department’s Compliance Counsel, Hui Chen, emphasized the difference between a “paper program” and a “real program.”  “The answers are not in the glossy diagrams of a company’s ‘core values’ or their training slides; rather, they are in what happens in real life, in the smallest details that manifest themselves in the company’s daily operations.”[2]

The Compliance Guidelines provide useful insights for compliance professionals on what to expect in the event of a DOJ investigation and furthermore provide a framework to assess a company’s compliance program, strengthen existing polices, and identify areas that need improvement.  While the DOJ does not use an established formula in assessing the effectiveness of corporate compliance programs, the Compliance Guideline does provide transparency into factors the DOJ will take into consideration when evaluating the adequacy of a company’s compliance program.  The DOJ is careful to note that the Compliance Guideline is not a checklist or a formula and that many of the topics are found in the United States Attorney’s Manual, the United States Sentencing Guidelines, the Fraud Section corporate resolution agreements, the DOJ and Security and Exchange Commission’s A Resource Guide to the U.S. Foreign Corrupt Practices Act, the Organization for Economic Co-operation and Development Council’s Good Practice Guidance on Internal Controls, Ethics, and Compliance, the United Nations Office on Drugs and Crime, and the World Bank.

Topics and Questions – What the DOJ Will Look to When Evaluating a Compliance Program

The Compliance Guideline sets forth eleven topics and questions investigators may ask when evaluating the adequacy of a compliance program.  These are factors prosecutors will take into consideration when conducting an investigation of a corporate entity, determining whether to bring charges, and negotiating plea or other agreements.  Companies should use these topics and questions to serve as best practices to measure corporate compliance programs and further refine existing programs

  1. Analysis and Remediation of Underlying Misconduct

During the course of an investigation, the DOJ will look through audit reports, complaints, and prior investigations of similar misconduct for any missed prior opportunities to detect the misconduct.  Companies must ensure there are no system vulnerabilities or accountability lapses in detecting issues.  Similarly, companies should have a system in place to expose vulnerabilities and implement corrective measures to reduce the risk of repeat misconduct.

  1. Senior and Middle Management

The Compliance Guideline reiterates that compliance starts at the top and the DOJ will look to whether management properly sets the tone for the company.  The onus will be on senior management, through words or actions, to foster and encourage an ethical culture.  Not only should leadership take concrete actions in the company’s compliance and remediation efforts, management at all levels must model appropriate behavior to employees.  Further, management has a responsibility to ensure appropriate information is shared among different components of the company – including the board of directors.  The board and senior management will need to examine pertinent information in their exercise of oversight, have access to compliance expertise, and the board and external auditors should be holding regular sessions with compliance and control functions.

  1. Autonomy and Resources

Whether a company’s compliance department is internal or functions are outsourced to an external firm, investigators will be inspecting to determine whether the compliance department is autonomous and can remain objective from the rest of the company.  A company will want to make sure compliance personnel are independent, have the appropriate experience and qualifications for their role and responsibilities, maintain a level of stature that is comparable to other departments within the company, have access to key decision-makers such as the board of directors, are evaluated by appropriate senior management, have a low turnover rate, and play a role in the company’s strategic and operational decisions.  Compliance and control personnel must be empowered to identify, escalate, and address problems.

  1. Policies and Procedures

It’s not enough to merely have compliance policies and procedures in place, the DOJ will be looking at a company’s process for designing and implementing the policies and procedures, the company’s ability to evaluate the usefulness of policies and procedures, and whether the departments or functions have ownership of and are held accountable for their oversight.  In examining the compliance policies and procedures, the DOJ will examine whether there has been clear guidance and training for the key gatekeepers (e.g., the persons who issue payments or review approvals) in the control processes.  The gatekeepers must be aware of the process in order to properly raise concerns.  Further, the policies and procedures must be adequately disseminated and accessible to all employees.

Compliance personnel will need to be responsible for operational integration of the policies and procedures, consult with the appropriate officers or business segments, and roll out the policies and procedures while making sure employees fully understand them.  So as to avoid future misconduct, the company must have controls in place to detect and prevent the misconduct, restrict or rigidly control access to funding to prevent abuse, and have a process in place to manage outside vendors.  Employees in each department with approval authority or certification responsibilities will need to know what to look for, and when and how to escalate concerns.

  1. Risk Assessment

There needs to be a methodology to identify, analyze and address risks for misconduct within the company.  The DOJ will examine the type of information or metrics a company has collected to detect misconduct and how that information or metric is being used to inform the company’s compliance program of possible as well as manifested risks.

  1. Training and Communications

The DOJ will focus on the type of training provided to employees who work in high-risk and control positions.  Corporations must ensure: (1) employees in relevant control functions are receiving adequate and effective training; (2) high-risk and control employees are receiving tailored training that addresses the risks in the area where a misconduct may occur; and (3) appropriate analysis is undertaken of which employees should be trained and on what subjects.

In addition to identifying the employees that must receive appropriate training, companies will want to ensure the training is effectively communicated.  The DOJ will look to whether the format of the training (i.e. web-based, in-person seminar, interactive, etc.) and the language that training was conducted in is appropriate for the intended audience.  Further, the DOJ will examine whether the company has measured the effectiveness of training that is given.

Leadership will need to communicate to employees the company’s position on any misconduct that has occurred, including when an employee is terminated for failure to comply with a company’s policies and procedures.  Further, companies must ensure employees have adequate access to resources that provide guidance on compliance policies and procedures.

  1. Confidential Reporting and Investigation

The DOJ will look to whether the company has implemented an effective and confidential reporting mechanism, including the ability to evaluate the risk level or seriousness of reports.  Once a report comes in, the company must timely respond to the complaint, adequately analyze and identify the misconduct, and determine the persons involved.  If an investigation is warranted, it must be remain independent, properly scoped and documented, and if appropriate, involve all levels of senior leadership up to the board of directors.  In response to the investigation, remediation must be appropriate in light of the investigation findings.

  1. Incentives and Disciplinary Measures

It is imperative for a company to implement appropriate disciplinary measures upon identifying misconduct.  All individuals involved in the misconduct must take accountability for their role, particularly employees that have a management role in the company.  Disciplinary actions must be fair and consistent for all employment levels.

In addition to disciplining misconduct, a company should have a process in place to incentivize good behavior.  The DOJ will look for concrete examples of incentives for compliance and ethical behavior such as promotions and rewards.

  1. Continuous Improvement, Periodic Testing and Review

A well-rounded compliance program will need to undergo periodic review and auditing to test controls and identify system vulnerabilities.  Investigators will examine the types of audits or control testing a company conducts on their compliance programs, audit findings, whether remediation progress is reported to management and the board on a regular basis, how management and the board follow-up on those reports, and how often internal audits are conducted in high-risk areas.  Additionally, compliance policies, procedures, and practices will need to be periodically reviewed and risk assessments will need to be continuously updated.

  1. Third-Party Management

When relying on third parties outside of a company’s control, the company will want to implement a risk-based process to manage those third parties.  The business rationale for using a third party will need to be appropriately documented, including payment terms and the work to be performed.   Due diligence on third parties must be conducted to identify red flags and the company will need a process to identify and monitor compliance issues, including methods of remediation such as suspension or termination of the third party relationship.

  1. Mergers and Acquisitions

Mergers and acquisitions must undergo a due diligence process to identify misconduct or the risk of misconduct.  The company will need a process for tracking and remediating misconduct or misconduct risks identified during the due diligence process.  Further, the company will need a process for implementing their compliance policies and procedures at the new entity.

[1] The U.S. Department of Justice Criminal Division’s Fraud Section publication of the Evaluation of Corporate Compliance Programs may be found here.

[2] Hui Chen, DOJ Compliance Expert, Interview on Corporate Compliance with Andrew Weissmann and Hui Chen (Feb. 2, 2016).

Exclusion from Healthcare Programs for a Misdemeanor?

Even a misdemeanor guilty plea can have far reaching ramifications in the healthcare industry. The Sixth Circuit recently upheld a decision of the Department of Health and Human Services (HHS) that a healthcare provider was subject to mandatory exclusion following a guilty plea to misdemeanor misbranding. As the court recognized, trial counsel had anticipated this possibility and warned the provider about potential exclusion.

Pharmacist Parrino consistently filled prescriptions for Pulmicort with a less potent amount of budesonide. He resolved the investigation by pleading guilty to introducing misbranded drugs into interstate commerce in violation of 21 U.S.C. §§ 331(a) and 352(a). Because misdemeanor misbranding is a strict liability crime, Parrino did not need to admit that he intended to prepare the medications incorrectly as part of the plea. HHS nevertheless decided its mandatory exclusion authority applied, excluded Parrino from federal healthcare programs for five years, and effectively ruined Parrino’s livelihood as a pharmacist during that time. Parrino appealed the decision by claiming that permissive (rather than mandatory) exclusion authority applied to misbranding. He also argued that HHS violated his fundamental right to property by acting arbitrarily when it excluded him for a strict liability offense that lacked intentional misconduct.

Disagreeing with a decision from the Fourth Circuit, the Sixth Circuit agreed with the Ninth, Tenth, and First Circuits that a healthcare provider has no “fundamental right to participate in federal health care programs.” The court reasoned that no property right is created when someone is allowed to become a provider to federal healthcare programs because the government makes “no clear promises” of entitlement to the provider and federal health care programs are not intended to benefit providers. Deciding that the type of exclusion was not crucial, the court held that HHS needed only a rational basis to justify excluding the pharmacist. Under this standard of review, the court readily upheld the rationality of excluding a pharmacist who filled sub-potent medications and wasted government funds.

In an instructive footnote, the court referred to Parrino’s attempt to withdraw his guilty plea based a claim of ineffective assistance of counsel when he learned that HHS planned to exclude him. On that issue, the court held that counsel was effective by providing sufficient notice of the possibility of exclusion, even though counsel predicted exclusion would considered under the permissive standard rather than the mandatory standard.

Major Changes on Whistleblowing in France

Whistle blower word cloud conceptFrom January 1, 2018, there will be an obligation on almost all employers to implement reporting/whistleblowing schemes.

France has historically been very reluctant to support workplace whistleblowing, especially anonymously. Whistleblowing schemes were effectively only authorized in 2005 to permit US companies to comply with their SOX obligations. Those regulations were very restrictive, limited to employees and only in relation to certain legal breaches.

However, since December 2016, we now have a law relating to “transparency, the fight against corruption and modernization of business life,” also known as “Sapin 2.” This has introduced a number of changes, including the obligation to implement whistleblowing schemes and anti-corruption compliance programs.

Definition of Whistleblower

Sapin 2 Law defines a whistleblower (in French “lanceur d’alerte”) as:

  • Any individual (i.e., not limited to employees)
  • Acting in good faith
  • Reporting or revealing a crime, a serious and manifest breach to an international treaty, a serious breach of a law or regulation, or a serious threat or harm to the public interest
  • Of which he or she has personal knowledge

Tiered Reporting

The whistleblower must:

  • First make his or her disclosure to a direct or indirect supervisor or another person appointed by the employer for this purpose
  • Only if this is not followed up with any action, then disclose to the relevant judicial or administrative authority, or to his or her professional adviser
  • And then as a last resort, the report may be made public, e.g., to the media

The disclosure may also be filed with the Defender of Rights (“Défenseur des droits”) and directed to the organization responsible for collecting them in the relevant industry sector.

Interfering with the making of a whistleblowing disclosure to the employer or to the courts is punishable by up to one year’s imprisonment and a €15,000 fine (€75,000 for corporates).

Mandatory Implementation of Reporting Schemes

The new law requires that:

  • As of January 1, 2018, companies with more than 50 employees must implement schemes that protect whistleblowers
  • Businesses with more than 500 employees (or that belong to a group whose parent company is in France and has more than 500 employees) and turnover of more than €100 million must implement internal reporting procedures for bribery and corruption as part of a more extensive compliance program
  • Companies providing financial services (as defined under the French Monetary and Financial code) must implement reporting schemes for breaches of EU or French financial market regulation, including the Financial Markets Authority

Principles Governing Reporting Schemes

  • Reporting schemes must protect the identity of the whistleblower, the identity of any person incriminated and the information collected. The disclosure of any of these details carries up to two years’ imprisonment and a €30,000 fine (€150,000 for corporations).
  • The organization shall appoint a person responsible for receiving whistleblowing reports (“référent”) who may be an employee or an external service provider.
  • The procedures used must be adequately publicized and should note that they are authorised by the CNIL.
  • The procedure shall specify how the whistleblower (i) may make his or her disclosure; (ii) provides supporting information or documents; and (iii) provides the necessary contact information to allow an exchange with the recipient.
  • The procedure must also specify how the organization will (i) provide certain information to the whistleblower and the incriminated person; (ii) guarantee strict confidentiality; and (iii) destroy information after a set period of time.

Breach of Secrecy by the Whistleblower

A whistleblower will not be liable for breaching a secrecy obligation by law provided that:

  • The disclosure is necessary and proportionate for the protection of the interests at stake, and
  • The reporting procedures provided by law are complied with

However, Sapin 2 does not allow a whistleblower to disclose information covered by doctor/patient or client/lawyer professional secrecy or national security.

No Retaliation

Whistleblowers are protected from retaliation in the hiring process, in terms of access to an internship or professional courses or in salary or otherwise. However, where the report is made in bad faith, the employee can:

  • Face disciplinary sanctions by the employer
  • Be held liable for “slanderous denunciation” punishable by up to five years’ imprisonment and a fine of up to € 45,000
  • Be subject to private individual or corporate claims for damages (damages to the public image, reputation, etc.)

Data Protection Issues

For a Sapin 2 procedure to be compliant with French data protection rules, the employer must obtain prior authorization from the CNIL. It can either:

  • Apply for an ad hoc authorization, which is time consuming and burdensome, or
  • Opt for self-certification to the CNIL, stating that the whistleblowing scheme conforms with the CNIL’s AU-004 rules

However, AU-004 does not currently actually permit total compliance with changes introduced by Sapin 2 with regard to the scope of permitted reporting and the people allowed to whistle blow. Changes to AU-004 are, therefore, expected before January 1, 2018. Some of these may evolve under the General Data Protection Regulation, which comes into effect on May 25, 2018.

Labor Law Issues

There are several preliminary steps that must be followed by a business implementing a whistleblowing scheme. These may include:

  • Prior information and consultation with the employees’ representatives and consultation with the Hygiene and Safety Committee (if any)
  • A possible modification of the “Règlement intérieur” (internal disciplinary rules). They need to be submitted to the Works Council and as the case may be, to the Health and Safety Committee, as well as to the Labor Inspectorate

Non-compliance could prevent the organization from taking disciplinary measures against employees based on the information collected through the scheme.

We can assist your organization with the implementation of whistleblowing schemes in France that will comply with this new regulation.

Applying Escobar — Decisions on Materiality, Falsity and Other Issues

June 16, 2017, marks the one-year anniversary of the precedent-setting U.S. Supreme Court decision in Universal Health Services v. United States ex rel. Escobar (Escobar), which approved the implied false certification theory as a basis for liability under the False Claims Act (FCA). Because the decision impacts every provider who supplies goods and services to the federal government, all eyes are on how the lower courts have applied the decision. On the anniversary of Escobar, Tom Zeno and Rebecca Worthington review recent FCA decisions on questions of materiality, falsity and other FCA concerns in an article for Bloomberg BNA Health Fraud Report.

Click here to read a summary and access the full-text of the article over on our Triage Health Law Blog.

Tabcorp fined $45 million

Gaming company Tabcorp has been fined $45 million for breaching anti-money laundering and anti-terrorism financing laws. The Federal Court found that Tabcorp broke the law on 108 occasions over five years.

The fine imposed by the Federal Court is the highest civil penalty in Australian corporate history.

The multi million dollar fine was handed down after a civil penalty proceedings was brought against Tabcorp by AUSTRAC, the Federal Government’s financial intelligence and regulatory agency. In July 2015, AUSTRAC filed papers in the Federal Court against the three Tabcorp group companies for extensive, significant and systemic noncompliance with Australia’s anti-money laundering and counter-terrorism financing legislation

AUSTRAC CEO Paul Jevtovic addressed the media in Sydney yesterday, where he said that it sends an unequivocal message to gaming companies:

“There can be no doubt that this was a serious failure in the corporate governance and the size of the penalty reflects a consistent and extensive noncompliance. Quite simply Tabcorp failed in its obligations. The noncompliance arises from a corporate culture that is indifferent to money laundering and terrorism financing requirements,” he added. Cultures such as this put the community at risk with crimes committed by organised crime groups and “serious criminals” and others who could divert their “criminal wealth” to the “black market” and fund other illegal activities such as drug trafficking. Tabcorp failed to give AUSTRAC reports about suspicious matters on time or at all. Tabcorp has admitted these suspicions related to unlawful activity including money laundering and credit card fraud and has admitted that it had insufficient processes for consistent management oversight, assurance and operational execution of the money laundering program.”

Notably,  money laundering, terrorism and financing function was at times “underresourced” in the organisation and senior managers did not receive regular reports on the issue.

In a statement, Tabcorp chief executive David Attenborough confirmed the $45 million settlement and said the company had cooperated with AUSTRAC.

Key points:

  • The $45 million penalty is believed to be the highest in Australian corporate history
  • The Federal Court found Tabcorp failed to alert regulators to reports of suspicious behaviour on 108 occasions over more than five years.
  • Tabcorp has admitted that the suspicions related to unlawful activity including money laundering and credit card fraud, which was not reported to the Australian Transaction Reports and Analysis Centre (AUSTRAC).
  • Justice Perram found that in one case, Tabcorp failed to alert authorities to a customer who collected $100,000 in winnings.

If you would like further information, please contact a member of our team.

Details of the Rolls-Royce DPA emerge

Last week, we published the details of the expected Deferred Prosecution Agreement (DPA) that was yet to be approved by the UK’s High Court on 17 January 2017.

The Serious Fraud Office (“SFO”) has since now confirmed, that the DPA was approved by Sir Brian Leveson, President of the Queen’s Bench Division, and the DPA, Statement of Facts and Judgment have now all been published. The DPA enables Rolls-Royce (Rolls-Royce Plc and Rolls-Royce Energy Systems Inc.) to account for criminal conduct spanning three decades in seven jurisdictions and involving three business sectors.

The allegations against Rolls-Royce arise out of the conduct of its Civil Aerospace business (“Civil”), Defence Aerospace business (“Defence”) and former Energy business (“Energy”) and relate to the sale of aero engines, energy systems and related services. The key components of the bribery involved agreements to make corrupt payments to intermediaries, and the failure by Rolls-Royce to prevent bribery.

Rolls-Royce employs over 40,000 people in more than 50 countries and was described by Sir Brian Leveson as “a jewel in the UK’s industrial crown”.   This is the largest investigation of the SFO to date, spanning over four years, including the arrests of overseas intermediaries, including searches of their premises and interviewing individuals using the SFO’s powers of compulsory interview.

Despite the bribery that has come to light, it is reported in the Statement of Facts, that Rolls-Royce had a number of written policies and committees in place, relevant to the company’s  appointment of intermediaries, and had in fact appointed a ‘Big 4’ accountancy firm in 2009, to complete an Anti-Bribery and Corruption (“ABC”) Compliance review. It appears that Rolls-Royce responded to the recommendations of the 2009 review by issuing a more detailed ABC policy, including the need for proper identification of intermediaries, and risk assessments to be carried out. Rolls-Royce later employed Lord Gold to carry out a further investigation into the company’s approach to bribery and corruption in 2013, and it appears Lord Gold is to continue his work with Rolls-Royce as part of the terms of the DPA (discussed in further detail below).

The UK draft indictment (contained within the Statement of Facts) included 12 counts of alleged bribery, that can be categorised as follows:

  • Conspiracy to Corrupt – Civil Indonesia (1), Civil Thailand (3), Energy Russia (1)
  • False Accounting – Defence India(2)
  • Failure to Prevent Bribery – Energy Indonesia (1), Energy Nigeria (1), Civil Indonesia (1), Civil China (1), Civil Malaysia (1)

The key terms upon which the agreement was approved, and prosecution deferred, were:

(i) The past and future cooperation of Rolls-Royce;

(ii) Rolls-Royce’s disgorgement of profit of £258,170,000;

(iii) Rolls-Royce’s payment of a financial penalty of £239,082,645;

(iv) Rolls-Royce’s payment of costs of £13,000,000 (TBC); and

(v) Rolls-Royce, at its own expense, agreeing to complete the Compliance Program and actions required.

The payments of the disgorgement and financial penalty, have been agreed to be paid in four instalments, the first being £119 million by 30 June 2017, then three further payments in 2019, 2020, and 2021. This will allow Rolls-Royce a ‘year off’ from making any payment in 2018.

Further conditions Rolls-Royce must meet, are to maintain all material gathered as part of its internal investigation and intermediary review for the term of the agreement, it must co-operate fully with any ongoing investigations and/or prosecutions brought by the SFO (which would include the investigations ongoing in relation to individuals), and to comply with a specific Compliance Program.

The Compliance Program is set out in Section F of the DPA, and builds upon the previous involvement and work of Lord Gold. So far, Lord Gold has produced two interim reports.  Rolls-Royce is required to obtain a third and final report by 31 March 2017, and within three months of receipt of this report, Rolls-Royce is to produce an Implementation Plan and provide a copy of  the planto the SFO.

The DPA requests that Rolls-Royce must request specific input from Lord Gold in relation to:

  1. Rolls-Royce’s offer or agreement to provide “concessions” in the form of cash or credits, or through any other means, directly or indirectly to customers;
  2. the geographical distribution, number and professional competence of Rolls-Royce compliance employees;
  3. the tailoring of compliance training to meet jurisdictional risks; and
  4. the effective anti-bribery and corruption policies, procedures and controls of Rolls-Royce Power Systems.

The Implementation Plan must be ‘to the satisfaction of Lord Gold’, and it is identified that the ultimate responsibility for identifying, assessing and addressing risks remains with the Board of Directors of Rolls-Royce.

The DPA is valid for a specific term, up to the 17 January 2022; or a date after 17 January 2021, on which the Serious Fraud Office (SFO), following a reasonable request from Rolls-Royce, confirms in writing that the DPA has concluded and does not provide protection against prosecution for any conduct not disclosed, and the SFO has reported that the investigation into the conduct of individuals will continue.

Given the seriousness of the crimes, and the “egregious criminality over decades”, it has been questioned whether a DPA was appropriate to be granted in these circumstances, and whether Rolls-Royce “got off lightly”. Some commentary has queried whether a prosecution was not brought, due to the the company being ignorant of what was occurring. This was not the case, as Leveson stated in his Judgment, that senior management and the controlling minds of the company were involved, and knew about misconduct in 2010, and failed to report it.   It was made clear however, that none of the current senior management involved were still at the company, after a series of resignations had occurred.

A driving factor in the Court’s approval of the settlement, appears to have included economic concerns over prosecuting the company, including the consequences on individuals employed by the company and the reduction in competition in an already concentrated market. Furthermore, had Rolls-Royce been prosecuted, the criminal conviction might have rendered it ineligible to contract with certain public bodies.

However, despite the enormity of the fines, and the fact that the company has apologised “unreservedly” in the press this week, Rolls-Royce could still be said to have “got[ten] off lightly” in this matter. The company’s share value having increased by almost 4.4% on Tuesday. This reportedly adds almost as much to the company’s market value as the size of the penalty it has to pay.

We anticipate the fall-out from this matter may continue, with the former CEO of Rolls-Royce, Sir John Rose, already being called to lose his knighthood following the announcement, the ongoing investigations by the SFO of individuals, and the impact on long term share value remaining to be seen.

The DPA is considered a huge success for the SFO, and SFO Director David Green, demonstrating the power and ability of the regulatory authority to carry out long term, global investigations.

The US Department of Justice has published its own deferred prosecution agreement with Rolls-Royce concerning the company’s energy division.  The company has agreed to pay the US regulator nearly $170 million, and $25.6m to Brazilian regulators as part of the global resolution of this matter.

If you require further information please contact a member of our team.

Rolls-Royce Set to Avoid Prosecution After Bribery Settlement

Rolls-Royce has agreed to pay £671 million in penalties in response to several long-running bribery and corruption investigations.  Regulators in the UK, the United States and Brazil investigated claims that Rolls-Royce had paid bribes to intermediaries to secure high-value export contracts in a number of overseas markets, including China, Brazil and Indonesia.

In a press announcement, Rolls-Royce stated that it had in principle reached a Deferred Prosecution Agreement (DPA) with the UK Serious Fraud Office (SFO). The proposed DPA is subject to final judicial approval, and the SFO and Rolls-Royce will appear at court on 17 January 2017 to seek this approval.

In addition to the agreement with the SFO, Rolls-Royce has also reached a DPA with the US Department of Justice (DOJ) and a Leniency Agreement with Brazil’s Ministério Público Federal (MPF).

We reported in December 2015 that DPAs were a “sign of things to come” in the UK.  While common in the US, the DPA approach was introduced in the UK in 2014, and until now only two have been agreed, namely, with Standard Bank and a Small Medium Enterprise (SME) that has not yet been named.  The fact that Rolls-Royce has agreed to a DPA of significantly greater value than the first few agreements the SFO struck a year ago is evidence that the DPA is seen as a key weapon in the SFO’s anti-corruption armoury.

The DPA is a voluntary agreement that results in the automatic suspension of a prosecution, provided that negotiated terms including the payment of a financial penalty are fulfilled by the company by the end of the agreement term.  If the conditions are not complied with, then prosecution proceeds.

The financial penalty imposed in the DPA between Rolls-Royce and the SFO amounts to £497.2 million plus interest, payable in accordance with a five-year payment schedule, and costs.  The fine and other terms set out in the agreement with the SFO are subject to examination and approval by Lord Justice Leveson of the Royal Courts of Justice on 17 January 2016.  If approved, this DPA will be, by far, the largest settlement reached by the SFO.  The agreement is also of immense importance to the SFO given Rolls-Royce’s stature as a flagship UK company and a household name.

Rolls-Royce has been praised as “one of the United Kingdom’s great global companies” and “a world leader in the development of advanced technologies… of which the whole country can be proud.”  The allegations of bribery and corruption within Rolls-Royce could have severely damaged the company’s reputation and share price, not least because other companies may choose to steer clear of companies that are under investigation for bribery and corruption.

Nonetheless, it was reported today that Rolls-Royce’s shares were up almost eight percent in the wake of the settlement agreements with the anti-bribery and corruption authorities.  A spokesperson for the company said that “Rolls-Royce has co-operated fully with the authorities and will continue to do so”.  It was also reported that, “[w]ithout admitting any wrongdoing, Rolls-Royce has repeatedly attempted to signal its willingness to reform after the bribery allegations emerged.”

The eye-watering fine against Rolls-Royce sends a clear signal that the UK means business in cracking down on bribery and corruption.  However, it is a positive outcome that Rolls-Royce avoided prosecution, which ultimately will help the company move forward and recover from this issue more quickly.

If you require advice on anti-bribery and corruption, please contact a member of our team.

New French Anti-corruption Law “Sapin II”

At the end of 2016, after having undergone the scrutiny of the French constitutional court, French Law n° 2016-1691 of 9 December 2016, also known as “Sapin II” after the Finance and Economy Minister behind it, was finally enacted. It will, amongst other things, strengthen French anti-corruption regulations and has been hailed as a “game-changer”.

Over the years, France has built quite an extensive set of regulations to fight against corruption and bribery, prohibiting active and passive corruption (including facilitation payments) or influence peddling, both in the public and private sector, whether domestic or foreign. It also has a long list of ancillary offences, such as, for example, favouritism in public procurement procedures or, more generally, unfair representation of a company’s accounts and abuse of corporate assets. Nonetheless, France is not considered to have efficiently enforced this regulation. The law, Sapin II, aims to implement actual compliance programmes and increased reporting (and hopefully sanctioning) of offences.

Continue Reading