In an online speech at a Society of Corporate Compliance & Ethics conference, Lisa Osofsky, Director of the UK's Serious Fraud Office, underlined her and the SFO's focus on the importance of a company's compliance programme in the context of its enforcement decisions.
Ms Osofsky illustrated the importance of effective compliance programmes by highlighting two cases in which the state of the companies' respective "compliance journey" played a part in their considerably different outcomes.
A strong focus on compliance has been the clear direction of travel since the appointment of Ms Osofsky in 2018.
In her first speech as Director of the SFO, to the Cambridge Symposium on Economic Crime, she referred to the SFO's interest in questions around whether the company had been proactive in cleaning its house and reforming; whether the company had instilled the right controls and whether those controls were backed by demonstrable commitment at the appropriate level. She said that "The SFO will want assurance that companies are doing everything they can to ensure the crimes of the past won’t be repeated long after the watchful eye of the prosecutor moves on to another target."
In January 2020 - shortly after the SFO secured the largest DPA to date - the SFO issued guidance about how and when it will evaluate compliance programmes.
The guidance makes it clear that the SFO will consider a company's compliance programme in order to inform its decision-making throughout the lifecycle of its cases, from the initial decision as to whether a prosecution is in the public interest, to decisions around the appropriateness of inviting a company into DPA negotiations and if so, what terms are appropriate, through to sentencing.
In October 2020, the SFO issued further guidance on its approach to deferred prosecution agreements. In terms reminiscent of the DOJ's updated guidance on Evaluation of Corporate Compliance Programs published in June 2020, the SFO set out its expectations regarding compliance programmes.
It said that "A compliance programme must be proportionate, risk-based and regularly reviewed and tested, and the Company should be able to evidence that its programme has these traits, is adopted at board level and is sufficiently well-resourced. Where appropriate, the SFO may bring in external resources to assist in the assessment of the Company’s compliance programme."
And finally, as foreshadowed by Ms Osofsky in her speech to the Society of Corporate Compliance & Ethics in which she said that “We’re upskilling ourselves to be better and smarter in this evaluation, including bringing in people with experience and expertise in this area,”, Judy Krieg joins the SFO on Monday 1 March 2021 to bolster the SFO's understanding of corporate compliance.
In view of this enhanced focus, building an effective compliance programme plainly should be the goal. Doing so involves ensuring that those programmes are set up to succeed: that training is tailored, policies and procedures are appropriately designed, properly embedded, tested and resonate with employees.
See here for more information on how Ropes & Gray can help.
“Are they part of the company’s DNA?” Ms. Osofsky asked compliance practitioners during an online speech. “Or do they just adorn a very nice couple of binders that are held on a bookshelf that don’t really do much more than provide window-dressing?”