The New DPA Landscape For Fraud - White Collar Crime, Anti-Corruption & Fraud

After a decade of Deferred Prosecution Agreements in the UK, Rob Hunt and Jessica Chappatte of Herbert Smith Freehills review their performance and assess the likely impact of recent legislative changes for the prosecution of fraud on DPAs going forward.

24 February 2024 will mark the tenth anniversary of Deferred Prosecution Agreements (DPAs) being introduced in the United Kingdom. ¹ DPAs provide a means, in appropriate cases, of resolving investigations concerning corporate entities alleged to have been involved in fraud, bribery and other economic crime.

Since their inception in the UK, 13 DPAs have been agreed, ten of which have involved allegations of corporate bribery offences and the remainder addressing substantive fraud offences. During this time, four companies have been prosecuted by the Serious Fraud Office (SFO) and convicted for corporate bribery offences as well as ordered to pay large financial penalties by the court. There have been no corporate convictions for fraud arising from SFO prosecutions.

There are two recent developments, introduced by the Economic Crime and Corporate Transparency Act 2023 (the 'ECCTA'), which are likely to impact the DPA landscape moving forwards: the new corporate offence of failing to prevent fraud and the expansion of the identification principle. This article analyses the key themes emerging from the DPAs that have been agreed to date and considers how DPAs are likely to be used in the fraud context in light of these developments.

What have we learnt about DPAs?

DPAs are an agreement approved by a court between an organisation and a prosecutor, allowing a prosecution to be suspended for a specified period if the organisation meets certain conditions. A court will approve a DPA that it considers to be in the interests of justice, and which has fair, reasonable and proportionate terms. ²

We comment below on the key themes emerging from the 13 DPAs secured to date.

Genuine and proactive cooperation is a prerequisite to being offered a DPA. It is defined as "assistance... that goes above and beyond what the law requires". ³ It has, in the past, included preserving available evidence, providing extensive disclosure to the prosecutor, allowing the prosecutor to interview witnesses, cooperating with investigations and prosecutions, and, at times, has involved the waiver of privileged materials.
Self-reporting misconduct is important but not always essential. In ten out of 13 DPAs, companies self-reported to the authorities promptly upon discovering the issue. While the remainder did not involve prompt self-reports, they involved subsequent voluntary disclosures which were so fulsome that they were "akin to self-reporting". ⁴
Agreement to review and, where needed, overhaul the company's compliance programme. 11 out of 13 DPAs included a term requiring the company to implement, update and report on a compliance programme designed to prevent and detect violations of relevant laws. In some cases, the prosecutor required the company to engage external advisers to report on the company's compliance procedures during the term of the DPA.
Agreeing to significant financial penalties, including disgorgement of profits and payment of the prosecution's costs. There is a growing trend of companies receiving a 50 per cent discount off their financial penalty in light of "extraordinary or otherwise exemplary" cooperation. ⁵
Driving corporate cultural change. There is an increasing expectation on companies to demonstrate that they are in effect different entities from the ones that are the subject of the DPA through eradicating the wrongful behaviour or terminating contracts with employees/third parties involved, wholesale changes to senior management (eg, Airline Services Ltd ⁶) or, in the most recent DPA (Entain plc ⁷), the sale of part of its business and exiting over 140 markets.
Very few prosecutions of individuals. There has only been one successful conviction of an individual in respect of conduct that has been the subject of a DPA in the past ten years. The rest have either collapsed due to disclosure issues, been dropped for various reasons including there being insufficient evidence to prosecute individuals, overturned on the basis that there was no case to answer in respect of the individuals, or the individuals were acquitted.

DPAs in the fraud context

Fraud is identified by the Government as being the most common crime in the UK, constituting 40 per cent of estimated crimes against individuals in 2022. ⁸ Despite this, fraud has only featured in four of the 13 DPAs that have been agreed to date. While this suggests that there has been substantial under-enforcement of fraud, it also reflects the fact that prosecutors may not have had the tools they needed to prosecute corporate fraud. The ECCTA introduced two principal changes that are likely to have a significant impact for prosecutors moving forwards.

New corporate offence: Corporates that are in scope of the offence will now, in addition to bribery and the facilitation of tax evasion, face potential liability for failing to prevent their associated persons from committing fraud. ⁹ Prosecutors must show that:

the associated person intended to benefit the corporate, or any person to whom (or to whose subsidiary) the associate provides services on behalf of the relevant body;
the corporate did not, when the offence was committed, have reasonable fraud prevention procedures in place (for which, see below); and
the corporate is a 'large organisation'. ¹⁰

Guidance will be published by the Government on the nature of these prevention procedures, and only once that guidance is published will the offence come into force. Like its predecessors, the failure to prevent fraud offence is subject to the DPA regime.

Expansion of the identification principle: Under common law, a corporate can be criminally liable for an offence where it is committed by the 'directing mind and will' of the corporate – a concept which has historically been interpreted very narrowly by the courts (generally restricted to the board of directors). Now, under the ECCTA, companies will face criminal liability where an economic crime offence is committed by the actions of senior managers acting within the scope of their actual or apparent authority. ¹¹

Impact of the new legislative changes

DPAs have been seen by many as an effective tool for enforcement agencies in their fight against corporate bribery. As well as securing high-value settlements for the Treasury, the DPA regime (combined with the introduction of the failure to prevent bribery offence) has enabled prosecutors to heighten levels of awareness of corporate compliance programmes in respect of bribery over the past ten years.

Going forward, we believe that enforcement agencies will seek to replicate these successes in the fraud space using the new tools they have been given under the ECCTA. Therefore, we can expect to see an uptick in fraud investigations against corporates and this may well result in an increased number of fraud-related DPAs and corporate prosecutions.

In terms of how enforcement agencies will approach fraud DPAs, we anticipate that the themes outlined above will continue to be followed and developed, with cooperation, compliance and culture being key factors in securing a DPA. Agencies may also be more inclined to prosecute corporate fraud cases given the lower thresholds that have been introduced by the ECCTA and the fact that failure to prevent fraud offences are likely to be mostly domestic in nature, meaning less likelihood of evidence having to be sought from abroad.

What does this mean for fraud practitioners?

Fraud practitioners should expect fraud to be high on the SFO's agenda in coming years and will no doubt be keeping a close eye out for the Government's guidance on 'reasonable prevention procedures' which is expected by 2025 and should provide some assistance in determining how much of an impact the new offence will have in practice on companies' existing fraud controls.

In the meantime, in-house legal and compliance teams should consider adding a global fraud risk assessment to their risk registers and review existing fraud prevention procedures as major items on this year's agenda to get ahead of the curve for when the guidance is published and the offence comes into force.

Footnotes

1. DPAs were introduced under Schedule 17 of the Crime and Courts Act 2013

2. Crime and Courts Act 2013, Schedule 17, paragraph 8(1)

3. SFO's Corporate Co-operation Guidance: www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/corporate-co-operation-guidance/

4. Dame Victoria Sharp in the Entain DPA, Approved Summary of Judgment (paragraph 11)

5. Davis J in G4S, one of the DPAs in which the organisation received less than 50 per cent discount

6. Deferred Prosecution Agreement SFO v Airline Services Ltd, 21 October 2020: www.sfo.gov.uk/download/airline-services-limited-deferred-prosecution-agreem

7. Deferred Prosecution Agreement R v Entain plc, 5 December 2023: www.cps.gov.uk/sites/default/files/documents/publications/R%20v%20Entain%20DPA.pdf

8. The Home Office's failure to prevent fraud offence Impact Assessment, quoting the Crime Survey for England and Wales: https://assets.publishing.service.gov.uk/media/64355c1fcc99800013b89345/Impact_Assessment_for_Failure_to_Prevent_Fr aud__Home_Office_.pdf

9. Section 199 of the ECCTA

10. Under section 201 of the ECCTA, a corporate is considered to be a 'large organisation' if it meets two out of three of the following criteria (in the financial year that precedes the fraud offence): more than 250 employees; more than UK£36 million turnover; and more than UK£18m in total assets.

11. Section 196(1) of the ECCTA

The article is available on www.counter-fraud.com and www.i-law.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.