Monitorships are assuming an increasingly important role in corporate crime enforcement in the United Kingdom. Before the introduction of deferred prosecution agreements (DPAs) to the UK legal system, monitors were appointed under negotiated settlements entered into between cooperating corporate entities and enforcement authorities, but the statutory foundations for their appointment were less solid and appointments were largely the product of prosecutorial improvisation. Monitors were perceived squarely as a feature of the US corporate crime enforcement landscape and their appointment in the United Kingdom drew significant judicial opprobrium.
Indeed, Lord Garnier QC, the architect of the statutory scheme introducing DPAs in the United Kingdom, has made clear that ensuring that DPAs provided (and were seen to provide) a mechanism for cooperating corporates to address historic misconduct constructively and efficiently was a key objective for the UK government. In the parliamentary debates that preceded the introduction of the legislation, the use of an independent monitor was one of the ‘tough requirements’ cited as something to which a company may be required to adhere, to avoid prosecution. Recalling the lengthy discussions leading to their introduction, Lord Garnier emphasised that the UK government had to strike a careful balance. It was at pains to avoid encouraging the development of any perceived gravy train for professional services firms (which would have seriously undermined public and judicial confidence) but recognised the useful part that could be played by monitors to ensure that corporates followed up on the promises they made during settlement discussions.
The introduction of DPAs cleared a path for monitorships to become a more common way of concluding criminal investigations involving corporate entities in the United Kingdom. As may be expected, given her previous experience as a US prosecutor and a monitor in private practice, Lisa Osofsky, the director of the UK’s Serious Fraud Office (SFO), appointed in September 2018, has spoken about the holistic approach available through DPAs and monitorships to improve corporate integrity, stating in September 2020 that:
the direction of travel for Deferred Prosecution Agreements . . . is to use to the full the unique leverage DPAs give us to drive better corporate citizenship – in effect, to make better companies . . . DPAs are not only a way of incentivising cooperating companies and avoiding collateral damage to employees, suppliers, investors and customers . . . they are also a way also of ensuring companies admit their fraud and corruption and turn their attention to cleaning house. A conviction and a fine do not reap the same benefits. If companies violate the terms of the DPA, their admission of wrongdoing in the statement of facts can be used against them in a subsequent prosecution. This is invaluable.
The agreement with outsourcing giant G4S earlier this summer was a step change – a DPA with teeth. That DPA means that a major government supplier will be the subject of close scrutiny over the upcoming years to ensure its house stays in order and that UK taxpayers get the value they should from these very substantial contracts.
It should not be assumed that monitorships in the United Kingdom will become as prevalent as they are in the United States, or that, where they are used, they will be as extensive in scope as their US counterparts. However, it is worth noting Lisa Osofsky’s comments in June 2021 on using DPAs to improve corporate citizenship in cooperating corporates:
DPAs encourage offending companies to uphold the law and become good corporate citizens. They can also prevent unnecessary economic damage where a conviction could put the company out of business and destroy jobs.
DPAs demand full co-operation. In short, companies have to come out with their hands up. They must demonstrate a commitment to rooting out wrongdoing and fulfil all the obligations by a deadline.
With such a focus on corporate integrity from Lisa Osofsky and the SFO, it can be expected that the place of corporate monitorships in UK corporate crime enforcement practice will solidify.
Indeed, as detailed later in this chapter, there are some indications that the SFO may be moving towards a more routine use of monitorships in cases when DPAs mandate improvements to corporate organisations’ compliance arrangements (if the SFO is not satisfied that monitorship or quasi-monitorship arrangements put in place during the course of the investigation or DPA negotiation process are sufficient).
This chapter identifies the various statutory and other contexts in which monitorships (or equivalent arrangements) may arise in the United Kingdom, examines the shape they may take and lessons that may be drawn from analogous, longer-established arrangements, and considers some specific issues that may be encountered in practice.
The nature and scope of UK monitorships
The appointment of a monitor at the conclusion of an investigation into corporate misconduct by UK enforcement authorities is less routine than in the United States. Where monitors are appointed in the United Kingdom, the scope of their engagement is typically significantly narrower than under corresponding US arrangements.
In the United Kingdom, improvements to compliance arrangements and changes to key personnel are effectively preconditions to the commencement of DPA (or other) negotiations and court approval of proposed settlements. Corporate entities seeking to demonstrate a clean break with historic misconduct will commonly have put in place arrangements akin to those that may be ordered under monitorship programmes in other jurisdictions long before agreements are made with enforcement authorities or ratified by courts.
This differs significantly from the position in the United States. The threshold applied by the US Department of Justice (US DOJ) when deciding whether corporate entities have cooperated sufficiently to expect realistically to enter into a negotiated settlement is lower than that expected by the SFO and the Crown Prosecution Service (CPS) in the United Kingdom. In the United States, remediation follows once a deal has been finalised.
The Crime and Courts Act 2013 (CCA) and the accompanying guidance permit and contemplate the possible appointment of monitors in appropriate cases but stop significantly short of prescribing or even encouraging it. The Deferred Prosecution Agreements Code of Practice (the DPA Code), which the SFO and the CPS are required to take into account when negotiating, applying to the court for DPAs and overseeing DPAs, sets out the roles, duties and mechanics of appointing monitors as a term of a DPA. The DPA Code sounds a note of caution in this regard, stating:
An important consideration for entering into a DPA is whether [the corporate entity] already has a genuinely proactive and effective corporate compliance programme. The use of monitors should therefore be approached with care. The appointment of a monitor will depend upon the factual circumstances of each case and must always be fair, reasonable and proportionate.
This guidance reflects the comments of Lord Justice Thomas (as he then was), who (in R v. Innospec in 2010) expressed significant concerns about the costs of what he considered an expensive corporate probation order. The fact that a settlement incorporating a three-year monitorship had been agreed between UK and US prosecutors meant that he was constrained from giving effect to his concerns but made clear his profound scepticism about the need for the imposition of a monitor at all. He pointed in particular to the steps already taken to address the root causes of historic misconduct, including replacing key senior executives, and the fact that the company’s auditors were aware of wrongdoing.
Statutory frameworks for monitorships in the United Kingdom
In the United Kingdom, a monitorship – or an arrangement similar to a monitorship – can arise pursuant to various statutory and contractual frameworks. As already touched upon, the most recent and high-profile of these is the CCA, which enables them to be used to oversee a compliance programme imposed under a DPA. A review of the monitorships imposed under the CCA is set out below.
It is not the only scheme that may be used, however. The other statutory and contractual frameworks in which monitorships or similar arrangements may arise are discussed in more detail below.
Deferred prosecution agreements
Monitors appointed under UK DPAs have been, and are likely to continue to be, deployed in a more targeted manner than has been the case under US DPAs to date. Consistent with the guidance set out in the DPA Code (and the concerns expressed by Thomas LJ in R v. Innospec), the monitorship components of settlements agreed to date (summarised in the table below) could more accurately be described as quasi-monitorships.
| Date | Company | Summary of conduct | Monitorship elements |
|---|---|---|---|
| November 2015 | Standard Bank PLC | Standard Bank’s sister company, Stanbic Bank Tanzania, had paid US$6 million to a local Tanzanian partner to induce favourable treatment of a US$600 million proposal made by Standard Bank | Required to commission a report on the company’s anti-bribery and corruption (ABC) policies, including advice and recommendations on the use of third-party intermediaries, ABC training systems and the effectiveness of their ABC programme and its awareness among employees. DPA concluded on 30 November 2018 as all terms had been complied with |
| July 2016 | Sarclad Limited | Between June 2004 and June 2012, the company’s employees and agents systematically used bribes to win contracts in foreign jurisdictions | None. Sarclad’s chief compliance officer was required to prepare annual reports for submission assessing the implementation of the company’s new ABC policies |
| January 2017 | Rolls-Royce PLC | Rolls-Royce hired commercial agents in multiple jurisdictions, making tens of millions of dollars of corrupt payments to individuals to secure contracts | Rolls-Royce had previously appointed a compliance monitor to conduct an independent review of the company’s ABC compliance programme, who had completed two interim reports between 2013 and 2014. The DPA required Rolls-Royce to:
|
| April 2017 | Tesco Stores Limited | From February to September 2014, financial statements were improperly amended by ‘pulling forward’ income that should properly have resided in subsequent reporting periods, creating an overstatement of their profits | Within a month of the DPA being issued, Tesco was required to commission an accountancy firm to produce multiple reports and implementation plans commenting on:
|
| July 2019 | Serco Geografix Limited | Between 2011 and 2013, the company engaged in a fraudulent scheme (with another group company) to artificially deflate its profits on a government contract and thereby avoiding the government’s recouping some of those profits | None. Serco Group Plc, the company’s ultimate parent, was required to report annually to the SFO that it had undertaken and continues to undertake remediation and implementation of compliance measures and internal controls, policies and procedures to ensure (throughout its operations, including those of the company):
|
| October 2019 | Güralp Systems Limited | Between November 2003 and May 2015, the company made payments to a South Korean public official as an inducement or reward for him exploiting of his position at a government authority to influence the award of contracts to the company | None. The company’s compliance officer was required to submit annual reports on the company’s implementation of its ABC policies and procedures |
| January 2020 | Airbus SE | Payments made through external consultants in Sri Lanka, Malaysia, Indonesia, Taiwan and Ghana in relation to the sale of civilian and military aircraft | Airbus required to continue to implement and review compliance improvements agreed with the SFO. Specific elements include replacement of senior management at executive committee level, creation of a board subcommittee dealing with ethics and compliance, recruitment of compliance professionals, revisions to the code of conduct and associated training, strengthening of internal escalation processes, and contractual credit governance and prohibition on the use of external consultants. The UK DPA also acknowledges the appointment of a monitor under the terms of a simultaneous settlement agreed with French prosecutors |
| July 2020 | G4S Care and Justice Services (UK) Ltd | Between August 2011 and May 2012, the company dishonestly misled the Ministry of Justice as to the extent of its profits. This was to avoid contractual obligations to share the value of any cost reductions, which would have negatively affected the company’s revenues | Although the DPA recognised the steps the company had made in improving its compliance controls, it nevertheless required G4S to:
|
| October 2020 | Airline Services Limited | Between 2011 and 2013, the company used an agent, who was also retained by Lufthansa as a consultant, to secure an illegal advantage when competing for Lufthansa fleet plane refurbishment contracts | None. The company stopped trading in 2018 and is now dormant. It was kept open to facilitate the SFO’s investigation and to discharge the requirements of the DPA. As such, the DPA does not include any compliance remediation and only has a one-year term |
| July 2021 | Amec Foster Wheeler Energy Limited | Between 1996 and 2014, the company was responsible for using corrupt agents and intermediaries in the oil and gas sector. The DPA relates to 10 offences in Nigeria, Saudi Arabia, Malaysia, India and Brazil | None. Although the company had deficiencies in its corporate compliance programme, it was acquired in 2017 by John Wood Group plc, which, it was recognised, had made substantial changes to the company in terms of controls, policies, procedures and culture. However, in conjunction with the DPA, John Wood Group was required to give an undertaking that it would report annually to the SFO on its group-wide ethics and compliance programme and continually review and, if necessary, amend its ethics and compliance programme in a manner consistent with the company’s obligations under the DPA |
| July 2021 | Two unnamed UK-based companies | Although reporting restrictions currently apply, according to the SFO press release, both DPAs share a common Statement of Facts. The charges relate to offences under Sections 1 and 7 of the UK Bribery Act 2010, with bribes paid in respect of multimillion-pound contracts in the United Kingdom | According to the SFO press release, a parent company in both DPAs is required to report to the SFO at regular intervals on compliance and has also undertaken to support a comprehensive compliance programme |
The DPA Code states that a monitor’s primary responsibility is to ‘assess and monitor [the corporate’s] internal controls, advise of necessary compliance improvements that will reduce the risk of future recurrence of the conduct subject to the DPA and report specified misconduct to [the SFO or the CPS as appropriate]’. If the DPA requires a company to agree to implement a compliance programme or change its existing compliance programme, the prosecutor needs to be able to assess, and the company needs to satisfy the prosecutor of, the company’s compliance with the terms of the DPA mandating such reforms. According to the SFO’s guidance on evaluating compliance programmes, published and incorporated into its Operational Handbook in January 2020, a monitor appointed at the company’s expense is ‘likely’ in such circumstances. This has been interpreted in some quarters as an indication that Lisa Osofsky is seeking to bring to bear her previous experience (as an investigator and prosecutor in cases pursued in the United States and as a monitor in private practice) on her role as Director of the SFO. Whether this indication translates into greater numbers of monitors being appointed under DPAs in the United Kingdom will become clearer as more investigations during which the SFO applies this guidance come to fruition. However, the number of cases in which a monitor is appointed to oversee adherence by corporate organisations to the terms of DPAs may be limited. Clearly, whether it is deemed necessary to appoint a monitor to verify and report back to the SFO on prescribed improvements to compliance arrangements will be a matter for negotiation in every case, and corporate organisations and their advisers will, in many cases, be able to make strong arguments that such a step is unnecessary and disproportionate.
The CPS has not issued corresponding specific guidance on how it will evaluate compliance programmes and when it may consider it necessary for a monitor to be appointed. Cases in which it will be dealing with these types of questions are likely to be relatively rare. When these questions do arise in cases handled by the CPS, it may draw on the guidance it has published in relation to the appointment of authorised monitors under serious crime prevention orders (see section on these orders, below).
The specific tasks of monitors appointed under DPAs will vary widely, and typically will be set out in the terms of the DPA, but can include the monitoring of any facet of the company’s compliance programme. The appointment of a monitor, however, will not absolve the company’s board of directors from the ultimate responsibility for identifying, assessing and addressing risks. The terms of the DPA will usually require the company to consent to the monitor’s cooperation with the prosecuting authority.
The DPA Code requires corporates to afford monitors ‘complete access to all relevant aspects of the company’s business during the course of the monitoring period as requested by the monitor’. The terms of the DPA typically will require that the company permits the monitor to have access to any material the monitor could reasonably request to fulfil his or her function. The DPA Code acknowledges, though, that a corporate subject to a monitoring arrangement may not be required to produce material subject to legal professional privilege (whether to the monitor or anyone else). The reports produced by the monitor are confidential, with disclosure restricted to the prosecution authority, the company and the court (unless otherwise permitted by law).
Whether corporate entities entering into agreements with enforcement authorities that contain monitorship components should expect to be asked to produce privileged documents to monitors (and, indeed, the extent to which they are required to produce such documents in response to requests from monitors) is discussed more fully below. The extent to which monitors may be able or required to make onward disclosure of material provided to them in the course of their engagement is also considered below.
The DPA Code affords corporates and their representatives a much greater role in identifying appropriate candidates to act as monitors than was contemplated under previous legislation. As part of the DPA negotiations, corporates provide to the relevant prosecuting authority details of three potential monitors, including their relevant qualifications, specialist knowledge and experience, disclose any associations the potential monitors have had with the company and identify their preferred monitor. The DPA Code directs the CPS and the SFO that they should ordinarily accept the company’s preferred monitor but confirms that the relevant authority may reject the choice if it considers that there may be a potential conflict of interest or that the preferred candidate does not have sufficient experience or authority. Although not identical, these and other provisions of the DPA Code are reflective of guidance on the selection of monitors under US DPAs and non-prosecution agreements.
If it is proposed that a monitorship be a feature of a DPA, once agreement is reached on the identity of the monitor, the relevant prosecuting authority and the corporate entity will provisionally agree a detailed work plan for the first year, including the proposed method of review and frequency of reporting to the prosecutor. An outline work plan will be agreed to govern the monitor’s activities for the remainder of the monitorship period. The work plan and outline work plan will also need to address costs of the monitorship, since these costs (including reasonable costs associated with monitorships incurred by the prosecuting authority) are paid by the corporate. Some of the practical aspects of measuring the progress of ongoing monitorships and managing costs are discussed below.
The length of the monitorship will be agreed in the DPA following negotiations between the company and the prosecuting authority. Initially, it may be shorter than the term of the DPA itself but can never exceed the term of the DPA. The monitor can recommend terminating or suspending the monitorship, if the company’s policies and procedures are functioning properly without the need for further monitoring, or the monitor can recommend extending the monitorship, if the company has been, or will be, unable to satisfy its obligations successfully by the end of the monitorship period. The decision to terminate, suspend or extend the monitorship will be taken by the prosecuting authority.
An important feature of the DPA regime is that the DPA, including any monitorship proposed, must be approved by the court. Sir Brian Leveson noted when reviewing (and ultimately approving) the proposed DPA between the SFO and Standard Bank that, in the United Kingdom, ‘a DPA requires the informed, independent opinion of a judge before it can be effected; the agreement of the parties is not enough’ and that the court will consider the prospective terms of the DPA ‘individually and collectively, in order to determine whether to grant a declaration . . . that entering into it is likely to be in the interests of justice and that its proposed terms are fair, reasonable and proportionate’.
Serious crime prevention orders
Serious crime prevention orders (SCPOs) are governed by Part I of the Serious Crime Act 2007 (SCA). They were added to the statute book substantially before the introduction of the UK DPA regime, but were not specifically directed towards corporate crime. Although they have been used to impose restrictions on individuals (in some cases in respect of the activities of corporate entities) following conviction, mainly in cases concerning serious and organised crime, there are no reported instances of authorities using them to resolve white-collar investigations against corporates.
Under the SCA, when a corporate defendant is convicted of a ‘serious offence’ (which includes fraud, bribery and money laundering offences), the Crown Court can, on the application of the SFO or the CPS in England and Wales, impose an SCPO enabling the authority to contract with a person to provide monitoring services (the authorised monitor). An SCPO can also be imposed without there having been a criminal trial if the High Court of England and Wales is satisfied that a corporate has been involved in serious crime (which means committing or facilitating a serious offence, whether in England and Wales or elsewhere) and where there are reasonable grounds to believe that the order would protect the public by preventing, restricting or disrupting the company’s involvement in serious crime.
An SCPO may require the person subject to it to provide information or documents to the authorised monitor or answer questions posed by the authorised monitor. If deemed appropriate by the court, the person subject to the SCPO may also be required to pay all or some of the costs associated with the authorised monitor’s engagement. Any documents or information produced to the authorised monitor under the SCPO will be retained by the relevant enforcement authority for as long as it considers necessary.
SCPOs are available to various enforcement authorities but have principally been used by the CPS (although there have been examples of their use by the Financial Conduct Authority (FCA) in cases concerning unauthorised business). It is possible that the SFO and other authorities may explore their potential application in larger-scale cases (although they would only be made as a part of the sentencing process following conviction rather than as part of a negotiated settlement).
Civil recovery orders
Civil recovery orders (CROs) (under Part 5 of the Proceeds of Crime Act 2002 (POCA)) are civil orders available to the CPS, SFO, FCA and other enforcement authorities as a tool to conclude criminal investigations (whether or not there has been a parallel prosecution). They allow enforcement authorities to recover ‘property obtained as a result of unlawful conduct’. As civil remedies, the hurdles to be overcome by enforcement authorities are considerably lower than in criminal proceedings. Property is still susceptible to a CRO even if the ‘unlawful conduct’ was carried out by another person as it is only necessary for authorities to establish facts to the civil standard and there is no necessity to show from which particular offence or offences the property in question has been generated.
Before the introduction of DPAs, CROs were seen by enforcement authorities and cooperating corporate entities as a relatively attractive way of concluding investigations through negotiation. There is no equivalent to the DPA Code in respect of CROs and no constraints on the appointment of monitors under them (beyond those required to settle any civil proceedings, namely acceptable wording for a consent order and associated settlement documents). As noted in the table below, in some cases involving monitors, the latitude the CRO framework has afforded to cooperating corporate entities to negotiate settlements perceived as relatively favourable to them, and the limited extent to which the court may influence the contents of agreements, has drawn significant judicial criticism.
| Date | Company | Summary of conduct | Amount recovered | Monitorship |
|---|---|---|---|---|
| October 2008 | Balfour Beatty PLC | Irregularities concerning payments made as part of a joint venture bid to secure £22.5 million of work on the construction of the Alexandria Library in Egypt | £2.25 million | Included a form of external monitoring for an agreed period |
| July 2011 | Macmillan Publishers Limited | Improper payments were made in relation to a tender to supply educational books to South Sudan | £11.3 million recovered through a CRO | External monitor imposed to report to SFO and World Bank |
| July 2012 | Oxford Publishing Limited | Two subsidiaries of Oxford Publishing operating in Kenya and Tanzania made facilitation payments in connection with tenders for school books | £1.9 million recovered through a CRO (in addition to a £2 million voluntary payment to sub-Saharan African non-profit groups) | External monitor imposed to report to SFO and World Bank |
The appointment of monitors was acknowledged in the CROs referred to above by way of relatively bland clauses included in consent orders. In contrast to the comparatively detailed provisions of the DPA Code, there is very little information in the public domain about the processes by which monitors appointed under CROs have been selected, the extent of any input allowed by the companies concerned and whether any agreement was reached in relation to the circumstances in which monitorship arrangements may be either terminated early or extended.
Outside Scotland, where DPAs are not available as a tool to conclude investigations, CROs involving the appointment of monitors are now likely to be a thing of the past, at least to conclude investigations concerning offences in respect of which DPAs are now available and more likely to be used.
It is possible that CROs incorporating monitorships could be used in different contexts. For example, to date, there have been no publicised orders made since the definition of ‘unlawful conduct’ was amended, for the purposes of the civil recovery regime in Part 5 of POCA, to include ‘gross human rights abuses or violations’ (under the ‘Magnitsky amendment’ introduced in the United Kingdom through the Criminal Finances Act 2017). These orders are expected to be few and far between (if indeed any are made at all). There are no indications to date that enforcement authorities are contemplating using CROs based on this provision to recover property in the hands of corporate entities. It is conceivable though, particularly given the breadth of the definition of ‘gross human rights abuses or violations’, that applications for any such orders may be an area in which authorities could seek the appointment of monitors.
Appointment of skilled persons by the UK financial services regulators
The FCA and the Prudential Regulation Authority (PRA) have the supervisory power, conferred by Sections 166 and 166A of the Financial Services and Markets Act 2000, to appoint or to require firms they regulate to appoint an external third party, a ‘skilled person’, to undertake a review of a particular business area of that firm or to examine a particular issue. The power has been heavily used historically by the FCA in particular (and the former Financial Services Authority from which the FCA and the PRA emerged). Published data shows a steady decline in the number of skilled persons appointed, from 95 in 2010–2011 and a spike of 113 in 2012–2013 to 34 in 2018–2019. It is possible that the decline was attributable at least in part to the controversy surrounding the publication of a Section 166 report in February 2018, following intervention by the Treasury Committee. However, the number of skilled persons appointed has since begun to rise again, with 57 in 2019–2020 and 68 in 2020–2021, which may be attributable to a greater focus on financial crime, firms’ controls and risk management frameworks and conduct of business issues.
The appointment of a skilled person is a supervisory tool, rather than part of the enforcement processes of the FCA or the PRA. For example, between September 2012 and September 2014, more than 95 per cent of FCA-ordered skilled person reviews did not lead to enforcement action. Rather, the purpose of appointing a skilled person is to diagnose, monitor, limit or reduce identified risk or remedy crystallised risk. The appointing firm bears the cost of the skilled person’s work, which is typically significant. The total cost incurred by firms subject to skilled person reviews in 2020–2021 was £39.4 million.
Skilled persons are usually appointed from specialist panels maintained by the regulators. Relevant guidance indicates that the FCA ‘will normally contact the [subject of the report] before finalising its decision to require a report or the updating or collection of information by a skilled person’ to ‘provide an opportunity for discussion about the appointment, whether an alternative means of obtaining the information would be better, what the scope of a report should be, who should be appointed, who should appoint, and the likely cost’.
However, in practice, the scope for firms to influence the identity of the skilled person or the scope of their engagement is usually relatively limited.
The skilled person’s obligation is to cooperate with, and ultimately report to, the FCA (or PRA, as the case may be). As a matter of practice, the skilled person will give the firm an opportunity to comment on the drafts of the review before it is finalised.
Contractual monitoring arrangements
Arrangements similar to monitorships can arise in other contexts. Consistent with regulatory guidance on mitigating anti-corruption, anti-money laundering and trade compliance risks, equity investors will usually seek to negotiate the inclusion of contractual compliance protections in deal documents. Where specific and material compliance concerns are identified during the pre-investment stage, investors may seek to include robust compliance undertakings that will govern a corporate entity’s post-acquisition compliance programme. These undertakings could require an investee company to work with an investor’s external compliance counsel to adopt compliance policies and procedures, develop a compliance function staffed by appropriately qualified compliance personnel, conduct a forensic audit and take any other steps to address identified compliance concerns. In these situations, the investor’s external compliance counsel will effectively assume a quasi-monitorship role by taking the lead to drive the investee company’s satisfaction of the compliance undertakings and addressing identified risk areas.
Practical points
As monitorships are still a comparative rarity in the United Kingdom, there is not yet an established body of practice relating to when and how monitors should be appointed and how they should carry out their engagements as in the United States. Each situation in which a monitor has been or may be appointed will raise specific questions and issues. Careful analysis at the outset to identify and explicitly deal with questions likely to arise during the course of the monitorship will minimise and mitigate uncertainty and friction during the life of the monitorship. Some of the questions likely to arise are addressed below.
Cross-border monitorships
Can or should a monitor be appointed under a settlement with more than one enforcement authority?
Nothing prevents enforcement authorities from appointing a single monitor to oversee compliance arrangements in multiple jurisdictions. This course has been taken in numerous settlements with US authorities. However, enforcement authorities are increasingly recognising the benefits of retaining specialists in different jurisdictions.
Privilege
Can a monitor require access to legally privileged material?
No. The DPA Code acknowledges: ‘Any legal professional privilege that may exist in respect of investigating compliance issues that arise during the monitorship is unaffected by [CCA], this DPA Code or a DPA.’
In many instances, this will not cause particular problems, as monitors will be less concerned with the content of legal advice than the fact that it has been taken and appropriate action taken in response to it.
Enforcement authorities or monitors are not precluded, of course, from requesting that corporate entities provide privileged material voluntarily (whether on a limited waiver basis or more generally), although in most cases they and their representatives will be reluctant to do so, as they are likely to have concerns about waiver, given in particular the potential for material to be disclosed further and used in, or to precipitate, further litigation or investigations.
Can a monitor assert privilege in connection with his or her engagement?
Yes. Although monitors are often themselves lawyers, it will usually be necessary and prudent for them to seek specialist advice on particular aspects of their engagement. Communications passing between a monitor and his or her advisers may be subject to privilege in the same way as those passing between any lawyer and a client.
Data protection considerations
What are monitors’ obligations in relation to data?
Particularly in the context of fact-finding aspects of their appointments, monitors are likely to have to gather and review corporate documents, employee emails, data stored on work devices and other company data. That data could include personal data, of which collection, storage and processing could be subject to the Data Protection Act 2018 and the retained General Data Protection Regulation (or equivalents in other jurisdictions).
The monitor will need to assess his or her role under applicable data protection laws and may need to work with the corporate entity to ascertain an appropriate basis for the monitor’s receipt, processing and storage of the personal data. Where relevant data is located in jurisdictions outside the United Kingdom, the monitor will need to work with the corporate entity to determine which data privacy laws may affect the data transfer to the United Kingdom and ensure that there is an appropriate basis under local law for the transfer, processing and storage of data.
It will usually be prudent for the monitor to seek specialist advice in the particular jurisdictions in which he or she is operating and to document in writing the corporate entity’s and monitor’s rights and obligations (including any appropriate indemnities) in relation to personal data.
Managing the relationship between monitor and subject entity
How should monitors deal with the senior management of the company?
In most instances, whether pursuant to a DPA or a skilled person review, the corporate entity concerned will not have anticipated a monitorship. Some degree of resistance from the company’s senior management, who may regard dealing with a monitor as an expensive distraction from running the business, is therefore to be expected. The company is likely to treat the monitor as an unwelcome guest, particularly if it has already expended significant resources in investigating misconduct and bolstering its compliance programme as part of the settlement negotiations with the enforcement authority.
The monitor will have a clear mandate enshrined in the terms of his or her appointment and should focus on carrying it out diligently, but the monitor should be sensitive in doing so and cognisant of the remedial steps the company has taken to date. The monitor should take time in the initial phase of the monitorship to understand the steps that the company has taken and is planning to take to improve the pertinent aspects of its compliance programme as those facts should inform the monitor’s work plan and formulate a basis for the organic, self-sustaining growth of the company’s compliance programme.
If a monitor’s approach is perceived to be too intrusive, a company’s management may accuse the monitor of impeding the company’s business or, at best, be less receptive to recommendations. However, the nature and purpose of tasks inherent in a monitorship may not always seem congruent with the objectives and priorities of senior executives, who owe duties to shareholders and others to maximise commercial performance. There may be particular tensions when monitors are installed in financial services firms as senior executives, subject to individual accountability regimes, may seek particular information or assurances from monitors to satisfy themselves and regulators that they are complying with their personal regulatory obligations. Transparent and effective communication by monitors is key to striking an appropriate balance in monitoring the pertinent areas of the corporate entity’s business objectively and, on one hand, discharging obligations to the prosecuting authority and, on the other, avoiding unnecessary friction with the company. To the extent permitted by the terms of his or her appointment, the monitor should give the company advance notice of, and an opportunity to comment on, any recommendations, findings or reports that the monitor will make to the enforcement authority.
The monitor should also aim to be transparent and up front with the company about his or her working methods, including fees and expenses. For example, this involve giving the company sufficient advance notice of any proposed meetings, document requests or employee interviews. The monitor should alleviate the company’s concerns about the potential costs of the monitorship – considering in advance the proposed staffing and likely associated expenses, identifying cost efficiencies and offering cost solutions is likely to lead to a better working relationship between the company and the monitor.
There will be occasions when it is necessary for details of the tasks being undertaken by a monitor, and the reasons for them, to be kept confidential from senior executives. However, to the greatest extent possible, a constructive working relationship should be fostered by the release of as much information as is appropriate in the particular circumstances of each engagement to enable senior executives to understand the progress of the monitorship, any areas where they may be able to assist with resources or information, and the reasons why the monitor requires details about particular aspects of the business. Both monitors and corporate entities should bear in mind that the engagement will proceed more smoothly, is likely to be concluded more quickly and will result in more sustainable improvements to compliance systems and controls if all parties adopt an appropriately collaborative approach.
What should monitors do if the relationship with the subject deteriorates?
The monitor should work to repair the relationship with the company but also critically assess why it may be deteriorating. If the relationship is being undermined by the company’s perceived unwillingness to cooperate with the monitor’s reasonable performance of his or her duties (e.g., by resisting disclosure to the monitor of information that reasonably would help in the performance of the monitor’s mandate), the monitor should evaluate whether those are matters that may have to be reflected in his or her reports to the enforcement authorities.
The monitor should be mindful, however, that his or her report to the enforcement authorities is a powerful tool that should be used only when genuine need demands it. The monitor should understand that he or she is not appointed to impose his or her will on the company; rather, the monitor’s role is to aid the company’s journey towards developing robust compliance policies and procedures that address the deficiencies in culture and controls that led to the original misconduct and that work for that particular company’s business model.
In many cases, external reporting to the enforcement authority of perceived friction or disagreements will not be necessary. For example, lack of cooperation when seeking information from junior or middle-ranking staff is likely to be dealt with more effectively, in the first instance at least, by a report to senior executives of the corporate entity, and joint steps by the corporate entity and the monitor to explain adequately to the affected staff the purpose of the monitorship and the benefits of collaborating with reasonable requests made by the monitor.
Similarly, a company’s perceived reluctance or struggle to change certain practices or adopt certain procedures should prompt the monitor to assess the suitability of the proposed course of action, and the strength of buy-in from all relevant parts of business for that course of action. The monitor should work with key stakeholders in the company to formulate an approach that fits the company’s operations and risk profile. That process may require the monitor to encourage the company to work with him or her collaboratively to come up with appropriate compliance solutions, rather than adopting off-the-shelf policies and procedures. The monitor should also work with key stakeholders in the company to educate all relevant parts of the business about the company’s compliance risks and the benefits of investing in compliance.
How should monitors deal with auditors?
The purpose of an audit is to provide an objective and independent examination and evaluation of a corporate entity’s financial statements. If the monitor encounters issues during the term of the monitorship that may affect the accuracy of financial statements, it is likely that the monitor would be bound by confidentiality obligations to the corporate entity and would not be able to disclose the matter to auditors. In this situation, the prudent course of action is for the monitor to urge the company to investigate the matter and, if necessary, work with the company to bring the matter to the auditor’s attention. The monitor should also assess whether the issue is one that would need to be included in the monitor’s report to the enforcement authority pursuant to the terms of the monitorship.
How should monitors deal with the media?
The monitor will owe confidentiality obligations to the company and the enforcement authority. Unless there are exceptional circumstances, as a matter of professionalism, the monitor should avoid engaging with the press.
Information gathering
What steps should monitors take to ensure that relevant documents are preserved, and when?
Monitors’ evidence preservation plans and priorities will be similar to those applicable to conducting an internal investigation or responding to a regulatory investigation. The monitor may have to work with the company to preserve data (for example, by disabling automatic email deletion) and amend or disapply the company’s document retention policies, or issue document hold notices in respect of categories of documents relevant to the scope of his or her engagement.
If the monitor has been appointed pursuant to a settlement with enforcement authorities, it is likely that document preservation measures will already have been implemented when the company conducted its own internal investigation. The monitor should assess with the company whether those preservation measures need to be kept in place during the term of the monitorship.
When should monitors conduct fact-finding interviews?
Depending on the terms of the appointment, the monitor may need to conduct fact-finding interviews with the company’s employees. Those interviews could focus on particular compliance incidents or aspects of the company’s compliance programme.
When compliance incidents occur (or even if none has occurred, if it is part of the monitor’s stated task to conduct spot checks to ensure the effectiveness of particular compliance functions or systems), the monitor may want to conduct interviews with personnel with relevant first-hand knowledge. These interviews are quite separate from interviews conducted by the corporate entity’s in-house or external counsel and are conducted for a different purpose.
Are the subjects of interviews entitled to separate representation?
Neither the monitor nor the corporate entity will be able to preclude the employees from engaging their own counsel at their own expense. Separately, however, the corporate entity is likely to wish to ensure that the company’s legal representative is present during the monitor’s interview with an employee to ensure that the corporate entity’s privileged information is not disclosed. The monitor will need to consider, however, to what extent the presence of company’s counsel at interviews may stifle an employee’s candidness and willingness to express their concerns.
Are monitors required to give the subjects of interviews Upjohn (or similar) warnings?
Although the monitor is not required to give an Upjohn (or similar) warning to an employee at the beginning of an interview, the monitor should nonetheless take care to clarify his or her role and the purpose of the interview, and remind the employee of the confidentiality of the interview.
Confidentiality and market obligations
To whom do monitors owe duties of confidentiality? What is the extent of these duties?
Under the DPA regime, monitors’ reports are confidential, with disclosure limited to the company in question, the prosecuting authority and the court. Monitors owe a duty of confidentiality to all three but this duty can be overridden if permitted by law (for example, if required pursuant to disclosure in civil litigation). Monitors’ reports are exempt from disclosure under the Freedom of Information Act 2000.
Currently, there are no reported examples of instances of claimants in separate civil litigation seeking or obtaining disclosure of monitors’ reports such as those seen in some cases in the United States. However, this is not to say that the confidentiality of reports prepared by monitors in the United Kingdom is unassailable or that attempts of this kind will not be made in future. One particular factor for monitors and corporate entities alike to bear in mind is that the UK Parliament has shown itself to be willing to publish confidential documents when it considers it to be in the public interest to do so (particularly when all or some of the content of reports has previously been leaked).
What practical steps should the company and monitors take to protect inside information?
If the company’s shares are listed on a stock exchange, the company will have obligations with respect to the management and disclosure of inside information. The company may have to place the monitor on an insider list owing to the nature of the information to which the monitor will have access during the term of his or her appointment. The company will also need to ensure that the monitor has systems in place to maintain strict confidentiality in respect of inside information that, if disclosed, could prejudice the company’s legitimate interests.
Reporting the outcome of monitorships
What format should monitors’ reports take?
The monitor should discuss with the prosecuting authority at the outset of the monitorship the format the monitor’s reports should take. The prosecuting authority may find it preferable to receive periodic informal reports, with a formal report delivered at agreed milestones. The monitor should supplement any written report with offers to guide the authority through the report by phone or during a face-to-face meeting.
Should the monitor share his or her draft report with the company?
To the extent permitted by the terms of his or her appointment, the monitor should give the company advance notice of any reports that the monitor will make to the enforcement authority. The monitor should explain his or her findings and recommendations to the company and allow it to comment on those findings and recommendations. Although the monitor has an independent duty to the enforcement authority to provide an objective report, the monitor should strive to avoid surprising the company with his or her findings, and formulate recommendations in collaboration with the company that achieve the objectives of the monitorship and that can be owned by the company long after the monitor’s mandate is finished.
Footnotes
Credit: Source link
