SFO has published an updated version of its internal guidance on how it evaluates a compliance programme. The guidance is part of SFO’s Operational Handbook.
When SFO is investigating an organisation, it will use its assessment of the organisation’s compliance programme to inform its decisions on key matters such as whether prosecution is in the public interest, whether to consider a DPA, whether an “adequate procedures” defence may be arguable and whether the organisation’s policies and procedures may be a relevant factor in sentencing considerations.
Key points the guidance makes include:
- organisations of any size should have at least some compliance arrangements, even if they are not large enough to have a compliance unit;
- a compliance programme must be effective and not just a paper exercise – it is critical the programme be proportionate, risk-based and regularly reviewed;
- that a factor in a decision on whether it is in the public interest to prosecute is whether the offence was committed at a time when the company had an ineffective corporate compliance programme – similarly whether the organisation has since taken remedial action could be relevant in a charging decision;
- if an organisation has made some effort to put in place bribery prevention measures, this could still be a factor in sentencing even if not good enough to provide a defence to a s7 allegation;
- an important factor in considering whether a DPA would be appropriate is the existence of a genuinely proactive and effective corporate compliance programme – and, if the matter goes to court, the state of the compliance programme may be relevant to sentencing, including whether the level of fine will impact the ability to implement an effective programme; and
- SFO staff are advised to consider the compliance programme early in an investigation, looking at it on a case by case basis, with the MoJ principles in mind.