On 5 January 2021, the U.K. Supreme Court (the U.K.’s highest Court) handed down its judgment in the case brought by the Houston-based engineering, procurement, construction company, KBR, Inc., challenging the right of the U.K. Serious Fraud Office (the SFO) to compel the production of documents located overseas. The Supreme Court unanimously ruled that the SFO cannot compel the production of documents held outside the U.K., and the SFO’s notice issued under section 2 of the Criminal Justice Act (the Section 2 Notice) demanding that KBR, Inc., produce files stored in the U.S. be quashed. In short, a Section 2 Notice has no extraterritorial reach.

Section 2 of the Criminal Justice Act 1987

Section 2 of the Criminal Justice Act 1987 (the CJA) is the principal mechanism used by the SFO to obtain information relevant to its investigations. Under section 2 of the CJA, the SFO can compel a person being investigated or any other person that has information relevant to an investigation to answer questions or otherwise furnish information (section (2)(2) of the CJA), or to provide information or documents relevant to that investigation (section (2)(3) of the CJA).

Section 2 carries a criminal sanction for non-compliance. Under section 2(13) of the CJA, a person convicted of failing to comply with a Section 2 Notice – without a reasonable excuse – is liable on summary conviction to imprisonment for up to six months or a monetary fine. Stricter sentences can be imposed for making false or misleading statements in response to a Section 2 Notice or for falsifying, concealing, destroying or disposing of relevant documents.

There is a defence to prosecution if the recipient can show that it had a reasonable excuse for non-compliance. Of particular note in this regard is that a Section 2 Notice cannot compel the production of material subject to legal professional privilege.

SFO Investigation of KBR

In April 2017, the SFO announced that it had opened an investigation into KBR, Inc.’s U.K. subsidiaries, their officers, employees and agents for suspected offences of bribery and corruption.

As is usual in the SFO’s investigations, in April 2017, the SFO issued a Section 2 Notice to KBR Ltd (the U.K. entity) for the production of various categories of material. This was followed by a further Section 2 Notice addressed to the US parent, KBR, Inc. (the Second Section 2 Notice). The Second Section 2 Notice was issued to one of KBR Inc.’s officers during a meeting with the SFO in London in July 2017. The Second Section 2 Notice sought the same materials as requested in the first notice, as well as an additional six new categories of information.

By way of judicial review, KBR, Inc. applied for the Second Section 2 Notice to be quashed to the extent that it purported to compel the production of material held outside of the U.K. KBR Inc. argued that section 2 of the CJA did not operate extraterritorially. In contract, the SFO said that section 2 of the CJA had no territorial limit.

At first instance, the High Court of England and Wales noted that section 2 of the CJA was silent on the issue of territoriality: it neither expressly displaced the presumption against extraterritoriality nor did it contain words of jurisdictional limitation. The High Court reasoned that section 2 of the CJA must, however, have an “element” of extraterritorial application since to suggest otherwise would be to frustrate the SFO’s ability to conduct effective investigations into offences committed internationally, particularly in the modern context of large global organisations where documents are increasingly likely to be held overseas by foreign companies in the same group.

The High Court held that section 2 of the CJA should extend to foreign companies where there is a “sufficient connection” between the company and the U.K. In the case of KBR, Inc., it found that there was a “sufficient connection” between KBR, Inc. and the U.K. on the basis that payments central to the SFO’s investigation of KBR Ltd required the approval of KBR, Inc. and were paid by KBR, Inc. through its US-based treasury function.

KBR Inc. appealed the decision of the High Court to the Supreme Court. The Supreme Court has unanimously held that the “sufficient connection” standard is not supported by the language of section 2 of the CJA, and that the intention of the U.K. parliament was that information outside of the U.K. should be obtained by established international information sharing arrangements, such as mutual legal assistance systems. The Supreme Court found that:

“The presumption against extra-territorial effect clearly applies in this case because KBR Inc is not a UK company, and has never had a registered office or carried on business in the UK”

The SFO’s Wings have been Clipped but Other Mechanisms Exist to Obtain Overseas Documents

The decision of the Supreme Court is a welcome clarification for recipients of Section 2 Notices and those advising them. The SFO has likewise welcomed the clarification “of the extent of the SFO’s powers…, including its confirmation of [the SFO’s] power to compel UK companies to repatriate documents which they hold overseas”.

The decision doubtless has an effect on the way in which the SFO can conduct cross-border investigations which require the production of documents and information which are not ordinarily accessible in the U.K. The decision should also be seen in the context of the U.K.’s departure from the European Union (the EU), which as a result means that the U.K. is no longer a member of the EU’s primary law-enforcement groups, including Eurojust (an agency allowing EU-member states to gather and exchange information on crime) and Europol (an intelligence and data-sharing centre).

The SFO’s powers are not, however, completely thwarted. The SFO has a number of options available to it in order to gather information located overseas, including:

  • Seeking information via the mutual legal assistance (MLA) process. This is a process where law enforcement agencies cooperate in criminal investigations and proceedings, including to request the production of information and materials. The U.K. has signed bilateral MLA agreements with 40 other countries and is a party to a number of multilateral agreements.
  • Overseas production orders (or OPOs). As set out in our previous blog “Data Transfer Considerations in Investigations,” the Crime (Overseas Production Orders) Act allows the SFO to obtain data directly from communications service providers located abroad – provided there is a cooperation agreement between the U.K. and the country where the provider is based – by applying to access evidence based overseas which is potentially relevant to U.K. indictable offences that carry a potential sentence of at least three years’ imprisonment. To date, the U.K. has, however, only signed such an agreement with the U.S.

As well as the impact on the SFO’s ability to obtain overseas’ information in future investigations, the Supreme Court’s judgment does not provide any guidance as to what should happen to investigations for which the SFO has already compelled – and had produced to it – documents that were held overseas.


Whilst the SFO’s powers to compel the production of documents located overseas have undoubtedly been limited by the judgment of the Supreme Court, there are other ways in which the agency can obtain their production. In addition, for those companies wishing to obtain maximum credit for cooperating with the SFO including by being invited to negotiate a Deferred Prosecution Agreement, the option to produce documents voluntarily (subject to the applicable data protection and secrecy rules) will remain a key consideration in deciding whether (or not) to produce to the SFO documents which are located overseas.

With the 3 February 2021 announcement by Santander, the Madrid-based financial services company, that it is cooperating with a civil regulatory investigation by the U.K. Financial Conduct Authority (the FCA) into its compliance with the U.K. Money Laundering Regulations 2007 and potential breaches of FCA principles and rules relating to anti-money laundering and financial crime systems and controls, it is clear that financial crime is a significant area of focus for the U.K. in 2021.

Continue Reading Financial Crime Controls Remain a Key Focus and Priority in the U.K.

Singapore has long been a regional banking and trading hub, but in recent years, as multinational companies in other sectors have moved their regional headquarters to Singapore, it is also emerging as a regional data hub. This shift has implications for companies involved in US compliance and investigation activities in the Asia-Pacific region. US authorities require and expect that legal and compliance personnel will use data to support their work in these areas.

In this advisory, we discuss Singapore’s data protection policies, including data localization. We will also focus on the impact of the recent amendments to Singapore’s main data protection legislation, the Personal Data Protection Act (PDPA), which took effect on February 1, 2021, including the new “legitimate interests” exception, for companies conducting data driven compliance reviews and investigations involving Singapore-based data.

Click here to read the full client advisory.

The Due Process Protections Act amended the federal rules of criminal procedure to require district courts to issue, at the outset of every criminal case, an order confirming the prosecutor’s disclosure obligations under Brady v. Maryland, and the consequences for violating the order. A critical role for defense counsel at the outset of a criminal case will now be to shape the terms of this mandatory Brady order. Key open issues that should be the subject of defense counsel advocacy as courts begin to implement this important new law include: what information must be disclosed, when it must be disclosed, the scope of the prosecution team that is bound to make disclosure, and how compliance or noncompliance will be determined and sanctioned. This article gives a roadmap for defense counsel to obtain a broad and meaningful Brady order on each of these issues.

Click here to read the full client advisory.

In late December, the United States Court of Appeals for the Second Circuit affirmed the conviction of Chi Ping Patrick Ho on seven counts alleging multiple FCPA and money laundering (and related conspiracy) violations.[1] The decision is notable for its construction of various FCPA provisions, and further demonstrates the expansive jurisdictional reach of anti-money laundering laws to dollar-denominated transfers.

Ho, a citizen of Hong Kong, served as an officer and director of the Hong Kong-based non-governmental organization China Energy Fund Committee (CEFC-NGO), which was funded by Shanghai-based energy conglomerate China CEFC Energy Company Limited (CEFC).[2] Ho also served as an officer and director of a CEFC-affiliated US non-profit (US NGO), funded by CEFC NGO.[3]

Ho’s conviction, for which he was sentenced to 36 months imprisonment and a US$400,000 fine,[4] stemmed from two alleged bribery schemes involving (1) an attempted US$2 million cash delivery to the President of Chad (which was purportedly rejected by the President) and (2) a US$500,000 wire transfer to a charity associated with the foreign minister of Uganda.[5] Notably, the US dollar-denominated wire originated from a bank in Hong Kong, which was transmitted through its operating unit in the United States as a correspondent to another bank in New York, which in turn was acting as a correspondent for a beneficiary bank in Uganda for final credit to an ultimate beneficiary NGO. Both acts were allegedly made for the benefit of CEFC’s commercial interests in Africa.[6]

Continue Reading United States v. Ho

Earlier this year, we wrote about a decision from the Fourth Circuit[1] that seemed to cast doubt on the legality of taint teams. Since then, two recent district court cases affirmed the legality of the practice, but emphasized limitations on government review of privileged material. These cases, together, suggest that the days of courts rubber-stamping whatever privilege review protocol the government proposes may be over, and provide a preview for how courts will handle privilege review in the future. In both, courts set limits on filter team review, ruling that sending non-privileged material straight to the prosecution without prior review by the privilege-holder fails to adequately protect the privilege-holder’s interests.

Continue Reading DOJ ‘Taint Team’ Practice Affirmed but Protocols Questioned

On November 16, the Health and Human Services (HHS) Office of Inspector General (OIG) issued a Special Fraud Alert highlighting fraud and abuse risks associated with payments to physicians related to speaker programs sponsored by pharmaceutical and medical device companies.

Despite the pharmaceutical and device companies’ longstanding use of speaker programs to educate heath care professionals about their products, OIG appears to take a different view of company-sponsored speaker programs, expressing doubt as to whether those programs have any educational value at all. Given prior guidance regarding the anti-kickback statute (AKS) risks posed by speaker programs, the health care industry is poised to discover the answer to two key questions: What does the new Special Fraud Alert really add to the mix? And, will the new Special Fraud Alert signal a new wave in AKS enforcement priorities? While only time will definitively answer both questions, this client advisory takes a closer look at the new Special Fraud Alert with a view towards managing compliance.

For more information, click here to read the full client advisory.

This month has so far seen two significant actions taken by the Department of Justice (DOJ) Antitrust Division (Antitrust Division) on wage-fixing and no-poach litigation and enforcement matters, which has shed additional light in an enforcement area that has needed it. Over the last few weeks, the Antitrust Division both served up its first indictment in a criminal wage-fixing case, and filed an amicus brief in a “no-poach” case to clarify its view of how the law should be interpreted relating to franchise agreements. Continue Reading A Busy Month for DOJ on No-Poach/Wage-Fixing Enforcement Front

One of the most difficult questions faced by any management team is whether, absent a legal, regulatory or statutory duty to do so, its company should commence an internal investigation. The answer is simpler when a law enforcement agency is knocking at the company’s door, when the company receives a request for information to which it is compelled to respond or when it is the subject of a whistleblower or adverse press report. However, it is perhaps far less simple when an investigation is being voluntarily contemplated to assess the general health of the company. What happens if an issue is identified that might otherwise have remained undetected, that leads to significant costs, demands on management time, adverse press and, perhaps worse still, regulatory sanction or criminal prosecution? Might it be better to let sleeping dogs lie?

The question as to whether to undertake a voluntary investigation is one that, for many years, has caused management teams to scratch their collective heads. Given the issues that have affected many companies as a result of the worldwide COVID-19 pandemic, the question is increasingly being raised. As a result of the effects of COVID-19, some companies were rushed into decisions that they might otherwise have spent more time considering, compliance processes were shortened or even overlooked, and employees were afforded more opportunity to take autonomous decisions, often within the less supervised confines of a remote environment. Is 2021 the time to revisit some of the decisions that were made over the past year and to lift up the floorboards?

In this article, we suggest some of the advantages and disadvantages of undertaking a proactive, voluntary internal investigation. We also consider some of the ways in which a company could mitigate those potential disadvantages.

Continue Reading The Benefits and Risks of Conducting an Internal Investigation: Is it Better to Let Sleeping Dogs Lie?

Increasingly frequent cross-border investigations have raised difficult questions of privilege and work product protection over the last few years. In the United States, attorney-client privilege protects confidential communications between attorneys and clients for the purpose of seeking or rendering legal advice, and the work product doctrine protects documents or materials prepared in anticipation of litigation from discovery. Not every country offers those protections. Although many other countries recognize some form of privilege or confidentiality between attorneys and clients, that privilege or confidentiality may be construed to cover a narrower subset of communications. International businesses therefore must recognize that communications deemed privileged in the United States may not be considered privileged in other countries. For example, in France in-house counsel are not considered members of a “bar” and professional secrecy typically does not protect communications between a company’s management and its in-house counsel. In Germany, privilege may apply to communications with in-house counsel in civil proceedings but not in criminal proceedings. Moreover, in those jurisdictions in which privilege is recognized, the circumstances under which privilege is waived also differ across jurisdictions. Japanese law, for example, provides no baseline attorney-client privilege although specific rules such as those issued by the Japan Fair Trade Commission may protect such communications when related to the particular subject matter. English law, on the other hand, is more similar to US attorney-client privilege but does not extend as safely to internal investigation notes. Under English law, documents generated during an internal investigation will only be privileged if the communication is with the narrowly defined “client,” the documents betray the trend of legal advice or litigation (which can include criminal proceedings) was in reasonable contemplation. Comparing France, Germany, Japan, England, and the United States exemplifies how decisions to disclose attorney-client communications to third parties may have different consequences in different jurisdictions, even if the disclosure may not effect waiver in the jurisdiction in which it is made. When these differences in privilege law are present, the question must be addressed: which privilege rule controls? The US Court of Appeals for the Second Circuit’s recent decision in Mangouras v. Squire Patton Boggs may offer new insight into that question.

For more information, click here to read the full client alert.