One of the most difficult questions faced by any management team is whether, absent a legal, regulatory or statutory duty to do so, its company should commence an internal investigation. The answer is simpler when a law enforcement agency is knocking at the company’s door, when the company receives a request for information to which it is compelled to respond or when it is the subject of a whistleblower or adverse press report. However, it is perhaps far less simple when an investigation is being voluntarily contemplated to assess the general health of the company. What happens if an issue is identified that might otherwise have remained undetected, that leads to significant costs, demands on management time, adverse press and, perhaps worse still, regulatory sanction or criminal prosecution? Might it be better to let sleeping dogs lie?

The question as to whether to undertake a voluntary investigation is one that, for many years, has caused management teams to scratch their collective heads. Given the issues that have affected many companies as a result of the worldwide COVID-19 pandemic, the question is increasingly being raised. As a result of the effects of COVID-19, some companies were rushed into decisions that they might otherwise have spent more time considering, compliance processes were shortened or even overlooked, and employees were afforded more opportunity to take autonomous decisions, often within the less supervised confines of a remote environment. Is 2021 the time to revisit some of the decisions that were made over the past year and to lift up the floorboards?

In this article, we suggest some of the advantages and disadvantages of undertaking a proactive, voluntary internal investigation. We also consider some of the ways in which a company could mitigate those potential disadvantages.Continue Reading The Benefits and Risks of Conducting an Internal Investigation: Is it Better to Let Sleeping Dogs Lie?

Increasingly frequent cross-border investigations have raised difficult questions of privilege and work product protection over the last few years. In the United States, attorney-client privilege protects confidential communications between attorneys and clients for the purpose of seeking or rendering legal advice, and the work product doctrine protects documents or materials prepared in anticipation of litigation

In its 2019-2020 Annual Report (the Report), the UK’s sanctions office (the UK Office of Financial Sanctions Implementation (OFSI)) revealed that, between April 2019 and March 2020, it had received 140 voluntary disclosures of potential sanctions violations related to transactions worth a total of £982 million.  This represents a record number of reports, and an

In what some are calling potentially “radical and seismic changes,” on 3 November 2020, the UK government announced that it had finished a three-year examination of the case for reform of the UK’s corporate criminal liability laws and tasked the Law Commission, an independent body designed to recommend legal reforms, to conduct further analysis and make recommendations for improvement. The Law Commission has said that it aims to publish its recommendations in late 2021.

With some limited exceptions (most notably, the section 7 offence under the UK Bribery Act 2010 and the facilitation of tax evasion offences under the UK Criminal Finances Act 2017), corporate criminal liability in the UK is based on the “identification principle.” This principle provides that a company can only be held criminally liable for financial crime offences if prosecutors can prove beyond reasonable doubt that the “directing mind and will” of the company committed or was aware of the misconduct.Continue Reading The UK (Slowly) Inches Toward Corporate Criminal Liability Reform

On 21 October 2020, Her Majesty’s Revenue and Customs (HMRC) – the UK’s tax authority – released updated figures regarding the number of investigations that it has open into potential offences under Part 3 of the Criminal Finances Act 2017 (the Act). Part 3 of the Act makes it a criminal offence for businesses to fail to put in place reasonable procedures to prevent their employees and associated persons – i.e. those who act for or on behalf of them – from criminally facilitating tax evasion.

According to the information released by HMRC, as at 13 October 2020, HMRC had 13 investigations into potential offences under the Act and a further 18 cases currently under review. HMRC also report that its investigations span 10 different business sectors, including financial services, oils, construction, labour provision and software development, and that those investigations span all HMRC customer groups from small business through to some of the UK’s largest businesses.

The number and range of investigations appear to show that HMRC is actively enforcing the Act across businesses of all shapes and sizes, even despite the pressures on workload and resources caused by the COVID-19 pandemic. This reach, together with potentially unlimited fines for businesses found guilty of the offences, is a salutary reminder that businesses must take their responsibilities seriously and put in place reasonable procedures to stop the facilitation of tax evasion.Continue Reading The Future of the Facilitation of Tax Evasion Offences in the UK

Following a recent rise, the price of Bitcoin once again exceeds $10,000, a key resistance level which, if sustained, could see it rising even further. Interest in cryptocurrencies is, according to some observers, likely to rise as measures taken by Central Banks to combat the effects of the coronavirus pandemic result in the devaluing of their own fiat currencies, and while Central Banks themselves experiment with digital currencies. The Libra Association continues to work on Libra, a token designed to be used on Facebook. Rumors swirl of imminent support by the global payments giant PayPal for cryptocurrencies, supported by recent job listings for cryptocurrency engineers. Whilst it might not yet have returned to the levels of mania seen during 2017-2018, cryptocurrency appears likely to continue to grow in both maturity and usage. Such a rise will inevitably be marked with a corresponding increase in the debate over the extent of regulation needed in the area. Should it be a case of caveat emptor or should government regulators take greater steps to introduce guard rails in this area?
Continue Reading Sheriffs of the Wild West? Regulators will Likely Continue Debating the Necessity of Greater Cryptoasset Regulation

In May 2020, the U.K. Financial Conduct Authority, the authority charged with regulating financial firms and maintaining the integrity of the financial markets in the United Kingdom, reported that whistleblowing reports to the Financial Conduct Authority on workplace culture issues in 2019 had increased by 35%. There is also evidence of an increase in whistleblowing reports made during the COVID-19 lockdown, with WhistleB, the Swedish-European provider of whistleblowing solutions, reporting an increase of 40% in the number of concerns raised by whistleblowers in Europe from January to May 2020. Similarly, in the United States, the Securities and Exchange Commission (SEC) reported a 35% increase in the number of whistleblower tips, complaints and referrals between mid-March and mid-May 2020. And although the filing of whistleblower complaints (also known as “qui tam” complaints) are reported to be down compared to the same time last year, the recent distribution of billions of dollars in federal money to companies (discussed further below) is sure to reverse that trend.

In addition, there have been a number of high-profile press reports of investigations and enforcement actions which were prompted by whistleblower reports, with perhaps the most significant recent example being that of Wirecard AG, the German payment processor and financial services provider at the center of a financial scandal in Germany. In June 2020, the company reported €1.9 billion in missing cash. It is reported that Germany’s financial watchdog (BaFin) received a tip-off from a whistleblower about alleged irregularities at Wirecard.

In the wake of the COVID-19 pandemic, a wave of whistleblower reports alleging misconduct in key areas is likely to be inevitable. Whether they come via a regulator, a government authority, the media or directly to the company, companies must be prepared properly to tackle these cases as and when they arise, as a failure to do so could prove fatal to companies that are already fighting to recover from the detrimental economic impact caused by COVID-19. This will undoubtedly be made more difficult as those who usually investigate the reports are not in the office physically to gather all of the facts and evidence using established procedures. Perhaps more than ever, companies should understand the risks posed to their businesses and be ready for the inevitable emergence of whistleblower reports.

We consider below some of the main areas where whistleblowing reports are predicted to increase, as well as how companies can prepare to ensure that they are in the best position to handle any future claims.Continue Reading Whistleblowing and Internal Investigations

The Financial Reporting Council (FRC) is an independent regulatory body in the U.K. and Republic of Ireland (ROI) responsible for regulating auditors, accountants and actuaries. The FRC and its subsidiaries also play important roles in the oversight and development of corporate governance standards in the U.K. and ROI, such as the U.K. Corporate Governance and Stewardship Codes and the general standards for the accounting industry.

Founded in 1990, the FRC historically has tended to attract less attention than some of the better known and better funded U.K. enforcement bodies including the Financial Conduct Authority (FCA) which regulates the U.K. financial services authority and Serious Fraud Office (SFO) which investigates and prosecutes serious or complex fraud and corruption in England, Wales and Northern Ireland.  But any complacency or ignorance of the significance or broad range of powers and sanctions at the FRC’s disposal may come at a significant cost – the FRC’s enforcement activities are on the increase and the entity is becoming a major player in the U.K. regulatory environment.

The provisions governing FRC enforcement were originally set out in an Accountancy Scheme and Actuarial Scheme (the Schemes) – contractual arrangements between the FRC and the various accountancy and actuarial professional bodies.  Following the implementation of EU legislation in June 2016, however, a new Audit Enforcement Procedure (AEP) is used for all new audit matters.  The Accountancy Scheme continues to be used for non-audit matters and audit investigations that commenced before June 2016 while the Actuarial Scheme continues to be used for all actuarial investigations.Continue Reading The Financial Reporting Council’s Bite Proves Worse than its Bark

Companies that operate in more than one jurisdiction that are either carrying out an internal investigation or are subject to a criminal or regulatory investigation by U.S. law enforcement agencies will almost certainly need to consider the legality of trans-Atlantic data transfers.  Under European law, in particular, companies falling short in compliance with data protection laws could face fines of up to the higher of €20 million or 4% of annual global turnover.

With the introduction, in 2018, of the General Data Protection Regulation (“GDPR”) which generally prohibits (with some exceptions) the transfer of EU-based personal data outside of the European Economic Area (“EEA”) and other legislation, the overhaul of the EU data protection framework often leaves companies under investigation by U.S. law enforcement with tough decisions to make between complying with their obligations – or their wish – to meet U.S. prosecutors’ demands and abiding by relevant data protection laws.  In particular, some EU-based companies have found themselves at the receiving end of U.S. prosecutors’ requests or subpoenas for documents, in circumstances where compliance with them could potentially risk hefty domestic fines for breaching data protection laws.  There may also be other considerations to be borne in mind, such as relevant bank secrecy laws and common law rights to privacy, where a failure to comply with the relevant law could result in criminal sanctions including imprisonment.

Developments in U.S. and U.K. law, however, have introduced a framework for the legal cross-border transfer of data via cooperation between international authorities.  In addition to ensuring compliance with the GDPR and other privacy obligations in conducting data transfers,  U.S.- and U.K.-based communication service providers (“CSPs”)[1] should familiarize themselves with the recently signed U.K.-U.S. Bilateral Data Access Agreement (the “Agreement”).  The Agreement facilitates the objectives of the U.S. Clarifying Lawful Overseas Use of Data Act (the “CLOUD Act”) and the U.K. Crime (Overseas Production Orders) Act 2019 (the “COPOA”).  According to a communication by U.S. Attorney General William Barr to Congress earlier this year, the Agreement was scheduled to become effective on July 8, 2020, but there has been no official announcement from either the U.S. or U.K. governments on the status of the Agreement.  Indeed, earlier this month, the U.K. government anticipated that the Agreement would “come[] into use later this year[.]”  We discuss the implications of these developments and considerations for U.S.- and U.K.-based companies needing to transfer personal data[2] across the Atlantic to facilitate investigations.Continue Reading Data Transfer Considerations in Investigations

We live in a world where, almost overnight, “social distancing” entered both our lexicon and our way of life. The constraints associated with keeping a minimum distance with one another have caused, and will continue to cause, significant difficulty for restaurants, pubs, bars, gyms, sporting events, concerts and more. Another established practice, however, also must address the reckoning that it too faces: the jury trial.

While the coronavirus pandemic temporarily brought jury trials in England and Wales to a grinding halt, jury trials had for some time prior been beset with pressures and challenges as a result of austerity measures. In January 2020, a report by barristers in the west of England found that Her Majesty’s Courts and Tribunals Service had cut the number of sitting days for courts in the region by 15%. This had led to “rocketing delays”, some courts being booked up for months on end. Amanda Pinto QC, chair of the Bar Council, noted that the problems were not confined solely to the west of England; indeed, at a national level, the average time from commission of offence to resolution at Crown Court increased from 392 days in 2010 to 525 days in 2019. According to Ms. Pinto, the issue was “fast becoming a national crisis.”Continue Reading Trial by Jury: Inalienable Right or Anachronistic Practice?