Our global Corporate Crime and Investigations team welcomes you to our new six-monthly round-up of the key CCI themes emerging around the world. In this new publication, we will be calling on our CCI experts across the HSF network to provide commentary on the new developments, significant enforcement trends and emerging risks that they see in their practices and on which they are advising clients. We hope you find this overview of the practice helpful – please do not hesitate to get in touch with your local HSF contacts to discuss the issues raised in this update further.
In this first edition, we take a look at enforcement issues around the world, from an EMEA focus on whistleblower protections, to significant economic crime reforms in the UK and Australia, and US and Asian enforcement trends driven by ongoing geo-political developments - there are plenty of developments to follow!
UK
On 26 October 2023, the Economic Crime and Corporate Transparency Act 2023 ("ECCTA") received Royal Assent and became law. The ECCTA contains a number of disparate but very significant reforms to the UK's financial crime landscape. It is hoped that it will assist in targeting the so-called "epidemic" of fraud and its impact on UK businesses.
One of the most important areas of reform for companies is directed at the way in which companies can incur criminal liability. Corporate criminal liability is being changed in two ways: (i) a new corporate offence of "failure to prevent fraud", and (ii) an expansion of the scope of the "identification doctrine".
The failure to prevent fraud offence is modelled on the UK's existing offences of failure to prevent bribery and failure to prevent the facilitation of tax evasion. It will be committed where an "associated person" such as an employee, agent or service provider of a corporate entity ("C") commits a fraud offence intending to benefit C. It is a defence for C to show that it had in place reasonable prevention procedures.
Companies that are within the (broad) jurisdictional scope of the new offence will therefore need to give careful thought to the way in which they could demonstrate the reasonableness of their anti-fraud controls, if required.
In addition, the ECCTA seeks to address a perceived deficiency in the current legal framework which is said to make it disproportionately difficult to prosecute large organisations for wrongdoing committed by their employees. Under the current law, in most circumstances a company can only commit a criminal offence requiring a particular mental state (knowledge, recklessness etc.) if the mental state of a senior person representing the company's "directing mind and will" can be attributed to the company. The ECCTA extends the category of employees capable of incurring liability on the company's behalf to senior managers for the purposes of particular economic crimes. Unlike the failure to prevent fraud offence, there is no defence available for the company in respect of any procedures it may have in place.
Guidance on 'reasonable prevention procedures' for the purposes of the failure to prevent fraud offence must be published by the Secretary of State in due course, and the offence cannot be brought into force until this is available. By contrast, the reform to the identification doctrine will come into force in two months.
Alongside other changes, the ECCTA also introduces significant reforms to the role of Companies House, the UK's corporate registry – the biggest change in its role since it was created in 1884 – turning it from a largely passive recipient of information to a much more active gatekeeper.
Please see our previous briefings here, here and here for further information on corporate criminal liability reform, and here in relation to Companies House.
EMEA
Implementation of the EU Whistleblowing Directive
EU Member States (with the exception of Poland and Estonia) have almost completed the process of implementation, at the national level, of the Directive (EU) No. 2019/1937 "on the protection of persons who report breaches of Union law" (the EU "Whistleblowing Directive" ).
The Whistleblowing Directive sets out common minimum standards that EU Member States are required to meet to (i) facilitate, in both the public and private sectors, the reporting of information on breaches acquired in work-related contexts, in particular through the provision of internal and external reporting channels to be established by all the concerned organizations, and (ii) protect whistleblowers against any form of retaliation.
How are our European clients affected?
Following the implementation of the Whistleblowing Directive, all legal entities in the public sector (excluding those specifically exempted by each EU Member State) as well as all legal entities in the private sector with at least 50 employees or falling within the scope of certain EU sector-specific laws – as listed in Parts I.B and II of the Annex to the Whistleblowing Directive – relating to financial services, products and markets, money laundering and terrorist financing, environmental protection or security of transports are obliged to adopt whistleblowing channels and procedures complying with the new mandatory requirements. Several EU Member States have taken a broader approach and extended the requirements beyond these parameters.
Key requirements are as follows - subject to further specification by each EU Member State (please refer to our CCI contacts in France, Germany, Spain and Italy for further details concerning each jurisdiction):
- establishing internal whistleblowing channels, operated by a person or department designated for that purpose or provided externally by a third party, designed and structured to ensure (i) the confidentiality of the identity of the reporting person and of the content of the reports, (ii) a prompt and diligent follow-up on the reports and (iii) the completeness, integrity and security of information collected and processed in relation to each report;
- providing clear and easily accessible information regarding the procedures for reporting through external whistleblowing channels established by each EU Member State and operated by specifically designated competent public authorities;
- ensuring that any processing of personal data in connection with or as result of the investigation of whistleblowing reports is carried out in accordance with EU privacy laws, and in particular with EU Regulations No. 2016/679 (the "General Data Protection Regulation") and No. 2018/1725; and
- ensuring that whistleblowers are protected from any form of retaliation possibly connected with their reports.
It is important to note that lack of compliance with the abovementioned requirements might expose the concerned organizations to liabilities and sanctions provided for by each EU Member State.
The implementation of these new requirements means that clients across the EU are having to ensure that they have internal investigation processes in place which protect whistleblowers and provide for timely and independent internal investigations of reports. The new requirements are likely to result in an uptick in whistleblower reports and internal investigations and it will be important for clients to have processes in place to conduct internal investigations in a manner that is both compliant with the new requirements and limits exposure to the company.
Complexities of the UAE's emerging whistleblower protections
In February 2022, the UAE was placed on the Financial Action Task Force ("FATF") grey list, so there is now a concerted effort to improve anti-money laundering measures and transparency.
Onshore in the UAE, there remain challenges balancing the confidentiality obligations that employees and former employees are subject to under Federal Decree Law No, 331 of 2021 (the "UAE Labour Law") and Federal Decree Law No. 31 of 2021 (the "UAE Penal Code") and the positive obligation to report criminal conduct under the UAE Penal Code. While the UAE Labour Law makes it illegal for an employee's employment to be terminated on account of a complaint made to the Ministry of Labour or a claim against the employer (in either case, which is held to be valid), it does not go as far as to provide whistleblowing protections in the broader sense.
The position is more favourable in the Dubai International Financial Centre (the "DIFC"), a freezone in the UAE, where there are statutory protections where a report is made in good faith and there is reasonable suspicion that a registered person has or may have breached applicable law.
Whistleblowing reform in South Africa and wider investigation trends across the African continent
Whistleblowing in South Africa
One of the key recommendations by the Zondo Commission following its nearly four-year inquiry into State Capture focused on South Africa's whistleblowing regulatory framework. Overarching themes concerning criticism of South Africa's primary whistleblowing legislation, the Protected Disclosures Act, are that whistleblowers in South Africa face significant personal risks while simultaneously receiving limited protection (aside from notional safeguards relating to their employment).
This is compounded by the fact that there are no incentives (financial or otherwise) for blowing the whistle in South Africa and even less certainty that the risk of blowing the whistle will be supported by any meaningful investigation or prosecution.
In order to address these shortcomings, South Africa's Department of Justice and Constitutional Development have proposed a number of reforms to the Protected Disclosures Act. One of the chief proposed enhancements relates to the protection of whistleblowers, providing them with legal support and broadening the scope of the Protected Disclosures Act to include more than just the employer-employee relationship.
The proposed amendments are still under consideration and subject to public comment and it remains to be seen which proposals will be passed into law and whether they will have a meaningful impact on the effectiveness of whistleblowing in South Africa.
Enforcement challenges in Africa
South Africa's enforcement authorities (and enforcement authorities more broadly in Africa) still face challenges relating to capacity and expertise, the result being that the regulatory and enforcement landscape is not overly active. Investigations in the private sector remain driven by corporates themselves and in the case of multinationals doing business in Africa are often in response to foreign regulators that have jurisdiction.
In certain jurisdictions where regulatory or enforcement action is initiated, challenges remain with the judicial systems. Issues of inconsistency, political interference and corruption present difficulties for corporates accustomed to operating in more predictable and transparent court proceedings.
Asia
The business and legal environment in Greater China has been impacted by broader geopolitical issues between the US and China. The continued tension in the relationship between China and the US has raised concerns related to market access and potential regulatory challenges – especially around data security and privacy – that has led to investors being more cautious about entering Mainland China. In Hong Kong, more tempered capital markets have resulted in a slowdown on the regulatory enforcement front, although law enforcement activity remains brisk, particularly on matters related to trade. There has been a marked increase in customs and excise related enforcement in both Hong Kong and Mainland China and authorities in both China and Hong Kong continue to be active in pursuing corruption related enforcements.
In Singapore there has been a significant increase in anti-money laundering related enforcement. Singapore has come under tremendous international scrutiny lately after it seized S$2.8b assets representing proceeds of crime and charging some 10 to 20 people for anti-money laundering offences with a further 20 to 30 plus under active investigation. Further, the Monetary Authority of Singapore ("MAS") has been issuing significant penalties against financial institutions for inadequate anti-money laundering processes totalling a record amount of S$20 million over the past 18 month period. This trend is being exacerbated by the fact that Singapore has built itself up as FinTech centre and is keen to retain its reputation as trusted financial centre. As a result clients are having to be increasingly sensitive to exposure under Singapore's strict money laundering rules where they are handling funds that might be perceived as criminal proceeds and which may have a Singapore nexus.
US
Recent actions and statements by the U.S. Department of Justice (“DoJ”) have denoted a number of areas of emphasis in the CCI space.
On March 2, 2023, Deputy Attorney General Lisa Monaco delivered remarks at the American Bar Association National Institute on White Collar Crime. DAG Monaco highlighted a number of action items for the Department, including: (i) incentivizing a “culture of compliance” for corporations; (ii) harmonizing procedures across the country for voluntary disclosure to encourage more corporate self-reporting of misconduct; (iii) launching a program to encourage the use of compliance-promoting criteria in compensation and bonus systems; (iv) providing fine reductions to corporations that seek to clawback compensation from individual employee wrongdoers; (v) increasing resources to address the intersection of corporate crime and national security; and (vi) increasing an emphasis on individual accountability.
Assistant Attorney General Kenneth A. Polite, who spoke at the same event the following day, in addition to summarizing the Department’s recent successful prosecutions across the fraud space, expanded on a number of themes that DAG Monaco had raised. Amongst other things, AAG Polite reiterated recent changes to DoJ’s Corporate Enforcement Policy, which provide tangible incentives (in the form of potential declination and significant reduction in financial penalties) for voluntary self-disclosure, full cooperation, and timely remediation. He also announced changes to DoJ’s Evaluation of Corporate Compliance Programs, including specifically how corporations approach the use by employees of personal devices, communications platforms, and ephemeral messaging services.
Corporate resolutions over the first half of 2023 underscore the wide range of outcomes that can result depending on the circumstances, ranging from non-prosecution agreements, to deferred prosecution agreements, and guilty pleas. Additionally, as DAG Monaco noted, the DoJ has maintained its focus on individual accountability. As illustrated by figures provided in the DoJ Fraud Section’s 2022 Year in Review, there has been a continued increase in enforcement activity against individuals over pre-pandemic levels and DoJ’s activity in 2023 continues this focus.
We have also seen a significant increase in enforcement activity in a number of other key areas:
- In line with geo-political developments, prosecutors have launched more investigations involving national security issues, particularly involving sanctions and export controls.
- The DOJ, U.S. Securities and Exchange Commission, and Commodity Futures Trading Commission have each taken steps to ramp up capacity for prosecuting illegal activity in the digital asset and cryptocurrency space, including creating dedicated teams of specialists to investigate such cases.
More individuals and companies are facing investigations into alleged fraudulent manipulation of financial results and other accounting misconduct.
Australia
There have been two recent developments that will be of particular interest to Australian companies and multinational companies with business in Australia, signalling the current Government’s commitment to uplifting the Australian legal framework to more effectively detect, investigate and prosecute bribery and corruption.
New National Anti-Corruption Commission and investigation activity
On 1 July 2023, the new National Anti-Corruption Commission ("NACC") came into operation, creating a new avenue for reporting and investigating corrupt conduct involving public officials at the Commonwealth (federal) level of government. The NACC’s objectives include the prevention and timely detection and investigation of serious and systemic corruption issues. It has a very broad remit, including over contractors to government, who can be deemed to be public officials themselves. HSF explored the potentially significant implications of the NACC for Australian businesses in a recent webinar and article (here). There are mandatory referral obligations on certain staff members of Commonwealth agencies, but any person can voluntarily refer an issue to the NACC. In its first 100 days of operation, the NACC received 1,247 referrals and opened 3 new corruption investigations.
With ongoing changes in the regulatory and enforcement environment in Australia, including the introduction of the NACC, investigation activity both by regulators and internally within business is on the rise. We conducted a survey of recent internal investigations supported by HSF’s Australia corporate crime and investigations team, to shed light on key trends, issues and learnings that could be useful for our clients and businesses more broadly. You can access these insights in our article here.
Re-enlivened foreign bribery reforms
A bill currently before Australian Federal Parliament has re-enlivened some (but not all) previously lapsed reforms aimed at strengthening Australia’s anti-bribery and corruption laws. The Crimes Legislation Amendment (Combatting Foreign Bribery) Bill 2023 (Cth) is the third Bill introduced in three successive Parliaments that seeks to expand the scope of the current offence of bribery of a foreign public official, and introduce a new “failure to prevent” foreign bribery offence for corporates, modelled on a similar provision in the UK Bribery Act. If passed, the new offence would render a company liable if it fails to prevent an “associate” from committing foreign bribery for the company’s profit or gain, unless the company can establish it had “adequate procedures” to prevent such conduct.
Unlike previous attempted reforms, this bill does not also include provision for a deferred prosecution agreement ("DPA") scheme, however members of the Federal Opposition have moved for amendments to add DPAs to the reform package. The other measures currently included in the bill have bipartisan support. You can read HSF’s analysis of the difference between this bill and its predecessors here.
Regional Heads
UK
EMEA
Asia
US
Australia
Jonathan Mattout
Partner, Deputy Global Head - Corporate Crime and Investigations, and Regional Head of Practice (EMEA), Paris
Key contacts
Jonathan Mattout
Partner, Deputy Global Head - Corporate Crime and Investigations, and Regional Head of Practice (EMEA), Paris
Stuart Paterson
Managing Partner, Middle East and Head of Middle East Dispute Resolution, Dubai
Pamela Kiesselbach
Global Practice Area Manager, Corporate Crime and Investigations, London
Disclaimer
Herbert Smith Freehills LLP has a Formal Law Alliance (FLA) with Singapore law firm Prolegis LLC, which provides clients with access to Singapore law advice from Prolegis. The FLA in the name of Herbert Smith Freehills Prolegis allows the two firms to deliver a complementary and seamless legal service.