Regulatory Outlook | Anti-bribery, Corruption and Financial Crime | January 2021

Current issues

Covid-19 fraud investigations increasing

There has been much press relating to the potential abuse of government support such as the Coronavirus Job Retention Scheme for workforces and financial support such as the Coronavirus Business Interruption Loan Scheme (CJRS). HMRC is paying particular attention to employers who have made claims under the CJRS.

Where frauds have been perpetrated, this could give rise to indirect risk to businesses in terms of anti-money laundering offences if funds received from third parties are known or reasonably suspected of being tainted, and the failure to prevent the facilitation of tax evasion if persons associated with the business are committing tax fraud.

Businesses should therefore take the opportunity to ensure they have complied with all rules and guidance in relation to government support schemes, and to implement or update any relevant risk assessments and put in place necessary mitigation measures in relation to third parties.

Updated resource guide on US foreign corruption practices

The US Department of Justice and Securities and Exchange Commission has updated its 2012 guide on the Foreign Corrupt Practices Act.

Whilst US-specific, it includes a section on the hallmarks of an effective compliance programme.

This is more detailed than the guidance published by UK authorities, so although not binding in the UK, the US document could provide a useful reference point to businesses drafting or updating internal compliance policies.

Further, if a business is investigated for failing to prevent bribery, being able to reference a system framed having regard to the US guidance, might assist in establishing that adequate procedure to prevent bribery were in place.

Ransomware: to pay or not to pay?

Ransom attacks have become big business for cyber criminals. The sums now being demanded, and often paid, are getting higher and the threats more alarming. The criminals don’t just encrypt systems and offer the keys back in exchange for a ransom; they now typically steal personal data and confidential information and then publish it if the ransom is not paid.

Those faced with a ransom attack are often faced with a moral, legal and reputational dilemma. Unless there are clear grounds to suspect that the ransom payment would be used to fuel terrorist activity, it is unlikely that a company that pays a ransom would face criminal prosecution. But a company in this position will have to weigh difficult considerations in deciding what action to take. For more, see our Insight.

In Focus: Regulation after Brexit

What do UK businesses trading in the EU need to do now that the Brexit transition period has ended?

Corporate criminal liability remains a risk to all sectors, and businesses need to have in place procedures to protect themselves from harm, whether direct or through liability under relevant national legislation. For example, “adequate procedures” are needed to establish the defence to the UK corporate offences of failing to prevent bribery and similarly “reasonable procedures” are needed to establish the statutory defence to the UK corporate offence of failing to prevent the facilitation of tax evasion. As these offence are provided for under domestic legislation, it is not directly affected by Brexit.

Previous European evidence gathering processes, ceased to be applicable on 1 January 2021 although the EU-UK Trade and Cooperation Agreement contains provisions intended to support continued cooperation in relation to law enforcement and judicial cooperation in criminal matters.

What do non-UK businesses trading in the UK need to do now that the transition period has ended?

As above, Brexit will not have a direct immediate impact in relation to corporate criminal offences. However, note should be taken of the extra-territorial relevance of certain existing UK corporate crime offences, such as the failure to prevent bribery.

Which incoming EU laws should UK businesses be aware of, and is the UK likely to implement similar rules?

The EU Whistleblowing Directive came into law in December 2019, with Member States required to implement the directive by December 2021. The Directive did not, therefore, form part of retained EU law in the UK and the UK has indicated it will not be implementing it.

Those with operations in the EU, or seeking to develop a global approach to whistleblowing across a footprint that includes the EU, should consider the requirements of the directive and look out for relevant national legislation implementing the directive in relevant EU Member States.

Are there any other areas where the UK regime might start to diverge from that of the EU? If so, what should businesses do to ensure they are prepared?

Key legislation in relation to corporate criminal liability, such as the failure to prevent the facilitation of tax evasion offences discussed above, is national rather than EU-derived. Any divergence in this area is therefore not expected to be a result of Brexit.

Dates for the diary

Q1 2021

Judgment expected in the Supreme Court case of in R (KBR) v Director of the Serious Fraud Office. The decision will provide an important ruling on the extent a corporate can be compelled to produce documents held out of the jurisdiction.

For more on what the EU-UK TCA means, across 17 areas of regulation, and what else is on the regulatory agenda, see our full Regulatory Outlook.