Practical Law Business Crime

Subscribe to Practical Law Business Crime feed
Business crime blog
Updated: 1 hour 19 min ago

Corporate accountability and the Thomson Reuters Company Secretary forum 2017

Fri, 11/24/2017 - 16:43

The Thomson Reuters Company Secretary forum was held on the 23 November 2017, the day after the Autumn budget in which the Chancellor announced a potential new corporate criminal offence .

At the same time on 23 November the Lord Chief Justice Lord Burnett of Maldon delivered a speech on the launch of thecityuk’s legal services report 2017 and said:

“In the United Kingdom, no person, no corporation, no minister and no public body is above the law. All are subject to it. How one wishes that were so the world over. And the rule of law flourishes only in societies that have a strong, independent and incorruptible judiciary, as we have.”

The attenuation of interest in corporate accountability is evident throughout the media. Investigations or prosecutions by the Financial Conduct Authority (FCA) and Serious Fraud Office (SFO) are routinely on the front pages of our broad sheets.

There were two measures of direct relevance to business crime practitioners in the Autumn budget (see Legal update, Autumn 2017 Budget: key business crime practitioners announcements) but the second, if backed by a criminal sanction, will become a third failure to prevent offence:

These measures will put responsibility on online marketplaces to ensure that businesses operating through their platforms are accounting for VAT correctly. A call for evidence on the steps that online marketplaces can take to ensure compliance will be published in spring 2018. Perhaps no criminal enforcement will be necessary for this measure as it is effectively covered in the failure to prevent facilitation of tax evasion that came into force on 30 September. For more information see Practice note, Tax offences: failure to prevent facilitation of tax evasion.

Peter Binning of Corker Binning ably chaired a panel discussion on Corporate Crime at Thomson Reuters Company Secretary Forum 2017. The panel of experts comprised:

  • Roger Burlingame , Kobre & Kim
  • Francis Kean, Willis Towers Watson
  • Toby Duthie,Forensic Risk Alliance.

The panel discussed a wide range of issues arising from the increasing focus on corporate crime by regulators and prosecutors. The panel recognised the exponential growth of corporate prosecution and Roger Burlingame noted that this tracks what happened in the US after the implementation of the FCPA.

Peter Binning outlined the growing willingness of prosecutors to pursue large corporations such as Rolls Royce while Roger Burlingame provided a transatlantic perspective, commenting that it remains to be seen whether the SFO will be able to install the kind of obedience by corporates the US Department of Justice (DOJ) has been able to achieve. All the speakers recognised an increased willingness for prosecutors to pursue both the company and the officers as individuals. For more information on the Rolls Royce case see Legal update, Third deferred prosecution agreement approved between SFO and Rolls-Royce (Crown Court)

Toby Duthie noted that there had been some scepticism in the past about the SFO’s ability to tackle  larger companies as their successes had been with small companies with tightly held management. He suggested that following the DPA in Rolls Royce, the size of the settlement and the level of coordination between the SFO, DOJ and the Brazilian prosecutors , the credibility of the SFO has risen.

Francis Kean suggested that the SFO wanted to widen the “failure to prevent” model pioneered in the UK Bribery Act to all fraud thus significantly increasing the compliance burden on companies. David Green  CB QC has been frank about his desire to see the expansion of failure to prevent to extend to all economic crimes which was consulted upon in Q1 of 2017 see HM Government has opened a consultation on corporate liability for economic crime . This position has wide support from  NGOS , see Joint Committee on Human Rights report recommends reconsidering the expansion of failure to prevent offence to include more than economic crimes

From correspondence disclosed from Amber Rudd, this step is being side-lined by more pressing Brexit related matters.

The session was interactive and delegates were asked to vote on the Thomson Reuters conference app, on whether they perceived Corporate liability as a bigger risk to their organisation than Brexit. The vote came in at 53 % no, 47 % yes.

The panel also discussed the changing world of internal investigations and the starkly different rules governing legal professional privilege (LPP) (following the ruling in SFO v ENRC ) on both sides of the Atlantic and the increased cooperation between different national regulators and prosecutors. The decision in ENRC is now subject to appeal, see Legal update, Permission to appeal granted to Eurasian Natural Resource Corporation Ltd (Court of Appeal).

Roger Burlingame recognised that LPP in the US was rock solid but where he was advising a company where there was a UK touchpoint in the investigation, he ensures that US lawyers are up to speed on the impact of the erosion of LPP in the UK. For more information see Practice note, Waiving privilege in an internal investigation.

A key theme throughout the discussion was the importance of separate and effective legal representation for individual directors and officers and the need to ensure that appropriate insurance is in place to provide it. In a further poll 62% of attendees said they would review their Directors and Officers insurance policy “tomorrow”.

Peter Binning raised the important topic of “educating the board” and the need for simple direct information to ensure that decisions are taken at the outset from a position of knowledge. This would include information on Deferred Prosecution Agreements and the relevance of self-reporting after Rolls Royce. Information on data management issues, and obtaining evidence from overseas are all important for a board to understand.

The session ended with a reminder from Peter Binning that every individual and company is innocent until proven guilty and companies need not allow themselves to be bullied into cooperating with prosecutors by the threat of prosecution. In support of this Roger Burlingame recommended in the face of investigation that a company do some careful research and look for an experienced  criminal lawyer who would have the right skill set to advise the company in respect of criminal procedure and evidence.

While it is not surprising that Brexit tops the list of organisational risk for most Company Secretaries, it is stark that 47% of respondents consider corporate liability a greater risk. Corporate liability, turned on its head as a result of section 7 of the Bribery Act 2010, saw its first expansion this year with the failure to prevent facilitation of tax evasion, and in all likelihood will be expanded to cover additional economic crime offences in the future. With an increasingly empowered SFO and HMRC, the former due to appoint a new Director imminently who will no doubt be keen to make their mark, there has never been a more important time for companies to ensure their efforts to prevent economic crime are sufficient.

Morag Rea and Ben Henriques of Corker Binning

Practical Law Morag Rea

Ransomware exploits law firm opportunities

Thu, 11/09/2017 - 15:36

On 24 October 2017 the law firm Appleby confirmed that they had been subject to a ‘data security incident’ in 2016. Appleby also confirmed that it had received enquiries from the International Consortium of Investigative Journalists (ICIJ), which had published the Panama Papers in 2016, regarding the data breach. 

The data, leaked on 5 November, contained 13.4 million documents and is the subject of an investigation by 100 media groups. Appleby said the disclosure was caused by an illegal computer hack, perpetrated by an intruder who deployed the tactics of a professional hacker and not someone who works for the firm. They confirmed that the company takes client confidentiality extremely seriously .

There are echoes of the situation when 11 million documents spanning several decades were leaked from the Panama firm Mossack Fonseca.

Mossack Fonseca complained that the data leak was external and filed a complaint with state prosecutors.  This throws up two separate legal issues:

  • The extent to which any individual responsible for the data hack has committed a criminal offence.
  • The extent to which Mossack Fonseca could be held liable for failing to protect their client’s data.

Mossack Fonseca nor Appleby fall under the jurisdiction of UK regulators. However, should a UK regulated firm find itself it the same position, it would have to consider both cybercrime and data protection issues. For more information, see Practice notes, Cybercrime; overview and Data Protection Act 1998: criminal enforcementSolicitors are obliged under the Code of Conduct to maintain effective systems and controls to mitigate risks to client confidentiality client money, and to comply overall with our regulatory arrangements.

Data breaches at law firms are a growing concern: confidential information, often sent in unencrypted emails, risks being stolen and ransomed back to firms, used for fraud or sold to third parties to be used in crimes such as insider trading. The Information Commissioner’s Office regards solicitors as facing the same types of threats as other businesses. ICO figures  from the first quarter of 2016 show the legal and justice sectors reporting the fourth highest number of data security breaches.

It is not just the risk of hacking to provide information to journalists that poses a risk to law firms’ internet security. Cybercriminals are aware that law firms hold client identification documents and financial details and that even the biggest law firms do not have the same cybersecurity resources as banks. A reported £7million of client money was lost to cybercrime in 2016. Ransomware is becoming a fast-growing threat.

Ransomware threat

Ransomware is malicious software that blocks access to an organisation’s data and is accompanied by a demand, threatening to delete everything unless the organisation pays up. Law firms have valuable datasets, a duty of confidentiality and a public reputation to protect and so are high-value targets. According to Verizon’s 2017 Data Breach Investigation report  ransomware has moved up from the 22nd most common form of malware in 2014 to the fifth most common because it is quick, low-risk and lucrative.

On June 27, 2017 DLA Piper’s advanced-warning system detected suspicious activity on their network, which was related to the global cyber event known as “Petya”. An investigation and remediation efforts were immediately initiated and relevant authorities including the FBI and UK National Crime Agency were notified.

“Petya ransomware” takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organisation once a computer is infected using the EternalBlue vulnerability in Microsoft Windows or through two Windows administrative tools. DLA Piper has not said whether it paid any ransom, but it has confirmed that it found no evidence that any client information was affected.

Law firms are pre-emptively opening Bitcoin wallets to pay ransoms in case their data is hacked according to John Sweeney, president of IT and cyber security advisors LogicForce. He suggested that opening a Bitcoin wallet is just one contingency plan firms can make to prepare for cyber breaches in which client data is stolen. He said that firms may see this as a useful last resort when the data is not backed up and cannot be restored unless a ransom is paid.

Although Sweeney stressed he did not advocate paying ransoms, he thought it made sense for firms to have a Bitcoin wallet in case. However, paying a ransom is no guarantee that access will be returned immediately or that a one-off ransom will be sufficient.

What should firms be doing?

Firms must do more to enhance cyber security. The PWC 2017 law firm survey notes that:

  • The majority of law firms have reported that they suffered a security incident in the past 12 months and the most common of these remains phishing attacks.
  • 12% of firms claim to be recipients of such attacks on a daily basis with a further 30% identifying attacks on either a weekly or monthly basis.
  • The increasing level of threat means it is more important than ever to have effective and tested business continuity plans and a resilience framework.
  • It is a concern that 16% of all firms claim not to have any such framework and of those that do, only 75% test their business continuity plan annually.

Peter Wright, Chair of the Law Society’s Technology and Law Reference Group, and managing director of DigitalLawUK, highlighted the number of organisations that have been hit by ransomware attacks recently (most notably the NHS). He too recognises that many firms will do almost anything to get that data back, especially if they don’t have effective back-up systems in place. Many law firms do not have effective back-up systems and have not fixed this area of vulnerability. He records speaking to one organisation which was attacked by ransomware three times in one year, and which paid £150k to the perpetrators but did not invest in a back up system.

He commented on the ransomware attack on DLA Piper noting that if one of the largest law firms in the world did not have the adequate safeguards in place to protect against a ransomware attack then it begs the question who does?

It is clear that these crimes are under reported for fear of losing client confidence.

The Chief executive of the SRA has said that where client money or information is lost, firms need to report it to the SRA. He confirmed that the SRA will take a constructive and engaged approach, particularly if the firm is taking steps to make good any losses to the client, and demonstrated that it has learned from the incident. See Solicitors Regulation Authority publishes IT security: keeping money and information safe

He emphasised that the SRA would be in a better position to advise firms on how to protect themselves if it was told about failed incidents as well as about successful attacks.

Firms should be aware of No More Ransoms,  a site dedicated to stopping ransomware. It is a joint initiative between Europol, the Dutch police and IT companies Intel and Kaspersky, providing a way to recover files affected by four different types of ransomware. The NCA is also involved in international efforts NCA publishes statement on international cyber crime incident.

Firms may also wish to consider whether they need cover for their own potential losses from cybercrime, beyond those affecting the client. In the wider business context, it has been increasingly common to take up specific cyber insurance

Practical Law Morag Rea

Abandoning Ghosh – an important safeguard lost?

Fri, 10/27/2017 - 11:02

In a surprising Supreme Court judgment concerning a civil dispute over gambling winnings, the leading criminal case on dishonesty, R v Ghosh, was heavily criticised, deemed not to correctly represent the law and “judicial directions based upon it ought no longer to be given”. This judgment will impact on all future cases where dishonesty is an issue. Perhaps the most surprising aspect of this decision was the largely uncontroversial nature of the “Ghosh test”, which had neither seen sustained criticism of its fairness, nor any apparent difficulty with its application.

Edge sorting:

The facts of the case would not have appeared out of place in a James Bond movie. In Ivey v Genting Casinos (UK) Ltd t/a Crockfords [2017] UKSC 67, the appellant was a professional high-stakes gambler and the respondent was a London casino. The appellant visited the casino with an associate and engaged in a card game known as Punto Banco, a variant of Baccarat. The different odds applied to certain bets means that the casino enjoys a small advantage taken over all the play.

The appellant won a sum in excess of £7m, from a £1m stake. After conducting investigations, the casino refused to pay the winnings, on the basis that the appellant had cheated by using a process known as “edge sorting” (for more information see Legal update, Judging criminal dishonesty no longer involves a subjective test (Supreme Court)).

The appellant subsequently sued the casino to recover the winnings.  In subsequent litigation (Ivey v Genting Casinos [2016] EWCA Civ 1093) the High Court held that the appellant’s use of edge sorting was cheating. The case was referred to the Supreme Court.

Criminal dishonesty:

In one of the most famous cases in criminal law, R v Ghosh [1982] EWCA Crim 2, the court stated that the test for dishonesty under the Theft Act 1968 was a two stage test to determine whether a defendant had acted dishonestly:

  • A jury had to first decide whether, according to the ordinary standards of reasonable and honest people, what was done was dishonest. If it was not dishonest by those standards the prosecution would fail. This is known as the objective test.
  • If it was dishonest by those standards, then the jury had to consider whether the defendant himself had to have realised that what he was doing was, by those standards, dishonest. This is known as the subjective test.

The subjective test is purely focused on whether the defendant knew what he was doing was dishonest or would be considered dishonest by others, rather than morally justified.

During the trial process, it is not necessary to provide a Ghosh direction to the jury in every case (R v Price [1990] 90 Cr App R 409). The full direction is only required in situations where “the state of the evidence is such that the offender might have believed that what he or she is alleged to have done was in accordance with the ordinary person’s view of honesty”. It is not often invoked or required in criminal trials. When the direction is required, the exact form of words from the Ghosh case is necessary and a failure to direct the jury on this is likely to result in a successful appeal. For more information on dishonesty see Practice note, Theft, basic offence.

The Supreme Court:

The Supreme Court unanimously dismissed the appeal. The judgement stated that it was common ground that the parties’ contract for betting contained an implied term that neither of them would cheat. The claimant had staged a carefully planned and executed operation that amounted to cheating. It would clearly be a cheat to secretly gain access to the shoe of cards and rearrange them:  the same result was achieved here by directing the actions of the croupier unwittingly to do the same thing.

More significantly, the court examined the concept of dishonesty, and held that the second leg of the rule adopted in Ghosh has serious problems:

  • It has the unintended effect that the more warped the defendant’s standards of honesty are, the less likely it is that he will be convicted of dishonest behaviour.
  • It was based on the premise that it was necessary in order to give proper effect to the principle that dishonesty, and especially criminal responsibility for it, must depend on the actual state of mind of the defendant, whereas the rule is not necessary to preserve this principle.
  • It sets a test which jurors and others often find puzzling and difficult to apply.
  • It has led to an unprincipled divergence between the test for dishonesty in criminal proceedings and the test of the same concept when it arises in the context of a civil action.
  • It represented a significant departure from pre-Theft Act 1968 law, when there is no indication that such a change had been intended.
  • It was not compelled by authority. Although the pre-Ghosh cases were in a state of some entanglement, the better view is that the preponderance of authority favoured the simpler rule that, once the defendant’s state of knowledge and belief has been established, whether that state of mind was dishonest or not is to be determined by the application of the standards of the ordinary honest person, represented in a criminal case by the collective judgement of jurors or magistrates.
  • The less a defendant’s standards conform to society’s expectations; the less likely they are to be held criminally responsible for their behaviour. The law should not excuse those who make a mistake about contemporary standards of honesty, as a purpose of the criminal law is to set acceptable standards of behaviour.

In civil cases there is an objective test of dishonesty, arising from Barlow Clowes International Ltd (In Liquidation) v Eurotrust International Ltd [2005] UKPC 37. In Ivey, the Supreme Court stated that this test should also be adopted in criminal matters, as “there can be no logical or principled basis for the meaning of dishonesty to differ according to whether it arises in a civil action or a criminal prosecution”.

The Supreme Court judgement, technically obiter, went further to suggest the second leg of the test in Ghosh does not correctly represent the law and judicial directions based upon it ought no longer to be given.

What are the implications for criminal law?

This is the most significant cases in relation to dishonesty in the past 35 years, effectively ruling that the two stage test in R v Ghosh used to determine whether an action is dishonest is incorrect, and substituting it with a different test:

The test of dishonesty is now that of the standard in civil actions. The fact-finding tribunal must ascertain (subjectively) the actual state of the individual’s knowledge or belief as to the facts and then determine whether his conduct was honest or dishonest by the (objective) standards of ordinary decent people. There is no requirement that the defendant must appreciate that what he has done is, by those standards, dishonest”.

This new test removes the requirement for the Crown to prove that the defendant knew or believed that what he did was dishonest, or any element of mens rea, from offences of dishonesty.

There is unlikely to be any immediate impact. In contrast to another recent case, R v Jogee [2016] UKSC 8 (18 February 2016) where the Supreme Court held that the concept of joint enterprise had been miscast for a number of years, there is not likely to be a flood of cases suggesting wrongful imprisonment, nor has there been longstanding criticism of and campaigns against the former interpretation of dishonesty.

Going forward, the practical impact seems to make prosecuting cases involving dishonesty slightly easier. In most cases the second limb does not become an issue, but can have a significant impact, particularly on minor naïve conspirators who are perhaps assured by more senior colleges that their actions are standard practice and not dishonest. Similarly, those with a genuine belief that their actions are perfectly normal (for example, a foreign national unaware that travelling on public transport required payment) risk being caught by the change. In addition, the notion there is an “unprincipled divergence between the test for dishonesty in criminal proceedings and civil action” is curious. There are a huge number of divergences between criminal and civil law for obvious reasons, not least the risk to a person’s liberty.

It will remain the right of a jury to acquit someone regardless of the judge’s direction, and of course the Crown must still consider whether it is in the public interest to prosecute someone who has made a genuine mistake in undertaking an objectively dishonest action. The test in R v Ghosh provided an important, even if rarely used, safeguard for defendants that may now be lost. Its removal has the potential to criminalise the innocent.

Moreover, to suggest that the law should not excuse those who make a genuine mistake about contemporary standards of honesty, is somewhat authoritarian and contrary to liberal tradition. Juries are occasionally reminded that a criminal court is not a court of morals, a stricture which appears to have slipped some judicial minds. To suggest that a purpose of the criminal law is to set acceptable standards of behaviour is to confuse criminality and morality, and a step on a dangerous path.

Practical Law David Bacon

Is the SARs Annual Report of any relevance?

Fri, 10/13/2017 - 14:48

Earlier this week, the National Crime Agency (NCA) published the Suspicious Activity Reports (SARs) Annual Report for 2017, which covered 18 months between October 2015 and March 2017. SARS are received by the United Kingdom Financial Intelligence Unit (UKFIU). Unsurprisingly, UKFIU has continued to experience a year on year increase in the number of SARs received. The next report is likely to be more interesting, given the significant number of developments scheduled to the “anti-money laundering” provisions in 2017-18.

The NCA is the UK’s principle body for receiving notifications of suspicious activity for money laundering purposes. For more information, see Practice note, National Crime Agency: overview.

Both the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000 (TACT) impose a duty on firms in the regulated sector (and on their employees) to make a report where they know or suspect, or have reasonable grounds for knowing or suspecting, that another person is engaged in money laundering or terrorist financing, in respect of information coming to them within the course of business in the regulated sector (sections 330 and 331, POCA and section 21A, TACT). For more information, see Practice note, Reporting Suspicious Activities: overview and Note for the board on when to make a disclosure on money laundering

The Annual Report – overall SARs:

The overall number of SARs received by the UKFIU over the 18 month period of October 2015 to March 2017 was 634,113. This included 43,290 received in March 2017, which was the most SARs ever recorded for one month, an increase on 7,406 from the previous March. Compared with reporting periods of previous SAR Annual Reports, the UKFIU received 419,451 SARs between October 2015 and September 2016, which was an increase of 9.84% on the same period for 2014–15 (381,882).

The vast majority of SARs came from credit institutions, the number from banks totalling 525,361 or 82.85% of all SARs. Other key figures include:

  • Accountants and tax advisers: 6,693 (1.06%).
  • Independent legal professionals: 4,878 (0.77%).

The SARs report also demonstrates a significant growth in the number of cases where a “defence against money laundering” (DAML) has been requested (27,471). The UKFIU introduced the term “defence against money laundering” as it had found that the term ‘consent’ was being frequently misinterpreted. POCA  allows reporters a defence against a money laundering offence by seeking the consent of the NCA to undertake an activity which the reporter believes may constitute one of the three principle money laundering offences (see Practice notes, Acquisition, use and possession offence, Arranging offence and Concealing offence).

The report suggests that the term ‘DAML’ is aimed at improving submissions by clarifying what the UKFIU can or cannot grant. A similar procedure in place enables requests for a defence against terrorism financing (DATF).

The total amount of assets denied to criminals as a result of DAML requests (both those refused and granted) over the 18 month period was £56,541,579. In comparison to the 2014-15 figure of £46,375,449, the total for 2015-16 was £33,433,271, a decrease of 27.91%. The total restrained over 2015-16 as a result of refused DAML requests was £14,089,147, a considerable reduction from the £43,079,328  figure for 2014-15. The suggested reason for the drop is because 2015’s figures were skewed by two very large refusals, in the region of £10m and £9.2m.

However, the amount of cash seized from refused DAML requests for 2015-16 saw an increase of 1,127.09%, from £1,313,437 to £16,117,014. The reason for this was a cash detention/seizure of over £15m in 2016. For more information see Practice note, cash seizure. 

Certainly, the sums recorded in the SARs report are trivial when compared with the varying estimates of how much money is laundered every year, to such an extent that the headline cash seizure and restraint figures do not really justify the SARs process. There are however three further benefits of the SARs regime, which are touched upon in the report.

First, the extent to which the process contributes to the UK’s criminal intelligence. The UKFIU screens and analyses SARs on a daily basis for opportunities to prevent and detect crime, and can fast-track suspicions to law enforcement agencies. Over the reporting period the UKFIU  disseminated 513 SARs relating to NCA subjects of interest.

The UKFIU is also able to identify SARs containing information on potential financial crimes that target vulnerable members of society. In the reporting period 3,424 vulnerable person intelligence packages were disseminated to Law enforcement authorities (LEAs).

Secondly, over the 18 month reporting period the UKFIU also disseminated 1,955 SARs relating to politically exposed persons (PEPs) and 1,257 integrity SARs (SARs that relate to knowledge or suspicion of money laundering and/or terrorist financing that concerns an employee of an LEA or the civil service). This is the first time the UKFIU has included integrity SARs in the SARs Annual Report.

Finally, a key aspect not covered in the report is the issue of preventing the proceeds of crime entering the legitimate financial system in the UK. The great unknown is how many criminals avoid the UK banking sector, or other service sectors, because of concerns that the criminality will be picked up when applying due diligence within the regulated sector.

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692) (MLR 2017) make a limited number of changes to a company’s anti-money laundering provisions (see Legal update, The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 published.) It is far too early to assess the impact of the 2017 regulations, but they clearly envisage that any issues of concern will be picked up before monies enter the system or particular services are instructed. The amount of money that does not enter the regulated sector due to the action taken by the various gatekeepers must be a consideration of any future reporting.

The future

In April 2016 the Government published its Action Plan for Anti-Money Laundering and Counter-Terrorist Finance. The Action Plan includes a commitment to reform the SARs regime, making the necessary legislative, operational and technical changes. This was followed by an open consultation on the anti-money laundering supervisory review (see Legal update, HM Government launches open consultation on the Anti-money laundering supervisory review).

On 15 March 2017, the government published the Anti-money laundering supervisory regime: response to the consultation and call for further information. For more information, see Legal update, HM Government publishes anti-money laundering supervisory regime: response and call for further information.

The call for further information proposed:

The reforms seek to address a key risk identified in the 2015 UK National risk assessment of money laundering and terrorist financing (the NRA). The NRA found that the effectiveness of the UK’s supervisory regime is inconsistent and, whilst some supervisors are highly effective in some areas, there is room for improvement across the board. For more information, see Legal update, UK national risk assessment of money laundering and terrorist financing.

The reforms also complement work across government to deliver on the commitments in the 2016 Action Plan for anti-money laundering and counter terrorist finance (the action plan), which set out how the public and private sector will work together to tackle money laundering. For more information, see Legal update, Home Office and HM Treasury publish Action Plan for anti-money laundering and counter-terrorist finance.

Meanwhile, the Criminal Finances Act 2017 will also make changes to the SAR regime. The changes that will eventually appear on the statute book include:

  • Law enforcement agencies will be able to apply for a court order to extend the moratorium period during which those who have filed a SAR and sought consent from the NCA to proceed with a transaction are prevented from doing so before consent is deemed to be given. An extension can be given for periods of up to 31 days, up to a total of an additional 186 days, in order to enable law enforcement agencies to conclude their investigations in relation to information contained in SARs.
  • The power of the UKFIU to request additional information from reporting entities.
  • Provisions to enable greater information sharing to take place between entities in the regulated sector to combat money laundering and terrorist financing, and an extension to the use of disclosure orders so that law enforcement agencies can compel the provision of information and documents in connection with a wider range of money laundering investigations and investigations into other offences.
  • Authorisation to obtain, discharge or vary a disclosure order will be able to be given by an appropriate officer within the relevant investigating authority.

There is no commencement date yet for these SAR provisions of the CFA 2017.

In such circumstances, there is little that can be deduced from the SARs report. The key considerations for the next year will be whether the OPBAS will be a success and whether the new legislation will make much of a difference to the reputation of UK PLC as a global hub for money laundering. The Financial Action Task Force (FATF) is due to inspect the UK’s money laundering arrangements for the first time in a decade in 2017/18. How far the UK has come will be interesting.

Practical Law David Bacon

Failure to prevent the facilitation of tax evasion: can we expect many prosecutions?

Fri, 09/29/2017 - 14:08

The criminal offence of failure to prevent the facilitation of tax evasion comes into force on 30 September 2017. The offence is the second “failure to prevent” offence, although a consultation on further offences was launched in early 2017. The offence is similar to section 7 of the Bribery Act 2010, which introduced the corporate offence of failure to prevent bribery. The offences are effectively strict liability, in that no mens rea is required on the part of those representing the corporation. Both offences also have similar defences, although described as “prevention” rather than “adequate” procedures for the tax offence. In more than six years there has not been a contested prosecution of the section 7 Bribery Act offence, which raises the question of how many prosecutions will occur under the Criminal Finances Act 2017?

What is the new offence?

Under the Criminal Finances Act 2017 (CFA 2017) there is no change to the underlying offences of tax evasion, but two new corporate offences are introduced: failure to prevent facilitation of domestic tax evasion offences (section 45) and failure to prevent facilitation of overseas tax evasion offences (section 46).

There are three elements to the offences:

  • Criminal tax evasion by a tax payer (either an individual or an organisation).
  • Criminal facilitation of the tax payer’s offence by a person acting on behalf of an organisation.
  • The lack of any proportionate procedures defence.

A criminal conviction of a taxpayer is not a pre-requisite for bringing a prosecution against a relevant body. However, the prosecutor must establish that the predicate criminal offence of evasion by the taxpayer had been committed.

The offences do not create any new classes of tax evasion, they merely change the way in which organisations that facilitate, or fail to prevent evasion, can be prosecuted. The offences cover all forms of tax evasion. For more information on the predicate offences, see Practice notes:

An organisation will have a defence to both the domestic and overseas offences if, at the time the offence was committed, either:

  • It had in place reasonable “prevention procedures”.
  • It was not reasonable in the circumstances to expect the corporate entity to have any prevention procedures in place.

Prevention procedures are designed to prevent persons acting in the capacity of associated persons from committing the domestic and overseas tax evasion facilitation offences (sections 45(3) and 46(4), CFA 2017). They are based on six principles, almost identical to those set down in the Bribery Act 2010 guidance. For more information see Practice note, Failure to prevent facilitation of tax evasion: proportionate procedures.

Although HMRC’s guidance suggests the types of processes and procedures that could be put in place by relevant bodies (see HMRC guidance: failure to prevent facilitation of tax evasion), it does not provide any guarantees as to what constitutes prevention procedures. Ultimately, only the courts are able to determine whether a corporate has got reasonable prevention procedures in place. This creates a great deal of uncertainty for firms, who can never be certain that the steps taken and policies put in place will satisfy a prosecutor and ultimately a jury that they are adequate.  So, although the Act clearly brings about a large degree of self-policing against the commission of the facilitation offences, there is no pre- charge verification of adequacy procedure that the company  can deploy as part of their eventual defence.

Will there be more prosecutions than under section 7?

Perhaps the best place to start is with HM Revenue & Customs, who will be the principle agency with the job of investigating the offence. Historically, HM Revenue & Customs have attempted a number of different methods for tackling tax evasion, from the Hansard procedure of telling HMRC everything about errors and omissions in tax affairs following which a financial settlement will be agreed, to the current Code of Practice 9 procedure. For more information see Practice note, HMRC criminal investigation policy.

Following the global financial crisis in 2007 and the resultant austerity, and a number of high profile tax evasion cases, prominently the Panama Papers (see Blogpost, Our man in Panama) there is political capital to be gained by appearing to pursue tax evasion more assiduously than before. Tax authorities have been given enhanced budgets, and consequently HMRC is under growing pressure to bring more prosecutions as a means of resolving tax disputes.

The complexity of personal tax regulations, combined with an increasingly aggressive approach by HMRC, means that a growing number of individuals and companies are finding themselves under criminal investigation. It has been reported that the number of criminal prosecutions for tax evasion had jumped by almost a third year on year (795 prosecutions in 2013/14, up from 617 in 2012/13), with HMRC anticipating 1,165 prosecutions in 2014/15, that is, a 46% increase this year to hit its target . The Financial Times reports that the number of evasion cases lined up for prosecution has nearly doubled to 1,135 in the three years prior to 2015-16.

One of the difficulties in prosecuting tax evasion was holding those who facilitate the process to account. All existing tax offences can be brought against corporate bodies or individuals, but the process of doing so is problematical (see Practice note, Corporate Criminal Liability). Such difficulties were one of the main arguments used by those in favour of the failure to prevent offence, and continue to be advocated in respect of the expansion of the failure to prevent offence to include all economic crime.

Failure to prevent offences have had a curious history. Initial plans to extend corporate criminal liability were shelved by the government in 2015, when in a response to a written question the then Justice Minister, Andrew Selous, gave two reasons for the decision not to pursue the introduction of the new offence:

  • The principle of corporate criminal liability applies in the UK already and commercial organisations can be, and are, prosecuted for wrongdoing.
  • There have been no prosecutions under the section 7 Bribery Act 2010 offence.

The plans were reintroduced at the anti-corruption summit in May 2016 and reaffirmed by the Attorney General in September 2016. For more information see Legal update,  Criminal Finances Bill in the making. In January 2017, HM Government opened a call for evidence on the reform of corporate criminal liability (see Blog, Or the beginning of corporate prosecution). This appears to have stalled again, but will no doubt be reopened at some point in the future.

The obvious question is whether a failure to prevent offence is an effective way to tackle the problem. The section 7 offence had a large impact on organisations, with considerable time and money put into creating anti-bribery policies, clauses inserted into contracts and, largely as a result of inaccurate media reporting, fears that accepting a glass of wine at a corporate reception would lead to a Serious Fraud Office investigation.

In reality, there has been a single prosecution under section 7, covered in Legal update, Sweett Group plc sentenced for first conviction under section 7 of the Bribery Act 2010 (Crown Court). The Sweett prosecution demonstrated the inability of the company to maintain the defence of having adequate procedures in place to prevent bribery under section 7(2).  However, the case provides little guidance on the extent to which measures are deemed to be adequate. Sweett was unable to show that it had procedures for requiring documentation of the fact that due diligence had been undertaken on whether subcontracted consultancy contracts signed by subsidiary companies were justified, and failed to act on internal reports by KPMG dating from 2011 indicating inadequate systems and controls. However, there was no judicial guidance on whether particular steps are adequate or not, or any indication of how a jury might perceive a firm’s anti-bribery policy.

In the same time frame, there have been successful prosecutions of two companies under the Prevention of Corruption Act 1906, applying the principles of corporate criminal liability. In January 2016, Smith and Ouzman Ltd, a UK printing company, were fined £1,316,799 for corruption offences after being found guilty by a jury at Southwark Crown Court. On 1 August 2017, F.H. Bertling Ltd pleaded guilty to conspiracy to make corrupt payments to an agent of the Angolan state oil company, Sonangol, in relation to their freight forwarding business in Angola and a contract worth approximately $20m.

There will of course be a number of organisations seeking to develop new policies to put in place proportionate procedures – see Practice note, Failure to prevent facilitation of tax evasion: proportionate procedures. There will be no lack of willingness to investigate suspected tax evasion by HMRC, although concerns of resources will of course remain. But it is difficult to get around the inherent difficulties of prosecuting failure to prevent offences when the prosecutor seeks to argue that a company’s anti-tax evasion procedures do not go far enough. It will take a very brave prosecutor to seek to prove to a jury that anything other than an absence or the most half-hearted attempt at prevention procedures are so inadequate as to amount to a criminal offence.

Practical Law has published a number of resources for the failure to prevent tax evasion offence. For more information see Legal update, Practical Law resources published to prepare you for the failure to prevent tax evasion offence.

Practical Law David Bacon

How will the criminal justice system manage cyber fraud?

Fri, 09/22/2017 - 14:13
  • 71 million individuals were dealt with by the Criminal Justice system in the last year.
  • The total number of individuals formally dealt with by the CJS in England and Wales has been declining since 2007 to a record low.
  • 43 million defendants were prosecuted.
  • The conviction ratio was 86% – the overall conviction ratio has increased by 2 percentage points to 86% (the highest in the decade) in latest year, and has fluctuated between 80% and 84% over the earlier years of the decade.
  • The overall custody rate has remained unchanged at 7.2% since the year ending March 2016.
  • The conviction ratio for indictable offences remains broadly stable compared to the previous year (83%).
  • For indictable offences, the custody rate rose to 31% and the average custodial sentence length increased to 19.5 months.
  • The custody rate for indictable offences has been increasing since the year ending March 2011, from 24% to 31%.
  • For indictable offences, a greater proportion of offenders (31%) received immediate custody than any other type of sentence.
  • First time offenders were more likely to be convicted than to be cautioned.
  • The most common sentence given for all offence groups is a fine, which accounted for 74% of offenders sentenced in the latest year.
  • The proportion of offenders receiving immediate custody rose by 2 percentage points in the last year, while the proportion of community sentences decreased similarly.

How we prosecute fraud

Statistics for the first quarter of 2017 show a record low facing prosecution, but record high in the number of convictions. Fraud, which has not previously been counted in the annual crimes recorded figures, is now the most commonly experienced crime in England and Wales, with 3.4 million incidents in the year ending March 2017. Over half of these (57%, 1.9 million incidents) were cyber-related.

The CPS records show an increase of 31% in fraud and forgery cases since 2011, although like general crime, only a small proportion of fraud is actually reported. The cost of fraud and money laundering to the UK vastly exceeds the cost of tax evasion which is the focus of the Criminal Finances Act. In 2016, HMRC estimated that the UK’s tax gap stood at £36 billion, of which tax evasion accounted for £5.2 billion. In May 2016, the Annual Fraud Indicator put the cost of fraud to the UK economy at £193 billion. The cost to the public sector is £37.5 billion with procurement fraud costing £127 billion a year.

The way fraud is committed is changing as a result of evolving technology and is increasingly enabled through the internet and the use of digital devices. It is often across borders, involving large corporate structures.

The used and unused material in a complex fraud case can reach multiple terabytes or even petabytes is a major issue for the CPS which has been repeatedly criticised for disclosure failings in HMI reports. For more information, see: HMCPSI and HMIC publishes inspection report on the disclosure of unused material in volume Crown Court cases

Keeping the scope of the case within reasonable limits to ensure that trials are manageable is a constant challenge. In the HBOS case, involving a £245 million loss, there was an excess of 200,000 pages of evidence which was served and over 8,000 items of scheduled unused material. The electronic material contained terabytes of material, including a memory stick containing over 32,000 documents which had to be manually searched.

Alison Saunders, speaking at the John Harris Memorial lecture said in terms:

“Fraud is not limited by international boundaries so it is vital that we have good and effective international relationships with prosecutors and judges overseas. The ability to secure the right evidence from abroad and collaborate effectively – especially where the jurisdiction to prosecute is shared – is central to our work. And so as Britain leaves the EU we will need to ensure we continue to have effective relationships with our European and other counterparts in the international sphere.”

For more information, see: Criminal Justice cooperation post Brexit: European Arrest Warrant, European Investigation Order and Mutual recognition

Alison Saunders cited Operation Greenyards, in which two city traders conspired to defraud a Russian bank of £141million. The proceeds of the fraud were moved around the world including the Caribbean, Switzerland and Eastern Europe in an effort to cover up its origins. The financial analysis allowed the CPS to outline the individual roles which each defendant played, resulting in a successful conviction. The men were sentenced to 12 years’ and 7 years’ imprisonment and this conviction was dependent upon evidence from abroad and the data supplied.

The CPS has a dedicated, specialist fraud division to ensure the right skills and resources are used to prosecute complex and serious fraud and corruption. Their work ranges from the prosecution of bankers and investment scams to prosecuting those who seek to defraud the taxpayer of millions of pounds. As fraud continues to evolve and there is an increase in online fraud, the CPS needs to be prepared with the necessary skills and experience to prosecute these cases. The CPS is now working more digitally as it prosecutes digital crime. The criminal justice system cannot claim to have been at the forefront of the technological revolution but progress is being made. The CPS now receives cases electronically, with cases dealt with electronically, and generally, served electronically.

Whilst the CPS has not yet used a DPA mechanism as a means of alternative disposal for a company offender, it is a designated prosecutor for those purposes. Nevertheless the SFO has made significant use of them this year.

SFO figures show 13 defendants were convicted in seven cases, giving a conviction rate of 87% (up from 32% the previous year) and by case of 100%. This conviction rate (although from a much smaller pool) matches the CPS records for fraud convictions.

The history of fraud reform

Successive governments have sought a more effective way to deal with fraud cases which, due to their complexity and in some cases the sheer volume of material, are long and expensive to try. In 1998 the Home Office consultation paper “Juries in Serious Fraud Trials” proposed four options as alternatives to the present form of jury trial. The decision as to whether or not a case should be treated as serious fraud was to be for the trial judge, based on the overriding criteria of the ‘interests of justice’. The judge was required to take into account the following:

  • Does the case require some specialised knowledge?
  • Are the factual issues complex or voluminous?
  • Does the case require prolonged examination of documents or accounts?
  • Will the trial, as a whole, be unduly long or complex?

The four options proposed by the paper were:

  • Special jury – selected from a special screening process.
  • Trial by Judge alone.
  • Fraud trial tribunal.
  • Trial by a single judge with a jury for key decisions.

The option pursued was trial by judge alone. In 2003, following three long and not entirely successful fraud trials (that of Robert Maxwell, Blue Arrow and Jubilee Line lasting 8, 12 and 21 months respectively) section 43 of the Criminal Justice Act 2003 was given royal assent but never implemented. This provision would allow cases of serious or complex fraud to be tried without a jury if a judge was satisfied that:

“The complexity of the trial or the length of the trial (or both) is likely to make the trial so burdensome to the members of a jury hearing the trial that the interests of justice require that serious consideration should be given to the question of whether the trial should be conducted without a jury. ”

However the Attorney GeneralLord Goldsmith, subsequently sought to repeal the section and to replace it with new provisions under the Fraud (Trials Without a Jury) Bill. In 2007 the Fraud (Trials Without a Jury) Bill passed its third reading in the House of Commons though it faced fierce criticism from those asserting that trial by jury is the bedrock of the criminal justice system. The government felt that long and complex trials put too much pressure on jurors. Cases such as the Jubilee line case collapsed under their own weight. The Solicitor General at the time, Mike O’Brien, thought that an application for a bench trial would only be appropriate in about 6 cases per year and that the procedure did not breach any fundamental principles.

At the time, then Shadow Attorney General Dominic Grieve said that the bill sent out “a dreadful message about the way it views participatory democracy in this country.”

In any event the Bill was defeated.  Section 43 of the CJA 2003 was repealed by section 113 of the Protection of Freedoms Act 2012 and so preserves the right of defendants accused of serious or complex fraud to be tried by a jury of their peers. Trial by judge alone in cases where there is a danger of jury tampering, provided for by section 44, remains in force.

The way that increasingly complex cases are tried continues to be debated.

The future for fraud reform

Alison Levitt at the Cambridge Symposium earlier this month proposed a new legal approach to economic crime: the Combined Fraud Court. This court would combine the civil and criminal systems, making the process quicker, cheaper and, crucially, delivering a better outcome for victims.

The court would work by having a single trial, using aspects of both civil and criminal law, heard by a specially qualified “fraud judge” sitting with a jury. At the end of the trial, the judge would ask the jury whether they are satisfied to the criminal standard that the defendant is guilty.

If the answer was yes, then the judge would deal with aspects which are currently dealt with under separate regimes:

  • Sentencing the defendant.
  • Assessing and awarding compensation to the victim.
  • Confiscating assets which represent the proceeds of the defendant’s crimes.
  • Costs.

Where a jury is not sure of guilt, then the judge discharges the jury and reverts to the civil procedure: having heard all the evidence and decided, on the balance of probabilities, whether to find in favour of the victim. If the answer is yes, the judge assesses the damages payable to the victim and the costs.

The advantages to the victim of such a procedure are that:

  • Witnesses only have to give evidence once.
  • There is one trial rather than two, and so it is both quicker and cheaper.
  • The same judge hears both the civil and the criminal aspects of the case so that there is consistency in assessing culpability in both sentencing and compensation.

The potential difficulties with this approach are that it requires a complete re-write of the rules of evidence, criminal procedure and civil procedure, and undermines the role of the jury. For more information, see:  Cambridge Symposium 2017: Alison Levitt QC speech

What is clear is that as the complexity of fraud increases in an increasingly digitised world. The way that fraud is investigated and prosecuted will have to evolve so that evidence may be collected, analysed and presented at trial in a way that is comprehensible and fair. The starkest contrast in cyber fraud commission and cyber fraud prosecution is the speed at which the former is completed. The delay in getting fraud trials to court is a huge problem for victims, witnesses and hampers any realistic prospect of compensation. All these factors mean that this will be a continuing topic for debate and may be one of the reasons that DPAs become the preferred disposal for corporate economic wrongdoing, even of the most egregious form. For more information, see blog post: The Rolls-Royce DPA: an end to corporate prosecution?

Practical Law Morag Rea