The UK Serious Fraud Office (SFO) recently published a chapter from its internal Handbook on how it engages with companies seeking to enter into a Deferred Prosecution Agreement (DPA).
Much of the guidance simply reflects the statutory language and the existing DPA Code of Practice entered into by the SFO and Crown Prosecution Service in 2014.
However, a new addition is a section on how the rights of third parties are to be addressed, a topic which was notably absent from the legislation and the Code.
Under the relevant legislation, any DPA agreed between the SFO and a company must include a Statement of Facts setting out the agreed facts which form the basis of the criminal conduct alleged.
A question that inevitably arises when drafting the Statement of Facts is to the extent to which it should address the actions and culpability of particular individuals, as opposed to describing the criminality in more general terms. Further, if individuals are to be discussed, should they be named?
DPAs agreed by corporations in the United States, and enforcement notices published by the UK Financial Conduct Authority, generally do not identify third-party individuals. However, a number of the DPAs entered into by the SFO have done so.
In 2017, Tesco entered into a DPA in which it admitted fraud and falsification of its accounts. The DPA named three senior executives, at that time awaiting trial, whom Tesco admitted had “dishonestly perpetuated” the misstatement.
Two years later, a judge threw out the case against the individuals, finding that they had no case to answer as there was “[a] lack of evidence that [they] knew that income was being unlawfully recognized.” This finding was subsequently upheld by the Court of Appeal.
Notwithstanding this outcome, the legislation required that the DPA be published. It provided no mechanism for it to be amended or redacted to remove the names of the individuals or the accusations of dishonesty.
The individuals were effectively named as culpable, despite the fact that they had been acquitted in court.
The possibility of such an injustice was apparently not considered when the legislation and Code of Practice were drafted.
The Handbook appears to seek to make good this oversight.
It requires prosecutors to give consideration to “the necessity for and impact of the identities of third parties being published” in the DPA, and whether this would be compliant with data protection and human rights legislation. It also states that anonymization of third parties may be appropriate prior to publication.
Anyone who has represented an individual who denies claims made about them in a DPA will surely welcome this development.
However, it falls a long way short of a general prohibition on naming third parties.
It also provides no protection for a named individual who may only learn of the DPA at the point it is published, by which time it is too late to do anything about it. Indeed, the SFO guidance generally prohibits the consultation of third parties about the DPA.
Given the lasting impact on an individual’s reputation where they are named in a DPA, particularly where they are subsequently acquitted or never charged, a fairer approach may be to prohibit the naming of individuals save in exceptional cases, and to require that advance notice be given to any identifiable individuals so they may make representations prior to the agreement being finalized.
Hopefully the SFO will make these improvements now, rather than waiting until after yet another unjust outcome.