Yesterday, the U.K. Serious Fraud Office released a draft Deferred Prosecution Agreement Code of Practices (Code) for comment. The draft Code represents a significant milestone for ethics and compliance in general, and underscores the importance of an effective ethics program.
A Deferred Prosecution Agreement (DPA) is essentially an agreement to grant amnesty to an organization in exchange for their agreement to fulfill certain requirements, including compliance requirements. DPAs have a long history in the United States, and they have been enormously influential in the development of ethics and compliance best practices.
The draft Code, which is meant to serve as guidance to prosecutors, lists many factors to consider when choosing whether to negotiate a DPA, including whether the organization in question had an effective corporate compliance program. While the guidance does not specifically describe what "effective" means, it does list the following aspects:
- A code of conduct
- An appropriate training and education program
- Internal procedures for reporting conduct issues which enable officers and employees to report issues in a safe and confidential manner
- Processes for identifying key strategic risk areas
- Reasonable safeguards to approve the appointment of representatives and payment of commissions
- A gifts and hospitality policy
- Reasonable procedures for undertaking due diligence on potential projects, acquisitions, business partners, agents, representatives, distributors, sub-contractors and suppliers
- Procurement procedures which minimize the opportunity of misconduct
- Contract terms between the organization and its business partners, subcontractors, distributors, and suppliers include express contractual obligations and remedies in relation to misconduct
- Internal management and audit processes which include reasonable controls against misconduct
- Policies and processes in all of its subsidiaries and operating businesses, and joint ventures in which it has management control, and that the organization uses reasonable endeavors to ensure that the joint ventures in which it does not have management control, together with key subcontractors and representatives, are familiar with and are required to abide by its code of conduct to the extent possible.
While most of this will be familiar to ethics officers who have been involved with U.S.-based DPAs, it is worth noting the extent to which the draft Code is focused on an organization's suppliers, partners, and other stakeholders. We believe this focus on third parties is extremely important in today's world. Supplier-induced ethics and compliance risks are high, and few organizations are effectively enacting proper supplier risk management protocols.
When the U.K. formally adopts the Code, it will become the second country to offer DPAs. This is good news for ethics and compliance officers – best practices are becoming increasingly recognized globally. It remains to be seen which country will next follow the U.K’s example.
