In the recently published guidelines, this disclosure requirement is considered restrictive when a company has conducted an internal investigation or has self-reported, and has sufficient knowledge of the evidentiious force. Accordingly, SFO staff are told that, in such a case, the SFO must disclose only additional information that could compromise any conclusions that might be drawn from the face of these documents. In particular, it appears that the FSC is only considering the distribution of testimony it may have had or the records of interviews it conducted when related persons were charged and evidence was served in that proceeding. The guidelines contain a section that deals with “judicial application” and “describes the content and format of preliminary and final applications that must be submitted in advance to the Tribunal. It also examines the judicial enumeration procedure, the relationship between preliminary and final hearings, considerations and expectations for private and public hearings, and the publishing and press strategy. There is also a “After a Dpa” section that “deals with the monitoring of requests for compliance, infringement, variation, recruitment and disclosure of third parties.” No obligation to admit wrongdoing? The guide states that there is “no obligation for the company to formally admit guilt with respect to the offences in the indictment,” while “inclusion should be considered where appropriate.” This is consistent with the practice of data protection authorities that have been received so far and the legislation does not require an admission of guilt. Critics of data protection authorities suggest that this approach allows companies to avoid admitting wrongdoing and avoid prosecution. However, in the statement issued at the same time as the guidelines, Lisa Osofsky, the director of the SFO, stated that “data protection authorities require the company to acknowledge the fault.” This could be interpreted as a contradiction to the newly published guidelines if the admission of misconduct indicates that a company must accept the fault (not the obligation already necessary to accept the fault set out in the statement of facts). However, admitting wrongdoing by individuals does not automatically mean that crime is business-related. Lisa Osofsky, Director of SFO (pictured above), said: “Over the past six years, we have developed our approach to negotiating and adopting dpA in exchange for good practice. The publication of these guidelines will ensure greater transparency about what we expect from companies that want to work with us.
Although this is not new information, the guidelines indicate that the SFO may move away from identifying third parties in the presentation of facts (who are not authorized to participate in the Dpa negotiation process), particularly where publication may pose a risk of harm to the administration of justice in joint proceedings against individuals. Report restrictions may also be appropriate. The guidelines also recognise that the Data Protection Act 2018 and the European Convention on Human Rights must be properly considered in determining whether third parties should be identified.