However the advent of the UK’s first Deferred Prosecution Agreement (DPA), a new US-style bargain to end an investigation, creates a new reputation risk for businesses not under investigation and one over which they command even less control.
The first DPA was recently approved, whereby a prominent bank faced an allegation of failing to prevent acts of bribery committed by associated parties in another country.
A DPA contains a detailed statement of the agreed facts negotiated confidentially and, worryingly, third parties implicated in wrongdoing have no legal right to be informed or to make representations before a statement is made public.
So while DPAs are being heralded as an alternative for a company facing prosecution for criminal wrongdoing, what has been overlooked is the collateral reputational damage these can cause to a third party.
The process of negotiating and approving a DPA usually only involves the company, the prosecuting authority and the judge.
As a consequence, the target company has the opportunity to shape the narrative of the eventual finding.
Only once the negotiations have concluded, and final approval received from the judge, is the decision and the detailed reasoning announced publicly in court.
This may well be the first time that a third party is made aware that it is adversely identified in the DPA with a finding of wrongdoing on its part. Furthermore, the judgement of the court will remain readily accessible online; a benefit to any detractor seeking to capitalise on the misfortune of another.
In contrast, the Financial Conduct Authority (FCA) has adopted a cautious approach towards the rights of third parties who may be prejudiced by the contents of FCA warning and decision notices.
The Financial Services and Markets Act 2000 provides some protection for third parties, stipulating that notice must be given to the third party with an opportunity to make representations. A failure to do so may be challenged in the courts.
Until such time as a similar mechanism is provided, prominent businesses would be well advised to take proactive steps to protect themselves as part of good reputation risk management practices.
• Ensuring robust due diligence and transparency processes are in place when engaging third party business partners
• Ongoing monitoring of third party relationships to identify risks at an early stage
• Putting in place contractual requirements so that third party commercial partners are obliged to notify the business of its intention to enter into a DPA where there is the potential to impact the company.
If, as expected, the use of DPAs becomes more commonplace, companies will not only continue to face the challenge of ensuring their own conduct is beyond reproach, but will also face the task of ensuring they do not suffer collateral damage from a commercial partner; who in some cases may seek to minimise their own liability at the expense of a third party.
Natalie Sherborn is a senior associate and criminal barrister at Schillings