Skip to content

Global Investigations and Enforcement bulletin: Our pick of the top trends and business tips around the world, July 2023

6 July 2023

As we look to the second half of 2023, we reflect on some key themes which dominated the headlines and give our take on what we expect to see for the remainder of the year.

Bribery and Corruption

In the UK, the Economic Crime and Corporate Transparency Bill continues to slowly make its way through the House of Lords, although it perhaps raises more questions than answers.

In its latest form, the bill introduces a ‘failure to prevent fraud’ offence (following many calls for its formation following the prosecutorial challenges of the identification principle). Notably however, the offence only applies to regulated and non-regulated bodies for fraud offences only (not money-laundering). It also only applies “large organisations”, or those that satisfy two of the following criteria in the financial year preceding the offence:

  • More than £36 million in turnover,
  • More than £18 million in total assets, and
  • More than 250 employees.

In the US, the SEC and DOJ have continued its active enforcement. In April, the DOJ have obtained a $629 million Deferred Prosecution Agreement settlement with British American Tobacco and its subsidiary in relation to its bank fraud and sanctions violations in respect of illegal tobacco sales to North Korea. This was shortly followed by charging the facilitators.

In May, the SEC fined Royal Philips $62 million in relation to FCPA bribery violations during its Chinese public procurement processes and influencing public officials.

Auditors’ questions and legal privilege

As we predicted in our January bulletin, auditors are increasingly intrusive and asking questions, especially in the context where misconduct is suspected. We continue to see this in the form of companies conducting proper internal investigations and being able to demonstrate that the company followed correct processes before a clear audit is signed off. More enforcement action and brand-new guidance from the FRC continues to drive this point home.

The first half of 2023 saw the Financial Reporting Council (FRC) issuing a fine of £3.4 million to KPMG in respect of its audit failure of Rolls-Royce in the latest of severe reprimands by the FRC on auditors. The Deputy Executive Counsel to the FRC has emphasised the importance of auditors having sufficient professional scepticism and the FRC’s robust approach to enforcement underlines this.

More recently on 22 May this year, the FRC published its new Minimum Standard for Audit Committees and the External Audit. This guidance consolidates previous guidance and seeks to ensure a consistent approach of audit committees of FTSE350 companies.


  • The rise in enforcement action on auditors for past mistakes and sloppy audits puts the pressure on auditors to ask questions of the company. From the examples we have seen, this is especially true where there is also an allegation of ethical misconduct of some kind.
  • The company will need to be ready to respond to the auditors’ questions and demonstrate that procedures have been followed and efforts have been taken to investigate matters thoroughly where necessary. The team at HFW can assist clients with all stages of an external audit, from preparing initial responses to audit queries, to conducting a legally privileged investigation and preparing an investigation report for auditors. It is important to properly deal with auditor enquiries but also to keep in mind that information given to auditors is likely not going to attract legal privilege. If there is ongoing civil litigation or potential regulatory interest then the provision of information must be handled carefully to ensure that the Company’s legal position is not adversely impacted in doing so. HFW is well versed in helping clients deal with these issues.

Whistleblowing continues to snowball – US pays $279 Million Dollars to a single whistleblower

In our January Bulletin, we predicted that whistleblowing claims were expected to increase. Six months on, the prevalence of whistleblowing remain a key pillar in the global investigations space, being used in examples to report claims of employment disputes, ethical misconduct, or criminal conduct (including economic crime).

In the US where whistleblowing has historically been rewarded, in May 2023 the Securities and Exchange Commission’s (SEC) Office of the Whistleblower announced that it had issued its highest award to date, nearly USD $279 Million, to ‘a whistleblower whose information and assistance led to the successful enforcement of SEC and related actions’, noting that their assistance ‘expanded the scope of misconduct charged’.

This is obviously an eye watering sum. The US whistleblower bounty scheme is open to all. Every year the US Office of the Whistleblower publishes a report the most recent report contains this telling statement: “Finally, the Whistleblower Program has become fundamentally international in character, with tips received from all over the world. In FY 2022, the foreign countries from which the highest number of tips originated were Canada, the United Kingdom, Germany, China, Mexico, and Brazil. Domestically, the states from which the highest number of tips originated were Florida, South Carolina, California, Texas, and New York.”

In the UK in April 2023, MPs in the House of Commons introduced a Whistleblowing Bill which would have the effect of creating an Office of the Whistleblower with a similar remit to its Stateside equivalent, to ‘protect whistle-blowers and whistleblowing in accordance with the public interest.’ The Bill is currently going through its 2nd reading in the House of Commons, so we suspect any substantive legislative reform may still be far on the horizon.


  • It is in the company’s best interest to maintain adequate whistleblowing hotlines and procedures to deal with claims appropriately. The risk of not doing so, is that the whistle-blowers may take their claims directly to other law enforcement, regulatory authorities and/or the press and wider media.
  • In the context of a commercial dispute, there is a further risk that whistleblowing allegations and associated criminal complaints will be used as a strategic pressure tactic by the opposing party.
  • Proper procedures including any non-retaliation policies, allow the company to investigate and get to the bottom of the matter at the earliest possible opportunity, and remediate where necessary.
  • We strongly recommend whistleblower channels are reviewed to confirm that they are operating correctly and fit for purpose to reduce the risk of whistleblowers resorting to the press and law enforcement to have their complaints dealt with. If you would like HFW to review your procedures please get in touch.

Personal devices

The concerns surrounding the use of third-party devices and messaging apps in a business context continue to be hotly discussed. We recently wrote a briefing about the use of these devices and also in our January Bulletin

The US Department of Justice (DOJ) in March 2023 issued guidance on this topic in the revised guidance on the Evaluation of Corporate Compliance Program. In it, there is explicit reference to the obligation on prosecutors to “consider a corporation’s approach to the use of personal devices as well as various communications platforms and messaging applications, including those offering ephemeral messaging”.

While there is clearly no one-size-fits-all approach (and the new guidance acknowledges this), the overarching message is clear: corporate compliance programmes should include provisions for the accessibility and preservability of the electronic data held on such devices.


  • We predict that this issue will also gain traction in other jurisdictions. At its core are the very basic necessities for a business to retain adequate books and records and be able to adequately oversee what those are working for it are doing in its name. For companies that have a US nexus, the new DOJ guidance should be carefully considered. Corporate compliance programmes should be reviewed to ensure that in the event their employees utilise such devices or messaging apps for business communications, such communications should be able to be preserved.
  • If your company uses third-party devices or external messaging apps for business communications, consider whether these are covered by your company’s existing compliance policies. We have extensive experience assisting clients with queries on this topic; please reach out to the team to see how we can assist.

Sanctions and self-sanctioning

Following the anniversary of the Russia/Ukraine war and a rapidly shifting sanctions landscape, with potentially more sanctions packages to come, we are beginning to see a steady increase in regulatory activity.

The global coordination of sanctions regulators both bilaterally (i.e. the OFAC-OFSI Enhanced Partnership, the OFAC-EU bilateral partnership) and multilaterally (i.e. the new sanctions pledged to arise out of the G7 summit in Japan) mean that there is already increased data sharing between jurisdictions and export authorities in order to capture alleged sanctions breaches.

In our experience, sanctions regulators have been initiating investigations in the form of administrative queries. For example, the Swiss Secretariat for Economic Affairs (SECO) has been writing to companies outlining suspected breaches and asking for more information and targeted questions in the first instance. While not obligatory, the consequences of not answering questions may result in a raid or search of the business premises.

From a practical perspective Banks and other financial institutions are in many cases self sanctioning beyond the legally imposed sanctions.


  • When faced with such questions from regulators, it is important to engage and cooperate. Getting to the bottom of the facts and applying the (often complex) sanctions with the advice of external legal counsel is advisable and we have advised various clients in this regard including in circumstances where a regulators suspicions have been, on analysis, unfounded and we have successfully had investigations terminated.
  • Additionally, we continue to emphasise the importance of conducting due diligence screening on third parties and intermediaries, which remain the biggest risk for businesses’ sanctions compliance. This is more so the case given the UK’s recent update to the position on trustees assisting in potential sanctions evasion.
  • Likewise, we have significant experience in advising clients dealing with enquiries from Banks and other counterparties about their trading activities and concerns raised by the Banks and counterparties in respect of potential sanctioned activity and reputational risk to the bank.
  • If you have received an enquiry from a sanctions regulator or bank or other trading counterparty, please reach out to see how we can help.

Global Commodities Compliance Forum Launched

On June 15 our inaugural global Commodities Compliance forum launched and leaders from Commodity traders responsible for compliance joined us and our special guest Stevyn Colgan to hear about current issues and how to prevent problems. Steve gave us his own unique take.

Steve Colgan, author, speaker, and quiz setter for QI.

Steve worked for twelve of those years as part of a unique team called the problem solving unit. With no budget and laughable resources, they were given an extraordinary brief – to solve problems of crime and disorder that wouldn’t respond to traditional policing. They were told they could try anything as long as it wasn’t illegal, wasn’t immoral, wouldn’t bring the police into disrepute, and didn’t cost very much.

The event was an opportunity to learn from and network with other professionals within the compliance industry online and was the first of what will be a regular quarterly feature. We will be back in September with another thought provoking guest speaker with our next forum. If you would like to be included on the mailing list for an invite please let us know.