Alert

Recommended Alerts

Sign Up For Alerts

DOJ Updates FCPA Corporate Enforcement Policy

On November 20, 2019, the Fraud Section of DOJ’s Criminal Division announced changes to its Foreign Corrupt Practices Act (“FCPA”) Corporate Enforcement Policy (“the Policy”). The Policy, which began as a pilot program in April of 2016 and was formally introduced in November of 2017, rewards companies for voluntarily self-reporting violations of the FCPA.

Read More

UK Information Commissioner’s Office seeks further criminal powers


Time to Read: 4 minutes Practices: Government Enforcement / White Collar Criminal Defense, Data, Privacy & Cybersecurity

Printer-Friendly Version

The UK Information Commissioner recently published a consultation paper inviting views on the ICO’s proposal that it should be granted investigation and asset recovery powers under the Proceeds of Crime Act 2002 (“POCA”).

The powers the Information Commissioner is seeking at this time are:

  • To apply to the court for Restraint Orders (under Part 2 of POCA);
  • To apply to the court for Confiscation Orders (under Part 2 of POCA);
  • Cash seizure, detention and forfeiture from premises (under Part 5, Chapter 3 of POCA);
  • Asset seizure and forfeiture from premises (under Part 5, Chapter 3A of POCA);
  • To undertake investigations (including search and seizure warrants) to support the proceedings sought above (under Part 8 of POCA); and
  • Access to information relevant to the investigation of money laundering offences.

The ICO is also seeking relevant authorisation powers that will enable it to exercise the powers referred to above.

Why is the ICO seeking these powers?

Although much has been made of the increased financial penalties under the General Data Protection Regulation for civil breaches of the Data Protection Act 2018, the ICO notes that the only sanction available to the courts following a criminal conviction is a fine. Such fines are often less than the financial gain that may have been made by the offender. The ICO has expressed concern that this will lead to a disparity between the sanctions imposed for criminal breaches and civil breaches. This will have an impact on the punitive and deterrent effect of such sanctions.

In addition to addressing these potential imbalances, the ICO’s proposal is based upon some practical considerations. Firstly, although the ICO may face some significant challenges from subjects of investigations to attempts to restrain, seize, detain or forfeit assets, using these new powers (if granted) would provide it with tactical advantages during investigations. Subjects of those investigations would no longer have access to potentially significant sums alleged to be connected with misconduct. Those sums would otherwise be available to subjects of investigations to fund their defence.

Secondly, although the ICO’s consultation paper does not make explicit reference to the UK Government’s Asset Recovery Incentivisation Scheme, under which law enforcement authorities and prosecutors each receive 18.75 per cent of confiscated assets, it is likely that the ICO would wish to participate in the scheme. The Government has said that there is scope to increase the breadth of agencies who are empowered to identify and seize illicitly obtained assets1.

How often would the ICO use these powers?

The ICO suggests that only one of its investigators would obtain the accreditations required to enable it to exercise the powers, which may indicate that the powers would be used relatively rarely. Cases in which it is able to establish a sufficiently strong correlation between particular assets and conduct amounting to a data protection criminal offence in order to persuade a court to restrict access to those assets may be rare.

It is also likely that it would take time and/or require some refinement of current arrangements to enable the UK Financial Intelligence Unit (part of the National Crime Agency), which acts as the hub for Suspicious Activity Reports filed under UK AML legislation, to effectively identify and pass to the ICO information relevant to decisions about whether to seek to restrain or take other action in respect of suspects’ assets.

What would be the likely practical issues with the use of these powers?

The consultation process is likely to lead to discussion of a number of potential practical issues with the use of asset recovery powers by the ICO. One key question will be how expansive an approach the ICO would take to quantifying the “benefit” (the term used under POCA to describe the amount liable to be confiscated) that has accrued to individuals or organisations as a consequence of committing data protection offences.

In cases pursued by other agencies in respect of economic offences, this is typically the subject of intensive discussions and challenges, particularly where monies connected with the offences have been mixed with those obtained from other sources. Similar, potentially very complex debates and challenges would be likely to follow attempts by the ICO to exercise asset recovery powers.

What happens next?

The ICO has invited responses to the proposed extension of these powers by 6 December 2019. Although it has not set out how it proposes to proceed after that date, it is likely that it will wish to provide input into the review of various parts of the UK asset recovery regime under POCA, currently being conducted by the Law Commission (which has indicated that it intends to launch its consultation exercise in early 2020).2

In lobbying for the extension of powers, the ICO is issuing a statement of intent. It is clear that it remains committed to the flexible and aggressive use of enforcement action, including through the continued use of criminal investigations and prosecutions in appropriate cases.

Printer-Friendly Version

Cookie Settings