Compliance risks can arise in myriad ways in project finance structures. By Mark Hunting and Ronen Lazarovitch, partners at Bracewell (UK) LLP
Most commonly, what starts as a legal and compliance risk for one entity, can "leak" into becoming a systemic financial or operational risk affecting the project entity or single purpose vehicle (SPV), the sponsors/shareholders of the project and, in some cases, the lenders to the project – although the position of lenders is more nuanced and is not expressly discussed in this article.
Compliance risks generally arise from financial crimes such as bribery, money laundering, financial and trade sanctions violations or fraud. This article considers how those risks can materialise and leak through project finance structures to infect project SPVs and sponsors, including through: (1) allegations of bribery, fraud and tax evasion under the failure to prevent model; and (2) the new senior managers regime. We also consider below the practical steps that can be taken to limit such risks.
Allegations
In the UK and increasingly in other jurisdictions that follow similar models there are broad corporate offences under the failure to prevent model including: (1) failure to prevent bribery; (2) failure to prevent tax evasion; and (3) the incoming failure to prevent fraud offences. These apply on an extraterritorial basis, which means projects outside of the UK often come within the scope of such rules.
Each of these offences makes a company liable for the conduct of persons "associated" with it: employees, agents and service providers. Practically, this means where an associated person (corporate or natural) commits a fraud, bribery or tax evasion offence, the company will be automatically liable regardless as to whether it approved or knew of the misconduct.
This model can be particularly problematic in the project finance space because it can cause liability to pass between entities. Misconduct by construction contractors, construction managers, operations and management contractors, project management consultants and other contractors of the project SPV, as well as their subcontractors – collectively Contractors – to benefit the project, such as a bribe to obtain a necessary permit, can create liability for the project SPV, as well as the sponsors, and the public authority in public-private partnerships.
Such liability is expansive and can quickly become systemic to the entire project SPV and the sponsors. Enforcement authorities generally approach such misconduct on the basis that their jurisdiction is wide, and the tendency for corporates to settle mean this is rarely challenged in the courts. As such, enforcement authorities have argued that employees of Contractors are associated with not only the Contractor as their employer but also with the project SPV and the sponsors.
Sponsors and project SPVs have a defence where they can show that they had in place adequate procedures1 to prevent the underlying criminal offence. There is guidance on what may amount to adequate procedures; the essentials are that the parties should: conduct appropriate risk assessments; have in place proportionate procedures to prevent the underlying offence; conduct appropriate diligence; train and communicate their expectations to staff and third parties (as appropriate); demonstrate leadership; and continuously improve the programme.
It is worth noting that expectations as to what is proportionate will differ between parties. More may be expected of Contractors, and lead sponsors, than minority sponsors. Questions of control and influence will be relevant to deciding what is proportionate.
In addition to the corporate offences, there are also provisions that make directors automatically liable for the misconduct of the company in circumstances where they connive or acquiesce to the misconduct – this is a low standard in English law.
In this way, an investigation can expand to quickly cover a large proportion of entities and their directors involved, directly or indirectly, in a project. Even where an investigation can be limited in scope, there will be knock on implications:
* Such misconduct can lead to breaches of financial covenants and other funding issues, as well as fundamental breaches of contract that are capable of bringing down a project finance structure.
* Any authority in a public-private partnership is likely to be concerned about such misconduct and may seek to remove parties from having any further involvement in the project and/or recover any assumed or actual losses.
* Managing such investigations is expensive, and can require significant external assistance from lawyers, accountants and other service providers.
* Operationally, such investigations are likely to slow, stop or distract from the project resulting in commercial risk for the project.
* Parties convicted of bribery and some other offences may be disbarred from being able to bid for government contracts, or access funds from international organisations such as the World Bank.
* Other parties in the structure may bring civil actions to protect their interests. Such actions are expensive in themselves, but also complicate the strategy needed to deal with criminal enforcement actions.
It is worth noting that many of the risks identified above can occur, even where misconduct is only alleged and did not in fact take place. Scrutiny from an enforcement authority is generally intense and can take years to resolve. Much of the punishment and risk occurs during the investigation, rather than after any prosecution or conviction.
The failure to prevent model is currently undergoing expansion to include a new offence of failing to prevent fraud by a commercial organisation. This offence will come into effect in September 2025 and, like the offences identified above, will hold corporates liable for outward frauds committed by employees, service providers or agents.
In many ways this offence is much broader than the failure to prevent bribery or tax evasion offences. Fraud is very broadly defined and includes two very broad categories that are worth considering further: (1) fraud by misrepresentation; and (2) cheating the public revenue.
Fraud by misrepresentation is a broad offence covering any situation in which a statement is made dishonestly, which is or might be untrue or misleading for the purpose of getting a gain or causing a loss. This can cover a very wide range of business activities, especially in the procurement and business development space.
It is easy to see circumstances where an employee of a Contractor might dishonestly mislead a supplier (such as deliberately failing to mention something that is likely to make the procured service more expensive) or service provider to secure advantageous rates or some other advantage. This is capable, in certain circumstances, of causing the commission of a failure to prevent offence by the project SPV or a sponsor.
Cheating the public revenue is an equally broad offence, which includes any kind of fraudulent activity that deprives the revenue of money it is owed. This is particularly relevant for public-private partnerships where dishonest misstatements about the project might amount to a fraud for which the project SPV or sponsors might be responsible.
The new senior manager regime
In addition to the failure to prevent offences above, the non-financial services senior manager regime makes corporate entities liable for criminal offences committed by senior managers in an organisation. That is, where a senior manager commits an offence in the course of business, the entity is automatically guilty of the same offence.
This can have serious repercussions. In particular, (1) parent companies may be responsible under the failure to prevent model for the conduct of senior managers in subsidiaries that are liable under the senior manager regime; and (2) where a senior manager is a secondee they might create liability for their employing entity, notwithstanding they are on secondment, if they are acting within the scope of their apparent authority.
In both cases, misconduct by one individual in an operations role can move through the structure to reach sponsors via the project SPV itself.
* Practical management of compliance risk – Effectively managing these risks is paramount to avoiding the significant harms that project SPVs, and their sponsors can suffer when individuals engage in misconduct. There are two broad components to that: (1) effective compliance programmes that prevent, dissuade or limit misconduct, and provide legal defences; and (2) practices to limit leakage of compliance risk from Contractors to project SPVs and sponsors, should it occur.
Effective compliance programmes
It is essential that any entities within the project finance structure that have operational responsibilities have in place an effective compliance programme, which meets the adequate procedures requirement necessary for a legal defence. Helpful guidance on effective compliance programmes is available from the Ministry of Justice in the UK and the US Department of Justice.2
Particular focus should be given to managing third-party compliance risks and interactions with government officials. Effective due diligence, clear and sensible rules on providing gifts and entertainment, and appropriate segregation of duties are fundamental in this space.
Companies within the project structure will want to obtain appropriate contractual promises that Contractors have effective compliance programmes, as well as requiring that such promises trickle down through subcontractors and others that can create compliance risk for the structure.
Such clauses are valuable insofar as Contractors implement effective programmes. However, they are unlikely to save a project SPV or its sponsors, if misconduct actually takes place, unless the project SPV and sponsors can demonstrate that they had adequate procedures. This does not mean they should step into the shoes of the Contractor, but that they are comfortable that the Contractors’ programmes are effective, and they have set the right expectations.
Limiting leakage
It is not possible to fully mitigate compliance risk and, as noted above, significant harm can occur during an investigation, even where no wrongdoing has occurred. For these reasons steps should be taken to limit the potential for compliance risk to impact the entire project finance structure.
First, effective back-to-back compliance provisions provide good evidence to authorities as to where compliance risk should sit. But companies in the project structure should be wary about accepting compliance provisions that expand their liability. For example, over broad rights to control or direct the conduct of another party can create greater systemic risk if a minor breach occurs. In some cases, appropriate reporting and remediation provisions can sensibly limit compliance risk.
Second, sponsors and project SPVs should be clear with Contractors about their expectations, conduct due diligence to fully understand the risk a particular contractor might face, and in higher risk situations, act to make sure they are comfortable with Contractors’ programmes.
Finally, if there is misconduct or alleged misconduct, it should be properly and quickly investigated and dealt with in order to avoid systemic impacts on the entire structure. In higher risk jurisdictions it may be prudent to be clear as to who must fund and operationalise that investigation and remediation. Generally speaking, Contractors are usually in the best position to do so.
Conclusion
Compliance risk in projects can arise in a number of ways and have severe negative effects on entire group structures. Proper compliance programmes, combined with sensible steps to limit "leakage" are important ways to mitigate these risks. Sponsors will need to consider how they proportionately manage this risk to avoid compliance nightmares, without taking on risks that should properly sit with Contractors.
Footnotes
1 - “Adequate procedures” is the term from the Bribery Act 2010 (bribery), the Criminal Finances Act 2017 uses “reasonable procedures” (tax evasion), and the Economic Crime & Corporate Transparency Act 2023 uses “reasonable fraud prevention procedures” (fraud). Each broadly amounts to the same thing and for the purpose of this article we use “adequate procedures”.
2 - United Kingdom, Ministry of Justice, Bribery Act 2010 Guidance, https://www.gov.uk/government/publications/bribery-act-2010-guidance; US Department of Justice, Evaluation of Corporate Compliance Programs, https://www.justice.gov/criminal/criminal-fraud/page/file/937501/dl
To see the digital version of this report, please click here.
To purchase printed copies or a PDF of this report, please email leonie.welss@lseg.com
