The Bribery Act 2010
The BA came into force on 1 July 2011 with offences for individuals or corporate entities in both the public and private sectors. The primary offences under the BA are:
- bribing another person (section 1);
- being bribed (section 2);
- bribing a foreign public official (FPO) (section 6); and
- failure to prevent bribery (corporate offence) (section 7).
More about… bribing and being bribed
For the section 1 and section 2 offences, the promise of some advantage must induce or reward a person for improper performance of a relevant activity. "Relevant activity" will essentially include activities relating to any job or business. But the bribery can be direct or indirect, and may involve third parties, so the recipient of the advantage need not be the person who performs an activity improperly.
For the section 6 offence an FPO will include anyone with a legislative, administrative or judicial role outside the UK. Note there is no need to show "improper performance" – so the criteria for the offence are different from those for the section 1 and section 2 offences. Note also that a request for additional investment, for example, in a country's infrastructure may sometimes be legal – but only if the written law of the relevant country allows it.
More about… failure to prevent bribery
Legal entities ("relevant commercial organisations (COs)") commit the section 7 offence if an individual or entity "associated" with them bribes in order to get or keep business for the CO. Typically, an associated person will be someone who performs services for or on behalf of the company. The associated person can be an individual or a corporate entity and therefore branches, agents, service providers and employees will be caught by the section. Other group companies, including parents and subsidiaries, may be caught if they perform services for the CO. The two key points to note are:
- It is irrelevant whether the associate is itself committing any offence (it may not be, if it is outside the UK and the laws of the country where it is do not ban the behaviour).
- It is irrelevant whether the CO knows that this behaviour is occurring. What is important is that it must have procedures in place to prevent it from happening.
More about… who the BA applies to
The offences outlined in sections 1, 2 and 6 apply not only to anyone in the UK (regardless of their nationality or where their company was incorporated), but also those outside the UK with a "close connection" to the UK. The phrase "close connection" in this context usually means that an individual is a UK nationality or a company is incorporated in the UK. So they apply to branches of UK companies anywhere in the world, and to individuals with UK nationality or residency.
Section 7 merely requires the CO to be carrying out a part of its business in the UK. So any entity with any kind of business presence in the UK is caught, regardless of where the main part of the business is. There is no need for the associated person to have any connection to the UK.
More about… adequate procedures
There is a defence available to COs that have adequate procedures in place to prevent bribery. The Ministry of Justice (MOJ) has provided some general guidance as to what might be "adequate procedures", which should be tailored to the particular CO and based around six main principles:
- Proportionality – policies and procedures should be based on a subjective analysis of risk. Off-the-shelf policies or solutions would not be suitable.
- Top-level commitment – this is required from top-level personnel, typically at board level.
- Risk assessment of business operations – this should encompass an analysis of specific considerations relating to particular territories.
- Due diligence on those who perform services – this should be conducted on all associated persons of the commercial entity.
- Communicate policies to employees – this will normally take place through setting up employee training specific to particular roles.
- Monitoring, reviewing and updating – this should take place regularly to ensure policies do not become outdated or irrelevant.
More about… penalties
Companies can be subject to an unlimited fine if they commit offences under the BA. Individuals convicted of the section 1, 2 or 6 offences can be sentenced to a maximum of 10 years’ imprisonment and receive an unlimited fine. If an individual or company commits an offence with the consent of a senior officer, then that senior officer can also be guilty of an offence. Companies can also be barred from tendering for public contracts in the future.
More about… who will be prosecuted?
The UK prosecuting authorities (the Serious Fraud Office (SFO) and the Director of Public Prosecutions) will apply a two-stage test to decide whether to prosecute. Both must apply before there will be a prosecution:
- Is there sufficient evidence to secure a conviction?
- Is it in the public interest to secure a conviction?
The authorities will take into account a number of factors depending on the circumstances in question when deciding whether a prosecution would be in the public interest. For example, a one-off incident that has resulted in minor harm to the affected parties will normally not be prosecuted. Companies that have adopted a proactive approach to self-reporting and internal remediation will find themselves less likely to be prosecuted than those that have flagrantly and systematically breached the law.
In relation to the section 6 offence (bribing an FPO), an individual is unlikely to be prosecuted if they can show they were in a vulnerable position which resulted in them paying the bribe. This would include, for example, a situation where the payer felt compelled to go through with the bribe out of fear for his/her personal safety.
More about… hospitality and facilitation payments
One practical issue that has been of particular relevance to businesses operating in Africa has been that of determining acceptable levels of hospitality, as well as facilitation payments.
- When looking at what is an acceptable level of hospitality, one needs to consider industry norms, the question of proportionality, as well as issues of timing and other relevant factors. There is no absolute line between what is acceptable and what is not.
- Although the BA bans any facilitation payments, the SFO publicly recognised that facilitation payments, and requests for them, were not going to stop worldwide immediately. As a compromise, the SFO wanted a commitment to ensure that facilitation payments would stop over a certain period of time, after which the zero-tolerance approach would be adopted. They did not, however, specify what the suitable period of time might be or provide any guidance about how companies might seek to achieve this in particular jurisdictions.
The SFO has stated in various speeches and publications that it will look closely at companies that claim to have a zero-tolerance policy yet continue to operate in jurisdictions where facilitation payments are common. Such circumstances act as an instant red flag as far as the authorities are concerned.
The Foreign Corrupt Practices Act of 1977
After reviewing the BA, we turned to the FCPA. First, we noted a number of reasons why the FCPA may be important to the audience, including:
- the number of FCPA enforcement actions, against both companies and individuals, is on the rise, as are the penalties imposed;
- thanks in part to increased cooperation and coordination between international law enforcement agencies, the majority of those alleged to have violated the FCPA are non-US companies and individuals;
- the US Department of Justice and the Securities and Exchange Commission have widened the net of potentially violative conduct by applying expansive interpretations of key FCPA terms, including, for instance, taking the position that employees of partially state-owned or state-controlled enterprises are “government officials” for purposes of the FCPA;
- US law enforcement has ratcheted up its use of aggressive investigatory techniques, for example staging sting operations, relying heavily on undercover agents and cooperators, and conducting wiretaps;
- almost every industry has seen an FCPA enforcement action;
- the whistleblower provisions of the US Dodd-Frank Act of 2010, which reward those who report securities violations by public companies with 10 to 30 per cent of the government’s financial recovery, create a huge incentive for disgruntled current or former employees, competitors and others to report FCPA violations;
- according to a 2011 Dow Jones survey, more than half of all companies delay or avoid working with global business partners due to FCPA concerns; and
- a growing number of FCPA enforcement actions have been based on successor liability and/or third party liability, thus making it of crucial importance for firms to conduct thorough anti-corruption due diligence in advance of potential acquisitions or potential business relationships with international agents and contractors.
Next we provided a high-level overview of the requirements of the anti-bribery provision of the FCPA, including a discussion of:
- to whom it applies – US citizens and resident aliens, US companies (public or private) and their employees or agents of any nationality, foreign issuers listed on a US stock exchange, most non-US subsidiaries of US companies, and anyone who commits an act in the US in furtherance of a violation;
- what it prohibits – corruptly making a promise or offer, or authorising the payment, of a bribe or anything of value, directly or indirectly, to a non-US government official in order to obtain or retain business or gain an improper business advantage;
- the definition of a non-US government official – all branches of non-US government, all non-US government entities and “instrumentalities”, employees of public international organisations, non-US government-owned businesses, non-US political parties and party officials, and candidates for non-US public office;
- the limited exception for facilitation payments – i.e., small amounts of money paid to an officials in connection with his/her exercise of a non-discretionary (i.e. clerical) function, if recorded properly in a company’s books and in conformity with local law; and
- the two affirmative defences – i.e., bona fide promotional expenditures and actions that are lawful under the rules of the official’s home country.
We also briefly summarised the books and records provisions of the FCPA, which apply to all US and foreign companies with registered securities and companies that file reports with the SEC. These provisions require, inter alia, that corporate books and records accurately and fairly reflect the true nature of transactions and that companies implement a system of internal controls that prevents improper payments, ensures that transactions are executed with management’s authorisation, and ensures that assets are recorded in a manner that permits preparation of accurate financial statements.
We then provided an overview of the statutory penalties that can be imposed against companies and individuals for violating the anti-bribery and books and records provisions of the FCPA. Per violation, the penalty can entail millions of dollars in fines for a company and as much as 20 years in prison for an individual, not to mention ancillary harms that may result from an FCPA prosecution, including, for example, potential suspension or debarment from tendering for public contracts, the inability to import or export goods and/or services, extradition, and asset seizures.
Next, we reviewed several key distinctions between the BA and the FCPA, as summarised in this useful chart:
Click here to view table.
Finally, we noted that, while the FCPA is a somewhat limited tool for combating public corruption, in that it only applies to the bribe payer, not the bribe recipient, US law enforcement has utilised the money laundering statutes to prosecute allegedly corrupt non-US officials. The US has also utilised civil forfeiture statutes to try to seize the proceeds of corrupt payments out of the hands of allegedly corrupt non-US officials.
Getting your procedures right
Given the implications of what has been said above, there are a number of things that every firm should be doing on a regular basis:
- Establish senior management buy-in and support.
- Set up (and keep) a multi-disciplinary anti-bribery and corruption (ABC) team.
- Establish what laws apply to what business, and where.
- Conduct gap analysis.
- Conduct risk assessment.
- Identify key areas of risk/inadequate procedures.
- Agree and draft necessary changes.
Critical considerations include:
- Give support from the top but also have the right people on any project team. Consider what areas of the business are more likely to encounter corruption risks in their role and include them in discussions and planning.
- Know what laws apply to your business, where, to whom and when. Analyse how a firm does business, who is does business with and who it uses in the course of its business. Firms will also need to determine the nationality of their key employees, since this could mean a tie to a particular jurisdiction in terms of compliance.
- When going into a new country or area of business conduct a risk assessment and gap analysis to ensure new procedures reflecting the new risks are appropriate to the business.
- For multinational entities, it is still important to deal with risks on a firm-by-firm and case-by-case basis, even where there is a global overall ethics and compliance policy.
- Consider gifts and hospitality issues in the context of the business and what is proportionate. Who are the arrangements for? What are the industry norms? Who would otherwise pay for this form of hospitality? Do we require any approvals from the recipient or others? What levels of expenditure are likely to trigger such a need for approvals?
- Consider not only how to tell employees how to deal with requests for facilitation payments but also what the firm's stance should be – for example, publicly naming those who make these requests.
- Conduct due diligence on contractors and establish who are the firm’s "associated persons".
- Provide training and guidance for employees.
- Have whistleblowing procedures in place.
Each firm must establish how to apply its procedures across the business, so that the correct policies are applied to the right people, in the right way, to avoid unnecessary burdens. A blanket policy will rarely, if ever, suffice.
Practical Issues and Effects on Business in Africa
How draconian is the legal framework concerning anti-corruption? What are the associated implications for businesses in Africa and how can the measures affect competitiveness?
US and UK companies have operated in Africa for around 25 years with a lot of success. The FCPA has had a limited impact on this success, so, if properly handled, the BA should equally not affect success. A lesson from this is that the proportionate nature of a business’s response is key to being compliant with legal requirements and ensuring that competitiveness is still maintained.
Companies that were concerned about the potential impact of the BA on their business tended to fall into one of three categories:
- Those that took a cavalier approach – for example, they did not take measures to understand the implications of the BA or took the risk that they would not be of relevance.
- The majority of companies, which took a pragmatic and realistic view – the result of such reviews would invariably be that the BA would have a relatively minor impact.
- Those that panicked and conducted too much due diligence – typically in relation to contractors, agents and other third parties, which has negatively impacted their business.
The key to obtaining balance in this area is obtaining a proportionate response and this is tied up in the MOJ guidance. It is accepted that bribery as such is impossible to stop completely, therefore having in place the right actions and procedures is key to ensuring compliance and maintaining competitiveness.
- Do a risk assessment: This is crucial to any satisfactory protection under both the BA and the FCPA. Many companies will of course have this in place, having conducted a previous review, however the question more often than not is one of determining whether or not (and when) this requires review. For example, if a firm’s current procedures ensure it is compliant with the FCPA, these may require review in order to comply with the BA too.
- Do a gap analysis: This can be done internally or externally. Consider advice from consultants and external counsel, which can have the benefit of making documents privileged, which may be useful in the event of an investigation.
- Consider all the factors: The methodology surrounding risk assessments is to determine the internal factors in the organisation as well as the external factors. This includes, for example, third party and agent relationships connected with the business. It is vital to employ a risk-based approach specific to each relationship.
- A global strategy? Decide whether to use a global group risk strategy or use a more localised approach for certain jurisdictions. It is vital to note that some specifics will be required for certain jurisdictions.
- Deal with risks at the outset: Often a retrospective response to problems is time consuming and expensive, so it is better to confront and deal with any risks at the outset.
- Getting top-level commitment to dealing with anti-corruption issues is key. Managers are of course standard bearers for any ethical guidance and if this is unclear then such uncertainty can filter down into the organisation. It could even mean foregoing potential business opportunities in order to maintain compliance in the future.
- Having a strong compliance officer is key to a company demonstrating top-level commitment to anti-corruption. Consider also a local compliance adviser, and local non-executive committees.
- Due diligence issues remain crucially important in terms of protection under both acts. Mistakes can be disastrous for an organisation. But too much due diligence can be extremely expensive and time consuming. It is important always to consider proportionality. Consider categorising associated persons into high or low risk, starting with an assumption of low risk and moving certain persons or groups with specific characteristics up to high risk.
- In terms of what is required for low-risk associated persons, firms should conduct basic checks to see if any red flags appear. This might include, for example, state sanctions or negative historical media appraisals. In Africa this can be a challenge especially when the public record systems are not particularly robust. Be aware that fraudulent and/or false media reports might exist.
- Think about what the due diligence reveals – often red flags will appear, but what are the implications of this? Does it necessarily mean that the relationship must be terminated in its entirety? Potentially, a red flag could mean that companies go ahead with their business plans but impose restrictions on the associated person in the form of tighter discussions and/or negotiations to ensure they are compliant during the course of the relationship.
- It is vital to provide communication and training of policies in this area. A clear message is a must. In Africa, one issue is literacy amongst the people who may be a part of the organisation, and also language barriers that complicate the training process. Some of the best communication tools are as much visual as they are written.
- It may be the case that a company has a zero-tolerance policy towards bribery and corruption. It is also important to have a method to reward ethical behaviour.
- It is often a challenge to make sure associated persons for whose day-to-day management the firm is not responsible are aware of the firm's compliance policies.
- Companies should provide specific training focusing on third parties or, alternatively, they may choose to fly agents back to their headquarters in order to undergo training. Such interactions can confirm the business relationship and also allow a firm to impress upon associated persons their seriousness on the issue.
- Firms should also provide whistleblowing hotlines relating to bribery and corruption. A key issue will be where to locate the hotline within the organisation. In many firms, the hotline could be located in internal audit. However, this could potentially lead to conflicts of interests, where the risk of contravention in these particular departments is considered high. An alternative possibility is to house the hotline externally, engaging a third party who can manage the system.
The importance of monitoring
Continued monitoring is of vital importance. This is due to the fact that a company’s policies may look good now, but circumstances will inevitably change. Generally speaking, it is better to monitor more frequently and with less intensity than it is to conduct a major overhaul every few years. Many problems can arise in that situation.
What about the operational issues that are specific to Africa? Facilitation payments and issues related to associated persons are perhaps the two most common.
In Africa, the reality is that often the paying of bribes is the way in which business has been conducted in the past. The earlier that firms can assert their disapproval of such practices the better, as this can make the relationship easier to manage and maintain in the future, as well as manage expectations.
Any sort of payment designed to change behaviours retroactively will cause a problem.
Contracts with third parties – some tips
- Due diligence: For third parties in particular, the first way to deal with risk is to conduct thorough due diligence. It may be necessary to spend a lot of time negotiating tight contractual relationships, for example through outlining the payment structure in a transaction, to avoid surprises later.
- Length of contract: Consider shortening the length of contractual relationships with key third parties so that this forces a review and/or renegotiation each time an issue of compliance is brought up.
Joint ventures: Another challenge is joint ventures. Inherently, these structures have risks associated with them. Indeed one key reason for pursuing a joint venture in the first place is that the market is higher risk; therefore firms can avoid a 100 per cent commitment. Whatever the reason, one downside to a joint venture is that a share of the risk is inherited from a partner, which the firm does not control. It is therefore important to conduct very thorough due diligence with regard to any potential joint venture partner.
- From the outset, firms need to place great emphasis on their compliance with corporate governance, for example retaining the right to audit the joint venture that is formed. Such mechanisms instil the seriousness of corporate governance and are important in emphasising a firm’s commitment to this.
- Companies should have at least one person loyal to them on the board of the joint venture and (if possible) possess management control. This will allow the company certain veto rights on key policies, for example.
- Another practical recommendation is to have slightly shorter rotations for personnel operating in the local joint venture, so that no one is in a permanent position and reviews/replacements may take place on a regular basis.
- Another idea is to have mandatory vacation periods for certain personnel, so the firm has a chance to put temporary people in roles where they can keep tabs on areas that are a compliance concern.
- A joint venture agreement will need clauses specifically dealing with issues relevant to the BA and other relevant pieces of legislation. It should include an outline of other related policies and procedures, for example hospitality policies and the like.
Anti-corruption is becoming more and more of a reality in business and regulation is not a western government phenomenon. Various emerging markets are in the process of trying to put similar measures in place. China, for example, is making progress at government level on developing legislation, as are India and Nigeria.
The key message is that the sooner a firm can build procedures and policies into its business plan, the sooner it can ensure it is more competitive and more sustainable.
Question and Answer Session:
1) Should companies not domicile their operations in certain jurisdictions? How important is the choice of base of operations when it comes to anti-bribery and corruption?
From a UK lawyer’s perspective, we do not specifically advise against domicile in a particular jurisdiction. There can of course be problems based on perception of a country and also issues relating to doing client due diligence for anti-money laundering purposes. Anywhere you have dealings where there is a historical reputation for bribery/corruption is going to bring some people concerns. This “bad publicity” in the form of negative impressions is therefore something to bear in mind. A well structured financial jurisdiction could help people glean comfort. But, if your reasons for setting up in a less reputational jurisdiction are legitimate, we would not go so far as to suggest you do not base yourselves there. From the perspective of the FCPA, the question of domicile will not be relevant either.
2) To what extent do African governments rely on existing US and UK measures to control bribery and corruption? Are these governments thinking of enacting their own local laws here?
One must of course consider local law requirements regardless, but often the problem is one of enforcement. African governments generally are taking more interest in this area; therefore it is likely they will legislate. One has to view crime prevention as a whole and there has been a lot of criticism directed towards Africa. A number of nations have enacted laws in response to this.
3) Please explain the principle (noted in Hugo Williamson’s presentation) on treating all associates initially as low risk. Is this really recommended and advantageous?
This is simply a method of filtering at the outset to avoid becoming swamped. It could become a financial burden and inhibit conducting business across the board if a firm conducts too much due diligence. So, rather than going in with too high a level of due diligence, this can be used as a starting point, then analysis can be conducted on the basis of that. There are of course a lot of exceptions to the general rule of all starting out low risk and your risk assessment will address this. Each category and company will be different. Some associates will be high risk from the start, of course.
4) If you conduct some due diligence on an agent and a red flag comes back relating to bribery, you said special controls could be employed to avoid terminating the relationship entirely. What methods might you use?
This would vary greatly depending on issues raised and the specific nature of the circumstances for that individual. The general point was that a red flag isn’t necessarily the end of the potential relationship. Firms could obtain the views of external counsel to help assess whether it would be possible to manage the relationship on an ongoing basis. Note the critical importance of in-depth due diligence when it comes to entering into a joint venture. Discovering something negative after having entered into the venture could be a huge problem. Companies subject to the BA should ensure they have protective clauses and warranties in the joint venture agreement and make sure the person signing it has read and actually understood it. Do they know, for example, what these clauses might mean in practice? We recommend explaining what is required in plain English and not just by reference to the legislation.
Beware also that competitors can initiate these kinds of investigations. The SFO relies very heavily on whistleblowing, particularly in the wake of recent budgetary cuts to the organisation. Firms should therefore note the importance of keeping staff well motivated, as whistleblowers tend to be disgruntled employees.