The global fight against bribery and corruption has been centre stage in recent months, thanks to high profile scandals such as those involving FIFA and the fixing of LIBOR. The climate is one of increasing intolerance of bribery.
The UK’s law on bribery, the Bribery Act 2010 (the Act), applies to UK companies’ activities both at home and abroad (so called ‘extra-territorial reach’). The Act is sometimes described as the toughest anti-bribery law in the world.
Businesses cannot afford to be complacent, and those in the technology sector are no exception. Risks for tech companies can particularly arise in the following situations:
doing business with organisations based in countries which have high levels of corruption (see the index published by Transparency International for the worst offenders);
doing business with organisations in particularly high risk sectors (eg large scale infrastructure and extractive industries);
certain types of business (eg public procurement contracts);
dealing with foreign public officials; and
using or dealing with intermediaries rather than directly.
As technology projects and IT outsourcing are prevalent across virtually all sectors and in all countries, tech companies can easily find themselves in a high risk situation. That is even more so when tendering for or negotiating public procurement contracts and/or conducting business with foreign public officials, or with intermediaries.
Penalties under the Act are potentially severe – prison sentences, unlimited fines, debarment from tendering for UK public sector contracts, reputational damage, and a personal criminal record and disqualification from being a company director for any individual involved in the bribery.
So how can tech companies protect themselves and stay compliant?
Recap of the offences under the Act
The cornerstones of the Act are the four main bribery offences:
offering or giving a bribe;
accepting a bribe;
bribing a foreign public official; and
failing to prevent bribery.
This last offence (the section 7 ‘corporate’ offence of failing to prevent bribery) has caused particular concern for businesses due to the potential liability they could face if they fail to prevent ‘associated persons’ from engaging in acts of bribery on their behalf.
An associated person is defined as a person who performs services for or on behalf of the organisation and could include, for example, employees, agents, subsidiaries or suppliers.
In apparent recognition of the fact that organisations may not be able to prevent every potential act of bribery, legislators included a statutory defence to the section 7 offence (see below).
As mentioned above, the Act is also notable for its extra-territorial application. An offence will have been committed under sections 1, 2 or 6 of the Act (offering or giving a bribe, accepting a bribe and bribing a foreign public official) if any part of the offence is committed in the UK, or if the offence takes place outside the UK but the person/entity has a sufficiently ‘close connection’ with it (eg being a British citizen, resident of the UK, or being incorporated in the UK).
For section 7 the application is even wider – a section 7 offence will have been committed under the Act regardless of where in the world it took place so long as the organisation in question is either incorporated in the UK or carries on business or a part of its business in the UK.
Adequate procedures defence
Organisations may have a full defence to the offence of failing to prevent bribery if they can demonstrate that they have adequate anti-bribery procedures in place. The Government’s published guidance on what constitutes ‘adequate procedures’ focuses around six guiding principles. Briefly, they are:
1. Proportionate procedures
The core principle underlying the guidance. It means that the measures that an organisation takes to prevent bribery should be proportionate to both its size and to the particular risks that it faces. For example, those doing business in higher risk countries or with those in high risk industries, and those businesses relying on third party intermediaries or conducting negotiations with foreign public officials, will be at a higher risk. Conversely, if a business only does business in the UK, the risk will be considerably lower.
2. Top-level commitment
Those at the very top of an organisation from CEO and board level downwards are expected to demonstrably foster a culture where bribery is unacceptable (the ‘tone from the top’).
3. Risk assessment
Organisations should assess their level of bribery risk so that they can make informed decisions on how to manage the risk by putting appropriate procedures in place.
4. Due diligence
Organisations should know exactly who they are dealing with by carrying out appropriate due diligence investigations.
5. Communication (including training)
It is not enough simply to have procedures in place. They must be regularly communicated and fully understood and applied throughout the organisation, including to those based abroad. Communication should be a two way process so that procedures should be in place to allow staff to blow the whistle safely without fear of reprisals.
6. Monitoring and review
The risks an organisation faces can change over time and it is important that procedures are consistently updated and revised.
This article is an abridged version of an article originally published in Commercial Litigation Journal in August 2015.