On 30 March 2011, the UK Ministry of Justice published its long-awaited final guidance1 (the “Guidance”) on the “adequate procedures” that commercial organisations operating in or from the UK should have in place to prevent bribery by a person associated with the organisation. These “adequate procedures” are the only defence open to a commercial organisation accused of the offence of failing to prevent bribery by a person associated with the organisation — a new strict liability criminal offence under the UK Bribery Act 2010 (the “Act”). In this Client Memorandum we assess the finalised Guidance and the steps commercial organisations operating in or from the UK should take over the next three months, before the Act comes into effect in the UK on 1 July 2011.
In our August 2010 Client Memorandum2, we outlined the core provisions of the Act and the implications for organisations doing business in or from the UK3. In our October 2010 Client Alert4 we considered the Ministry of Justice’s draft guidance5 on the “adequate procedures” that organisations should put in place and what investment management firms could be doing in advance of the Act coming into force on 1 April 2011, the original commencement date. However, as our more recent February 2011 Client Alert6 subsequently explained, the implementation of the Act was then further delayed by the Ministry of Justice so that the Guidance could be redrafted to make it more practical and comprehensive.
Both organisations and individuals need to be aware of the offences in the Act. The Act raises the maximum prison sentence for bribery convictions for individuals to ten years and the penalty for any organisation convicted of the new offence of failing to prevent bribery is an unlimited fine. Any conviction of a bribery offence by a UK financial services firm or an individual registered with the UK Financial Services Authority (“FSA”) as an approved person may well result in the individual or firm being prohibited from operating in the regulated investment sector in the UK.
The finalised Guidance is much simpler than the draft version. Both the draft and the final Guidance contain six core principles (“Principles”) that the Ministry of Justice considers commercial organisations should assess when putting in place their own “adequate procedures” to prevent bribery being committed by a person associated with the organisation. In accordance with the draft guidance, the Principles are not prescriptive and it is the Ministry of Justice’s expressed intention that they should be flexible and outcome-focused, allowing for a wide variety of circumstances in which commercial organisations may find themselves. There is no “one size fits all” approach. Organisations should consider what they should do to avoid bribery in the light of their own circumstances and risks.
As noted in our earlier Client Memorandum and Alerts, the Guidance will be of relevance to any commercial organisation that carries on business or part of a business in the UK and where it or a person associated with the organisation commits a bribery offence anywhere in the world. The Act has significant extraterritorial reach, although the Guidance clarifies that for the Act to be applicable to an organisation, that organisation needs to have a “demonstrable business presence in the UK.” A non-UK organisation will not be considered to be within UK jurisdiction simply because it has a UK subsidiary since “a subsidiary may act independently of its parent.” Moreover, the mere fact that a company’s securities have been admitted to the UK Listing Authority’s Official List and therefore admitted to trading on the London Stock Exchange, in itself, would not qualify that company as carrying on business or part of a business in the UK and falling within the definition of a relevant commercial organisation.
The definition of an “associated person” is broad, being someone who “performs services” for a business. However, the Guidance also explains that an organisation is only liable for the actions of its associated person if the bribe was intended (by the associated person) to benefit the organisation directly. A bribe paid by an employee of a subsidiary would normally be intended to benefit the subsidiary and not the parent company, even if the parent benefits indirectly. A US parent of a UK subsidiary that commits a bribery offence will not necessarily be caught unless the parent entity sanctioned the bribery.
A more pressing concern for many businesses has been to what extent they would be liable for acts of bribery committed by a joint venture partner. The Guidance considers two different types of joint ventures:
- Where the joint venture parties own a separate legal entity, the Guidance notes that a bribe paid by the joint venture entity may lead to liability for a member of the joint venture if the joint venture is performing services for the member and the bribe is paid with the intention of benefiting that member. However, the existence of a joint venture does not automatically mean that all members are associated persons.
- Where the joint venture is conducted through a contractual arrangement the degree of control that a participant has over that arrangement is likely to be one of the “relevant circumstances” that would be taken into account in deciding whether a person who paid a bribe in the conduct of the joint venture business was “performing services for or on behalf of” a participant in that arrangement. It may be, for example, that an employee of such a participant who has paid a bribe in order to benefit his employer is not to be regarded as a person “associated” with all the other participants in the joint venture. Ordinarily, the employee of a participant will be presumed to be a person performing services for and on behalf of his employer. Likewise, an agent engaged by a participant in a contractual joint venture is likely to be regarded as a person associated with that participant in the absence of evidence that the agent is acting on behalf of the contractual joint venture as a whole.
It seems likely that each case will turn on its own merits and the UK courts will have to assess on a case-by-case basis whether a UK subsidiary was truly independent of its non-UK parent entity or not.
The simple, straightforward wording of the Act raised many concerns in the UK media that all forms of corporate hospitality and entertaining would be viewed as bribery, and would therefore be prohibited by the Act. However, the Guidance states that the Act “does not seek to penalise […] hospitality or promotional expenditure which is reasonable, proportionate and made in good faith”. It clarifies that it was never the Government’s intention to prohibit bona fide hospitality and promotional expenditure aiming to improve an organisation’s image or establish good relations with clients or counterparties. Therefore, organisations can still entertain clients and contacts with dinners or entertainment at sporting events etc — where this is normal and proportionate for the relevant business sector in which they are operating. However, the Guidance draws attention to the fact that a bribery offence is more likely to be committed if the hospitality is excessively “lavish” — although it also notes that lavishness is “just one factor.” In practice, the Ministry of Justice has announced, that prosecutors will assess instances of alleged bribery based on all the facts available to them and the circumstances of the case; factors that might point to hospitality amounting to bribery will include the fact that it is not connected with legitimate business activity and it was concealed.7
The Guidance provides examples of acceptable hospitality, including taking clients to a sporting event, or paying for a foreign public official to travel for a site visit when directly associated with the organisation’s business. Most FSA-authorised firms will already have policies in their compliance manuals in connection with hospitality, gifts and entertainment8 and they should continue to exercise judgment and common sense as to what is reasonable and proportionate in their sector and for their business. Other organisations that do not have such policies and procedures in place should now be considering implementing them.
The procedures that should be adopted by commercial organisations wishing to prevent bribery committed on their behalf will be informed by the six Principles. The Principles are not prescriptive, but rather are intended to be flexible and outcome-focused, allowing for a variety of circumstances in which commercial organisations may find themselves. Bribery prevention procedures should always be proportionate to the risk of the commercial organisation. The Principles include:
1. Proportionality: The action that organisations take should be proportionate to the risks that they face and the size of the organisation and the nature and complexity of the business. A large organisation, especially one operating in overseas markets where bribery is known to be common, will need to do more to prevent bribery than a small organisation only operating in the UK or which otherwise operates in markets where bribery is not prevalent. The Guidance notes that organisations’ bribery prevention policies are likely to include certain common elements. As an indicative and non-exhaustive list, organisations may wish to cover the following topics in their procedures:
- The involvement of the organisation’s top level management.
- Risk assessment procedures.
- Due diligence on existing or prospective associated persons.
- The provision of gifts, hospitality and promotional expenditure; charitable and political donations; or demands for facilitation payments.
- Direct and indirect employment, including recruitment, terms and conditions, disciplinary action and remuneration.
- Governance of business relationships with all other associated persons including pre and post contractual agreements.
- Financial and commercial controls such as adequate bookkeeping, auditing and approval of expenditure.
- Transparency of transactions and disclosure of information.
- Decision making, such as delegation of authority procedures, separation of functions and the avoidance of conflicts of interest.
- Enforcement, detailing discipline processes and sanctions for breaches of the organisation’s anti-bribery rules.
- The reporting of bribery including “speak up” or “whistle blowing” procedures.
- The detail of the process by which the organisation plans to implement its bribery prevention procedures, for example, how its policy will be applied to individual projects and to different parts of the organisation.
- The communication of the organisation’s policies and procedures, and training in their application.
- The monitoring, review and evaluation of bribery prevention procedures.
2. Top Level Commitment: Senior managers and other persons at the top of an organisation are the persons in the best position to ensure that their organisation conducts business without bribery. Senior managers should take sufficient action (and record how they do this) to show that they have been proactive in ensuring that the organisation’s staff (including any middle management) understand that the senior management will not tolerate bribery. Senior managers may also wish to be personally involved in taking the necessary proportionate action to address any bribery risks. The Guidance notes that effective formal statements that demonstrate top-level commitment are likely to include:
- A commitment to carry out business fairly, honestly and openly.
- A commitment to zero tolerance towards bribery.
- The consequences of breaching the policy.
- Articulation of the business benefits of rejecting bribery (reputational, customer and business partner confidence).
- Reference to the range of bribery prevention procedures the commercial organisation has or is putting in place, including any protection and procedures for confidential reporting of bribery (whistle-blowing).
- Key individuals and departments involved in the development and implementation of the organisation’s bribery prevention procedures.
- Reference to the organisation’s involvement in any collective action (e.g., through the creation of business associations) against bribery in, for example, the same business sector.
3. Risk Assessment: Organisations should assess the likely bribery risks that they might face in their business in their particular sector. Many organisations will face little or no risk of bribery, especially if their business is undertaken primarily in the UK. Factors such as the particular country that the organisation operates in, the relevant business sector, the value and duration of any particular project and the people that the organisation engages with to do business will all be relevant. Risk assessment procedures that enable an organisation accurately to identify and prioritise the risks it faces will, whatever its size, activities, customers or markets, usually reflect a few basic characteristics such as:
- Oversight of the risk assessment by top level management.
- Appropriate resourcing — this should reflect the scale of the organisation’s business and the need to identify and prioritise all relevant risks.
- Identification of the internal and external information sources that will enable risk to be assessed and reviewed.
- Due diligence enquiries.
- Accurate and appropriate documentation of the risk assessment and its conclusions.
A bribery risk assessment should be both external and internal. The Guidance categorises commonly encountered external risks into the following five groups:
- Country risk.
- Sectoral risk.
- Transaction risk.
- Business opportunity risk.
- Business partnership risk.
The Guidance also provides a list of internal factors that may add to an organisation’s risk level:
- Deficiencies in employee training.
- Bonus culture that rewards excessive risk taking.
- Lack of clarity in the organisation’s policies on, and procedures for, hospitality and promotional expenditure, and political or charitable contributions.
- Lack of clear financial controls.
- Lack of clear anti-bribery message from the top-level management.
4. Due Diligence: Due diligence is established as an element of good corporate governance, in that commercial organisations should apply a proportionate and risk based approach to due diligence in relation to persons who perform services for or on behalf of the organisation in order to mitigate identified bribery risks. Knowing exactly who the organisation is dealing with can help to protect the organisation from taking on people who might be less than trustworthy9. In low risk situations, organisations may decide that there is no need to conduct much in the way of due diligence, whereas in higher risk situations, due diligence may include conducting direct enquiries, indirect investigations, or general research on proposed associated persons. Appraisal and continued monitoring of recruited or engaged associated persons may also be required, proportionate to the identified risks. It should be noted that an organisation’s employees10 are presumed to be “associated” with the organisation and, therefore, the organisation may wish to incorporate due diligence into its recruitment and human resources procedures to mitigate the risks of bribery being undertaken by employees.
5. Communication: Communicating the organisation’s policies and procedures to staff and to others who will perform services for the organisation enhances awareness and helps to deter bribery by making clear the basis on which the organisation does business. If bribery is likely to be a risk, it may be worthwhile considering whether additional training or awareness-raising would be appropriate or proportionate to the size and type of the organisation’s business. The Guidance comments that training should be proportionate to risk and could take the form of education and awareness-raising about the threats posed by bribery in general and in the sector or areas in which the organisation operates. It could be mandatory for new employees or for agents (on a weighted risk basis) as part of an induction process, but it should also be tailored to the specific risks associated with specific posts.
6. Monitoring and Review: The risks that an organisation faces and the effectiveness of any anti-bribery procedures may change over time. Organisations should monitor and review their anti-bribery policies and procedures and consider whether they need to be upgraded when their business changes or when they enter a new market or when some other change might mean that the policies and procedures are no longer “adequate.”
The Guidance also contains a set of eleven case studies11 which the Ministry of Justice comments it hopes will assist organisations in deciding what procedures might be most suitable to their organisation’s needs to help prevent persons associated with it from engaging in bribery.
On 30 March 2011, the UK Serious Fraud Office (“SFO”) and the UK Director of Public Prosecutions (“DPP”) also published their joint approach to prosecutorial decision-making under the Act (the “Prosecution Guidance”)12. The Prosecution Guidance requires that before prosecuting a bribery case the SFO and DPP must first be satisfied (1) that they have sufficient evidence that a prosecution has a reasonable chance of success and, (2) if so, that it is in the public interest to bring a prosecution.
The Prosecution Guidance analyses each of the offences in the Act and explains how the SFO and DPP will be interpreting them, giving examples of what evidential considerations might apply to the different offences, as well as examples of public interest factors that may be relevant. The Prosecution Guidance is particularly useful in the context of facilitation payments and corporate hospitality and organisations should be able to use the Prosecution Guidance for determining how vulnerable they may be to infringing the Act, the likelihood of being prosecuted if they do, and what they can do to minimise those risks.
Facilitation Payments — The Prosecution Guidance confirms that there is no exemption from the Act in respect of facilitation payments13 and that a prosecution will usually take place where such payments have been made unless the prosecutor is sure that the public interest factors tending against prosecution outweigh those tending in favour.
- The public interest factors against a prosecution include circumstances in which there is (1) a single small payment which is likely only to result in a nominal penalty, (2) the payment came to light as a result of a genuinely proactive approach involving self reporting and remedial action, (3) the organisation has a clear and appropriate policy setting out procedures an individual should follow if facilitation payments are requested and these have been correctly followed, or (4) the payer was in a vulnerable position arising from the circumstances in which the payment was demanded.
- The public interest factors in favour of prosecution include (1) large or repeated payments, (2) indications that the payment was premeditated, (3) an element of active corruption of the official, and/or (4) a failure to follow the organisation’s procedures.
Corporate Hospitality — The Prosecution Guidance reiterates that the Act does not seek to penalise legitimate hospitality and promotional expenditure but, the more lavish the hospitality, the greater the likelihood of an inference being drawn that, for example, it was intended to influence a foreign public official. This could be the case where the hospitality is not clearly connected with legitimate business activity or an attempt has been made to conceal the expenditure or activity.
If organisations have not already done so (once an organisation has determined that it is subject to the Act), a first step should be to conduct a risk assessment, considering any likely scenarios in which the organisation or anyone associated with it might possibly commit bribery.
Organisations with existing risk assessments and procedures are urged to use the next several weeks prior to the Act’s implementation to revaluate and retool, if necessary, their anti-bribery controls. While an organisation’s anti-bribery controls may have been adequate, they may no longer be sufficient and an organisation may identify gaps between its existing policies or procedures and what the Act requires.
Some organisations may determine that they face little risk of bribery being committed on the organisation’s behalf because its business is purely domestic without foreign business relationships. Although the Guidance advises that no complex procedures are required if there is very little risk of bribery, organisations without written anti-bribery policies and procedures risk not being able to rely on the defence.
If however, an organisation operates overseas, the risks may be higher. Other considerations relevant to bribery risk include the particular country in which business is conducted, the sector in which the organisation is dealing, the value and duration of any particular project(s), the kind of business the organisation wants to do and the people that the organisation engages with to do its business.
In order to be able to rely on the defence (should the need ever arise) the procedures that are adopted should be proportionate to that risk. Organisations should focus their efforts on high-risk areas, such as third-party relationships in high-risk jurisdictions and where dealing with foreign public officials.
For most small financial institutions with a small workforce and no agency arrangements there is unlikely to be a need for extensive written documentation or policies and there may already be proportionate procedures in place, for example, through existing controls over the organisation’s expenditure and accounting arrangements. It should be sufficient for the compliance officer (or other senior person with responsibility for anti-bribery policies delegated to it by the board or senior management (i.e., a top-down approach)) to ensure that new employees are informed of the organisation’s commitment to zero tolerance on bribery, with reminders for staff once a year to refresh them as to the organisation’s anti-bribery policies.
However, for larger financial institutions with overseas offices, foreign agents or joint ventures, it will be more important to adopt appropriate procedures and to communicate the organisation’s stance on bribery to those offices, agents and joint venture partners. The top-down approach will be critical and the management in charge of the day-to-day business should be fully aware of and committed to the objective of preventing bribery.
U.S. organisations operating in the UK should assess whether their compliance programs based on the U.S. Foreign and Corrupt Practices Act of 1977 (“FCPA”) are adequate to be “adequate procedures” and act as a defence — since the Act is wider than the FCPA — especially in view of the fact that the Act extends to bribery committed anywhere in the world and the Act prohibits facilitation payments of any amount, which are permitted by the FCPA. For more information on the interaction of the Act and the FCPA please refer to our earlier Client Memorandum14.