Can your business show that it has adequate procedures in place to prevent bribery? If not, learn how an initial risk assessment of your bribery risk can inform and focus this process. 

The Bribery Act 2010 came into force on 1 July 2011, with wide ranging scope in both domestic and internal contexts. An objective going to the core of the Act was an attempt to strengthen the UK's position on bribery and corruption in a global context. 

Consequently, it is imperative for companies to be aware to the Act in practice and the implications of falling below the expected standard.

Importantly for companies, the Act extends the scope beyond an individual transaction of giving or receiving a bribe, through the introduction of the corporate offence of failing to prevent bribery (section 7 of the Bribery Act 2010).

The offence under section 7 automatically applies if anyone associated with a company has paid a bribe and extends to third parties who act on behalf of a company. 

The only potential defence for an organisation is one of having adequate procedures in place. This corporate offence and corresponding due diligence defence puts great importance on organisations to not only adopt appropriate anti-bribery policies but to also actively embed the principles in their day-to-day business culture.

Due to the subjective manner of what is termed 'adequate', the Ministry of Justice has published important further guidance about procedures that companies can put into place to prevent persons associated with them from bribing. This guidance encourages a six principles-based approach as a benchmark for company policies and procedures.

Understanding risk

There is an ever important emphasis on companies understanding the inherent risks associated with operating within certain sectors and industries. A risk-based approach should be adopted to analyse the current policies in place designed to mitigate corruption or bribery, expose any flaws or inadequacies in the policies and focus on high risk areas. An effective risk assessment should lead to detailed recommendations of remediation works to ensure compliance with the Act.

Risks are categorised into two areas, internal and external risks:

  • Internal risks arise through, amongst other areas, inadequate knowledge of employees regarding policies and bribery risks, the payment structure of the company and flawed policies relating to hospitality and gifts.
  • Companies are also however exposed to a number of external risk factors, mainly through the countries they operate in, particular sectors and the transactions they are engaged in. For example, some jurisdictions are perceived to have higher risks than the UK, due to inadequate or entirely absent bribery legislation and those operating internationally should be diligent to the risks.

The inclusion of third parties acting on behalf of the company and agents of the company creates an additional element to the due diligence process for outsourcing. The degree of due diligence required depends on the risk correlating with the sector, as identified by the company's risk assessment.

To the relief of many, the procedures implemented by companies should be proportionate to the risk identified and the scale of the organisation. Not only can effective assessments therefore help target company procedures on those medium/high risk aspects of their operations, but they can also help to avoid excessive procedures being implemented in lower risk areas.

Communicating procedures

The risk of falling within the scope of the Bribery Act 2010 should be a serious concern for companies. It is not enough to simply have the policies in place. Companies need to communicate their procedures across the business, through training or any such means deemed appropriate. This often neglected aspect of the implementation of effective procedures, along with the need for on-going monitoring, is essential to ensure the procedures continue to mirror the needs of the company, reflecting growth and market factors exposing new areas of risk.

It is abundantly clear that the onus is on companies to be pro-active in their responsibilities. The Act creates an accountability concept for the actions of their employees and contracted third parties.

However, it can become a manageable compliance framework for the company to work within and result in an overall benefit, both internally and externally. It can be achieved through companies engaging in thorough risk assessments and embedding appropriate policies in the day to day culture of the company alongside on-going monitoring and training.