We are often told, particularly by American clients, that their organisation is already FCPA compliant, “so isn’t that enough for the Bribery Act?....what more do we need to do, if anything?”. To understand what more needs to be done necessarily requires understanding the key differences between these two world-leading anticorruption statutes. Once you have understood those differences, it follows that it is likely that your compliance programme may require some consequential adjustments to reflect some of these differences in order to bring your existing FCPA programme up to speed with the new UK Act. Some of it will require changes to your anticorruption policy and your gifts and hospitality policies. Much of it will also need to be reflected in your training and education materials and computer based training modules, but also in other parts of your compliance programme, discussed below. And don’t forget that the people you should be getting involved with your compliance programme are not just your own staff but also any person “associated with” your organisation i.e. performing services for it. This could include contractors, advisers, joint venture partners and a whole list of other categories of persons with whom your organisation may have a relationship. See earlier blog posts in the BriberyLibrary for more detail, in particular my own post of 14th February 2011.
The principal differences between the FCPA and the Bribery Act include:
- The Bribery Act is wider in scope than the FCPA as it covers all corruption, including by and of the private sector, and not just corruption of foreign public officials. You may well need to amend and broaden the policy definitions of corruption and of “public officials” so that it covers all sorts of government and other public officials. There is also case law in developing the US as to how the DOJ and the SEC are pressing the courts to interpret “foreign public official” more widely.
- The Bribery Act prohibits both payment and receipt of bribes i.e. active and passive offences. You will need to ensure that both sides of the corruption coin are captured by your programme and also to update your training documents.
- A business nexus is not required for Bribery Act general offences under sections 1 and 2 of the Act although it is under the FCPA. Required action includes amending the wording of policies and training documents.
- The wider scope of the Section 6 strict liability corporate offence under the Bribery Act. You’ll probably need to amend the wording of your policies and training documents to ensure that the corporate liability is properly understood. This is the offence that causes most risk to the organisation itself.
- There is no “adequate procedures” defence under the FCPA. The differences should be addressed in the training sessions. In both jurisdictions, having no adequate procedures will give you an enhanced risk of liability.
- The Bribery Act does not allow facilitation or grease payments. In fact the SFO are constantly at pains to point out that the old law never did, either, but one might be forgiven for thinking otherwise for I am not aware of any prosecutions of facilitation payments. Please email me if you know of any in the UK. Some US corporates’ policies ban facilitation payments altogether, to make life simpler and to avoid this exception being misconstrued in any way which might then “cross the line”. Other companies stick to the FCPA allowance of them (because this suits their business and presumably because they believe that they have to pay them from time to time). This is clearly not in tune with the Bribery Act, so this aspect should be looked at very carefully and discussed with the business people in the organisation. Training should be given urgently to employees or others associated with your organisation who habitually pay facilitation payments. Also I would draw your attention to a recent blog post by my colleague, Rose Parlane, on the new guidance by the Serious Fraud Office specifically on how to try to stop paying facilitation payments, and how British prosecutors will regard such payments if you have continued to pay them. One point is that you should keep a log of such payments and a note of why they were paid and why you think that they were unavoidable. So the payment should be transparent. To do otherwise makes the payment look awkward and wrong.
- There is no express bona fida business expenditures defence under the Bribery Act. In practice, the Serious Fraud Office will look at the facts of every case. Put simply: either they are bona fida or they are not. You do need to keep a log of your expenses and their justification.
- Penalties are more severe under the Bribery Act both in terms of financial penalties and in terms of length of prison sentence. This should be covered in the policy and training, so that staff are fully aware.
- Debarment from public contract tendering differs between the US and the EU. If you sell into the public sector, these provisions alone ought to give you real concern. My colleague Mathieu Doublet has blogged on it previously on 27th April 2011. I also touched on The Bribery Act 2010 (Consequential Amendments) Order 2011 in my blog of 17 June 2011. Section 1 and Section 6 offences lead to automatic debarment. It appears that Section 7 will not lead to automatic debarment, according to the Lord Chancellor, but it remains to be seen how the courts actually treat such offences. In any event, these provisions tend not be very well known but since they may be catastrophic for your business, it would be as well to spend some time educating your staff and other associated persons about them. The severity of the debarment provisions tends to lead to plea bargaining – for example, agreeing to a books and records offence in the US and paying a hefty fine.
- Which brings me on to the fact that there is no books and records offence under the Bribery Act as there is under the FCPA but there is an equivalent provision in the UK in a different statute: Section 386 to 389 of the Companies Act 2006.
- Although the six principles for “adequate procedures” are surely familiar throughout the compliance world generally, in the US a prosecutor would see a proper risk assessment report merely as a mitigating factor to sentencing (rather than as one element of a potential complete defence to the Section 7 offence under the Bribery Act). If you can’t show the prosecutors how you have been through each of the six principles and how you have addressed them properly, then your procedures are unlikely to be seen as adequate and you will then open yourself up to a hefty fine, and the other associated consequences (public procurement debarment, civil suits etc)
- As in the UK, there is no positive obligation on an organisation in the US to undertake a risk assessment. Speaking with many clients over the past year or so since the Bribery Act was passed has alerted us to the fact that many large global companies have never done a proper corruption risk assessment, believing (wrongly) that they don’t really need to do one as “we know the risks of our businesses perfectly well”. Apart from any other reasons, and there are several, it misses the point that you are potentially liable for your “associated persons” under the Act i.e. persons performing services for your organisation who may be external to it. You need also to be able to show how you undertook your risk assessment of them, of the countries they operate in, of the people with whom they interact, of the things they are doing or selling on your behalf, and of the industries they operate in: and, after you have assessed and ranked all these factors, and audited their systems and training programmes, you need to be able to demonstrate that you calculated all these factors and made a proper decision as to whether you deemed them sufficiently high risk to justify additional due diligence, or whether you need to self-report any suspicious behaviour.
- I would say that the biggest problem so far of companies which are trying to get to grips with the compliance regime under the Act is that many if not most are either not doing risk assessment at all or they are not doing it properly. Potentially, if you are a large multi-national, it is a very large undertaking which could take many months or even a year or more to complete. We have noticed from our many conversations with clients and contacts around the world (and also from shared experiences with anticorruption practitioners in other law and accountancy firms) that there seems to be a real issue of a lack of will at board level to spend the resources, combined with a lack of comprehension about how a risk assessment report will actually help you properly appreciate your internal risks and to spend your limited compliance budget appropriately and in a tailored way. This reluctance is even more pronounced in the organisations which are medium sized (and so less well resourced generally) and which sell overseas. Banks, for example, are about to have a whole new layer of regulation and compliance loaded onto them. Hence one often reads of “compliance fatigue”.
Global organisations must of course ensure compliance with all anti-bribery laws that are applicable to the jurisdictions in which the organisation or its associated persons operate. As the Bribery Act has set a very high bar in terms of the law itself, compliance with it will more or less mean that it will act as compliance for other anticorruption laws around the world: it should reduce your exposure to prosecutions in most other countries. But we mustn’t forget that each country may have a myriad of other laws which may also be relevant – e.g. the books and records provisions under the UK Companies Act, as noted above. Companies may find themselves being prosecuted under more than one statute, and indeed in more than one country, simultaneously. We will blog separately in the future on the subject of “double jeopardy” as between different countries. In short, however, it appears that the Serious Fraud Office’s view is be that where the defendant has been convicted by another country for the same set of facts, it will not pursue the same or a similar case against the same defendants: so, whatever the legal position, it is not interested in pursuing the defendant again in the UK if it has been convicted in another jurisdiction.
So, whilst on the face of it the changes which need to be made to ensure that your FCPA compliance programme is also Bribery Act compliant may appear to be minimal at the policy level, in reality the task may be a whole lot larger, depending on how well you undertook your FCPA compliance in the first place. Our partners in the US often say that they never cease to be amazed that decades after the FCPA became law, not all American companies have a compliance programme. The principles in the Government’s Guidance dated 30th March are a good starting point for understanding what needs to be done, although the Guidance doesn’t actually tell you how to go about establishing your programme. We will all learn what the Serious Fraud Office are really expecting to see in a compliance programme as cases start to be brought before the court, and jurisprudence begins to develop. My best guess is that this will be some time from 2012 onwards.