The Bribery Act 2010 is due to take effect in the UK in April 2011.
The Act provides that commercial organisations may be criminally liable for failing to prevent bribery (whether offered or received) by persons providing services to the business, including employees, agents and subsidiaries. It is not just UK companies, however, as overseas companies will be caught if they are carrying on business in the UK - so in practice, any multinational group which has some connection with the UK is exposed to potential liability under the Act, irrespective of where the bribery occurred.
Liability is "strict", which means that a company cannot argue they it did not know that bribery was going on within the organisation. In fact, the only defence will be that it put in place "adequate procedures" to prevent the bribery from happening. The key question of what constitutes adequate procedures is not wholly clear, although the UK Government has committed to put in place detailed guidance to help employers. The draft guidance which was recently published envisages the application of six principles:
- a risk assessment;
- top-level commitment from the Board down;
- appropriate due diligence to ascertain which areas need to be looked at;
- clear, practical and accessible policies and procedures;
- effective implementation; and
- monitoring and review.
It is likely in the US that most existing policies will have been drafted to comply with the OECD Convention and the US Foreign Corrupt Practices Act. However, the UK's Bribery Act goes much further in scope than either of these so any existing policies will need a comprehensive review to bring them in line. The way the guidance is drafted also makes it clear that a "one size fits all" approach to implementing adequate policies will not work, so each organisation will need to devise procedures which are relevant and appropriate in the context of its own policies and processes, and take into account how that particular business operates in practice.