The recent decision in R v Skansen Interiors Ltd is the first time the adequate procedures defence has been mounted in a contested trial and highlights how far you must go to demonstrate reasonable procedures to prevent tax evasion/bribery
Under the Bribery Act 2010 an "adequate procedures" defence is provided for the offence of failure to prevent bribery by commercial organisations. A similar defence of having "reasonable prevention procedures" is provided under the prevention of tax evasion offences created by the Criminal Finances Act 2017.
Background of the case
Skansen, a small company which was part of a group employing less than 30 people and operating out of premises smaller than the Courtroom where trial took place, discovered that its former MD had paid bribes to secure contracts.
The company self-reported to the NCA and the police. A Deferred Prosecution Agreement was ruled out because the company was dormant and had no assets to pay a fine, a prosecution was nevertheless considered to be in the public interest for “deterrence” reasons despite the business meeting many of the public interest factors against prosecution. It is unclear how a conviction of a company that cannot pay a fine deters offending. This does however fit the pattern of Bribery Act prosecutions, where prosecutions of smaller organisations are used to develop case law.
The company pleaded not guilty, relying on the adequate procedures defence. It argued that its size, open office environment, narrowly geographically focused business, policies requiring ethical and honest behaviour, and financial controls which identified and stopped the largest payment, comprised adequate procedures. Witnesses accepted that they knew not to pay bribes and did not require a policy to communicate this to them.
Despite this the company was convicted by a jury. Jury deliberations are not published, however the issues focused on by the prosecution illustrate what a company will need to demonstrate to hope to secure an acquittal:-
- Contemporaneous records of steps taken to communicate compliance requirements
- Evidence of specific steps taken following the introduction of the offence
- The lack of a specific policy to address the risk
- Post-accident changes to introduce a policy and improve procedures as evidence of previous “inadequacy”
- Evidence of monitoring to ensure staff had actually read and understood relevant policies and procedures
- Evidence of steps taken to communicate policies to staff and to train them to ensure compliance, particularly significant legal changes and updates
- There are a number of important learning points from this case.
- Lack of a compliance officer to ensure implementation and compliance
- Even for a small company where offending was historic in nature the decision on whether or not to prosecute focused on the absence of adequate procedures.The larger the organisation the more effort will have to be expended to convince a regulator of the adequacy of procedures.
- Despite the company’s small size the threshold for compliance remained high.It is not enough to have policies and procedures without evidence of communication and implementation.
- It is essential to have specific, tailored policies that identify the risk being addressed which are frequently reviewed and updated.Here the lack of a specific bribery policy was a significant omission undermining the defence.
- The ability to demonstrate control measures and produce documentary evidence of their implementation is critical – it will not, for example, be enough to have policies accessible on an intranet.The prosecution focused on the lack of evidence that the company’s employees had seen or been trained to understand and implement its policies.
- In addition to documentary evidence there will be a focus on organisational culture.It is common in regulatory investigations for employees to be interviewed by the authorities.If they suggest the organisation only pays lip service to its written processes this will undermine any defence.
- Self-reporting is a factor against prosecution but is not a guarantee that enforcement action will not ensue or that a deferred prosecution agreement will be offered.
To make out a meaningful defence a company must demonstrate board level awareness and input, checks to ensure and implement compliance, regular training and competency assessments, and regular and reactive review of procedures and compliance generally.
A company has less effective oversight of the activities of third parties. It is therefore essential to consider the categories of “associated persons” the organisation deals with and the risk this generates.
Examples of Prevention Procedures
Remember the focus of the prosecution was on the existence of documented evidence of the existence, implementation of, and checks on the efficacy of, procedures. Examples of actions you can take to improve your procedures include:-
- Conduct risk assessments both generally and on a transactional basis by country, sector, transaction, business opportunity and business partnership (i.e. high value projects, specific categories of intermediaries), and product risk.
- Keep and maintain a record of your risk assessment – this will be a key factor in any decision to prosecute and any subsequent defence.
- Consider whether to terminate or limit certain high risk relationships or arrangements.
- Where business is conducted outside the UK, ensure that the risks of corruption are addressed for all overseas branches.
- Check whether appropriate resources are being allocated to detecting and monitoring the risk of corruption, and individuals tasked with the role have sufficient competence and standing within the company.
- Review the services provided on the company’s behalf by third parties.
- Prepare a specific policy to address the risks identified.
- Ensure policies are communicated to all staff and associated persons and training provided.
- Ensure engagement of senior management.
- Monitor and enforce compliance with procedures with both staff and associated persons.
- Ensure procedures are in place for staff and associated persons to report concerns.
Organisations must remember that the onus is on them to demonstrate adequate procedures. Having procedures not only reduces the risk of offending, it is also explicitly recognised as a factor mitigating the risk that enforcement action will be taken following a self-report. As such its importance cannot be overstated.