The UK Government issued its final form guidance on the Bribery Act 2010 (the “Act”) yesterday. The guidance is not binding on companies but it is intended to explain the scope of the Act and how businesses can establish “adequate procedures” to prevent bribery taking place. The guidance includes case studies and examples of what is, and is not, considered to be bribery within the Act. Separately, the UK prosecutor has issued guidance on how it will decide whether or not to prosecute companies and individuals who breach the Act. The Act will now come into force on 1 July 2011.
The guidance on the Act is reasonably helpful for businesses as it clarifies that unlawful activities undertaken by an overseas parent company will not necessarily trigger liability under the Act if it has a UK-based subsidiary. Companies who are listed on a UK exchange will not necessarily be sufficiently linked with the UK in relation to overseas activities. These were key areas of concern for companies following the draft guidance released in September of last year. The new guidance also clarifies that a reasonable level of corporate hospitality, such as tickets to sporting events, will not ordinarily create a liability under the Act. More lavish hospitality, such as expensed trips, could do so and would need to be assessed proportionately to the intended aim of the hospitality. A suggestion that the trips were intended to unduly influence the recipient, or someone linked to him, would be likely to create a risk for the company.
The head of Transparency International has criticised the new guidance, whilst praising the Act itself. Chandu Krishnan said the guidance has “the effect of undermining the Bribery Act and creating loopholes which companies could exploit to pay bribes.”
Companies now have three months to review the guidance before the Act becomes effective. The Ministry of Justice website (http://www.justice.gov.uk/guidance/bribery.htm) includes a quick start guide for small businesses to explain how the Act will apply. Companies should take the opportunity now to review and, if needed, revise their procedures, implement a code of conduct or anti-corruption policy which deals with preventing bribery by employees and third parties on behalf of the company and implement a training programme for employees.
The Act creates the following offences:
- giving a bribe;
- receiving a bribe;
- bribing a foreign public official; and
- as an organisation, failing to prevent bribery.
The Act states that a “bribe” may be a “financial or other advantage” intended to persuade or reward someone to perform improperly a “function or activity.” It is irrelevant if the bribe is made through a third party, such as an agent. The penalties are potentially significant. An organisation or an individual may be fined an unlimited amount. Individuals may also be imprisoned for up to 10 years. The Act extends to bribes committed anywhere in the world if the organisation conducts business in the UK. This potentially far-reaching jurisdiction is intended to level the playing field for British businesses operating overseas. The new guidance has sought to address some concerns on this point raised by businesses during the consultation on the old draft guidance issued in September 2010. The key points of clarification are:
- companies listed in the UK, with no other business being transacted in the UK, will not be caught by the Act; and
- an overseas parent company will not necessarily be caught by the Act if it has a UK-based subsidiary company, unless the parent otherwise conducts business in the UK or there is some other connection with the UK.
The new guidance also clarifies that corporate hospitality in the nature of sporting events or similar occasions designed to “cement good relations” or “enhance knowledge in the organisation’s field” will not be caught by the Act. The prosecutor will need to show “that the hospitality was intended to induce conduct that amounts to a breach of an expectation that a person will act in good faith”. Clearly lavish or disproportionate hospitality risks being caught by the Act. Most businesses now have corporate hospitality policies and these should be kept under review and routinely monitored.
The scope of “associated persons” is also clarified, with confirmation that an overseas-based joint venture will not necessarily mean any UK-based partners will be caught by the Act if the joint venture itself engages in overseas bribery. Where, however, the joint venture entity conducted unlawful activities pursuant to an arrangement with the UK-based partners, this would mean that the UK partners are likely to be caught by the Act.
Additional liability of “senior officers”
If any of the offences of bribing another person, being bribed or bribing a foreign public official are committed by an organisation, any “senior officer” is guilty of the same offence if he or she has “consented” to or “connived” in the commission of the offence provided that, if the offence is committed outside the UK, he or she has a close connection to the UK. This provision places an obligation on senior officers to ensure that they are not deemed to have consented (explicitly or implicitly) to bribery committed by others. The provision reiterates the need for an organisation’s anticorruption culture to be led from the top (as envisaged in the government’s guidance). A “senior officer” will include a director, manager or similarly senior-level employee.
Contrasting the Act with the FCPA
Many U.S. companies and businesses are already familiar with the requirements of the FCPA and used to ensuring that their policies and practices meet those requirements. Compliance with U.S. law will not, however, necessarily ensure compliance with the Act.
The Act is broader than the FCPA in the following respects:
- not only does the Act apply to bribery of public officials but also bribery of private citizens, unlike the FCPA (individual commercial bribery is generally covered by state law in the U.S.);
- there is no defence for facilitation payments in the Act, unlike under the FCPA. This has been re-confirmed in the new guidance and the prosecutor has issued separate guidance on how these offences are likely to be prosecuted. Small payments which are not made routinely are unlikely to be prosecuted;
- the FCPA does not contain an equivalent to the corporate offence for failing to prevent bribery, although it does include provisions relating to the keeping of books and records that accurately reflect business transactions and to the maintenance of effective internal controls, similar to corporate requirements in the UK; and
- there is no need to prove “corrupt” intention under the Act, as there is under the FCPA.
It will, therefore, be necessary for organisations with a connection to the UK comply with the Act, in addition to applicable U.S. requirements. Given that a connection will be established simply by having a place of business in the UK, even if the organisation’s main activities are carried on elsewhere, many businesses will be caught by the Act.
The six principles informing whether a business has adequate procedures to prevent bribery taking place are set out in the new guidance. They are broadly similar to the principles set out in the old guidance. It will not be impossible to establish the defence to the crime of failing to prevent bribery if any or all of the principles are not followed. Similarly, following all six principles will not necessarily be sufficient to establish the defence. Whether or not the defence can be established will depend on the nature of the bribery risk, the business and the particular situation.
- Proportionate procedures
Organisations with comprehensive, practical and accessible policies and procedures dealing with acceptable levels of gifts and hospitality, prohibiting bribery and dealing with reporting any requests for bribes to a senior manager are likely to be in a better position to establish the defence than those without any procedures at all. The policies and procedures should be proportionate to the bribery risks faced by the business. They should contain a clear prohibition of all forms of bribery and a strategy for incorporating this prohibition into the decision-making process of the business. The procedures should also deal with enforcement and making confidential reports about suspected bribery. Guidance on making political or charitable contributions, gifts, hospitality or promotional expenses to ensure that the purposes of such expenditure are ethically sound and transparent is also likely to be helpful.
- Top-level commitment
As it is believed that board members are best placed to foster a culture of integrity, where bribery is unacceptable within the organisation, anti-corruption should be led by a board director. Effective demonstrations of this top-level commitment are likely to include the following:
- a statement of commitment to counter bribery in all parts of the organisation and to adopt a zero-tolerance policy towards bribery and set out the consequences of breaching the Act for employees; and
- the personal involvement of a board director in developing a code of conduct and the policies and procedures.
- Risk assessment
What constitutes an adequate risk assessment will depend on the size of the organisation, its activities, its customers and the markets in which it operates. As organisations evolve, they should give adequate resources to the ongoing assessment and mitigation of bribery risks. A business with greater knowledge of its bribery risks is likely to have more effective procedures and conduct greater efforts to prevent bribery. Due diligence, dealt with below, is one aspect of risk assessment. Other aspects include management oversight of the risk assessment, appropriate resourcing and support and information on the risks.
- Due diligence
Organisations need to know with whom they are doing business if their risk assessment and mitigation procedures are to be effective. Specific enquiries may be required depending on the jurisdiction, the nature of the business opportunity and the third party involved. Diligence should be proportionate to the risk assessment.
- Communication and training
Internal and external communication of bribery prevention policies and procedures is likely to help prevent bribery, especially where the penalty for breaching the policies and procedures (e.g., disciplinary action, including possible dismissal) is communicated to all employees. Training on these procedures is likely to ensure awareness and understanding of them.
- Monitoring and review
Organisations should consider what internal checks and balances are needed to monitor and review anti-bribery policies. In smaller organisations, this might include effective financial and auditing controls that pick up potential and actual irregularities, combined, perhaps, with a means by which the comments of employees and key business partners are incorporated into the continuing improvement of anti-bribery policies. In larger organisations, this may include periodically reporting the result of such reviews to the audit committee or the board of directors.
Companies using third party suppliers are expected to consider requiring sub-contractors to have in place similar bribery prevention procedures as apply to the organisation subject to the Act. In practice, this is likely to be difficulty to impose on small businesses overseas with limited rights of audit.
Good practice guidelines
Organisations should review their internal procedures to ensure they can rely on the “adequate procedures” defence to prevent bribery. The size and geographical extent of the organisation will determine what is or is not “adequate.” Business should consider the following good practice guidelines:
- put in place a clear ethics code or anti-corruption statement, applicable to all organisations operating in the UK (if not globally), issued by the managing director or chief executive officer of the organisation;
- develop a gifts and hospitality policy, requiring employees to seek approval for gifts or hospitality above a specified threshold, and monitor the reports submitted by employees for approval; approvals should be given or refused in a consistent manner;
- require all employees to abide by a code of ethics, prohibiting bribery in any form, and make any breach of the policy an act of gross misconduct which can lead to immediate dismissal;
- consider obtaining pre-employment screening reports before employees are hired;
- set up a compliance function, ideally within the legal function, with a senior officer or board director responsible for compliance and anti-corruption responsibilities;
- allow employees to blow the whistle on bribery offenders in a confidential and protected manner (whether or not via a formal hotline, bearing in mind there are data protection rules to comply with when implementing hotlines in Europe);
- investigate all allegations of bribery quickly and consistently; any disciplinary action taken against employees suspected of bribery should be carried out promptly, after investigation, with consistent sanctions for unlawful conduct;
- undertake diligence on agents, consultants, distributors and new business partners (including joint venture companies and new company acquisitions); include anti-corruption obligations, immediate termination rights for breach of these provisions and indemnities against liabilities incurred by the business in all contracts with third parties;
- have adequate audits of financial transactions and internal financial controls to highlight suspicious transactions; and
- train all employees on anti-corruption policies on a regular basis.