The federal election interrupted a Senate inquiry into foreign bribery. The Australian Federal Police continue to investigate a number of allegations against Australian companies involving foreign bribery and the prosecutions in the Securency matter remain ongoing.

International efforts to combat foreign bribery continue with the first corporate settlements under the UK Bribery Act and the top ten US Foreign Corrupt Practices Act settlements now exceeding US$4.5 billion, all in recent years.

Top 10 FCPA Settlements









$800 million



Bribes through agents to obtain business globally including in Venezuela, Israel, Greece, Mexico, Bangladesh, Argentina, Vietnam, China, Russia, Iraq [also €395 million plus US$274 million in Germany, €270 million in Greece]



$772 million



Bribes (including through agents) in connection with power and transportation projects globally including in Indonesia, Egypt, Saudi Arabia, Bahamas, Taiwan



$579 million



Bribes to build gas facility in Nigeria


BAE Systems

$400 million



Bribes through agents to obtain sales in Tanzania and Saudi Arabia [also €30 million settlement in UK]


Total SA

$398 million



Bribes through agents for oilfield access in Iran



$398 million



Bribes through agents to obtain and retain telecom business in Uzbekistan [also $398 million in Holland]



$384 million



Bribes through agents to supply alumina to Bahrain


Snamprogetti/ ENI

$365 million



Bribes to build gas facility in Nigeria (joint venture with KBR Halliburton)


Technip SA

$338 million



Bribes to build gas facility in Nigeria (joint venture with KBR Halliburton)


JGC Corporation

$219 million



Bribes to build gas facility in Nigeria (joint venture with KBR Halliburton)

Total $

$4,653 million

Now is the time for Australian directors to ensure their house is in order by ensuring that they have robust compliance programs in place to guard against foreign corrupt practices.

For the director the way forward may seem fraught with difficulty in getting visibility of conduct that may be occurring a long way away from the boardroom. We recommend that as a starting point regard should be had to the UK Bribery Act Principles and the US FCPA Resources Guide in fashioning appropriate procedures.

These materials suggest a robust compliance program should have the following elements.

The right tone at the top

Compliance should begin with the board and senior management as it can expected that employees take their cues from the leaders of the organisation. A culture should thereby be fostered from the top that stresses it is never acceptable to engage in bribery. A high level commitment of the board should be reinforced and implemented by middle managers and employees at all levels of the business.

There should be focus on how success is measured and how, in turn, these measures are communicated internally. For example, a corporation that rewards staff purely for achieving sales targets may create a very different internal culture to a corporation that values and rewards financial performance while at the same time assessing performance based on core values of integrity and honesty in third party dealings.

Procedures proportionate to risks faced and scale and complexity of the organisation

There are three aspects to establishing a proportionate response to the risk of bribery. First, corporations that operate in higher risk jurisdictions or in higher risk industries will generally need to put more fulsome policies in place than corporations confronting lower risk. Second, corporations with a business model that relies heavily on third parties (eg, distributors) should exercise care as to how these entities are retained and monitored. Third, larger organisations will need more prescriptive and formal written procedures to meet the challenge of communicating a consistent set of policies to a large audience. The policies should be clear concise and accessible to all employees and agents. The policies should be available in the local language for employees of foreign subsidiaries.

One practical dilemma which large corporations face is whether policies should be tailored to different parts of the global organisation or be uniform. On the one hand, country or region- specific policies may be seen to be more meaningful as they will be written with regard to specific cultural proclivities and a more relevant set of experiences. On the other hand, different policies can give rise to confusion and a sense that some parts of the organisations operate under a more permissive set of rules.

Policies and procedures embedded and understood throughout the organisation

Policies should be embedded and understood throughout the organisation including through periodic training and certification for all relevant employees and agents. The training should be proportionate to the risks faced and appropriate to the targeted audience, including in appropriate languages, tailored to the role performed by that person and with useful hypothetical examples.

The corporation should also develop procedures to provide employees with ongoing guidance and advice on complying with its policies, including where advice is required urgently in foreign jurisdictions.

While online training programs may assist in achieving these objectives, that type of training is not necessarily sufficient. In high risk jurisdictions, the best results may be achieved by face-to-face, on-the-ground training by compliance/risk managers. First, a combination of written and verbal messaging may prove a more effective means of communication. Second, such an approach may allow employees to better understand the practical issues that may make it difficult to successfully implement the policy and may offer constructive suggestions as to how these issues can be overcome.

Monitoring and review procedures

The corporation should monitor and periodically review its policies and make improvements where necessary. These measures may include employee surveys to test the compliance culture, feedback from training and audits of internal controls. Consideration may also be given to external verification of the effectiveness of the policy and procedures.

Internal controls and investigations

The compliance program should extend throughout the organisation and the program should be structured to provide positive support for the observance of the program. There should be appropriate and clear disciplinary procedures that are applied reliably and promptly for any violation of policy. Ethical and compliant behaviours should be encouraged and rewarded as part of remuneration policies.

The corporation should assign responsibility for the oversight and implementation of its policies to an appropriate senior officer with appropriate authority, adequate autonomy and sufficient resources to devote to compliance based on the corporations size, complexity, industry and the risks confronted. A mechanism should be established to ensure there is an efficient, reliable and proper process for investigation of any allegation of alleged improper behaviour. The response to an investigation should be documented, including creating records of disciplinary and remediation action taken.

A key area for consideration is the value of an effective whistleblowing policy. Whether such a policy is useful depends on at least two things. First, staff should have confidence that the information they give will be appropriately handled. This does not just mean that it will be treated confidentially but also that it will be properly and fairly investigated. Secondly, staff should appropriately incentivised to speak up. Encouraging whistleblowing on the basis that it is in everyone’s interests that the organisation’s values are promoted and its reputation preserved is important, but the possibility of financial incentives should also be considered, particularly in an environment where employees may find it attractive to report to an external whistleblower (ie a regulator) who may pay a reward.

Risk assessment of potential external and internal risks

An assessment should be made of the nature and extent of the external and internal risks of bribery in the relevant jurisdictions in which the corporation operates. The risk assessment should not be one size fits all and should focus on material transactions that may involve the greatest risk of bribery. Consideration of risk should include, for example, the type of risk associated with countries of operation and the particular industry, the nature of the business opportunities that are available, the potential business partners, the level of involvement with government, the amount of government regulation and the degree of exposure to customs and immigration.

That risk assessment should be reviewed on a periodic basis.

Due diligence based on a proportionate and risk based approach

The heightened risks associated with bribery through agents and intermediaries is clear. Policies and procedures should incorporate appropriate due diligence on these third persons. Again, the degree of due diligence should be tailored to a proportionate risk assessment of the circumstances of the arrangement.

First, as part of due diligence the qualifications and associations of the third party should be considered, including business reputation and relationships with government officials. If red flags are raised scrutiny should increase.

Second, the business rationale for the arrangement should be clearly enunciated. Payment terms should be benchmarked against typical terms in that country and industry. Evidence should be sought that the work for which the third party is being paid is being undertaken.

Third, there should be ongoing monitoring of the relationship, possibly including seeking audit rights concerning the activities of the third party and requiring periodic certification of compliance by the third party. The third party should be advised of the corporation’s policies and assurances should be obtained from the third party from the outset of its commitment to those policies.

Acquisition Due Diligence

The conduct of effective bribery due diligence as part of mergers and acquisition activity is considered by the United States regulator to be an integral part of an effective compliance culture. Acquired entities should become subject to the acquiror’s policies and procedures.