On 30 March 2011 the Ministry of Justice (“MoJ”) issued its final guidance on how companies should prevent bribery under the new UK bribery rules (the “Guidance”).1 Compliance with the Guidance is crucial to reducing the risks associated with the coming into force of the new UK Bribery Act (the “Bribery Act”) and to avoid potentially substantial corporate bribery fines. The practical importance of the Guidance, which interprets and foreshadows the Bribery Act, cannot be overstated as the United Kingdom, once criticised by the Organisation for Economic Co-operation and Development (“OECD”) for its low level of anti-corruption enforcement activity2, is moving rapidly towards “the toughest bribery legislation in the world”.3
Providing a three-month period to adapt to the Guidance, the Bribery Act will come into effect on 1 July 2011. The Bribery Act will not only significantly expand the jurisdictional scope of and grounds for criminal liability in current English anti-corruption law, but also will include a new, strict liability corporate offence of failing to prevent bribery. The strict liability offence will be triggered if a person who is “associated with” a company engages in bribery, intending to obtain or retain a business advantage for that company. To establish a defence to the strict liability offence and minimise the risk of prosecution, companies need to establish that they had in place “adequate procedures” to prevent bribery, which are in essence companies’ main line of defence against criminal liability.4
The Guidance first summarises the main offenses under the Bribery Act and how certain key requirements for a finding of a wrongdoing should be interpreted. It then explains what adequate procedures look like in practice. In addition, the Guidance interprets key provisions of the Bribery Act in relation to more controversial topics, such as associated persons, hospitality and facilitation payments. The Guidance makes it clear at the outset that its aim is to combat bribery in a way that is risk-based, reasonable and not unduly burdensome to companies. The core principal it sets out is proportionality and it stresses the importance of tailoring compliance procedures to the size, location and activities of individual companies.
In relation to foreign companies with UK subsidiaries the Guidance clarifies that the parent company is not automatically subject to UK bribery rules merely because it has a UK subsidiary, since it may act independently from its parent or other group companies. Similarly, members of joint ventures or the joint venture itself, as such, are not liable if a bribe is not directly intended to benefit the members or the joint venture. Rather, it is necessary to establish on a case-by-case basis whether the person paying the bribe was performing services for or on behalf of the joint venture company, or the members, respectively.
- Adequate Procedures to Prevent Bribery
The Guidance is deliberately non-prescriptive or, in the words of the Guidance, “flexible and outcome-focussed” on what it considers to be adequate anti-bribery procedures.5 This statement recognises that there is unlikely to be a “one size fits all” solution to the prevention of bribery in different companies and industries.6 The Guidance provides six general high-level guiding principles (as illustrated in selected case studies)7 upon which companies should base their own specific compliance system. Deviation from the Guidance will not necessarily give rise to a presumption that a company’s compliance measures are inadequate, but companies should be mindful that the onus is on them to prove, on the balance of probabilities, that they have adequate procedures in place.
The Guidance is broadly consistent with global best practice anti-bribery principles such as, for example, those of Transparency International and Global Infrastructure Anti-Corruption Centre (GIACC).8 It is also based on the draft paper on anti-corruption compliance prepared by the GC100, a group of senior legal officers of FTSE 1000 companies.9 However, it remains to be seen how the UK courts and prosecutors10 will interpret the provisions of this new global best practice “gold standard”.
Principle 1: Proportionate Procedures
A key theme of the Guidance is maintaining proportionality between companies’ anti-bribery procedures and their bribery risks viewed in the context of the nature, scale and complexity of their commercial activities. Companies need only implement compliance measures that are proportionate to their respective size and industry.11 It also recognises that an organisation’s level of bribery risks may vary according to the type and nature of the persons associated with it. For example, the use of a third party agent to represent an organisation in negotiations with a foreign public official may create significant bribery risks for that organisation and therefore require more scrutiny and monitoring than relationships with other types of associated entity. As part of the principle of proportionality, an organisation’s anti-bribery procedures should ensure that there is a practical and realistic means of achieving the objectives stated in those procedures. As a general guideline, an organisation is encouraged to address the following in its procedures:
- Its commitment to bribery prevention.
- Its general approach to mitigation of specific bribery risks (i.e., risks associated with intermediaries and agents, political and charitable contributions, facilitation payments, and hospitality and promotional expenditures).
- A summary of its strategy to implement its anti-bribery policies.
- Financial and commercial controls such as adequate bookkeeping, auditing and approval of expenditures.
- Transparency of transactions and disclosure of information.
- Application of the anti-bribery policies to individual projects and different parts of the organisation.
Principle 2: Top-Level Commitment
The Guidance calls for a clear “zero-tolerance” signal from top-level management that bribery is unacceptable. This is colloquially referred to as the “tone from the top”. Communicating this signal can take the form of a formal statement that is made generally available on an organisation internet and/or intranet site. To make this statement effective, companies should periodically draw people’s attention to it and consider including a commitment to carry out business fairly, honestly, openly and articulate the business benefits of rejecting bribery.
Whether such signal will be communicated internally or also to customers and business partners and whether it involves institutional measures, such as the appointment of a compliance officer, training programmes and/or issuance of a code of conduct, will again depend on the company’s size and other factors. A documented approach (for instance, keeping attendance lists for training programmes and records of receipt and review of anti-bribery policies), is helpful to show that adequate procedures have been implemented and are being observed.
While it does suggest spelling out “consequences”, the Guidance gives companies discretion to formulate sanctions an employee would face in case he or she commits bribery. To avoid arbitrary treatment (which might trigger employment claims), a company should devise a consistent sanction system ranging from a simple warning to dismissal, depending on the gravity of the wrongdoing. Sanctions for senior management might also include personal liability.12
Principle 3: Risk Assessment
Any compliance program should be based on an assessment of (external and internal) bribery risks a company might be exposed to in relation to its own group, its customers, and the countries and markets in which it is active. A company’s risk assessment also should evolve with the company’s changing business and bribery risks. For example, the risk assessment applied to a company’s domestic operations may be insufficient when the company enters a new market in a new country.
- Internal risk factors may add to the company’s overall level of bribery risk, for example, a company’s bonus scheme or the absence of compliance policies/training. Companies should take steps to identify particular employees or agents that may be sensitive to bribery using a risk-based approach. In connection with acquisitions, joint ventures, and/or investments, companies need to assess a target’s potential corruption risk. Equally, companies with portfolio affiliates, such as private equity firms, should conduct an assessment in relation to each portfolio company including the degree of association and control exercised over such entities. Commonly encountered internal risk factors include:
- Inadequate employee training, skills and knowledge.
- A bonus culture that rewards excessive risk-taking.
- Lack of clarity in the organisation’s policies, financial controls or top-level commitment to anti-bribery.
- External risk management involves an assessment, individual review and screening of the relevant country, product markets and business partners. It should occur on a transaction-specific basis. Country-specific corruption tables published by international organisations, for instance, Transparency International’s Corruption Perceptions Index13, provide useful guidance. Commonly encountered external risks can be broadly categorised as follows:
- Country risk.
- Sectoral risk.
- Transaction risk.
- Business opportunity risk.
- Business partnership risk.
“Corruption indicators” that help identify internal and external bribery risks include evidence of abnormal cash payments; lavish gifts being received; missing documents or records; unusual payment patterns; and the payment of unusually high commissions. The scope and frequency of the risk assessment will depend, for example, on the relevant company’s size, structure, business operations and places of business.
Principle 4: Due Diligence
A documented due diligence approach, through articulated due diligence policies and risk assessment procedures, will facilitate the establishment of a robust defence vis-à-vis enforcement agencies. Short review intervals also will help to mitigate any fine exposure, not least because fines are typically set by reference to the duration of the infringement.14 Companies need to perform regular reviews of their due diligence policies and procedures and update them to adjust to changing risks. It is important that due diligence and risk assessment procedures are not simply a “tick the box” compliance exercise but rather are carried out in a meaningful way and stress-tested. A company’s due diligence policies and procedures also should cover all parties to a business relationship and all markets in which the company does business. However, priority and resources should initially be directed at riskier areas and business lines.
Organisations will need to carefully consider entering into certain business relationships where, for example, local law or convention dictates the use of local agents if it may be difficult for an organisation to extricate itself from a business relationship once established, or where there is a merger or acquisition involving the organisation. For effective due diligence, a company should consider the following:
- Compiling a suitable questionnaire for potential agents, requiring details of ownership, CVs and references for those involved in performing the proposed service.
- Having a clear statement of the precise nature of the services offered, costs, commissions, fees and the preferred means of remuneration.
- Making enquiries with the relevant authorities in a foreign country to verify the information received in response to the questionnaire.
- Requesting sight or evidence of any potential agent’s own anti-bribery policies.
- Remaining alert to the following key questions:
- Is the agent really required?
- Does the agent have the required expertise?
- Are they interacting with or closely connected to public officials?
- Is what you are proposing to pay reasonable and commercial?
Principle 5: Communication (Including Training)
A company’s anti-bribery policies and procedures (including guidance on sanctions, hospitality and promotional expenditures, decision-making, financial control, facilitation payments, training, charitable and political donations and articulation of management roles) should be comprehensible and take account of all roles within the company and over which the company has control.
The Guidance also suggests that larger companies may consider making general anti-bribery training mandatory for new employees or agents as part of an induction process or requiring all associated persons to undergo training. Convincing foreign business partners to engage in such a commitment may be challenging, whilst it is arguably easier to achieve in connection with setting up a new relationship.
An effective anti-bribery compliance program may preclude liability or reduce penalties.15 It is, therefore, not surprising that the Guidance recommends the establishment of “speak up” procedures, namely secure, confidential and accessible means for internal or external parties to raise concerns about bribery on the part of associated persons, to provide advice and suggestions for improvement of bribery prevention procedures and controls. Whilst the Guidance calls for such internal reporting mechanisms, companies should consider whether and to what extent they should offer incentives to individuals to come forward. Such incentives are vital for an effective anti-bribery programme. At an absolute minimum, however, companies must ensure that there are no disincentives to prevent individuals from coming forward to report bribery (i.e., fear of stigma or retribution). Neither the Bribery Act nor the Guidance foresees a statutory ”reward” scheme (as in the US Dodd-Frank Act) although it is conceivable that whistle-blowers may receive lenient treatment if they have been involved in any wrongdoing.16
Principle 6: Monitoring and Review
Companies must regularly monitor and review their anti-bribery policies and procedures to ensure that they are up-to-date and that they reflect new risks as they arise. For example, sampling exercises can be undertaken to ensure that a company’s anti-bribery policies and procedures are working and effective. Staff surveys, questionnaires and feedback from training can also be an important source of information on effectiveness. Further, the policies and procedures should incorporate lessons learnt from previous incidents of bribery and breaches of the company’s anti-bribery policies such that those policies are updated at regular and frequent intervals to address any perceived failings. Companies may want to review their monitoring processes in response to stimuli such as governmental changes in countries in which they operate, an incident of bribery, or negative press reports. In addition, to bolster assurance of its anti-bribery procedures, a company could consider seeking some form of external verification of the effectiveness of its policies or look to the practices of relevant trade bodies or regulators who highlight examples of good or bad practice in their publications.
- Facilitation payments / hospitality or promotional expenditure
Some of the more controversial areas of the Guidance, and cause for its delay, are the treatment of hospitality and promotional expenditures and facilitation payments.17 A clarification in the Guidance became necessary as the broad language of the Bribery Act was being misconstrued in some quarters as outlawing hospitality.
For payments that facilitate routine Government action (“facilitation payments” or “grease payments”) the Guidance reinforces the wording of the Bribery Act that they are not acceptable – thereby creating a discrepancy with the US Foreign Corrupt Practices Act (FCPA).18 Multinational companies that have based their compliance programmes on the strict wording of the FCPA will have to update their internal guidance accordingly, including training on the Bribery Act.19 In reality, however, companies in both the US and UK have increasingly adopted a zero-tolerance approach to facilitation payments for some time. Compliance need not be overly complex or technical to operate to this new UK “gold standard” and adopting a single comprehensive policy reduces the risks inherent in attempting to balance the competing requirements of different regimes.
In relation to corporate hospitality & promotions the Guidance acknowledges commercial realities and the importance of a company’s image and relations to its business. Therefore, reasonable measures to improve the image of a commercial organisation, e.g., through invitations “to attend a Six Nations match at Twickenham”, “Wimbledon or the Grand Prix” remain unobjectionable. More generally, the Guidance emphasises that “reasonable and proportionate hospitality or promotional expenditure which seeks to improve the image of a commercial organisation, better to present products and services, or establish cordial relations, is recognised as an established and important part of doing business and it is not the intention of the Act to criminalise such behaviour.”20 Beyond value, the main focus in relation to corporate hospitality and promotions is the principle of transparency as to the manner and form in which hospitality is conferred. The Guidance highlights that there must be an intention for a financial or other advantage to influence an official in his or her official role and thereby secure a business advantage. Payment of travel and accommodation costs is unlikely to amount to a financial or other advantage to an official, however, if that cost would otherwise be borne by the relevant foreign government or the official.
As a practical measure, companies should keep records of all their hospitality and promotional expenditures and scrutinise their cumulative impact. Some companies have chosen to operate “points based” self-certification with approval for gifts and expenditures above certain amounts. Deliberations during the enactment of the Bribery Act indicate that reasonable hospitality will be acceptable in a business context, whereas hospitality vis-à-vis foreign public officials will generally be subject to stricter standards.21 The statement in the Guidance “the more lavish ... the greater the inference” of a bribe is only partially of help.22 Obvious red flags include, for example, unnecessary travel trips for family members or where there is no obvious link between the expenditure and the product or service.
- Practical Tips
Companies should not underestimate the implications of the Bribery Act, as its scope and sanctions are significant and its defences limited. The incorporation of adequate anti-bribery compliance procedures is critical. Compliance should be tailored but, at a minimum, companies may consider the following:
- Appoint a Chief Compliance Officer who is responsible for implementation and oversight of compliance with the Bribery Act (as well as anti-bribery laws of other countries) and who regularly reports to the CEO of the company or the Audit Committee of the Board of Directors.
- Ensure that your organisation devotes ongoing resources to assessment and mitigation of bribery risks that evolve according to the business development of the organisation (i.e., entering into a new market or country) and prioritise and give extra scrutiny to high-risk areas, business lines, and relationships. Consider implementing a global policy supplemented at a local level where there are specific risks.
- Publish a clearly articulated statement of commitment to anti-bribery initiatives and involve senior management in creating a culture of ensuring that anti-bribery measures are enforced at every level throughout the organisation. Routinely assess your organisation’s culture to ensure that it is effective at deterring bribery and that individuals are not merely “paying lip-service” to the policy.
- Implement an effective reporting system, such as a “hotline” for directors, officers, employees, agents, business partners and third parties to report suspected violations of the Bribery Act.
- Communicate your organisation’s anti-bribery procedures and policies not only to internal staff but also to subsidiaries, joint venture partners and third parties who act on behalf of the company. Include in all agreements, contracts and contract renewals with all agents and others “associated with” the business, wording aimed to reduce and protect against risks of corruption during the operation of the agreement or contract. Take steps to ensure that such parties include equivalent wording in their own contracts with others. Such protection may take the form of mutual anti-corruption representations and undertakings that each party:
- Will not engage in any activity, practice or conduct which would constitute an offence under the Bribery Act;
- Has and will maintain in place adequate procedures in line with the guidance published by the Secretary of State under section 9 of the Bribery Act, designed to prevent associated persons from undertaking any such conduct;
- Will allow for periodic internal and independent audits of the books and records of each party and its agents and business partners to ensure compliance with the Bribery Act;
- Provide for the termination of the agent or business partners as a result of any breach of the Bribery Act; and
- Will sample and monitor compliance with the Bribery Act.
- Inquire about risks of bribery in countries and companies in which your organisation is seeking new business opportunities and in third parties acting on behalf of the company, and perform screening and investigations of business partners and associates.
- Consider the ways in which existing internal procedures can be tailored for bribery prevention (i.e., auditing controls, disciplinary procedures, employment contracts, and performance appraisals).
- Implement procedures to deal with allegations or incidents of bribery should one arise and designate an appropriate senior-level employee to oversee the process and feed the results of any investigations back into anti-bribery policies to enhance them.
- Consider the use of external, independent reviews to verify the effectiveness of your company’s anti-bribery procedures, which might enhance credibility of those procedures to business partners and maintain confidence.