The UK Secretary of State for Justice, Kenneth Clarke, released earlier this week the long-awaited guidance for commercial organisations regarding compliance with section 7 of the UK Bribery Act 2010 (the "Bribery Act"). The Bribery Act will now come into force on 1 July 2011. The guidance explains the policy principles behind section 7. It is intended to assist relevant commercial organisations of all sizes and sectors in understanding what sorts of procedures should be put in place, well before that date, to prevent acts of bribery being committed by "associated persons" (including agents and third parties acting on their behalf).
Offence: Failure to Prevent Bribery
Under the Bribery Act, the term "relevant commercial organisations" includes not only companies incorporated in the UK, but also those which carry on their business or "any part of" their business in the UK. If this test is satisfied, then the organisation falls within the jurisdiction of the UK Serious Fraud Office in respect of any acts of bribery committed by it (or by "associated persons"), even if the bribe itself takes place outside of the UK.
Once the Bribery Act is in force, it will be a criminal offence if an organisation fails to prevent relevant acts of bribery, and it could be subject to an unlimited fine. The only defence available would be if the organisation could establish that it had in place "adequate" procedures aimed specifically at bribery prevention.
Defence: The Six Principles
According to the guidance, the procedures that must be put in place by organisations to prevent bribery should be informed by the six principles set out below. The principles are not prescriptive. They are intended to be flexible and "outcome focused," allowing for the wide variety of circumstances in which commercial organisations operate. Small organisations will clearly have to deal with different challenges from those faced by large multi-national enterprises.
The detail of how the organisations will apply these principles will vary, but in each case the result expected will be the establishment and maintenance of effective anti-bribery policies and procedures. As explained in more detail below, bribery prevention procedures should be proportionate to the risks to which an organisation is exposed.
Along with the guidance, the government has published "case studies" (expressly not part of the guidance itself) that are based on hypothetical scenarios and are designed to illustrate the application of the principles to small, medium and large organisations. However, these case studies are not intended to show what procedures are "adequate" in any particular case.
Principle 1: Proportionate Procedures
A commercial organisation’s procedures to prevent bribery by persons associated with it are to be proportionate to the bribery risks that it faces and to the nature, scale and complexity of its activities. The procedures must also be clear, practical, accessible, effectively implemented and enforced.
Further, the organisation’s published anti-bribery policies should include certain common elements, such as:
- a statement of its commitment to bribery prevention (see principle 2);
- details of its approach to the mitigation of specific bribery risks, such as those arising from the conduct of intermediaries and agents, or those associated with hospitality and promotional expenditure, facilitation payments or political and charitable donations or contributions (see principle 3); and
- an overview of its strategy to implement its bribery prevention policies.
Principle 2: Top-level commitment
The top-level management of a commercial organisation (the board of directors or equivalent) must be committed to preventing bribery by persons associated with it. They must foster a culture within the organisation in which bribery is never acceptable.
Whatever the size, structure or market of a commercial organisation, its top-level management commitment to bribery prevention will include (1) clear communication of the organisation’s anti-bribery stance, and (2) an appropriate degree of ongoing involvement in developing bribery prevention procedures.
Principle 3: Risk Assessment
The commercial organisation must assess the nature and extent of its exposure to the potential risks (both external and internal) that bribery may be committed on its behalf by persons associated with it. The assessment must be periodic, informed and documented.
Risk assessment procedures should include but not be limited to:
- oversight of the risk assessment by top level management;
- appropriate resourcing - this should reflect the scale of the organisation’s business and the need to identify and prioritise all relevant risks;
- identification of the internal and external information sources that will enable risk to be assessed and reviewed;
- due diligence enquiries (see principle 4), and
- accurate and appropriate documentation of each risk assessment and its conclusions.
Principle 4: Due Diligence
The commercial organisation must apply due diligence procedures, again taking a proportionate and risk-based approach in respect of persons who perform or will perform services for it or on its behalf (in any jurisdiction), in order to mitigate identified bribery risks.
Due diligence is also an element of good corporate governance and the due diligence related to bribery prevention policies and procedures should form part of a wider due diligence framework.
Principle 5: Communication (including training)
The commercial organisation must ensure that its bribery prevention policies and procedures are embedded and understood at all levels, above all through internal and external communication, including training, that is proportionate to the risks it faces.
This should assist in ensuring more effective monitoring, evaluation and review of bribery prevention procedures.
Principle 6: Monitoring and Review
The commercial organisation must monitor and review procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.
The bribery risks that a commercial organisation faces may change over time, as may the nature and scale of its activities. The procedures required to mitigate those risks are likely to require close monitoring and appropriate adjustment.
Although some meat has been put on the bones offered in the previous draft guidance, it remains the case that the final guidance is not prescriptive and does not offer direction as to what are "adequate" procedures for any particular organisation.
On related issues, the guidance indicates that "genuine" hospitality or similar expenditure that is "reasonable and proportionate" is not intended to be caught, but it does not remove the risk that in a particular case an act of hospitality may be construed as an act of bribery.
The government has also maintained the blanket prohibition on "facilitation payments" (payments to government employees to speed up an administrative process). All organisations must carefully address how their anti-corruption policies and procedures should be tailored to meet the general principles outlined above.