On 7 October 2010, the UK Ministry of Justice clarified its draft guidance on the new UK anti-bribery legislation and how it is likely to be enforced. The Bribery Act 2010 (the "Act"), passed through the House of Commons in April 2010, received Royal Assent the same day and is now law. It will come into force in April 2011. The new legislation has been called the "toughest enforcement standard in the world."
Many US and other global companies with UK operations have taken note of the Bribery Act 2010 because the new law applies—not only to UK businesses—but also to the UK subsidiaries of non-UK companies, employees who reside in the UK and others based on actions they take while in the UK.
Bribery Act 2010
The new UK bribery legislation replaces UK legislation stretching back to 1889. It has a number of stringent new features, including:
- Increased penalties of up to 10 years in jail and unlimited fines for individuals, companies and partnerships (contrasted with five years' maximum jail term under the US's Foreign Corrupt Practices Act, or "FCPA");
- The banning of bribes to both public and private officials;
- A new offense of failure to prevent bribery;
- A ban on facilitation payments; and
- Two general offenses covering the offering, promising or giving of an advantage, as well as requesting, agreeing to receive or accepting an advantage.
The new UK legislation applies to:
- UK corporate entities, even if they are foreign-owned;
- British citizens;
- Individuals who ordinarily reside in the UK; and
- Non-UK nationals and entities if an act or omission forming part of the offense takes place within the UK.
Perhaps the most significant way in which the Act alters the international anticorruption landscape is with the new offense of failure to prevent bribery. This is contained in section 7 of the Act. This is a strict liability offense, although a defense would be available if "adequate procedures" were in place to prevent bribery from happening. The burden of proof is therefore on the defendant, not the prosecution. The consultation process on the defense started in September 2010, with the final guidance expected early in 2011. At the same time, prosecutorial guidelines are also expected to be published. Since the UK financial regulator has had a trial run of similar powers in existing legislation in a recent investigation, it is possible to anticipate how prosecutors are thinking. It appears that, to use the defense, entities may want to have:
- An anti-bribery policy that deals with the Bribery Act 2010, rather than one that is only FCPA-based;
- A training regime; and
- A system of receiving and investigating complaints.
Ministry of Justice Consultation
The Ministry of Justice consultation on the Act, in particular, covers how the defense of taking adequate procedures is likely to look. The draft guidance details six principles that are intended to cover all commercial organizations as a starting point for planning, implementing, monitoring and reviewing their anticorruption program. Those principles are:
- Risk assessment
- Top-level commitment
- Due diligence
- Clear, practical and accessible policies and procedures
- Effective implementation
- Monitoring and review
The deadline for responses to the consultation is 5 p.m. on 8 November 2010. Most of these principles are likely to resonate with those organizations that have implemented FCPA-based policies.
The draft guidance states that the risk-assessment process includes the need to assess both internal and external risks. An assessment of external risks should factor in those locations that are perceived to carry with them a higher risk; and it is likely that corruption league tables, such as those produced by Transparency International, may play a role in that process. The risk assessment would also include how business partners, agents and representatives are selected and engaged. This process could potentially lead to data-privacy challenges, given the potential for candidates who have not passed the test to ask for access to their records and details of the process involved. The risk assessment appears to be intimately linked with the due-diligence procedures set out in principle 3.
The fourth principle (clear, practical and accessible policies and procedures) could, in some cases, pose more of a challenge for many US corporations with FCPA-based policies. Some existing policies drift into technical language that, while it may be understood by the board, might not be so readily comprehensible to employees in the field whose first language is not English. The draft guidance clarifies that the policy should be understood by the whole workforce and other parties who interact with the corporation, and not just senior management, and compliance and legal professionals. The fourth principle includes an obligation that policies are "clear, practical, accessible and enforceable." This may entail organizations redrafting policies to make them clearer, more concise and tailored to their businesses, rather than following standard and lengthy templates. The guidance states that policies should pay particular attention to vulnerable areas of the business, such as procurement and the supply chain. The policy should also include details of how to react to blackmail or extortion—again something which is not found in many FCPA-based policies. At the 7 October meeting, the Ministry of Justice said that, in addition to meeting the standards of the defense, a policy should also be regularly reviewed.
The issue of reporting lines for poor conduct can also be problematic in Europe, with a number of legislative restrictions on the scope of those systems. There have already been cases where the subjects of an internal investigation have tried to use their data-privacy rights to suspend or terminate an investigation into their conduct. In some respects, the new UK legislation may make some of these investigations easier since the investigation can be based on UK rather than US law; but significant challenges are likely to remain.
What Are the Main Issues with Most FCPA-Based Policies?
Pending the guidance, the Bribery Act appears to pose significant challenges for multinational corporations that previously followed an FCPA-focused compliance strategy. Given that the UK Act effectively reverses the burden of proof—making companies show that they took adequate measures to prevent bribery rather than making the prosecution prove that they did not—even the best anticorruption policies may warrant review. There are three key issues:
- The UK's position on hospitality is likely to be tougher than that of the FCPA. The parliamentary debate indicated that corporate entertaining falls within the ambit of the Act, while many FCPA-based policies permit employees to accept or offer hospitality, sometimes up to maximum financial limits. Pending further UK guidance, this may be risky. The draft guidance states that hospitality is fully within the ambit of the new law, saying "Hospitality and promotional expenditure can be employed improperly and illegally as a bribe." The draft guidance appears to offer some comfort for those hosting "reasonable and proportionate hospitality. . . to improve the image of a commercial organisation, better to present products and services, or establish cordial relations." At the 7 October meeting, the Ministry of Justice said they wanted the new Act to trigger a review within companies of their hospitality standards.
- Facilitation payments are banned under UK legislation, but are often allowed in existing anti-bribery policies, again sometimes subject to a set monetary limit. Policies may have to recognize this or riders may need to be sent to all employees who might fall under the UK Act.
- Many FCPA-based policies are designed to cover bribes to foreign public officials, and some repeat the definition given in the FCPA. That policy may be risky, as bribing a US official would be an offense under the UK legislation, and as previously stated, the UK legislation also covers private corruption.
Stepping Up Enforcement
The new legislation in the UK is set against a rising tide of enforcement. UK authorities have already been involved in significant investigations this year, including joint investigations with the US authorities and joint prosecutions of both BAE Systems and Innospec. International enforcement appears to be high on the agenda. The UK Ministry of Justice's introduction to the Bribery Act states, "The Bribery Act reforms the criminal law to provide a new, modern and comprehensive scheme of bribery offences that will enable courts and prosecutors to respond more effectively to bribery at home or abroad."
There is growing public pressure on governments around the world to police the activities of corporations doing business in their countries. Investigations in the last 12 months or so have featured more than 40 countries.
The next six months are likely to see more of the same. In the United States, an additional 150 investigations are reportedly under way. On 7 October, a Ministry of Justice official confirmed that around 30 UK-based investigations had been set in motion. The number of US Securities and Exchange Commission investigations is likely to increase given new US legislation—the Dodd-Frank Wall Street Reform and Consumer Protection Act—which passed in July 2010 and gives employees, business partners or competitors a share of the penalty when they blow the whistle on a company's corruption. Besides the full effect of the UK legislation, new activity in other countries is anticipated. At a meeting held in London in July 2010, the Indian Minister of Law and Justice, Veerappa Moily, said his government was keen to protect whistleblowers to increase the reporting of corruption and that new anticorruption legislation would be introduced in India "within eight or nine months."
What Steps Should Businesses Consider Taking Now?
In the short term, businesses may want to take a number of steps to improve their compliance. Those steps may include the following:
- 1.Review any existing FCPA-based policy and amend it or issue clarifications for employees under the Act—not just UK-based employees. Look especially at hospitality.
- 2.Train employees on the new legislation and the steps the corporation is taking to deal with it.
- 3.Do proper due diligence on the entities entering into contracts, procuring business, etc., and on the people with whom they work.
When the new guidance takes shape, more long-term measures may be needed to deal with the increased compliance responsibilities. However, it should be possible to build on rather than simply repeat the work already done.