The 'adequate procedures' defence under the Bribery Act 2010 has been tested in the courts for the first time. We examine the case of R v Skansen and set out key practical recommendations.

1. What is the corporate offence of failure to prevent bribery?

The controversial ‘corporate offence’ is contained in Section 7 of the Bribery Act 2010 (the ‘Act’). In summary, a commercial organisation will commit the offence if a person associated with it gives bribes to win it business, or an advantage in business.

Points to note:

  • Wide and extraterritorial application: ‘Commercial organisation’ includes any corporate or partnership with all or part of its business in the UK. This includes overseas businesses with operations in the UK.
  • Associated persons: This is also widely defined. It includes any person that performs services for or on behalf of the commercial organisation e.g example, employees, agents, contractors and subsidiaries.
  • Strict liability: There is no requirement of ‘fault’ on the part of the commercial organisation. It does not matter therefore that the senior management in the commercial organisation did not participate in, know about or even suspect that persons associated with the business were giving bribes.
  • Penalties: Convicted organisations may be subject to a potentially unlimited fine and disbarment from public procurement tenders.
  • The (only) defence: It will be a defence for the commercial organisation to demonstrate that it had in place ‘adequate procedures’ to prevent its associated persons from giving bribes.

2. What is the ‘adequate procedures’ defence?

The Act is silent on the meaning of ‘adequate procedures.’ The Ministry of Justice has published guidance on the principles that should underpin a commercial organisation’s adequate procedures; however, the defence has been untested in the courts, until now.

The recent case of R v Skansen provides the first indication on what a jury will find (or perhaps not find) to constitute adequate procedures.

3. What did R v Skansen say about ‘adequate procedures’?

Facts

In summary:

  • Skansen Interiors Limited (‘Skansen’), a refurbishment contractor, was invited by DTZ Debenham Tie Leung (‘DTZ’) to tender for two refurbishment contracts. During the tender process, a senior employee of DTZ passed information to Skansen that provided it with an advantage over other tenderers and informed his colleagues that Skansen would be the preferred contractor.
  • Skansen won the two refurbishment contracts and made two payments to the DTZ employee amounting to £10,000. A third payment of £29,000 was also offered but was ultimately never paid. The first two payments to the DTZ employee were made to a separate company that had not provided any services to Skansen. The management board approved the invoices for the payments.
  • Skansen appointed a new CEO in 2014. The CEO was requested to make the third payment of £29,000 to the DTZ employee. However:
    • the CEO had suspicions concerning the legitimacy of the £29,000 payment
    • the £29,000 payment was stopped
    • an internal investigation was instigated
    • a new anti-bribery and corruption policy was established
    • a suspicious activity report was made to the National Crime Agency (NCA)
    • the matter was reported to the City of London Police
    • co-operation was provided to the enforcement authorities.

Despite the above, Skansen was charged with the corporate offence.

The arguments

Skansen pleaded not guilty to the charge. It argued that it had adequate procedures in place to prevent bribery by an associated person. In particular Skansen highlighted:

  • Due to the size of the company and its small open plan office space (apparently smaller than the courtroom) it did not require complex and sophisticated control procedures in order to be deemed to be adequate.
  • Its business operated locally, not internationally. Therefore, less stringent controls were necessary.
  • It was established across the business that staff should not pay bribes. Accordingly, no specific policy was required.
  • A culture of honesty and integrity had been installed in the company.
  • At the time of the bribe, Skansen did have in place policies that required employees to deal with third parties ethically, openly and honestly. One such policy was prominently displayed on the wall of the open plan office.
  • Financial controls were in place allowing Skansen to monitor, approve and settle invoices appropriately.
  • The clause in the contract specifically prohibited bribery and contained a right of termination where bribery had been committed.
  • The third payment was not actually paid to the employee at DTZ due to the adequacy of procedures in place.

The decision

The jury disagreed with Skansen’s arguments and held that the procedures in place were not adequate to prevent bribery. Skansen was therefore convicted.

4. What can I do to help protect my business?

Juries in cases such as R v Skansen are not obligated to provide any reasons on record for their decisions. However, lessons arise from the case in respect of what will (and will not) constitute adequate procedures.

The guilty verdict in R v Skansen shows that commercial organisations cannot avail themselves of the defence solely by doing the following:

  • Acting reactively, once a crisis arises
  • Relying on a change of management to instil a more rigorous approach
  • Relying upon propositions that ‘the staff know not to do it’
  • Relying upon generic ethics policies
  • Making suspicious activity reports to the NCA.

Instead, they must actively design, implement and enforce robust, written procedures ahead of time, taking into account the Ministry of Justice’s guidance. Many businesses will already have procedures in place, and now is a perfect opportunity to review them. Here are some practical steps to assist in that review:

  • Consider proportionality: The procedures must be proportionate and appropriate for the business, taking into account the following factors: exposure to bribery risk (see below), size, sector and geographical scope. Consider whether these factors have changed since the procedures were first drafted, or if they are likely to change soon (e.g. by expanding into a new global region).
  • Evidence of top level commitment: It is imperative that a zero tolerance approach to bribery is disseminated from the top of the business. The senior management must, and must be seen to, lead the business’s drive towards adequate procedures. Easy wins in this regard include:
    • a board resolution committing the business to the approach and endorsing a review of the procedures
    • an all staff memorandum communicating the business's approach and the impending review of the procedures
    • appointing, and properly resourcing, legal and/or compliance personnel who will be responsible for leading the co-ordination and monitoring of the procedures.
  • A written risk assessment: Policies and procedures cannot be designed to deal with bribery risks if those risks are not first understood. Accordingly, an important early task is to ensure that the business conducts a written risk assessment exercise in order to identify the universe of bribery risks across the business. This should address the principal risk areas (e.g. business sector, geographical, business partnership and business opportunity). It should also identify both ‘incoming’ (i.e. receiving e.g. in procurement) and ‘outgoing’ (i.e. giving e.g. sales teams) risks of bribery. The business should then collate the findings into a written risk report. This will be a ‘live’ document, to be amended as risks arise and/or diminish.
  • A written policy, properly communicated: Once the risks have been understood and documented, a written anti-bribery policy can be finalised and disseminated. This should be:
    • communicated by senior management to all staff
    • made readily available in electronic and/or hard copy form
    • distributed to agents or intermediaries acting on behalf of the commercial organisation on at least a risk-based approach.
  • Monitoring and review: The procedures should be reviewed to ensure that they are fit for purpose. This should in most cases be at least annually. A review should also be conducted when there are significant changes in the business, for example entering new sectors, markets or making significant business acquisitions.
  • Training: Training should be provided to all employees, whether in person or on an e-learning/web-based format, covering the basic legal framework, including the key offences and what to do if they suspect wrongdoing.
  • Speak up procedure: Establish a clear, written, independent reporting process in order to enable staff to communicate concerns. Ensure that appropriate protections are put in place for staff that speak up about wrongdoing.
  • Write it down: Paper compliance programmes are insufficient. However, all successful compliance programmes must be in writing. It is vital to keep a file recording in writing the measures carried out pursuant to the above review.