On 20 May BHP Billiton agreed to pay ‎a $25m civil penalty to settle the SEC’s charges that it had breached the US Foreign Corrupt Practices Act. It would appear that no criminal action will be pursued by the US Department of Justice. However, the SEC’s civil enforcement action is a timely reminder that compliance with anti-corruption legislation, particularly for natural resources companies, requires more than a “tick the box” approach.

Tick the box approach insufficient

BHP was an official sponsor of the 2008 Olympics in Beijing. According to the SEC’s findings, BHP invited 176 government officials and employees of state owned entities to the games, with flight, ticket and accommodation packages valued between $12,000 and $16,000. Whilst BHP recognised that these invitations created a heightened risk of violating anti-corruption laws, the SEC found that it had failed to implement sufficient internal controls to address that heightened risk. In order to invite a guest, business managers were required to complete a hospitality application form, however according to the SEC BHP failed to:

  • provide adequate training to its employees to help them recognise and address bribery risks;
  • communicate that no one outside that business unit would be reviewing or approving each invitation; or
  • implement procedures to ensure the meaningful preparation, review and approval of the invitations.

As a result of these failings, it was noted that BHP repeatedly extended invitations to officials who were involved in pending contract negotiations or regulatory dealings affecting BHP.

Implementing proper procedures and monitoring the operation of these procedures is essential

Natural resources companies are often approached for hospitality for public officials and their spouses, particularly around industry conferences and other international events. Companies need to carefully scrutinise and manage the risks around this type of expenditure, particularly at a time when there are pending contract negotiations or regulatory dealings.  Any expenditure on public officials (or those connected to them) which is purely in the form of entertainment or hospitality is very high risk in the current enforcement environment. However, under the FCPA there is a recognised “safe harbour” for bona fide and reasonable expenditure on flights or accommodation that has a clear business purpose (e.g. demonstration of products or services, or travel necessary in order to execute a contract).

A properly implemented anti-corruption procedure is required in order to identify whether proposed expenditure is permissible or not, and to create an audit trail to defend the business purpose of any such expenditure. There may be other ways to manage the risk or benchmark your company’s approach, for example via liaison with local chambers of mines or similar associations. The SEC action highlights that companies subject to the FCPA need to have measures in place and also need to review and calibrate the operation of these measures on a regular basis.  This applies equally to companies subject to the UK Bribery Act – indeed it is even more crucial under the Bribery Act, as there is no statutory “safe harbour” in the Bribery Act for expenditure on public officials as there is in the FCPA.

Anti-corruption is a global concern and enforcement is on the rise

The BHP hospitality in 2008 pre dates the coming into force of the Bribery Act.  However, the Act applies to any transaction or activity that occurred since 1 July 2011 and it is extremely extra-territorial in its reach.  In addition, ‎in its press release, the SEC thanked the US Department of Justice’s Fraud Section, the FBI and the Australian Federal Police which highlights that various domestic and international agencies routinely cooperate to investigate alleged bribery in international business.

Managing the risk effectively

As this action demonstrates, for natural resources companies to effectively manage bribery risks their anti-corruption policies and procedures must be appropriately tailored to the specific risks facing the company. Furthermore, a business must also take due care to ensure that its policies and procedures are adhered to in practice, through a continuous dialogue with employees, regular (and where appropriate bespoke) training and by implementing and maintaining effective controls.