In our August 2010 client memorandum (http://www.srz.com/082610_Bribery_Act_2010/), we assessed the implications of the UK’s new Bribery Act 2010 (the “Act”) for organisations doing business in or from the UK. We noted that of particular significance to commercial organisations is the creation of a new strict liability criminal offence for failure to prevent bribery by a person associated with the organisation. The only defence is for the organisation to prove that it had in place “adequate procedures” to prevent such payments from occurring. The UK Ministry of Justice has recently published draft guidance (the "Guidance")1 on the content of these “adequate procedures,” and will be soliciting comments and responses to the Guidance until 8 November 2010. The final Guidance is expected early in 2011 and the Act will become effective in April 2011.
The Draft Guidance
The Guidance contains six general principles for organisations to bear in mind when formulating procedures to prevent bribery. The principles will apply across all business sectors and all types and sizes of business. However, the Guidance is merely generic; it does not set standards or prescribe specific obligations. Organisations should use the Guidance to design their own tailored policies and procedures in a manner proportionate to the nature, scale and complexity of their activities. An organisation’s policies and procedures must be tailored to its activities and comply with the spirit of the Guidance in order for that organisation to have instituted “adequate procedures” to serve as a defence to the new strict liability offence, should the need ever arise.
Organisations that are not subject to the Act may also find the Guidance useful, as the advice that it provides on crafting anti-bribery compliance programmes may also be relevant for those seeking to comply with anti-bribery statutes in other jurisdictions, such as the United States Foreign Corrupt Practices Act of 1977 (“FCPA”). While the Act and the FCPA are different in certain key regards2, many of the same concerns drive both statutes. Although a rigorous anti-bribery compliance programme will not provide a defence to corporate liability under the FCPA (as it will under the Act), such programmes reduce the likelihood of acts of bribery and also can serve to mitigate the severity of any penalty imposed under the FCPA.
In the following paragraphs, we summarise the key elements of the principles in the draft Guidance which the UK Ministry of Justice recommends that organisations’ anti-bribery procedures and policies should contain.
Principle 1 — Risk Assessment
Organisations should keep up to date with bribery risks faced in their specific sector and those markets in which the organisation operates. Consideration should be given to:
- Whether those individuals charged with carrying out a risk assessment are themselves sufficiently skilled and equipped to do so;
- How best to carry out a risk assessment; and
- Key bribery risks such as country-specific risks, transaction risks and business partner risks.
Principle 2 — Top Level Commitment
Senior management should take a lead role in fostering across the organisation a culture in which bribery is unacceptable. This message should be conveyed clearly, unambiguously and regularly to all staff and business partners and may be made public. Organisations should adopt a public statement of commitment stating that management intends to have no tolerance for bribery throughout the organisation.
Maintenance of a clear top-level commitment to anti-bribery policies may be assisted by the appointment of a senior manager to oversee the development of an anti-bribery programme and to ensure its effective implementation throughout the organisation.
Principle 3 — Due Diligence
Organisations should clearly know with whom they are doing business. Adequate due diligence should include all necessary enquiries to ensure that business relationships are transparent and ethical. Enquiries should also assess the risk of bribery in a particular country in which an organisation is seeking a business relationship as well as the reputation of individuals or organisations involved in key decisions related to the business opportunity, including all joint venture partners.
Principle 4 — Clear, Practical and Accessible Policies and Procedures
Anti-bribery policies and procedures should be applied to all employees and business partners under an organisation’s effective control. They should cover all relevant risks and could include:
- A clear prohibition of all forms of bribery, including a strategy for building this prohibition into the decision-making processes of the organisation;
- Guidance on making, directly or indirectly, political and charitable contributions, as well as giving gifts, and guidance on appropriate levels and the manner of providing hospitality or promotions to ensure that the purposes of such expenditures are ethically sound and transparent;
- Advice on relevant laws and regulations;
- Guidance on what action should be taken when faced with blackmail or extortion, including a clear escalation process;
- The organisation’s level of commitment to the UK’s Public Interest Disclosure Act 1998 (the UK employment law protection for whistle blowers) and an explanation of the process; and
- Information on anti-corruption programmes relevant to the business sector in which the specific organisation operates.
Organisations may also consider putting in place procedures to deal with any incidents of bribery in a prompt, consistent and appropriate manner. This could include designating a senior manager to oversee the organisation’s response and to consider whether to refer the matter to the authorities. There may need to be oversight of the sanctions process and a communications strategy to reassure investors, employees, customers, business partners and others exposed to the consequences of the incident.
Principle 5 — Effective Implementation
Anti-bribery policies should be embedded throughout the organisation. It is not sufficient for policies and procedures simply to be written into a policy book and then ignored; they should be implemented through the allocation of roles and responsibilities and by setting milestones for delivery and review. Larger organisations may establish a more detailed implementation strategy that addresses responsibility for implementation, the nature of employee training, the arrangements for monitoring compliance, and a clear statement of the penalties for breaches of the policies.
Principle 6 — Monitoring and Review
Anti-bribery policies and procedures will require monitoring and adaptation to changing circumstances or in response to any incidents involving bribery in order to remain effective. Organisations should consider what internal checks and balances are needed to monitor and review anti-bribery policies.
Smaller organisations should consider financial and auditing controls to pick up potential and actual irregularities, combined perhaps with a means by which the views and comments of employees and key business partners are incorporated into the continuing improvement of anti-bribery policies.
Larger organisations should consider financial monitoring, bribery reporting and incident management procedures. Large organisations also may wish, for example, to consider periodically reporting the result of such reviews to the organisation’s audit committee, board of directors or equivalent body which may then wish to make an independent assessment of the adequacy of anti-bribery policies and disclose its findings and recommendations for improvement in the organisation’s annual report to shareholders.
The Guidance also contains a set of “illustrative scenarios” intended to aid commercial organisations in deciding what procedures to implement to prevent bribery by employees. These scenarios are not part of the Guidance itself and the Ministry of Justice makes clear that these hypothetical fact patterns and the related analysis are not intended to provide an exhaustive or prescriptive list of recommended steps. At the same time, it would seem wise for organisations to take these scenarios into account when preparing internal anti-bribery policies.
The five scenarios address the following types of common bribery-related issues:
- Use of intermediaries and agents;
- Hospitality and promotional expenditure;
- Business partners, such as joint ventures;
- Facilitation payments (which are prohibited by the Act, although permitted in certain circumstances under the U.S. Foreign Corrupt Practices Act3); and
- Political and charitable donations.
Each of these scenarios is assessed in light of the six principles laid out in the Guidance.
It should be noted that the Guidance, even when finalised by the Ministry of Justice, will not be definitive; the question as to whether an organisation has adequate procedures in place to satisfy the defence to the UK’s new strict liability criminal offence will only ever be able to be resolved if or when the organisation invokes the defence – with the assessment being made by the courts on a case-by-case basis. However, an organisation that uses the Guidance to design its own tailored anti-bribery policies and procedures is more likely to adopt “adequate procedures” that will satisfy the regulators and serve as a defence, should the need ever arise.
Organisations should therefore compare their own anti-bribery policies and procedures with the principles set out in the Guidance and make any necessary changes. This exercise should also be undertaken in early 2011 in light of the finalised Guidance (about which we intend to publish a further updated Alert).