The Bribery Act 2010 (the “Act”) is due to come into force in April 2011. The Act will see the introduction of the new “corporate offence” of having failed to prevent bribery from occurring. The only defence to this strict liability offence will be to demonstrate that the company in question has in place an effective and fully implemented anti-corruption policy and procedures. In order to assist companies prepare for that moment, the U.K. Government has published draft guidance on how companies can ensure that their policies and procedures would be deemed adequate (the “Draft Guidance”). The consultation period on the Draft Guidance is due to close on 8 November 2010. It is expected that the final form of the guidance will be published in January 2011. This Alert seeks to provide an overview of the Draft Guidance, and outlines what steps companies should be taking between now and April 2011.
The “Corporate Offence” and the “Adequate Procedures Defence”
The Act provides that commercial organisations may be criminally liable for failing to prevent bribery (whether offered or received) by persons providing services to the business, including employees, agents and subsidiaries (whether domestic or foreign), as well as joint venture partners. A commercial organization can be caught by this provision if it is a U.K. company or partnership, or if it is incorporated elsewhere but carries on business in the U.K., although it does not have to be the U.K.-connected part of the business that commits the offence for the Act to bite. In practice, therefore, any multinational group which has some connection with the U.K. is exposed to potential liability under the Corporate Offence.
As noted above, the Corporate Offence is strict liability - so claims that any bribery was merely the result of negligence rather than criminal intent will have no relevance. The only defence is, as set out in the Act, to demonstrate that the commercial organisation had in place “adequate procedures designed to prevent the persons associated with the commercial organization from undertaking such conduct”.
Obviously, what might be considered to be adequate is open to interpretation by the courts and regulatory authorities that will enforce the Act. This means that some degree of uncertainty for companies looking to protect themselves by introducing anti-corruption policies and procedures is inevitable. To help address that uncertainty, the U.K. Government committed itself to producing guidance about the type of policies and procedures that could be put in place. The Draft Guidance has now been published and, under an expedited timetable, has been put to consultation.
The Draft Guidance
In the Draft Guidance, it is acknowledged that what is adequate for a small or medium-sized company operating solely in the U.K. might not be adequate for a multinational with operations in countries where bribery is widespread. As such, the Draft Guidance makes it clear up front that it does not seek to provide a prescriptive or definitive statement of what an adequate anti-corruption policy should look like. A one-size fits all approach is simply not appropriate in thesecircumstances. Instead, it aims to provide companies with some basic tools, in the form of six key principles, which they can use when fashioning policies and procedures that are appropriate to the size of the business, and the strength of the corruption risks faced.
Those six principles are:
- risk assessment;
- top-level commitment;
- due diligence;
- clear, practical and accessible policies and procedures;
- effective implementation; and
- monitoring and review.
Each of these are considered in more detail below.
Principle One: Risk Assessment
As noted above, the Draft Guidance indicates that each company should tailor its policies and procedures in light of their likely exposure to bribery and corruption. As such, the first principle when designing an anticorruption policy is to carry out a full risk assessment of the business and the sectors and countries in which it is active. Attention should be paid to the level of understanding and awareness internally, as well as assessing whether particular risks arise from the type of transactions in which the business engages, or based on the entities with which it works. This risk assessment needs to be thorough and should extend to all parts of the company, including any subsidiaries, joint ventures and agents. Those charged with responsibility for the audit should be sufficiently well informed to ensure that the right questions are asked, and the information it generates is processed effectively. It might be possible to make use of any existing internal audit functions, or alternatively, external advisors could be brought in to oversee the review. Having established the level of anti-corruption risk that the company faces, that will inform the scope and structure of the ensuing policies and procedures to ensure that, in accordance with the remaining five principles, those risks are adequately mitigated.
Principle Two: Top-level Commitment
It is considered that for an anti-corruption policy to be truly effective, it must have the vocal and public support of the senior people within the company. From the CEO down, there should be a clear commitment to fair, honest and open business conduct and all should strive to make that endemic to the corporate culture. To that end, in most businesses it will make sense to appoint a senior figure responsible for developing and overseeing the implementation and observance of the anti-corruption policy.
Principle Three: Due Diligence
There is little point in taking steps to put your own house in order if such order can subsequently be undermined by inadvertent transgressions. For that reason, an effective policy will need to incorporate many checks and balances, particularly with regard to ensuring that proper due diligence is carried out with regard to all new business opportunities and partners. For instance, if there appears to be a case to expand the company’s operations into a new territory, before any decision is taken, some thought should be given to the local bribery risks and how they can be countered. Similarly, it makes sense to check that business partners, whether agent, joint venture partner, supplier or distributor, do not have a history of corrupt practices. Indeed, it may become common practice for warranties as to past, and covenants as to future, compliance with bribery laws to form part of the standard contracting process.
Principle Four: Clear, Practical and Accessible Policies and Procedures
Whilst it is important to have the support of senior management for the adopted policies and procedures, the reality is that many instances of bribery will be carried out by those employees responsible for the day-to-day operations of the business. As such, it is essential that all staff be made fully aware of what is, and is not, permitted under the Act, and the potential implications of breach - both for the company and for them as individuals. For that reason, the Draft Guidance firmly advocates that all policies and procedures should be clear, practical and accessible. They should aim to give staff all the informational tools necessary in order to identify and avoid problematic conduct. It should also be made clear how employees can escalate potential issues and, whilst the sanctions for failure to comply with the policy should be set out, so too should the procedure for whistleblowing.
As for the substance of the policies, they should be comprehensive in their coverage of the do’s and do not’s, with particular attention paid to those issues identified in the risk assessment as being of most concern to the business. For most entities, guidelines on what is acceptable in terms of corporate hospitality will be particularly well received, as this is likely to be a difficult area to judge. The Draft Guidance suggests that companies should be satisfied that the purpose of any hospitality, gifts or donations, etc., should be ethically sound and transparent, but this will clearly be a matter of judgment. As such, strong guidelines will help to manage uncertainty and develop a consistent policy. Many companies, however, in certain high risk industries already adopt a zero-tolerance approach to corporate hospitality and, for the sake of simplicity, this may become more widespread.
Principle Five: Effective Implementation
If the first four principles are adhered to, then you will have a fully rounded anti-corruption policy. If you find yourself, however, in front of a judge arguing that it is “adequate” for the purposes of the Adequate Procedures Defence, the scope and breadth of the policy will count for naught if it has not been properly implemented. It is clear from the Draft Guidance that the implementation needs to be an active and dynamic process. It is not enough to simply place the policy documents on the website. A regular training programme should be established, and thought should be given as to how the policy should be reflected in other existing policies and procedures. For instance, to make sanctions for failing to comply effective, an obligation of compliance should be built into employment contracts. Incentive programs for sales teams should be amended to reward employees for foregoing sales in an effort to avoid being drawn into a bribery situation. Furthermore, implementation can not be limited to “top-co”. Effective implementation is required throughout the group as a whole, and all other entities whose conduct might, at some point, implicate the company. Essentially, the cultural commitment to curtail corruption must be translated into a practical solution for the day-to-day operations of the company and all its subsidiaries, partners and agents.
Principle Six: Monitoring and Review
The need for dynamism applies not only to the implementation of the anti-corruption policies and procedures, but also to their ongoing monitoring. A pro-active approach to monitoring the success of the implementation and the effectiveness of the mechanisms used in preventing bribery in practice will be required. For instance, a periodic review of reported bribery incidences should take place in order to identify any hot spots where further action might be required. There may also be a need to update the policies and procedures in light of investigations and prosecutions or when entering new markets or territories. Depending on the size of the business and the strength of the risks it faces, it may also be advisable to have periodic external audits.
Companies now have a six-month window in which to take the necessary steps to design and implement their anti-corruption policies and procedures. Those companies with existing compliance measures can not, however, simply sit back and watch. Most existing policies will have been drafted so as to achieve compliance with the OECD Convention and the US Foreign Corrupt Practices Act. The Act, however, goes much further in scope than either of these, particularly with regard to its application to business-to-business bribery. As such, any existing policies will need a comprehensive review to bring them in line with the Act.
As will have become apparent when reading the above, the Draft Guidance is, in some ways, a bit of a “how to” guide. Rather than stating what an adequate policy should contain, it aims to pose the questions that a business will need to ask itself in order to be satisfied that its policies and procedures are fit for purpose. That approach is reflected in the examples appended to the Draft Guidance which set out scenarios but, rather than explaining what the policy should look like in each case, provide a series of questions that the business should have been asking itself at each stage of the scenario. Whilst this may prove frustrating to those looking for an easy answer and an off-the-shelf policy, it does reflect the fact that one-size fits all simply does not work in this arena. Instead, achieving the standards required under the Act will entail up-front thought, time and effort. If that is invested wisely, then the protection that the policy will afford will more than pay for itself.