On 30 March 2011, the UK's Ministry of Justice published its long-awaited (and repeatedly delayed) Bribery Act 2010 guidance (the "Guidance") on the "adequate procedures" that businesses should implement both to prevent persons associated with them from paying bribes and to qualify for the Act's safe harbour from corporate liability for failure to prevent bribery. The publication of the Guidance follows an extensive public consultation on draft Guidance issued in September 2010.
In tandem with the Ministry of Justice's Guidance, the Director of the UK's Serious Fraud Office and the Director of Public Prosecutions also published on 30 March their Joint Guidance in connection with the prosecution of offences under the Bribery Act (the "Joint Guidance").
Both publications are of great significance to businesses evaluating their compliance programmes in advance of the Act going into effect on 1 July 2011, as they provide valuable insight into the thinking of the government that will have primary responsibility for implementation and enforcement of the Act.
Those who have been following the implementation of the Act will remember that an organisation will be subject to prosecution under section 7 of the Act if a person (including both natural and legal persons) "associated" with it bribes another person intending to obtain or retain business or an advantage in the conduct of business for that organisation. Such an organisation, however, will have a full defence under section 7(2) of the Act if it can show that despite the occurrence of bribery, it had in place "adequate procedures" to prevent persons associated with it from paying these sorts of bribes. Last year's draft Guidance issued by the UK authorities provided only very high-level principles regarding what would qualify as adequate procedures, raising concerns in the business and legal communities about the vagueness and implications of the draft Guidance and the reach of the Act. These include concerns raised by Gibson Dunn attorneys to Richard Alderman, Director of the Serious Fraud Office in two small-group sessions in London and Washington, D.C., in which Mr Alderman candidly answered questions but did not, in large part, offer clear guidelines on important aspects of the statute and its enforcement. The Guidance seeks to develop further the concept of adequate procedures and more clearly specify the scope of liability under the Act as it relates to joint venture or supply chain partners, gifts and hospitality expenditures, facilitation payments, and other important issues. The Guidance therefore represents a step in the right direction in providing businesses with greater clarity as they update their compliance programmes in light of the Act.
The countdown to implementation of the Act has begun, and organisations with an identifiable business presence, such as an office, in the UK need to start evaluating their anti-corruption compliance programmes without further delay. Before 1 July, such organisations should have completed a gap analysis to identify any areas where their relevant policies and procedures may fall short of the high bar set by the Act and further articulated in the Guidance. Such possible "gaps" may arise, for instance, from the Act's criminalisation of facilitation payments and overseas commercial bribery, as well as its approach to third-party liability. Upon identifying aspects of the compliance programme that may fall short of or be incompatible with the new UK anti-bribery regime, businesses should work to implement needed reforms rapidly. Prompt efforts to ensure compliance will both reduce a business' chances of being a target for prosecutorial activity and increase the viability of an adequate procedures defence.
When evaluating their anti-corruption compliance programmes in light of the Act, companies subject to section 7 should pay particular attention to the control environments at their non-UK operations. Remember that the Act can apply broadly to behaviour in jurisdictions outside of the UK, which will more often than not pose greater corruption risks. It is, therefore, important, in addition to emphasising a board-level commitment and assessing corporate-level policies and procedures, to focus evaluative efforts on such overseas activities as well.
We set out below a brief analysis of the key issues addressed in the Guidance and Joint Guidance.
Corporate Hospitality and Promotional Expenditures
The Guidance confirms what Mr Alderman and others have said publicly, that it is not the intention of the Act to criminalise "bona fide hospitality and promotional, or other business expenditure which seeks to improve the image of a commercial organisation, better to present products and services, or establish cordial relations." Rather, to amount to a bribe, there must be an intention for the benefit or advantage "to influence the official in his or her official role . . .". The Guidance adds that there must be a "sufficient connection between the advantage and the intention to influence." It is clear from the Guidance that the Ministry of Justice will allow reasonable and proportionate hospitality and promotional expenditures; however, the law expressly omitted the "improper purpose" test, which applies for benefits given to private citizens, for these expenditures. The Ministry has therefore made much of the necessity of a linkage between the intent to influence and the benefit provided. But to an extent, all business courtesies are provided with an intent to influence the recipient in order to obtain or retain business or a business advantage. It is therefore unclear how this "intention to influence" test will work in practice.
The Ministry did provide some additional guidance on specific types of hospitality expenditures for foreign public officials that would not violate the Act. For example, offering meals or tickets to an event or providing airport-to-hotel transfer services to facilitate an on-site visit is described as "unlikely" to incur liability where such hospitality is commensurate with the reasonable norms for that industry. Therefore, in addition to the value of the hospitality expenditures and whether an intention to influence is inferred from their provision, the "standards or norms" of hospitality in the relevant business sector, and in the relevant geography, are likely to be important considerations for prosecutors determining whether the Act has been breached.
In a case study in an appendix to the Guidance, the Ministry of Justice describes certain additional factors that companies should consider when making hospitality and promotional expenditures. For example, recipients should not be given the impression that they are under an obligation to confer any business advantage in exchange for the expenditures or that their independence will be affected. It may also be advisable to clear the hospitality expenditures with the relevant public body for which the foreign official works, or to require that expenditures over certain limits be approved by a senior level of management.
Jurisdiction Over Foreign Companies
Foreign organisations that "carry on a business or part of a business" in the UK are liable under section 7 of the Act if they fail to prevent bribery, just as a UK company would be. The government says that it will apply a "common sense approach" to jurisdictional questions and expects that the Act will not extend to organisations without a "demonstrable business presence" in the UK.
As anticipated in the press last week, the Guidance suggests that a listing on the London Stock Exchange would not, by itself, be sufficient to qualify a company as carrying on business or part of a business in the UK. The Guidance also offers that having a UK subsidiary will not, in itself, mean that a parent company is carrying on a business in the UK, so long as that subsidiary acts independently of its parent or other group companies. But the Guidance notes that the courts will be the final arbiters of whether a foreign company carries on a business in the UK. As such, businesses potentially exposed should exercise some measure of caution in relying on the Guidance in this regard.
Businesses will also need to monitor their UK-facing activities. An organisation without a "demonstrable business presence" in the UK may come to have one as a result of an increase in its UK activities. The Guidance does not clarify whether other links a company may have to the UK, such as the use of a UK agent or outsourced transactions in the UK, would be sufficient for the company to be "carrying on a business" in the UK.
Third Party Liability
An organisation may be liable under section 7 of the Act if a person who performs services for it or on its behalf (an "associated person") bribes another person with the intent to obtain or retain a business advantage for the organisation. But the fact that an organisation benefits indirectly from a bribe is described in the Guidance as "very unlikely", standing alone, to input liability to the company under the Act. Liability will not accrue through simple corporate ownership or investment, or through the provision of loans to a subsidiary or the payment of dividends to its parent. For example, a bribe on behalf of a subsidiary by one of its employees or agents will not automatically input liability to its parent company or sibling subsidiaries, unless it can be shown that the employee or agent intended to obtain or retain business or a business advantage for the parent company or other subsidiaries.
The Guidance clarifies that suppliers and contractors may be associated persons, but that entities merely reselling goods to the business, without any additional services provided, would not qualify as associated persons. In addition, entities in a supply chain that are not contractual counterparties of a business are less likely to be considered to be performing services for that business (and therefore to qualify as "associated persons"). The Guidance does suggest, though, that a business request that its immediate counterparties adopt a similar compliance approach with their own immediate counterparties.
The existence of a joint venture entity as a separate legal entity will not of itself mean that it is "associated" with any of its members. A bribe paid on behalf of the JV entity by one of its employees or agents will not trigger liability for members of the JV simply by virtue of their benefiting indirectly through their investment or ownership.
As it did in draft form, the Guidance articulates six principles that companies should follow in creating the adequate procedures necessary for companies to avoid liability for corporate failure to prevent bribery. Although the specific six principles differ slightly from those in the draft Guidance, the Guidance maintains a broad, principles-based and non-prescriptive approach. In discussing the principles, the Guidance emphasises adopting bribery prevention procedures that are proportionate to the risks that a business faces. The six principles are as follows:
- Proportionate Procedures -- This principle supplants two principles found in the draft Guidance, "clear, practical and accessible policies and procedures" and "effective implementation". A business' procedures for preventing bribery by persons associated with it should be proportionate to the bribery risks it faces and to the nature, scale, and complexity of the business' activities. A necessary first step in developing these proportionate procedures is an initial risk assessment across the business' operations.
The Guidance recognises that small companies are unlikely to need procedures that are as extensive as those of large multi-nationals, while also acknowledging that the risk faced by a business is not always proportionate to its size. For example, a small company may be able to communicate its policies orally while a large one would need to rely on written communications. However, businesses, large or small, that use third party agents to negotiate with foreign public officials will likely require more substantial procedures than other companies that do not use agents for this purpose.
The Guidance notes that, although organisations should establish procedures addressing a broad range of risks, a court in an individual case will focus only on those procedures designed to prevent the type of bribery at issue in that case. Further, the Guidance observes that applying anti-corruption compliance procedures retrospectively to existing relationships is more difficult than employing them to address new ones. But, according to the Guidance, businesses should nonetheless over time address the corruption risks posed by existing business partners, using a risk-based approach that makes allowance for what is practical under the circumstances.
The Guidance states that anti-bribery policies should address at least (i) the business' "commitment to bribery prevention"; (ii) "its general approach to mitigation of specific bribery risks"; and (iii) "an overview of its strategy to implement" its policies. In addition, the Guidance lists a range of topics that a business' anti-bribery compliance programme should cover, including gifts and hospitality expenditures, charitable and political donations, demands for facilitation payments, adequate bookkeeping, approval of expenditures, penalties for breach of the company's anti-bribery policies, and whistleblowing procedures.
- Top-Level Commitment -- A business' top-level management (be it a board of directors, the owners, or any other equivalent body or person) should be committed to preventing bribery by persons associated with it and to fostering a culture within the company in which bribery is never acceptable. At a minimum, top-level commitment to bribery prevention in any company should include (i) top-level internal and external communication of the company's zero-tolerance approach to bribery; and (ii) an appropriate degree of top-level involvement in developing the anti-bribery procedures.
The Guidance suggests that the top-level communication include a formal statement to employees and business partners, which should be re-sent periodically and made available on the company intranet and on the Internet. The Guidance lists a variety of topics that can be included in the top-level formal statement, including a commitment to carry out business fairly and honestly, a zero-tolerance approach to bribery, the consequences of breach for employees and business partners, the business benefits of rejecting bribery, whistleblowing procedures, and the key individuals and departments involved in the development and implementation of the anti-bribery procedures.
Top-level commitment also requires top-level involvement and leadership in bribery prevention. For smaller organisations, a proportionate response might require top-level managers to be personally involved in the development and implementation of procedures. In larger organisations, the board should be responsible for setting the policies; assigning management to develop, implement, and monitor the specific procedures; and regularly reviewing the policies and procedures. The Guidance provides a range of ways to achieve top-level engagement, regardless of company size, including the selection of senior managers to lead anti-bribery work; leadership on key measures, such as the code of conduct; endorsement of all written anti-bribery communications; and specific involvement in high-profile and critical decision-making.
- Risk Assessment -- A company should assess the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment should be periodic, informed, and documented. The risk assessment procedures should be proportionate to the company's size and to the nature and location of its activities.
Each risk assessment should include oversight by top-level management, appropriate resourcing reflecting the size of the company, identification of the internal and external information sources that will enable risk to be assessed, due diligence enquiries (discussed below), and documentation of the risk assessment and its conclusions. This risk assessment should be updated as the company's operations, and therefore its risks, evolve.
The Guidance describes five types of external risks that a company should consider as part of its risk assessment: (i) country risk, evidenced by perceived high levels of corruption; (ii) sector risk, as certain business sectors, including the oil and mineral and large-scale infrastructure industries, have higher risks; (iii) transaction risk, as certain transactions have higher risk, including government purchasing and charitable and political contributions; (iv) business opportunity risk, associated with certain high-value projects or projects that involve many intermediaries or lack a clear legitimate objective; and (v) business partnership risk, as certain relationships, such as those with joint venture partners or intermediaries interacting with foreign officials, may involve greater risk.
A risk assessment should also examine the extent to which internal structures or procedures may add to the level of risk. These include deficiencies in employee training or knowledge, a bonus culture that rewards excessive risk taking, lack of clear company policies relating to hospitality or promotional expenditures and political or charitable contributions, and a lack of clear financial controls.
- Due Diligence -- Businesses should apply a proportionate and risk-based approach in performing due diligence on parties who perform or will perform services for or on behalf of the company, in order to mitigate identified bribery risks. This due diligence can be performed internally or by external consultants or lawyers. In lower-risk situations, such as engaging a third party to provide information technology services, businesses may decide that there is no need to conduct much in the way of due diligence. In higher-risk situations, such as selecting an intermediary to assist in establishing a business in a foreign market, greater due diligence may be required. Due diligence is also especially important where the local law in a foreign country requires the company to use a local agent from which it will be difficult for the company to later disengage. Of course, mergers and acquisitions will likely require significant anti-bribery due diligence as well.
In these higher-risk situations, due diligence may include conducting direct inquiries of the proposed business partner or candidate for employment, indirect investigations, and/or general research on the proposed business partner or candidate for employment. Continued monitoring of the partner or employee may also be required. Companies will generally need to conduct more extensive due diligence into business partners than individuals, in part because multiple individuals will likely be providing services on behalf of a single business partner entity. Accordingly, due diligence may require obtaining information on relevant individuals working for the proposed business partner.
The Guidance makes clear that because a company may be liable for the actions of its employees, it may wish to conduct due diligence on potential and existing employees proportionate to the risks associated with the employees' positions. Indeed, the Guidance specifically notes that due diligence on potential and existing employees is unlikely to be necessary in relation to lower-risk positions.
- Communication (including training) -- This principle is new to the Guidance, although the concept does appear in the draft. A company should seek to ensure that its bribery prevention policies and procedures are embedded and understood throughout the company through internal and external communication, including training, that is proportionate to the risks it faces.
The content and tone of an internal communication may vary from that for external use. The nature of communications will also vary depending on the bribery risks faced, the size of the company, and the nature of its activities. In addition to conveying the tone from the top, internal communications should also focus on the implementation of the company's policies and procedures and the implications for employees. Internal communications should also facilitate the establishment of a secure, confidential, and accessible way for parties to "speak up" and raise concerns, request advice, or suggest improvements to procedures. Of course, to foster this environment, adequate protections for those reporting concerns must also exist.
The Guidance advises that external communications of anti-bribery policies to business partners can include information on anti-bribery procedures and controls, sanctions for violations of the policies, and rules governing recruitment, procurement, and tendering. Additionally, the Guidance provides that a business may consider it appropriate to communicate its anti-bribery policies to other companies in its industry, to industry organisations, or even to the general public.
The Guidance explains that training should be proportionate to risk and notes that providing some training is likely to help establish an anti-bribery culture whatever the level of risk. Training may be conducted in a traditional classroom setting or via web-based tools.
While general training could be mandatory for new employees or agents, training should be tailored to the specific risks associated with particular positions. For example, those involved in implementing "speak up" procedures or working in high-risk countries or higher-risk functions, such as purchasing and distribution, may need specially tailored training. It may also be appropriate to require business partners, particularly high-risk business partners, to undergo training. Companies may also encourage their business partners to provide anti-bribery training themselves. The Guidance stresses that training is a continuous process that should be regularly monitored and evaluated.
- Monitoring and Review -- A business should monitor and review procedures designed to prevent bribery by persons associated with it and make improvements where necessary. Because the bribery risks that a business faces may evolve over time, the controls required to mitigate those risks are also likely to change. Continual monitoring and improvement of procedures is therefore necessary. In addition to regular monitoring, a business may choose to review its procedures in response to certain events, including governmental changes in countries in which it operates or the occurrence of a possible bribery incident involving the company.
There is a wide variety of internal and external sources and mechanisms by which businesses can monitor and review the effectiveness of their anti-bribery procedures. These include internal financial control mechanisms, staff surveys, questionnaires, training feedback, formal periodic reviews and reports for top-level management, publications on effective and ineffective industry practices, and external verification of the effectiveness of the procedures. Some companies may be able to apply for a compliance certification from an industry association or multilateral body. Such certification, however, may not necessarily mean that a company's procedures are adequate" for all purposes under the Act.
Joint Prosecution Guidance
The Joint Guidance provides examples of how the public interest factors in the principal guidance codes for criminal prosecutions, the Code for Crown Prosecutors and the Joint Guidance on Corporate Prosecutions, may be applied to prosecutions under the Act. Please note that Joint Guidance of this kind is not treated by the courts as exhaustive.
The Joint Guidance highlights the importance of what it calls the "Full Code Test" (set out in the Code for Crown Prosecutors) in making decisions on prosecution: namely, whether there is sufficient evidence for a realistic prospect of conviction and whether a prosecution is in the public interest, based on the full range of factors in the Code for Crown Prosecutors. Perhaps of most immediate relevance to companies planning for the Act, the Joint Guidance also broaches the issues of facilitation payments and corporate hospitality.
While there remains no exemption for facilitation payments under the Act, the Guidance clearly acknowledges the difficulty of stopping facilitation payments completely. In light of this difficulty, the Joint Guidance indicates that the government will exercise prosecutorial discretion in its prosecution of companies that make facilitation payments. The Joint Guidance therefore provides a variety of factors which tend in favour of and against prosecution for facilitation payments. Factors tending in favour of prosecution include the following:
- large or repeated payments;
- planned payments or payments accepted as part of a standard way of conducting business, which may indicate that the offence was premeditated; and
- payments in breach of clear and appropriate company policies on facilitation payments.
Factors tending against prosecution include the following:
- payments that are small and likely to result in only a nominal penalty;
- payments coming to light as a result of a genuinely proactive approach involving self-reporting and remedial action;
- the company has a clear and appropriate policy articulating the procedures an individual should follow if facilitation payments are requested, and these procedures have been correctly followed; and
- the payer was in a vulnerable position arising from the circumstances in which the payment was demanded. This last factor may be highly significant in practice, in particular in respect to payments made to secure an essential government service which is being denied until a bribe is paid.
The Joint Guidance reiterates that reasonable and proportionate hospitality and promotional expenditures "made in good faith [as] an established and important part of doing that business" will not be prosecuted. As in the Guidance, this suggests an industry-specific and potentially geographically specific approach to evaluating these types of expenditures. It remains to be seen whether such fine distinctions can realistically be made in the context of criminal law enforcement.
Where this leaves businesses exposed under the Act
The Guidance's assurances regarding corporate hospitality and its increased emphasis on businesses taking a proportionate approach when implementing adequate procedures to prevent bribery are welcome signs that the government recognises the difficulties businesses face due to the open-ended nature of some of the key provisions of the Act. The Act's ultimate impact, however, will depend on how courts interpret it, and there remains a real risk that the judiciary will take a stricter line on certain issues than does the Guidance. An obvious candidate for a more uncompromising approach from the judiciary is in connection with the notion of "associated persons", and businesses would be wise not to place undue reliance on the Guidance in this regard.
However, alongside this acknowledgement of the virtue of proportionality, comes an increased clarity of focus on the need for businesses to carry out real-world risk assessments based on meaningful due diligence exercises, so as to ensure that the procedures ultimately adopted are informed by the real bribery risks faced. Among the points clarified by the Guidance is the importance of corruption risk assessments, which should inform any organisation's gap analysis in anticipation of the Act's enforcement. With only three months to go, businesses should now focus on ensuring that their compliance programmes reflect the change in law and that they have adequately addressed the corruption risks that attend their business around the globe.