Two years after the UK's new, rigorous anticorruption statute, the Bribery Act 2010, became effective, there were two main corruption stories this Summer, both involving enforcement - first, the emergence in China of a country-wide clean-up by the authorities of the huge pharmaceuticals market involving many large western pharma companies and, secondly, the announcement by the UK's principal complex economic crime prosecutor, the Serious Fraud Office, that it is to bring its first prosecution under the Bribery Act, against a number of individuals involved with the failed company, Sustainable AgroEnergy Plc.

Both stories should in their own way reinforce strongly the message to corporations around the world that anticorruption enforcement action is a real risk to them if they do not take robust steps to protect themselves against such risks.

The British Government's Guidance for avoiding corruption risks dated 30 March 2011, sets out 6 compliance principles for commercial organisations which are summarised below:

  1. Proportionate procedures.  Preventing bribery by persons associated with the organisation are proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisation’s activities.
  2. Top level commitment.  The top level management is committed to preventing bribery by persons associated with it.  They personally foster a culture within the organisation in which bribery is never acceptable.
  3. Risk assessment.  Assessing the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with the organisation.  
  4. Due diligence.  Applying due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for, or on behalf of the organisation, in order to mitigate identified bribery risks.
  5. Communication including training.  Seeking to ensure that bribery prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication, including training.
  6. Monitoring and review.  Monitoring, reviewing (and improving where necessary) procedures designed to prevent bribery by persons associated with the organisation.

Being able to demonstrate compliance with the six principles is the only way a corporation can defend itself against a charge under Section 7 of the Bribery Act.  Therefore if someone associated with the corporation commits an offence of corruption, the company itself will also be liable, unless it has taken adequate steps to prevent it.

In the case of pharmaceutical companies being investigated in China, it is alleged there has been widespread use of intermediaries to make incentive payments to doctors and hospital managers.  If this is accurate, then this would clearly suggest that there had been no, or not sufficient, due diligence undertaken of the company's agents and contracting parties.  Whether the aforementioned six principles of compliance had been adequately followed remains to be seen, but are very likely to be scrutinised in three continents and certainly in China, the UK and the US, as the latter two countries both have "long-arm" jurisdiction anticorruption statutes.  The jurisdictional reach allows for prosecution of offences which have taken place abroad, even where the defendant has only a very limited presence in the US (or UK).

Global companies which break the law risk being prosecuted in several countries simultaneously, with the consequential fines, loss of reputation and potential public procurement debarment orders.  There are plenty of examples even under the old legislation.  The last three or four years have seen a real growth in multi-jurisdictional prosecutions.

This creates a massive and unforgettable stain on a company's history.  It also leaves the feeling with investors that management, whilst they may have had no active role in setting up any corrupt schemes, have not adequately complied with their duties to run the company in a reasonable and compliant way.  Recent history has shown that fines, legal costs and consequential law suits (from competitors and consumers who feel that they have been damaged by acts of corruption) can mount up into hundreds of millions, even billions of dollars.

Based on current media reports, we have not been told whether any of the companies caught up in the investigations in China undertook any risk assessment of their operations around the world, but in particular in China, a high risk country, according to Transparency International.  We also do not know whether due diligence was conducted on their agents, contractors and other representatives in China.  We do know, however, from our experience of talking to corporations regularly that there is no standard approach to undertaking anticorruption compliance which is, in part, due to the fact that every business is different, even those which ostensibly make or sell the same things.

Some companies are keen on new policies and training, but pay no regard at all to conducting a detailed risk assessment, let alone a thorough due diligence exercise on their own third parties.  This effectively means that the limited "compliance" which is undertaken is really nothing more than a thin veneer, intended to create an image, but not the substance, of adequate procedures.  On the other hand, some companies are very thorough about their compliance, but the ones which understand their risks and duties properly are still in a relatively small minority.

When the prosecutors come knocking on the door with a search warrant, one of the first things they will look for is evidence as to whether the company adhered to and fulfilled the six principles of adequate procedures.  If one or more of those six steps is missing, the company may have no defence to a prosecution, because prosecutors (and the court) may deem the procedures were simply inadequate.  The prosecution will carry with it all the consequential financial penalties.  Therefore, we believe that anticorruption compliance should be regarded as an investment in protecting the company’s assets and not merely as a cost of business.