Developing a compliance framework that suits your business and putting matters into practice.

It's not simply an HR/Employee policy matter - you need to develop a compliance framework. It is important for any business to recognise that its adequate procedures will have to go beyond its employees, and there is a distinct need to look at agents, distributors, suppliers and the relationships it has between parent / subsidiaries and any of its joint venture partners and sub-contractors. That said; good practice always comes from within and this means practising what you preach!

Adequate Procedures or Penalties

The Act creates 4 offences:

  • Offence of bribing another person (also called the "active offence") - Section 1 Bribery Act 2010
  • Offence of being bribed (also called the "passive offence") - Section 2 Bribery Act 2010  
  • Bribery of a Foreign Public Official - Section 6 Bribery Act 2010
  • Section 7 Corporate offence: failure to prevent bribery  

Failure to prevent bribery is an offence under Section 7 of the Act. It is a strict liability offence and the only defence for a commercial organisation charged with that offence is to show that it had Adequate Procedures in place.

Companies that are found guilty of the corporate offence of failing to prevent bribery are liable for an unlimited fine. Directors and senior managers of companies may face prosecution if they are aware of any bribes but fail to take action to prevent them and furthermore, a director associated with a bribery offence may be disqualified from acting as a director for up to 15 years. Individuals who are found guilty of a bribery offence under the Act will face up to 10 years imprisonment and an unlimited fine. It is irrelevant where the bribe location is or whether it occurs directly or via a subsidiary or one of your agents.

Guidance as to the Adequate Procedures, which businesses should adopt, has been issued by the Ministry of Justice. The Guidance highlights six principles which must underlie any approach to any anti-bribery framework that your organisation may develop; putting in place policies are only one part of a much larger set of procedures; the principles are as follows:

1. Proportionate Procedures

A proportionate response is required. The putting in place of policies and procedures will not achieve the objective if they are not properly implemented and monitored. In putting together appropriate policies and procedures some form of risk assessment will be required and will need to take account of the nature, scale and complexity of the commercial activities your business undertakes. For example your business may be at a higher risk by virtue of the market it operates in (such as oil and gas or the construction or mining industry) or because it relies on third parties or intermediaries, or operates on a regular basis with government officials in countries which have been identified as high risk. This assessment will inform what procedures your business needs to put in place to implement its anti-bribery measures.

An anti-corruption policy/code of conduct which is accessible to all staff should set out amongst other things:

  • an express prohibition of all forms of bribery/corruption;
  • guidance on what action staff should take when faced with scenarios which they view as blackmail or extortion, and what standards of behaviour are acceptable to the company and what are not - including whistle blowing procedures (which you may already have in place);
  • an explanation of what the Company's approach is to gifts and corporate hospitality giving examples of what would and would not be acceptable in a variety of situations in which employees may find themselves. This will be dependant upon many factors including the market in which your business operates; the level at which employees function within the Company for example, senior sales teams should be given particular care and attention; and what is generally viewed as acceptable hospitality in the sector;
  • an explanation of why it is necessary to prohibit corruption; and
  • a commitment from the Company to conduct itself in an appropriate manner.

The code of conduct should be made available not only to your employees but to your agents, suppliers, joint venture partners, distributors etc. and should be available on the employees handbook/intranet site.

2. Top-Level Commitment

It is advisable that the CEO or equivalent should make a personal statement supporting the anti-corruption regime being adopted by the company (if such is not already available). This demonstrates to all in the business that there is a top level commitment to seeking to establish a culture where bribery/corruption is just not acceptable. It is clear that this element of 'top level down' will be very important in demonstrating adequacy.

The statement should clearly set out the consequences of breaching the company's anti-corruption policies/culture including non-tolerance if doing business with others who do not hold the same values as the company. In addition to this a compliance manager should be appointed to monitor and audit on an on-going basis.

3. Risk Assessment

The company will need to assess where its risk points are both externally and internally. Any assessment will need to take account of the company's structure, its locations, where it does and how it does business and the scale of the business. Specific risk groupings have been identified by the Ministry of Justice, these are: Country Risk; Sectoral risk ( high risk sectors such as extraction industries and large scale infrastructure); Transaction risk (where transactions are reliant on the implementation of licences and permits for example or where your business is heavily reliant on employees being rewarded by way of performance bonus and commission schemes); Business Opportunity risk (high value projects with many intermediaries for example); Business Partnership risks (joint ventures, consortia and so on).

4. Due Diligence

Which due diligence procedure is selected will be dependant upon risk, lower risk companies may take a different stance to those businesses which operate in high risk areas. Due diligence procedures may not feature heavily in your more general policies and procedures; however the necessity to carry out due diligence when looking at key employees (including everything from recruitment, the training you assess necessary, to examination of their expense accounts); potential working partners and when purchasing assets/business and so on will form part of a company's policy and procedures; its training and influence its contractual provisions and indemnities sought will be very important.

Checklists will be very helpful in these situations, particularly where it can be demonstrated that the company followed them and any reasoning behind them should the company ever be questioned on what it did to prevent bribery.

Due diligence questionnaires to be completed by contractors, suppliers and so on should be considered as a means of investigating what proactive steps such third parties actually take in practice. It should be noted that contractual clauses and warranties to the effect that your contracting parties are operating within the law should not be seen as a substitute for proper due diligence on prospective suppliers etc before entering into a contract.

5. Communication (including training)

There will be a need to ensure that the policies and procedures are implemented properly and this will require not only adequate audit trails but training of key personnel (such as senior management and those personnel who are in high risk areas). Any training will need to cover the provisions of the Bribery Act and its offences but more importantly provide opportunities to discuss, examples and develop practical solutions for your business and industry sector.

There will be a need to review contractual provisions, and how these are communicated and 'enforced' will be critical. For example additional provisions expressly dealing with compliance with the Company's policies and procedures may be appropriate particularly for key employees, or a review of how the Company operates its bonus and or commission scheme may result in amendments to its operation and careful communication (and monitoring) of this to employees will be required.

6. Monitoring and Review

Regular reviews of policies and procedures will be required on an on-going basis; an examination of self reporting; and regular monitoring; and as part of this process employment procedures such as (i) amending employment contracts to provide for the obligations and penalties; and (ii) amending disciplinary procedures, form part of principle 6; in addition reviewing existing contracts with suppliers and reviewing controls on rights to sub-contract along with rights to terminate for breaches of anti-bribery requirements will be needed.