In anticipation of the April 2011 implementation of the new UK Bribery Act 2010 (the “Act”),[1] on September 14, 2010, the UK Ministry of Justice launched an eight-week consultation regarding the Government’s proposed guidance to commercial organisations on the prevention of bribery. The consultation features the publication of draft guidance on the “adequate procedures” defence under the Act.
The Act introduces the strict liability offence of failing to prevent bribery for commercial organisations. Commercial entities may commit this offence if persons or entities providing services on their behalf pay bribes, intending to obtain a business advantage for the organisation. But by showing that it has in place “adequate procedures,” a commercial organisation can escape liability for this new offence. To inform corporate behaviour in this regard, the Act provides that the Government must publish guidance on the “adequate procedures” defence.
The draft guidance is not prescriptive and does not detail specific anti-bribery measures, but instead adopts a principles-based approach which is intended to be used as a guide by businesses when implementing their own anti-bribery programmes. The draft guidance sets out six general principles for the prevention of bribery:
1. Risk Assessment
Businesses must be aware of the current bribery risks they face in the sectors and markets in which they operate. The proper nature of any risk assessment procedures will depend on the size of an organisation, as well as its activities, customers and markets. But organisations are generally advised to consider the following:
- whether those performing the risk assessment are “adequately skilled”; and
- what data sources should inform the risk assessment. The draft guidance suggests the use of internal data (annual audit reports, internal investigation reports, focus groups and staff, client or customer complaints) and external data (analysing publicly available information on bribery issues in particular sectors or jurisdictions).
For multinational corporations already subject to the US Foreign Corrupt Practices Act (“FCPA”) and other anti-bribery enforcement regimes, this requirement should be no surprise. Section 8B2.1 of the US Sentencing Guidelines for Organizations already list periodic risk assessments as a component of an effective compliance programme. And the OECD’s Working Group on Bribery in International Business Transactions issued guidance in November 2009 that similarly advised risk assessments as a good practice for companies. Regardless of official guidance, no organisation can properly design a compliance programme without identifying and understanding the risks it wishes to guard against.
2. Top Level Commitment
Top level management (usually the board of directors and senior executives) must establish a culture within their organisation in which bribery is unacceptable. They also should ensure that the organisation’s policy to operate without bribery is effectively communicated throughout the organisation. The draft guidance provides examples of what top level commitment should include:
- a “zero tolerance policy” toward bribery in all parts of the organisation’s operation;
- clear explanation of the consequences that employees and business partners will suffer if they violate the corporate policy;
- personal involvement in the development of a code of conduct, or ensuring the publication and communication of anti-bribery measures to all employees, subsidiaries and business partners; and
- appointing a senior manager to oversee the development of an effective anti-bribery programme.
“Top level commitment” is another commonly identified element of an effective compliance programme. This principle, as articulated in the draft guidance, appears to combine the requirement of a strong “tone at the top,” noted by almost every respected guide on compliance programmes from the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) to the US Department of Justice, and the need for a clear, firm anti-bribery policy—a principle also widely endorsed in the compliance literature and by governmental organisations.
3. Due Diligence
Commercial organisations should employ due diligence policies and procedures covering all parties to a business relationship, including the organisation’s supply chain, intermediaries and agents, “all forms of joint venture and similar relationships” and “all markets in which the commercial organisation does business.” The sorts of enquiries that should be made may concern the following:
- the bribery risk that attends business in a particular country. This may include the existence of relevant civil, administrative, and criminal law in the jurisdiction and the existence of any procedures for reporting bribery to the relevant local law enforcement authorities.
- the corruption risks raised by a particular business opportunity (for example, examining the pricing of the particular project, as well as whether its specifications and objectives are “legitimate”);
- whether the business partners, intermediaries, joint venture partners, and other persons and entities involved in the transaction (and their associates) have a reputation for, have been prosecuted, debarred, or convicted for, or are being investigated for bribery or related offences; and
- their business partners’ anti-corruption measures.
In many ways, counterparty due diligence has become the frontier of anti-bribery enforcement around the world. Spurred in part by the US Government’s enforcement of the FCPA, multinational corporations have focused with greater intensity in recent years on the risks posed by their business partners and intermediaries. In additional to the numerous US Government and Justice Department sources emphasising the need for effective due diligence, the United Nations Global Compact issued guidelines this past June for fighting corruption in organisations’ supply chains, in part, through robust due diligence.
4. Clear, Practical, and Accessible Policies and Procedures
Organisations should promulgate and maintain “clear, practical, accessible and enforceable” policies and procedures that prohibit bribery and reflect the various roles of different members of the entity’s work force, including “all people and entities over which the commercial organisation has control.” The guidance details some aspects of adequate anti-bribery polices and procedures:
- an explicit prohibition of bribery in all forms, including a strategy for integrating this prohibition into the organisation’s decision-making processes;
- guidance on the provision of gifts, political and charitable contributions, and bona fide hospitality or promotional benefits to ensure that all such expenditures are transparent and ethically sound;
- advice on applicable anti-bribery laws and regulations;
- guidance on the proper actions to be taken in response to extortion or blackmail;
- details of the organisation’s commitment to the Public Interest Disclosure Act 1998 (which protects whistleblowers from employment discrimination) and a description of the process; and
- information on relevant anti-corruption programmes in the company’s sector.
Additionally, an organisation may wish to promulgate a code of conduct that details the required standards of behaviour for employees and constitutes part of their employment contract.
Organisations may also wish to consider the following:
- how existing corporate procedures (for example, the anonymous whistle-blowing hot line, disciplinary procedures, performance evaluations, corporate audit, and financial controls) may be employed to prevent bribery;
- modifying sales incentives to account for business lost when employees refuse to pay bribes;
- whether particularly exposed areas and functions of the organization can effectively resist bribery; and
- erecting procedures and processes to address cases of bribery in a prompt, consistent, and appropriate manner (which may include authorizing a senior manager to monitor the organisation’s response).
This category seems to serve as a catch-all for all other important elements of an effective anti-bribery compliance programme. The need to provide clear effective anti-corruption compliance guidance appears in the US Sentencing Guidelines and COSO guidance, among many sources. On the other hand, modification of sales incentives in the face of bribery, while not a radical proposition, is something that enforcement agencies generally do not ask corporations to do.
5. Effective Implementation
Organisations must embed anti-bribery policies and procedures throughout the business. “Paper compliance” is insufficient. Larger organisations should consider establishing an implementation strategy detailing the rollout of these policies and procedures:
- who bears responsibility for programme implementation;
- how to communicate the policies and procedures internally and externally;
- the content and nature of anti-bribery training and how to roll it out effectively;
- how senior management will monitor the programme’s implementation;
- whether and how the organisation will utilise external assurance processes;
- the processes for monitoring compliance;
- the implementation timetable;
- an explicit statement of penalties for violating relevant anti-bribery policies and procedures; and
- the date of the programme’s next review.
Larger organisations may also consider requiring or suggesting that business partners participate in anti-corruption training courses.
The admonition that “paper compliance” is insufficient echoes warnings issued numerous times by US enforcement officials. Indeed, US Deputy Attorney General Mark Filip’s famous 2008 memorandum on prosecuting business organisations explicitly cautions that a mere “paper program,” lacking the necessary design, implementation, and review, will not protect a company from prosecution.
6. Monitoring and Review
Organisations must institute mechanisms to monitor and review their compliance with anti-bribery policies and procedures. Among other things they may wish to do the following:
- considering what internal “checks and balances” they should use to monitor and review anti-bribery programmes. The guidance suggests that larger organisations might review their financial control, bribery whistle-blowing, and incident management procedures. They could consider reporting the results periodically to the organisation’s shareholders;
- identifying appropriate triggers for a mandatory bribery risk assessment and anti-corruption compliance programme review; and
- utilising external assurance or verification of the effectiveness of their anti-bribery policies, or joining of one of several independently verified bodies or associations that evaluate anti-corruption compliance programmes.
As with the other five principles, the need for ongoing monitoring and periodic reviews of anti-bribery programmes is widely recognised by governments and non-governmental organisations alike. For instance, the OECD’s Working Group on Bribery in International Business Transactions recommended “periodic reviews of the ethics and compliance programmes or measures, designed to evaluate and improve their effectiveness in preventing and detecting foreign bribery, taking into account relevant developments in the field, and evolving international and industry standards.”
Guidance on Specific Issues
The draft guidance also attempts to clarify several key issues:
- It endorses “offset” arrangements authorised by local law, whereby additional investment is offered or required as part of a particular tender, noting that they are unlikely to violate section 6 of the Act (bribery of a foreign public official).
- In the always-tricky realm of corporate hospitality and promotional expenditures, the guidance approves “reasonable and proportionate hospitality or promotional expenditure which seeks to improve the image of a commercial organisation, better to present products and services, or establish cordial relations.” Although section 6 would seem to establish strict liability for the provision of such benefits to a government official, the guidance seems to promise that prosecutors will decline to bring cases in which the benefit is not tied to a business advantage: “Where the prosecution is able to establish a financial or other advantage has been offered, promised or given but there is no sufficient connection between the advantage and the intention to influence and secure business or a business advantage then section 6 is unlikely to be engaged.”[2] (Section 1 (bribery of another person) requires that the financial advantage provided carry the intent to cause the recipient to perform his or her function improperly.)
- In contrast to US law, the Act has no exception for facilitation payments. The guidance emphasises that such payments violate sections 1 and 6 of the Act.
- Addressing the issue of prosecutorial discretion more broadly, the guidance notes that violations of the Act will result in prosecution only when enforcement is in the public interest.
The draft guidance also sets out a number of illustrative case studies, although these will not form part of the final guidance.
What is perhaps most surprising is that the guidance remains silent on the jurisdictional implications of the strict liability offence of failing to prevent bribery for commercial organisations. Any partnership or corporation that “carries on a business, or part of a business, in any part of the United Kingdom” is subject to the requirement. What precisely it means to carry on business in the United Kingdom remains shrouded in mystery. The illustrative examples contained in Annex B of the guidance only deal with UK-based organisations.[3] Thus, we still do not know what nexus with the territory of the United Kingdom will subject an organisation to this aspect of the Act.
Next Steps
The UK Ministry of Justice must receive any comments on the draft guidance before 5 p.m. on November 8, 2010. The questions accompanying the consultation are general in nature, but provide a valuable opportunity for businesses to influence the final form of the guidance. The final guidance is scheduled for publication early in the New Year. The Director of Public Prosecutions and the Serious Fraud Office will jointly publish further guidance to the Act in early 2011.
[1] On July 26, 2010, the Senior Staff of the UK’s Serious Fraud Office (“SFO”), the agency with lead responsibility for investigating and prosecuting bribery cases under the Act, met with lawyers from Gibson Dunn to discuss the contours of the Act and provide specific guidance for companies seeking to comply with the Act’s provisions. A summary of this discussion is available at: https://gibsondunn.com/publications/pages/UKSeriousFraudOfficeDiscussion-RecentlyEnactedUKBriberyAct.aspx
[2] The guidance states that even if hospitality or promotional expenses do “on their face” violate the Act, “the exercise of prosecutorial discretion provides the degree of flexibility required to ensure the just and fair operation of the Act.” This is consistent with what the SFO Senior Staff told us during our July 26 discussion (see supra note 1) – that in some instances a “technical” breach of the Act likely would not require prosecution. This is of little comfort to companies wishing to draft policies that do not endorse breaches of the Act, either technical or otherwise.
[3] Similarly, during our July 26 meeting the SFO Senior Staff declined to discuss specific, hypothetical scenarios we designed to test elements of the Act’s jurisdictional scope, stating instead that whether a company “carries on” business in the UK will be a fact-specific question, unique to each case.