Bribery and Corruption: UK Guide
05 December 2023
This guide provides an overview of the steps taken in the UK to tackle bribery and corruption, focusing on the UK Bribery Act 2010.
The UK Bribery Act 2010, which came into force on 1 July 2011, affects corporate entities based in both the UK and overseas. This Quickguide provides detail on the Bribery Act and what it means for business, and suggests practical ways of ensuring that companies and individuals do not unwittingly fall foul of the new legislation.
In order to look at the steps taken in the UK to tackle bribery and corruption, it is helpful to put them in context.
The prosecution of bribery offences and enforcement of bribery legislation is a major international issue. All 36 Organisation for Economic Co-operation and Development (OECD) member states and 8 non-OECD countries have adopted the 1997 OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.1 It aims to reduce corruption in developing countries by encouraging sanctions against bribery in international business transactions carried out by companies based in the Convention member countries. In order to monitor compliance with the OECD Convention, and assess the effectiveness of national law in fulfilling a Convention member's obligations under it, the OECD established a Working Group on Bribery in International Business Transactions (WGB).
The UN Convention against Corruption (UNCAC) was adopted by the General Assembly of the UN in 2003 as part of its global programme against corruption. As of June 2018, it has been ratified by 186 countries. Its aim is to prevent and combat corruption efficiently and effectively and to encourage and enhance international co-operation.
At the European level, steps taken to combat corruption and bribery include those of the Council of Europe, and include the Criminal and Civil Law Conventions on Corruption, which entered into force in 2003. The Criminal Convention requires signatory states to enact legislation extending criminal liability for bribery to the private sector. The Group of States Against Corruption (GRECO) has the role of monitoring implementation of the Conventions.
There are also a number of high-profile organisations which monitor countries and hold to account those which are prone to bribery. The Global Infrastructure Anti-Corruption Centre (GIACC) is an international organisation which provides anti-corruption resources and services specifically aimed at the infrastructure, construction and engineering sectors. It offers anti-corruption programmes and tools concerning a number of areas including training, procurement, and gifts and hospitality. GIACC also provides services such as anti-corruption training and compliance monitoring. Transparency International (TI) is also a leading international organisation with the primary aim of monitoring countries and providing information and resources to aid the reduction of global bribery and corruption. TI engages with local governments and businesses in over 90 countries worldwide.
Prior to the new bribery regime, UK law on bribery was viewed as "…both out-dated and in some instances unfit for purpose".2 It was difficult to follow and prosecute in practice.3 WGB prepared several reports heavily criticising the UK for its failure to address deficiencies in its law on bribery, particularly in relation to the bribery of foreign public officials by UK nationals and foreign subsidiaries of UK companies.4
Consequently, the UK legislation on bribery underwent a major overhaul. The result is the UK Bribery Act 2010 (the Act). The principal aims of the Act are to:
The Act is accompanied by Government guidance on the steps companies need to put in place to prevent bribery (the Guidance).5 Prosecution guidance has also been published which provides guidance on the approach prosecutors will take when deciding whether to prosecute offences under the Act (the Prosecution Guidance).6
In 2018, a House of Lords Select Committee (the Select Committee) was appointed to review the Act and whether it is having the effect it was designed to achieve. In March 2019 the Select Committee published its findings, and concluded that the Act "is an excellent piece of legislation" and "an example to other countries, especially developing countries, of what is needed to deter bribery."7 No further changes were recommended to the Act, although recommendations were made with regard to the Guidance (referred to below).
The Act has a direct impact on the way in which companies, particularly those with overseas operations, carry out their business activities. The Act's key provisions are as follows:
The Act refers to "a financial or other advantage". This is deliberately broad and goes beyond the payment of money and the handing over of "brown envelopes". It may cover a wide range of things, including:
Unlike other bribery laws, the Act applies equally to bribes paid to public officials and those paid in the private sector, business to business.
The Act consolidates the previous common law and statutory offences of bribery and replaces these with two simple general bribery offences concerned with giving bribes (active bribery) and receiving bribes (passive bribery).
Giving bribes (section 1): a person (an individual or body corporate) is guilty of the active offence if they:
Receiving bribes (section 2): a person (an individual or body corporate) is guilty of the passive offence if they commit any of the following (directly or indirectly):
Section 6 of the Act sets out the offence of bribing an FPO. The offence involves a person either directly or indirectly offering, promising or giving an advantage to an FPO, or to another person at the FPO's request or with his assent or acquiescence, in circumstances where the person intends both to influence the official in their capacity as an FPO, and obtain or retain business or a business advantage.
This offence can be committed by individuals or corporate entities and requires a subjective element, i.e. the intention of the person bribing the FPO to influence that person and obtain a business advantage. There is no requirement to show impropriety for the offence to be committed. However, no offence is committed if the advantage to the FPO is permitted or required by the written law applicable to the FPO, which will be:
If any of the offences of active or passive bribery, or bribery of an FPO, take place in the UK, any individual or body corporate can be prosecuted irrespective of whether they have any connection with the UK.
The offences of active or passive bribery, or bribery of an FPO, also apply to acts of bribery committed outside the UK, as long as:
However, the real extra-jurisdictional reach of the Act lies in the section 7 corporate offence of failure of a commercial organisation to prevent bribery (see below).
For a corporate to be convicted of one of the above offences the prosecution needs to prove that a senior person in the organisation, e.g. the CEO, Managing Director or senior manager, committed the offence. That person's activities would then be attributed to the organisation (known as the "directing mind" test). Historically, this test has caused prosecutors difficulty, and it is more likely that a corporate will be prosecuted under the new section 7 offence which is wider in scope (see below).11
A senior officer or person purporting to act in that capacity may also be held individually liable if they consented to or connived in the commission of one of the above offences by a body corporate.12 This follows the Law Commission's recommendation that individual criminal liability of senior officers should mirror that of section 12 of the Fraud Act 2006. That section deals with the liability of company officers for offences by bodies corporate. To "connive" in the commission of an offence is to know it may occur but to do nothing to prevent its commission, without providing actual assistance or encouragement. Connivance may occur through reckless conduct (knowing that there is a risk of offending but doing nothing) whereas, broadly speaking, complicity requires intention or knowledge as to the offending behaviour.
Section 7 of the Act introduces a new offence of failure on the part of a commercial organisation to prevent bribery being committed in connection with its business. A commercial organisation (C) may face prosecution where:
C will only be liable if an offence of active bribery or bribery of an FPO is committed. Knowledge on the part of the organisation is not a requirement. However, an organisation will have a complete defence if it can show that "adequate" procedures designed to prevent bribery were in place. What is "adequate" is not defined in the Act but is covered by the Guidance and has now been tested before a jury (R v Skansen Interiors Limited). See the section "Practical steps – putting in place adequate procedures" below where we discuss both the Guidance and the case in more detail.
In its Report, the Select Committee considered the corporate offence to be "particularly effective, enabling those in a position to influence a company’s manner of conducting business to ensure that it is ethical, and to take steps to remedy matters where it is not." As such, no amends to the legislation were recommended. However, the Select Committee did consider that further clarification is required in the Guidance as to what constitutes "adequate procedures". This is discussed below.
Section 7 is potentially far-reaching. It covers bribery in both the UK and abroad and applies to both UK and overseas businesses. It is this wide jurisdictional reach which has caused most concern. In particular:
Both of these issues have been tackled in the Guidance and we look at them in more detail below.
The Act does not have retrospective effect. Therefore, any bribery offences committed before 1 July 2011 and any pending investigations, legal proceedings and enforcement actions, continue to be governed by the pre-Act regime.
Under section 11 of the Act, an individual guilty of an offence under section 1, 2 or 6 (giving or receiving a bribe or bribing an FPO) is liable to a maximum ten-year imprisonment or a fine, or both. Any other person (such as a body corporate) guilty of an offence under section 1, 2 or 6 is liable to a fine. An organisation guilty of an offence under section 7 (failure of commercial organisations to prevent bribery) is liable to a fine.
Conviction of an offence under the Act could also lead to mandatory debarment under the EU Directive 2014/24 on public procurement, preventing the organisation in question from continuing to tender for public sector work. An organisation convicted under the section 7 corporate offence will not automatically be barred from participating in tenders for public contracts. However, public authorities may still have the discretion to exclude organisations convicted of the section 7 offence.13
Prosecution of offences under the Act requires the consent of one of the three following prosecuting bodies: the Director of Public Prosecutions, the Director of the Serious Fraud Office or the Director of Revenue and Customs Prosecutions. Decisions to prosecute must be taken in line with the Prosecution Guidance under the terms of which any prosecution has to be in the general public interest.14
Non-UK companies which carry on a business, or part of a business, in any part of the UK are also at risk of committing the corporate offence of failure to prevent bribery. Potentially, this is very broad and extends the jurisdictional reach of the Act to overseas companies.15
What is meant by "carries on a business or part of a business in the UK" is not defined within the Act. Ultimately, the courts will decide whether a commercial organisation carries on business in the UK. The UK Government expects a "common sense" approach to be applied so that companies that do not have a "demonstrable business presence in the United Kingdom" are not caught. Applying that test, the Government would not expect the mere fact that a company's securities are traded on the London Stock Exchange to qualify that company as carrying on a business or part of a business in the UK. Likewise, having a UK subsidiary will not, in itself, mean that a parent company is carrying on a business in the UK, since a subsidiary may act independently of its parent or other group companies.16
In most cases it will be clear whether an overseas company is carrying on business or part of a business in the UK. Where there is room for debate, further scrutiny will be required. The prosecutors have indicated that they will take a broad view as to what constitutes a commercial organisation.
The corporate offence was drafted broadly to cover the whole range of individuals and corporate entities connected to an organisation that might be capable of committing bribery on the organisation's behalf. It covers anyone who performs services for or on behalf of the organisation, including employees, subsidiaries, sub-contractors, suppliers, agents and joint ventures.17
The broad scope of "associated persons" understandably caused concern. Questions asked by the business community included what level of investment was required for an organisation to have a sufficient connection and how far down the supply chain the relationship extended.
The Guidance has attempted to address these concerns and deals with the specific issues raised with regard to:
Contractors and suppliers will be "associated persons" to the extent that they are performing services for or on behalf of a commercial organisation (C). However, it is unlikely that sub-contractors hired by a contractor will be performing services for or on behalf of C. C will only exercise control over its relationship with its contractual counterparty – the contractor or supplier. The next person in the chain will be performing services for the contractor and not for the other persons in the contractual chain. Best practice in these circumstances is for C to require its contractual counterparty to put in place anti-bribery provisions mirroring those in the counterparty's contract with C. The Guidance also clarifies that suppliers of goods are unlikely to perform services on behalf of an organisation.
The Guidance attempts to provide clarification on joint ventures and the extent to which these vehicles are deemed to be "associated persons". In doing so, it makes a distinction between separate legal entity joint ventures and contractual joint ventures.
There was concern over what level of investment is required in a joint venture operating through a separate legal entity, to make the investor company associated with the joint venture. For example, where several investors provide the financing to set up Company A, is every investor potentially liable if a bribery offence is committed by A's employee? Although every case is fact-specific, the Guidance clarifies that the existence of a joint venture entity will not of itself mean that it is "associated" with any of its members. Liability will not be triggered simply by virtue of the members benefiting indirectly from the bribe through their investment in or ownership of the joint venture. A member will only be liable if the joint venture is performing services for the member and the bribe is paid with the intention of benefiting that member.
With contractual joint ventures the bar is set higher and liability is more likely to arise where a bribe is paid in connection with the joint venture business. The Guidance states that this will turn on the degree of control of the organisation over the joint venture arrangement – a question of fact to be decided by the courts on a case-by-case basis. Prosecutors are likely to be more sympathetic with regard to pre-Act contractual relationships. However, for joint venture arrangements entered into after the Act came into force, it will be difficult for commercial organisations to show that they did not exercise the relevant level of control. They will then need to fall back on whether or not they had adequate procedures in place to prevent bribery from occurring.
For subsidiaries, as with joint ventures, the Guidance emphasises that there has to be an intention to benefit the parent for section 7 to apply. Indirect benefit via ownership or otherwise is not sufficient to establish the proof of the specific intention required. Consequently, bribes paid by independent subsidiaries, or joint ventures, acting on their own account and for their own benefit, should not engage liability on the part of the parent or joint venture members.
Section 7 liability is not limited to the parent company. As illustrated by the Serious Fraud Office's (SFO) first deferred prosecution agreement (see below), it can also extend to other companies within the corporate group. That case concerned two sister companies (Tanzanian and UK) acting together on a joint mandate. The bribery was committed by senior employees of the Tanzanian company, and both the Tanzanian company and the employees were regarded as having committed the underlying bribery offence. However, given that both sister companies stood to benefit from the transaction (with the fee split 50/50), and were acting jointly (with different but complementary roles), the employees and the Tanzanian company were regarded as associated persons of the UK company and their act of bribery was regarded as benefiting both companies.
The Act was criticised for being unclear in relation to the issue of corporate hospitality. However, as the Guidance makes clear, "the Act does not aim to stop corporate hospitality per se, but simply to prevent bribery under the façade of corporate hospitality".19
The SFO has adopted a similar stance. It recognises that bona fide hospitality or promotional or other legitimate business expenditure is an established and important part of doing business. However, it will prosecute offenders who disguise bribes as business expenditure, but only if the case is a serious or complex one that falls within the SFO's remit. As former Director of the SFO David Green QC said:
"The sort of bribery we would be investigating would not be tickets to Wimbledon or bottles of champagne. We are not the 'serious champagne office'".
Whether a particular item of expenditure constitutes a bribe will always depend on the surrounding circumstances. However, as reasonable and proportionate hospitality which seeks to improve a company's image is an established and important part of doing business, hospitality that falls within the standards or norms for the particular sector is in itself unlikely to trigger the bribery offence.
The Guidance also clarifies that, for corporate hospitality to be an offence, there has to be a direct link between the corporate hospitality and an intention for that hospitality to induce improper conduct. The more lavish the hospitality or expenditure, the greater the inference that it is intended to encourage or reward improper performance. Another factor will be whether or not the hospitality or expenditure is clearly connected with the legitimate business activity or whether it was concealed. However, the Guidance confirms that payments for flights and hotel accommodation for legitimate business reasons, and invitations to foreign officials or clients to attend sports events designed to cement good relations, are unlikely to raise the necessary inference of an intention to induce improper performance.20
That said, the Select Committee considered that there remains uncertainty surrounding what will be regarded as legitimate corporate hospitality. The evidence suggested that corporates were being too cautious. As such, the Select Committee recommended that the Guidance clarify the boundary between bribery and legitimate corporate hospitality and add clearer examples of what might constitute acceptable corporate hospitality.21 The Select Committee offered this advice: "It may help if businesses look at the situation from the point of view of the recipient of hospitality: would the guests expect to be treated in this way whatever decision they might reach on the business in question, or would they believe that the level of hospitality offered was an attempt to influence them improperly into taking a decision which they might not otherwise have taken? Businesses might also consider what a reasonable member of the public, properly informed, might think of the hospitality they are proposing to offer."22
To best protect against the risk of prosecution, organisations should ensure that their policies address the issue of hospitality and promotional expenditure and that they put in place procedures to allow clear reporting and recording.
Facilitation or "grease" payments are bribes paid to secure routine, non-discretionary acts from public officials. While the US 1977 Foreign Corrupt Practices Act (FCPA) contains an express carve-out of such "routine government action",23 the decision was taken by the UK Government not to follow suit in providing such exceptions. As a result, facilitation payments are not distinguished from any other offences under the Act, and are therefore criminalised.24
However, both the Guidance and the Prosecution Guidance indicate that the UK Government recognises the problems businesses face with regard to the demands for facilitation payments overseas. Businesses are encouraged to take action to ensure the locals are aware that these payments are unacceptable, ensuring agents and employees are given guidance on how to deal with requests for such payments and, if appropriate, using diplomatic channels to try and change local practice. In its Report, the Select Committee recommended that the Government provide more support to companies and ensure that embassies have at least one official who is properly trained and instructed in the local customs and cultures, or who can rapidly contact officials of foreign government departments on behalf of companies facing problems in this field.25
The Guidance also confirms that prosecutors will carefully consider what is in the public interest before deciding whether to prosecute.26 On that basis, prosecutors are expected to prosecute only significantly serious offences.27 Although one-off payments are unlikely to result in prosecution (especially if these are fully recorded in the company books), the SFO's concerns will be raised if these one-off payments become regular features of the business. If repeated, even payments of small amounts could indicate a course of conduct that may lead to prosecution.
Foreign companies, when investing in or bidding for work overseas, are often asked to provide additional investment in the form of community investment, e.g. building a hospital or donating to a certain charity. The Guidance confirms that this is unlikely to give rise to any difficulties under section 6 (bribing a foreign public official) where such arrangements are allowed by local law or are a legitimate part of a tender exercise.28 Precautions an organisation could take in such circumstances include making enquiries to ensure that the funds or aid reaches its proper target and making sure that all payments are documented.
The SFO has repeatedly emphasised its role as prosecutor and investigator, and recent years have seen several high-profile investigations and prosecutions by both the SFO and the FCA, and substantial fines. That said, there remain significant questions concerning the SFO's capabilities, particularly concerning its ability to investigate and prosecute individuals.29 These challenges will need to be addressed by Nick Ephgrave QPM, the new SFO Director (as of September 2023).
Civil avenues are also available. Since April 2008, the SFO has had powers to recover property regarded as being the proceeds of crime pursuant to Part V of the Proceeds of Crime Act. This proved popular under the leadership of former SFO Director Richard Alderman. However, their use attracted judicial criticism and the approach changed once David Green became Director of the SFO in 2012. As such, they have not been used since July 2012, when Oxford Publishing Limited was ordered to pay almost £1.9 million in recognition of sums it received which were generated through unlawful conduct relating to subsidiaries incorporated in Tanzania and Kenya.
Other civil law enforcement tools that became available to the SFO in 2018 include Unexplained Wealth Orders (UWOs) and supporting Interim Freezing Orders. Introduced by the Criminal Finances Act 2017, their purpose is to help authorities more easily investigate and act on highly suspicious wealth, especially in circumstances where there is increasing evidence that the UK has become a safe haven for corrupt assets. As such, their use is limited to recovering the proceeds of any corrupt activity where that is not possible through prosecution.
A company's decision to self-report will be one of a number of factors to be taken into consideration by the SFO in deciding whether to prosecute.30
The deferred prosecution agreements agreed to date suggest that, while the SFO is keen to incentivise self-reporting, a corporate that self-reports will only be rewarded if it genuinely co-operates with the SFO. Compare the fates of Standard Bank and Sweett Group PLC. Both were charged with the section 7 offence for failing to prevent bribery, and both self-reported. Standard Bank was able to secure a DPA due to the level of co-operation provided to the SFO. In contrast, Sweett Group was successfully prosecuted as, according to company reports, the level of co-operation was found wanting by the SFO.
The potential benefits of self-reporting include:
If a DPA is secured, a company can also minimise reputational damage if it is able to keep any investigation confidential until the DPA is announced (as was the case for Standard Bank). Given the increased intelligence-sharing between UK enforcement agencies and overseas agencies, the increased risk of being caught provides further incentive.
The main drawbacks include the fact that self-reporting exposes the corrupt activities of the company which may face reputational damage as a result. The company will also be required to co-operate fully and give full disclosure if it wants to secure a DPA. The high bar set is made clear by guidance published by the SFO: "Co-operation means providing assistance to the SFO that goes above and beyond what the law requires". Corporates are expected to be open and frank about their wrongdoing and provide unrestricted access to documents, witnesses and witness interview records and statements. Claims to privilege are likely to be challenged unless properly established. This level of co-operation can be costly: Rolls-Royce spent £123 million on its internal investigation and dealings with the SFO. And there is no guarantee that it will secure a DPA. As the guidance makes clear, even "full, robust co-operation" does not guarantee any particular outcome. Each case will turn on its own facts.
A corporate's systems and controls will also be scrutinised and there is the cost of compliance which will be expected of a corporate as part of the DPA. Rolls-Royce, which had already spent £15 million on overhauling its compliance systems, agreed to continue with improvements under its DPA.
A deal with the SFO will not guarantee against enforcement action overseas, although the increase in international co-operation between enforcement agencies should help militate against the likelihood of this. However, where a company refuses to self-report the SFO may regard such non-co-operation as a negative factor, which could increase the prospects of a criminal investigation followed by prosecution and a confiscation order. There will also be significant disruption to a company's activities pending any investigation.
The success of a self-reporting regime is heavily dependent on the SFO's ability to enter into plea agreements with those that come forward. The ability of the SFO to enter into these US-style arrangements was thrown into question after Lord Justice Thomas's judgment in March 2010 on the plea agreement made between the SFO and Innospec.
A US-style plea bargaining regime has since been formally introduced in the UK. DPAs were introduced under the Crime and Courts Act 2013 and became available to the SFO in February 2014. A DPA is an agreement reached between a designated prosecutor and an organisation facing prosecution for certain economic or financial offences. The effect of a DPA is that proceedings are instituted, but then deferred on terms (such as the payment of a financial penalty, compensation, and implementation of a compliance programme). If, within the specified time, the terms of the agreement are met, proceedings are discontinued. A breach of the terms of the agreement can lead to the suspension being lifted and the prosecution pursued.
A key feature that distinguishes DPAs from US plea bargains is the level of judicial control: the court must be satisfied that a DPA is likely to be in the interests of justice and that the proposed terms are fair, reasonable and proportionate. Once formally approved and declared by the court, the DPA and the underlying documents are made public. These include the agreed statement of facts, which sets out details of the alleged offence.
Practical guidance on the DPA process and when prosecutors will consider it appropriate is provided by the Code of Practice on DPAs and the chapter on DPAs in the SFO's Operational Handbook.31 Guidance on financial penalties for companies convicted of economic crimes has been published by the Sentencing Council.32 The latter is used to inform the level of any financial penalty that forms part of a DPA. Both the Code and the sentencing guidelines reflect the SFO's rhetoric of DPAs not being an "easy option". They make it clear that the SFO's primary role is as prosecutor and it will only be in specific circumstances that a DPA will be offered instead of full prosecution. Self-reporting is no guarantee of the DPA route, but the earlier a company self-reports and the level of co-operation given are key factors the SFO will take into account.
The Select Committee considered DPAs to be a positive development: "in the short time they have been in operation deferred prosecution agreements have proved to be an excellent way of handling corporate bribery, providing an incentive for self-reporting and for co-operating with the authorities."33
Fines will vary depending on the seriousness of the conduct, levels of co-operation, and the corporate's ability to pay. However, it is notable that the SFO is following the US approach and higher fines are becoming the norm.
That said, the approach taken on discounting is further illustration of the shift towards incentivisation. Originally, the sentencing guidelines recommended a one-third reduction, in line with a guilty plea. It had been criticised as not providing sufficient incentive for companies to self-report. These criticisms have been acknowledged by both the SFO and the presiding Judge in relation to the second DPA agreed with Sarclad Limited. As the Judge said: "In the circumstances, a discount of 50% could be appropriate not least to encourage others how to conduct themselves when confronting criminality as Sarclad has". A 50 per cent reduction was applied in the Rolls-Royce DPA, confirming that this benchmark is now firmly established.
Although it considered that "the discounts being applied to financial penalties are appropriate to encourage companies to self-report but not so large as to deprive the penalty of its effectiveness",34 the Select Committee did recommend that "if self-reporting is to be encouraged, a distinction should be drawn between the discount granted to a company which has self-reported and one which has not." In other words, a company which has not self-reported should normally receive a lesser discount than a company which has done so.35 While we are yet to see the reduction of a discount to reflect the failure to self-report, the Court has been prepared to sanction the reduction of the discount to 40% in order to reflect an initial reluctance to fully cooperate with the SFO.36
DPAs are only available to corporates, not individuals. As part of the co-operation required under a DPA, the SFO will require the corporate to provide access to information on implicated individuals. This was confirmed by the Select Committee which recommended that: "the co-operation expected of a company must include provision of all available evidence which might implicate any individuals, however senior, who are suspected of being involved in the bribery being considered." 37
As far as the Select Committee is concerned: "the DPA process, far from being an alternative to the prosecution of individuals, makes it all the more important that culpable individuals should be prosecuted." The prosecution of individuals will therefore remain a focus of the SFO though to date, securing a conviction has proven difficult.38
"Combating the risk of bribery is largely about common sense, not burdensome procedures. The core principle it sets out is proportionality" (Foreword to the Guidance).
Guidance was published on 30 March 2011. The Guidance is intended to be of general application and help commercial organisations of all sizes and types to understand what they can do to try to prevent bribery. To achieve this, it is formulated around six guiding principles that apply across all sectors and all types of business.
As the principles make clear, organisations are expected to adopt a risk-based approach to managing bribery risks. The Government recognises that no policies or procedures are capable of detecting and preventing all bribery. However, adopting a risk-based approach will help organisations focus the effort where it is needed and ensure that procedures are proportionate to the risks faced.
Many were concerned that where there is a single act of bribery that slips through the compliance net, the conclusion reached (by a jury should it go to criminal trial) will be that the procedures were, by definition, inadequate. This was a point made before the Select Committee. Several witnesses argued that "adequate" should be replaced by "reasonable". This would also ensure that the section 7 offence is in line with the similar offence of failure to prevent criminal facilitation of tax evasion in the Criminal Finances Act 2017, which refers to procedures "reasonable in all the circumstances". Although the Select Committee considered it unnecessary to amend the wording of section 7, it did recommend that the Guidance be amended to make clear that "adequate" does not mean, and is not intended to mean, anything more stringent than "reasonable in all the circumstances". It also recommended that the Guidance provide more examples of adequate procedures and suggest procedures which, if adopted by SMEs, are likely to provide a good defence.40
What follows is a summary of the main points by reference to the six principles and by way of practical guidance for organisations on the steps they need to take and the policies and procedures they should be putting in place.
Note also that the SFO will assess the effectiveness of a corporate's compliance program by reference to these six principles.41
The Guidance emphasises the need for proportionality. What is proportionate will depend on both the bribery risks faced and the nature, size and complexity of the organisation. As such, large global organisations, even if in a low risk industry, will be expected to put in place more policies and procedures than a small business with the same level of bribery risk. This gives comfort particularly to small and medium-sized businesses that are low risk. However, and as highlighted by the Select Committee, all but the smallest companies are likely to need procedures tailored to their particular needs.42
In terms of assessing what organisations require in terms of procedures, some will use third parties and others will rely on internal resources, such as their compliance teams. The key thing is for management to ensure that someone is tasked with responsibility for putting the procedures in place and implementing them.
The Government expects leadership on anti-corruption to come from the top. This is reflected in the Guidance, which states that top-level management (i.e. board members and owners) should be at the forefront of fostering a culture in which bribery is never acceptable. Without this top-level commitment, there is a risk that any company's procedures will be perceived as "inadequate". This is the case whatever the level of bribery risk a commercial organisation faces.
In practice, top-level management will be expected to:
In other words, it is not enough for the board to pay lip service to any policies and procedures in place. This message has been repeatedly made by the SFO and is evident both in the DPAs and the one case where the adequate procedures defence was tested (R v Skansen Interiors Limited, (unreported)).
Rolls-Royce has certainly taken that point on board, enhancing the role of compliance in the aftermath of its corruption investigation. Compliance teams must be seen to be working with the board's co-operation and oversight. Skansen involved a small company of approx. 30 employees and a senior executive who pleaded guilty to paying bribes to secure contracts, the prosecution noted that the company had not designated anyone with responsibility for the compliance role. Therefore, even small companies, with no compliance function, will be expected to assign that responsibility to a senior employee.
As emphasised by the Select Committee, it is essential that all businesses conduct a properly documented risk assessment. Without this, a company will not be in a position to decide what level of anti-bribery procedures it needs.43
There are several ways of assessing risk. How an organisation conducts its risk analysis will depend on the level of perceived risk and size of organisation. Organisations will need to consider whether any risk assessment can be carried out internally, or whether external expertise will be required, the use of which is proportionate to perceived risk. Different approaches include the use of workshops, questionnaires or round-table meetings. Whichever method is chosen, organisations need to make sure that the risk analysis is documented.
In terms of identifying areas of risk, the Guidance is useful and distinguishes between external and internal risk.
Commonly encountered external risks include:
Organisations such as Transparency International are useful sources of information, in particular in relation to country and sector risk.44
Internal structures or procedures may also add to an organisation's risk, for example:
Due diligence is relevant to organisations which deal with persons performing services on their behalf or organisations that are involved in takeovers and joint ventures. Effective due diligence is necessary in order to ascertain how risky the business relationship or transaction is and ensure the risk is mitigated by putting in place appropriate procedures.
How due diligence is conducted will vary depending on the circumstances. In transactions, it is standard to use due diligence questionnaires that can be adapted depending on the level of risk perceived. Other practical steps that can be taken in order to carry out due diligence include the following:
Generally, more information will need to be requested of corporates as opposed to individuals. In addition, it may be necessary to consider conducting due diligence on employees and to adapt recruitment policies accordingly.
In an M&A transaction, post-transaction remediation will be essential if the due diligence reveals gaps in the policies and procedures or other ABC issues. Ensure full alignment with the parent's policies, procedures and ABC training. And make any necessary reports to the relevant enforcement authority.
It is also essential to ensure that everything is fully documented.
Commercial organisations should ensure that a zero-tolerance approach to bribery is clearly communicated both internally and externally. Internal communications should convey the "tone from the top" and will naturally focus on the organisation's policies and procedures. Training is a useful way to communicate the message. External communication will depend on the kind of industry an organisation is involved in and the level of risk. Many FTSE 100 companies make their zero-tolerance approach to bribery clear on their websites via ethics statements or codes of conduct. Organisations in high risk industries communicate that message to third parties they contract with, and insert appropriate warranties into their contractual arrangements.
The level of bribery risk and the size of the organisation will also determine the requirement for training. However, the Guidance recognises that some training is likely to be effective in establishing an anti-bribery culture within a commercial organisation whatever the level of risk.
The Skansen case illustrates the importance of ensuring that policies are effectively communicated to staff and regular training/reminders are provided on those policies and procedures. The company had argued that the nature and size of the business meant that it did not require sophisticated policies and procedures (it had approx. 30 employees and operated primarily in south-east England). It did have policies in place which emphasised the need to deal with third parties in an ethical, open and honest manner (one of which was displayed prominently on a wall), and financial controls and payment approval procedures were in place to minimise risk. However, it was unable to prove that its staff had read the policies that were available or that they had been reminded periodically of their existence.
Monitor and review mechanisms are required in order to ensure compliance with policies and procedures and to identify any issues as they arise. Commercial organisations will need to consider what works best for them. Examples provided include using existing internal checks and balances, e.g. financial monitoring, formal periodic reviews or external verification or assurance of the effectiveness of anti-bribery policies.
Corporations should also periodically review their policies and procedures to ensure they are still fit for purpose. An organisation's risk profile may change, or there may be changes in the law that it needs to take into account. In Skansen, the prosecution relied on the fact that the company was unable to show what steps it had taken when the UK Bribery Act came into force in 2011, or that it had used that as an opportunity to remind staff of the company's ethics policy and expectations.
Having undertaken a risk assessment, an organisation should be in a position to revise or draft its policies and procedures.
First, management will need to decide who will be responsible for implementation. Ideally, this should be someone from senior management.
The anti-bribery policies and procedures can be stand-alone or incorporated into existing policies and procedures, but will need to be clear, practical and applicable throughout the organisation regardless of location. They should set out the standards of behaviour expected of all employees and, if appropriate, third parties associated with the organisation.
Generally, the issues anti-bribery policies should cover include:
Organisations may also need to put in place procedures, systems and controls that provide for transparency and accurate recording. It may well be that existing procedures can be used for bribery prevention purposes; for example, financial and auditing controls. Examples of the issues such procedures will need to cover include:
There is a wealth of information and best practice recommendations available from the bodies and associations active in this area, such as the OECD's Guidelines for Multinational Enterprises and Business Approaches to Combating Corrupt Practices.45 Transparency International UK's online tool – Global Anti-Bribery Guidance – is also a useful practical resource.46 The International Organisation for Standardisation (ISO) has also released a global standard (ISO 37001) to help organisations to implement effective anti-bribery management systems. ISO 37001 sets out a series of measures that corporates can take to help them prevent, detect and address bribery. The principles are very similar to the guidelines laid down by the UK Bribery Act and Guidance. There is also a certification process whereby an ISO-approved certifier declares corporate compliance with the standard.
In any investigation, the enforcement authorities will want to see what steps were taken to embed a culture of compliance within a corporate. Without that evidence, a corporate will have an uphill struggle persuading a jury or enforcement authority that its procedures were adequate. This is again illustrated by the Skansen case where no records had been made of any compliance discussions or steps taken. It was therefore very difficult for the company to show what compliance steps it had taken, let alone satisfy a jury that they were adequate.
Recent cases, and statements made by both the US and UK prosecutors, indicate that unless employees are properly alive to the bribery issues that can arise in their business, and know how to deal with them, the best-drafted policies are rendered worthless in terms of mounting an adequate procedures defence. Another common trend appears to be the disproportionate attention paid to low risk areas (for example, general corporate hospitality) and not spending enough time and resource on the key risks, for example, agents and intermediaries.
What is required is a culture in which employees are able to spot a bribery risk and react to it. The effectiveness of an organisation's procedures will ultimately be judged by how things manifest themselves in practice. The quality of a compliance culture is not judged by how much money has been spent on implementation, but by how people at the coalface actually live it. Regular, focused and properly targeted training is therefore key.
Companies who are involved in joint ventures, regularly appoint intermediaries or agents, or operate in jurisdictions where the payment of facilitation payments is commonplace, are at greater risk. The Guidance offers practical advice on minimising those risks.
When entering into a new joint venture, companies might consider:
These can involve risks since it may be difficult for the company to monitor what the agent or intermediary is doing. The following actions might mitigate the risks:
These are illegal under the Act and companies that are regularly faced with requests for them should adopt strategies to deal with this, including:
The Woolf Committee was set up by the Board of BAE Systems plc to report on its ethics policies and processes following the corruption allegations made against the company in relation to the Al Yamamah UK-Saudi Arabia arms deal (see above). The Committee published a report on ethical business conduct at BAE Systems in May 2008. The report included a list of "red flags" to alert companies to areas of risk in relation to the appointment, management or payment of advisers, agents, brokers, consultants, intermediaries, middlemen or representatives (Advisers). These red flags include:
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.