The Bribery Act: What You Need to Know

On 30 March, the Ministry of Justice announced that the Bribery Act 2010 will, finally, come into force on 1 July 2011.   The announcement was accompanied by the publication of guidance to businesses on how they can reduce their exposure to bribery and better understand the implications of the Act ("Guidance").

New offences

The Act creates new offences of offering or receiving a bribe, bribery of foreign public officials and a corporate offence of failure to prevent a bribe being paid on an organisation's behalf (the "Section 7 offence").  Whilst the parameters of the new offences are far-reaching, including potential liability for the acts of third parties, the objective of the Act is not to bring the full force of criminal law to bear upon an ethically run organisation experiencing an isolated incident of bribery.  Accordingly, the Act provides a full defence to the Section 7 offence where the organisation can show that it had "adequate procedures" in place to prevent bribery.   

The Guidance is intended to help commercial organisations draw up appropriate anti-bribery policies and the procedures necessary to enforce such policies.  Whether or not such procedures are "adequate" will be a question of fact in each case.  The Guidance is at pains to point out that it is not prescriptive and that procedures should be applied in a way that is proportionate.

Guiding principles

The Guidance sets out six principles whose application should assist businesses in preventing bribery from being committed on their behalf.  Their application will vary widely depending on the nature of the relevant business and the jurisdictions in which it operates.  From the perspective of the compliance officer, the desired outcome should be robust and effective anti-bribery procedures, responding to the actual risks faced by the business.  Better to put in place a bespoke range of appropriate procedures than to create a complex, ‘one-size-fits-all' policy that sits in a drawer and is never properly implemented.

Principle 1: Proportionate procedures

This principle underscores the need for procedures to be proportionate to the bribery risks the organisation faces and to the nature, scale and complexity of its activities.  An initial assessment of risk across the organisation is therefore an essential first step.  It is worth remembering that bribery prevention procedures need not stand alone.  Reinforcing your position by weaving the anti-bribery message into wider policies, for example in relation to recruitment or contract tendering, can also be very powerful. 

Whatever the chosen model, procedures should be practical, accessible and realistically seek to mitigate identified risks.  Your existing policies may already address many of these issues and require only minor changes in emphasis to deal with anti-bribery concerns.  Topics you may wish to capture depending on the particular risks faced, include:-

• The detail of how the organisation plans to implement its bribery prevention procedures, for example, how its policy will be applied to individual projects and to different parts of the organisation.
• Employment matters.  Employees are deemed to be "associated persons" (i.e. those who perform services on behalf of an organisation) and so this is a key area.  Anti-bribery policy is likely to impact on recruitment, staff handbooks (which should make clear the organisation's policy on bribery) and terms and conditions of employment which should detail sanctions for breaches of the organisation's anti-bribery rules.
• Governance of business relationships with other associated persons (including - potentially, but not necessarily - contractors, suppliers and joint venture partners).
• Financial and commercial controls such as auditing and approval of expenditure to ensure unlawful payments cannot easily be made.
• The reporting of bribery including ‘whistle-blowing' procedures to ensure employees can raise concerns without fear of reprisal.

An area that hogged many of the headlines surrounding the Act was that of corporate hospitality.  Helpfully, the Guidance has made it clear that there is no intention to prevent an organisation from developing its business by means of reasonable and proportionate hospitality.  That said, such expenditure can be employed as a bribe and a robust anti-bribery policy should address the subject.  In addition to keeping a record of gifts and hospitality received and given, you may wish to keep a list of requests for, or offers of, such expenditure that were refused.  This could be helpful evidence when seeking to demonstrate that anti-bribery policies were not only in place, but also implemented.

Principle 2: Top-level commitment

It will be essential, when seeking to demonstrate the adequacy of anti-bribery procedures, that senior management's commitment to preventing bribery is clear.  The Guidance talks about creating a culture of zero tolerance in which bribery is never acceptable.  It is worth remembering that one of the factors in the record fine paid by Siemens under US anti-bribery legislation a few years ago was the evidence from those involved in making the unlawful payments that they believed (whether reasonably or not) that management fully supported such payments as a necessary part of doing business.

Management commitment to bribery prevention should be reflected in formal communication of a zero tolerance to bribery, which may take different forms depending on the audience (employees; business partners).  Effective statements are likely to:-

• commit to carrying out business fairly, honestly and openly.
• state the consequences of breaching the policy for employees and managers.
• for other associated persons, state the consequences of breaching contractual provisions relating to bribery prevention (this could include a reference to avoiding doing business with others who do not commit to doing business without bribery).
• articulate the business benefits of rejecting bribery (reputation; customer and business partner confidence).
• refer to the range of bribery prevention procedures the commercial organisation has or is putting in place, including any protection and whistle-blowing procedures for confidential reporting of bribery.
• name key individuals and departments involved in the development and implementation of the organisation's bribery prevention procedures.

Management may wish to engage with relevant external bodies to help articulate the organisation's policies and become involved in any collective action against bribery in, for example, the same business sector.  The compliance officer should review any breach of procedures and report on levels of compliance to the board to ensure top-level involvement in shaping and enforcing anti-bribery procedures. 

Principle 3: Risk assessment

In many ways, this should be the first principle, fundamental as it is to the effective development of adequate anti-bribery procedures.  An assessment of the nature and extent of an organisation's exposure to potential risks (internal and external) of bribery should be carried out periodically.  The findings should be clearly documented and – crucially – acted upon, where appropriate.   Significant changes to the business, for example entering into a new geographical market, should include an assessment of the impact on bribery risks.

The risks faced by an organisation will vary widely depending on factors such as the level of corruption in countries in which it does business and the sector in which it operates (higher risks tend to be associated with natural resources companies and the building industry).  A transaction involving public procurement may require additional due diligence and anti-bribery procedures to be applied and certain relationships, for example those involving public officials, will require careful assessment.

A bribery risk assessment should also examine the extent to which internal structures may add to the level of risk, including deficiencies in employee training, a bonus culture that rewards excessive risk taking and any lack of clarity in the organisation's anti-bribery message.

Principle 4: Due diligence

The purpose of this principle is to encourage organisations to put in place due diligence procedures, taking a proportionate and risk-based approach, in respect of persons who perform, or will perform, services on their behalf.  To the extent a bribery risk has been identified through risk assessment (e.g. a risk attached to reliance on third party intermediaries in a certain jurisdiction), specific due diligence could significantly mitigate that risk (e.g. by making direct enquiries or carrying out indirect investigations in respect of a potential or existing intermediary in the relevant jurisdiction).

As noted above, employees are presumed to be "associated" with an organisation for the purposes of the Act.  You should therefore build an appropriate level of due diligence into your recruitment and human resources procedures to mitigate the risk of bribery being undertaken by employees.  As for other principles, proportionality is the watchword here and some positions may be so low risk that no such due diligence is required.  The key is to ensure an appropriate risk assessment has been carried out and respond appropriately.

Principle 5: Communication (including training)

It is important that bribery prevention policies and procedures are embedded and understood throughout your organisation and by external partners.  Communicating such matters clearly is fundamental to ensuring that they are properly implemented and effective. 

The Guidance encourages the establishment of a secure and accessible means for internal or external parties to raise concerns about bribery, request advice and provide suggestions for improvement of bribery prevention controls.   For organisations with diverse operations such procedures can be very helpful and demonstrate a clear commitment to stamping out corruption.

Training to enhance awareness about the threats posed by bribery and the way the subject is being addressed by the organisation can help to establish firmly an anti-bribery culture.  General training could be mandatory for new employees and agents (proportionate to risk) and more tailored training considered for those involved in higher risk functions such as purchasing, contract tendering and those operating in high risk countries.

Principle 6: Monitoring and review

As the bribery risks an organisation faces change over time, so will the procedures required to mitigate those risks.  Regular monitoring and evaluation of the risk profile of the business and the effectiveness of current procedures is essential.  There are many review mechanisms which may be helpful, including staff surveys, systems set up to deter, detect and investigate incidents of bribery and periodic reports on best practice within the relevant industry.

Next Steps

The government has given organisations three months between publication of the Guidance and the coming into force of the Act.  During that time, you should be taking steps to ensure your organisation can demonstrate that it had adequate procedures in place should worst come to worst and an incident of bribery occur.  A careful risk assessment should identify the key risks facing your business and the areas on which your efforts should focus.  There is no need to panic, but a little effort now will help make sure that, if the Serious Fraud Office comes knocking, you can be confident your anti-bribery policies and procedures are robust.

This article was first published by Compliance online on 12 April 2011.