English Law, Global Risks

After much debate – and a temporary deferral – the Bribery Act took effect from 1 July.  Melanie Wadsworth examines its impact on businesses.

Given the fanfare surrounding implementation of the Bribery Act 2010, you could be forgiven for thinking that anti-bribery legislation was something new and alien to the UK.  In fact a complex range of laws, some dating back to the 18th century, do address corruption in the UK, but it is fair to say that the authorities have had limited success in prosecuting bribery offences over the years.

In 1998 the UK signed up to the Anti Bribery Convention of the Organisation for Economic Co-operation and development (OECD) , an international initiative designed to deter corruption.  In the years following, the OECD repeatedly criticized the UK's non-compliance with the Convention.  This culminated in the publication of a damning report in 2008, provoked by government interference in the investigation into allegations of bribery relating to BAE Systems' defence contracts in Saudi Arabia.  The OECD declared it was "disappointed and seriously concerned" by the UK's failure to address perceived deficiencies in its law and enforcement in this area.  Action was inevitable and so the Bribery Act which will come into force on 1 July, was born.

The Act creates four new offences: giving a bribe; requesting or receiving a bribe; bribing a foreign public official and a corporate offence of failing to prevent bribery.  For the first offence of giving a bribe (which covers any "advantage", not just cash), the test will be whether the bribe was intended to induce or reward improper performance of a relevant function.  Whether or not performance was "improper" will be judged not against local standards and custom, but against what the reasonable man of moral integrity in the UK would deem to be right.  Unless written local law specifically permits or allows for the bribe, which is rarely the case, it will be no defence that such transactions are local practice.

The Impact of the FCPA

Many organisations doing business internationally already will be familiar with the US's Foreign Corrupt Practices Act 1977 (FCPA).  Although it primarily targets American companies, the FCPA can bite on non-US companies, such as those that are listed on a US capital market or those using US communications or banking networks.  Unlike the equivalent FCPA offence, the active bribery offence in Section 1 of the Bribery Act covers bribing any person, whether or not they are in the public sector.  This is supplemented by the offence set out in Section 6 of the Bribery Act, which is specific to foreign public officials and applies where the person giving the bribe intended to influence the foreign public official in his capacity as such to obtain or retain business or a business advantage.  For this offence, there is no requirement to prove that the person giving the bribe was trying to induce the official to act improperly and, unlike under the FCPA, there is no need to prove corrupt intent.

Another difference between the FCPA and the Bribery Act is that the former makes no allowance for facilitation payments, defined as small payments made to foreign officials to expedite routine governmental actions.  This difference has secured a fair amount of publicity, with UK companies concerned that they will be at a disadvantage if, for example, it takes longer for them to move their goods through customs compared to US competitors not subject to the Bribery Act.  In practice, relatively few US companies rely on the facilitation payment carve-out as it is narrowly defined and if such payments are not properly accounted for they may breach US record keeping laws.  But if a US company caught by the Bribery Act is in the habit of making regular facilitation payments, with the effect that such payments are systemic and effectively built into the  culture of the organisation, the Serious Fraud Office (SFO) has said that it will pursue a prosecution if it is in the public interest to do so and the sums involved (whether individually or in the aggregate) are sufficiently large.

An interesting aspect of the Bribery Act is its interplay with the Proceeds of Crime Act 2002 (POCA), which requires banks and financial institutions to report suspicious activity to the Serious Organised Crime Agency (SOCA).  Any suspicions of financial crime must be reported to SOCA and organisations to whom POCA applies are at risk of committing certain money laundering offences if they fail to deal with suspicions appropriately.  The Bribery Act, and in particular the foreign public official offence at section 6 has the potential to trigger more frequent suspicious activity reports in connection with the obligation to report suspicions of financial crime, including bribery.  Arguably, the absence of any carve-out for facilitation payments or reasonable hospitality could mean that knowledge of such payments would need to be reported to SOCA, even where the authorities are unlikely to bring any prosecution under the Bribery Act.  The British Bankers Association (BBA) has expressed concern that banks may be expected to subject the accounts of international companies to enhanced due diligence in a search for evidence of bribes. Although there is no legal obligation for financial institutions to do so, pending further guidance from the BBA the impact of the Bribery Act on these issues should form part of the risk analysis carried out by FSA-authorised firms and others covered by POCA to ensure full compliance.

The corporate offence of failure to prevent bribery set out in section 7 of the Bribery Act is the one with greatest immediate impact on organisations.  This offence will be committed if a person performing a service for a relevant commercial organisation bribes another person intending to obtain business or a business advantage for the organisation.  A company will fall within the definition of relevant commercial organisation if it is incorporated in the UK or carrying on business or part of a business in the UK.  Although the SFO promises to apply a commonsense approach and look for a "demonstrable business presence" when determining whether or not business is being carried on in the UK, there is still uncertainty over how widely the definition will apply.  It has been confirmed, for example, that simply having a listing on the London Stock Exchange will not, of itself, bring an organisation within the reach of the Bribery Act.  What is less clear is the degree of control that an overseas company could have over its UK subsidiary before the parent would also fall within the relevant commercial organisation definition. 

The definition of an "associated person" for the purposes of section 7 is also very wide and will cover anyone performing a service for the organisation (employees, agents, sub-contractors, etc.) anywhere in the world.  There is no need for the relevant commercial organisation to have control over the associate and potential liability for the acts of such third parties is an area of great concern.

It will be a defence to the failure to prevent bribery offence for an organisation to show that it had "adequate procedures" in place to prevent bribery.  What constitutes adequate procedures will depend almost entirely upon the organisation and its business; however the Ministry of Justice has published helpful guidance which sets out six principles (proportionate procedures; top-level commitment; risk assessment; due diligence; communication; monitoring and review) that should inform the steps organisations take towards establishing effective procedures.

The guidance underscores the need for procedures to be proportionate to the bribery risks the organisation faces and to the nature, scale and complexity of its activities.  An initial assessment of risk across the organisation is therefore an essential first step.  The findings should flow through into the organisation's bribery policy, which should be documented and communicated clearly both within the organisation and externally to clients, business partners and others who may fall within the definition of "associated persons".

You may wish to consider reviewing your contracts with third parties to ensure they are familiar with, and agree to abide by, your organisation's bribery policy.  Consider also managing your exposure by incorporating into your terms with sub-contractors and other relevant associates a right to audit their files relating to your business relationship and to terminate your contract if bribery or corruption is discovered.

Danger zones

The risks faced by an organisation will vary widely depending on factors such as the level of corruption in the countries in which it does business and the sector in which it operates.  For example, higher risks tend to be associated with natural resources companies and the building industry.  A transaction involving public procurement may require additional due diligence and anti-bribery procedures to be applied and certain relationships, for example those involving public officials, will require careful assessment.  Bear in mind that significant changes to your business, for example entering into a new geographical market, should include an assessment of the impact on bribery risks and make sure any additional exposure arising from such changes is addressed.

A risk assessment should also examine the extent to which internal structures may add to the level of risk; for example, a bonus culture that rewards excessive risk taking or a failure to test employees' understanding of the anti-bribery message.

Most companies operating globally will already have structures in place to address issues of corruption and improper payments.  Adapting these carefully to ensure that the "adequate procedures" defence will be available will be much more effective than adopting a standalone Bribery Act policy that sits in a drawer and is forgotten.  It is clear that the adequacy of any anti-corruption procedure will depend upon the way in which it relates to and addresses the actual risks it is supposed to prevent.  Accordingly, your first step should be to carry out an audit of your existing systems and controls and an assessment of the specific risks faced by your organisation.  From there, it should not be difficult to draw up, and implement, a policy that genuinely addresses the challenges faced by your business.  In an increasingly complex and international business environment no-one can prevent bribery from occurring.  But a bespoke anti-corruption policy, well communicated and actively reinforced, will provide valuable protection for your organisation if the worst does happen and the SFO comes calling.

This article was first published in Risk Management Professional on 3 June 2011.