Last week the United Kingdom’s Ministry of Justice released its “Consultation on guidance about commercial organisations preventing bribery (section 9 of the Bribery Act 2010)”. The stated purpose of this document is to provide guidance, as required under section 9 of the Act, to “support businesses in determining the sorts of bribery prevention measures they can put in place.” Businesses covered by the UK Bribery Act can be convicted of a criminal offence if they fail to prevent bribery on their behalf. However, the Act provides that if the organization can show that it has adequate bribery prevention procedures in place, such “adequate procedures” are a defense to a prosecution.
The Consultation lists “Six Principles for Bribery Prevention” which the Ministry of Justice believes are good international practices for such adequate procedures and is designed to assist businesses in determining what bribery prevention procedures they can put in place. In this posting, we will provide a review of Principles 1 and 2. In subsequent postings we will review the remaining four Principles.
Initially it should be noted that the Six Principles are designed to be result oriented and to allow a flexible approach to ethics and compliance. US practitioners will observe this is in contrast to the US approach, which is much more rules based. The UK approach is to allow each company to tailor its policies and procedures so that they are proportionate to the nature, scale and complexity of its activities. Clearly there is a huge variety of circumstances; small and medium sized organizations will, for example, face different challenges compared to large multi-national enterprises. As a result, the detail of how each company addresses these principles will vary, but the outcome should always be robust with effective anti-bribery systems and controls.
PRINCIPLE 1: Risk Assessment
The commercial organisation regularly and comprehensively assesses the nature and extent of the risks relating to bribery to which it is exposed.
The foundation of understanding the corruption risks which a business can face is the keystone of any compliance and ethics program. Bribery and corruption risks evolve over time therefore a company’s approach to risk assessment must also grow. While the type of risk assessment procedures can vary greatly from industry-to-industry and company-to-company depending on such factors as the size of a company, its customers, markets and suppliers, there are certain risk factors, noted below, which a company should consider for a risk assessment procedure.
A. Expertise-as an initial assessment, a company must determine whether it has the in-house expertise to conduct an appropriate risk assessment or whether external professional consultants should be employed to do so.
B. Underlying data-each company must choose the most reliable data to form the basis of the risk assessment. Types of data could include annual audit reports, internal investigation reports, focus groups and staff/client/customer complaints; and by analyzing publicly available information on corruption issues in particular sectors or overseas markets and jurisdictions.
C. Key bribery risks
1. Internal Risk – this could include deficiencies in
- employee knowledge of a company’s business profile and understanding of associated bribery and corruption risks;
- employee training or skills sets; and
- the company’s compensation structure or lack of clarity in the policy on gifts, entertaining and travel expenses.
2. Country risk – this type of risk could include: (a) perceived high levels of corruption as highlighted by corruption league tables published by reputable Non-Governmental Organizations such as Transparency International; (b) factors such as absence of anti-bribery legislation and implementation and a perceived lack of capacity of the government, media, local business community and civil society to effectively promote transparent procurement and investment policies; and (c) a culture which does not punish those who seeks bribes or make other extortion attempts.
3. Transaction Risk – this could entail items such as transactions involving charitable or political contributions, the obtaining of licenses and permits, public procurement, high value or projects with many contractors or involvement of intermediaries or agents.
4. Partnership risks – this risk could include those involving foreign business partners located in higher-risk jurisdictions, associations with prominent public office holders, insufficient knowledge or transparency of third party processes and controls.
After the appropriate Risk Assessment, as guided by Principle 1, a company should look to Principles 2 to 6 on how the risk assessment will inform the development, implementation and maintenance of effective anti-bribery policies and procedures. The UK Government is clear that a static Risk Assessment is insufficient, therefore as a business evolves, or external circumstances change, a company will need to ensure that it is devoting sufficient resources to the assessment and mitigation of bribery and corruption risks as they emerge. For example, a small or medium sized company which enters a new market in a part of the world in which it has not done business before and therefore uses intermediaries and agents, may not be able to rely on anti-bribery policies designed for domestic purposes.
|PRINCIPLE 2: Top level commitment
The top level management of a commercial organisation (be it a board of directors, the owners or any other equivalent body or person) are committed to preventing bribery. They establish a culture within the organisation in which bribery is never acceptable. They take steps to ensure that the organisation’s policy to operate without bribery is clearly communicated to all levels of management, the workforce and any relevant external actors.
This is the classic “Tone at the Top” requirement. Top leadership must commit, in word and deed, to a zero tolerance towards bribery and corruption, or to paraphrase the Dallas Cowboys former coach Jimmy Johnson “You can talk the talk, but you gotta walk the walk”. Those persons at the top of any business are in the best position to foster a culture of integrity where bribery is unacceptable within the organization. Effective leadership in bribery prevention will take a variety of forms depending on the circumstances in which an organization does business, but, by way of example, the kinds of leadership procedures that may be effective include:
- Releasing a statement of commitment to counter corruption in all parts of the company. Such a statement should include commitments to carry out business fairly, honestly and openly.
- Adopting a zero tolerance policy towards bribery and corruption and publicly announcing the consequences of engaging in such prohibited behavior for employees and management.
- Extending this proscription to all business partners through anti-bribery and corruption terms and conditions in each contract with said business partners.
- Lastly, and very interestingly, this Principle would require companies to avoid doing business with others who do not commit to doing business without bribery. This requirement would mandate that a top-level statement may be made public and communicated to subsidiaries and business partners.
In addition to these factors listed above, there must be a clear commitment against bribery in a company’s management structure and, as such, this commitment must be embedded into a company a culture of compliance. This should include such things as the personal involvement of top-level managers in developing a code of conduct or ensuring anti-bribery and anti-corruption policies are published and communicated to employees, subsidiaries and business partners. Maintenance of a clear top-level commitment to anti-bribery policies may be assisted by the appointment of a senior manager to oversee the development of an anti-bribery program and to ensure its effective implementation throughout a business.
The UK Government has provided a very useful tool for any company which desires to measure its current compliance and ethics program. While this Consultation only deals with the UK Bribery Act’s requirements, it could also be a valuable and welcome tool for companies subject to the US Foreign Corrupt Practices Act (FCPA) in measuring their FCPA compliance policy. The information presented in the Consultation may well form the best practices in the arena of anti-bribery and anti-corruption compliance programs. US companies can and should use this Consultation as a guidepost for not only their US FCPA-centric compliance programs but to enhance the program for any UK subsidiary that will be governed by the UK Bribery Act.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2010