Last week the United Kingdom’s Ministry of Justice released its “Consultation on guidance about commercial organisations preventing bribery (section 9 of the Bribery Act 2010)”. The stated purpose of this document is to provide guidance, as required under section 9 of the Act, to “support businesses in determining the sorts of bribery prevention measures they can put in place.” Businesses covered by the UK Bribery Act can be convicted of a criminal offence if they fail to prevent bribery on their behalf. However, the Act provides that if the organization can show that it has adequate bribery prevention procedures in place, such “adequate procedures” are a defense to a prosecution.
The Consultation lists “Six Principles for Bribery Prevention” which the Ministry of Justice believes are good international practices for such adequate procedures and is designed to assist businesses in determining what bribery prevention procedures they can put in place. In our previous posting we reviewed Principles 1 and 2, in this posting we will provide a review of Principles 3 and 4 and the final posting will focus on Principles 5 and 6.
Initially it should be noted that the Six Principles are designed to be result oriented and to allow a flexible approach to ethics and compliance. US practitioners will observe this is in contrast to the US approach, which is much more rules based. The UK approach is to allow each company to tailor its policies and procedures so that they are proportionate to the nature, scale and complexity of its activities. Clearly there is a huge variety of circumstances; small and medium sized organizations will, for example, face different challenges compared to large multi-national enterprises. As a result, the detail of how each company addresses these principles will vary, but the outcome should always be robust with effective anti-bribery systems and controls.
PRINCIPLE 3 – Due diligence
The commercial organisation has due diligence polices and procedures which cover all parties to a business relationship, including the organisation’s supply chain, agents and intermediaries, all forms of joint venture and similar relationships and all markets in which the commercial organisation does business.
Companies will need to know who they are doing business with if their risk assessment and mitigation are to be effective. The particular types of due diligence listed below are examples of enquiries that can help identify bribery risks associated with a particular business relationship and will enable the organization to take appropriate preventive measures.
Location – Enquiries about the risk of bribery in a particular country in which an organization is seeking a business relationship, the types of bribery most commonly encountered and any information about the preventive actions which are most effective. Organizations may wish, for example, to be advised of relevant civil, administrative and criminal law and the existence of any procedures for reporting bribery to the relevant local authorities.
Business opportunity – Enquiries about the risks that a particular business opportunity raises, for example establishing whether the project is to be undertaken at market prices, or has a defined legitimate objective and specification.
Business partners – Enquiries to establish whether individuals or other organizations involved in key decisions, such as intermediaries, consortium or joint venture partners, contractors or suppliers, have a reputation for bribery and whether anyone associated with them is being investigated, prosecuted, or has been convicted or debarred for bribery or related offences. Organizations may also wish consider the risks associated with politically exposed persons where the proposed business relationship involves, or is linked to, a prominent public office holder.
Organizations may wish to ensure that enquiries are made of partners’ internal anti-corruption measures.
PRINCIPLE 4: Clear, Practical and Accessible Policies and Procedures
The commercial organisation’s policies and procedures to prevent bribery being committed on its behalf are clear, practical, accessible and enforceable. Policies and procedures take account of the roles of the whole work force from the owners or board of directors to all employees, and all people and entities over which the commercial organisation has control.
After a company performs a thorough risk assessment and follows up with any required due diligence, it should be in a better position to develop effective bribery prevention policies and procedures. To the extent feasible, businesses should draw from the expertise of its work force to develop appropriate policy and procedure documentation, as such actions can serve to secure buy-in from those who will be responsible for applying them.
Policy and Procedure Documentation
Companies should evaluate just how comprehensive, clear, practical and accessible its anti-bribery and anti-corruption policy and procedures documentation is to all employees and to other appropriate, relevant persons and entities over which it has control. Such anti-bribery and anti-corruption policy and procedures documentation could include:
- A clear prohibition of all forms of bribery including a strategy for building this prohibition into the decision making processes of the business.
- Specific guidance on making, directly or indirectly, political and charitable contributions, gifts, and appropriate levels and manner of provision of bona fide hospitality or promotional expenses to ensure that the purposes of such expenditure are ethically sound and transparent.
- Provide to the business advice on relevant laws and regulations.
- Detail guidance on what action should be taken when faced with blackmail or extortion, including a clear escalation process.
- A specific statement of the company’s level of commitment to the UK law on employment law protection for whistle-blowers and an explanation of the process for such internal reporting of bribery or corruption.
- Businesses should endeavor to provide information on anti-bribery and on anti-corruption programs relevant to the industry in which they sit.
- Companies should issue a Code of Conduct, which sets out expected standards of behavior and which can form part of the employment contract.
Support and Operational procedures with the Organization
Businesses should also consider how their existing internal company procedures can be used for bribery and corruption prevention. For example, financial and auditing controls, disciplinary procedures, performance appraisals, and selection criteria can act as an effective bribery deterrent. Other prevention procedures may include modification of sales incentives to give credit for orders refused where bribery is suspected; and “speak up” programs to allow any employee to report allegations of bribery or breaches of corporate anti-bribery policies in a safe and confidential manner.
Managers may wish to consider the resistance to bribery of particularly vulnerable operational areas such as procurement and supply chain management mechanisms and address any issues they have identified.
Management of incidents of bribery
Businesses should also consider putting in place procedures to deal with incidents of bribery, should one arise, in a prompt, consistent and appropriate manner. This could include designating a senior manager to oversee the company’s response. The business will need to decide whether to refer the matter to law enforcement agencies. There may need to be oversight of the sanctions process and a communications strategy to reassure investors, employees, customers, business partners and others possibly exposed to consequences from the incident.
The Guidance on Principles 3 and 4 are designed to give businesses the information they need in order to implement what they have learned through their risk assessments. The specific guidance set forth in the Consultation can be used by any compliance and ethics professional to properly assess and manage third parties and the nuts and bolts of how to create policies and procedures for an entire organization.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2010