• wblogo
  • wblogo
  • wblogo

Britain's Bribery Act: a refresher

Jonathan Brogden and Eva Barboni, DAC Beechcroft, Partner and associate, London, 10 March 2016

articleimage

The UK's Bribery Act came into force on 1 July 2011. Since then, the supine Serious Fraud Office has only reached a non-prosecution deal with Standard Bank and secured a conviction for the Sweett Group. Compliance officers might like to read this refesher, however, in the unlikely event of an SFO visit.

Standard Bank agreed to pay £21.7m under the terms of a deferred prosecution agreement - an American invention designed to convince the US public that something was being done about the criminal machinations of banks while actually charging them a fraction of their profits from the misconduct in question and letting their executives off without criminal charges. Sweett Group was fined £1.4m, subject to a £851,152.23 confiscation order and ordered to pay £95,031.97 in respect of the SFO's costs.

The Bribery Act, like nearly all legislation in a civilised society, does not have retrospective effect. Evidence for a case often takes years to come to light, so it is only recently that we have reached the point where the SFO is able to prosecute many firms for conduct that occurred after 1 July 2011, therefore negating the need to rely on previous law. It has signalled its intention to be more aggressive in its pursuit of prosecutions under the Act, concentrating as much on corporate wrongdoing as on individual misconduct.
 
Bribery and the corporate offence

Under the Act, it is an offence for a person to bribe or be bribed. A bribe is essentially the offer of a financial or other advantage with the intent that the person receiving it is induced to perform their function improperly.

Section 7 makes it an offence for a "commercial organisation" to fail to prevent bribery and also makes it guilty of any offence if an "associated person" bribes another person, intending to obtain or retain business or to obtain or retain an advantage in the conduct of business.

It is a defence for the commercial organisation to prove that it was following procedures that were up to the job of preventing any person associated with it from undertaking such conduct. The procedures to be put in place are guided by six non-prescriptive principles laid down by the government, which are as follows.

  • Principle 1: Proportionate Procedures
  • Principle 2: Top-level commitment
  • Principle 3: Risk Assessment
  • Principle 4: Due Diligence
  • Principle 5: Communication
  • Principle 6: Monitoring and review.

In this article, we focus primarily on risk assessment, although it is important first to scrutinise the extra-jurisdictional reach of the Act that is its second most important hallmark.

The extra-jurisdictional reach of the Act

It is crucial for multi-national businesses to know that the Act is not just concerned with what happens in the UK. It extends to conduct wholly outside the UK.

  • Section 7(5) defines a "commercial organisation" as a body incorporated in the UK or "any other body corporate (wherever incorporated) which carries on a business, or part of a business, in any part of the UK".
  • Section 8 defines an "associated person" very widely as a person who performs services for or on behalf of the "commercial organisation" and it does not matter in what capacity, whether as an employee, agent or subsidiary.
  • Sections 12(5) and (6) state that an offence is committed under s7 irrespective of whether the act or omission that forms part of the office takes place in the UK or elsewhere, allowing a prosecution for the offence to take place in the UK regardless.

If a corporation carries out business in the UK, it can be prosecuted in the UK under s7 regardless of where the conduct was carried out. As a result, all corporations that do business in the UK ought to carry out risk assessments to avoid exposure to s7.

It is worth noting that there is some debate around the meaning of the undefined phrase "carries on a business." It clearly denotes more than just a mere physical or legal presence in the UK. Although it is obvious that it has to be undertaking some activity, exactly what is open to debate. It naturally includes the corporation's regular trade or commercial activity but there can be little doubt that the intention was to define the activity being carried out widely. Judges have yet to apply their minds to this question.

Risk assessments

All six principles laid down by the government are important, but the need to carry out risk assessment processes and procedures and review them periodically is potentially the most troublesome one. The corporation in question should assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment must be periodic, informed and written down, but what does it entail?

Every corporation ought to know where its exposures lie. This may seem simple; surely any reputable firm knows how it does its business, where it does it and with whom. As a result, it should know and understand the risks associated with its business sector, its business partners and the countries in which it operates.

To get it right it must ensure that several things happen.

  • Top-level managers overseeing the whole process. The government's so-called 'guidance' dictates an anti-bribery culture for every organisation, created by the people at the top. How else can a corporation truly understand its risks other than with the involvement and knowledge of its business leaders?
  • Appropriate resources devoted to the risk assessment process.
  • A proper identification of internal and external information sources that will help it assess and review the risks. The best source of information is quite often the employees, whose wisdom can shine through in workshops, interviews and questionnaires. The firm can also find out information externally by canvassing diplomatic services and other governmental organisations, chambers of commerce, trade organisations and private agencies that provide specialist advice.
  • Background checks on employees and agents. The processes that human resources departments bring to bear when recruiting employees are important here. They should keep track of the whereabouts of agents, obtaining information about their backgrounds, come up with accurate descriptions of the services to be provided, take and follow up references, look at the agents' own anti-bribery policies and make sure that they are satisfied that their fees are commercial and reasonable.
  • It should also keep adequate documentary records of assessments it has carried out and its conclusions. Anyone who reads these should be able to know what the risks are, how the firm has assessed them, what facts help it reach its decision, and what the outcome was.

Even if the firm follows the right procedure in the first place, it has only won half the battle. Every so often, it has to look again at the risks associated with its business. Risks can, and often, do change, perhaps because of changes in the business itself or in the sectors or countries in which it operates. Most commonly, the business is likely to encounter new ones as it enters new sectors or new territories, possibly both at the same time. When doing so, it ought to find out whether its risk profile is changing. It should pinpoint any events that might give rise to a review of its risk assessment. Before it can embark on a sector/country risk assessment it may have to devote more resources to the task.

External factors can also lead to a need to assess more risks than before. Sometimes the need to do so is obvious, for example when social or political turbulence leads to changes in government or civil unrest, as in the Ukraine. Laws might change and this might affect the way in which the firm is able to do business in a particular jurisdiction. Countries may join (or leave) trade, economic or social alliances. Whatever the change is, the corporation must be able to recognise it and react to it. Perhaps it will then decide to change its anti-corruption procedures, but perhaps not.

To fail to identify or address an obvious change in one's risk profile is to court trouble with s7 of the Act. It will give rise to concerns about the adequacy of the procedures in place to identify and assess risk (most likely a lack of manpower, experience or expertise). It may also reveal the failure of top-level managers to oversee the process properly.

The identification of risks will naturally lead to a consideration of how to offset those risks. This may entail a beefing-up of existing control functions, the evolution of new control functions, and the monitoring of remedial action.

It is important to note, however, that corporations are not required to take exhaustive steps to eradicate the very possibility of bribery. Criminal activity is often by its very nature covert and difficult to identify. Corporations that assess and monitor risks adequately know where those risks lie and can set up procedures to try to prevent bribery and to react to change. They have to be able to do this, remembering all the while that the Act applies to conduct outside the UK.

Reputational risk

In addition to the legal woes that (at least theoretically) attend SFO investigations and prosecutions, corporations must also pay close attention to the potential for significant reputational damage. This type of damage often outlasts any legal proceedings that might bedevil a company.

It is crucial that corporations that operate in territories with "high corruption risk" (a nebulous phrase that every company must interpret for itself) must have plans in place to deal with instances or allegations of impropriety immediately. In the midst of a crisis, they have no time to step back and build the internal capacity they need to save their reputations. They ought to develop 'crisis communication' strategies and protocols in advance of such trouble, or their troubles will escalate out of control. Their plans must take both traditional and social media into account. Many companies have learnt the hard way that social media can turn an obscure local story into an international issue overnight. They have to know how to monitor (and distribute face-saving propaganda through) online platforms.

It is increasingly clear that legal and public relations risk management strategies cannot operate in a vacuum. Every firm must co-ordinate the two seamlessly if it is to be as effective as possible.

* Jonathan Brodgen is available on +44 (0) 207 894 6290 and at jbrogden@dacbeachcroft.com; Eva Barboni is available on +44 (0) 207 319 7651 and at ebarboni@mercuryllc.com

Latest Comment and Analysis

Latest News

Award Winners

Most Read

More Stories

Latest Poll