[Editor’s note: This is the first of Thomas Fox’s three-part series of principles for a best practices anti-corruption program under the guidance provided by the UK Bribery Act. Read part two here and part three here.]
Last week the United Kingdom’s Ministry of Justice released its “Consultation on guidance about commercial organisations preventing bribery (section 9 of the Bribery Act 2010)”. The stated purpose of this document is to provide guidance, as required under section 9 of the Act, to “support businesses in determining the sorts of bribery prevention measures they can put in place.” Businesses covered by the UK Bribery Act can be convicted of a criminal offence if they fail to prevent bribery on their behalf. However, the Act provides that if the organization can show that it has adequate bribery prevention procedures in place, such “adequate procedures”are a defense to a prosecution.
The Consultation lists “Six Principles for Bribery Prevention” which the Ministry of Justice believes are good international practices for such adequate procedures and is designed to assist businesses in determining what bribery prevention procedures they can put in place. In this posting, we will provide a review of Principles 1 and 2. In subsequent postings we will review the remaining four Principles.
Initially it should be noted that the Six Principles are designed to be result oriented and to allow a flexible approach to ethics and compliance. US practitioners will observe this is in contrast to the US approach, which is much more rules based. The UK approach is to allow each company to tailor its policies and procedures so that they are proportionate to the nature, scale and complexity of its activities. Clearly there is a huge variety of circumstances; small and medium sized organizations will, for example, face different challenges compared to large multi-national enterprises. As a result, the detail of how each company addresses these principles will vary, but the outcome should always be robust with effective anti-bribery systems and controls.
PRINCIPLE 1: Risk Assessment
The commercial organisation regularly and comprehensively assesses the nature and extent of the risks relating to bribery to which it is exposed.
The foundation of understanding the corruption risks which a business can face is the keystone of any compliance and ethics program. Bribery and corruption risks evolve over time therefore a company’s approach to risk assessment must also grow. While the type of risk assessment procedures can vary greatly from industry-to-industry and company-to-company depending on such factors as the size of a company, its customers, markets and suppliers, there are certain risk factors, noted below, which a company should consider for a risk assessment procedure.
A. Expertise-as an initial assessment, a company must determine whether it has the in-house expertise to conduct an appropriate risk assessment or whether external professional consultants should be employed to do so.
B. Underlying data-each company must choose the most reliable data to form the basis of the risk assessment. Types of data could include annual audit reports, internal investigation reports, focus groups and staff/client/customer complaints; and by analyzing publicly available information on corruption issues in particular sectors or overseas markets and jurisdictions.
C. Key bribery risks
1. Internal Risk – this could include deficiencies in
2. Country risk – this type of risk could include: (a) perceived high levels of corruption as highlighted by corruption league tables published by reputable Non-Governmental Organizations such as Transparency International; (b) factors such as absence of anti-bribery legislation and implementation and a perceived lack of capacity of the government, media, local business community and civil society to effectively promote transparent procurement and investment policies; and (c) a culture which does not punish those who seeks bribes or make other extortion attempts.
3. Transaction Risk – this could entail items such as transactions involving charitable or political contributions, the obtaining of licenses and permits, public procurement, high value or projects with many contractors or involvement of intermediaries or agents.
4 Partnership risks – this risk could include those involving foreign business partners located in higher-risk jurisdictions, associations with prominent public office holders, insufficient knowledge or transparency of third party processes and controls.
After the appropriate Risk Assessment, as guided by Principle 1, a company should look to Principles 2 to 6 on how the risk assessment will inform the development, implementation and maintenance of effective anti-bribery policies and procedures. The UK Government is clear that a static Risk Assessment is insufficient, therefore as a business evolves, or external circumstances change, a company will need to ensure that it is devoting sufficient resources to the assessment and mitigation of bribery and corruption risks as they emerge. For example, a small or medium sized company which enters a new market in a part of the world in which it has not done business before and therefore uses intermediaries and agents, may not be able to rely on anti-bribery policies designed for domestic purposes.
PRINCIPLE 2: Top level commitment
The top level management of a commercial organisation (be it a board of directors, the owners or any other equivalent body or person) are committed to preventing bribery. They establish a culture within the organisation in which bribery is never acceptable. They take steps to ensure that the organisation’s policy to operate without bribery is clearly communicated to all levels of management, the workforce and any relevant external actors.
This is the classic “Tone at the Top” requirement. Top leadership must commit, in word and deed, to a zero tolerance towards bribery and corruption, or to paraphrase the Dallas Cowboys former coach Jimmy Johnson “You can talk the talk, but you gotta walk the walk”. Those persons at the top of any business are in the best position to foster a culture of integrity where bribery is unacceptable within the organization. Effective leadership in bribery prevention will take a variety of forms depending on the circumstances in which an organization does business, but, by way of example, the kinds of leadership procedures that may be effective include:
In addition to these factors listed above, there must be a clear commitment against bribery in a company’s management structure and, as such, this commitment must be embedded into a company a culture of compliance. This should include such things as the personal involvement of top-level managers in developing a code of conduct or ensuring anti-bribery and anti-corruption policies are published and communicated to employees, subsidiaries and business partners. Maintenance of a clear top-level commitment to anti-bribery policies may be assisted by the appointment of a senior manager to oversee the development of an anti-bribery program and to ensure its effective implementation throughout a business.
The UK Government has provided a very useful tool for any company which desires to measure its current compliance and ethics program. While this Consultation only deals with the UK Bribery Act’s requirements, it could also be a valuable and welcome tool for companies subject to the US Foreign Corrupt Practices Act (FCPA) in measuring their FCPA compliance policy. The information presented in the Consultation may well form the best practices in the arena of anti-bribery and anti-corruption compliance programs. US companies can and should use this Consultation as a guidepost for not only their US FCPA-centric compliance programs but to enhance the program for any UK subsidiary that will be governed by the UK Bribery Act.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author.
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
Thomas Fox has practiced law in Houston for 25 years. He is now assisting companies with FCPA compliance, risk management and international transactions. He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously Division Counsel with Halliburton Energy Services, Inc. where he supported Halliburton’s software division and its downhole division, which included the logging, directional drilling and drill bit business units. Tom attended undergraduate school at the University of Texas, graduate school at Michigan State University and law school at the University of Michigan. Tom writes and speaks nationally and internationally on a wide variety of topics, ranging from FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets. Thomas Fox can be contacted via email at email@example.com or through his website www.tfoxlaw.com. Follow this link to see all of his articles.