[Editor's note: This is the third of Thomas Fox's three-part series of principles for a best practices anti-corruption program under the guidance provided by the UK Bribery Act. Read part one here and part two here.]
Last week the United Kingdom’s Ministry of Justice released its “Consultation on guidance about commercial organisations preventing bribery (section 9 of the Bribery Act 2010)”. The stated purpose of this document is to provide guidance, as required under section 9 of the Act, to “support businesses in determining the sorts of bribery prevention measures they can put in place.”
Businesses covered by the UK Bribery Act can be convicted of a criminal offence if they fail to prevent bribery on their behalf. However, the Act provides that if the organization can show that it has adequate bribery prevention procedures in place, such “adequate procedures”are a defense to a prosecution.
The Consultation lists “Six Principles for Bribery Prevention” which the Ministry of Justice believes are good international practices for such adequate procedures and is designed to assist businesses in determining what bribery prevention procedures they can put in place. In prior postings, we reviewed Principles 1 through 4. In this final posting, we will provide a review of Principles 5 and 6.
Initially it should be noted that the Six Principles are designed to be result oriented and to allow a flexible approach to ethics and compliance. US practitioners will observe this is in contrast to the US approach, which is much more rules based. The UK approach is to allow each company to tailor its policies and procedures so that they are proportionate to the nature, scale and complexity of its activities.
Clearly there is a huge variety of circumstances; small and medium sized organizations will, for example, face different challenges compared to large multi-national enterprises. As a result, the detail of how each company addresses these principles will vary, but the outcome should always be robust with effective anti-bribery systems and controls.
PRINCIPLE 5: Effective implementation
The commercial organisation effectively implements its anti-bribery policies and procedures and ensures they are embedded throughout the organisation. This process ensures that the development of polices and procedures reflects the practical business issues that an organisation’s management and workforce face when seeking to conduct business without bribery.
The Consultation makes clear that appropriate anti-bribery and anti-corruption policies and procedures will vary enormously depending on the nature of the business, the assessment of risk and the nature of its operational and support functions. However, there must be effective implementation if these anti-bribery and anti-corruption policies and procedures are to be successful. The Consultation provides specific steps implementation strategies that companies should consider when bringing their anti-bribery and anti-corruption commitments “to life.”
As with other corporate programs, anti-bribery and anti-corruption policies and procedures cannot manage the risks if left in a file or on a shelf, they need to be implemented through the allocation of roles and responsibilities and by setting milestones for delivery and review. Put another way, companies are required to do more than just passively “have” anti-bribery and anti-corruption policies and procedures; they must actively “do” anti-bribery and anti-corruption.
To accomplish this Principle, companies should establish an execution strategy that clearly sets out how anti-bribery and anti-corruption policies and procedures are to be implemented across the company’s various groups and functions. Such detail would include some or all of the following steps.
- Designation of who will be responsible for the anti-bribery and anti-corruption policies and procedures implementation;
- A determination of how the anti-bribery and anti-corruption policies and procedures will be communicated internally and externally;
- Provisions for the nature of training, whether live, online or a combination of both and how it will be rolled out;
- Who will report to top management and the quantity and quality of information which should be presented to a company’s Board of Directors.
- The extent to which external auditing processes will be engaged;
- The specific arrangements for monitoring compliance;
- The timescale of implementation;
- A clear articulation of the penalties for breaches of agreed policies and procedures; and
- An established time table for reviews and assessments, suggested at no less than biennially.
With regards to internal communications, the Consultation provides procedures for the best practices on how businesses should communicate anti-bribery policies and procedures to relevant staff, and the need for bribery prevention training. If training is necessary, it could cover the bribery risks the organization is exposed to as well as the organization’s anti-bribery policies and procedures. It should also be tailored for different functions within the organization. Interestingly, noted within the internal communication section, the Consultation remarks that companies should consider offering, or even requiring, the participation of business partners in anti-bribery training courses.
Companies should use external communication to promote better implementation of policies and procedures as well as providing support for business partners and employees seeking to implement the said polices and procedures. External communication can range from the provision of information on the organization’s web-site to direct face-to-face communication with key players at meetings.
Messages could include an indication that employees will be subject to robust internal sanctions (in addition to any criminal justice outcome if criminal offences are committed) if they accept bribes and that corrupt vendors risk being removed from the list of approved suppliers.
PRINCIPLE 6 : Monitoring and review
TThe commercial organisation institutes monitoring and review mechanisms to ensure compliance with relevant policies and procedures and identifies any issues as they arise. The organisation implements improvements where appropriate.
Anti-bribery and anti-corruption policies must be viewed as dynamic and not static. This concern will require companies to perform ongoing monitoring of their compliance programs and adapting to changing circumstances, possibly in response to any incidents involving bribery and corruption, in order to remain effective. Although the time period for such ongoing monitoring and review is (or is not?) presented in the Consultation; it does provides several examples which companies may wish to consider when following this Principle of ongoing monitoring and review of procedures.
Internal monitoring and review mechanisms
The guiding tenet of this Principle would appear to be a determination of the internal checks and balances needed to monitor and review anti-bribery policies.
In smaller organizations, this might include effective financial and auditing controls that identify potential and actual irregularities, combined perhaps with a means by which the views and comments of employees and key business partners are incorporated into the continuing improvement of anti-bribery policies.
However for larger businesses this might include financial monitoring, bribery reporting and incident investigations. There should also be a requirement to report the results of such reviews to the Audit Committee, the Board of Directors or equivalent body. In turn, the Audit Committee, Board, or equivalent body, may wish to make an independent assessment of the adequacy of anti-bribery policies and disclose their findings and recommendations for improvement in the company’s Annual Report to shareholders.
Companies should also determine appropriate ways of identifying when a review of bribery risk, and the corresponding policies and procedures, is necessary; ensuring that if, for example, external events like government changes, corruption convictions, or negative press reports occur, an appropriate compliance response is triggered. It would be prudent for Companies to consult the publications of relevant trade bodies or regulators that could highlight examples of good or bad practice.
Organizations should also ensure that their procedures take account of external methods of issue identification and reporting as a result of the statutory requirements applying to their supporting institutions, for example money laundering regulations reporting by accountants and solicitors.
Transparency is an important anti-bribery tool. Secrecy within a business and the failure to disclose important information about specific projects can facilitate the payment, receipt and concealment of bribes. Given the challenges posed by distance and unfamiliarity with overseas customs and regulations, businesses may wish to consider how to monitor the implementation of anti-bribery procedures in overseas offices and business partners.
The senior management of higher risk and larger organizations may wish to consider whether to commission external verification or assurance of the effectiveness of anti-bribery and anti-corruption policies, or to seek membership of one of the independently-verified anti-bribery code group or organization monitored by industrial sector associations or multilateral bodies.
An independent review can be helpful in providing companies undergoing structural change, or entering new markets, with an insight into the strengths and weaknesses of its anti-bribery policies and procedures and in identifying areas for improvement. Such independent analysis would also enhance a company’s credibility with business partners or restore market confidence following the discovery of a bribery incident, help meet the requirements of both voluntary or industry initiatives and any future pre-qualification requirements.
Although the recently published UK guidance only deals with the UK Bribery Act requirements it is important to note that because of the long arm jurisdiction of the act many companies subject to the Foreign Corrupt Practices Act (FCPA) will also be subject to the UK Bribery Act. So it may be necessary to build on top of existing FCPA policies to ensure they are compliant with the new UK Bribery Act.
All organizations will need to trigger the requirement to comply with the UK law if they wish to ”carry on business” in the UK. The UK Government has provided a very useful tool for any company which desires to measure its current compliance and ethics program. This type of guidance is quite welcome. It should be studied closely by any Compliance Professional or Law Department employee to assist in setting up a best practice anti-bribery and anti-corruption program.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author.