[Editor’s note: This is the second of Thomas Fox’s three-part series of principles for a best practices anti-corruption program under the guidance provided by the UK Bribery Act. Read part one here and part three here.]
Last week the United Kingdom’s Ministry of Justice released its “Consultation on guidance about commercial organisations preventing bribery (section 9 of the Bribery Act 2010)”. The stated purpose of this document is to provide guidance, as required under section 9 of the Act, to “support businesses in determining the sorts of bribery prevention measures they can put in place.” Businesses covered by the UK Bribery Act can be convicted of a criminal offence if they fail to prevent bribery on their behalf. However, the Act provides that if the organization can show that it has adequate bribery prevention procedures in place, such “adequate procedures” are a defense to a prosecution.
The Consultation lists “Six Principles for Bribery Prevention” which the Ministry of Justice believes are good international practices for such adequate procedures and is designed to assist businesses in determining what bribery prevention procedures they can put in place. In our previous posting we reviewed Principles 1 and 2, in this posting we will provide a review of Principles 3 and 4 and the final posting will focus on Principles 5 and 6.
Initially it should be noted that the Six Principles are designed to be result oriented and to allow a flexible approach to ethics and compliance. US practitioners will observe this is in contrast to the US approach, which is much more rules based. The UK approach is to allow each company to tailor its policies and procedures so that they are proportionate to the nature, scale and complexity of its activities. Clearly there is a huge variety of circumstances; small and medium sized organizations will, for example, face different challenges compared to large multi-national enterprises. As a result, the detail of how each company addresses these principles will vary, but the outcome should always be robust with effective anti-bribery systems and controls.
PRINCIPLE 3 – Due diligence
Companies will need to know who they are doing business with if their risk assessment and mitigation are to be effective. The particular types of due diligence listed below are examples of enquiries that can help identify bribery risks associated with a particular business relationship and will enable the organization to take appropriate preventive measures.
Location – Enquiries about the risk of bribery in a particular country in which an organization is seeking a business relationship, the types of bribery most commonly encountered and any information about the preventive actions which are most effective. Organizations may wish, for example, to be advised of relevant civil, administrative and criminal law and the existence of any procedures for reporting bribery to the relevant local authorities.
Business opportunity – Enquiries about the risks that a particular business opportunity raises, for example establishing whether the project is to be undertaken at market prices, or has a defined legitimate objective and specification.
Business partners – Enquiries to establish whether individuals or other organizations involved in key decisions, such as intermediaries, consortium or joint venture partners, contractors or suppliers, have a reputation for bribery and whether anyone associated with them is being investigated, prosecuted, or has been convicted or debarred for bribery or related offences. Organizations may also wish consider the risks associated with politically exposed persons where the proposed business relationship involves, or is linked to, a prominent public office holder.
Organizations may wish to ensure that enquiries are made of partners’ internal anti-corruption measures.
PRINCIPLE 4: Clear, Practical and Accessible Policies and Procedures
The commercial organisation’s policies and procedures to prevent bribery being committed on its behalf are clear, practical, accessible and enforceable. Policies and procedures take account of the roles of the whole work force from the owners or board of directors to all employees, and all people and entities over which the commercial organisation has control.
After a company performs a thorough risk assessment and follows up with any required due diligence, it should be in a better position to develop effective bribery prevention policies and procedures. To the extent feasible, businesses should draw from the expertise of its work force to develop appropriate policy and procedure documentation, as such actions can serve to secure buy-in from those who will be responsible for applying them.
Policy and Procedure Documentation
Companies should evaluate just how comprehensive, clear, practical and accessible its anti-bribery and anti-corruption policy and procedures documentation is to all employees and to other appropriate, relevant persons and entities over which it has control. Such anti-bribery and anti-corruption policy and procedures documentation could include:
Support and Operational procedures with the Organization
Businesses should also consider how their existing internal company procedures can be used for bribery and corruption prevention. For example, financial and auditing controls, disciplinary procedures, performance appraisals, and selection criteria can act as an effective bribery deterrent. Other prevention procedures may include modification of sales incentives to give credit for orders refused where bribery is suspected; and “speak up” programs to allow any employee to report allegations of bribery or breaches of corporate anti-bribery policies in a safe and confidential manner.
Managers may wish to consider the resistance to bribery of particularly vulnerable operational areas such as procurement and supply chain management mechanisms and address any issues they have identified.
Management of incidents of bribery
Businesses should also consider putting in place procedures to deal with incidents of bribery, should one arise, in a prompt, consistent and appropriate manner. This could include designating a senior manager to oversee the company’s response. The business will need to decide whether to refer the matter to law enforcement agencies. There may need to be oversight of the sanctions process and a communications strategy to reassure investors, employees, customers, business partners and others possibly exposed to consequences from the incident.
The Guidance on Principles 3 and 4 are designed to give businesses the information they need in order to implement what they have learned through their risk assessments. The specific guidance set forth in the Consultation can be used by any compliance and ethics professional to properly assess and manage third parties and the nuts and bolts of how to create policies and procedures for an entire organization.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author.
He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously Division Counsel with Halliburton Energy Services, Inc. where he supported Halliburton’s software division and its downhole division, which included the logging, directional drilling and drill bit business units.
Tom attended undergraduate school at the University of Texas, graduate school at Michigan State University and law school at the University of Michigan.
Tom writes and speaks nationally and internationally on a wide variety of topics, ranging from FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.
Thomas Fox can be contacted via email at email@example.com or through his website www.tfoxlaw.com.
Follow this link to see all of his articles.