Organisations need to be aware of the Bribery Act 2010, which comes into effect on 1 July 2011. This new law does several things:
- It tidies up the existing common and statutory law offences of taking and receiving bribes;
- It introduces a new offence of bribing a foreign official;
- Most interestingly of all for organisations, it also introduces a new offence for ‘commercial organisations’ which fail to prevent bribery.
This has of course been seen as the latest cash cow by corporate lawyers: scare the clients witless, charge a large fee for some straightforward measures, client can sleep again, happiness prevails once more.
A commercial organisation is widely defined by the Act. Most charities and educational institutions would be covered for example, as well as more obvious examples. Partnerships and other forms of ownership are also included. Nor does it matter where the bribe is offered, as long as the organisation itself is based in the UK. And the person offering the bribe on behalf of the organisation only needs to be ‘associated’ with it, so an agent would be caught by this. An ‘associate’ is anybody providing services for, or on behalf of, the organisation. The Act specifically mentions employees, agents and subsidiaries.
There is a defence for the organisation if it has ‘adequate’ procedures in place to prevent its associates from offering bribes. Such is the importance of this defence that the government was obliged by the Act to publish statutory ‘guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing’ (surely a leading nomination for catchy title of the year!). The Guidance has been out for a few months now, and is accompanied by a Quick Start Guide. The Quick Start Guide is the best starting point, and will be sufficient for many organisations trading in a low-risk environment.
Both publications set out six principles on which ‘adequate procedures’ should be based. They are:
- Proportionality – there’s no need to overdo it;
- Top level commitment – but the bosses do need to show the way;
- Risk Assessment – target your vulnerable areas;
- Due Diligence – check your riskier areas;
- Communication – this includes training relevant staff and whistle-blowing;
- Monitor and review – don’t just forget it, build regular checks into your procedures if the risk warrants it.
The ‘adequacy’ of procedures is judged on the balance of probability. High Risk areas are likely to include overseas work, and the guidance recommends that simple checks can be undertaken with UKTI (UK Trade Investment, the government department charged with promoting international trade), simple web searches, taking up references and checking CVs. It may also be helpful to review financial statements of agents and representatives. There is “No need for extensive written documentation or policies” in many cases according to the guidance, as long as managers are fully aware and committed, and it’s not necessary to employer consultants or lawyers to comply with the new law.
The guidance categorises external risks into five broad groups:
- Country risk – some countries are much riskier than others, especially those which lack effective anti-bribery legislation;
- Sectoral risk – higher risks are associated with the extractive industries and large scale infrastructure for example;
- Transation risk – look out for charitable or political contributions and anything related to licences, permits or public procurement;
- Business opportunity risk – high value projects, lots of contractors and intermediaries, lack of clear legitimate objectives, non-market pricing;
- Business partnership risk – the use of intermediaries in dealing with foreign public officials. Joint ventures can also be questionable
Internal risks can arise from:
- Shortfalls in employee training, skills or knowledge;
- Excessive rewards for risk taking through bonuses for example;
- Unclear procedures for hospitality and promotional expenditure, or political and charitable donations;
- Inadequate financial controls;
- Lack of clear commitment from top level management.
Clearly companies and other organisations need to consider the new law carefully and make sure senior staff are aware of it.
What needs to be done? Clearly one approach is to engage consultants to review the organisation step by step but this is likely to be expensive and disproportionate for many organisations. An effective approach could be through some well designed internal training. Key staff would learn about the new requirements and use the time together to review their risks and develop suitable approaches, with the outcome of a day or half-day session consisting of heightened awareness of the new law, and a documented review of the suitability of existing procedures to satisfy its requirements. Structured suitably, this would then also enable senior staff to cascade the message to their junior colleagues.