Introduction
This checklist suggests steps to take to embed procedures relating to donations within your organisation. It is aimed at in-house lawyers and compliance professionals in organisations of all sizes and all sectors in the UK.
Under the Bribery Act 2010 (BA 2010), it is an offence to pay or receive a bribe, and companies and partnerships will also commit an offence where a bribe is paid on their behalf. In order to reduce the risk that a BA 2010 offence is committed, risk management procedural controls enabling the identification and prevention of anti-bribery and corruption (ABC) need to be implemented and embedded within your organisation as part of an ABC compliance framework (ABC Framework).
This charitable and political donations (CPD) checklist can be incorporated as part of an overall risk management framework, forming part of your organisation’s code of conduct or as part of your standalone ABC Framework.
The checklist addresses the following steps:
- Assess business risks
- Draft a CPD policy and a procedure to implement it
- Embed a CPD donation procedural control
- Monitoring and ongoing governance and compliance requirements
The checklist is presented as a list of requirements that you can tick off as they are addressed. At the end of the document there are explanatory notes, and specific notes corresponding to the relevant step in the checklist. There are also example precedents of a charity and political donation record.
The checklist can be used in conjunction with How-to guides: Understanding the Bribery Act 2010 offences, Understanding penalties for breach of the Bribery Act 2010, How to prevent bribery and corruption in your organisation and How to identify and assess bribery and corruption risk; as well as the Checklists: Anti-bribery and corruption procedures, Anti-bribery and corruption risk assessment and Gifts and Hospitality.
Step 1 – Assess business risks
| No. | Task name |
| 1.1 | Identify internal and external sources of information about risks |
| 1.2 | Consider whether your business operates in the public sector |
| 1.3 | Identify and consider the risks as they relate to different departments within your organisation |
| 1.4 | Consider the risk factor of countries where your organisation does business |
| 1.5 | Consider the overall risk factors of the sector(s) in which your business operates |
| 1.6 | Consider how business opportunities and partnerships generally arise |
Step 2 – Draft a CPD policy and procedure to implement
| No. | Task name |
| 2.1 | Decide where your organisation’s CPD policy will be located |
| 2.2 | After reviewing the BA 2010, prepare to draft your CPD policy |
| 2.3 | Decide on a CPD monetary threshold |
| 2.4 | Consider over limit pre-approval |
| 2.5 | Consider approval routes |
| 2.6 | Define the terms |
| 2.7 | Define absolute prohibited CPD activities |
| 2.8 | Ensure the wording and length and complexity of the policy are appropriate |
| 2.9 | Provide guidance on CPD application |
| 2.10 | State how the policy will be enforced |
| 2.11 | Keep a version control tracking record |
| 2.12 | Test the draft policy |
| 2.13 | Finalise the policy |
| 2.14 | Ratify the policy |
| 2.15 | Draft and agree a practical route map to communicate the policy |
| 2.16 | Prepare a formal statement for top-level management to communicate the policy to the organisation |
| 2.17 | Use targeted communications of the policy and permanent signposts for the policy |
| 2.18 | Provide staff and business with tailored training on the policy |
Step 3 – Embed a CPD donation procedural control
| No. | Task name |
| 3.1 | Review disciplinary procedures |
| 3.2 | Review third-party contracts and ensure CPD policies are included |
| 3.3 | Locate critical accounting activities and invoicing arrangements |
| 3.4 | Consider approval controls via manual or automated systems |
| 3.5 | Consider guidance for approvers |
| 3.6 | Establish a road map to embed CPD procedures |
| 3.7 | Design a manual or automated monitoring system for collating and reporting management information data |
| 3.8 | Implement version control tracking |
| 3.9 | Test your CPD procedures |
| 3.10 | Finalise your CPD procedures |
| 3.11 | Ratify your CPD procedures |
| 3.12 | Educate staff on risks |
Step 4 – Monitoring and ongoing governance and compliance requirements
| No. | Task name |
| 4.1 | Review the CPD policy and procedures regularly |
| 4.2 | Consider robust enforcement of CPD procedures |
| 4.3 | Document actions taken when misconduct is identified |
| 4.4 | Monitor industry developments |
| 4.5 | Provide information on incidents to top-level management |
| 4.6 | Consider different types of data to monitor |
| 4.7 | Ensure transparent engagement with internal or external auditors |
| 4.8 | Continuous commitment by top-level management needs to be demonstrated |
| 4.9 | Survey staff to ensure understanding |
Explanatory notes
General notes
This checklist is to assist your organisation in its approach to charitable and political donations with the aim of preventing bribery offences. It will be incorporated as part of your organisation’s ABC Programme.
Charitable and political donations can be perceived to be bribes in disguise and indicate a higher risk of bribery and corruption. Many organisations provide charitable support to communities. However, there is an inherent risk that donations may be used for the purposes of bribery. Your ABC procedures therefore need to identify bribery risk in relation to donations.
Your organisation’s due diligence procedures need to be designed to address bribes disguised as charitable donations. Practical examples of bribery risk include those circumstances when a charity is not legitimate or when a donation is given to a legitimate charity, but for the purpose of improperly influencing a supporter or director of that charity.
Notes on specific requirements
Step 1 – Assessing business risks
Step 1 of the checklist considers the results obtained from a risk assessment and can help you give further detailed consideration to the actions that will be taken to identify, manage and prevent BA 2010 risk in relation to CPD.
1.1 Identify internal and external sources of information about risks
Identify the available internal and external information sources to be gathered to enable each key risk to be identified, analysed and assessed. Sources may be individuals, invoices, databases of non-standard contracts or terms of business, vendor lists, customer records, whistleblower reports, findings from investigations, audit findings etc.
1.2 Consider whether your business operates in the public sector
Your ABC risk assessment will need to consider dealings with business partners and foreign public officials and, in particular, charitable and political donations. This will include any connections a charity might have with a relevant foreign official. Government officials are typically employees of national, regional, international or local government. They can include employees of companies owned or controlled by national, regional or local government as well as members of government (MPs, ministers, councillors etc).
Adopting procedural controls about the selection of charitable projects or initiatives will be informed by your ABC risk assessment.
For global organisations, you should consider The Corruption Perception Index issued by Transparency International that provides risks and scores for jurisdictions by their perceived levels of public sector corruption.
1.3 Identify and consider the risks as they relate to different departments within your organisation
Consider the risk factors in relation to CPD (eg, are certain business units or departments more exposed to the risk of providing or receiving a bribe in the form of CPD – for instance, those staff working in public sector sales?).
1.4 Consider the risk factors of countries where your organisation does business
For this task, consider Transparency International’s guidance on the risk factor of the country. Your organisation will need to be sensitive to local customs and avoid creating any impression of offence. Different cultural practices may pose questions around compliance, your human resources and/or compliance team within your organisation may be best placed to advise on and record any agreed donation exceptions.
If charitable donations are routinely channelled through government officials or to others at an official’s request, a red flag should be raised.
Since practices on contributions to political parties vary widely around the world, your organisation needs to identify this risk in its ABC Risk Assessment. In practice, your ABC Programme will be designed to identify and mitigate the bribery risks that political donations may be (or may be perceived to be made) contrary to section 1 or section 6 of the BA 2010, ie, in order to:
- improperly influence action;
- obtain business; or
- any other commercial advantage.
Heightened due diligence should be applied where the contribution is solicited, particularly by a public official.
1.5 Consider the overall risk factors of the sector(s) in which your business operates
Consider the risk factors in relation to CPD and your sector (eg, certain business units or departments working in a regulated sector will have more interaction with government departments and may be more exposed to the risk of providing or receiving a bribe in the form of CPD).
1.6 Consider how business opportunities and partnerships generally arise
Consider the risk factors in relation to CPD and business opportunities (eg, are certain business units or departments interacting with a public body and hence more exposed to the risk of providing or receiving a bribe in the form of CPD?).
Consider the risk factors in relation to CPD and business partnerships (eg, are certain business units or departments more exposed to the risk of providing or receiving a bribe in the form of CPD, for instance those staff developing business opportunities in the regulated sectors?).
Step 2 - Drafting a CPD policy and a procedure to implement
Step 2 of the checklist is a list of items to be used when considering the content of a CPD policy or updating an existing policy.
2.1 Decide where your organisation’s CPD policy will be located
Consider whether to have your CPD policy as a standalone document, or whether to incorporate it into a wider code of conduct, an ethics policy, a compliance manual or an employee handbook.
2.2 After reviewing the BA 2010, prepare to draft your CPD policy
Your CPD policy must clearly articulate your organisation’s commitment to bribery prevention. It will ensure that your organisation:
- complies with its legal responsibilities;
- is able to demonstrate effective management and accountability;
- provides clear conduct expectations guidance for staff; and
- clearly establishes its beliefs, positions or values.
The CPD policy statement needs to commit to transparent, proportionate, reasonable and bona fide donation expenditure. This will be appropriate to the level of risk identified in your organisation. The CPD policy needs to include procedures that apply to the provision of donation expenditure. This means procedures will be designed to seek to ensure transparency and conformity with any relevant laws and codes applying to:
- your organisation; and
- foreign public officials.
2.3 Decide on a CPD monetary threshold
Your organisation will need to decide whether it will operate monetary thresholds (rather than a total prohibition). If monetary thresholds are decided upon, proportionate values need to be agreed after taking into consideration what would be deemed a reasonable amount. For instance, this might be GBP50 per donation (subject to an overall annual limit on the number of donations).
2.4 Consider over limit pre-approval
If your organisation decides to use monetary thresholds, you need to assess whether you will need pre-acceptance or post-acceptance of donations controls for CPD above the threshold.
2.5 Consider approval routes
You need to consider routes to follow for approval of donations. In the course of business, your organisation may want staff to seek pre-approval from their line manager before providing donations above a given threshold.
Approval requests could be recorded centrally and locally (eg, on the individual’s personnel compliance record). The organisation’s risk assessment might determine that expenditure over certain limits requires further approval by appropriate senior level management.
You will also need to determine what guidance approvers will need to follow. For instance, a request for CPD should be at a level where the recipient will not be given the impression that they are under an obligation to confer any business advantage. Likewise, the CPD should not be at a level that would be deemed to impact the recipient’s independence.
The value amount to be recorded should include all associated costs for the CPD, eg, travel, accommodation.
2.6 Define the terms
Defining the terms will make the objectives of your CPD policy clear to those expected to draft instructional procedures to implement it. By way of example, the CPD policy will determine whether charitable donations above a certain monetary threshold are prohibited. It will also include key definitions, such as:
- charitable donations – defined to include giving a financial donation, equipment and/or employees’ voluntary time for the benefit of a charity or non-profit organisation; and
- political donations – defined as the giving or providing, directly or indirectly, of cash, venues, equipment, personnel time or other benefit to a political party, or to an individual who is standing for elected office, or to an individual or organisation who is nominated by or connected to a candidate for office, a political party or a member of a political party.
In the UK, the Companies Act 2006 also controls political donations made by companies. This includes ensuring that when donations are made they do not benefit a particular political official.
2.7 Define absolutely prohibited CPD activities
You need to list the types of donations that are prohibited by your organisation (for example, this might include all political donations).
2.8 Ensure the wording and length and complexity of the policy are appropriate
Consider tailoring this to align with different areas of your organisation. For instance, the risks identified in your ABC Risk Assessment may indicate that certain business units or departments will require more detailed guidance (eg, because the risk level means that they should be subject to pre-approval requests).
2.9 Provide guidance on CPD application
Your policy will be more effective if it contains guidance on practical scenarios. For example: what should I do if I don’t know what the rules are for political donations to a public official in a foreign country? The instruction might be to seek assistance from your compliance or legal department before giving any donations.
2.10 State how the policy will be enforced
The CPD policy should be enforced through disciplinary action (see Checklist: Carrying out a disciplinary process). This means you will need to describe the types of conduct viewed as unacceptable and not permitted by individuals (eg, giving donations) along with the penalties for breaching internal policy (eg, disciplinary action) and the law (eg, imprisonment and fines).
2.11 Keep a version control tracking record
Version control is a key part of your policy documentation housekeeping. Updates, amendments, and annual reviews of the CPD policy will then be transparent and easy to retrieve. This will also assist you in the event of an internal or external request for historical information or previous versions of the policy.
2.12 Test the draft policy
Ask someone who was not involved in drafting the policy to read it and confirm it is clear and understandable. This might be someone who will need to follow the CPD policy in practice or it might be an individual from your assurance or audit department.
2.13 Finalise the policy
You will need to determine who will finalise your CPD policy. As a practical point, it is important that all relevant stakeholders (eg, senior management responsible for ABC risk) agree its contents.
2.14 Ratify the policy
You will need to decide who will ratify your CPD policy. Because this is a strategic policy issue it should be approved by top-level management, who are responsible for all policies and procedures within your organisation.
2.15 Draft and agree a practical route map to communicate the policy
The easiest way to get this task done is to send a copy of the policy (or the link to a copy) to staff via email. You could print and distribute hard copies too so that the policy can be accessed manually and/or make a copy available on an intranet. Members of your organisation who are subject to the CPD policy should indicate that they have read and understood it. It is a good idea to include it as part of your organisation’s compliance manual or staff handbook.
2.16 Prepare a formal statement for top-level management to communicate the policy to the organisation
This task is most effective if tailored to different audiences and made generally available (on an intranet and/or internet site) and refreshed periodically. As a guide, it is advisable to adopt an internal communication plan to ensure that any CPD relationships are conducted in a transparent and open manner and do not raise any expectation of the award of a contract or licence.
2.17 Use targeted communications of the policy and permanent signposts for the policy
Wherever appropriate, include hyperlink signposts and cross references to the CPD policy so that it is easily accessible to business and support staff.
2.18 Provide staff and business with tailored training on the policy
This is part of the process for ensuring effective implementation of the CPD policy. Training should be tailored to each area of the business based on the level of risk identified and using practical examples relevant to business activities. Higher risk areas should be prioritised.
Step 3 – Embed a CPD donation procedural control
Step 3 sets out practical steps which your organisation should consider as part of its overall management strategy and looks at specific actions to take and consider in controlling and managing against BA 2010 risk.
3.1 Review disciplinary procedures
Consider ensuring compliance with your organisation’s internal policies and procedures by making them a contractual requirement that can be enforced (for example, through disciplinary procedures). Ensure your relevant policies state failure to comply may result in disciplinary action.
3.2 Review third-party contracts and ensure CPD policies are included
If you have decided to require third parties to adopt an equivalent CPD control it may be necessary to require an audit for assurance purposes (depending on the risk assigned). Ensure contracts are well written and ensure all third party personnel are conformed to the CPD controls.
3.3 Locate critical accounting activities and invoicing arrangements
Consider procedural controls and/or tailored training so that staff with oversight in this area can identify unapproved payments for CPD. Ideally, it is best practice to send financial donations via bank transfer, so there is a clear audit trail of the sender and recipient. There should also be a receipt for the donated transaction. All donations should be accurately recorded.
3.4 Consider approval controls via manual or automated systems
This task will depend on the size of your organisation and the available budget. Automated controls require careful consideration at design implementation stages for effectiveness. This also requires regular auditing and testing to ensure it is working.
3.5 Consider guidance for approvers
For instance, what should line managers and compliance department individuals consider when deciding whether to approve or decline. Under this task, in those cases where your organisation wishes to make a donation to a charity or political organisation, it should identify who is best placed to carry out the following list of due diligence checks:
- ascertain the registered charity number;
- conduct a conflict check, to ascertain if your organisation is conducting any business that conflicts with the purposes of the charity;
- an open-source check through the internet to ascertain whether there have been any scandals or concerns with the charity or political organisation (such as misappropriated funds that are not being used for the purposes of the charity or allegations of money laundering);
- initial screening of staff members and board members within the charity;
- consider whether a third party should be engaged to run the checks on your behalf;
- record accurately within your organisation’s record of donations, the details of donations made to charities and political parties;
- human rights and sanctions check of the country in which the charity is based. For instance, what assurances have been made or will be made in relation to the donated funds or items not being diverted to corrupt officials or other organisations;
- check the charity’s UK Companies House records;
- is the proposed recipient (or is any employee, officer, director, or other individual affiliated with the recipient) a present or former public official, a close relative of a relevant public official, or someone in the public or private sector who can influence your organisation’s business?
- did anyone external to your organisation, including any public official, recommend, solicit or endorse a proposed grant in an improper manner?
- will anyone such as a public official (who can influence your organisation’s business or close relative of a relevant public official) benefit disproportionately?
- does the donation fit within your organisation’s CPD policy?
- if applicable, has the top-level management of your organisation given approval for the donation in line with your organisation’s voting rights?
Guidance should also include any industry relevant information on CPD controls. Each business sector should conform to its own industry regulations and guidance.
3.6 Establish a road map to embed CPD procedures
Establish a written project plan and timeline to enable your organisation to embed any CPD procedural controls. This will include bespoke training (on CPD procedures, how to spot red flags, where to escalate concerns etc). The project plan needs to identify ‘milestones’ such as:
- gaps identified;
- procedures drafted;
- procedures finalised;
- training rolled out to all employees;
- collection of management information designed; and
- independent reviews scheduled (such as monitoring or audit assessments).
Consider how your CPD policy will be applied to individual projects or functions in your organisation.
3.7 Design a manual or automated monitoring system for collating and reporting management information data
An accurate record of all political and charitable donations should be made. Your organisation will need to design a manual or automated monitoring system for collating and reporting relevant management information data that correlates with risk. This information should be recorded centrally.
3.8 Implement version control tracking
This task is a key part of your documentation housekeeping. Regular updates, amendments and annual reviews of your CPD procedures need to be scheduled and recorded. This will also assist you in the event of an internal or external request for historical information or previous versions.
3.9 Test your CPD procedures
Your organisation can do this in-house by way of monitoring or auditing or outsource this service to a specialist professional adviser, depending on the complexity of the controls you are testing.
3.10 Finalise your CPD procedures
All relevant stakeholders will need to approve the CPD procedural controls.
3.11 Ratify your CPD procedures
Ratification is when the CPD procedural control has been endorsed by the senior management team and becomes a ‘live’ document.
3.12 Educate staff on risks
Your organisation’s training will need to be tailored, eg, top-level management and staff in business development, finance and human resources etc will need to know how to spot potential BA 2010 red flags.
This task will result in appropriate training and supervision being provided to staff. E-learning or in-person training should be offered to all employees to ensure they are aware of what is expected of them in terms of CPD and the implications in relation to bribery and corruption.
Staff may receive tailored training to suit their roles within their relevant functions. This can be best achieved using each function’s risk.
A record of attendance at the training by those employees identified with a relevant KRI will assist in providing assurance of compliance by the employees. You should ensure that CPD training is embedded in your induction and onboarding procedures.
Step 4 – Monitoring and ongoing governance and compliance requirements
Step 4 of the checklist considers how to respond to and manage the practical business-as-usual aspects of CPD risks. The task list considers steps to take in respect of maintaining an up-to-date ABC Programme.
4.1 Review the CPD policy and procedures regularly
To ensure that policies and procedures are kept up to date, taking into account the law, best practices and risk, a review of the CPD policy and procedures should be carried out at least annually and/or when circumstances change (for example, if your organisation merges with another).
4.2 Consider robust enforcement of CPD procedures
You may need to amend your organisation’s third-party contracts and practices to ensure ongoing robust enforcement. You should also consider adequate measures through appropriate escalation channels or contractual arrangements (for example, amending job descriptions and third-party terms of engagement).
4.3 Document actions taken when misconduct is identified
This task includes disciplinary action and remediation. Use this information to educate and understand how lessons can be learned. Bribery risks that are regularly identified may require you to review the areas of your ABC Programme relating to charitable donations.
4.4 Monitor industry developments
Draw on information from other organisations’ practices, for example relevant trade bodies or regulators might highlight examples of good or bad practice in their publications. In addition to regular monitoring, you might monitor governmental changes in countries in which you operate, an incident of bribery or negative press reports.
4.5 Provide information on incidents to top-level management
Provide information on the oversight of procedures, levels of compliance and incidents along with the provision of feedback. Ideally, this information should be reviewed at board level or by the relevant board committee (eg risk or audit committee). It should include:
- periodic management information (eg, every quarter);
- relevant analysis (eg, internal audit findings); and
- commentary on BA 2010 risks (eg, information on breaches or the findings of internal investigations).
4.6 Consider different types of data to monitor
This could include information on how often your CPD policy is viewed online and which business area or department views it most often. You should also consider this in reverse, to check which functions should be viewing it more regularly and are not doing so.
4.7 Ensure transparent engagement with internal or external auditors
Ensure transparent engagement with internal or external auditors so that lessons can be learned. The CPD record (see suggested precedent below) should be completed in sufficient detail so it can be understood by an independent third party, ie, use names and job titles rather than initials.
4.8 Continuous commitment by top-level management needs to be demonstrated
For instance, if appropriate consider top-level management engagement with relevant associated persons and external bodies, such as sectoral organisations and the media, to help articulate your organisation’s policies and commitment to the BA 2010.
4.9 Survey staff to ensure understanding
Your organisation’s communications on expectations on standards of conduct need to be socialised and understood. This message must come directly from top-level management. A sample survey of staff can help you understand whether the message from the top of your organisation is clear and unambiguous or whether further action or communications are required.
Example: Charity donation record
This is a suggested precedent for a CPD record which you could adapt and use for monitoring charity donations in your organisation.
| Charity name | Registered charity number | Description of donation, eg, money, venue, equipment | Monetary value of donation | Due diligence checks conducted | Approval | Record of receipt |
Example: Political donation record
This is a suggested precedent for a CPD record which you could adapt and use for monitoring political donations in your organisation.
| Political party or political organisation | Donor’s name | Details of conflict check conducted | Description of donation | Monetary value of donation | Approval | Record of receipt |
Additional resources
It is important to continuously stay abreast of developments and to add to and update your checklist as needed. In respect of the BA 2010 there are several anti-bribery and corruption website resources to draw on including:
- The UK government’s quick start guidance on the BA 2010 is here
- The UK government’s guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing is here
- The Serious Fraud Office
- The Department for International Trade
- The Organisation for Economic Co-operation and Development
- Transparency International
Related Lexology Pro content
How-to guides:
Understanding the Bribery Act 2010 offences
Understanding penalties for breach of the Bribery Act 2010
How to identify and assess bribery and corruption risk
How to conduct an internal investigation into bribery allegations
How to prevent bribery and corruption
Checklists:
Anti-bribery and corruption risk assessment
Anti-bribery and corruption procedures
Gifts and hospitality
Conducting third party due diligence and managing third party bribery risk
Reliance on information posted:
While we use reasonable endeavours to provide up to date and relevant materials, the materials posted on our site are not intended to amount to advice on which reliance should be placed. They may not reflect recent changes in the law and are not intended to constitute a definitive or complete statement of the law. You may use them to stay up to date with legal developments but you should not use them for transactions or legal advice and you should carry out your own research. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.