How-to guide: How to prevent bribery and corruption (UK)

Introduction

This How-to guide proposes steps to take to support the systematic prevention of bribery and corruption within your organisation. It is aimed at in-house lawyers and compliance professionals in organisations of all sizes and all sectors in the UK.

Under the Bribery Act 2010 (BA 2010), it is an offence to pay or receive a bribe, and companies and partnerships will also commit an offence where a bribe is paid on their behalf. A key part of any bribery prevention exercise involves identifying, managing, designing and embedding controls that correlate to the risks arising from BA 2010 activities within your organisation.

This How-to guide incorporates practical tips, examples and guidance on the prevention of bribery and corruption.

This guide covers the following:

1. Overview of anti-bribery policies and procedures
2. ABC Framework
3. Procedures
4. Data monitoring and management information

It can be used in conjunction with How-to guides: Understanding the Bribery Act 2010 offences, Understanding penalties for breach of the Bribery Act 2010 and How to identify and assess bribery and corruption risk and Checklist: Anti-bribery and corruption procedures.

Section 1 – Overview of anti-bribery policies and procedures

1.1 Why are anti-bribery policies and procedures important?

The BA 2010 creates four offences:

• bribing another person (Section 1 offence or active bribery);
• being bribed (Section 2 offence or passive bribery);
• bribery of a foreign public official (Section 6 offence or bribing a foreign public official); and
• failure by a commercial organisation to prevent bribery by associated persons. These are persons providing services for or on behalf of your organisation and includes employees as well as contractors or intermediaries (Section 7 offence or failure to prevent).

The BA 2010 offers strong disincentives for individuals and corporations for non-compliance. Maximum penalties upon conviction are:

• a term of imprisonment not exceeding 10 years for individuals; and/or
• an unlimited fine for unlawful activity by individuals and commercial organisations, or both.

Having an effective anti-bribery and corruption compliance framework (ABC Framework) in place which consists of policies and procedures will help to mitigate the risk that bribes are offered or accepted by your organisation.

It is a defence to the section 7 BA 2010 offence of failure of a commercial organisation to prevent bribery that the organisation had in place adequate procedures designed to prevent associated persons from bribing. In order to establish such a defence, the organisation would need to show that on the balance of probabilities (ie, it is more likely than not) that it had adequate procedures in place to prevent bribery by associated persons.

In addition, the effectiveness of a compliance programme may be of relevance:

• for the Serious Fraud Office (SFO) in considering whether a prosecution is in the public interest;
• for the SFO in considering whether it might be appropriate to invite the organisation into negotiations of a deferred prosecution agreement; and
• in sentencing considerations

1.2 Who is responsible for compliance?

Your organisation’s ABC Framework is ultimately the responsibility of top-level management, who need to be committed to preventing bribery by persons associated with it. In practice, this means they need to demonstrate they are committed to fostering a culture within your organisation in which bribery is never acceptable.

Top-level management’s role in bribery prevention includes, among other things:

• responsibility for challenging the validity of the ABC Risk Assessment;
• specific involvement in high-profile and critical decision-making; and
• the selection and training of senior managers to lead the ABC Framework (the ABC Programme needs to be overseen by senior management, administered by individuals with sufficient authority, expertise and resources, and endorsed by the board of directors or equivalent body).

Section 2 – ABC Framework

Your ABC Framework is a framework of internal systems and controls put in place to ensure your organisation and its staff comply with legal requirements and internal policies and procedures.

Your ABC Framework may be a standalone compliance framework, or it may be incorporated within a wider risk management and compliance framework designed to address a range of different risks (such as competition law, data protection or sanctions risks).

2.1 Guidance

The Ministry of Justice has published Guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing (Guidance) which sets out six guiding principles (Six Principles). Although the Guidance specifically addresses procedures in relation to the adequate procedures defence to the section 7 offence, according to the SFO the principles set out in the guidance 'represent a good general framework for assessing compliance programmes'.

The Six Principles are intended to be flexible, and outcome focussed, allowing for the huge variety of circumstances that commercial organisations find themselves in. Accordingly, the detail of how organisations might apply the Six Principles, taken as a whole, vary. However, the aim in considering the Six Principles is the same - to design an ABC Framework that has adequate procedures to prevent bribery. The Six Principles in general terms are as set out below.

2.1.1 Principle 1 - Proportionate procedures

Procedures should be proportionate to the bribery risks an organisation faces and to the nature, scale and complexity of the commercial organisation’s activities. Procedures should also be clear, practical, accessible, effectively implemented and enforced.

2.1.2 Principle 2 – Top-level commitment

The top-level management of a commercial organisation should be committed to preventing bribery. Top-level management should foster a culture within the organisation in which bribery is never acceptable.

2.1.3 Principle 3 – Risk assessment

Commercial organisations should assess the nature and extent of their exposure to potential external and internal risks of bribery. The assessment should be periodic, informed and documented.

For further guidance see How-to-Guide: How to identify and assess bribery and corruption risk.

2.1.4 Principle 4 – Due diligence

Due diligence procedures should be applied, taking a proportionate and risk-based approach, in order to mitigate identified bribery risks.

2.1.5 Principle 5 – Communication

Commercial organisations should seek to ensure that their bribery prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication, including training, that is proportionate to the risks they face.

2.1.6 Principle 6 – Monitoring and review

Commercial organisations should monitor and review procedures designed to prevent bribery and make improvements where necessary.

Section 3 – Procedures

3.1 Proportionate procedures

The ABC procedures put in place by your organisation to prevent bribery risk will need to be informed by your ABC Risk Assessment. Once risks have been identified and assessed, proportionate risk-based policies and procedures can be put in place to mitigate those risks.

For further guidance see How-to guide: How to identify and assess bribery and corruption risk.

Policies and procedures will be a keystone of your ABC Framework. These will set out to employees, in writing, what your organisation’s expectations are around compliance, they offer employees a point of reference if they are in any doubt as to what to do and they provide evidence of a commitment to compliance.

3.1.1 Policies

As noted above, policies should be tailored to the activities and risks relevant to your organisation. Therefore, whilst it is not possible to provide an exhaustive list of the topics that might or should be covered by anti-bribery policies, the following are matters which might be covered by an organisation’s anti-bribery policies:

• a statement setting out the organisation’s commitment to preventing bribery – this could take the form of a signed statement from the CEO;
• scope of the policy setting out to whom the policy applies;
• obligations on or expectations of employees – it may be helpful to refer to obligations imposed by either employment contracts or other standards, such as a company code of conduct;
• a summary of what kinds of bribery activities are prohibited by the Bribery Act;
• general and easy to understand dos and don’ts;
• an explanation of the organisation’s general approach to the mitigation of specific bribery risks, such as those arising from the conduct of intermediaries and agents, or those associated with hospitality and promotional expenditure, facilitation payments or political and charitable donations or contributions; and
• a statement regarding the organisation’s commitment to a speak-up culture and details of how to report concerns or suspicions of misconduct.

These sort of matters within a compliance policy may be augmented and supported by other policies such as:

• document retention policy/IT policy – in the event of an investigation or a need to conduct an internal investigation there are likely to be benefits to the organisation in being able to locate and possibly produce correspondence and documents to the authorities; and
• reporting policy – this may cover:
  • the type of concerns that could be raised;
  • when concerns should be raised;
  • how to raise concerns;
  • what will happen to reports made – how they are dealt with and what further action to expect;
  • confidentiality;
  • any legal issues; and
  • who is responsible for the policy.

3.1.2 Procedures

As with policies, the types of procedures that might be put into place by an organisation will vary depending on the risks faced. The types of procedures that might need to be put in place may include:

• due diligence for existing or prospective associated persons;
• measures to mitigate risk relating to associated persons, such as the use of standard contractual terms;
• the provision of gifts, hospitality and promotional expenditure;
• the provision of charitable and political donations;
• demands for facilitation payments;
• financial and commercial controls such as adequate bookkeeping, auditing and approval of expenditure;
• transparency of transactions and disclosure of information;
• procedures around decision making, such as delegation of authority procedures, separation of functions and the avoidance of conflicts of interest;
• enforcement measures including discipline processes and sanctions for breaches of the organisation’s anti-bribery rules;
• reporting of bribery including ‘speak up’ or ‘whistle blowing’ procedures; and
• processes for monitoring, review and evaluation of bribery prevention procedures.

3.2 Due diligence

Due diligence is a key procedure for your organisation to manage bribery risks relating to associated persons, ie persons who perform or will perform services for or on behalf of the organisation.

Due diligence may take the form of direct interrogative enquiries with the proposed associated person, indirect investigations or general research.

The Guidance acknowledges that 'the appropriate level of due diligence to prevent bribery will vary enormously depending on the risks arising from the particular relationship. So, for example, the appropriate level of due diligence required by a commercial organisation when contracting for the performance of information technology services may be low, to reflect low risks of bribery on its behalf. In contrast, an organisation that is selecting an intermediary to assist in establishing a business in foreign markets will typically require a much higher level of due diligence to mitigate the risks of bribery on its behalf'.

Appraisal and continued monitoring of recruited or engaged associated persons in accordance may also be merited, proportionate to the identified risks.

A useful resource has been produced by the Wolfsberg Group. It is designed to provide guidance to the financial services industry, but it contains principles that can be applied to other sectors. The following non-exhaustive list of corruption red flags may indicate that enhanced due diligence may be required in respect of proposed associated persons:

• little to no relevant experience regarding the services to be provided;
• flawed background or reputation (including, for example, prior corruption or a negative reputation for integrity);
• recent senior public official of the same government department or business responsible for the award of the contract or matter at issue or who worked in a procurement or decision-making position;
• transaction or intermediary suggested by a public official, particularly one connected to the business or matter at issue;
• close business, personal or family relationship with a public official who has discretionary authority over the business or transaction at issue;
• party to a transaction or contract makes unreasonable/unsupported objections to ABC due diligence or representations or warranties being included in the agreement;
• party does not reside or have a significant business presence in the country where the service is to be provided;
• use of a shell company or some other non-transparent corporate structure;
• requires payment of a commission, or a significant portion thereof, before or immediately upon award of the contract;
• requests for unusual contract terms;
• requests for payment in cash, advance payments, payment to an individual or entity that is not the contracting individual/entity, or payment into a country that is not the contracting individual/entity's principal place of business or the country where the services are performed;
• anticipates payments that cannot plausibly be commercially justified vis-à-vis the role undertaken;
• adjustment of remuneration demand during the course of the engagement, particularly in close proximity to the award of business;
• vague or unsupported bookkeeping; or
• heavy reliance on cash.

3.3 Communication

3.3.1 Internal and external communication

Internal and external communication ensures that bribery prevention policies and procedures are embedded and understood throughout the organisation.

Internal communication should convey the tone from the top of the organisation, address the implementation of the organisation’s policies and procedures and how these impact on employees and what employees’ obligations are (including around internal reporting of suspected misconduct).

External communication demonstrates your organisation’s commitment to prevention of bribery to a wide range of stakeholders. Such external communication may, for example, be in the form of publication of your organisation’s code of conduct or anti-bribery policy on your organisation’s website

3.3.2 Training

Your staff should fully understand your organisation’s expectations. Your ABC Framework should include methods to ensure staff receive appropriate training on:

• what the Bribery Act covers and how to comply with it;
• how to comply with your organisation’s policies, controls and procedures; and
• what to do if further guidance is required or if misconduct is suspected.

To ensure that training is effective, consideration should be given to who should undergo training (this may include not just employees but also persons associated with your organisation) and the content and presentation of the training to ensure that those participating in training receive training that is tailored to the risks they are exposed to.

3.4 Monitoring and review

To ensure the continued effectiveness of your organisation’s anti-bribery procedures, your organisation should conduct regular monitoring and review of the procedures it has in place. Whenever there is a change to the risks identified through your organisation’s risk assessment or other risk monitoring systems then consideration should be given as to whether consequent changes are required to your policies, controls and procedures.

Further interrogation or investigation of conduct or procedures by the senior management team responsible for bribery risk may be prompted by the collection and collation of data to identify trends and patterns of behaviour within your organisation (eg sales volumes, gifts and hospitality spending etc). The ongoing monitoring of data may provide top-level management with:

• periodic management information (eg every quarter);
• relevant analysis (eg internal audit findings); and
• commentary on ABC risks (eg information on breaches or the findings of internal investigations).

Staff surveys, questionnaires and feedback provided after training can also provide an important source of data monitoring for management information on bribery prevention and its effectiveness. It is an additional tool by which staff and other associated persons can inform you on the continuing improvement of your ABC Framework.

Benchmarking with peers in a similar sector or those with existing operations in a new market can provide valuable insights into the processes and procedures that your organisation has in place or should consider implementing. Monitoring commentary produced by trade bodies or regulators might assist by highlighting examples of good or bad practice in their publications.

Additional resources

It is important to continuously stay abreast of developments and to add to and update your risk prevention procedures as needed. In respect of the Bribery Act 2010 (BA 2010) there are several anti-bribery and corruption website resources to draw on including:

• The UK government’s quick start guidance on the BA 2010 is here
• The UK government’s guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing is here
• The Serious Fraud Office
• The Department for International Trade
• The Organisation for Economic Co-operation and Development
• Transparency International

Related Lexology Pro content

How-to guides:

Understanding the Bribery Act 2010 offences
Understanding penalties for breach of the Bribery Act 2010
How to identify and assess bribery and corruption risk
How to conduct an internal investigation into bribery allegations

Checklists:

Anti-bribery and corruption risk assessment
Anti-bribery and corruption procedures
Gifts and hospitality
Charitable and political donations
Conducting third party due diligence and managing third party bribery risk

Reliance on information posted:

While we use reasonable endeavours to provide up to date and relevant materials, the materials posted on our site are not intended to amount to advice on which reliance should be placed. They may not reflect recent changes in the law and are not intended to constitute a definitive or complete statement of the law. You may use them to stay up to date with legal developments but you should not use them for transactions or legal advice and you should carry out your own research. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.