Bribery Act 2010: guidance principles and practical implications

Sarah-Marie Williams and Rachel Cropper-Mawer of Clyde & Co LLP continue a series of articles on the Bribery Act 2010 with a look at the principles in the government guidance for setting out anti-bribery procedures and their practical implications for employers. Under the Bribery Act, an employer may be liable for acts of bribery by employees and "associated persons" who provide it with services, unless it can show that it has "adequate procedures" in place to prevent bribery. 

Introduction

The Bribery Act 2010 is due to come into force on 1 July 2011. Under the Act, it a criminal offence for an individual or a commercial organisation to offer or receive a bribe to bring about or reward the improper performance of a function or activity. Commercial organisations will be liable if they fail to prevent acts of bribery by their employees and associated persons who provide them with services. (See Bribery Act 2010: overview for more details of the Act and its scope.) As it is required to do by s.9 of the Act, the Government has published guidance (Bribery Act 2010: Guidance about commercial organisations preventing bribery (PDF format, 390K) (on the Ministry of Justice website)) about procedures that commercial organisations can put in place to prevent bribery. The guidance aims to give commercial organisations a steer as to how they should be working to prevent bribery and what the Serious Fraud Office will expect them to have done to be compliant with the law. The guidance sets out six key principles to guide and inform employers when they set out their anti-bribery procedures. This article looks at the principles and their practical implications for employers.

It is acknowledged in the guidance that small and medium-sized businesses will not necessarily need, or be able to implement, the same procedures as larger organisations. However, top-level commitment by board members and senior management to all six principles is required across all sectors. This is caveated by an expectation that changes will be made that are proportionate to each particular sector, industry and organisation.

Principle 1 - proportionate procedures

Under the first principle in the government guidance, a commercial organisation's anti-bribery procedures should be "proportionate to the bribery risks it faces" and "clear, practical, accessible, effectively implemented and enforced". "Procedures" in this context means both prevention policies, and procedures to implement those policies. The question of whether or not procedures are proportionate depends on the assessment of risk, which in turn is linked to the size of the organisation and nature and complexity of its business. Where the risk is considered to be extensive and the organisation is large, the procedures must be proportionate to this situation. Conversely, where the risk of bribery is considered minimal and the organisation is small, the procedures will not need to be as extensive. For example, on a practical level, smaller organisations may be able to convey their policies through regular oral communication with staff, whereas large organisations may need to implement their policies through extensive written communications.

The guidance makes clear that bribery prevention policies should aim to mitigate risks that have been identified and avert unethical conduct. It includes (in para.1.7) a non-exhaustive list of potential topics that organisations should consider when putting together their procedures, including:

  • the provision of gifts, hospitality and promotional expenditure;
  • direct and indirect employment, including recruitment, terms and conditions and discipline;
  • financial and commercial controls (for example bookkeeping);
  • how anti-bribery procedures will be enforced (for example, though sanctions and disciplinary procedures); and
  • whistleblowing procedures for reporting bribery.

Principle 2 - top-level commitment

The guidance emphasises that top-level commitment is the best way for an organisation to ensure that it is unified in tackling bribery. What amounts to effective leadership in bribery prevention in terms of the involvement expected of senior members will depend on what is proportionate for the size of the organisation. For small organisations top-level commitment should emanate from senior managers and for large organisations it should emanate from the board of directors.

According to the guidance, regardless of how top-level engagement is manifested, it is likely to include a number of elements (listed in para.2.4), including the selection and training of senior managers to take the lead in relation to anti-bribery, and leadership in raising awareness and on the code of conduct.

Formal statements issued by senior managers are an effective way of showing commitment. The guidance gives (in para.2.3) examples of what might be set out in management communications, including:

  • "a commitment to zero tolerance towards bribery":
  • the consequences of breaching the policy;
  • details of who is responsible for developing and implementing bribery prevention procedures; and
  • reference to the organisation's involvement in collective action against bribery within the business sector.

Principle 3 - risk assessment

Organisations should carry out periodic risk assessments in relation to bribery. These may form part of a more generic risk assessment carried out in relation to business objectives or be specific to bribery. Risk assessment procedures should be proportionate to the organisation's size and structure and to the nature, scale and location of its activities.

Organisations should ensure that senior management oversees risk assessments and employs resources that are appropriate to the organisation. The information sources used to assess risk should be identified and due diligence carried out (see principle 4). It is important that organisations keep records of the risk assessments carried out and their conclusions. Organisations should adapt their risk assessments to the evolution of the business, for example when entering new markets. External risks that organisations need to consider as part of a risk assessment include country risk, sectorial risk, transaction risk, business opportunity risk and business partnership risk. Internal factors to consider in a risk assessment include whether or not:

  • more employee training is needed;
  • there is a bonus culture that results in excessive risk taking;
  • there are clear policies and procedures for hospitality, promotional expenditure and political or charitable contributions;
  • there are clear financial controls; and
  • senior management communicate a clear anti-bribery message.

Principle 4 - due diligence

Due diligence in relation to "associated persons" forms part of bribery risk assessment (see principle 3). However, it is also significant as a means of mitigating risk and is included in the guidance as a separate principle. Due diligence procedures should reflect a proportionate and risk-based approach.

An "associated person" is broadly defined as one who performs services for an organisation. An associated person can be an individual or a body (for example an employee or intermediary). A proportionate approach to due diligence is key. An example given in the guidance is that an information technology service provider may be low risk, whereas an intermediary in foreign markets will require a higher level of due diligence. Thorough due diligence is essential for certain business relationships, for example where local law dictates the use of local agents for mergers and acquisitions. As regards the extent of the risk of bribery, higher-risk situations may require further investigations and continued monitoring.

Organisations are likely to need to obtain more information from "associated persons" that are companies than they are from individuals, because more individuals are likely to perform services on behalf of a company and an individual's role may not be immediately apparent. Due diligence will usually involve requests for information on relevant individuals' backgrounds, expertise and experience, to be supported by research and references. With regard to an organisation's own employees, other than for low-risk posts, due diligence should be incorporated into recruitment and human resources procedures.

Principle 5 - communication (including training)

According to the communication principle, a commercial organisation should seek to "ensure that its bribery prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication, including training, that is proportionate to the risks it faces". Appropriate communication demonstrates the organisation's commitment to avoiding bribery and may have a deterrent effect. Training helps to ensure that managers and staff have the necessary knowledge and skills to be aware of the risks of bribery and to deal with bribery-related issues.

The extent of communication and training that is appropriate for an organisation will vary according to the bribery risks it faces, its size and the scale and nature of its activities. As mentioned above, appropriate policies and procedures should be communicated from the top level down. A whistleblowing policy and related procedures should be put in place, together with resources for obtaining advice. Organisations should consider making training mandatory for new employees and agents. Organisations may wish to encourage all associated persons (particularly those who are high risk) to undergo bribery prevention training. Training should also be up to date and kept under review. The guidance makes the point that training can be available in many formats (for example, seminar or web based). However, organisations should ensure that, whatever format they adopt, training meets the objective of informing participants of the practical implications of the organisation's policies and procedures for them.

Principle 6 - monitoring and review

Principle 6 concentrates on the need for organisations to monitor and review their policies and procedures. The message in the guidance is that it is insufficient for organisations to put in place procedures and then forget about them. They may need to review procedures that are already implemented in light of changing circumstances and if they appear to be ineffective. Systems to deter and detect bribery, such as internal financial control mechanisms, should be established to alert organisations to any failings in their anti-bribery policies and procedures. Organisations can also use staff surveys and feedback from training to gather information about the adequacy of their anti-bribery procedures.

Organisations should, ideally, set aside a date for a formal periodic review and seek external verification of internal policies and procedures.

Next week's topic of the week article will be a case study around the Bribery Act 2010 and will be published on 16 May.

Sarah-Marie Williams (Sarah-Marie.Williams@clydeco.com) and Rachel Cropper-Mawer (Rachel.Cropper-Mawer@clydeco.com) are legal directors at Clyde & Co LLP.

Further information on Clyde & Co LLP can be accessed at www.clydeco.com.