UK Bribery Act - extra-territorial reach and guidance on corporate anti-bribery procedures

For example, a Dutch oil and gas exploration company, which happens to have a UK subsidiary, appoints an intermediary to facilitate business in Africa, and the intermediary pays a bribe to a local official. Whether or not the Dutch parent or the UK subsidiary were aware of the actions of the intermediary, or whether any benefit accrues to the UK subsidiary, in some circumstances, the Dutch parent could be liable under the UK Bribery Act for failing to prevent bribery. The Act is engaged simply by virtue of the existence of a UK operation.

Also, using the same example, the UK subsidiary is itself at risk of prosecution if a person or company associated with it is involved in bribery, as are any Dutch nationals working for the UK subsidiary and therefore "ordinarily resident" in the UK, if they are found to have paid or received a bribe.

"Part of a business" is not defined in the Act, but even a UK representative office or agent may be sufficient for the purposes of the corporate offence. However, a London listing without any demonstrable UK business presence will not be sufficient to trigger liability under the Bribery Act, in contrast to the FCPA, which may be engaged simply by a US listing. It is worth noting that the Bribery Act is wider than the FCPA in some respects so an FCPA-compliant company may not be Bribery Act-compliant. For more on the extra-territorial application of the Bribery Act, see below.

Companies which are able to demonstrate that they had "adequate procedures" in place to prevent bribery occurring, and legitimately attribute bribery to "rogue elements" in the organisation, may have a defence to the corporate offence of failing to prevent bribery, and this defence will be equally available to foreign entities. What this means is that overseas companies caught by the UK Bribery Act should be reviewing their business operations with a view to implementing "adequate procedures" to prevent bribery, just as many UK-incorporated companies are doing.

Last autumn, the UK Ministry of Justice published draft guidance on the Bribery Act. During the consultation on the draft, the UK business community conducted a vociferous press campaign of opposition to the Bribery Act, lobbying for a clearer steer on the more difficult issues such as corporate hospitality and facilitation payments, liability for the actions of suppliers, sub-contractors, joint ventures and investee companies, and the extent of a UK business presence required to trigger liability under the Act. The guidance has now been issued in final form, signalling the UK Government's intention to press ahead with implementation of the Act in July 2011, giving the business community three months to consider the guidance and assess what steps they need to take to avoid falling foul of the Act.

The MoJ guidance can be accessed here. It is fair to say that the guidance is more helpful overall than the draft published last year, and as expected the UK Government has bowed to pressure to clarify the thinking behind the more contentious issues, as explained below.

To help companies who are in the process of implementing new bribery-prevention measures, the six fundamental principles on which "adequate procedures" should be based have been reformulated and explained in more detail as compared with last year's draft guidance. They are also summarised below with a short practical commentary on each.

At the same time, the Serious Fraud Office and the Director of Public Prosecutions published joint guidance on their approach to bringing prosecutions under the Bribery Act. In view of the level of discretion given to them under the Act in deciding whether or not to bring a prosecution in any given case, the SFO/DPP guidance will also help companies to determine where to draw the line between lawful and unlawful activity and in shaping their anti-bribery policies and procedures accordingly. One thing is clear from the SFO/DPP guidance: the existence (or not) of robust bribery-prevention procedures will be a key factor influencing the decision to prosecute. The practical implications of the SFO/DPP guidance are discussed in more detail in the commentary below and the guidance itself can be accessed here.

Extra-territorial application – what is "part of a business"?

A foreign company which carries on any "part of a business" in the UK could potentially be prosecuted under the Bribery Act for failing to prevent bribery committed by any of its employees, agents or other representatives, even if the bribery takes place outside the UK and involves nonUK persons. Clearly, the definition of "part of a business" will be crucial for foreign companies deciding whether or not they are caught by the Bribery Act. The MoJ guidance does not provide a complete answer, deferring to the courts as the final arbiter, but suggests a common-sense approach in assessing whether an organisation has a demonstrable business presence in the UK. The guidance acknowledges that a UK listing of itself is unlikely to be sufficient, in contrast to the FCPA, the US equivalent of the Bribery Act, which may be engaged simply by a US listing. It also suggests that having a UK subsidiary does not automatically mean that a foreign parent is carrying on a business in the UK since the subsidiary may act entirely independently of its parent. This will be a question of fact and we would suggest that overseas companies with any UK presence exercise caution and take steps to assess their potential exposure to the Bribery Act on a case-bycase basis.

Corporate hospitality and gifts

Some of the UK press reports in recent months to the effect that routine corporate hospitality will be illegal under the Bribery Act were misleading and the UK Government has tried to inject a dose of realism into the debate, confirming in both sets of guidance that the Act does not prohibit reasonable and proportionate corporate hospitality or promotional expenditure. As the UK Justice Minister, Ken Clarke, states in the MoJ guidance, "no one wants to stop firms getting to know their clients by taking them to Wimbledon or the Grand Prix".

There is a key dividing line between legitimate hospitality and a bribe, which many of the press reports have failed to appreciate. Unless the recipient is a foreign public official (where a different test applies – see below), in order to constitute a bribe, hospitality must be intended to induce improper behaviour (i.e. it must come with strings attached). Even lavish hospitality may not induce improper behaviour if it is offered in a business context in which it will simply not influence the recipient to do anything improper. In designing a UK Bribery Act-compliant gifts and corporate hospitality policy, consider, for example:

• disproportionate and inappropriate lavishness: whether the recipient would feel under any sense of obligation as a result of a gift or hospitality;
• seniority: is the recipient in a position to influence a relevant decision?
• industry comparators: what is the norm in the relevant industry or business sector?
• country comparators: gifts and hospitality which are considered modest in developed nations may be seen as more lavish elsewhere and therefore more likely to be seen to be "buying" influence;
• timing: is the hospitality/gift timed so as to affect the outcome of a particular event or decision?
• transparency: was the hospitality/gift declared? The SFO/DPP guidance draws attention to concealment as an indicator of impropriety;
• the "newspaper test": how would a newspaper report the gift or hospitality and what would the public perception be?
• business reason: can you identify a specific business justification for the gift or hospitality? Hospitality involving friends or family of a business contact or where the host is not present may raise particular suspicion.

If the recipient is a foreign public official, a stricter standard of behaviour applies. Any payment to, or benefit conferred on, a foreign public official which is intended to gain a business advantage may constitute a bribe unless written local law expressly permits or requires it. It will be fairly easy to trip over this hurdle in practice so businesses should take particular care when entertaining foreign public officials, and may need to carry out some due diligence on local law. If local law is silent, prosecutors will consider the public interest in prosecuting. The written local law test is also of particular relevance to facilitation payments – see below.

Facilitation payments

Companies will take some comfort from the express acknowledgment in the guidance of the problems that businesses face in some parts of the world and in certain sectors where bribery is rife and that the eradication of facilitation payments is a "long-term" objective requiring collaboration between governments and other international bodies. To address the widespread concern over the zero-tolerance approach to facilitation payments under the Act, the guidance highlights the public interest test to be applied before a prosecution will be brought, which will be relied upon to ensure the Act is enforced in a "just and fair" manner. According to the SFO/DPP guidance, relevant factors will include:

the size of the payment(s);

• whether it was a one-off incident or part of a "standard way of conducting business";
• the options facing the payer (i.e. whether the circumstances were tantamount to extortion); and
• whether the company had existing procedures in place to root out bribes and the individual concerned simply ignored the relevant policy and procedures.

The SFO's self-reporting guidelines suggest that action taken by the company to selfreport the problem and co-operate with the investigation will also be viewed favourably. Despite its comforting words, the UK Government is clearly keen that businesses themselves play their part in global anti-bribery efforts by implementing bribery prevention procedures. Many of the case studies used in the MoJ guidance contain helpful suggestions for mitigating exposure to liability for payments made by overseas agents and intermediaries, including:

• carrying out due diligence on overseas agents and intermediaries and who their contacts are;
• researching local bribery and corruption law. The MoJ guidance acknowledges that foreign governments often require some form of investment in the local economy or community as a condition of a tender for publicly-funded contracts and if this is set out in written local law it will not present a problem;
• communicating a zero-tolerance policy on facilitation payments to agents and intermediaries and requiring them to train their staff on how to resist demands for bribes;
• laying down procedures for agents and intermediaries to follow, for example:
  • question the legitimacy of the demand and request a receipt of the payment and identification details of the person making the demand;
  • ask to consult superior officials;
  • avoid paying in cash and directly to officials; and
  • threaten to report those demanding payments to the authorities;
• monitoring the activities of agents and their staff; and
• using UK diplomatic or other channels to apply pressure on the local authorities to take action.

Potential liability for the actions of joint venture partners, suppliers, sub-contractors and other "associates"

The scope of the corporate offence of failing to prevent bribery committed by business associates raises difficult questions, particularly in the context of supply chains, joint ventures and corporate investments. The MoJ guidance provides some helpful hints as to the manner in which "associate" will be interpreted. For example, it confirms that, where in practice a company only exercises control over its relationship with its own contractual counterparty, it will not normally incur liability for the actions of sub-contractors and those further down the supply chain. Indeed it suggests that an effective means of managing risk down the chain would be to require the counterparty to agree on bribery prevention measures with the next party in the chain.

As regards joint ventures, the guidance states that a bribe paid by an employee or agent of the JV will not trigger liability for its members simply by virtue of them benefiting indirectly from the bribe through their investment in the JV. The guidance also confirms that liability will not accrue through simple corporate ownership or investment, so, for example, a bribe paid by an employee or agent of a subsidiary will not automatically involve liability on the part of its parent company unless it can be shown that the relevant individual intended to obtain or retain business for the parent company. On the other hand, the guidance also highlights the significance of the degree of control over the activities of the associate. For investors, the provisions of a shareholders' agreement documenting control mechanisms and/or board representation are likely to be taken into account in determining whether an investee company is an "associate" of the investor.

What does "adequate procedures" mean?

Although following the MoJ guidance will not be a safe harbour from prosecution, it will be a good starting point, particularly for businesses without existing UK Bribery Act-compliant policies and procedures. Equally, departing from the guidance will not lead to a presumption that a company does not have adequate procedures in place if it has sound reasons for doing so. The "adequate procedures" defence is, in effect, designed to effect a change of behaviour among businesses with any presence in the UK, by incentivising them to carry out a thorough risk assessment in light of their potential liability under the UK Bribery Act, and to beef up their internal controls and procedures so that they are in a position to detect and deal with incidents of bribery in their organisation.

Fundamental principles

The MoJ guidance rests on six fundamental principles which we have reproduced below, and to which we have added a short practical commentary. All of these principles are equally applicable to foreign companies if they have a UK business presence.

Principle 1 – Proportionate Procedures: A commercial organisation's procedures to prevent bribery by persons associated with it are proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisation's activities. They are also clear, practical, accessible, effectively implemented and enforced.

Commentary: The guidance repeatedly emphasises the importance of a risk-based proportionate approach to bribery prevention. Size is not the sole determinant of risk, but procedures which are right for a large multi-national are unlikely to be practical or appropriate for a small closely-held UKbased company. For a company exposed to any significant bribery risks, an effective anti-bribery policy might:

• contain a clear explanation of what constitutes an illegal bribe and how to distinguish a bribe from a legitimate payment, in the context of the company's operations;
• set out the company's commitment to eradicate bribery and maintain the highest ethical standards;
• identify the senior individual(s) responsible for implementing the policy and monitoring compliance;
• set out a clear and workable code of conduct covering the key risk areas, for example expenses, gifts and corporate hospitality, facilitation payments, political and charitable donations, sponsorships and other activities identified as a bribery risk;
• explain the manner in which the company's bribery-prevention measures are to be communicated and training organised;
• detail recruitment, vetting and disciplinary processes and other sanctions for breach of antibribery rules;
• explain the company's procedures as regards risk assessment of, and due diligence on, its business partners and the circumstances in which contractual protections may be needed;
• provide a mechanism for obtaining advice on the company's anti-bribery policy and secure and accessible channels for reporting suspected incidents of bribery; and
• explain the mechanism for investigating and dealing with allegations of bribery.

Effective implementation and enforcement may be evidenced by written records of:

• the outcome of any bribery risk assessment;
• training for staff and business associates where relevant;
• appropriate bribery-prevention provisions in contracts with employees and relevant business associates, including sanctions for breach;
• employees' performance assessments covering compliance with anti-bribery measures;
• due diligence carried out on business partners and reaction to any information uncovered as a result of the due diligence which gave rise to concern (including contractual protections); and
• action taken in response to reported incidents of bribery (for more on this see Principle 6).

The key is to ensure that the company can show that the procedures and systems are in place to root out and deal with bribery and, if an incident of bribery ends up in court, the company can legitimately attribute this to a "rogue element".

Principle 2 - Top Level Commitment: The top level management of a commercial organisation (be it a board of directors, the owners, or any other equivalent body or person) are committed to preventing bribery by persons associated with it. They foster a culture within the organisation in which bribery is never acceptable.

Commentary: This principle reflects the importance of the "tone from the top" in fostering a culture in which bribery is not tolerated. In this context, it will be useful if an organisation can demonstrate:

• a board-level statement of commitment to counter bribery in all of the company's operations which is communicated both internally and externally, e.g. via the company's intranet and website;
• the appointment of a senior manager who takes ultimate responsibility for the content, implementation, monitoring and review of an anti-bribery programme (the extent to which this task may be delegated below board level will depend on size and management structure);
• the support of senior management for the effective implementation of the programme, including deciding where and with whom to do business in order to mitigate bribery risks, perhaps even withdrawing from jurisdictions, sectors or business relationships which are seen to present a particularly high risk, and supporting disciplinary action against employees and others involved in bribery; and
• engagement with relevant associates, external bodies and the media to help articulate the company's stance on bribery.

Principle 3 – Risk Assessment: The commercial organisation assesses the nature and extent of its exposure to potential internal and external risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented. 

Commentary: A full understanding of the bribery risks an organisation faces is the foundation of any effective anti-bribery programme and will ensure that its policies and procedures are properly tailored to the nature, scale and complexity of its activities and the risks to which it is exposed. The Bribery Act should prompt all businesses to carry out an in-depth bribery risk assessment, even those who already have an anti-bribery programme. Red flags might include, for example:

• dealings with territories which are perceived to have high levels of corruption (for example, those with a score of 5 or less in the Transparency International Corruption Perceptions Index);
• extensive reliance on agents and intermediaries located in high risk jurisdictions;
• dealings in high risk industry sectors, for example, defence, energy and construction; and
• close ties with prominent Government officials or extensive Government contracts.

The guidance also draws attention to internal factors such as:

• deficiencies in employee training, skills and knowledge;
• a bonus culture which encourages excessive risk-taking;
• lack of a clear policy on corporate hospitality and other bribery risk areas relevant to the business;
• poor financial controls; and
• lack of management support in anti-bribery efforts.

Going forward, bribery risk may be part of the company's general risk assessment procedures. The risk profile of a business will clearly not be static so the bribery risk assessment should be repeated at regular intervals, and also when prompted by trigger events such as a prosecution or legislative change or entry into new markets. See Principle 6 for more on this.

Principle 4 - Due Diligence: The commercial organisation applies due diligence procedures, taking a proportionate and risk-based approach, in respect of persons who perform or will perform services for or on behalf of the organisation in order to mitigate identified bribery risks.

Commentary: Liability for the corporate offence can be triggered by bribery committed by persons "associated with" the company. Employees are presumed to be associates, but the definition extends far beyond employees and may include agents and intermediaries, subsidiaries (including those overseas), joint venture and consortium partners, contractors, and other third party service providers. The risk assessment process should help identify the degree of risk arising from a particular relationship and the appropriate level of due diligence. Contractors, agents or … the importance of the "tone from the top" in fostering a culture in which bribery is not tolerated. A full risk assessment will be the foundation of any effective anti-bribery programme. 7 intermediaries operating in, or with links to, high risk jurisdictions, sectors or activities will warrant more thorough investigation. Due diligence for higher risk relationships may include:

• requiring the company or individual to complete a standard questionnaire to verify identity and ownership, and disclose any association with bribery offences. Failure to co-operate with this exercise may in itself raise suspicion;
• in the case of companies, review of its anti-bribery programme (if any) and records of compliance with it;
• instructing forensic accountants to review financial and other records;
• press searches for the name of the company or relevant individuals in a bribery or corruption context; • searching US and other government databases of "blacklisted" persons; and
•  searching other online databases for reports of bribery-related activity (such as KYC360 and Trace International's Bribeline).

The results of the due diligence exercise should be acted upon if issues emerge, and should also feed into the contractual relationship with the relevant entity or individual. For example, consider requiring contractors to comply with your anti-bribery policy or adhere to their own policy which is at least as stringent as your own, requiring them to keep records of their own staff training, monitoring and investigations carried out, providing for an inspection and audit of their compliance and including indemnity and/or termination rights in the event of their breach of the bribery rules.

Vetting new employees for any history of bribery-related offences will also be important.

Principle 5 – Communication (including training) - The commercial organisation seeks to ensure that its bribery prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication, including training, that is proportionate to the risks it faces.

Commentary: If a company is going to be able to rely on the "adequate procedures" defence in a prosecution, it is vital that it can demonstrate not only that it has an effective and properly tailored anti-bribery policy, but that it has followed through with workable procedures in place to enforce it, and can produce documentary evidence of this, including records of having communicated it effectively, both internally and externally, of having trained staff and required at-risk business associates to undergo or provide training themselves.

The guidance on internal communication focuses on staff training to raise awareness of the company's anti-bribery policy and procedures. Training should be given as part of the induction process and periodically thereafter as a refresher or to reflect changes of practice or policy. The guidance is not prescriptive on the content of training or manner in which training is delivered, although it does suggest bespoke training for high-risk individuals, both internal and external. It will also be useful to be able to demonstrate that the policy and procedures are readily accessible on the company intranet or similar, and the existence of secure, confidential and accessible channels for staff and business associates to raise concerns and obtain advice.

As regards the outside world, there is no statutory requirement for a company to include information on its bribery-prevention measures on its website or in its annual report, but evidence that the company has communicated its anti-bribery stance to those with whom it does business will be a factor in establishing the "adequate procedures" defence, and a statement on the company's website is a useful tool for this. As the guidance points out, such a statement can both provide reassurance and act as a deterrent for those intending to offer or receive a bribe in the course of the company's business.

Principle 6 - Monitoring and Review: The commercial organisation monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where appropriate.

Commentary: Implementing and monitoring an anti-bribery programme will require some resource, which will be unwelcome for businesses in the current economic climate, although existing procedures can be adapted for bribery prevention purposes. For example, financial and auditing controls can be used to detect odd or unexplained payments and expenses claims, existing disciplinary procedures can be invoked for breaches of the organisation's anti-bribery policy, and vetting procedures for new staff can be extended to cover any past history of bribery offences.

Clearly, it will also be important for companies to show they have responded to incidents of bribery and assessed whether or not it was a failure of the company's policy or procedures which allowed it to happen and whether they needed to be tightened up as a result. Action taken in response to a reported incident may also include disciplinary action against relevant employees, removing corrupt vendors from the list of approved suppliers and enforcing other contractual sanctions against business partners found to be involved in bribery.

In some circumstances it may also mean self-reporting the incident to the law enforcement agencies. The SFO/DPP guidance makes it clear that the prosecuting authorities may treat companies who self-report and co-operate with the investigation more leniently. This is consistent with the incentives for whistle-blowing in the Dodd-Frank Act in the US. Lenient treatment might mean, for example, a civil action (which does not carry with it the penalty of automatic debarment from public contracts) rather than a criminal action, or in some cases no action at all. The reporting mechanisms which already exist under anti-terrorist and anti-money laundering legislation mean that the SFO is frequently tipped off in any event. There is also always a risk that competitors and disaffected employees will blow the whistle so businesses are encouraged to try to "buy" some credit with the law enforcement agencies by going to them at an early stage. However, it will also be important to respond to other internal and external trigger events such as:

• new anti-bribery legislation in jurisdictions in which the company does business;
• bribery prosecutions affecting other businesses from which lessons can be learned;
• changes in the structure of the business or business acquisitions;
• the entry into new markets, particularly in risky jurisdictions; and
• new ways of winning or doing business which expose the company to new risks.

Again, documenting this review will be crucial in establishing the "adequate procedures" defence.

How can we help?

The UK Government is keen to point out that compliance with the Bribery Act is all about common sense, not burdensome procedures, and there is no "one-size-fits-all" approach to compliance. It is right that you will know your own business better than anyone. However both the SFO and MoJ guidance place a great deal of emphasis on being able to demonstrate a proactive approach to combating bribery and the existence of a robust anti-bribery programme. We have prepared a client pack on anti-bribery measures which is designed to provide:

• advice on the extra-territorial application of the Bribery Act;
• a clear explanation of the scope of the new offences and when a lawful payment becomes a bribe;
• advice on the scope of potential personal liability for directors and senior management;
• advice on how to interpret the UK Government guidance and translate it into a workable antibribery programme for overseas companies with a UK business presence;
• guidance on carrying out a bribery risk assessment;
• the must-haves in an anti-bribery programme;
• specimen questions for carrying out due diligence on business partners and how to address risks uncovered in due diligence;
• anti-bribery clauses for commercial contracts;
• wording for employment contracts and staff handbooks;
• presentations for training your employees and others;
• advice on whistleblowing procedures; and
• guidance on incident management procedures.

If you would like us to talk through the pack or would like further advice on the MoJ or the SFO/DPP Bribery Act guidance or preparing for the Bribery Act more generally, please get in touch with Richard Brown, Andrew Gillen or Rob Fell.