The legal concept of “adequate procedures” was introduced in the UK Bribery Act in 2010 as a defence to the corporate offence of failing to prevent bribery. That said, the concept itself has in fact been present in corporate compliance programs for many years and, whilst the English Courts have yet to determine exactly what constitutes adequate procedures as a criminal defence, there is extensive guidance flowing from both England and around the world which offers a helpful starting point when considering what should be in place as part of a robust compliance program.
Proportionate Procedures
- Procedures must be clear and proportionate to the bribery risks faced by the organisation. For example, small national organisations in low risk industries will not have to apply the same procedures as large international organisations with operations in high risk industries and jurisdictions.
- US DoJ guidance states that an effective compliance program should be tailored to the organisation’s specific business and to the risks associated with that business.
- There is no “one-size-fits all” approach and a “tick-the-box” approach to anti-bribery procedures should be avoided.
Top-Level Commitment
- The senior management of an organisation must be involved in determining and implementing anti-bribery compliance procedures as well as keeping them under review on an ongoing basis.
- Measures that can be adopted to help demonstrate this commitment include: ensuring the board formally approve the organisation’s anti-bribery policy; making a senior manager responsible for implementing the anti-bribery policy; and regularly communicating that no employee will be penalised for refusing to pay bribes, even if refusing to pay bribes may result in the organisation losing business.
Risk Assessment
- An organisation’s policies and procedures should factor in, and keep up to date with, the bribery risks it faces in its business sector and the market generally. Such risk assessments must be periodic, informed and documented.
- Factors to be considered in any risk assessment include: country risk, sectoral risk, transactional risk, business opportunity risk and business partnership risk.
- A 2014 OECD Report on combatting corruption found that bribery risk may not be as closely linked to country risk as commonly thought. Instead, it recommended that organisations might want to focus on sectoral factors and identified the extractive, construction, transportation, information and communication sectors as particularly high risk.
- The European Anti-Corruption Report 2014 sets out where commercial organisations should expect red flags (i.e. urban development and construction, healthcare and tax administration) and how to plan for the sustainability of a compliance program. An organisation doing business in Europe may wish to carefully review the Report’s analyses of the specific countries in which the organisation does business in order to assess its compliance procedures. It also contains an in-depth discussion of the corruption risks in public procurement.
Due Diligence
- Due diligence should be extended to all third-party business partners, including: agents, subsidiaries, contractors, joint venture partners, third party service providers or suppliers.
- According to the OECD, three out of four foreign bribery cases involved intermediaries.
- US DoJ guidance provides principles that should always apply to third party due diligence. These include understanding the connections of third party partners, having an understanding for including the third party in a transaction and undertaking some form of monitoring of third party relationships.
- US enforcement actions also indicate that authorities may consider specific policies on due diligence of foreign business partners as a reason for deciding not to bring a corporate prosecution [see Morgan Stanley - 2012].
- M&A activity can present considerable bribery risk and targets should be clearly vetted, both to verify they are not committing bribery and to ascertain that there are no “legacy risks” related to past bribery.
- Joint venture partners should also be encouraged to adopt an equivalent compliance program.
Communication
- Organisations should make it clear and unambiguous to all staff and business partners that bribery is unacceptable. Bribery prevention policies and procedures should be embedded and understood throughout the organisation.
- An important aspect of this is the establishment of a secure, confidential means for internal or external parties to raise concerns about bribery (or the adoption of “speaking up” or “whistleblowing” procedures).
- US authorities have commended the fact that an organisation’s whistleblowing hotline was available toll-free 24/7 in every major language in a recent decision to not prosecute a company. It has also been recommended that an organisation’s whistleblowing hotline be extended to third-party business partners.
- US guidance adds to this by saying that once an allegation is made, organisations should have in place an efficient, reliable and properly funded process for investigating the allegations and documenting the organisation’s response.
- Many organisations have also found that publicizing disciplinary actions internally, in compliance with local law, can have an important deterrence effect.
- Despite some jurisdictions permitting exemptions to facilitation payments in certain circumstances, it is generally considered more efficient and effective to prohibit such payments globally.
Training
- Bribery prevention policies and procedures must be embedded and understood throughout the organisation, including training that is proportionate to the risks faced.
- Training should be ongoing and appropriate to specific roles. For example, those working in purchasing, contracting, distribution or marketing, or in high risk countries, may require additional training.
- Annual certification of accreditation for front line employees.
- It should also include training on “whistle blowing procedures” and be mandatory for all new staff.
- Training may also be appropriate for some third party business partners.
Monitoring and Review
- Procedures must be regularly monitored, reviewed and, where necessary, improved to respond to any changes in risk.
- In addition to regular intervals, an organisation may want to review its processes in response to other stimuli, for example following governmental changes in countries in which they operate in, an incident of bribery or other negative press reports.
- External verification of the effectiveness of anti-bribery procedures may also be sought and is explicitly recommended by both the joint DoJ and SEC guidance and the UK’s Ministry of Justice guidance on the Bribery Act.
Recent Anti-bribery and Corruption Developments
Germany
- In Germany, providing advantages to members of Parliamentary assemblies has recently become subject to much stricter regulation. Previously, only “buying or selling a vote for an election or ballot” in a Parliamentary assembly in Germany or in the European Parliament was criminalized. This law passed in September 2014 finally allowed Germany to broaden the existing law to make it a criminal act to offer, promise, or give an undue advantage to members of the German government. Donations permissible under statutory law should, in general, not constitute criminal conduct, but since there is currently no case law applying the new law, caution and strict compliance controls should govern any activity with members of the German government.
- There is also a proposed bill in Germany that would formally introduce corporate criminal liability.
Canada
- Canada significantly strengthened its equivalent of the FCPA, the Corruption of Foreign Public Officials Act (“CFPOA”) by expanding jurisdiction to cover conduct by Canadian companies and individuals worldwide, prohibiting facilitation payments and bringing into effect a “books and records” offence. 2014 also saw a significant rise in enforcement activity under the CFPOA, which, until its recent amendments, was rarely enforced.
Brazil
- Brazil’s Clean Company Act came into force in 2014. The Act imposes civil and administrative liability on companies, both domestic and foreign, for acts of corruption and bid rigging by their employees or agents. The Act shares certain characteristics with the FCPA but, goes somewhat further. The most significant difference is that it imposes strict liability on corporations, except in limited situations, for corrupt conduct that benefits the company. And unlike in the UK, where a company can be liable for failing to prevent bribery but can demonstrate that it has an adequate compliance program to counter the charge, there is no “adequate procedures” defence (although companies may qualify for leniency in Brazil if they cooperate with the authorities and can demonstrate an effective internal compliance program). Another significant difference from the FCPA is that the Act covers private bribery to the extent that the bribery relates to a public contract or tender. Finally, there is no exception within the Act for facilitation payments.
Useful Links
EU Anti-Corruption Report 2014
DoJ and SEC Joint FCPA Guidance
Transparency International Guidance on Adequate Procedures
Transparency International Adequate Procedures Checklist
Transparency International Corruption Perceptions Index
UK Ministry of Justice Guidance on Bribery Act
WilmerHale Global Anti-Bribery Year-in-Review: 2014 Developments and Predictions for 2015