The requirement for 'adequate procedures' under the Bribery Act 2010 means businesses will want to ensure they have the appropriate documentation in place before this autumn, when the new, so-called Corporate Offence is expected to come into force.
We await publication of government guidelines, but it is clear that certain documents will be required.
Companies will want to consider the following areas in their review of internal and external documentation:
- Anti-corruption code of conduct - this is the cornerstone of good compliance. It is expected that a company will make this known to relevant third parties, its own personnel, and will publish its code on its website.
- Anti-corruption programme - it is likely that companies will develop a compliance programme around the code of conduct. It is to be expected this will be approved and adopted by the board of directors. It is also expected that the programme and the code of conduct will be endorsed by a personal statement from the chief executive supporting the programme.
- Senior manager appointment - adequate procedures will require the appointment of a senior manager to be responsible for ensuring the company complies with the anti-corruption programme. The relevant documentation will set out the terms of reference for the individual concerned and deal with matters such as the resources available to them and their authority to act.
- Employment procedures - these will need to deal with both the vetting of potential employees, the clauses to be included in employment contracts to deal with contractual obligations and penalties in relation to corruption, and disciplinary procedures to deal with employees who commit a corrupt act.
- Gifts and hospitality policy - specific policies to deal with both of these areas should be developed to give guidance and limits to those affected.
- Training programme materials - companies will need to develop appropriate anti-corruption training materials for their ongoing use.
- Due diligence materials - companies will wish to make checks of both their existing business partners and also have due diligence procedures for vetting new relationships. Some simple materials will be of value in supporting and evidencing due compliance in both areas.
- Decision-making processes - processes should be documented to make sure that decisions taken are taken in the right way by a decision maker of the right level to deal with both the value of the transaction and the perceived risk of corruption.
- Publication of anti-corruption code - the code will need to be published in writing to the company's business partners at the outset of any business relationship. Evidence of this should be preserved.
- Adoption of anti-corruption programme by subsidiaries and business partners - internal documentation should be developed to ensure subsidiaries confirm their compliance. In relation to business partners the company should take all reasonable steps to ensure that the business partners confirm the arrangements they have in place to deal with corruption and make sure these are as comprehensive, if not more comprehensive than those of the company itself.
- Contract documentation - contracts with third parties should incorporate anti-corruption contract terms providing both express contractual obligations and penalties where appropriate. Companies will need to revisit material business contracts before the Act comes into force to decide how they will implement the spirit of these provisions in relation to existing relationships. (We anticipate many companies will want to enter into supplemental contracts to incorporate suitable provisions.)
- Procurement and supply chain management - the company will need to ensure its procurement and contract management procedures enable it to minimise the risk of corruption by business partners on an ongoing basis.
- Internal reporting procedures - whistle-blowing procedures should be in place to facilitate internal reporting by employees and others.
- Record keeping - reasonably detailed records of relevant anti-corruption programmes should be kept by companies indentifying any compliance issues which have arisen and how these have been dealt with.
- Reviews - annual internal reviews and evidence of them should be retained, while periodic independent third party assessments should also be conducted.
The documentation requirements set out above do not include documentation relating to financial controls and checks to ensure these are both established and maintained.