With the Bribery Act coming into force on 1 July 2011, many businesses are struggling to have all their procedures in place to ensure compliance. The message is, 'Don't panic'.
Commercial organisations may well find that by taking time to conduct a meaningful assessment of the risk to their business they will discover that existing policies, staff handbooks and procedures require some amendment and review, but without wholesale re-writing, and that a lot of what they have in place will be sufficient.
Whilst there are severe penalties for corporate failure, the risk of this occurring is low, particularly for businesses operating only in the U.K.
Taking time to properly assess risk and respond with appropriate and proportionate procedures will pay dividends. By avoiding a knee jerk reaction with all the associated costs that can bring, a sensible compliance programme can be introduced in a relatively short period of time.
The Bribery Act introduces a completely new Corporate Offence of failure by commercial organisations to prevent bribery by those working on behalf of the business - including employees, agents and subsidiaries (whether domestic or foreign). The penalty is an unlimited fine.
This offence is committed when a person associated with the organisation bribes another intending either to obtain or retain business for that organisation or intending to obtain or retain a business advantage for that organisation. The Corporate Offence is a strict liability offence, or, perhaps more accurately, one of vicarious liability based on the actions of the associated person. A bribe is widely defined as a 'financial or other advantage' giving rise to concerns over areas such as corporate hospitality and promotional expenditure.
However, it is a defence for an organisation to prove that it had in place 'adequate procedures' designed to prevent persons associated with them from undertaking such conduct. Therefore it is vital that businesses put into place policies and procedures that enable them to prove that defence.
The following is a suggested compliance plan taking into account the statutory guidance published by the Government as to what those procedures should look like:
- Carry out a risk assessment to identify vulnerable areas, enabling you to develop policies to counter specific risks. You might need help from across the business to assist in this task. Some companies have involved a risk committee where business is diverse.
- Write/review your anti-corruption policy. Consider how this is to be implemented in all business entities over which your company has effective control.
- Write/review your gifts, hospitality and promotional expenses policies (to include charitable donations, political contributions, facilitation payments etc.)
- Develop public statement of commitment - to be visible on your website and for communication to business partners, contractors, suppliers etc.
- Identify and appoint a compliance officer. They in turn might need to set up and put in place monitoring and auditing systems.
- Ensure accounting system can identify possible infringements, and that people know what to do about suspicious transactions.
- Introduce standard wording in contracts to confirm third party compliance.
- Review employment contracts to set out the consequences of breach.
- Review your whistle blowing policy and how to give information to employees about what to do if approached to make or accept a bribe.
- Consider systems for due diligence on appointment of agents/joint venture partners/intermediaries, including relevant termination clauses.
- Having identified the recipients, roll out anti-corruption training to those who are in a position to actively bribe on behalf of the organisation. Consider whether to include not only staff but consultants, agents, and joint venture partners.
- Keep written records of all of above to help prove 'adequate procedures' are in place.
You might need to change the order of the above slightly for your business, and you may have already addressed some of the issues, or may not need to do them at all. Ask yourself - How far have we got?
Shoosmiths can and have assisted clients with implementation of compliance plans by assisting at any stage, from facilitating risk assessment to writing policies and procedures and reviewing contractual documentation. This is done at a fixed price to ensure you can budget accordingly.
It is important to remember that even after the procedure and policies have been implemented, they still need to be communicated. It is permissible to train only those who can put the organisation at risk rather than blanket training of all employees. However, failure to communicate will result in any attempt to prove the adequate procedures defence failing at the first hurdle.
Shoosmiths has developed a cost-effective online compliance training course that can be adapted to your individual procedures. It is hosted by us and delivered over the internet. The course includes evaluation by multiple choice questions tailored to your industry, and management reports to ensure you can demonstrate proof of understanding, as well as the course being completed by each individual. If you wish to take a sample course without obligation, we can arrange for this to be done via the internet.
We can also deliver more traditional face-to-face training courses for senior management, high risk groups, or smaller organisations.
Although it is important that businesses put the various procedures and policies in place, do bear in mind that the Act was not introduced to penalise companies going about their normal business in a reasonable way. With the right procedures in place, innocent companies should have little to fear.
Some businesses feel that it is helpful to discuss their plans with us, or obtain further advice or clarification of the Act itself. If this is something you feel your business could benefit from, please do not hesitate to contact us