FAQs on adequate procedures

The Guidance clearly and succinctly explains this: “Policies articulate a commercial organisation’s anti-bribery stance, show how it will be maintained and help to create an anti-bribery culture… they will not achieve that objective unless they are properly implemented… Whatever the chosen model, the procedures should seek to ensure there is a practical and realistic means of achieving the organisation’s stated anti-bribery policy objectives across all of the organisation’s functions”.

The policy can contain whatever matters the organisation considers appropriate, in whatever level of detail it wishes, based on the risk assessment.  The important thing is that it is clear and simple to understand and addresses the organisation’s position on bribery and its general approach to certain key areas of risk in that regard. Generally, the document should be kept short and simple, so that it does not become too cumbersome and is easy to follow by everyone expected to apply it. 

The matters that might usefully be covered in a policy document include:

• Statement from the Chairman/senior management and explanation of the purpose of the policy - this can help to ensure an appropriately robust anti-bribery culture is engendered within the organisation and to assist in achieving compliance, as it shows that it is on the radar of the senior people in the business. 
• Focus on the importance of taking the matter seriously - identify the risks to the organisation (i.e. reputational, legal, criminal and civil, time and cost) if the policy is not followed, but also the personal risk to anyone involved, to capture the attention of the reader.  It may also indicate how the company will deal with people who do the wrong thing.
• Explanation of Bribery - include a definition of bribery that will be easily understandable to all.
• The organisation’s position on key risk areas – these could include, for example:
  • - Agents, intermediaries and other business partners
  • Gifts, hospitality and entertainment 
  • Travel and expenses
  • Political and charitable donations 
  • Accounts and financial records 
  • Reporting concerns/whistle-blowing

The detail as to how the organisation will implement the general themes set out in the policy can then be addressed in more substantial procedures, to which staff can refer as necessary.  In this regard, it is helpful for the policy document to direct the reader to the relevant procedures and where they can be found.  Where the policy and procedures are provided on the organisation’s intranet, this can be simplified through the use of hyper-links to the relevant pages.

Ultimately, whatever policies and procedures you decide to implement in your organisation, it would be sensible to keep a detailed contemporaneous paper trail documenting: how and why you conducted the level of risk assessment and due diligence that you did; the issues and risks you identified as part of that process; and the rationale for the conclusions you reached that resulted in your policies and procedures in this area. 

These documented justifications, showing all of the decisions taken by the company along the way, and their reasoning, should be kept safe by the legal, compliance or company secretarial function of the business, together with the policies and procedures themselves (and all past iterations of them).  This is likely to be of assistance if, further down the line, you need to satisfy a prosecutor (looking at the matter with the benefit of hindsight) that, on the balance of probabilities, your organisation had put in place adequate procedures designed to prevent bribery and corruption. 

Once your policies are in place, your organisation can build detailed procedures around them, which may have local variations depending on the differing risk profiles of different parts of the business.

Those procedures may be specific to recognised anti-bribery concerns (e.g. regarding gifts, hospitality, charitable or political donations and/or sponsorship, facilitation payments, contractual protections and whistle-blowing/ reporting concerns).  Other procedures and governance arrangements already in place may need to be updated or expanded to take account of any anti-bribery issues (e.g. regarding conflicts of interest, recruitment, remuneration, discipline, contracting with third parties, financial controls, authority lines).  Others still may concern the process of identifying relevant risks and designing processes to combat them (e.g. risk assessment procedures, due diligence procedures regarding business partners, the strategy and time-frame for implementing bribery prevention procedures, and monitoring and evaluation procedures to ensure the controls are effective).

By way of example, in the context of gifts, it may be appropriate to set out clear limits as to what can be spent by whom in what contexts and when further authorisation is required; this may differ depending on whether the gift will be to someone in the public or private sector and/or whether the gift is to be given or received.  It may also differ depending on the nature of the event – e.g. to take account of customs and culture – and may also differ depending on how many times the same person (or same organisation) has already received gifts over a short time-frame. It may also be appropriate to keep a record of all (or those above a certain minimum threshold) gifts offered, given or received in a gifts register, including details of the individuals and organisations concerned, the value (or perceived value) of the gift and the date of its offer, receipt or gift.  Similar detail and variation is likely to apply to the procedures relating to other matters raised in the policies, in particular corporate hospitality.

Among the steps required to ensure effective implementation of your organisation’s policies and procedures, will be:

• adequate training of all staff (and other business partners if appropriate);
• vetting staff and business partners for appropriateness and risk;
• having clear disciplinary measures that are genuinely applied, including warnings, demotion, loss of promotion, suspension and termination in appropriate cases – applied consistently regardless of seniority of the individuals involved;
• ensuring accounting and auditing processes are robust;
• ensuring remuneration policies do not encourage improper behaviour (e.g. heavily weighted performance-related pay structures may incentivise staff to achieve targets at any cost);
• procedures for dealing with incidents and concerns;
• ensuring appropriate levels of management information are provided to enable management to understand any issues and risks and take appropriate decisions; and
• regular and appropriate monitoring and review.

It would also be prudent to consider implementing additional protections to enable the organisation to deal quickly and effectively with any incidents that do arise, for example if it becomes necessary to perform an internal investigation (or assist with an external investigation).  Such investigations can raise difficult issues for the business if they have not thought about them in advance and ensured they have appropriate procedures and contractual protections to enable the business to investigate and take the steps it deems necessary in this regard.  Significant cost savings can be achieved by attending to these matters before a problem arises, especially if policies, procedures and business arrangements are being reviewed as part of a wider anti-bribery compliance audit.

Yes – while there is no specific exception or defence for corporate hospitality, the Act does not prevent or discourage hospitality, provided that it is proportionate and reasonable relative to the type of business being conducted. For example, the Guidance suggests, “…an invitation to foreign clients to attend a Six Nations match at Twickenham as part of a public relations exercise designed to cement good relations and enhance knowledge in the organisation’s field is extremely unlikely… to be evidence of an intention to induce improper performance of a relevant function.” In his Foreword to the Guidance, the Justice Secretary indicates that corporates can “Rest assured – no one wants to stop firms getting to know their clients by taking them to events like Wimbledon or the Grand Prix”.

As a general rule of thumb, the Guidance notes (in the context of hospitality given to foreign public officials): “the more lavish the hospitality... then, generally the greater the inference that it is intended to influence the official to grant business or a business advantage in return.” Nevertheless, bribes can also be based on “relatively modest expenditure”. Therefore, while consideration of what is normal or expected in a particular sector or country is relevant in assessing whether the hospitality falls the wrong side of the line, it is not conclusive, particularly if those norms are extravagant. 

Like the Guidance, the joint guidance on prosecutorial decision-making under the Act published by the Department for Public Prosecutions and the SFO (the “Prosecution Guidance”) is very clear that hospitality which is “reasonable, proportionate and made in good faith” will not be penalised (click here  to view the Prosecution Guidance). However, if the hospitality had no clear connection with legitimate business activity or had been concealed in some way, this would increase the likelihood of an inference that it was a bribe. Transparency will be key. 

In developing policies and procedures in this area, a simple way of ensuring a consistent approach is to adopt clear rules with appropriate threshold limits as to what is permitted (following a risk assessment), with corresponding prior approval processes and procedures (which can then be escalated according to the value of the expenditure for which approval is sought) and rules to prevent conflicts of interest arising among the decision-makers. Of course, setting thresholds does not guarantee that anything within them or exceeding them is or is not a bribe. However, their purpose is to set down a process that enables a consistent approach to be taken, rather than leaving it to those who are receiving or offering the hospitality to make the decision whether they are putting the organisation at risk and being offered (or offering) a bribe - or could be perceived to be doing so. 

What the appropriate thresholds should be will depend on the risk assessment and what is appropriate for your organisation in the way it operates. However, where the thresholds are set is, within reason, less important than being able to show that your organisation considered this issue and took a reasonable (and documented) approach in setting them to limit the risks it faces. Having set the figure, monitoring of the rules being followed is vital along with regularly reassessing whether the rules are working in practice and that the thresholds are the right ones for the business (including through benchmarking and reference to any industry norms).

The Act adopts a “zero tolerance” approach and provides no specific defences or exceptions to allow facilitation payments if they would otherwise fall foul of the offences.  However, while facilitation payments are technically illegal, it does not follow that their payment will be prosecuted in every case. It is part of a prosecutor’s duty when deciding whether to prosecute to consider not only whether there is a realistic prospect of a successful conviction, but also whether it is in the public interest to prosecute.

The Prosecution Guidance looks closely at the public interest factors in favour of or against prosecution of facilitation payments; it advises that if there are large or repeated payments, they are planned for or accepted as a standard practice, or the corporate policy regarding facilitation payments has not been followed, this would suggest that a prosecution should be brought. On the other hand, if the wrongdoing was a single, small payment which came to light due to a genuinely proactive approach involving self-reporting and remedial action, the corporate’s policy was followed even though the payment was ultimately made and/or the payer was under duress in making the payment, these would be factors tending against prosecution. In other words, where it can be shown that reasonable steps were taken to try to avoid paying facilitation payments and they were not simply accepted as part of doing business, a prosecution is less likely to be in the public interest. 

You may want to consider the following in developing policies and procedures in respect of facilitation payments:

• adopting a publicly stated zero tolerance policy prohibiting the payment of facilitation payments;
  including a clear and unambiguous definition of facilitation payments;
• being prepared to discipline employees who do not comply with the policies and procedures;
• being prepared to reward employees who do; and
• ensuring anyone acting on behalf of the organisation (i.e. agents and intermediaries) are required to comply with the organisation’s prohibition on facilitation payments by making it a contractual obligation, breach of which will permit immediate termination.

There are also a number of practical risk analysis and preventative measures that could be considered. For example:

• identify where such payments are made or demanded, how they are made, in what contexts (the way bribes are demanded and paid can vary dramatically from country to country and even within countries from one source to another) and then use the information you have gained from this analysis and from experience of doing business in difficult jurisdictions to help you set your policies and procedures for the future;
• some risks can be eliminated simply by knowing what sorts of demands are made and taking pre-emptive steps to avoid the risk occurring - e.g. carrying passport/ID at all times (in Russia you need to carry your passport with you at all times).  Therefore, make sure staff travelling to those countries are provided with the information they need to avoid the issue arising in the first place;
• provide guides for employees exposed to high risk situations (as identified by the risk analysis);
• provide training to staff in high risk areas of the business (including negotiation skills training on how to resist demands);
• where demands are made, seek proof of a legal requirement to pay;
• if you think a payment demand is a facilitation payment, only agree to pay it if the demander provides a formal receipt or written confirmation of its legality;
• where possible, take notes of conversations where extortive demands are made and obtain details of names and positions of demanders;
• do not allow employees to obtain reimbursement for such payments;
• only condone their payment when employees are in an emergency situation - i.e. under threat of physical harm;
• report all payments to legal/ line manager and seek prior authorisation if possible.  Also report all demands successfully resisted and how they were resisted – these can be used in future as training examples;
• be prepared to take things further when demands are made - including to diplomatic/ political levels;
• be prepared to build in time delays into a project as a result of refusals to pay facilitation payments; and
• if you do business through a JV that includes the relevant State as a partner, pass on the costs (or a portion of them) associated with the increased delay caused by a refusal to pay facilitation payments.

Ensuring that your organisation has sufficient contractual protections will form an important part of implementing a robust anti-bribery compliance framework and providing an adequate procedures defence.

The sorts of contracts that are likely to pose the greatest risks will include:

• Public procurement contracts and contracts with local, central and foreign Governments, departments and state entities.
• Contracts where the counterparties and/or governing law is a jurisdiction prone to bribery.
• Joint venture arrangements.
• Agency contracts where the agent is able to contract business on your behalf or there is heavy reliance on them to obtain business.

Depending on the degree of risk involved, the sorts of contractual protections you may wish to consider implementing (some of which may already form part of your normal boiler-plate protections), include:

• Terms requiring compliance with all applicable laws/regulations.
• Terms requiring understanding of, and adoption/ implementation by, counterparties either of your organisation’s policy and procedures or equivalent protections.
• Representations and warranties that there has been no bribery in connection with obtaining the contract.
• Representations and warranties that there will be no bribery in operating the contract.
• Restrictions on sub-contracting without prior approval/ due diligence by your organisation.
• Restrictions on individuals within the counterparty who may service the contract, to those with appropriate qualifications and clean background checks (so far as permissible).
• Terms requiring counterparties to maintain adequate records in accordance with applicable laws/regulations/procedures and allowing your organisation appropriate rights of access/audit.
• Terms allowing access to, and processing of, data relating to individuals (employees, agents and business partners), including emails, laptops, mobile/ blackberry data etc.
• Terms requiring individuals to assist in any investigation, whether internal or external, including by agreeing to take part in interviews if necessary.
  •    Terms requiring individuals to report suspicions of wrongdoing/encourage whistle-blowers.
  •    Terms providing for rights of suspension and termination for breach.
  •    Certification requirements regarding some or all of the above.

In March 2012, the OECD published its Phase 3 Report on the UK’s implementation of the OECD Convention on Combating Bribery.  The OECD Working Group responsible for drafting the report visited the UK and conducted interviews with senior politicians, judges and practitioners.  A number of judges interviewed noted that “a company could be convicted under the [Bribery] Act even if it acts in accordance with the [Guidance].”

The OECD Report suggests that judges would likely make limited use of the Guidance at trial, as some suggested it was of comparable authority to an academic text.  As noted above, there remains limited judicial consideration of the adequate procedures defence, due to the use of deferred prosecution agreements as the primary mode for dealing with corporate liability under the Act.  Until further clarification is provided by the courts, the full extent of the defence of adequate procedures will remain unclear.  Until such clarification is given, we recommend that corporates continue to act in accordance with the Guidance.

Yes.  In addition to the Government’s guidance, there is a wealth of other guidance on “adequate procedures” and good practice in bribery prevention available from relevant specialist organisations and industry bodies.