The U.K. Bribery Act
and the Globalization of Corporate Compliance
ByJonathan Halpern and Andrew E. Costa I. Introduction
During the next few months companies doing business in the U.K. and elsewhere abroad will be confronted with compelling incentives to re-evaluate, test and modify their anti-corruption compliance programs to reduce their criminal and civil exposure. The most pressing motivator is the U.K. Bribery Act of April 2010 (the “Bribery Act”), which goes into effect July 1. The recently-issued guidance on the Bribery Act from the U.K. Ministry of Justice, Serious Frauds Office and Director of Public Prosecutions (the “MOJ Guidance”), adds to the host of considerations businesses in the United States and abroad should take into account to protect themselves and their executives from criminal prosecution for conduct thousands of miles away. The mere prospect of an official inquiry – in the U.K. or at home – is reason enough for a
thorough assessment to determine whether a business’s anti-corruption procedures are, in fact, effective.
The opportunities and challenges for business organizations have not arisen suddenly, but their compliance programs now may require some modifying, as the evolving environment of anti-corruption legislation and enforcement increasingly warrants a comprehensive and global approach. The arc of this evolution is familiar, starting with the Foreign Corrupt Practices Act (“FCPA”), in 1977. Although the force of the FCPA was at first underestimated and business practices often eluded prosecutorial scrutiny, aggressive enforcement over the last few years has led the fight against supply-side official corruption (i.e., enforcement against bribe givers and authorizers) and become a standard U.S. export. Other countries have followed suit, most notably by way of the OECD Convention on Combating Bribery of Foreign Officials in
International Business Transactions (“OECD Anti-Bribery Convention”), signed in 1997, and the United Nations Convention Against Corruption (“UNCAC”), adopted in 2003. Along the way, numerous countries enacted their own laws and regulations to comply with their obligations as signatories to either of these or related conventions.
Although the Bribery Act may modify the compliance landscape, the first order of business for business organizations remains unchanged: to protect themselves by being good corporate citizens. To do so, the fundamental directives for devising or enhancing a compliance program for businesses still apply: conduct a top-to-bottom review of worldwide operations and relationships, find out where and with whom the company's business is being conducted
company employees, agents and representatives with operational responsibilities. Then assess the criminal and civil risks.
Such an assessment should not take place solely in the context of an FCPA review. Instead, the evaluation should be made from a global perspective, in the context of all applicable laws, wherever the business is being conducted. Vigilance for direct and indirect interaction with foreign officials should, of course, remain a high priority. Payments of anything of value (in any form), including gifts and hospitality to both private vendors and public officials (broadly defined under the FCPA) and their agents should be identified and carefully reviewed.
In light of increased cooperation by law enforcement agencies around the world, even the most innocuous-seeming gifts or exchanges may come under governmental scrutiny and lead to a wide and unwelcome investigation. Pre-payment review and approval after careful consideration should constitute standard procedure to help ensure that payments are not
offered or made to obtain or retain business or a commercial advantage. Accordingly, corporate counsel and compliance officers would be well advised to pay special attention to the controls they have in place, with focus on due diligence on third-party representatives, joint ventures and subsidiary activity and acquisitions.
Moreover, for the controls to be minimally adequate under the U.S. Sentencing
Guidelines (“Sentencing Guidelines”), a well-designed protocol of supervision, training, auditing, monitoring, management and board supervision should be implemented and tested. Meticulous assessment of company protocols for compliance is essential.
For example, reviewing promotional expenses is one, but not the only, good policy to consider. Business marketing gifts and entertainment and hospitality expenditures have long been regarded merely as customary and innocuous marketing devices to help engender good will and promote business relationships. Increasingly, however, such means of building and extending relationships must be scrutinized and considered well in advance of any proposed payment. The consequences for failing to conduct an appropriate assessment – and fully and timely addressing any issues – can be severe.
With the advent of the Bribery Act, wholesale re-tooling is not necessarily required. However, companies with international operations should undertake a fresh review, conduct an appropriate assessment and make needed modifications. Fundamentally, the compliance
challenges organizations have encountered and navigated through for years remain unchanged. Indeed, several Bribery Act proscriptions reprise issues well known to compliance officers.
The six principles of effective compliance set forth in the Bribery Act Guidance are hallmarks of good corporate practices that are also reflected in the Sentencing Guidelines and the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance (“OECD Good Practice Guidance”), and poke through the fabric of the FCPA, at least in the government's view: (1) proportionality of response to identified bribery risk; (2) commitment of top-level management to prevent bribery; (3) risk assessment; (4) due diligence as to third-party representatives; (5) communication and training; and (6) monitoring and review.
The U.K.'s example of anti-corruption legislative action is not a standalone. Countries both within and outside emerging markets reportedly are drafting criminal anti-bribery statutes. This year, China reportedly is expected to review draft legislation that criminalizes bribery of foreign officials; India has stated that it will draft an anti-bribery law; and Indonesia also appears to be taking steps to amend existing law to make foreign official bribery a crime. Even Russia,
which is near the bottom of the Transparency International Corruption Perceptions Index rankings, has passed a foreign official bribery law to comply with the OECD Anti-Bribery Convention as part of its campaign to join the OECD.
II. The U.K. Bribery Act and the International Anti-Bribery Environment A. U.K. Bribery Act 2010 – An Overview
Until the Royal Assent in April 2010 to the Bribery Act, Britain had been heartily criticized for its perceived lackluster anti-corruption legislative and enforcement efforts. The OECD, in particular, expressed concern about the absence of comprehensive anti-bribery legislation in light of the obligations imposed on OECD Anti-Bribery Convention signatories and the overall perception of anemic enforcement. While passage of the Bribery Act will not, by itself, allay all concerns over lax enforcement, it does bolster Britain's ability to enforce anti-bribery laws in a comprehensive manner.
Sections 1 and 2 of the Bribery Act generally prohibit both supply- and demand-side (i.e., give and take) bribery. Section 1 makes it a crime for someone to give, offer, or promise "a financial or other advantage" to another to influence the recipient to perform improperly a "relevant function." Section 2 criminalizes demand-side, or passive bribery, prohibiting the request, demand or receipt of a bribe. To be actionable, the active or passive bribery must relate to a “relevant function,” which is defined broadly to include not only new or existing business or a business advantage, but any function that is expected to be performed on behalf of the business entity, in good faith, impartially, or as a result of being placed in a position of trust. Bribery Act, 2010 ch. 23 § 3. These proscriptions apply to bribes in private commercial dealings, not just to foreign public officials.
In contrast to the first two provisions of the Bribery Act, Section 6, which addresses bribery of public foreign officials, imposes a lower standard of proof. It requires only an “intent to influence,” rather than an intent to induce “improper performance” (under Sections 1 and 2). Business entities, or “relevant commercial organization[s],” are subject to Section 7 criminal liability if anyone “associated” with them bribes another person. Id. § 7(1). However, a
business organization can successfully mount an affirmative defense to a Section 7 charge if it can demonstrate it has “adequate procedures designed to prevent persons associated with [it] from undertaking such conduct.” Id. § 7(2).
Despite some similar anti-bribery proscriptions, the Bribery Act differs from the FCPA in several important respects. The Bribery Act has a wider jurisdictional reach than the FCPA. Coverage extends to private or commercial trade (not just to corrupt payments to foreign public officials, which the FCPA proscribes) and to bribe recipients (not just to those who give, offer or authorize payments). Bribery Act § 2. (Nonetheless, the Department of Justice recently has made clear that it is unwilling to give a pass to foreign public official bribees, and will pursue prosecution under conspiracy and anti-money laundering laws.)
The two anti-corruption measures use different mental states to achieve similar ends. The touchstone of intent under the Bribery Act is the intent to induce "improper" conduct (under Sections 1 and 2 of the Bribery Act) or “intent to influence” (under Section 6 of the Act), rather than the corrupt intent that the anti-bribery provisions of the FCPA require. And, as discussed above, no intent is required at all under Section 7, which makes a business's failure to prevent bribery in the workplace a strict liability crime (subject to the affirmative defense).
Unlike the FCPA, however, the Bribery Act has no books and records or accounting controls analog. 15 U.S.C. § 78m(b)(2) (requiring issuers to, inter alia, make and keep books and records “which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of assets of the issuer”). Nor does the Bribery Act contain an exemption for facilitation, or "grease," payments for routine, non-discretionary ministerial functions that the FCPA narrowly permits. 15 U.S.C. § 78dd-1(a). The contrasts in the U.S. and U.K.
anti-corruption laws offer some general perspective on complementary enforcement programs. The FCPA is supported by a 34-year record of enforcement, including the past decade of
increasingly aggressive prosecutions. For the new Bribery Act, the recently released Guidance helps, albeit loosely, to promote compliance and set the boundaries of prosecution.
The broad-based criminal act follows years of criticism of the U.K.’s anti-bribery enforcement efforts. Robust anti-corruption enforcement now appears far more likely in the U.K. with this newly-minted potent law.
III. The MOJ Guidance: An Overview of the Bounds of Compliance and Prosecution Under the Bribery Act
The MOJ Guidance provides a framework for commercial companies conducting business in the U.K. and seeking to implement "adequate procedures" – both to prevent violations and serve as an affirmative defense against liability under the Act. For U.S. companies doing business in the U.K. or otherwise subject to the reach of the Bribery Act, adherence to both the Bribery Act and the FCPA are essential components of a comprehensive global anti-corruption compliance program.
Jurisdiction and Application
Each in its own way, the Bribery Act and the FCPA have broad jurisdictional reach; for the FCPA, that reach appears to be extending with increasing elasticity. Applying the Bribery Act to an organization’s activities will depend on the different jurisdictional triggers for direct liability provisions (Sections 1 (bribing), 2 (being bribed), and 6 (official bribery)), in contrast to its secondary strict liability provision (Section 7 (a business's failure to prevent bribery)).
The Bribery Act authorizes prosecution if any act or omission forming part of the offense takes place within the United Kingdom or, in the absence of an act or omission taking place within the U.K., if the "associated person” who commits the offense has a "close connection" to the U.K. Bribery Act § 12(1) & (2). A "close connection" exists if, inter alia, the person is a British citizen, a regular resident of the U.K., or is a British company. Id. § 12(4). These
jurisdictional triggers are generally consistent with the reach of the FCPA. U.S. jurisdiction over FCPA violations extends to "domestic concerns," including U.S. companies and U.S. citizens, nationals, and residents wherever they are (15 U.S.C. § 78dd-2(a)) or when any act in
furtherance of the corrupt payment takes place within the United States. Id. §§ 78dd-3(a). One significant difference between the reach of the Bribery Act and of the FCPA
concerns applicability to "issuers." The FCPA applies to all “issuers” – those companies whose shares are sold on a national exchange and, therefore, are subject to the registration and reporting requirements of Securities and Exchange Act. Id. §§ 78dd-1(a). (The Bribery Act uses a different test, but, as discussed below, neither the statute nor the MOJ Guidance
specifically rejects this jurisdictional trigger for violations of Sections 1, 2 or 6 of the Bribery Act.) The Bribery Act’s jurisdictional triggers for these sections still require, as part of a compliance assessment, a determination of the citizenship or nationality of an organization’s employees.
However, under Section 7, for a business to have criminal exposure, the nexus need not be as close as that required under Sections 1 or 6. An offense for failure to prevent bribery applies to any “relevant commercial organization.” Bribery Act § 7(1). A "relevant commercial organization," including an associated person's employer, is in violation if an "associated person" bribes someone else with the intent to obtain or retain business or an advantage for that business. Id. The reach of Section 7 liability differs significantly from that for Sections 1, 2 and 6.
The first category of “relevant commercial organization” under Section 7 is
straightforward: any company or partnership organized under U.K. law. Id. § 7(5). As the MOJ Guidance makes clear, such organizations are subject to Section 7 if they engage in any
commercial activity, even without a profit motive. MOJ Guidance ¶ 35. The other category of “relevant commercial organization” covers organizations that “carry on business” in the United Kingdom. Bribery Act § 7(5). This slippery facet of the Bribery Act has generated great concern over the limits of the law's extension. The MOJ Guidance professes that application of the “carrying on business” test will be made with a “common sense approach” so as not to impose liability on an organization absent a “demonstrable business presence” in the United Kingdom. MOJ Guidance ¶ 36. To this end, the MOJ Guidance provides two examples which, despite some U.K. connection, will not by themselves confer jurisdiction on the company: (1) where the company's securities are listed and may be traded on the London Stock Exchange; and (2) where it merely has a U.K. subsidiary (which “may act independently of its parent or other group companies”). Id. Either one of these two examples may be considered with additional factors to be deemed sufficient for jurisdiction. Although the MOJ Guidance on this issue applies to
Section 7 workplace violations, its applicability to Sections 1, 2 or 6 is far from certain. Nor can a covered company count on avoiding criminal liability simply because an "associated person" has not been convicted, or even prosecuted. The associated person – someone who is to "perform[] services" for or on behalf of the company – need not be
prosecuted as a predicate for the company's prosecution under Section 7. Bribery Act § 7(3)(a); MOJ Guidance ¶ 37. Nor is the associated person required to have a close connection with the U.K. MOJ Guidance ¶ 37. Moreover, the question of who "performs [such] services" is very broad, and there are no apparently automatic exclusions. Employees are presumed to perform services, agents and subsidiaries qualify, and contractors and suppliers may also qualify depending on the circumstances. Titles and position are not determinative; far more important are the actual conduct and the practical circumstances.
In addition to facing liability for failing to prevent bribery in the workplace, a business organization may also be prosecuted under Sections 1 and 6 if the government can prove that the offer, promise or giving of a bribe was by someone "representing the corporate 'directing mind.'" MOJ Guidance ¶ 14 & n.3.
Principal Responsibility and the Six Principles
As discussed above, the Bribery Act creates a full defense to a Section 7 bribery charge for companies that can demonstrate that they have implemented "adequate procedures" to prevent associated persons from engaging in bribery (even if a case of bribery has been proved). The affirmative defense is required to be proved by "the balance of probabilities." In deciding whether to proceed with a prosecution, the government reportedly will determine the adequacy of compliance procedures by examining the particular facts and circumstances,
including the level of control exercised over "associated persons" and the degree of risk for which mitigation is required.
The six core principles set out in the Guidance provide helpful advice in devising and implementing “adequate procedures” to prevent bribery and, by implication, establish a defense to a Section 7 charge. These principles are:
1. Proportionality of response to the bribery risks that the organization faces and to the nature, scale and complexity of the organization's activities;
2. Commitment of top-level management to prevent bribery by associated persons (e.g., effectively communicating no tolerance policy from top to bottom);
3. Risk Assessment: (promoting periodic, informed and documented assessment proportionate to the company's size and structure and to the nature, scale and location of its operations);
4. Due Diligence: (demanding company investigation and awareness of those acting on their behalf to mitigate bribery risks);
5. Communication (and training): (ensuring that policies and programs are "embedded and understood" throughout the company through internal and external communication); and
6. Monitoring and Review: (undertaking systematic review to assess changed circumstances and new risks, and implementing improved procedures where deemed appropriate).
These principles jibe with the provisions of an effective compliance program found in the Sentencing Guidelines and the OECD Good Practice Guidance. Assessing risk, responding proportionately, exercising due diligence, ensuring appropriate supervision by top-level
management (“tone at the top”), communicating, monitoring and reviewing (periodic evaluation) are elemental components of "adequate procedures." Tailoring a comprehensive program that hews to a company's particular business operations with adequate oversight and review is a hallmark of a sound compliance program.
Facilitation Payments
As mentioned above, the Bribery Act, unlike the FCPA, does not contain an exemption for facilitation payments – small grease payments to low-level government officials to perform or expedite routine, non-discretionary services (e.g., processing immigrations or customs forms, turning on the electricity, etc.). Such payments are illegal under the Bribery Act. Nonetheless, the MOJ Guidance makes clear that the U.K. government appreciates that, given certain regional and industry realities, overnight elimination of such payments is not feasible. MOJ Guidance ¶ 46. Moreover, "eradication" of facilitation payments is recognized as a "long-term objective." The Prosecution Guidance appears to support this practical approach by identifying the following factors that may help determine whether to prosecute parties for making these payments:
Factors in favor of prosecution: (i) large or repeated payments; (ii) planned or accepted payments that may reflect standard operating procedure; (iii) payments reflective of an official's corruption; and (iv) payments in contravention of the organization's facilitation payment policies and procedures.
Factors against prosecution: (i) a single small payment; (ii) payment identified as part of a genuinely proactive approach involving self-reporting and remedial action; (iii) adherence to the organization's clear and appropriate procedures for facilitation
payment requests; and (iv) duress – the particular circumstances placed the payer in a vulnerable position.
Prosecution Guidance, at 9. Thus, while there is comfort in the acknowledgment that immediate elimination of facilitation payments is impractical, the threat of prosecution for such payments is still present. Although application of these factors may lead to a decision not to prosecute, the absence of prosecution should not be confused with compliance with the Bribery Act (especially for those parties required to represent and warrant in their contracts that they comply with the Act). Moreover, given the increasing cross-border cooperation among prosecutors, the detection of possible facilitation payments by U.K. prosecutors poses the risk that their
existence may be reported to prosecutors in other countries with applicable foreign or domestic corruption laws.
Hospitality and Promotional Expenses
One of the most significant concerns about the Bribery Act has been the treatment of hospitality, entertainment and other promotional expenses. The issue has received significant attention under the FCPA, which allows bona fide promotional and marketing expenses under certain controlled circumstances. 15 U.S.C. § 78dd-1(c)(2). The concern – and risk of a violation – is heightened when abuses or careless behavior ensues. The Bribery Act’s prohibition of commercial bribery may generate heightened scrutiny of hospitality expenses involving private vendors, but this aspect of the Bribery Act is not new to counsel for U.S. companies. Nearly every state criminalizes commercial bribery. And the DOJ regularly uses the Travel Act as an adjunct of the FCPA to prosecute commercial bribery (perhaps best
exemplified by the 2009 information and plea agreement between Control Components Inc. and the DOJ).
Like the exception under the FCPA, reasonable and bona fide promotional and
hospitality expenses will not be treated as violations of the Bribery Act absent bad intent. The MOJ Guidance makes clear that providing tickets to sporting events, taking clients to dinner to promote and continue good relations, and paying for reasonable travel expenses to
demonstrate products and services, if reasonable and proportionate, will not run afoul of the Bribery Act. MOJ Guidance ¶ 30. However, expenses that mask an intent to bribe or
improperly induce advantageous business conduct are problematic. The extent of the hospitality and promotional expenses offered, the way in which they are provided and the degree of
influence the entertained client exercises or can exercise in a business decision are all factors for review. Assertions that reasonableness will constitute the standard provide little assurance as to how to know with certainty what is in bounds and what is out.
IV. A Practical Approach to Compliance
The Bribery Act may not require companies to re-invent their compliance programs. Common sense, reasonableness and proportionality are the guiding themes that should apply in implementing "adequate procedures" to prevent commercial and official bribery. The
Sentencing Guidelines, the OECD Good Practice Guidance, and the MOJ Guidance share common principles of compliance: identification of risk, implementation of effective, tested controls, hands-on oversight, board and top-management supervision, training, communication, due diligence, auditing, monitoring and re-evaluation. Fundamentally, a company with
international operations, through subsidiaries, affiliates, joint ventures or third-party
representatives, should undertake an assessment of its operations to fairly determine its risk and the propriety of making modifications to abide the Bribery Act, the FCPA and other anti-corruption laws. The particular industry, geographical region, method of distribution and sales,
operations personnel involved, and nature of awarded contracts (with or without a public official nexus) merit a thorough risk analysis. The risk-based analysis suggested by the Sentencing Guidelines, the OECD Good Practice Guidance, and the MOJ Guidance will afford some reasoned flexibility to implement appropriate programs.
For example, methods and controls used for sales and distribution in Norway and New Zealand should be reconsidered – and likely reconfigured – for outlets in other countries, such as, for example, China, Nigeria, Russia and Brazil. Readily available corruption perception indices should be consulted, and the business culture of particular countries and industries carefully considered. Companies should pay particular attention to the nature of their industry, business and operations and examine the roles that government-owned or controlled agencies play in their business, such as licensing. Addressing these issues should assist companies to gauge risk and guide prudent decision-making in setting appropriate controls, checks and safeguards.
Due diligence on joint venture partners, subsidiary activity, agents and third-party representatives may warrant granular review and vetting in certain cases, depending on the circumstances. A reasoned and reasonable approach should be deemed acceptable if it generates effective controls to deter and detect problems. Questionnaires, background checks, references and personal interviews are some methods used to help ensure that "associated persons" acting on the company's behalf have a clean record. Annual anti-corruption
certifications and real-time controls can help to ensure that agents, representatives and other “associated persons" abide by all applicable laws, rules and policies.
"[R]easonable steps" that include monitoring and auditing to detect criminal conduct constitute a part of the "minimal[]" requirements for a company to have an effective compliance and ethics program under the Sentencing Guidelines.
Here are a few attention-getting issues that can signal potential trouble at the outset of a detailed third-party payment review: (1) questionable necessity for the service and its fair market value; (2) requests for advanced, cash, third-country, bonus, commission, non-transparent or other questionable payments; (3) undocumented expense payments or vague, inflated or incorrect invoices; (4) close and ongoing relationship with foreign government official(s); and (5) use of, or payment to, intermediaries.
The size, structure, complexity and sophistication of the business operations will help dictate the nature and scope of ongoing controls and the overall compliance program. The essential components of an effective or "adequate" compliance program should remain uniform, however: demonstration of genuine commitment to ethical conduct and compliance with the law based on established standards and procedures. Smaller companies may, however, be able to achieve the same high-level of compliance with less formality and fewer resources. Newer approaches, consistent with recent amendments in the Sentencing Guidelines, may need to be adopted. For example, additional steps should be considered where criminal conduct has been identified. According to the Sentencing Guidelines, the reasonable steps to remedy the harm caused by the criminal conduct may include, depending on the circumstances, paying restitution to identifiable victims, self-reporting and cooperating with the authorities. A reassessment may well be in order to determine if the existing program is still effective. The Sentencing Guidelines assert that appropriate steps may include using "an outside professional advisor to ensure adequate assessment and implementation of any modifications."
Devising internal policies for gifts and hospitality may well be influenced by whether they are extended to public officials or employees of corporations. For example, it is commonplace for a corporation's code of conduct to permit giving or receiving gifts or entertainment, within limits, when private parties are involved. When public officials are involved, however, gifts or entertainment are allowed, if at all, only under strictly limited circumstances, and prior approval must be obtained.
Fundamentally, a one-size approach cannot fit all or most companies. Instead, a risk-based, narrowly tailored and tested program that is well communicated, executed, supervised and frequently reviewed should go a long way to safeguard against criminal and civil liability under both U.S. and U.K. anti-corruption laws, even if a wayward employee or agent strays and participates in corrupt deal-making. In this regard, ultimately, the Bribery Act has changed little with respect to assessing and fulfilling a company’s compliance obligations.
Mr. Halpern is a partner in the New York office of Bracewell & Giuliani LLP. Mr. Costa is the General Counsel of Atlantic Methanol Production Company LLC.
URL to article:
http://www.mainjustice.com/justanticorruption/2011/06/03/the-u-k-bribery-act-and-the-globalization-of-corporate-compliance/