The U.K. Bribery Act 2010 taking effect July 1 represents one of the biggest changes in global anticorruption law since the USA Patriot Act in 2001, but awareness of its provisions remains very low, according to a Deloitte webcast poll.
While 78% of respondents who participated in the poll said there will be greater global anticorruption enforcement in the next year, nearly as many (73%) said they are unfamiliar with provisions in the U.K. Bribery Act.
But U.S. companies with offices or sales activities in the U.K. need to get up to speed with its provisions, experts warn, since the law applies both to companies that are incorporated in the U.K. as well as companies that conduct business there, whether they have a physical presence in the country or not.
“Businesses have less than three months to revise their anti-bribery compliance programs and retrain their employees before the U.K. Bribery Act becomes enforceable,” said Joe Zier, a leader in Deloitte’s Foreign Corrupt Practices Act (FCPA) consulting services practice. “Some companies began work early to prepare for compliance. Going forward, organizations should focus on expanding their anticorruption programs beyond FCPA to fully address the new Bribery Act 2010 provisions.”
The new U.K. law sets rules for two general offenses covering the offering, promising or giving of a bribe (active bribery) and the requesting, agreeing to receive or accepting of a bribe (passive bribery). It expands the scope of regulation to include commercial bribery, not just bribery of government officials. And it also makes companies liable for the actions of subsidiaries and agents with whom they do business.
When faced with a charge of bribery, a company will have a full defense if it can show that it had adequate procedures in place to prevent the crime. The procedures required of a small or medium-size company are likely to be different from those of a large, multinational corporation.
“Everyone is asking, ‘How does this law apply to me?’” Zier said
To help companies understand how to comply with the Act, the U.K.’s Ministry of Justice has issued a guidance document. The background paper outlines six key principles that companies should follow to “prevent bribery being committed on their behalf.” They include making a top-level commitment to foster a culture in which bribery is never acceptable, conducting periodic risk assessments and applying due diligence procedures with regards to bribery prevention.
Another recommendation involves “proportionality,” the principle that a company’s procedures to prevent bribery by persons associated with it be proportionate to the risks it faces and the nature, scale and complexity of its activities.
“Companies need to be vigilant of where their potential risks lie and investigate them fully to identify new exposures,” Zier said. “Now is the time for boards, chief executives and senior management to get together and refresh their anticorruption compliance programs to ensure that ‘business as usual’ today isn’t a U.K. Bribery Act violation in July.”
Zier recommends that all global companies with a business presence in the U.K. take these five steps to address the U.K. Bribery Act’s requirements:
- Fully evaluate their entire operation—how and where they do business—to assess all of the new risks being faced. “The risks of partnering with a company in China may be different than with a company in Brazil or Russia,” Zier said. “Leaders need to drill down to determine the special aspects of doing business in a particular location and develop systems for guarding against potential violations.”
- Provide thorough education and training to employees, subsidiaries and business partners. Zier recommends that companies “rethink how they communicate with employees to make sure everyone understands the new requirements. Web-based training probably won’t be enough, since it’s not ‘sticky,’” he said. Face-to-face training is especially valuable for higher-risk employees. “You need to talk with them about what they’ll face on a day-to-day basis and give them strategies for dealing with those situations.”
- Develop improved mechanisms for risk assessment and due diligence. “The old approach, which relied mostly on intuition and public records, isn’t going to fully protect a company,” Zier said. He recommends that companies tailor their approach to individual countries and that they collect information about business partners directly on their own.
- Realize that “one size no longer fits all” in today’s complex global environment. “Companies tend to think that if they’re meeting the requirements of the FCPA, they are in good shape,” Zier said. “But this new law goes beyond those requirements. It requires a more rigorous, consistent approach than most companies are used to.”
- Conduct ongoing monitoring and review to assess changed circumstances and new risks as they emerge. “The business climate is constantly changing and it’s important to stay on top of new developments,” he said.
—Gary James ( email@example.com ) is a JofA senior editor.
More from the JofA: