The U.K. Bribery Act 2010 that took effect July 1 represents a major change in global anticorruption law, but awareness of its provisions remains low, according to a Deloitte webcast poll. U.S. companies with offices or sales activities in the U.K. need to get up to speed with its provisions, experts warn, because the law applies both to companies that are incorporated in the U.K. as well as companies that conduct business there, whether they have a physical presence in the country or not.
While 78% of respondents to the Deloitte poll said there will be greater global anticorruption enforcement in the next year, nearly as many (73%) said they are unfamiliar with provisions in the U.K. Bribery Act. More than 1,000 business professionals from the financial services, consumer and industrial products, technology and media, banking and securities, and other industries responded to the polling questions during a webcast on the Foreign Corrupt Practices Act (FCPA) held earlier this year.
“Now is the time for boards, chief executives and senior management to get together and refresh their anticorruption compliance programs to ensure that ‘business as usual’ today isn’t a future U.K. Bribery Act violation,” said Joe Zier, a leader in Deloitte’s FCPA consulting services practice. “Going forward, organizations should focus on expanding their anticorruption programs beyond the FCPA to fully address the new Bribery Act 2010 provisions.”
The new U.K. law sets rules for two general offenses covering the offering, promising or giving of a bribe (active bribery) and the requesting, agreeing to receive or accepting of a bribe (passive bribery). It also expands the scope of regulation to include commercial bribery, not just bribery of government officials. And it also makes companies liable for the actions of subsidiaries and agents with whom they do business.
If a company is convicted of an offense under the U.K. Bribery Act, the only way it can avoid penalties is to prove that it had “adequate procedures” in place to prevent the crime. The procedures required of a small or medium-size company are likely to be different from those of a large, multinational corporation.
“Everyone is asking, ‘How does this law apply to me?’ ” Zier said. “Companies need to be vigilant of where their potential risks lie and investigate them fully to identify new exposures.”
To help companies understand how to comply with the Act, the U.K.’s Ministry of Justice issued a guidance document (available at tinyurl.com/5sf582t). The background paper outlines six key principles that companies should follow to “prevent bribery being committed on their behalf.” They include making a top-level commitment to foster a culture in which bribery is never acceptable, conducting periodic risk assessments and applying due diligence procedures with regard to bribery prevention.
Another recommendation involves “proportionality,” the principle that a company’s procedures to prevent bribery by persons associated with it be proportionate to the risks it faces and the nature, scale and complexity of its activities.
Zier recommends that all global companies with a business presence in the U.K. take these five steps to address the U.K. Bribery Act’s requirements:
Fully evaluate their entire operation—how and where they do business—to assess all of the new risks being faced. “The risks of partnering with a company in China may be different than with a company in Brazil or Russia,” he said. “Leaders need to drill down to determine the special aspects of doing business in a particular location and develop systems for guarding against potential violations.”
Provide thorough education and training to employees, subsidiaries and business partners. Zier recommends that companies “rethink how they communicate with employees to make sure everyone understands the new requirements. Web-based training probably won’t be enough, since it’s not ‘sticky,’ ” he said. Face-to-face training is especially valuable for higher-risk employees. “You need to talk with them about what they’ll face on a day-to-day basis and give them strategies for dealing with those situations.”
Develop improved mechanisms for risk assessment and due diligence. “The old approach, which relied mostly on intuition and public records, isn’t going to fully protect a company,” Zier said. He recommends that companies tailor their approach to individual countries and that they collect information about business partners directly on their own.
Realize that “one size no longer fits all” in today’s complex global environment. “Companies tend to think that if they’re meeting the requirements of the FCPA, they are in good shape,” Zier said. “But this new law goes beyond those requirements. It requires a more rigorous, consistent approach than most companies are used to.”
Conduct ongoing monitoring and review to assess changed circumstances and new risks as they emerge. “The business climate is constantly changing, and it’s important to stay on top of new developments,” he said.
Gary James is a JofA senior editor. To comment on this article or to suggest an idea for another article, contact him at firstname.lastname@example.org or 919-402-4895.
Key Questions to Ask About Current Anticorruption Programs
In many regards, the provisions of the U.K. Bribery Act are broader than the Foreign Corrupt Practices Act (FCPA), which covers bribery of foreign government officials but not private individuals, for example. Penalties for violations also are more severe under the U.K. law: unlimited fines against any person or company and imprisonment of up to 10 years.
Because the stakes of a misstep are high, current compliance programs tailored to the requirements of the FCPA should be reviewed to make sure they meet the tougher standards of the Bribery Act.
These are some of the key questions companies should ask about their current anticorruption policies, procedures and controls, according to Deloitte:
- Does the company have a clear anticorruption policy and code of ethics that are visibly and consistently supported by senior management and communicated throughout the organization?
- Are employees, representatives and business partners required to certify regularly that they have read and understood the company’s anticorruption policy and complied with its provisions? Is language relating to the anticorruption policy included in contracts with third parties?
- Does the company provide regular training on its anticorruption
procedures to employees, representatives and business partners, and
is attendance at this training documented? Is this training tailored
to specific work functions, and does it include real-world
Are anticorruption procedures and controls included in day-to-day business processes?
- Does the company have a system of internal controls designed to maintain accurate books and records that prevent their use to facilitate or hide corrupt payments? Are those controls regularly reviewed to make sure they remain effective, adequate and appropriate to the level of risk the company faces?
- Does the company regularly assess its operations to identify potential high-risk areas and ensure the effectiveness of its anticorruption procedures? Are those efforts proportionate to the company’s level of risk?
- Does the company regularly monitor compliance with anticorruption procedures by employees, representatives and business partners?
- Does the company have a mechanism in place to allow employees, representatives and business partners to report suspicions of corrupt activity confidentially?
- Does the company have a response plan in place to deal quickly and effectively with incidents of potential corruption?
- Does the company have a disciplinary process that addresses violations of anticorruption procedures?
More from the JofA: