Managing Bribery risk

A fortnightly spotlight on the Isle of Man's Finance and Professional Services sectors from Finance Isle of Man, written in partnership with Industry. Focus on Finance highlights work from both Industry and Government, and promotes opportunities, challenges and achievements.

UK and Isle of Man Anti-Bribery legislation and what businesses should be doing to ensure they are abiding by the rules.

While anti-money laundering (“AML”) remains an important focus area for businesses in many sectors, the introduction of tough new legislation in 2013 and greater enforcement activity globally in respect of bribery and corruption have created a strong incentive for companies to carefully consider and, where appropriate, take specific measures to mitigate bribery risks.

Paying bribes was once considered an inevitable cost of doing business in some jurisdictions and sectors. However, the international community has increasingly sought to challenge that position. Conventions introduced by the Organisation for Economic Development (OECD) in 1997 and the UN in 2003 have led many countries to bolster their anti-corruption legislation and (in some cases) step up enforcement action. The UK Bribery Act 2010 (UKBA), which was substantially mirrored by the Isle of Man in 2013, implemented the legislative requirements of the UN Convention Against Corruption. The Acts cover bribery of public officials and bribery between private entities. In both cases, the Acts capture bribery whether undertaken directly or via intermediaries and they also introduce a corporate offence of failing to prevent bribery. Although enforcement was slow to start, the UK’s Serious Fraud Office has now prosecuted or settled several cases and has around a dozen open investigations.

Even where domestic enforcement against bribery is limited, companies should not be complacent. Countries that are active in enforcement have proven themselves very willing to pursue claims against foreign companies, with the United States being perhaps the most notable. Its Foreign Corrupt Practices Act (FCPA) was introduced in 1977, but enforcement was stepped up in the early 2000s. Since then, the US Department of Justice has frequently brought actions under the FCPA against foreign companies and individuals, even where a limited connection to the US exists. The UK’s Rolls-Royce, France’s Alstom, Germany’s Siemens and Israel’s Teva Pharmaceuticals are among those to have faced significant penalties and disgorgements of profits in recent years. Indeed, of the ten largest ever settlements under the FCPA, only two are with US-based companies.

It has also been a trend in recent years to see greater collaboration and coordination between jurisdictions on anti-bribery investigations, with the well-publicised Rolls-Royce case involving extensive cooperation between the UK and the US. Furthermore, a particularly relevant feature of UKBA to the Isle of Man is that British citizens can be pursued under UKBA regardless of where an offence is committed. A similar principle applies to US citizens under the FCPA, albeit only where bribery involves foreign public officials.

Another important feature of the UK and Isle of Man Bribery Acts is that, by taking steps to prevent bribery, an organisation can build an ‘adequate procedures’ defence to corporate charges should a rogue employee or third party intermediary engage in bribery on the company’s behalf in spite of those systems. This possibility prompted the development of a new British standard for anti-bribery management systems, which has since formed the basis for an international standard (ISO37001). Microsoft and Wal-Mart are among the big names who have announced their intention to pursue certification.

Even for organisations that choose not to seek certification, the standard offers a framework for building and maintaining an anti-bribery management system that is likely to afford the organisation the ‘adequate procedures’ defence and may assist an organisation in demonstrating effective anti-bribery measures should it find itself facing enforcement from elsewhere. For example, the US Department of Justice will take an organisation’s compliance environment into account as a factor in deciding whether or not to pursue a case and in setting the values of penalties.

It is evident that not all companies are taking advantage of the ‘adequate procedures’ opportunity. In its most recent annual report on AML, the UK’s Financial Conduct Authority noted improvements in AML controls at the firms it reviewed, but highlighted that “we found weaknesses in firms’ anti-bribery and corruption framework[s]” and reminded firms that “they must ensure they manage and mitigate all their financial crime risks at all times”.

So what are ‘adequate procedures’ under the UK and Isle of Man Bribery Acts? The short answer is ‘it depends on the organisation’. Official guidance published in support of the Acts is not prescriptive, but includes six key principles:

• Introduction of proportionate procedures which take into account the organisation’s risk profile. What may be appropriate for a small retailer operating from a single site within a lower-risk jurisdiction might not be appropriate for a large bank with counterparties and intermediaries spanning multiple jurisdictions, including higher-risk jurisdictions.
• The need for top-level commitment from management to the prevention of bribery by or on behalf of the organisation.
• The need to conduct a risk assessment of the organisation’s exposure to bribery risk.
• The need to conduct due diligence measures proportionate to the risk profile of the organisation and the types of individuals and entities it engages with.
• The need for communication of policies and procedures relevant to bribery prevention throughout the organisation and to counterparties and intermediaries, as appropriate. This may include training.
• The need to monitor and review the effectiveness and applicability of the procedures as circumstances change and, where appropriate, to make improvements.

Whether bribery risks are addressed separately or as part of a broader risk management system, professional advisors can support in the design or review of policies and procedures or in delivering elements of the system. Whichever way a business chooses to tackle the practicalities, it is clear that ignoring the issue is not an option.

Share