A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 17 March 2016
In a series of three articles, international law firm DAC Beachcroft LLP and leading global public strategy firm Mercury LLC highlight some of the key aspects of the UK's anti-bribery legislation and explain why multi-national businesses need to be aware of and take steps to guard against risk of criminal liability and associated reputational damage.
The Bribery Act came into force on 1 July 2011. After a slow start, the Serious Fraud Office (SFO) has started to gain traction with recent high profile prosecutions of Standard Bank  and the Sweett Group . The main issue to date has been the lead in time. The Bribery Act does not have retrospective effect. Consequently, where the conduct pre-dates the coming into force of the Act, prosecutions have been pursued under the prior legislation. We are now getting to the point where conduct is being caught by the Act as it occurred after 1 July 2011. The SFO has signalled its intent to be more aggressive in its pursuit of prosecutions under the Act, with the focus as much on corporate wrong doing as it is on individual misconduct. Consequently, at least for the reason we identify in this article, for multi-national corporations, bribery risk exposure will increasingly be an area of concern.
Under the Act, it is an offence for a person to bribe or be bribed. A bribe is essentially the offer of a financial or other advantage with the intent that the person receiving it is induced to improperly perform their function.
Section 7 of the Act makes it an offence for a "commercial organisation" to fail to prevent bribery, and they are guilty of any offence where an "associated person" bribes another person, intending to obtain or retain business or to obtain or retain an advantage in the conduct of business.
Importantly, it is a defence for the commercial organisation to prove it had in place adequate procedures designed to prevent a person associated with it from undertaking such conduct. The procedures to be put in place are guided by six non-prescriptive principles laid down by the government:
In this article, we focus primarily on Risk Assessment, however, it is important first to highlight the extra-jurisdictional reach of the Act as this goes a long way in explaining why risk assessment is such an important aspect
It is crucial for multi-national businesses to understand that the Act is not just concerned with what happens in the UK - it extends to conduct outside of the UK, even where that conduct occurs wholly outside of the UK. Its extra-jurisdictional reach is enshrined in the Act.
If a corporate carries out business in the UK, it can be prosecuted in the UK under s.7 regardless of where the conduct was carried out. As a result, all corporates who do business in the UK need to be aware of the provisions of the Act and have put in place policies and procedures, including carrying out a risk assessment, to prevent bribery. A failure to do so will leave the corporate exposed to prosecution under s.7.
It is worth noting there is some debate around what "carries on a business" means as it is not defined in the Act. It clearly denotes more than just a mere physical or legal presence in the UK. Whilst it is obviously inherent that there needs to be some activity, exactly what activity is open to debate. It naturally includes the corporates regular trade or commercial activity, but there can be little doubt that the intention was to widely define the activity being carried out. It seems likely this will be an area for judicial consideration and direction.
All of the six principles laid down by the government are important, however, the need to carry out and periodically review risk assessment processes and procedures is potentially the most challenging area. The fundamental requirement is that the corporate assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment must be periodic, informed and documented. But what does this mean?
What the corporate needs to do is understand where its exposures lie. At a fundamental level, this may appear straight forward. Surely any responsible corporate will know how it does its business, who it deals with and where it does it. As a result, it should know and understand what risks are associated with its business sector, its business partners and the countries in which it operates.
However, getting it right requires a multi-faceted approach. There needs to be:
Getting it right in the first place is only half the story. There needs to be periodic review of the risks associated with the corporate’s business. Risks can and often do change. This can be driven by changes in the business itself or in the sectors or countries in which it operates. Most commonly, corporates will enter new sectors or new territories, possibly both at the same time. In doing so, it needs to assess whether its risk profile has changed. It must recognise the events that give rise to the need to undertake a review of its risk assessment. This may not mean, however, simply carrying out risk assessment on the specific sector or country. It may also require the corporate to consider whether its risk assessment resources are adequate to carry out the risk assessment in their current form. It may also need to consider whether it has access to the right information. In either case, before the corporate can embark on a sector/country risk assessment it may need to enhance its resources to enable it to properly do so.
External factors can also lead to a need to carry out further or enhanced risk assessment processes. Sometimes the need to do so is obvious, for example where social or political turbulence leads to changes in government or civil unrest. It may, however, be much more subtle: Laws may change which affect the way the corporate is able to do business in a particular jurisdiction, countries may exit from or join trade, economic or social alliances. Whatever the change is, the corporate needs the ability to recognise it and react accordingly. It is possible that no actual changes need to be made to processes and procedures as a result, but the corporate needs to consider it.
Failure to identify or address an obvious change in risk profile is going to give rise to a risk of exposure to prosecution under s.7 of the Act in the event that bribery has taken place. It will give rise to concerns about the adequacy of the procedures in place to identify and assess risk, most likely a lack of adequate resource, whether in terms of man power or experience and expertise. It may also lead to a finding that top level management has failed to exercise proper oversight of the process.
Identification of risk will naturally lead to consideration of how the risks are addressed. This may be via enhancement to existing control functions, implementation of new control functions, monitoring remedial actions to ensure they adequately fill any gaps identified and reporting outcomes.
What is important to bear in mind, however, is that corporates are not required to take exhaustive steps to eradicate the very possibility of bribery. Criminal activity is often by its very nature covert and difficult to identify. Adequate risk assessment enables corporates to understand where the risks lie, to put in place those procedures aimed at preventing bribery and to monitor and react to change. The ability to identify and assess risk is an essential part of the procedures that a corporate needs to have in place to enable it to address bribery, and to be able to defend itself against exposure to prosecution under s.7 of the Act. Recognising the fact that the Act applies to conduct outside of the UK is an essential element of understanding bribery risk.
In addition to the legal woes that come along with SFO investigations and prosecutions, corporates must also pay close attention to the potential for significant reputational damage. Given this damage often outlasts the legal process, the importance of understanding and managing reputational risk cannot be overstated.
It is crucial that corporates operating in territories with high corruption risk have plans in place to immediately address any instances or allegations of impropriety. In the midst of a crisis, there is no time to step back and build the internal capacity needed to effectively respond to reputational threats. Developing crisis communications strategies and protocols in advance enables corporates to quickly respond to any issues as they arise, rather than waiting for them to escalate.
These crisis communications plans must take into account both traditional and social media. Many companies have learned the hard way that social media can turn an obscure local story into an international issue overnight. In order to effectively manage their reputations in this new communications landscape, corporates must understand how to effectively monitor and engage through online platforms.
It is increasingly clear that legal and public relations risk management strategies cannot operate in a vacuum. The two must be seamlessly coordinated in order to be as effective as possible.
 Standard Bank agreed to pay £21.7m under the terms of a Deferred Prosecution Agreement
 Sweett Group was fined £1.4m, subject to an £851,152.23 confiscation order and ordered to pay £95,031.97 in respect of the SFO's costs.
London - Walbrook
+44 (0)20 7894 6290
Richard Highley, Julian Bubb Humfryes
Mathew Rutter, James MacNish Porter
William Allison, Graham Ludlam, Francesca Muscutt
Jonathan Brogden, Aleksandra Spencer, Polly Jackson
Julian Bubb Humfryes, Jonathan Brogden
Julian Bubb Humfryes, John Bramhall
Richard Highley, Francesca Muscutt
Suzanne Wharton, Naomi Park