The push and pull between the terms of the Bribery Act and the demands on British business abroad

Posted on March 19, 2013 by Adam Greaves

In a recent survey by accountants Ernst & Young, it is reported in HR Magazine they found that around half of British employers are failing to vet their suppliers for compliance with the Bribery Act.  This is surprising to anticorruption practitioners, taking into account that the Bribery Act provides strict liability for the acts or omissions of associated parties, including suppliers, in the situation where adequate procedures were not in place. One of those adequate procedures would be to vet your suppliers adequately.

Other revealing statistics from the E&Y report:

  • 60% of firms with a turnover between £5 and £50m vet their suppliers to assess whether their businesses comply with the Bribery Act (hence 40% do not)
  • 16% of these midmarket firms would do nothing if their suppliers failed to comply (so one asks oneself: why bother asking them whether they do comply? )
  • Among the 40% of firms which do NOT vet their suppliers, 60 % reported that they were not planning to implement any anti-bribery provisions in the future;
  • Of the larger firms (turnover in excess of £50m) only 40% would terminate their suppliers if they failed to comply with the Act.

So one can conclude from these statistics that many British firms have either missed the point of this legislation altogether or are making a positive decision to run a the risk of not being caught, perhaps based on their belief that the Serious Fraud Office and other prosecutors have insufficient resources to discover the fraudulent conduct.  We at the BriberyLibrary wonder whether business managers would be quite so cavalier about not insuring their offices and factories against the risk of fire and flood? The potential disaster which can befall a company which is the subject of an investigation and then a prosecution is not so well known on this side of the Atlantic.  But just look at the examples of Siemens and Innospec, to name but two companies which suffered very significant financial and reputational damage from their prosecutions in the US and other countries. 

The head-in-the-sand approach, which this survey seems to suggest is taking place in many British companies, risks, amongst other things:-

  • an unlimited fine for the company,
  • a serious prison term for the directors or senior managers who permitted illegal acts to carry on or turned a blind eye to them,
  • possible debarment from public procurement tendering in many parts of the world,
  • very large legal costs
  • consequential civil claims from competitors or others who claim to have lost business as a consequence of illegal acts committed by the company’s associated persons
  • a fall in share price for publicly quoted companies

In stark contrast with the Ernst & Young report which suggests not enough is being done, in fact many British businesses are complaining that they feel “hampered” by the Bribery Act and that the Act is unduly restrictive of British trade abroad. This other point of view is summarised, by way of example in a letter in the Financial Times online on 17 March 2013:


“As a businessman I can testify to the shameful cost in executive time that it has caused British companies. In addition it has had an entrepreneurial cost as non-executive directors are understandably anxious about its implications”. 

We at the BriberyLibrary can certainly understand that the Bribery Act will add a certain layer of cost, particularly initially, in order to make sure that you have a robust anticorruption compliance programme, but once it is on its feet, depending on the size of your business and how much you rely on overseas sales, it should not be especially expensive to maintain.  The costs of ensuring that you do not become involved in arrangements which might involve bribing and corrupting others will pale into insignificance when compared with the costs of being prosecuted (see the list of bullet points above).

The Daily Telegraph reported recently that

“…Crispin Simon, a senior executive in UK Trade and Investment, the Government’s export agency, disclosed the move when he gave evidence to the House of Lords committee on small and medium-sized enterprises. He said there was a “desire” that the Bribery Act should be tested by the Crown Prosecution Service to provide a “better sense of where it stands”, and acknowledged it was “possible” that the legislation had resulted in the loss of some business….”

The House of Lords committee, however, believes that there should be some urgent scrutiny of the Act, which in its view has put British business at a disadvantage in the BRIC countries where trade involved  “challenging questions”,  which one assumes means repeated requests for bribes, although it is not entirely clear.

The Daily Telegraph report continues

“Tony Shepherd, of Alderley Group, told the committee: “The existing Act is virtually impossible to operate as far as a UK company is concerned. You cannot really take someone out to dinner without committing a crime. I am extremely in favour of trying to eliminate bribery, but to have a situation where we are subject to a law that is much more severe than anywhere else in the world is not good.”

It should be said that the Serious Fraud Office, which will be the principal prosecuting body for offences under the Bribery Act , has made it clear on many occasions since the Act was passed in April 2010 (and also in the Government’s Guidance on the Bribery Act in March 2011) that it will not be prosecuting defendants for dinners and other reasonable entertainment. So there seems to be a certain amount of misunderstanding amongst business managers.

The United States has been enforcing its anticorruption laws (under the Foreign Corrupt Practices Act) against American corporations and individuals as well as foreign corporations and individuals (who are subject to its very low jurisdictional hurdles) for many years now.  So in fact the UK is merely playing catch up with one of its allies and competitors in terms of both its laws and its attitude to proper enforcement.

No one case being prosecuted will be able to test all parts of the  Bribery Act.  It may take several such cases to go through the courts (if they do not reach a civil settlement before any trial) to test all parts of the Act.  If the UK’s experience turns out like the United States’ experience, it could take many years, even decades, for enough cases to go through the courts for the law to be clarifies by the judiciary. We all await the first corporate prosecution under the Act with great interest, but we might have to wait some time longer yet as the Act has only been in force for some 21 months, and it takes time for acts and omissions to be reported to or discovered by the investigators, and then more time for a decision to prosecute, and then to go through the justice system.  In the meantime in our opinion, there really is no alternative for British business other than putting in place a robust compliance programme so that the company is best protected against rogue employees or others associated with the company.

 

SEC and DOJ release long awaited FCPA Guidance

Posted on November 15, 2012 by Adam Greaves

The United States Securities and Exchange Commission and the US Department of Justice have jointly just released their new guidance for businesses under the FCPA, styled as a "resource guide". Here it is. This guidance has been long awaited and was produced as a result of a request made at the beginning of the year by many American organisations who together represent over 3 million businesses in the US in the form of a letter to the SEC and the DOJ. We blogged on that letter here.

The guidance is quite a tome at 120 pages, including the appendices, and is around 3 times longer than its UK Bribery Act counterpart, itself dated 30 March 2011. It is divided into the a number of chapters. This is what is inside:

  1. Introduction
  2. The FCPA: anti-bribery provisions
  3. The FCPA: accounting provisions
  4. Other related US laws
  5. Guiding principles of enforcement
  6. FCPA penalties, sanctions, and remedies
  7. Resolutions
  8. Whistleblower provisions and protections
  9. DOJ opinion procedure
  10. Conclusion

We will be working our way through it methodically over the next few days and will provide some initial thoughts on it as we proceed. A comparison with the UK Bribery Act guidance may be informative.

We do notice, however, that, like the UK version of the guidance, it is not intended to have legal effect, and so therefore will not bind any court or indeed any prosecutor.

Also, we do not know whether the guidance has addressed the many concerns which corporates and practitioners have been voicing about the FCPA.  A comparison with the February letter may also indicate whether these concerns have been adequately addressed.

Transparency International's Guidance on Anti-Bribery Due Diligence For Transactions

Posted on June 08, 2012 by Adam Greaves

Transparency International UK (“TI-UK”) recently published this guidance relating to mergers and acquisitions, private equity investments and other forms of investment.

As reported by the Ernst & Young 2011, 11th Global Fraud Survey:

“Despite the many recent examples of the perils of ignoring the fraud and corruption dimension of these assessments, a fifth of companies still do not consider it as part of M&A due diligence and a quarter never consider it in a post-acquisition review”.

TI-UK says that the guidance has been provided in the context of three considerations:

  • Anti-bribery due diligence should be applied to all investments, but on a risk-based approach, with the level of due diligence being proportionate to the investment and the perceived likelihood of risk of bribery.
  • In many cases the necessary information for due diligence may not be accessible such as in acquisition of public companies, hostile takeovers, auctions or minority investments.  This does not obviate the need for anti-bribery due diligence, but has an effect on the timing i.e. it may need to be undertaken post closure.
  • A good practice approach characterises ethical and responsible businesses but is also the most effective means for companies to manage bribery risks across multiple jurisdictions and in a changing legal and enforcement environment.

What to look for in anti-bribery due diligence

  • Has bribery taken place historically?
  • Is it possible or likely that bribery is currently taking place?
  • If so, how widespread is it likely to be?
  • What is the commitment of the board and top management of the target to countering bribery?
  • Does the target have in place an adequate anti-bribery programme to prevent bribery?
  • What would the likely impact be if bribery, historical or current, were discovered after the transaction had completed?

One startling statistic reported by TI-UK is that almost 50% of US corruption – related prosecutions in 2007 were connected to M&A transactions.

TI-UK say that the broad principles and approaches to anti-bribery due diligence apply to both M&A transactions and private equity investments, and this guidance is therefore written for both audiences.  However, the type of transaction and the size of the stake will clearly have an effect on the purchaser’s ability and resources to undertake due diligence, its assessment of investment risks accruing from bribery, and its ability to access and influence the target company. 

 “This guidance provides a generic frame work for applying due diligence, but purchasers will need to decide in each case what level of due diligence is appropriate.  Some targets will be judged to present low risks and to require lower levels of due diligence whereas others will have higher risks.  The size of investment should not be a determining factor as small investments can carry disproportionate risks; and moreover the material risks attached to bribery may not necessarily reflect the size of the bribe...”.

TI-UK refers to the facts that the Serious Fraud Office has already made several statements about the responsibilities and liabilities of private equity and institutional investors including in January 2012 when the SFO said

“Shareholders and investors in companies are obliged to satisfy themselves with the business practices of the companies they invest in...  It is particularly so for institutional investors who have the knowledge and expertise to do it.  The SFO intends to use the civil recovery process to pursue investors who have benefited from illegal activity.  Where issues arise we will be much less sympathetic to institutional investors whose due diligence has clearly been lax in this respect”.

The report goes on to suggest that the purchaser’s board members, senior management and investment committees should seek to develop a full understanding of bribery risks related to target companies during transactions in order to understand the investment risk.  The nature of the investment risk from bribery falls into four broad areas:-

  • Financial:  The financial data may be distorted or falsified e.g. the target’s sales figures may be inflated by contacts obtained through bribe paying;
  • Legal:  There may be inheritance of legal risks e.g. the purchaser may incur liability leading to fines and regulatory action;
  • Reputational:  For example, the purchaser may find that owing to publicity surrounding a poor acquisition, it is regarded that the less favourable partner or investment vehicle by others including institutional investors; and
  • Ethical:  Purchasing companies, or requiring individuals within those companies that are willing to engage in bribery, risks and infecting the ethical culture of the purchaser and having a deleterious effect on the organisation.   A corrupt target may introduce dishonest and corruption to the purchaser’s own activities. 

All in all this is a very useful guide which TI-UK has produced.

Those involved in mergers and acquisitions or institutional investors, and their advisors, will find this a very useful resource.

The report can be found here.

Push back by US business against enforcement of the FCPA

Posted on February 23, 2012 by Adam Greaves

It was reported this week that one of the US Department of Justice’s largest ever prosecutions under the FCPA has collapsed during trial.  It was formally dropped on 21 February 2012 at the DOJ’s request.  The prosecution first hit the headlines over two years ago in January 2010 when the DOJ charged 22 individuals with agreeing to pay bribes to an FBI agent posing as a buyer of security equipment for Gabon.  However, two six month long trials in the case produced unsatisfactory results.  It is reported that juries could not reach a verdict with respect to seven defendants; two were acquitted by a jury and another was acquitted by a judge although three others pleaded guilty earlier on.

The prosecutors made a court filing in which they stated “the government has carefully considered (1) the outcomes of the first two trials…(2) the impact of certain evidentiary and other legal rulings in the first few trials and the implications of those rulings for future trials…and (3) the substantial governmental resources, as well as judicial, defence and jury resources, that would be necessary to proceed with another four or more trials…in light of all the foregoing, the government respectfully submits that continued prosecution of this case is not warranted under the circumstances”.

In a separate but well-timed move the US Chamber of Commerce has published its own strong objections to the way in which the FCPA is being enforced and its effect on corporate America in terms of both the added expense of compliance and also its ability to win business overseas.  On 21st February 2012 the US Chamber of Commerce and 36 other business organisations and professional associations across America sent a joint letter to Lanny Breuer, the Assistant Attorney General at the DOJ, and Robert Khuzami, the Director of Enforcement at the US Securities and Exchange Commission, requesting guidance to “address several issues and questions of significant concern to businesses seeking in good faith to comply with the FCPA.

The signatories to the letter claim to represent more than 3 million businesses and organisations.

The letter is 10 pages long and too detailed to do justice to in this blog post but you can read it here.

In summary, the issues which the senders of the letter have asked for guidance include:

  • Definitions of “foreign official” and “instrumentality” under the FCPA

The letter states that “without a clear understanding of the parameters of “instrumentality” and “foreign official”, companies have no way of knowing whether the FCPA applies to a particular transaction or business relationship, particularly in countries like China where most, if not all, companies are at least partially owned or controlled by the state.  The result of these circumstances has been a chilling effect on legitimate business activity (as companies perceive a real risk of prosecution even in scenarios involving only the most remote and attenuated connection to foreign governments) and a costly misallocation of compliance resources…”

By comparison Section 6 of the Bribery Act deals with bribery of a foreign public official section 6(5) defines foreign public official as meaning an individual who (a) holds a legislative, administrative or judicial position of any kind, whether appointed or elected of a country or territory outside the United Kingdom; (b) exercises a public function (1) for or on behalf of a country or territory outside the United Kingdom or (2) for any public agency or public enterprise of that country or territory or (c) is an official or agent of a public international organisation.

Although the definition in the UK law is reasonably clear, there is bound to be debate when this section and definition first comes before the courts, whenever that is, whether it is one year or ten years from now.

  • Consideration of compliance programs in enforcement decisions

The letter continues that under the current FCPA enforcement regime the business community lacks confidence that the DOJ and the SEC will give sufficient consideration to potential defendant companies’ strong, pre-existing compliance programs when making enforcement decisions.  Although the DOJ and the SEC recommend that prosecutors should consider a company’s compliance program when making enforcement decisions, the letter suggests that the guidance given is presented in a manner which is so general that it provides little concrete aid to companies attempting to implement or enhance compliance programs.  It goes on to suggest that the guidance should establish standards that businesses may adopt and incorporate as part of their compliance programs, and identify the specific components that the DOJ and the SEC consider to be essential to a robust FCPA compliance program.

By comparison, of course, under UK law the British government issued a 40 page Guidance on 30 March 2011 pursuant to section 9 of the Bribery Act.  Even though that guidance is not prescriptive, it does offer some considerable assistance to corporations which are trying to comply with the Bribery Act.

The letter also suggests that the DOJ and the SEC should describe in the guidance how they would factor companies’ voluntary disclosures of FCPA violations by their employees into enforcement decisions.

  • Parent-subsidiary liability

The letter continues that the FCPA itself does not set out circumstances when a parent company may be held liable for a foreign subsidiary’s violations of the anti-bribery provisions of the FCPA.  It points out that the approach taken by the DOJ and by the SEC are not identical.  It continues

“in the absence of any judicial guidance on the contours and the limits, if any, of this potential parent-company liability, it remains a source of significant concern for US companies with foreign subsidiaries.  Accordingly, we respectfully request that the forthcoming guidance clarify and confirm that both the Department and the SEC consider parent-company liability under the FCPA’s anti-bribery provisions to extend only to circumstances in which the parent actually authorised, directed or controlled the improper activity of its subsidiary…”

Under the UK Bribery Act, by comparison, the issue of the liability of a parent for its subsidiary is addressed in the Guidance at paragraph 36 “…likewise, having a UK subsidiary will not, in itself, mean that a parent company is carrying on a business in the UK, since a subsidiary may act independently of its parent or other group companies…”

Under paragraph 42 of the same Guidance, it states that, in describing the liability for associated parties under the Bribery Act

“…so, for example, a bribe on behalf of a subsidiary by one of its employees or agents will not automatically involve liability on the part of its parent company, or any other subsidiaries of the parent company, if it cannot be shown the employee or agent intended to obtain or retain business or a business advantage for the parent company or other subsidiaries.  This is so even though the parent company or subsidiaries may benefit indirectly from the bribe.  By the same token, liability for a parent company could arise where a subsidiary is the “person” which pays a bribe which it intends for result in the parent company obtaining or retaining business or vice versa…”

  • Successor liability

Under the FCPA, a company may be held liable for the actions of a company that it acquires or merges with, even if those actions took place prior to the acquisition or merger and were entirely unknown to the acquiring company.  While a company in certain circumstances may mitigate its risk by conducting due diligence prior to an acquisition or merger (or, in certain circumstances, immediately following the transaction), such due diligence is only a factor that the DOJ or the SEC may consider when deciding whether to exercise their discretion not to prosecute or file claims.  The letter continues to say that the

 “threat of successor liability even if a thorough investigation is undertaken prior to a transaction has had a significant chilling effect on mergers and acquisitions, and therefore clearer parameters for successor liability under the FCPA are needed…”

It points out that although the DOJ addressed this topic in Opinion Release 08-02, the Department’s guidance required the company in question to conduct due diligence on a scale equivalent to a massive internal investigation in order to avoid prosecution for any FCPA violations committed by the acquired company prior to the transaction.  The letter concludes on this topic that the sweeping expectations set out in Opinion Release 08-02 are unrealistic and unduly punitive and merit thorough reconsideration.

In relation to the Bribery Act, by comparison, the UK Guidance offers no comment in relation to due diligence on mergers and acquisitions.  Cautious purchasers will ask their lawyers to establish that there are “adequate procedures” in place at the target company prior to its acquisition and will demand suitable warranties and indemnities.  In practice if the purchasing company later discovers that offences have taken place at the acquired company, the SFO will look much more favourably on the purchaser if it approaches the SFO to discuss circumstances as quickly as possible.  This can be done confidentially and the SFO will offer guidance very quickly.

  • De minimis gifts and hospitality

The DOJ has stated that it does not prosecute conduct involving de minimis gifts and hospitality to foreign officials although it states that in fact such gifts and hospitality remain subject to prosecution at the whim of the government.

The letter points out that compliance officers of corporations are routinely called upon to address questions relating how much can be spent on a meal; how many meals in a year may an official be invited to attend and similar issues.  The letter concludes that in the absence of any guidelines from the government regarding the threshold below which it ordinarily would not bring such cases has resulted in a serious misallocation of compliance resources to detect and address potential breaches that should fall below any reasonable threshold.

By comparison, the UK Guidance under the Bribery Act gives many examples of and “case studies” for gifts and hospitality.  Again, whilst they are not wholly prescriptive, they do give a good indication of the reasonable approach that UK prosecutors will take in considering such circumstances.

Indeed, the letter concludes on this topic “As you know, the UK Ministry of Justice already has provided such Guidance regarding the application of the UK Bribery Act” and it cites from the UK guidance and concludes “similar concrete examples in your forthcoming Guidance would be extremely useful to the business community”.

  • Mens rea standard for corporate criminal liability

Although the FCPA expressly limits an individual’s liability for violations of the anti-bribery provisions to situations in which the individual has committed those violations “wilfully”, it does not contain any similar language with regard to corporate criminal liability.  The letter continues “this inconsistency in the statutory language appears to expose companies to criminal penalties for violations of the FCPA even if there is no identifiable person of authority who knew that the conduct was lawful or even wrong…”

By contrast of course the corporate liability offence in the UK Bribery Act, in Section 7, is a strict liability offence so no knowledge of any person of authority in the company is required.  The UK legislative intention by making it a strict liability offence was to put a very heavy burden on the organisation to put in place adequate procedures in order to protect itself from the risk of committing an offence under Section 7, in other words failing to prevent bribery.  The strict liability offence also addressed the considerable difficulties in securing convictions of corporate defendants on the “controlling mind” theory in the UK.

The letter concludes by requesting that the formal guidance which the DOJ and SEC are to issue in 2012 should have the same force as other policies of the DOJ and the SEC and that to ensure uniform policy it should be issued by or adopted by both agencies.

We will blog further on this subject should either of the agencies respond to the letter publicly or indeed when the guidance which has been promised by them in 2012 is issued.

Deloitte Anti-Corruption Practices Survey 2011:"Cloudy with a chance of prosecution?"

Posted on November 22, 2011 by Adam Greaves

The global accounting firm Deloitte LLP has published its 2011 anti-corruption practices survey.

Deloitte reports that companies have increased their focus on preventing and detecting corrupt activities and their global operations in response to the increase in prosecutions under the US Foreign Corrupt Practices Act (FCPA) and the increased size of penalties.  However, only 29% of the 276 executives surveyed by the Deloitte Forensic Centre were very confident that their company’s anti-corruption program would prevent or detect corrupt activities.  Deloitte concludes that this low level of confidence indicates that many companies may need to evaluate and upgrade their anti-corruption efforts.

A combination of the increased enforcement of the FCPA, and the increase in the size of penalties over the last few years, together with the coming into force of the new UK Bribery Act 2010 means that organisations all around the world are re-examining their anti-corruption compliance programs.  Indeed several we at the Bribery Library have spoken to over the past year have no anti-corruption controls in place at all, which is perhaps surprising when you realise that they are entities with turnovers of $billions.

Some other interesting statistics from the Deloitte report:

  • 90% of executives said their company had an anti-corruption policy (one wonders precisely who Deloitte were surveying, because this is not necessarily our experience).
  • Only 45% of the companies surveyed had a stand alone anti-corruption policy, while the remaining companies have a policy that was part of a broader code of conduct.  Deloitte offer the commentary that in their experience anti-corruption issues may not receive adequate attention unless they are addressed by the policies specifically focussed on corruption, is a view with which we agree.
  • Although roughly 80% of executives said their company conducted internal audits of its foreign operations to identify corrupt activity, only 32% said these audits were conducted annually or more often.

Third party risks

  • 52% of executives see the activities of third parties as the greatest source of corruption risk.
  • 43% of executives considered that identifying and managing third party relationships was a significant challenge, more than for any other issue.
  • Despite these concerns, only 41% of executives said their company regularly conducted due diligence on third parties in foreign countries that interact with foreign government officials.
  • 9% of executives said that they conducted very detailed monitoring of third parties to ensure that they are complying with the company’s anti-corruption requirements.  This statistic certainly is in line with our experience of talking to clients and contacts.
  • When conducting anti-corruption internal audits, only 50% of executives said that their company’s audits covered foreign sales agents.

Increased corruption risk in emerging markets

  • 55% of executives said their company was extremely concerned about the potential impact on their business of corruption in China.
  • 43% had the same view about Russia.
  • 39% had the same view about India.
  • 26% had the same view about Brazil.

“Tone from the top”

  • 80% of executives said that their board of directors received updates on the status of their anti-corruption compliance program, and roughly two thirds said that they received updates annually or more often.
  • However 32% of executives from smaller companies (with less than $1 billion in annual revenues) said that their board of directors did not receive any updates on their compliance programs.

Assessing risky activities

  • Approximately one third of executives considered that customs clearance and importation of goods, and entertainment or business development expenses related to government business or to government relations, presented a significant corruption risk for their companies.
  • 20% or more of executives felt that a number of other activities pose a significant risk including bribes, gifts to foreign government officials, expenses incurred in connection with sponsored travel and lodging for foreign government officials and facilitating payments.
  • 63% of executives at larger companies believe that the use of third parties posed a significant risk, compared to 33% of those at smaller companies.
  • 35% of executives from larger companies received a significant risk from entertainment or business development expenses related to government business or to government relations, while only 19% of those at smaller companies shared that concern.
  • 58% of executives said that their companies relied extensively on internal risk assessments and past experience with corruption issues.
  • One third of executives said that their companies relied extensively on industry information or on the ratings of the Transparency International Corruption Perceptions Index.
  • In spite of the very significant financial incentives arising out of the Dodd-Frank SEC whistleblower provisions, 37% of smaller companies and 20% of larger companies said that they were not likely to re-evaluate their anti-corruption programs in light of these new rules.

Training and communication

  • 73% of executives said that their companies provided anti-corruption training, of whom 64% said that they trained select employees such as those in higher risk positions.  However, many executives said that their company cast a much wider net for anti-corruption training.
  • Half of the executives said that their company trained all international employees, while 44% said that they trained all domestic employees.
  • Roughly one third of executives said that their company also trained members of its board of directors on the company’s anti-corruption policy.
  • Only 26% of executives said that their company trainer third parties on anti-corruption requirements which, Deloitte comment, is surprising given the general concern over corrupt activities involving third parties.

Personally, we are surprised at the low level of training revealed by this survey and feel certain that this must increase rapidly and extend to all staff if companies are to meet the UK Bribery Act Guidance published on 30 March 2011.

Deloitte conclude that while training is important in helping all employees understand the legal requirements and company policy on what constitutes corrupt activity and its consequences, it is unlikely to be enough.  Anti-corruption training programs should be supplemented by a robust monitoring programme throughout the year, and by an effective approval process for transactions and for the use of third parties.

In conclusion, this survey is a stark reminder that there is a great deal more work to be done by companies all around the world, including those in countries where there is already medium or high levels of enforcement, to deal with the risk of corruption and to meet the expectations of regulators, especially in the US and the UK.

UK Financial Services Authority fines Willis Limited, insurance brokers, for failures in its anticorruption compliance programme - some sobering lessons for all companies

Posted on July 22, 2011 by Adam Greaves

Willis and Lloyds BuildingsYesterday, 21st July, Willis Limited, the insurance brokers, were fined £6,895,000 for potentially corrupt practices by the UK Financial Services Authority (FSA), the regulatory body for the financial services industry. This was a penalty for breaches of the FSA’s Principles for Businesses and Rule SYSC 3.2.6 R of the FSA’s Senior Management Arrangements, Systems and Controls Handbook. The breaches occurred in the period 14 January 2005 and 31 December 2009. This report is important not least because Willis is one of the largest insurance and reinsurance brokers and risk management firms in the UK. The penalty levied on Willis is the highest such penalty so far by the FSA in relation to financial crimes systems and controls. There are lessons to be learned for all businesses in the FSA’s 24 page report

Principle 3 of the FSA’s principles for Business states that: 

“A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems” 

Rule SYSC 3.2.6 R of the FSA’s Senior Management Arrangements, Systems and Controls Handbook states that: 

“ A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be sued to further financial crime”. 

In the “Final Notice” on the investigation by the FSA, it reported that because the FSA had agreed to settle at an early stage in the investigation and had therefore earned a discount of 30% - the penalty would otherwise have been £9,850,000. 

The complaint was that Willis did not take reasonable steps to establish and maintain effective systems and controls for countering the risks of bribery and corruption associated with making payments to overseas third parties who helped Willis win and retain business from overseas clients. 

The FSA found that:- 

  • Willis failed to ensure that it had established a commercial rationale for using overseas agents;
  • Willis’ policies did not provide any written guidance on the amount of detail required to justify using overseas agents;
  • In the case of nearly half of the agents in high risk countries who introduced business to Willis in this period, the reasons for using them were inadequately recorded;
  • Without adequate documentation, Willis could not adequately monitor the effectiveness of its procedures;
  • Willis did not ensure that adequate due diligence was carried out on overseas third parties to evaluate the risk of doing business with them;
  • In relation to the overseas agents on whom they had carried out due diligence, in nearly all cases it was insufficient to address the risk that the overseas third party may have been connected to the insured, the insurer or public officials;
  • Willis did not adequately monitor its staff to ensure that an adequate commercial rationale for hiring overseas agents was recorded and that sufficient due diligence had been undertaken;
  • These failures contributed to a weak control environment giving rise to an unacceptable risk that payments made by Willis to overseas agents could be used for corrupt purposes;
  • In August 2008 Willis introduced improved policies and guidance aimed at mitigating its bribery and corruption risks – however, Willis failed to implement them adequately.
  • The Board of Willis did not receive adequate management information which would have allowed them to assess whether bribery and corruption risks were being mitigated effectively; 

After the FSA investigation into Willis began, Willis started its own internal investigation and identified a number of suspicious payments made to overseas third parties. It reported these matters to the Serious Organised Crime Agency (SOCA). Willis ended up making two suspicious activity reports to SOCA. 

Even though the FSA had written to all CEOs of wholesale insurance broker firms in November 2007, including Willis, and even though the FSA had fined Aon, another large insurance broker firm, in January 2009, Willis’ steps, which they took in 2007 and 2008, to review the adequacy of their policies, were insufficient and their implementation continued to have substantial failings. 

Enhancement of systems and controls 

Willis has taken on board the criticisms of the FSA and has put in place: 

  • A committee for the approval of third party introducers;
  • Enhanced monitoring, capable of ensuring Employees’ consistent adherence to Willis’ policy;
  • Improvements in the practical application of Willis’ policy;
  • Consistency in the business unit compliance officer’s understanding of Willis’ policy and how this translates into their work with account executives;
  • Increased accountability for each of the account executive, business unit compliance officer and managing director responsible for the third party proposal before the committee;
  • Enhanced production of specific relevant management information through the committee’s direct reporting to the board of directors;
  • Better retention of documentation;
  • The business unit compliance officer now reports to group compliance and his/her budget now falls under group compliance and not under its own business unit;
  • Willis now prevents any entry being placed on its books until the third party approvals process has been completed;
  • Willis has updated its systems so that it can identify and categorise payments made with greater specificity;
  • Training has been enhanced so that annually employees have to confirm that they have read all of Willis’ policies including the Group Anti Bribery & Corruption Policies and Procedures. This includes completing an electronic questionnaire relating to those policies and procedures. Those in the bottom 10% in the training are recommended to receive enhanced training;
  • Further workshops to help identify the different categories of third party relationships and extra training for divisions of the company operating in high risk industries;
  • Training by an external law firm on the new Bribery Act 2010;
  • A review of past payments to overseas third parties, to identify any inappropriate past payments;
  • A commitment by top management (CEO) downwards to ensure that here is a culture of compliance. 

So, another large insurance broker has been publicly criticised and fined. In this case there was no finding of actual corruption, although it is possible that further proceedings could take place involving one of the UK's other prosecutorial bodies, but the fine related to Willis' inadequate bribery and corruption prevention systems.  According to the FSA, this was avoidable as Willis knew what they had to do in terms of compliance and they knew the risks to their business in relation to bribery and corruption, but it appears that their compliance was inadequate in several different respects. What is not very clear is whether this was the fault of the compliance units within Willis not doing their job properly or whether it was a lack of interest and investment in the compliance programme by the firm’s management, or a combination of the two. In any event, it has been an expensive lesson for Willis, but others in the insurance broking industry and indeed in other industries will learn from Willis’ experiences. This will all be to the good as it should lead to many more companies all over the UK ramping up their compliance programmes and ensuring that they are active, thoughtful and tailored compliance programmes and not just paper tigers. 

As mentioned in a previous blog, the FSA is now working through its lengthy review of the banking industry. I predict further such reports and fines from the FSA as a consequence as it is clear that even very large and well organised companies like Willis are unable to get their compliance systems right first time. The banks would do well to read the Willis report very carefully.

"Is my FCPA compliance good enough for the Bribery Act?"

Posted on July 06, 2011 by Adam Greaves

We are often told, particularly by American clients, that their organisation is already FCPA compliant, “so isn’t that enough for the Bribery Act?....what more do we need to do, if anything?”. To understand what more needs to be done necessarily requires understanding the key differences between these two world-leading anticorruption statutes.  Once you have understood those differences, it follows that it is likely that your compliance programme may require some consequential adjustments to reflect some of these differences in order to bring your existing FCPA programme up to speed with the new UK Act. Some of it will require changes to your anticorruption policy and your gifts and hospitality policies. Much of it will  also need to be reflected in your training and education materials and computer based training modules, but also in other parts of your compliance programme, discussed below. And don’t forget that the people you should be getting involved with your compliance programme are not just your own staff but also any person “associated with” your organisation i.e. performing services for it. This could include contractors, advisers, joint venture partners and a whole list of other categories of persons with whom your organisation may have a relationship. See earlier blog posts in the BriberyLibrary for more detail, in particular my own post of 14th February 2011. 

The principal differences between the FCPA and the Bribery Act include: 

  • The Bribery Act is wider in scope than the FCPA as it covers all corruption, including by and of the private sector, and not just corruption of foreign public officials. You may well need to amend and broaden the policy definitions of corruption and of “public officials” so that it covers all sorts of government and other public officials. There is also case law  in developing the US as to how the DOJ and the SEC are pressing the courts to interpret “foreign public official” more widely.
  • The Bribery Act prohibits both payment and receipt of bribes i.e. active and passive offences. You will need to ensure that both sides of the corruption coin are captured by your programme and also to update your training documents. 
  • A business nexus is not required for Bribery Act general offences under sections 1 and 2 of the Act although it is under the FCPA. Required action includes amending the wording of policies and training documents.
  • The wider scope of the Section 6 strict liability corporate offence under the Bribery Act. You’ll probably need to amend the wording of your policies and training documents to ensure that the corporate liability is properly understood.  This is the offence that causes most risk to the organisation itself.
  • There is no “adequate procedures” defence under the FCPA. The differences should be addressed in the training sessions. In both jurisdictions, having no adequate procedures will give you an enhanced risk of liability.
  • The Bribery Act does not allow facilitation or grease payments. In fact the SFO are constantly at pains to point out that the old law never did, either, but one might be forgiven for thinking otherwise for I am not aware of any prosecutions of facilitation payments. Please email me if you know of any in the UK. Some US corporates’ policies ban facilitation payments altogether, to make life simpler and to avoid this exception being misconstrued in any way which might then “cross the line”.  Other companies stick to the FCPA allowance of them (because this suits their business and presumably because they believe that they have to pay them from time to time). This is clearly not in tune with the Bribery Act, so this aspect should be looked at very carefully and discussed with the business people in the organisation. Training should be given urgently to employees or others associated with your organisation who habitually pay facilitation payments. Also I would draw your attention to a recent blog post by my colleague, Rose Parlane, on the new guidance by the Serious Fraud Office specifically on how to try to stop paying facilitation payments, and how British prosecutors will regard such payments if you have continued to pay them. One point is that you should keep a log of such payments and a note of why they were paid and why you think that they were unavoidable. So the payment should be transparent. To do otherwise makes the payment look awkward and wrong.
  • There is no express bona fida business expenditures defence under the Bribery Act. In practice, the Serious Fraud Office will look at the facts of every case.  Put simply: either they are bona fida or they are not. You do need to keep a log of your expenses and their justification.
  • Penalties are more severe under the Bribery Act both in terms of financial penalties and in terms of length of prison sentence. This should be covered in the policy and training, so that staff are fully aware.
  • Debarment from public contract tendering differs between the US and the EU. If you sell into the public sector, these provisions alone ought to give you real concern. My colleague Mathieu Doublet has blogged on it previously on 27th April 2011. I also touched on  The Bribery Act 2010 (Consequential Amendments) Order 2011 in my blog of 17 June 2011.  Section 1 and Section 6 offences lead to automatic debarment. It appears that Section 7 will not lead to automatic debarment, according to the Lord Chancellor, but it remains to be seen how the courts actually treat such offences. In any event, these provisions tend not be very well known but since they may be catastrophic for your business, it would be as well to spend some time educating your staff and other associated persons about them. The severity of the debarment provisions tends to lead to plea bargaining – for example, agreeing to a books and records offence in the US and paying a hefty fine.
  • Which brings me on to the fact that there is no books and records offence under the Bribery Act as there is under the FCPA but there is an equivalent provision in the UK in a different statute: Section 386 to 389 of the Companies Act 2006.
  • Although the six principles for “adequate procedures” are surely familiar throughout the compliance world generally, in the US a prosecutor would see a proper risk assessment report merely as a mitigating factor to sentencing (rather than as one element of a potential complete defence to the Section 7 offence under the Bribery Act). If you can’t show the prosecutors how you have been through each of the six principles and how you have addressed them properly, then your procedures are unlikely to be seen as adequate and you will then open yourself up to a hefty fine, and the other associated consequences (public procurement debarment, civil suits etc)
  • As in the UK, there is no positive obligation on an organisation in the US to undertake a risk assessment.  Speaking with many clients over the past year or so since the Bribery Act was passed has alerted us to the fact that many large global companies have never done a proper corruption risk assessment, believing (wrongly) that they don’t really need to do one as “we know the risks of our businesses perfectly well”. Apart from any other reasons, and there are several, it misses the point that you are potentially liable for your “associated persons” under the Act i.e. persons performing services for your organisation who may be external to it. You need also to be able to show how you undertook your risk assessment of them, of the countries they operate in, of the people with whom they interact, of the things they are doing or selling on your behalf,  and of the industries they operate in: and, after you have assessed and ranked all these factors, and audited their systems and training programmes, you need to be able to demonstrate that you calculated all these factors and made a proper decision as to whether you deemed them sufficiently high risk to justify additional due diligence, or whether you need to self-report any suspicious behaviour.
  • I would say that the biggest problem so far of companies which are trying to get to grips with the compliance regime under the Act is that many if not most are either not doing risk assessment at all or they are not doing it properly.  Potentially, if you are a large multi-national, it is a very large undertaking which could take many months or even a year or more to complete.  We have noticed from our many conversations with clients and contacts around the world  (and also from shared experiences with anticorruption practitioners in other law and accountancy firms) that there seems to be a real issue of a lack of will at board level to spend the resources, combined with a lack of comprehension about how a risk assessment report will actually help you properly appreciate your internal risks and  to spend your limited compliance budget appropriately and in a tailored way. This reluctance is even more pronounced in the organisations which are medium sized (and so less well resourced generally) and which sell overseas. Banks, for example, are about to have a whole new layer of regulation and compliance loaded onto them. Hence one often reads of “compliance fatigue”.  

Global organisations must of course ensure compliance with all anti-bribery laws that are applicable to the jurisdictions in which the organisation or its associated persons operate. As the Bribery Act has set a very high bar in terms of the law itself, compliance with it will more or less mean that it will act as compliance for other anticorruption laws around the world: it should reduce your exposure to prosecutions in most other countries. But we mustn’t forget that each country may have a myriad of other laws which  may also be relevant – e.g. the books and records provisions under the UK Companies Act, as noted above. Companies may find themselves being prosecuted under more than one statute, and indeed in more than one country, simultaneously. We will blog separately in the future on the subject of “double jeopardy” as between different countries. In short, however, it appears that the Serious Fraud Office’s view is be that where the defendant has been convicted by another country for the same set of facts, it will not pursue the same or a similar case against the same defendants: so, whatever the legal position, it is not interested in pursuing the defendant again in the UK if it has been convicted in another jurisdiction. 

So, whilst on the face of it the changes which need to be made to ensure that your FCPA compliance programme is also Bribery Act compliant may appear to be minimal at the policy level, in reality the task may be a whole lot larger, depending on how well you undertook your FCPA compliance in the first place. Our partners in the US often say that they never cease to be amazed that decades after the FCPA became law, not all American companies have a compliance programme. The principles in the Government’s Guidance dated 30th March are a good starting point for understanding what needs to be done, although the Guidance doesn’t actually tell you how to go about establishing your programme. We will all learn what the Serious Fraud Office are really expecting to see in a compliance programme as cases start to be brought before the court, and jurisprudence begins to develop. My best guess is that this will be some time from 2012 onwards.   

 

Bribery Act and other fraud risks - the Ernst & Young 2011 survey

Posted on May 20, 2011 by Adam Greaves

A few days ago Ernst & Young published their latest report “European Fraud Survey 2011” . If you haven’t read it, it is salutary reading, and probably in fact essential reading for business leaders and compliance managers who are trying to decide whether they should invest their organisation’s time and money in developing a new, up-to-date, robust anti-bribery compliance programme. If justification for investing in your organisation’s defences and safeguards against a damaging and costly prosecution were ever needed, here it is in this report.

The Survey used researchers who spoke to a total of 2,365 people in 25 European countries in both developed and developing economies.

I will cite a few of the report’s findings:

  • Almost 1 in 5 of company employees, regardless of grade, consider it to be acceptable to pay bribes to win or retain business. (That could amount to an awful lot of prosecutions, if they actually behave like this).
  • 59% of those interviewed expect management to cut corners in order to achieve targets and half of management agrees.
  • Two thirds said that bribery and corruption are widespread in their country and according to 40% of them has become worse during the economic downturn.
  • Only 56% are aware that their company has an anti-corruption policy.
  • 53% think that bribery and corruption are too widespread to be tackled.
  • More than one third of all respondents are willing to offer cash payments, gifts or entertainment to win business.
  • Less than one third of respondents believe that their company had increased its efforts to combat fraud.
  • Only half say that employees in their company comply with its code on anti-bribery and anti-corruption.
  • Less than half of German correspondents believe that there is a commercial advantage to ethical behaviour.
  • 43% could not identify who they should contact within their company if they had concerns about impropriety.
  • 75% believe that there is a commercial advantage to ethical behaviour.

 Ernst & Young’s conclusions are nothing short of damning:

1. “Management is failing to set a strong tone at the top of many organisations and, in many cases, is prepared to do whatever it takes to succeed

 You may recall that this is the 2nd principle which was set out in the British Government’s recent  “Guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing (section 9 of the Bribery Act 2010)” .  You may also recall an earlier post by one of my colleagues, Rose Parlane, on the Guidance, on 30th March 2011.

It should also be recalled that if the company or an associated person commits an offence under the Bribery Act, the individuals and the company itself and any directors or officers of the company who knew of or connived in the offence may be liable to prosecution.

 2.    “A persistently high level of employees are willing to behave unethically”.

The message seems to be that this is because employees are desperate to land new business in the current difficult economic environment, and are willing to take risks. Well that’s human nature I suppose, but I wonder if they aren’t really aware of the stringency and tough penalties of international anti-corruption laws such as the Bribery Act and the FCPA. This may be a direct result of the failures reported by E&Y in their third conclusion, below.

 3.    “Companies are not doing enough to implement and communicate anti-fraud and anti-corruption measures”.

Communication is the 5th principle in the Guidance. This takes the form of developing policies and procedures and then incorporating them into all your contractual relationships and then training all those people who are “associated persons” under the Act i.e. those performing services on behalf of the organisation. This would be not just employees, although they are a major and obvious category, but also consultants, contractors, joint venture partners, distributors and so on (see older posts on this blog site with “associated persons” as a tag line).

I fully concur with E&Y’s several key recommendations on how organisations can respond to these problems but the one  I would most highlight, and which organisations seem, in my experience, to be most reluctant to get to grips with is the need to conduct at the outset a fraud, bribery and corruption risk assessment and to then to take a risk-focused approach to who should be trained, on what, in which manner and how often. My experience to date has been that in order to comply with the new Bribery Act companies want to start training their staff as soon as possible, and to begin with their UK based staff. This focus on the UK first appears to be due to the belief that UK prosecutors would focus on the UK operations, but this is in my view a mistaken belief. I believe UK prosecutors who decided to commence an investigation would probably start with the view that in all likelihood the UK operations and business would be low risk, so, on the contrary, they would ask the company for details of their foreign operations, evidence of their internal risk assessment report, details of the training in any high risk countries, and a copy of due diligence reports in those countries on associated persons. 

To put in place policies and procedures and to undertake training without carrying out a detailed risk assessment would be to miss the point of the risk-based approach to implementing a compliance programme, and without that risk assessment, the prosecutors may well decide that the company hadn’t taken seriously its obligations to prevent bribery and corruption. They could take the view that the compliance programme was merely a paper tiger and that it has no teeth, and that therefore it would not constitute a defence to the section 7 corporate liability offence.

Some organisations appear to think that the cost of internal risk assessments is unnecessary as they think they know their own risks, and what’s more they don’t want to spend the money in these economically lean times, but of course, as noted above, it seems to be the leanness of the current times which is leading people to being unethical, cutting corners, committing offences and trying to boost their organisation’s incomes. So protecting your organisation now is more important and imperative than ever.

The game changer will be when the UK Serious Fraud Office starts to prosecute British and foreign companies under the new Act. This won’t start for a while yet as it will only be for offences committed on or after 1st July 2011 (offences committed up to 30th June will be under the existing hotch-potch of law), so there will be a time lag of a few months at least before prosecutions commence. Once a few companies and directors have been dragged into the dock, other companies will start to realise the need and benefits of undertaking compliance programmes properly.  

In the concluding words of E&Y’s report, with which I completely agree:

It may not be easy to embed the necessary changes to internal corporate culture required to mitigate the challenges posed by unethical conduct. Our survey has indicated that companies struggle to ensure that what they have in place on paper is actually reflected in the underlying behaviour of their staff.

It is only through a concerted, risk-focused effort that targets areas of potential exposure that firms will be able to meet the expectations of regulators and, ultimately, their shareholders

BRIEFING NOTE - UK Bribery Act, Section 9 Guidance

Posted on March 30, 2011 by Rose Parlane

The Government has released Guidance on the Act, which is intended to help organisations understand how the Act will operate and how to deal with the risks of bribery.  The Guidance gives insights into how the Act might be interpreted, but does not give assurances.  It suggests procedures that might be adequate, but does not set down rules. 

In the Guidance and its associated Quick Start Guide you will find:

  • Answers to some FAQs on the Act and its application.
  • Overview of ss. 1, 2, 6 and 7 offences and what the prosecutor must establish to secure a conviction.
  • The six principles of bribery prevention: (1) proportionate procedures, (2) top-level commitment, (3) risk assessment, (4) due diligence, (5) communication and (6) monitoring and review.  The Guidance includes commentary on each and suggested procedures.
  • Case studies demonstrating how the six principles of bribery prevention might be applied in practice.

KEY POINTS TO TAKE FROM THE GUIDANCE

Gifts and hospitality

  • Reasonable and proportionate expenditure is not prohibited by the Act.
  • Intention is the key to prosecution i.e. intention to induce improper performance (general (s.1)) or intention to influence and secure business or a business advantage (public official (s.6)).

Is my organisation "carrying on a business in the UK"?

  • If an organisation engages in commercial activities, it does not matter if it pursues purely charitable or educational aims or purely public functions; the purpose for which profits are made is irrelevant.
  • Whether an organisation carries on a business in the UK remains a question for the courts, which the Government anticipates will take a common sense approach. Organisations that do not have a demonstrable business presence in the UK are unlikely to be caught.  For example, simply being listed on the London Stock Exchange would not be sufficient, likewise, having a UK subsidiary will not automatically deem the parent company to be carrying on a business in the UK as the subsidiary may act independently of the parent or group.

Associated persons

Any person who performs services for or on behalf of an organisation is potentially an “associated person”, but:

  • The Courts will take into account all of the relevant circumstances, not just the nature of the relationship.
  • The key is the performance of services in business, therefore, an organisation is unlikely to be liable for the actions of a person who simply supplies goods to the organisation.
  • Without intention, receiving an indirect benefit from a bribe paid by an associated person is unlikely to result in prosecution. 
  • The degree of control over the bribe payer will be taken into consideration.

Over the coming days and weeks we, at the Bribery Library, will be commenting on these and other aspects of the Guidance.