A decade of the UK Bribery Act - lessons for companies from enforcement actions so far

Don’t take your eye off intermediaries

In addition to the normal bribing/being bribed/offering a bribe offences which already existed under English law, the UKBA introduced a new corporate criminal offence. Under s7 a company can be criminally liable for a ‘failure to prevent’ bribery by an ‘associated party’. The definition of ‘associated party’ is very wide.  It includes third parties such as intermediaries and agents.

Of the eight bribery related enforcement actions for the s7 offence, four involved the use of intermediaries who helped win contracts by paying bribes to government officials and/or private individuals.¹

Companies should take a risk based approach to the appointment and monitoring of intermediaries, considering their jurisdiction, sector and background information. For those considered most at risk, companies will want to ensure ABAC training for intermediaries, and reporting obligations alongside contractual protections. Once appointed, conduct ongoing monitoring and on the ground audits.

Beware insider risk

The UKBA s7 offence potentially makes a company liable for bribery by associated third parties regardless of knowledge or involvement by the company.  But in all of the concluded enforcement actions under s7 involving third parties there was also involvement by company employees.  Sometimes these were senior employees, and sometimes even involving compliance professionals too. Employees and third parties were acting together, and the employees were fully aware of what the third parties were doing.  In the other cases, it was not third parties paying bribes, it was company employees (Guralp, Skansen) or employees of a local sister company (Standard Bank) or local subsidiary (Sweet Group).

No amount of training or good policies are going to discourage an employee intent on corruption, but they may influence those who don’t understand the rules or who can be persuaded to stay clear of a corrupt scheme. Good training and policies will also encourage others to blow the whistle on wrongdoing.

Bribes are usually disguised

Hardly a surprise, but what were they disguised as? The concluded enforcement actions show bribes being variously disguised as consultancy fees, hospitality services, technical advice fees, sports team sponsorship, charity donations and educational funds in order to hide their true destination.

Just this once? - single corrupt transaction can be enough to attract prosecutor attention

In most of the UK enforcement cases there had been sustained misconduct over a number of years, however two involved a single corrupt transaction.²   This was enough however for enforcement action.  So a company may not get away with it ‘just this once’.

Policies and procedures must be effective

There is still no judicial guidance on what constitutes a company having ‘adequate procedures’ in place, which is the only defence available under s7. The UK Government declined to provide more guidance despite being encouraged to do so during the House of Lords 2019 review of the Bribery Act.

However what is certain is that policies and procedures, and extensive training, are not enough if they are being routinely ignored, there is a disconnect between policies and culture, no one knows about them, or it is unclear when to apply them. Companies must properly test whether their policies are actually working in practice.

Shore up the final defences

In some of the enforcement cases, despite some significant red flags being present, or even sometimes having been spotted, they were sometimes ignored, not elevated internally or no questions were asked. System checks did not always work:  pressure had been placed on compliance and junior sales personnel to create and approve corrupt arrangements; external advice not to proceed with certain transactions because of UKBA concerns had been ignored.³ 

Having properly resourced compliance functions, structured independently from business units is key. Consider whether those in your compliance function are properly resourced and experienced enough to deal with the day to day challenges from within the commercial part of your organisation. 

Weigh up the pros and cons of entering into a deferred prosecution agreement (DPA)

Of the six DPAs relating to bribery, there have been no successful prosecutions against individuals. Companies enter into DPAs for all sorts of reasons but one will involve thinking that it would be a better outcome (e.g. a discounted fine, swift resolution) than going to a lengthy contested trial.  Whilst a successful prosecution against an individual is not a prerequisite of corporate liability under s7, the failed prosecutions against individuals do show quite how difficult the SFO finds it to achieve success with these types of offences.

Looking ahead

The UKBA s7 offence was the first in the UK to adopt the ‘failure to prevent’ model of corporate criminal liability.  It spawned a large scale investment in ABAC compliance.  The s7 model was copied in the two ‘failure to prevent the facilitation of tax evasion’ offences contained in the Criminal Finances Act 2017.  A broader failure to prevent economic crime offence is one of the options currently being considered as part of a wider reform of the law relating to corporate criminal liability. If adopted it would likely seriously increase the compliance burden on many companies.

For our global insights on nine key issues for in-house counsel relating to white collar crime and investigations in 2021, including the reform of corporate criminal liability, have a look at the Allen & Overy Cross-border White Collar Crime and Investigations Review.

With thanks to Amy Edwards for assistance with this article.