Maintaining Bribery Act & FCPA compliance
November 2013 | TALKINGPOINT | FRAUD & CORRUPTION
FW moderates a discussion on Bribery Act & FCPA compliance between Nichola Peters, a partner at Addleshaw Goddard LLP, and Edward T. Kang, a partner at Alston & Bird LLP.
FW: Could you provide a brief overview of the current anti-corruption and bribery environment in your region? What impact are firms feeling from the introduction of the UK Bribery Act and increased FCPA enforcement?
Peters: The UK's Bribery Act 2010 (the Act) creates four offences. Two, in effect, replicate the position under the old law and criminalise the active and passive bribery offences, but replace an undefined test of ‘corrupt’ conduct with a test of improper performance. The Act then introduces two new offences, the first an offence of providing an advantage to a foreign public official and the second introduces a specific corporate offence, in an attempt to make it easier to prosecute a corporate, where those ‘associated’ with the corporate engage in bribery. This last offence was the biggest change under the Bribery Act and makes entities strictly liable for an offer or payment of a bribe by a person associated with the corporate. The Act has now been in force for just over two years and there have been two successful prosecutions against individuals. A third prosecution is now under way by the UK's Serious Fraud Office (SFO) against three individuals in connection with a biofuels fraud. However, despite all the noise around the introduction of the corporate offence there has to date been no prosecutions against a corporate entity under the Act. Although the SFO has said that there are two cases under investigation. The longer the delay in bringing a successful prosecution against a corporate the fewer teeth the Act may be perceived to have. However, a delay should not be taken out of proportion – it can take a long time for corrupt conduct to come to light and corporate bribery investigations can take a long time.
Kang: The FCPA continues to be vigorously enforced in the US. Thus far in 2013, there have been FCPA enforcement actions brought against four companies and 13 individuals, including a $398m criminal and civil settlement with French oil and gas conglomerate Total S.A., the fourth-largest FCPA settlement in history. The significant number of anti-corruption enforcement actions in recent years, both in the US and abroad, as well as the expensive civil litigation that in many instances has followed those enforcement actions, have put many companies on high alert. I field requests regularly from companies, both big and small, wanting to learn more about the FCPA’s prohibitions, the potential for liability, and the steps they can take to mitigate risk. Companies now routinely make compliance with applicable anti-corruption laws a component of their codes of conduct, train their employees on the FCPA and UK Bribery Act, and maintain compliance hotlines to allow employees to report any allegations of misconduct.
FW: Could you briefly discuss the similarities and differences of the two Acts? How do these Acts treat the provision of hospitality and gifts, and what particular challenges does this present when conducting business?
Peters: Two key differences are that, first, the UK Act applies to both public and private sector corruption, whereas the FCPA only applies to public sector corruption. Second, a further key difference is that whereas the US legislation has an exemption for facilitation payments, “to expedite or secure the performance of a routine government action,” the UK Act does not distinguish between facilitation payments and other types of bribes, criminalising both. The Joint Prosecution Guidance (published alongside the UK Act) makes it clear that whilst a one off small payment would be a factor tending against prosecution, any policy which allows or accepts the making of facilitation payments would be a factor favouring prosecution. The new Director of the SFO has emphasised that any previous more favourable guidance in the UK on the making of facilitation payments has now been rescinded. In terms of providing hospitality or gifts, a strict legal interpretation of the public officials offence in the Act suggests that it is problematic to provide any hospitality or gifts to a public official where you are doing business with them. This is different to the position under the FCPA which includes an exemption for reasonable expenditure incurred by or on behalf of a foreign official “direct relat[ing] to the promotion, demonstration or explanation of products or services”. In practice though, the UK's Ministry of Justice stated in guidance issued to accompany the Act that the offences were not intended to prohibit “reasonable and proportionate hospitality and promotional or other similar business expenditure”. Therefore, hospitality and promotional expenditure which seeks to improve the image of a commercial organisation, to present products and services or establish cordial relations, is permitted. When deciding whether hospitality and gifts are appropriate entities need to consider the value of such expenditure, the reason for it, whether it is proportionate, and the timing. A practical test is to consider how the offer would be perceived by the public at large.
Kang: Although both the FCPA and UK Bribery Act make it a criminal offense to bribe a foreign public official, the scope of the Bribery Act is wider than the FCPA in several significant regards. First, whereas the FCPA covers bribes only to foreign government officials, the Bribery Act covers both public and private sector bribes. Second, unlike the FCPA, the Bribery Act does not require that the bribe payer act with corrupt intent; rather, the intent to influence in order to obtain or retain business is sufficient. Third, it is a violation of the Bribery Act to request, agree to receive, or to accept a bribe; whereas the FCPA applies only to persons giving or offering a bribe and not to those accepting one. Fourth, the Bribery Act has no exception for travel, lodging, hospitalities, and gifts, whereas the FCPA has an affirmative defense for reasonable and bona fide expenditures and an exception for facilitating payments. Because of the Bribery Act’s more restrictive provision regarding hospitalities and gifts, companies that have already-developed FCPA compliance programs and best practices cannot merely rely upon those policies to the extent it is doing business in the UK. Multinational corporations seeking to implement a global anti-corruption policy should thus consider applying the ‘lowest common denominator’ and tailor its procedures around the requirements of the UK Bribery Act.
FW: What steps do firms need to take to avoid falling foul of the offence of ‘failure of commercial organisation to prevent bribery’ under the UK Bribery Act?
Kang: The Bribery Act makes companies doing business in the UK strictly liable for the bribes paid by an associated person unless the company can prove by a preponderance of the evidence that it had ‘adequate procedures’ designed to prevent such bribes from being paid. In March 2011, the UK Ministry of Justice provided six principles that would guide its determinations on whether a company had such adequate procedures. These include: risk assessment; top level commitment; due diligence; clear, practical, and accessible policies and procedures; effective implementation; and monitoring and review. Companies will therefore increase the likelihood of being afforded this defence if their senior management signals a commitment to compliance with anti-corruption laws and the company employs a robust anti-corruption program that is tailored to their specific business and associated risks; is well-communicated to employees; is accompanied with adequate vetting of business partners and other third parties; is effectively implemented; and is regularly reviewed and revised.
Peters: It is a defence to the corporate offence under the Act for an entity to prove that it “had in place adequate procedures”. The level and complexity of the procedures an organisation needs to put in place will depend on its size and the risks that it is exposed to. The Ministry of Justice in its guidance said that it expected adequate procedures to be informed by six key principles. In practice, any organisation, other than a very small one, will need to have in place some or all of the following key elements of the ‘compliance circle’. At the top of the circle is the overall risk assessment – this will need to be carried out when designing the procedures and updated as required. As a result of the risk assessment the organisation should design and put in place proportionate procedures. To ensure that these are implemented properly, senior management will need to be fully engaged and demonstrate the importance of the policies and the fact that compliance is essential. Training is also required not only of employees but in appropriate cases of third parties as well. Case by case risk assessment should then be used to determine the level of due diligence required. The final stage, to join up the circle, is monitoring and review. Depending on the results of the review, amendments to the risk assessment, policies and procedures and the methods of implementation may be needed. The risk assessment should also be updated on a regular basis.
FW: How important is it to conduct anti-corruption due diligence and regular risk assessments? In your opinion, do companies pay enough attention to these areas?
Kang: Due diligence and risk assessment are paramount for companies to comply with anti-corruption laws. The DOJ and SEC stated in the November 2012 FCPA Resource Guide that due diligence and risk assessments are two of the hallmarks of an anti-corruption compliance program, and that companies effectively employing these measures will gain significant credit with regulators if and when it comes time to making enforcement decisions. I have found that companies are paying greater attention to these areas, not just because regulators have repeatedly stressed their importance, but also because they make business sense. Many companies now understand that determining the areas of their business that are most susceptible to corruption and then channeling due diligence efforts to those units is not only more effective in detecting potential wrongdoing, but also far more cost-efficient.
Peters: In the UK it is very important that entities have anti-bribery policies – including due diligence and risk assessments –in place, as it is a defence to the corporate offence. Both due diligence and risk assessments are key parts of the six principles of having adequate procedures in place. For entities in the financial services sector the Financial Conduct Authority requires firms to have detailed anti bribery procedures in place, a failure to do so can lead to a significant fine. No prosecution for bribery is required first. AON was fined £5.25m in 2009 for inadequate bribery controls. Recent anecdotal evidence suggests that entities are still not paying sufficient attention to ensuring that they have adequate anti-bribery policies in place. From our work we have found that two of the biggest problems entities face are, first, ensuring that employees and other third parties understand the entity's approach. They may believe, for example, that the entity is only paying lip service to the rules, and doesn’t really expect them to comply. The way to defeat such scepticism is ‘tone from the top’, and trying to rebalance the reward structure by incentivising compliance and not only rewarding increased sales. The second problem is dealing with complacency. Review and monitoring work we have undertaken has shown that unless you find ways to keep anti-bribery controls and the purpose of checks uppermost in people's mind, the importance and reasons for these checks is soon forgotten. Key to defeating this complacency is targeted and appropriate training for employees and others depending on risk; ensuring on a regular basis that relevant employees understand the importance and purpose of the procedures and controls they are being asked to comply with; and ensuring that anti-bribery compliance is a key part of decision making – this can be done on a risk assessment basis, for example, gate reviews, contract reviews, approvals, and so on.
FW: What potential exposures do firms face when dealing with third-parties under the FCPA and UK Bribery Act? How can they mitigate or avoid these risks?
Peters: Entities which conduct part of their business here or are incorporated in the UK are liable for acts of bribery committed by third parties where, first, those parties are associated with the entity. An associated party is any party who performs services for or on behalf of the entity. It can include employees, agents, contractors, consultants, suppliers who provide some form of service, joint venture partners, joint venture entities and subsidiaries. Second, the bribe has to be paid or offered by the associated party intending to obtain or retain business or to obtain or retain an advantage in the conduct of business for the entity. However, an entity can avoid liability if it can show that it had adequate procedures designed to prevent persons associated with it from undertaking bribery. This highlights the importance of having in place policies and procedures to mitigate the risks in using third parties. When determining the level of checks required, consider the nature of the business, the country the business is to be conducted in, the country of origin of the third party, the size of the business, the nature of the services to be provided, and the types of people the third party will need to interact and deal with. Key checks, depending on risk assessment, may include the make-up or connections of the third party, the size of the third party, the services the third party provides, the reputation of the party, and what policies it already has in place and what work has been done to implement those policies.
Kang: Under both the FCPA and UK Bribery Act, a company can be held responsible for any improper payments made on its behalf by a third-party agent, and most of the recent FCPA enforcement actions have involved actions of third parties. Proper due diligence and vetting of third parties is therefore an extremely important component of an effective compliance program. A third-party due diligence procedure should be part of a company’s written policy and communicated globally. Companies should apply a risk-based approach and spend greater resources vetting third parties that are in high-risk industries or countries and that have contact with foreign government officials. For third parties that need to be vetted more thoroughly, companies should determine their qualifications. What is their reputation? What is the business rationale for bringing them on? Are their fees commensurate with others in the same market and industry? Above all, companies should ensure that all vetting and communication is properly documented and preserved.
FW: Increased and strengthened regulations place a greater burden on companies. What advice can you give to firms on balancing costs with maintaining compliance?
Kang: Effective risk assessment is the best way for companies to maintain a robust compliance program that will be looked upon favorably by regulators without breaking budget. Companies should determine which of their business units operate in high-risk countries or industries, which have more contacts with foreign government officials, and which have a greater reliance upon the services of third parties. More resources should then be channeled to the business units that are at greater corruption risk according to those criteria. At the end of the day, companies that effectively employ a scalpel, not a meat cleaver approach to compliance, will best be able to balance effectiveness and costs.
Peters: A full and comprehensive risk assessment programme considering the bribery risks the business is exposed to, for example, in which countries does the entity do business, in which sectors, who does the entity deal with, the sales and delivery channels, the methods of remuneration, the services that the entity needs to obtain, allows an entity to adopt a risk assessment approach to implementation of its policies. This means that resources can be devoted to those areas of greatest risk. This can lead to significant cost savings in the field of due diligence, rather than adopt a one size fits all approach, more due diligence can be undertaken on those relationships that pose the greatest risk and less on lower risk relationships. In addition, part of adequate procedures is ‘tone from the top’. Our experience has shown that the greater the engagement of senior management in the process the less likely it is that employees will fail to follow procedures. While there is a cost in terms of management time, overall this is likely to lead to costs savings.
FW: What developments do you expect to see in the next 12-18 months? Do you predict any further regulatory or legislative changes that may add to the heavy weight of FCPA and Bribery Act compliance?
Peters: Earlier this summer there was a rumour that there would be a review of the application of the Bribery Act. Such a review seems unlikely at present given comments by the current UK government. In fact the government have stated that we “have considered the option of earl[y] post-legislative scrutiny but feel it is premature, especially in the absence of significant business representations or cases prosecuted.” Instead there is likely to be increasing focus on training provided to entities to ensure that they understand what the Act requires of them in terms of putting in place policies and procedures to prevent bribery. Further, we are increasingly likely to see greater focus on anti bribery by both regulators and law enforcement in the UK, particularly around the application of the corporate offence, to ensure that the message is communicated that the Act does have teeth. In some quarters the FCPA and the DoJ are taken more seriously given the size of the penalties, however, the Innospec case a few years ago in the UK, highlighted an expectation from the judiciary that the levels of fine and confiscation orders should significantly increase and bring the UK into line with the US. Finally, a further development is the introduction during the course of 2014 of Deferred Prosecution Agreements. While not entirely following the US model, there are many similarities.
Kang: In April 2013, Royal Assent was given to legislation that would create a regime to allow the use of deferred prosecution agreements in the UK. Public consultation is being solicited, and it is expected that DPAs will be available for prosecutors by February 2014. DPAs will allow companies to settle allegations of the UK Bribery Act without being prosecuted and without any formal admission of guilt. Given the challenges that prosecutors in the UK face in proving criminal corporate mens rea, I expect that there will be significant use of DPAs to settle charges under the Bribery Act. Because DPAs typically shorten the length of investigations thus freeing up prosecutorial resources, I anticipate that you may see an accompanying rise in the number of corporate Bribery Act investigations in the coming 12-18 months. Companies doing business in the UK need to take steps to ensure that their anti-corruption programs are compliant with the Bribery Act.
Nichola Peters is a partner in the corporate crime team at Addleshaw Goddard LLP, specialising in advising corporates, directors and senior management on financial and corporate crime issues. Her practice includes conducting internal investigations into breaches of sanctions, corrupt conduct, money laundering, and terrorist financing; advising on financial and trade sanctions legislation; and advising on and conducting due diligence programmes relating to financial and corporate crime risks. Ms Peters regularly lectures to clients and at trade association conferences, including the BBA and the AMLP. She can be contacted on +44 (0)20 7160 3370 or by email: firstname.lastname@example.org.
Edward T. Kang is a partner in the Washington D.C. office of Alston & Bird LLP’s Government and Investigations Group. His practice focuses on white collar criminal, regulatory, and compliance matters in the areas of the Foreign Corrupt Practices Act, health care, antitrust, and securities. He is a former federal prosecutor with the Department of Justice. During his eight years in government service, Mr Kang led numerous investigations and prosecutions of complex fraud and public corruption matters. In 2012, he was awarded the Attorney General’s Distinguished Service Award. Mr Kang can be contacted +1 202 239 3728 or by email: email@example.com.
© Financier Worldwide
Addleshaw Goddard LLP
Edward T. Kang
Alston & Bird LLP