The UK Bribery Act, which became effective on July 1, 2011, applies to all companies doing business in the UK (including privately-held companies) and applies to bribes paid in any country in the world. While similar to the anti-bribery provisions of the FCPA, the UK Bribery Act is broader than the FCPA in a number of significant respects. Consequently, even companies that have well-established internal controls and safeguards for FCPA compliance should be aware of the scope of the UK Bribery Act.
In particular, companies that do business in the UK are advised to review their anti-corruption policies and procedures in light of the guidance recently published by the UK Ministry of Justice regarding the "adequate procedures" that companies must have in place to avoid strict liability for improper actions of its employees and agents.
The Broad Territorial Reach and Scope of the UK Bribery Act
The territorial reach of the UK Bribery Act extends to companies that "carry on a business or part of a business in the UK." While the law is unclear with respect to the extent of business activity required to subject a company to the act, the UK Ministry of Justice recently noted that the law's strict liability provisions would apply to companies with a "demonstrable presence in the UK." While the ultimate determinations will be made by UK courts on a case-by-case basis, US companies with operations, offices or sales representatives in the UK should assume that they are subject to the new law.
In many respects, the UK Bribery Act is similar to the anti-bribery provisions of the FCPA. The two laws both generally prohibit companies from making payments to government officials to obtain a business advantage. However, the scope of the UK Bribery Act extends beyond that of the FCPA in the following key respects:
Strict liability for failure to prevent bribery - The most significant departure from the FCPA is the UK Bribery Act's introduction of a new separate offense for a company's failure to prevent bribery by its employees, agents, subsidiaries or others who perform services for the company. This new offense applies on a strict liability basis, and is only subject to one defense: proof that the company has in place "adequate procedures" to prevent bribery. The fact that the company was not aware of improper action by, for example, a sales agent or distributor is not a defense. Thus, companies should consider whether they have adequate measures in place, such as appropriate anti-bribery provisions in their contracts with third parties. A summary of the recently issued guidance regarding "adequate procedures" under the UK Bribery Act is included below.
Applicable to public officials and private parties - The UK Bribery Act does not distinguish between public and private sector bribes. Bribery of private parties as well as public officials is prohibited.
"Corruption" not required for liability - Under the UK Bribery Act, a bribe by a company or any of its employees or agents is an offense under the act if done with the intention to obtain or retain business or to obtain a business advantage. This is a lower threshold than under the FCPA, which requires that a payment be made "corruptly" to establish liability.
Accepting bribes is also prohibited - While the FCPA does not target recipients of a bribe, under the UK Bribery Act, both the bribe-taker and the party paying a bribe may be liable. In some cases, the offense of accepting bribes may be prosecuted without proof of intent. For example, accepting lavish hospitality from a supplier may be subject to prosecution.
"Facilitation payments" are not expressly permitted - The UK Bribery Act does not contain any exemption for payments made to facilitate or expedite routine governmental action by a foreign official, such as issuing licenses or permits. These so called "facilitation payments" are expressly excluded from the anti-bribery provisions of the FCPA. However, it is worth noting that even under the FCPA, U.S. enforcement agencies appear to be taking an increasingly narrow view of what falls within the "facilitation payment" exception.
No affirmative defense for hospitality and bona fide expenses - The FCPA includes an affirmative defense for payments that represent reasonable and bona fide expenditures directly related to the promotion, demonstration or explanation of products or services or the execution or performance of a contract with a foreign government. There is no such defense under the UK Bribery Act. Instead, any financial or other advantage given or promised to another could amount to a bribe if a reasonable person in the UK would regard that action as improper or if it is an inducement or reward for something that a reasonable person in the UK would regard as improper. The test is clearly subjective. Modest corporate entertainment or gifts may be considered permissible, and lavish ones may not. It will not necessarily be straightforward to decide where the line should be drawn.
Penalties for violating the UK Bribery Act can vary widely, but may include unlimited fines on companies failing to prevent bribery, up to ten years in prison per offense for responsible persons and debarment from public contracts in the European Union.
"Adequate Procedures" Required to Avoid Strict Liability
The offense of failure to prevent bribery applies on a strict liability basis unless a company can demonstrate that it had in place "adequate procedures." The UK Bribery Act therefore incorporates a strong mandate for companies to establish and maintain effective internal controls to prevent acts of bribery.
The UK Ministry of Justice recently published guidance on the "adequate procedures" that companies must take to avoid strict liability for violations of the Bribery Act by employees, agents, subsidiaries or others who perform services for or on behalf of the company. This guidance is formulated around six principles, which include familiar elements seen in principles for FCPA compliance:
Proportionate procedures - A company's procedures to prevent bribery by persons associated with it should be proportionate to the bribery risks it faces and to the nature, scale and complexity of its business. Close attention should be paid to the people associated with the company, and the procedures should be clear, practical, effectively implemented and enforced.
Top-level commitment - Similar to the focus on board and senior management involvement under the FCPA, the UK guidance emphasizes the need for a company's top-level management, including the board, to be committed to preventing bribery by persons associated with the company. Company leaders must foster a culture in which bribery is never considered acceptable, and this should be communicated both internally and externally.
Risk assessment - A company should assess the nature and extent of its exposure to risks of bribery, including bribes made on its behalf by persons associated with it. The assessment should be periodic, informed and documented. The guidance identifies several types of external risks that a company should consider, including country risk (which may be evidenced by perceived high levels of corruption), sector risk (with certain industries, such as oil and gas and large-scale infrastructure, involving greater risks) and business partnership risk (such as risks associated with joint venture partners and third-parties interacting with government officials).
Due diligence - The guidance directs companies to conduct due diligence on the individuals and businesses who perform services for or on behalf of the company in order to mitigate identified bribery risks. The due diligence can be performed internally or by consultants or lawyers. The level of due diligence performed should be proportionate to the risks involved. In certain high-risk situations, such as engaging a third-party to assist in establishing a business in a foreign market, greater due diligence may be required. Background checks, for example, on proposed foreign distributors may be appropriate. The guidance also suggests that companies may wish to conduct due diligence on their potential and existing employees, depending on the role of such employees and the associated risks.
Communication (including training) - Companies should seek to ensure that their bribery-prevention policies and procedures are embedded and understood throughout the organization through internal and external communication, including dissemination of the company's bribery-prevention policies and training programs.
Monitoring and review - Companies should regularly monitor and review their anti-bribery procedures and make adjustments and improvements where necessary. The guidance notes that because the bribery risks that a business faces may evolve over time, the controls required to mitigate those risks are also likely to change and must be regularly reviewed.
In light of the broad scope and territorial reach of the new UK Bribery Act, companies that conduct business in the UK - both those with well-established anti-corruption policies, as well as those that are developing a formal compliance program for the first time - should carefully consider their potential exposure to the risks of bribery and corruption, and should develop and implement tailored policies and procedures to address such risks.