The legal concept of “adequate procedures” was introduced in the UK Bribery Act in 2010 as a defence to the corporate offence of failing to prevent bribery.

That said, the concept itself has in fact been present in corporate compliance programs for many years and, whilst the English Courts have yet to determine exactly what constitutes adequate procedures as a criminal defence, there is extensive guidance flowing from both England and around the world which offers a helpful starting point when considering what should be in place as part of a robust compliance program.

Proportionate Procedures

• Procedures must be clear and proportionate to the bribery risks faced by the organisation. For example,
• small national organisations in low risk industries will not have to apply the same procedures as large international organisations with operations in high risk industries and jurisdictions.
• US DoJ guidance states that an effective compliance program should be tailored to the organization’s specific business and to the risks associated with that business. = http://www.justice.gov/sites/default/files/criminal-fraud/legacy/2015/01/16/guide.pdf
• There is no “one-size-fits all” approach and a “tick-the-box” approach to anti-bribery procedures should be avoided.

Top-Level Commitment

• The senior management of an organisation must be involved in determining and implementing anti-bribery compliance procedures as well as keeping them under review on an ongoing basis.
• Measures that can be adopted to help demonstrate this commitment include: ensuring the board formally approve the organisation’s anti-bribery policy; making a senior manager responsible for implementing the anti-bribery policy; and regularly communicating that no employee will be penalised for refusing to pay bribes, even if refusing to pay bribes may result in the organization losing business.

Risk Assessment

• An organisation’s policies and procedures should factor in, and keep up to date with, the bribery risks it faces in its business sector and the market generally. Such risk assessments must be periodic, informed and documented.
• Factors to be considered in any risk assessment include: country risk, sectoral risk, transactional risk, business opportunity risk and business partnership risk.
• A 2014 OECD Report on combatting corruption found that bribery risk may not be as closely linked to country risk as commonly thought.
• http://www.oecd-ilibrary.org/docserver/download/2814011e.pdf?expires=1444045480&id=id&accname=guest&checksum=64F3BE5E00A40C89086A26AE10388AEF
• Instead, it recommended that organisations might want to focus on sectoral factors and identified the extractive, construction, transportation, information and communication sectors as particularly high risk.
• The European Anti-Corruption Report 2014 sets out where commercial organisations should expect red flags (i.e. urban development and construction, healthcare and tax administration) and how to plan for the sustainability of a compliance program. http://ec.europa.eu/dgs/home-affairs/e-library/documents/policies/organized-crime-and-human-trafficking/corruption/docs/acr_2014_en.pdf
  • An organisation doing business in Europe may wish to carefully review the Report’s analyses of the specific countries in which the organisation does business in order to assess its compliance procedures. It also contains an in-depth discussion of the corruption risks in public procurement.

Due Diligence

• Due diligence should be extended to all third-party business partners, including: agents, subsidiaries, contractors, joint venture partners, third party service providers or suppliers.
• According to the OECD, three out of four foreign bribery cases involved intermediaries.
• US DoJ guidance provides principles that should always apply to third party due diligence. These include understanding the connections of third party partners, having an understanding for including the third party in a transaction and undertaking some form of monitoring of third party relationships. http://www.justice.gov/sites/default/files/criminal-fraud/legacy/2015/01/16/guide.pdf
• US enforcement actions also indicate that authorities may consider specific policies on due diligence of foreign business partners as a reason for deciding not to bring a corporate prosecution [see Morgan Stanley – 2012 http://www.justice.gov/opa/pr/former-morgan-stanley-managing-director-pleads-guilty-role-evading-internal-controls-required  ].
• M&A activity can present considerable bribery risk and targets should be clearly vetted, both to verify they are not committing bribery and to ascertain that there are no “legacy risks” related to past bribery.
• Joint venture partners should also be encouraged to adopt an equivalent compliance program.

Communication

• Organisations should make it clear and unambiguous to all staff and business partners that bribery is unacceptable. Bribery prevention policies and procedures should be embedded and understood throughout the organisation.
• An important aspect of this is the establishment of a secure, confidential means for internal or external parties to raise concerns about bribery (or the adoption of “speaking up” or “whistleblowing” procedures).
• US authorities have commended the fact that an organisation’s whistleblowing hotline was available toll-free 24/7 in every major language in a recent decision to not prosecute a company. It has also been recommended that an organisation’s whistleblowing hotline be extended to third-party business partners.
• US guidance adds to this by saying that once an allegation is made, organisations should have in place an efficient, reliable and properly funded process for investigating the allegations and documenting the organization’s response.
• Many organisations have also found that publicizing disciplinary actions internally, in compliance with local law, can have an important deterrence effect.
• Despite some jurisdictions permitting exemptions to facilitation payments in certain circumstances, it is generally considered more efficient and effective to prohibit such payments globally.

Training

• Bribery prevention policies and procedures must be embedded and understood throughout the organisation, including training that is proportionate to the risks faced.
• Training should be ongoing and appropriate to specific roles. For example, those working in purchasing, contracting, distribution or marketing, or in high risk countries, may require additional training.
• Annual certification of accreditation for front line employees.
• It should also include training on “whistle blowing procedures” and be mandatory for all new staff.
• Training may also be appropriate for some third party business partners.

Monitoring and Review

• Procedures must be regularly monitored, reviewed and, where necessary, improved to respond to any changes in risk.
• In addition to regular intervals, an organisation may want to review its processes in response to other stimuli, for example following governmental changes in countries in which they operate in, an incident of bribery or other negative press reports.
• External verification of the effectiveness of anti-bribery procedures may also be sought and is explicitly recommended by both the joint DoJ and SEC guidance and the UK’s Ministry of Justice guidance on the Bribery Act.

Read more http://bit.ly/1I7XiSm