The New UK Bribery Act: A Legal Minefield for CEOs
New UK law, the harshest anti-corruption legislation ever enacted, poses serious legal risks for corporate officers and directors regardless of nationality or domicile. Timothy Ashby outlines the new law and lets CEOs know how to stay in compliance.
May 6 2011 by Timothy Ashby
The UK Bribery Act that will take effect on July 1, 2011 will cause many sleepless nights for CEOs on both sides of the Atlantic. The law is extra-territorial in scope, with broad application not only to British companies, citizens and residents, but also to public and private foreign companies doing business in Great Britain, regardless of whether the act or omission constituting bribery occurs in or outside the UK. The burden of proof will be on the defendant, not the prosecution – a disturbing new trend in international law.
The new UK law will establish rules for two general offenses covering the offering, promising or giving of a bribe (active bribery) and the requesting, agreeing to receive or accepting of a bribe (passive bribery). The Act expands the scope of regulation to include commercial bribery, not just bribery of government officials.
If your company is involved in international transactions you are probably aware of the US Foreign Corrupt Practices Act (FCPA), which until now set the standard for global anti-bribery legislation. While similar to the FCPA, the UK Bribery Act carries harsher penalties and is riddled with ambiguities that will be a minefield for businesses and a bonanza for law firms. The Act holds senior executives and directors personally liable for failing to prevent bribery being committed by employees, agents or subsidiaries doing business on their behalf worldwide – a new type of criminal offence that targets inactivity rather than actively committing an offence. Individual executives can be imprisoned for up to 10 years, and officers and directors may incur unlimited fines.
You and your organization can be held criminally liable under the Act if a person “associated” with your company pays a bribe. An “associated person” is defined as someone who “performs services” for a commercial organization. For example, consider that you are the CEO of a parent company based in New Jersey with subsidiary operations in the UK and Russia. One of your suppliers in Moscow pays the dispatcher of a private trucking company $100 to expedite shipment of a perishable product. That simple “facilitation payment” – legal under the FCPA – can make you, your entire executive team, and your board subject to the jurisdiction of a British court. Your company could spend millions of dollars in legal defense fees for a remote – and previously routine – act performed by someone who was not even an employee. If you lose your case – and rest assured that the British prosecutors will aggressively pursue you – you could be imprisoned for a decade and suffer personal financial ruin.
For centuries, it has been customary in many countries to pay gratuities to stevedores loading and unloading cargo from ships – effectively an attendance allowance to turn up on time. Under the Bribery Act, this could now be considered criminal activity by the person making the payment and by the company employing him or her as an agent.
Under the Act, bribery does not simply mean money changing hands to gain a business advantage. It also involves the giving of gifts or what the British Government’s Serious Fraud Office would consider extravagant corporate entertainment. Unfortunately, what the CEO of a Fortune 500 company may consider “reasonable and proportionate” entertainment for his counterpart at China National Petroleum could be viewed differently by an investigator at the UK Justice Ministry making £40,000 per year.
Merger & Acquisition activity also carries the risk of “successor liability.” Companies can be held criminally responsible for any corrupt activity which may have previously occurred in the recently acquired entity. Furthermore, merely doing business in a jurisdiction known for corruption and failing to implement “adequate” anti-bribery procedures could be enough to justify prosecution of a senior officer for being an accessory to corruption if a bribe is paid.
The UK’s Serious Fraud Office – the lead agency in England and Wales for investigating (jointly with the police in some cases) and prosecuting cases of overseas corruption – has emphasized that prosecutions will focus on individuals rather than the corporation. This follows general US and UK policies on anti-corruption. For example, last year US Attorney General Eric Holder, speaking at the OECD in Paris warned that “prosecuting individuals is the cornerstone of our enforcement strategy …. The risk of heading to prison for bribery is real, from the boardroom to the warehouse.”
Criminal fines arising from corruption probes are not insurable under D&O policies, although individuals may be able to recover some of the costs of defending bribery-related cases until the case is completed, provided they are named on the policy. Only in cases where fraud or dishonesty is proven would insurers be able to seek repayment of any defense-related monies they paid out. Violations of the Act are likely to result in very expensive litigation resulting from a securities fraud or derivatives lawsuit. A failure to maintain “adequate procedures” may expose Directors and Officers to litigation from shareholders claiming a breach of fiduciary duty.
After reading this you may be shaking your head and thinking of taking early retirement before the international regulatory environment gets even tougher. Yet on second thought, you will realize that the UK Bribery Act is going to be a fact of life and business. So how can you avoid a potentially devastating criminal anti-bribery liability while conducting international business?
Unlike the FCPA, where a compliance plan is not a defense but may support leniency at sentencing, the existence of a compliance program incorporating “adequate procedures” within your company will be considered an affirmative defense in the UK to the offence of failing to prevent bribery. These “procedures” embrace both bribery prevention policies and the procedures which implement them. British courts will pay close attention to “proportionality”- the principle that a company’s procedures to prevent bribery by persons associated with it be proportionate to the risks it faces and the nature, scale and complexity of its activities. A robust compliance plan therefore requires (A) a thorough audit trail demonstrating the procedures and control systems introduced, and (B) the training of relevant members of staff to ensure that they are aware of and continually diligent in meeting their obligations.
The UK Ministry of Justice issued a guidance paper to help companies understand how to comply with the Act. The document outlines six key principles that companies should follow to “prevent bribery being committed on their behalf.” They include making a top-level commitment to foster a culture in which bribery is never acceptable, conducting periodic risk assessments and applying due diligence procedures with regards to bribery prevention.
You and your executive team would be mistaken to think that an in-house FCPA compliance program is sufficient to meet the “adequate procedures” criteria of the new UK Bribery Act. A fresh compliance plan should be adopted, according to the following general procedures:
- Fully evaluate your entire operation – how and where you do business – to assess all of the new risks being faced. You will need to give special attention to countries considered “high risk” for corruption, as the UK authorities – through diplomatic and intelligence resources in those jurisdictions – are likely to closely scrutinize your operations there.
- Provide thorough training and education to employees, subsidiaries, agents and business partners, including persons far down the supply chain. Web-based training is not recommended because it lacks the personal approach that face-to-face training can provide to higher-risk employees.
- Develop technologically advanced mechanisms for risk assessment and due diligence. A number of resources are available that will enable you to customize your strategies for specific countries and business partners.
- Conduct ongoing monitoring examinations and reviews to assess changed circumstances and to identify new risks as they emerge. Your compliance team should report to you and your Board on a monthly basis to meet the Bribery Act’s “adequate procedures” guidelines.
The UK Bribery Act will undoubtedly be the harshest anti-corruption legislation ever enacted, with a legal impact far beyond the British Isles. CEOs and their companies should begin planning now for compliance programs to mitigate significant criminal exposure. And you would be advised to leave that $24,000 bottle of ’78 Montrachet Domaine de la Romanée-Conti at home rather than bring it as a gift to the Chairman of Novartis – he’ll understand because he also does business in the UK and is as vulnerable as you are under the new Act.