The UK Bribery Act – how to avoid prosecution
The Bribery Act is yet another compliance requirement – sort of. If you take PCI compliance, then there are specific things you have to do. For example:
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Payment Card Industry (PCI) Data Security Standard, V2.0
The Bribery Act is different. Section 1 makes it an offence for one individual to bribe another; but the Bribery Act 2010 also creates a new offence under Section 7:
7. Failure of commercial organisations to prevent bribery
(1) A relevant commercial organisation (“C”) is guilty of an offence under this section if a person (“A”) associated with C bribes another person intending…
In effect, it says what you mustn’t do (be corrupt) without ever defining what it is (corruption) that you mustn’t do (at which point, M’lud, I refer you to The Weasel Words Principle that underpins British law-making). A quick example: what on earth is ‘facilitation’? It’s not defined. But it is recognised as potentially a necessary evil. You could even make the case for suggesting that facilitation that lands an important contract that will benefit the UK is acceptable and legal; while facilitation that invokes international condemnation is bribery and therefore illegal.
Back to the point. Effectively, in order to comply with the Bribery Act, you have to be able to prove you didn’t do what isn’t clear; which is a bit like proving a negative (some experts say you can do it, while others say you can’t do it; but either way ‘you can’t prove a negative’ is a negative…).
So what can you do to comply with this negative requirement? Luckily there is some help in Ken Clarke’s Guidance Notes issued last week. Frank Coggrave of Guidance Software points to Paragraph 12 as being of particular relevance:
The application of bribery prevention procedures by commercial organisations is of significant interest to those investigating bribery and is relevant if an organisation wishes to report an incident of bribery to the prosecution authorities – for example to the Serious Fraud Office (SFO) which operates a policy in England and Wales and Northern Ireland of co-operation with commercial organisations that self-refer incidents of bribery (see ‘Approach of the SFO to dealing with overseas corruption’ on the SFO website). The commercial organisation’s willingness to co-operate with an investigation under the Bribery Act and to make a full disclosure will also be taken into account in any decision as to whether it is appropriate to commence criminal proceedings.
Guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing
In other words, compliance with the Bribery Act requires a two-pronged approach: you make visible efforts to ensure that the stable-door remains tightly closed; but if you suddenly discover that the horse has already bolted, you grass it up and hang it out to dry.
Compliance with the Bribery Act in effect revolves around how you tackle this two-pronged approach. The first part will involve establishing policies and procedures designed to prevent the possibility of giving or receiving bribes (that is, closing the stable door). “The sort of things companies can do,” says Mark Burgess of Blackhawk Investigations, “include delivering relevant training to their staff, and developing a clear communication strategy that this sort of behaviour is culturally unacceptable through both the induction process and ongoing anti-fraud training and initiatives.” You could say that Bribery Act compliance must not merely be done, it must be seen to be done.
But if all of this fails (that is, the horse has already bolted) and you have a rogue employee who either gives or receives bribes, then you need to be able to proactively discover this rogue and turn him into the authorities (grass him up and hang him out to dry) in order to avoid corporate complicity. And that will probably involve the use of eDiscovery and forensic software such as Guidance Software’s EnCase. “Our software,” says Frank Coggrave, “is used for many different compliance requirements, freedom of information requests, and litigation issues. But you can repurpose the software to do regular scans of your environment designed to turn up malpractice [and rogues]. That would be a very positive statement in your favour in case someone, possibly a competitor, suddenly found that you had made excessive facilitation payments. If you are taking proactive measures both in training and employing things like eDiscovery software to make those sweeps, you will be less likely to be prosecuted.”