The UK Bribery Act and Beyond – Preparing for Change

By Michael W. Johnson

This article will detail the most important elements of the law, highlighting the restrictions that are broader than previous anti-corruption laws, such as the US Foreign Corrupt Practices Act (“FCPA”). It will then discuss the steps companies should take to ensure that they have “adequate procedures” in place to prevent prosecution under the law.

What is the act?

The UK’s recently enacted Bribery Act 2010 is causing companies around the world to re-examine their anti-bribery policies and prevention efforts. The law, which applies to companies that conduct any part of their business in the UK, prohibits bribes of government officials or privately employed individuals anywhere in the world. There are no exceptions for “hospitality” or “promotional” expenditures (i.e. paying for flights, dinners or gifts, etc.) or small “facilitation payments” to expedite routine government actions.

Companies can be strictly liable for bribes paid by any person associated with their business, even if they didn’t know about, or authorise, the bribe. Companies that violate the Act will face unlimited fines. Individuals who commit offences will also face an unlimited fine and potentially up to ten years in prison. Fortunately, a company can raise a complete defence to its failure to prevent a bribe if it has in place “adequate procedures” to prevent bribery from occurring.

Consider the following scenarios:

You are a compliance officer for a multi-national company that is currently building a manufacturing plant in China. The project is over budget and behind schedule, so your company recently hired a construction consultant to help speed up the process. So far the consultant has done the following:

• He donated €5,000 to support a local charity at the request of the local Chinese building inspector. In return, the building inspector agreed to skip some required inspections.

• He gave a Chinese custom’s official €20 in exchange for her ensuring that some building materials cleared customs quickly.

At the same time that your company is building the plant in China, the sales team is working furiously to increase sales around the world. Last week a salesperson gave the procurement officer of a private Nigerian company €10,000 in cash in exchange for signing a deal on behalf of his company.

Another salesperson is bidding on a large contract to supply goods and services to the Romanian government. To help close the deal, the salesperson paid for Romanian government officials and their families to visit your headquarters to learn more about your company’s offerings. As part of the visit, the salesperson provided the government officials and their families with tickets to attend a professional football game.

To determine which of the above actions you should be concerned about, ask yourself the following questions:


Is your company covered by the Jurisdiction of the UK Bribery Act 2010?

The law’s jurisdiction is expansive. It applies to all bribes where an act (or omission) in furtherance of the bribe occurs in part of the UK. It also applies to bribes that take place anywhere in the world if the bribe is committed by a UK citizen or UK company.

In addition, the law applies to bribes that occur anywhere in the world by non-UK companies that conduct any part of their business in the UK. For example, the Bribery Act would cover a company that has a few employees working in the UK or that simply sells its goods or services in the UK. The jurisdiction of the Bribery Act could be even broader than the US FCPA, which generally covers bribes made by non-US persons or companies only where an act in furtherance of the bribe occurs within the United States. We will have to see how strictly the UK’s Serious Fraud Office enforces the law against non-UK companies and if British courts uphold the jurisdictional reach of the law. However, as your company probably doesn’t want to be the “test case” on the jurisdictional issue, you should comply with the UK law.


The company is liable for committing bribery or receiving a bribe where the offence “is proved to have been committed with the consent or connivance” of a director or senior officer of the company.

Has a bribe occured?

A bribe occurs where someone offers, promises or gives a “financial or other advantage” to another person intending to induce someone to perform a function improperly, or reward the person for having performed the function improperly. Accordingly, many of the payments made in the scenario described above would constitute bribes under the Act.

Payment need not be made directly to a government official

The construction consultant’s donation of €5,000 to a charity at the request of the Chinese building inspector likely would be considered a bribe. It doesn’t matter that payment wasn’t made to the government official directly, as long as the payment was made in an effort to induce the government official to perform her job improperly. In this case, she agreed not to perform some building inspections in exchange for the donation.

The Bribery Act makes this donation unlawful in part because it could give your company “an advantage in the conduct of business”. If your company can avoid complying with building inspections, the cost to build the plant will likely fall, thereby giving your company an unfair advantage in the market against companies who don’t make such payments.

No facilitation payments allowed

The consultant’s payment of €20 to a Chinese customs official would be considered a bribe. Unlike other laws such as the FCPA, the UK Bribery Act does not contain an exception for small “facilitating” or “grease” payments that are designed to expedite routine government actions.

Covers commercial bribes and bribery of domestic officials

The UK’s Bribery Act applies not only to bribes of foreign government officials but also to bribes of private companies or individuals. Thus, the salesperson’s bribe of the procurement officer of the Nigerian company would violate the Bribery Act.

Promotional activities

Unlike the FCPA, the Bribery Act does not include an affirmative defence for reasonable and bona fide business expenditures that are directly related to promotional activities. UK authorities, however, have indicated that prosecutors may exercise discretion on when they prosecute companies for paying for such promotional expenses. Companies should ensure that paying for such promotional expenses is not seen as a way to improperly influence the officials and that any promotional expenses are not excessive.

In this scenario, while paying for the Romanian government officials to visit your headquarters seems like an appropriate marketing expenditure, paying for their families to accompany them on the trip and attend the professional football game are likely to cause concern among UK prosecutors.




Who committed the bribes?

The UK Bribery Act applies not just to bribes committed by your employees, but also by “associated persons” such as agents, consultants, joint venture partners and other third parties who perform services on your behalf. Unlike the FCPA which requires that the US person have “knowledge” that the third party is or will be paying a foreign government official, under the UK Bribery Act, companies are strictly liable for payments made by associates. Thus, the consultant’s payments to the Chinese officials would be attributed to your organisation.


Did our management know of the bribes?

The company is liable for committing bribery or receiving a bribe where the offence “is proved to have been committed with the consent or connivance” of a director or senior officer of the company. Violations of the Bribery Act can result in up to 10 years in prison for individuals and unlimited fines for individuals and companies.


Did we have in place “adequate procedures” to prevent bribery?

First, the bad news: Even if no one in your management knew that the bribes were occurring, the company is still criminally liable if any employee or associated person committed a bribe.

Now, the good news: A company can raise a complete defence to the criminal violation of “failing to prevent a bribe” if it can show that it had in place “adequate procedures” to prevent bribery from occurring. Where an employee or associate of the company is, on the face of it, guilty of committing bribery, the onus will then fall on the company to affirmatively demonstrate that its system and procedures should have prevented bribery.

The UK Government has said it will issue guidance on what constitutes “adequate procedures” later this year. It has already indicated that the published guidance on adequate procedures will not be prescriptive in nature. Instead, the guidance will be ‘principles based’ and will outline examples of best practices.


What should we do now?

While we don’t yet know exactly what the “adequate procedures” guidance will say, we expect that UK authorities will rely at least in part on the OECD’s “Good Practice Guidance on Internal Controls, Ethics and Compliance” as well as on the principles outlined in the US Federal Sentencing Guidelines on the topic of corporate compliance programmes. With those documents in mind, if your company is covered under the UK Bribery Act, you should take the following steps now:


1. Conduct a Risk Assessment

The incidence and types of bribery vary by country and industry. Your company should conduct an assessment to determine your greatest risks. As part of that assessment, you should look at the number of bribery issues that have been reported through your hotline and look for any trends in specific countries where you operate.


2. Create policies that take into account the new Bribery Act standards

You should examine all policies to ensure that they comply with the new Bribery Act standards. For example, many companies currently allow small “facilitating payments” to expedite routine government actions. The Bribery Act outlaws those payments. Because there is no specific exception in the law for reasonable and bona fide promotional expenses, you need to ensure that you have clear policies on gifts and entertainment. Finally, you need to ensure that you have strong anti-retaliation policies to protect people who report suspicions of bribery or cooperate in the investigations of those cases.


3. Establish a “Tone at the Top” culture

Your company’s leadership must strongly support your compliance programme and communicate the importance of operating in an ethical manner to all employees and associated persons. Communication from senior management on the importance of compliance with the new law must be part of any internal awareness campaign. When undertaking a review of a company’s internal procedures to determine whether or not the “adequate procedures” defence should be applied, a court will expect to see senior management involvement.


4. Establish a formal compliance function and responsible compliance officer

If you don’t have this already, you need to ensure that you establish an effective compliance programme and have a responsible compliance officer in place. You also should take steps to ensure that the compliance officer is independent from other business pressures and has a way to communicate directly with the Board when necessary.


If you don’t have this already, you need to ensure that you establish an effective compliance programme and have a responsible compliance officer in place.


5. Closely examine relationships with third parties

As discussed above, a company can be liable not only for bribes committed by its own employees but also bribes committed by “associated persons.” As a result, you should ensure that your suppliers and other business partners live up to your company’s standards of ethical conduct by establishing an effective Third Party Ethics and Compliance Programme.

The Third Party programme should consist of the following:

• Questionnaire – Survey third parties on their current Ethics and Compliance practices so that you have a means to establish a baseline and a way to segment your third party partners.

• Scoring & White Listing – Evaluate risk indices based on data from the questionnaire. Create an “Approved List” of third parties with whom your employees are permitted to conduct business. The scoring and rating should be an ongoing and iterative process for your organisation. Just because a company has made the Approved List once does not mean that they may not pose a risk in the future.

• Policy – Create a Third Party Code of Conduct. Set clear expectations for your third party partners so that there is no confusion as to what it will take to “do business” with integrity with your organisation.

• Certification – Disclose your Third Party Code of Conduct and policies and certify its distribution to relevant third party personnel.

• Training – Provide training to key third-party personnel on your Third Party Code of Conduct and policies.

• Due Diligence – Order investigations to validate registration data or inspect potential red flags with a specific third party. You should especially monitor closely all payments to and from consultants, commercial representatives and agents, especially in high-risk countries.

• Communication – Provide on-going messaging to your employees and third party partners on key issues and hot topics.

• Web Reporting – Provide a vehicle for third parties to anonymously report violations of the code.

• Resource Hub – House relevant documents that third parties can access at any time. (Code of Conduct, Approved List, contact information, etc.)


6. Provide training

You should immediately provide training to the employees, agents, and other associated persons who could conceivably commit or spot evidence of bribery. The training must address any revisions made to your existing policies to comply with the Bribery Act and should provide guidance on how to handle real-life “grey areas.” All training should be documented.


7. Institute Reporting Mechanisms

Your employees and other associated persons must have a way to report suspicions that bribery may be occurring. In addition to establishing clear reporting mechanisms within your organisation, you also should provide a confidential hotline—including phone, web and mobile solutions so that your employees and the employees of your third party partners can call and report concerns using technology with which they are most comfortable.


8. Implement Investigation and Disciplinary Procedures

As soon as your company learns of an issue, it must conduct an investigation. You should ensure that you use only investigators who have received extensive training in how to plan an investigation, conduct effective interviews, make credibility determinations, and write an effective report. If you determine that misconduct has occurred, you must take prompt and effective corrective action designed to stop the misconduct and to deter future misconduct by that individual or others.



On its face, the UK Bribery Act is stricter than previous anti-corruption laws, including the FCPA. Because of the expansive reach of its jurisdiction, any company that conducts any part of its business in the UK should immediately re-examine its anti-bribery policies and prevention efforts. Failure to do so can result in unlimited fines and even imprisonment.

Fortunately, proactive companies that establish adequate procedures to prevent bribery, as described above, can avoid prosecution.


About the author

Michael W. Johnson is Co-President, Training and Education Solutions, at Global Compliance. Michael is a former attorney in the U.S. Department of Justice. He has trained thousands of compliance officers, attorneys and human resource professionals around the world how to conduct internal investigations. The United Nations selected him to work on revisions to its investigations policies and train its staff in New York, the Congo and Sierra Leone. He has served as an expert witness in cases challenging the adequacy of employers’ investigations. Michael is also advising the Serious Fraud Office on adequate anti-bribery procedures related to the new UK Bribery Act. He is a graduate of Duke University and Harvard Law School.


About Global Compliance

Global Compliance is the leading global provider of comprehensive, integrated ethics and compliance solutions that help organizations build a culture of integrity, reduce risk and enhance performance. We serve over 4,000 clients – including public and private corporations, academic institutions, government entities and non-profit organizations – and their 25+ million employees in over 200 countries and territories.

The views expressed in this article are those of the authors and do not necessarily reflect the views or policies of The World Financial Review.