The new UK Bribery Act is a big deal for any company operating in the UK: it’s a complex and far-reaching piece of legislation and, if something goes wrong, the buck stops at board level
“It needs to be on the strategic risk register,” says Robert Noye-Allen, partner in governance, risk and assurance at Moore Stephens. “It needs to be on the Board’s radar. It will affect every sector as well as the way some companies do business. The whole corporate hospitality sector will need to be re-thought.
“The accountability structure is complex and Board members could find themselves prosecuted for something that went on without their direct knowledge.”
In addition the Act is very enigmatic, with the precise scope difficult to grasp - ensuring compliance will require real vigilance.
“There’s a hell of a lot that’s still unclear. I think it’s a case that, as and when court cases appear, we will learn more,” says Noye-Allen.
Of course, no company can completely protect itself against an employee going rogue and paying a bribe. So what can you do? The main defence against the Act seems to be showing you have done all you can to comply.
“You need to ask yourself: do we have adequate controls on personnel? Do we have a positive culture on the ground?” says Alex Plavsic, head of KPMG’s UK forensic practice. “If you get those two things right you will go a long way to dealing with the requirements of the Act.
“You need to show you have the right controls within your business’ culture; it’s no defence to say that something was the action of an individual. Instead, you need to be able to say: ‘Ok, employee x did this, but we have put in place everything we can be reasonably be expected to do as a company to eliminate this kind of behaviour.’”
“It’s not enough to not take part in bribery, you have to show that you’re not taking part,” says Helen Humphreys, Programme Director, ABC Compliance at Rolls Royce.
So what should you do?
1. RISK ASSESSMENT
Firstly, establish where the high-risk areas are in your business. “It’s important to do a proper risk assessment as a lot of companies won’t be particularly affected, those that don’t work in high-risk environments, don’t deal with big contracts and don’t use third parties or agents to make deals,” says Plasvic.
Those that do: look back and establish when, where and why problems have arisen in the past.
2. CREATE POLICIES THAT COMPLY WITH THE ACT
Make sure all relevant internal policies and procedures have compliance with the Act written through them like a stick of rock. In particular, the Act outlaws small ‘facilitation payments’, and you should make sure you have clear guidelines on gifts and corporate hospitality.
“It comes down to transparency,” says Noye-Allen. “If you are offering corporate hospitality you will need to be able to show proper process and ensure your intention is clearly set out. People say to me: ‘we’re not doing anything improper, we’re just doing what everybody does; it’s normal to offer hospitality in our sector.’ But they need to re-think. The effects of the Act will be psychological, they will change the way people work.”
3. LEAD FROM THE TOP
The Board must be on board. “Leadership is vital,” says Plasvic. “If those at the top appear to be equivocal about the Act, then the people on the ground may be confused about any changes they need to make.”
4. …AND THE MIDDLE
It’s not just those at the top who need to understand the importance of compliance. Acceptance and understanding of the Act must be displayed throughout middle, regional and local management as well.
“Ensuring consistency around the world is vital,” says Humphreys. “As is making sure that best practice is effectively shared.”
5. HIRE A ‘BRIBERY CZAR’
It is useful to have one person working independently within the company to ensure Act compliance – who has a clear line of communication direct to the Board, if necessary.
6. INVESTIGATE AGENTS AND THRID PARTIES
Under the terms of the Act it’s not just about what goes on within the four walls of your company that matters, but what others do on your behalf.
“If you use agents or third parties, one key question to ask is: how much do you know about the people you do business with?” says Plasvic. “Most companies will work with less than 50, so it isn’t too onerous to spend some time looking at them again. Contractually, you should have the right to audit to see where your money goes. If they have a bad reputation, terminate them.”
It’s also worth remembering that reviewing contracts is in itself a way of demonstrating compliance.
6. FOLLOW THE MONEY
Companies will need to show that they have proper accounting in place to show how funds are used. “You need to make sure that you have documentary proof of how all funds are signed off and that everyone adheres to that procedure,” says Humphreys.
7. TRAINING FOR EVERYONE, EVEN THE BOARD
Make sure everyone understands exactly how the Act has changed working practices and procedures. Document this process.
“Training is vital for staff working in high-risk environments,” says Plasvic. “They need to experience the kind of face-to-face scenarios that they will see on the ground. But everyone in the company needs to be offered e-training, even those working at a lower risk.”
8. REPORTING
Many companies already have an external whistleblowing service for employees to report wrongdoing, but it’s also essential to create a positive culture within the company to ensure employees feel comfortable using internal reporting channels.
9. DISCIPLINE
“The Board will need to go out with a zero tolerance approach and a firm tone and message,” says Noye-Allen.
Any wrongdoing must be dealt with.
“When it comes to disciplinary procedure, actions speak louder than words,” says Plasvic. “It’s not good enough just showing that you have procedures in place, you need to be able to show that you are taking action.”
10. TELL EVERYONE WHAT YOU ARE DOING
Finally, publicize what you’re doing. Increasingly those looking at your company will want to see how you are dealing with the Act.
“It’s important to show compliance to stakeholders and investors through the annual report,” says Plasvic. “There’s no obligation to do this, but it does show good governance is in place.”