Adequate procedures

Adequate procedures under the Bribery Act 2010

There is a defence to the corporate offence where the corporate can show, on the balance of probabilities, that it had in place “adequate procedures” designed to prevent bribery from occurring on its behalf.  At present, there is no interpretative case-law that considers the availability or ambit of this potential defence.  This raises a number of questions for corporates wishing to understand what is required by the defence. 

What are “adequate procedures”?

The Government’s guidance is based around six principles for bribery prevention, which are neither prescriptive nor intended to be “one size-fits-all” (the “Six Principles”).  As the Guidance notes, “Small organisations will, for example, face different challenges to those faced by large multi-national enterprises”. 
The key emphasis is on “Proportionality”.  This principle encapsulates and summarises all of the others.  Ultimately, the underlying approach that any corporate should take in designing and implementing its anti-corruption procedures should be to demonstrate zero tolerance for bribery and its commitment to ethical business dealings.

As well as explaining how corporates can develop their policies and procedures around the Six Principles, the Government also sets out, by way of example and explicitly not as part of the Guidance, a collection of case studies to help to illustrate how the principles can be applied in practice.

The Six Principles are:

Proportionate Procedures  The procedures implemented by an organisation should be “proportionate to the bribery risks it faces and the nature, scale and complexity of the commercial organisation’s activities. They are also clear, practical, accessible, effectively implemented and enforced”. Ultimately, if something went wrong, it is more likely that it will be in a part of the corporate’s business that is higher risk and “any consideration by a court in an individual case of the adequacy of procedures is likely necessarily to focus on those procedures designed to prevent bribery on the part of the associated person committing the offence in question”.
Top-level commitment (or “buy-in”) The senior management of the corporate are committed to preventing bribery by those performing services on its behalf and foster a zero tolerance culture towards bribery. In other words, the actions and words of senior management, including the awareness of, involvement in and oversight of, anti-corruption issues and initiatives, will be a relevant factor in determining the adequacy of the corporate’s anti-bribery policies and procedures.
Risk assessment The organisation periodically and proportionately assesses the nature and extent of its internal and external risks to bribery and documents that assessment. This will normally require an appropriately resourced and empowered (by senior management) team to conduct reasonable enquiries after identifying the various parts of the business and key individuals who they need to consult in those business units (be it legal, audit, finance, sales, procurement etc). Further information regarding how to conduct a risk assessment is available here.
Due diligence The organisation conducts due diligence on those who perform services on its behalf (including employees), adopting a risk-based approach. As noted in the Quick Start Guide that accompanies the Guidance, “Knowing exactly who you are dealing with can help to protect your organisation from taking on people who might be less than trustworthy”. The Government considers this aspect of bribery risk mitigation to be so significant that it warrants separate consideration as a principle of adequate anti-bribery procedures.
Communication (including training) The organisation takes steps to ensure its procedures are “embedded and understood throughout the organisation”, through communication internally and externally, including through training so that those participating in it understand “what the relevant policies and procedures mean in practice for them”. An important aspect of communication involves establishing “a secure, confidential and accessible means for internal or external parties to raise concerns” and to request advice
Monitoring and review The organisation monitors and reviews its policies and procedures over time to improve them where necessary and to ensure they remain adequate to the changing risks faced by the business. Such review should be carried out with the blessing and oversight of senior management who are able to take decisions on the basis of adequate information being provided to them. This is particularly vital for regulated firms (for whom having anti-bribery controls is an obligation) – over the last few years the FSA has imposed increasingly large fines on firms for failings in anti-bribery controls in breach of the FSA’s rules, including failure to ensure that senior management received sufficient information about the performance of relevant policies to allow them to assess whether bribery and corruption risks were being mitigated effectively.