It has also sought to address some of the problem areas from the previous guidance. There is now a clear statement on hospitality: that the ‘government does not intend for the act to prohibit reasonable and proportionate hospitality and promotional or other similar business expenditure intended for these purposes’.
It goes on to state that for hospitality to amount to a possible bribe under section 6 of the act ‘there must be an intention for financial or other advantage to influence the official in his or her official role and thereby secure business or a business advantage’.
The new guidance, case studies and quick-start guidance make it clear that each business will need to assess its risks to prevent bribery and should apply procedures that reflect these risks. This proportionate approach to risk marks a useful change from the original guidance. It’s important for all businesses to consider the procedures that they require to combat bribery as there is a full defence if a business can demonstrate that it has adequate procedures in place to prevent bribery.
The guidance follows the following six principles:
- Proportionality. The actions the business undertakes should be proportionate to its risks and to its size. A larger organisation might need to do more to prevent bribery than a small business. Additionally, a business that trades overseas will need to assess whether it is trading in an area where bribery is commonplace.
- Top-level commitment. The top-level management of the business will be in the best position to show that the organisation is committed to operating without bribery, and will need to foster a culture where bribery is never acceptable. It should be made clear to all staff that the organisation’s policy is never to tolerate bribery.
- Risk assessment. The business should assess the nature and extent of its external and internal risks. It might be necessary to carry out some research into the markets the business will be operating in, particularly if it is a new business arrangement. Equally, it may need to research the people or organisations it will deal with.
- Due diligence. The business must know who it is conducting business with and assess the bribery risk. Taking on people who may not be trustworthy can hopefully be avoided, or the risk reduced, by carrying out some checks and asking some questions.
- Communication. The business should communicate its policies and procedures, and train its staff. It may be worth considering whether any additional training for staff will be necessary, or whether a general raising of awareness will suffice. Policies and procedures should also be communicated to other third parties that may carry out work for the organisation.
- Monitoring and review. Establish procedures that ensure regular reviews are undertaken to assess business risks to prevent bribery. Risks may change over time, especially if new geographical markets are introduced, so it is important to review the processes regularly to ensure that they remain relevant and effective.
Where to start?
The new guidance is clear that the actions a business takes should be proportionate to the risks it faces and its size. In the quick-start guide one of the key points states: ‘There is a full defence if you can show you had adequate procedures in place to prevent bribery. But you do not need to put bribery prevention procedures in place if there is no risk of bribery on your behalf.’
In the introduction to the very useful case studies that can be found in appendix A of the guidance, it’s made clear that the guidance is concerned with significant risks. It states: ‘All but one of these case studies focus on bribery risks associated with foreign markets. This is because bribery risks associated with foreign markets are generally higher than those associated with domestic markets.’
The case studies reiterate this point and set out simple to understand bullet points that businesses could use to help them produce procedures that reflect their risk and size. At the same time, a business should comply with one of the easiest requirements. This is to make a clear statement that the business culture is one where bribery is never acceptable.
This statement should also spell out the consequences of any breach – for example, that it will be treated as gross misconduct. This type of statement would be issued by the board, which would also confirm that it is responsible for the business’s anti-corruption policies, procedures and statements, including all education requirements and whistleblowing procedures.
Larger business may already have a number of relevant documented policies and procedures in place. They should ensure that these policies and procedures are recorded and linked to the principles set out in the guidance.
For example, to conform to the principles of risk assessment and due diligence, a business will need to ensure that the risk of bribery has been assessed. General risk procedures should already be in place, but these procedures should be reviewed to ensure that they incorporate the risk of bribery and corruption into existing risk assessments of country, sector and market risks, assessment of third-party, transaction and work risks, and the overall risks faced by the business.
The business should also ensure it has enhanced supplier, customer and intermediary risk assessment policies and, if required, that due diligence procedures are in place. These procedures and controls are likely to bring together financial and commercial controls, anti-corruption policies including updated terms and conditions, supply chain procedures and employment and agency procedures.
To comply with the principle of communication, the organisation’s anti-bribery and corruption code, gift and hospitality policy, and political and charitable support policy should all be communicated to staff. There should also be a statement and rolling assessment plan to highlight where education, awareness and training should be undertaken.
The communication of policies should come with a clear statement that if any breach occurs or is suspected it should be reported; the business should also ensure it has adequate whistleblowing policies. It is clear from the guidance that business partners should also be kept up to date with the business’s policies.
The principle of monitoring and review may be incorporated into internal audit reviews. It is expected that testing, detection and investigation procedures will be undertaken, and that following any review or investigation the policies and procedures will be assessed and, if required, improved.
However, it should also be clear that all parts of the business should comment on the policies and procedures, that these are under continual review and are updated as required. It is important that this work is retained.
Finally, hospitality and promotional expenditure, one of the points of concern in the original guidance, will still be a difficult area for business and will be part of the risk assessment work. But as stated earlier in this article, the ‘government does not intend for the act to prohibit reasonable and proportionate hospitality and promotional or other similar business expenditure intended for these purposes’.
For hospitality to amount to a possible bribe, ‘there must be an intention for financial or other advantage to influence the official in his or her official role and thereby secure business or a business advantage’. The simple message is that proportionate, bona fide hospitality or promotional activity can continue.
Glenn Collins is head of technical advisory, ACCA UK, and Lisa Gilmour is technical adviser, ACCA UK