As we await the release of the Ministry of Justice’s final guidance on the Bribery Act many organisations remain completely unclear about the extent of their potential liability under Section 7 and many are still considering what procedures will be “adequate” to prevent bribery by associated persons and therefore provide a defence to future prosecution.
The recent prosecution of IBM highlights a number of important lessons, one of which is that anti-corruption policies and procedures are meaningless if they are not implemented. According to the SEC Complaint, IBM had corporate policies prohibiting bribery and procedures relating to compliance with the FCPA. However, IBM lacked sufficient internal controls to ensure employees of IBM subsidiaries and joint venture partners refrained and/or were prevented from using intermediaries to pay bribes or make other improper payments to government officials. Over a long period of time the absence of appropriate checks and balances had allowed a culture of corruption to develop in respect of the company’s operations in South Korea and China.
It is not an uncommon tale. Siemens likewise had anti-corruption policies and procedures, which were ultimately found to be an ineffective “paper program”.
So, when considering the question “what are adequate procedures?” you should consider whether your organisation’s policies and procedures have been properly implemented. As a starting point, you might like to ponder the following:
- Is your Board charged with overall responsibility for your anti-corruption compliance programme and is it kept updated on the implementation and development of the programme?
- Have you communicated your policies and procedures to personnel and other associated persons and in a way that ensures comprehension e.g. have you had your policies and procedures translated?
- Have you communicated your policies and procedures to the world at large by making them available on your external website or by referring to them in promotional or other public materials?
- Have you offered practical training on your policies and procedures to personnel and other associated persons such as your subsidiaries, joint venture partners and agents?
- Do your personnel and other associated persons know who to contact if they have questions about your policies and procedures or if they wish to report suspicious conduct?
- What internal control systems are in place to ensure your policies and procedures are being adhered to in practice?
- Are your internal controls audited and reviewed?
There is no getting around it, for your compliance programme to be adequate you have to turn your words into actions when it comes to policies and procedures; they have to be a living and breathing part of your organisation’s day to day business operations….and not just at home, but worldwide. Policies and procedures that are tucked away in the HR office filing cabinet and never assume a life beyond the paper they are written on have no value to your organisation.