The bribery act 2010 – what do you do if your adequate procedures fail?

Richard Sallybanks and Shaul Brazil

BCL Burton Copeland

Much has already been written about the Bribery Act which came into force on 1 July 2011, in particular the new criminal offence for commercial organisations of “failing to prevent bribery”. This article does not explain the new law in detail but instead considers the types of procedures that companies can put in place to prevent bribery by “associated” persons and the factors companies should have in mind if they identify that bribery has occurred within their organisation.

A short summary of the law

The Act creates two general offences of bribing another person and being bribed and a discrete offence of bribery of a foreign public official. In addition, section 7 of the Act introduces for the first time an offence whereby a “relevant commercial organisation” (i.e., one incorporated / formed in the UK or one that is incorporated / formed elsewhere, but carries on business in the UK) is guilty of an offence if a person “associated” with it (such as an employee, agent or joint venture partner) offers, promises or gives a bribe with the intention to obtain or retain business or an advantage in the conduct of business for that organisation.

This last offence is commonly characterised as “failing to prevent bribery” and can only be committed by a company, not an individual. It is also an offence of strict liability meaning that if bribery is committed on behalf of a company by a person “associated” with it, such as an agent, it may give rise to criminal liability for the company (with the risk of an unlimited fine, debarment from public procurement contracts, and reputational damage) notwithstanding that the directors were unaware of the conduct. Thankfully, however, the company will have a complete defence if it can prove that it “had in place adequate procedures designed to prevent persons associated with [it] from undertaking such conduct” (i.e., offering, promising or giving a bribe).

There remains the larger ambiguity of what constitutes a bribe. Bribery may come in different forms including large corrupt payments made to obtain or retain business, lavish hospitality intended to influence a public official, and small unofficial “facilitation” payments to expedite the performance of a routine or necessary action such as the granting of a visa. All are illegal under the new law and although the government has sought to reassure business that the Act “is not intended to prohibit reasonable and proportionate hospitality and promotional or other similar business expenditure intended for these purposes” it has nevertheless emphasised “that hospitality and promotional or other similar business expenditure can be employed as bribes”. The Act therefore employs the concept of what an ordinary person would think, but, as with adequate procedures, the question of what amounts to a bribe will remain ambiguous until clarified by the Court.

“…the question of what amounts to a bribe will remain ambiguous until clarified by the Court.”

The Ministry of Justice guidance

UK business has raised grave concerns about the scope of the Act and how it could harm their competitiveness as against businesses beyond the Act’s reach. Unsurprisingly, the section 7 offence has provoked much controversy.

The Ministry of Justice has recently introduced long awaited guidance on the Act, which is intended to help companies understand the types of procedures that they can put in place to prevent bribery by “associated” persons. However, while the guidance suggests areas that should be covered by appropriate procedures, it acknowledges that the challenges faced by SMEs will differ from those of large multi-national enterprises. Rather than adopting a prescriptive, one-size-fits-all approach, it incorporates flexibility by being based on six core principles:

Proportionate procedures: maintaining bribery prevention policies that are proportionate to the nature, scale and complexity of the organisation’s activities, as well as to the risks that it faces.

Top level commitment: ensuring that senior management establishes a culture across the organisation in which bribery is unacceptable, which may include top-level communication of the organisation’s anti-bribery stance and being involved in the development of bribery prevention policies.

Risk assessment: conducting periodic, informed and documented assessments of the internal and external risks of bribery in the relevant business sector and market.

Due diligence: applying due diligence procedures that are proportionate to the risks faced by the organisation, since an organisation’s employees are “associated” persons, appropriate due diligence may become part of recruitment and HR procedures.

Communication and training: ensuring that bribery prevention policies are understood and embedded throughout the organisation through education and awareness.

Monitoring and review: putting in place auditing and financial controls that are sensitive to bribery, including consideration of obtaining external verification of the effectiveness of an organisation’s anti-bribery procedures.

The guidance includes a number of illustrative case studies, and businesses would be well advised to review these and the guidance closely. Ultimately, however, the question of whether an organisation has adequate procedures will turn on the particular facts of the case, ambiguities surrounding “adequate procedures” will gradually be resolved by the Court, as the authorities prosecute organisations that fall foul of the legislation.

“…there will always be the potential for bribery to take place in relation to a company’s business regardless of the procedures put in place to prevent it.”

Self-reporting and the risk of criminal prosecution

Of course, there will always be the potential for bribery to take place in relation to a company’s business regardless of the procedures put in place to prevent it. If bribery is identified, what does the company do? Should it report the matter to the authorities and, if so, how can it mitigate the risk that a prosecution will follow?

Joint guidance issued by the Director of the Serious Fraud Office (SFO) and the Director of Public Prosecutions (DPP) acknowledges that the Act “is not intended to penalise ethically run companies that encounter a risk of bribery” and that “a single instance of bribery does not necessarily mean that a company’s procedures are inadequate.” Consistent with this, the SFO and DPP have also made it clear that the public interest factors in favour / against a criminal prosecution of a company include whether there has been a history (or lack of history) of similar conduct.

Therefore, a company that has genuinely and appropriately tried to prevent bribery but has failed may avoid prosecution if it can show that the conduct was an isolated incident. However, it is clear that the more prevalent bribery is within the organisation, the greater the risk of prosecution. So, what does a company do if it identifies bribery within its organisation which has been ongoing or is part of an established business practice? Perhaps counter-intuitively, the company’s best interests may still lie in reporting the matter to the authorities.

Companies should note that if they do not self-report and bribery within their organisation is reported to the SFO by a third party (such as a disgruntled competitor), this will be viewed as a significant aggravating factor tending in favour of prosecution. Conversely, self-reporting (when allied with a genuinely proactive approach from senior management including a comprehensive internal investigation, remedial action and a commitment to effective corporate compliance going forward) can result in the possible resolution of the matter by civil, as opposed to criminal, proceedings. The availability of a civil remedy, namely proceedings to recover monies obtained in connection with the corrupt conduct, is a factor tending against prosecution but this will only be on offer if the company self-reports in the way described above.

In any event, the company may have little choice but to self-report as the Bribery Act provisions cannot be considered in isolation. There is a real risk that monies obtained by a company in connection with a corruptly obtained contract would be considered “criminal property” under the Proceeds of Crime Act 2002. The company (and its directors once informed of the suspicion that the contract was won through corruption) would be at risk of committing money laundering offences unless it disclosed that fact to the appropriate authority, the Serious Organised Crime Agency (SOCA), as soon as practicable. A disclosure to SOCA will give rise to the likelihood of the information being passed to the SFO, giving the company little choice but to report the underlying conduct to the SFO simultaneously.

“…a single instance of bribery does not necessarily mean that a company’s procedures are inadequate.”


It is clear that, subject to resources, the Act will be vigorously enforced, not least in the shadow of the bruising criticism of the authorities following the settlements in the BAE and other recent cases and the long standing criticism of the UK for not treating corruption with sufficient seriousness, particularly in the international context. Companies clearly therefore need to implement a compliance programme to minimise the risk of bribery being undertaken on their behalf. Adequate procedures are likely to include the involvement of senior management in establishing an anti-corruption culture, assessment of the company’s exposure to bribery risk, due diligence on business partners, and in-house training.

By way of practical example, companies which have engaged the services of intermediaries or introducers to assist in winning new business will need to ensure that any payments to these people can be fully justified and are accurately and transparently recorded in the company’s records. Depending on the relationship between the introducer and the ultimate client, it may well be that the acceptance of the payment by the introducer (if hidden from the client) would be regarded as “improper” such that the payment to the introducer could be regarded as a bribe.

Further, a sub-contractor, depending on the services it performs, may be regarded as a person “associated with” the main contractor such that the main contractor could have a potential criminal liability if the sub-contractor pays a bribe in connection with the main contractor’s business. The main contractor will therefore need to have procedures in place to satisfy itself, so far as possible, that the sub-contractor will not engage in such conduct.

With a programme in place, a company will be better positioned to deal with the fall-out if it discovers an instance of bribery and if it self-reports, it will substantially mitigate the risk of prosecution. However, companies cannot make a decision on whether to self-report bribery without regard to the Proceeds of Crime legislation and the possible need to make a disclosure to SOCA under that regime. Any company which decides against a disclosure to SOCA because it wants to keep the bribery under wraps runs the risk of exposing its directors and the company itself to criminal investigations for both bribery and money laundering.

About the author:

Richard Sallybanks specialises in complex business crime and regulatory defence work. Richard has been a partner at BCL Burton Copeland since 1999, having joined the practice from CMS Cameron McKenna in 1995. At CMS, Richard specialised in commercial litigation and worked in Hong Kong and Germany, as well as on secondment at financial regulator IMRO.

Richard Sallybanks can be contacted at +44 (0) 207 430 2277 and emailed at

BCL Burton Copeland ( is a market leader and a pre-eminent firm of solicitors in the UK providing specialist advice and representation nationally and internationally in the areas of commercial fraud, business crime, regulatory enforcement, serious and general crime, dispute resolution and regulatory compliance.

Does your company have an adequate anti-Bribery programme in place?