The UK Government considers that procedures put in place by commercial organisations wishing to prevent bribery being committed on their behalf should be informed by six principles. These principles are not prescriptive. They are intended to be flexible and outcome focussed, allowing for the huge variety of circumstances that commercial organisations find themselves in.
Principle 1 | Proportionate procedures
A commercial organisations procedures to prevent bribery by persons associated with it are proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisations activities. They are also clear, practical, accessible, effectively implemented and enforced.
1. Policies articulate a commercial organisations anti-bribery stance, show how it will be maintained and help to create an anti-bribery culture. They are therefore a necessary measure in the prevention of bribery, but they will not achieve that objective unless they are properly implemented.
2. Adequate bribery prevention procedures ought to be proportionate to the bribery risks that the organisation faces. An initial assessment of risk across the organisation is therefore a necessary first step.
3. To a certain extent the level of risk will be linked to the size of the organisation and the nature and complexity of its business, but size will not be the only determining factor.
4. Some small organisations can face quite significant risks, and will need more extensive procedures than their counterparts facing limited risks.
5. The level of risk that organisations face will also vary with the type and nature of the persons associated with it.
6. The bribery risks associated with reliance on a third party agent representing a commercial organisation in negotiations with foreign public officials may be assessed as significant and accordingly require much more in the way of procedures to mitigate those risks.
7. Commercial organisations bribery prevention policies are likely to include certain common elements.
- its commitment to bribery prevention
- its general approach to mitigation of specific bribery risks, such as those arising from the conduct of intermediaries and agents, or those associated with hospitality and promotional expenditure, facilitation payments or political and charitable donations or contributions;
- an overview of its strategy to implement its bribery prevention policies
8. The procedures put in place to implement an organisations bribery prevention policies should be designed to mitigate identified risks as well as to prevent deliberate unethical conduct on the part of associated persons. The following is a list of the topics that bribery prevention procedures might embrace depending on the particular risks faced:
- The involvement of the organisations top-level management
- Risk assessment procedures
- Due diligence of existing or prospective associated persons
- The provision of gifts, hospitality and promotional expenditure; charitable and political donations; or demands for facilitation payments
- Direct and indirect employment, including recruitment, terms and conditions, disciplinary action and remuneration
- Governance of business relationships with all other associated persons including pre and post contractual agreements
- Financial and commercial controls such as adequate bookkeeping, auditing and approval of expenditure
- Transparency of transactions and disclosure of information
- Decision making, such as delegation of authority procedures, separation of functions and the avoidance of conflicts of interest
- Enforcement, detailing discipline processes and sanctions for breaches of the organisations anti-bribery rules
- The reporting of bribery including speak up or whistle blowing procedures
- The detail of the process by which the organisation plans to implement its bribery prevention procedures, for example, how its policy will be applied to individual projects and to different parts of the organisation
- The communication of the organisations policies and procedures, and training in their application
- The monitoring, review and evaluation of bribery prevention procedures
Principle 2 | Top-level commitment
The top-level management of a commercial organisation (be it a board of directors, the owners or any other equivalent body or person) are committed to preventing bribery by persons associated with it. They foster a culture within the organisation in which bribery is never acceptable.
9. Those at the top of an organisation are in the best position to foster a culture of integrity where bribery is unacceptable. The purpose of this principle is to encourage the involvement of top-level management in the determination of bribery prevention procedures.
10. Whatever the size, structure or market of a commercial organisation, top-level management commitment to bribery prevention is likely to include
- communication of the organisations anti-bribery stance, and
- an appropriate degree of involvement in developing bribery prevention procedures
Internal and external communication of the commitment to zero tolerance to bribery
11. This could take a variety of forms. A formal statement appropriately communicated can be very effective in establishing an anti-bribery culture within an organisation. Communication might be tailored to different audiences. The statement would probably need to be drawn to peoples attention on a periodic basis. Effective formal statements that demonstrate top level commitment are likely to include:
- a commitment to carry out business fairly, honestly and openly
- a commitment to zero tolerance towards bribery
- the consequences of breaching the policy for employees and managers
- for other associated persons the consequences of breaching contractual provisions relating to bribery prevention
- articulation of the business benefits of rejecting bribery
- reference to the range of bribery prevention procedures the commercial organisation has or is putting in place, including any protection and procedures for confidential reporting of bribery
- key individuals and departments involved in the development and implementation of the organisations bribery prevention procedures
- reference to the organisations involvement in any collective action against bribery in, for example, the same business sector.
Top-level involvement in bribery prevention
12. Effective leadership in bribery prevention will take a variety of forms appropriate for and proportionate to the organisations size, management structure and circumstances.
13. In smaller organisations a proportionate response may require top-level managers to be personally involved in initiating, developing and implementing bribery prevention procedures and bribery critical decision making.
14. In a large multi-national organisation the board should be responsible for setting bribery prevention policies, tasking management to design, operate and monitor bribery prevention procedures, and keeping these policies and procedures under regular review.
15. Whatever the appropriate model, top-level engagement is likely to reflect the following elements:
- Selection and training of senior managers to lead anti-bribery work where appropriate
- Leadership on key measures such as a code of conduct
- Endorsement of all bribery prevention related publications
- Leadership in awareness raising and encouraging transparent dialogue throughout the organisation so as to seek to ensure effective dissemination of anti-bribery policies and procedures to employees, subsidiaries, and associated persons, etc
- Engagement with relevant associated persons and external bodies, such as sectoral organisations and the media, to help articulate the organisations policies
- Specific involvement in high profile and critical decision making where appropriate
- Assurance of risk assessment
- General oversight of breaches of procedures and the provision of feedback to the board or equivalent, where appropriate, on levels of compliance.
Principle 3 | Risk Assessment
The commercial organisation assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented.
16. For many commercial organisations this principle will manifest itself as part of a more general risk assessment carried out in relation to business objectives. For others, its application may produce a more specific stand alone bribery risk assessment.
17. The purpose of this principle is to promote the adoption of risk assessment procedures that are proportionate to the organisations size and structure and to the nature, scale and location of its activities.
18. Some aspects of risk assessment involve procedures that fall within the generally accepted meaning of the term due diligence. The role of due diligence as a risk mitigation tool is separately dealt with under Principle 4.
19. Risk assessment procedures that enable the commercial organisation accurately to identify and prioritise the risks it faces will, whatever its size, activities, customers or markets, usually reflect a few basic characteristics. These are:
- Oversight of the risk assessment by top level management
- Appropriate resourcing this should reflect the scale of the organisations business and the need to identify and prioritise all relevant risks
- Identification of the internal and external information sources that will enable risk to be assessed and reviewed
- Due diligence enquiries (see Principle 4)
- Accurate and appropriate documentation of the risk assessment and its conclusions
20. As a commercial organisations business evolves, so will the bribery risks it faces and hence so should its risk assessment.
Commonly encountered risks
21. Commonly encountered external risks can be categorised into five broad groups country, sectoral, transaction, business opportunity and business partnership:
- Country risk: this is evidenced by perceived high levels of corruption, an absence of effectively implemented anti-bribery legislation and a failure of the foreign government, media, local business community and civil society effectively to promote transparent procurement and investment policies.
- Sectoral risk: some sectors are higher risk than others. Higher risk sectors include the extractive industries and the large scale infrastructure sector
- Transaction risk: certain types of transaction give rise to higher risks, for example, charitable or political contributions, licences and permits, and transactions relating to public procurement.
- Business opportunity risk: such risks might arise in high value projects or with projects involving many contractors or intermediaries; or with projects which are not apparently undertaken at market prices, or which do not have a clear legitimate objective.
- Business partnership risk: certain relationships may involve higher risk, for example, the use of intermediaries in transactions with foreign public officials; consortia or joint venture partners; and relationships with politically exposed persons where the proposed business relationship involves, or is linked to, a prominent public official.
22. An assessment of external bribery risks is intended to help decide how those risks can be mitigated by procedures governing the relevant operations or business relationships; but a bribery risk assessment should also examine the extent to which internal structures or procedures may themselves add to the level of risk. Commonly encountered internal factors may include:
- deficiencies in employee training, skills and knowledge
- bonus culture that rewards excessive risk taking
- lack of clarity in the organisations policies on, and procedures for, hospitality and promotional expenditure, and political or charitable contributions
- lack of clear financial controls
- lack of a clear anti-bribery message from the top-level management
Principle 4 | Due diligence
The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.
23. Due diligence is firmly established as an element of corporate good governance and it is envisaged that due diligence related to bribery prevention will often form part of a wider due diligence framework.
24. Due diligence procedures are both a form of bribery risk assessment and a means of mitigating a risk.
25. Due diligence of specific prospective third party intermediaries could significantly mitigate these risks. The significance of the role of due diligence in bribery risk mitigation justifies its inclusion here as a Principle in its own right.
26. The purpose of this Principle is to encourage commercial organisations to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with them from bribing on their behalf.
27. As this guidance emphasises throughout, due diligence procedures should be proportionate to the identified risk. They can also be undertaken internally or by external consultants.
28. The appropriate level of due diligence to prevent bribery will vary enormously depending on the risks arising from the particular relationship.
29. Organisations will need to take considerable care in entering into certain business relationships, due to the particular circumstances in which the relationships come into existence.
30. The importance of thorough due diligence and risk mitigation prior to any commitment are paramount in such circumstances. Another relationship that carries particularly important due diligence implications is a merger of commercial organisations or an acquisition of one by another.
31. In higher risk situations, due diligence may include conducting direct interrogative enquiries, indirect investigations, or general research on proposed associated persons. Appraisal and continued monitoring of recruited or engaged associated persons may also be required, proportionate to the identified risks.
32. Generally, more information is likely to be required from prospective and existing associated persons that are incorporated (e.g. companies) than from individuals. This is because on a basic level more individuals are likely to be involved in the performance of services by a company and the exact nature of the roles of such individuals or other connected bodies may not be immediately obvious. Accordingly, due diligence may involve direct requests for details on the background, expertise and business experience, of relevant individuals. This information can then be verified through research and the following up of references, etc.
33. A commercial organisations employees are presumed to be persons associated with the organisation for the purposes of the Bribery Act. The organisation may wish, therefore, to incorporate in its recruitment and human resources procedures an appropriate level of due diligence to mitigate the risks of bribery being undertaken by employees which is proportionate to the risk associated with the post in question. Due diligence is unlikely to be needed in relation to lower risk posts.
Principle 5 | Communication (including training)
The commercial organisation seeks to ensure that its bribery prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication, including training, that is proportionate to the risks it faces.
34. Communication and training deters bribery by associated persons by enhancing awareness and understanding of a commercial organisations procedures and to the organisations commitment to their proper application. Making information available assists in more effective monitoring, evaluation and review of bribery prevention procedures. Training provides the knowledge and skills needed to employ the organisations procedures and deal with any bribery related problems or issues that may arise.
35. The content, language and tone of communications for internal consumption may vary from that for external use in response to the different relationship the audience has with the commercial organisation. The nature of communication will vary enormously between commercial organisations in accordance with the different bribery risks faced, the size of the organisation and the scale and nature of its activities.
36. Internal communications should convey the tone from the top but are also likely to focus on the implementation of the organisations policies and procedures and the implications for employees.
37. Such communication includes policies on particular areas such as decision making, financial control, hospitality and promotional expenditure, facilitation payments, training, charitable and political donations and penalties for breach of rules and the articulation of management roles at different levels.
38. Another important aspect of internal communications is the establishment of a secure, confidential and accessible means for internal or external parties to raise concerns about bribery on the part of associated persons, to provide suggestions for improvement of bribery prevention procedures and controls and for requesting advice.
39. External communication of bribery prevention policies through a statement or codes of conduct, for example, can reassure existing and prospective associated persons and can act as a deterrent to those intending to bribe on a commercial organisations behalf.
40. A commercial organisation may consider it proportionate and appropriate to communicate its anti-bribery policies and commitment to them to a wider audience, such as other organisations in its sector and to sectoral organisations that would fall outside the scope of the range of its associated persons, or to the general public.
41. Like all procedures training should be proportionate to risk but some training is likely to be effective in firmly establishing an anti-bribery culture whatever the level of risk. Training may take the form of education and awareness raising about the threats posed by bribery in general and in the sector or areas in which the organisation operates in particular, and the various ways it is being addressed.
42. General training could be mandatory for new employees or for agents (on a weighted risk basis) as part of an induction process, but it should also be tailored to the specific risks associated with specific posts.
43. It may be appropriate to require associated persons to undergo training. This will be particularly relevant for high risk associated persons. In any event, organisations may wish to encourage associated persons to adopt bribery prevention training.
Principle 6 | Monitoring and review
The commercial organisation monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.
44. The bribery risks that a commercial organisation faces may change over time, as may the nature and scale of its activities, so the procedures required to mitigate those risks are also likely to change. Commercial organisations will therefore wish to consider how to monitor and evaluate the effectiveness of their bribery prevention procedures and adapt them where necessary.
45. In addition to regular monitoring, an organisation might want to review its processes in response to other stimuli, for example governmental changes in countries in which they operate, an incident of bribery or negative press reports.
46. There is a wide range of internal and external review mechanisms which commercial organisations could consider using. Systems set up to deter, detect and investigate bribery, and monitor the ethical quality of transactions, such as internal financial control mechanisms, will help provide insight into the effectiveness of procedures designed to prevent bribery.
47. Staff surveys, questionnaires and feedback from training can also provide an important source of information on effectiveness and a means by which employees and other associated persons can inform continuing improvement of anti-bribery policies.
48. Organisations could also consider formal periodic reviews and reports for top-level management. Organisations could also draw on information on other organisations practices, for example relevant trade bodies or regulators might highlight examples of good or bad practice in their publications.
49. In addition, organisations might wish to consider seeking some form of external verification or assurance of the effectiveness of anti-bribery procedures.
50. Some organisations may be able to apply for certified compliance with one of the independently-verified anti-bribery standards maintained by industrial sector associations or multilateral bodies.
We deliver concise due diligence on businesses, vendors, agents, individuals, customers and other counter-parties to satisfy compliance and AML demands, so that our clients can operate with confidence. TenIntelligence assists clients undertake detailed risk assessments and implement tailored programmes in order to overcome their compliance challenges and to deter financial crime.
Our investigative due diligence will also examine whether corruption schemes exist within your business and supply chains, implement robust anti-bribery provisions, as well as guiding you through any subsequent investigations and anti-corruption policies.
For further information on our due diligence, intelligence and investigation services please contact us on (UK) +44 20 3102 7720 or (UAE) on +971 (0) 4333 4669. Alternatively please email us on firstname.lastname@example.org.