The new UK Bribery Act is a big deal. It’s a complex and far-reaching piece of law and if something goes wrong, the buck stops at board level. Read on for the top 10 ways to protect your organisation
“It needs to be on the strategic risk register. It needs to be on the board’s radar. It will affect every sector, as well as the way some companies do business. The whole corporate hospitality sector will need to be rethought.”
Consultancy Moore Stephens partner in governance, risk and assurance Robert Noye-Allen is clearly in no doubt about the Bribery Act’s potential impact. He continues: “The accountability structure is complex and board members could fi nd themselves prosecuted for something that went on without their direct knowledge.”
In addition, the act is enigmatic and its precise scope is difficult to grasp, which means ensuring compliance will require real vigilance.
“There’s a hell of a lot that’s still unclear. I think it’s a case that as and when court cases appear, we will learn more,” Noye-Allen says.
Although no company can completely protect itself against an employee going rogue and paying a bribe, the main defence against the act seems to be showing that you have done all you can to comply.
KPMG head of UK forensic practice Alex Plavsic says: “You need to ask yourself: do we have adequate controls on personnel? Do we have a positive culture on the ground? If you get those things right, that will go a long way towards dealing with the requirements of the act.
“You need to show you have the right controls within your business’s culture. It’s no defence to say that something was the action of an individual. Instead, you need to be able to say: ‘Okay, employee X did this, but we have put in place everything we can reasonably be expected to do as a company to eliminate this kind of behaviour’.”
“It’s not enough to not take part in bribery. You have to show that you’re not taking part,” agrees Rolls-Royce programme director for ABC Compliance Helen Humphreys. So what should you do?
1 Risk assessment
First, establish where the high-risk areas are in your business. Plavsic says: “It’s important to do a proper risk assessment, as a lot of companies won’t be particularly aff ected, such as those that don’t work in high-risk environments, don’t deal with big contracts and don’t use third parties or agents to make deals.”
Those companies that do should establish when, where and why problems have arisen in the past.
2 Create policies that comply with the act
Make sure all relevant internal policies and procedures have compliance with the Act written through them like a stick of rock. In particular, the legislation outlaws small ‘facilitation payments’.
You should also make sure you have clear guidelines on gifts and corporate hospitality.
“It comes down to transparency,” Noye-Allen says. “If you are off ering corporate hospitality, you will need to be able to show proper process and ensure your intention is clearly set out.
“People say to me: ‘We’re not doing anything improper; we’re just doing what everybody does. It’s normal to off er hospitality in our sector’. But they need to rethink. The eff ects of the act will be psychological – they will change the way people work.”
3 Lead from the top …
The board must be on board. “Leadership is vital,” insists Plavsic. “If those at the top appear to be equivocal about the Bribery Act, then the people on the ground may be confused about any changes they need to make.”
… and the middle
It’s not just those at the top who need to understand the importance of compliance. Acceptance and understanding of the Act must be displayed throughout middle, regional and local management as well.
“Ensuring consistency around the world is vital,” says Rolls-Royce’s Humphreys, “as is making sure that best practice is effectively shared.”
4 Hire a ‘bribery czar’
It is useful to have one person working independently within the company to ensure compliance with the act – someone who has a clear line of communication with the board, if necessary.
5 Investigate agents and third parties
Under the terms of the act, it’s not just about what goes on within the four walls of your company that matters, but what others do on your behalf.
Plavsic says: “If you use agents or third parties, a key question to ask is: how much do you know about the people you do business with? Most companies will work with less than 50 others, so it isn’t too onerous to spend some time looking at them again. Contractually, you should have the right to audit to see where your money goes. If they have a bad reputation, terminate the contract.” It’s also worth remembering that reviewing contracts is in itself a way of demonstrating compliance.
6 Follow the money
Companies will need to demonstrate that they have proper accounting in place to show how funds are used. “You need to make sure you have documentary proof of how all funds are signed off and that everyone adheres to that procedure,” Humphreys says.
7 Training for everyone, even the board
Make sure everyone understands exactly how the Act has changed working practices and procedures. Document this process. “Training is vital for staff working in high-risk environments,”
Plavsic says. “They need to experience the kind of face-to-face scenarios they will see on the ground. But everyone in the company needs to be off ered e-training, even those working at a lower risk.”
8 Reporting wrongdoing
Many companies already have an external whistleblowing service for employees to report wrongdoing. But it’s also essential to create a positive culture within the company to ensure employees feel comfortable using internal reporting channels.
“The board will need to go out with a zero-tolerance approach and a fi rm tone and message,” Noye-Allen says.
And any wrongdoing must be dealt with. “When it comes to disciplinary procedure, actions speak louder than words,” Plavsic says. “It’s not good enough just showing that you have procedures in place, you need to be able to show that you are taking action.”
10 Tell everyone what you are doing
Finally, publicise what you’re doing. Increasingly, those looking at your company will want to see how you are dealing with the Act. “It’s important to show compliance to stakeholders and investors through the annual report,” Plavsic says. “There’s no obligation to do this, but it shows good governance is in place.”