Defending bribery charges: what are ‘adequate procedures’?

A company will be guilty of a bribery offence if an associated person pays a bribe in order to obtain or retain business for the company, or to obtain or retain an advantage in the conduct of business. The only defence available to a company in this situation is that it had ‘adequate procedures’ in place which are designed to prevent people from engaging in bribery.

The adequate procedures defence has recently been tested in the courts for the first time. In R v Skansen Interiors Limited the jury were unconvinced that the company’s procedures were adequate to prevent bribery committed by a senior employee.

The bribes

Skansen Interiors, a refurbishment company, was invited by DTZ Debenham Tie Leung to tender for two lucrative refurbishment contracts. The managing director of Skansen made two payments totalling £10,000 to the project manager at DTZ to secure the £6 million contracts.

Skansen appointed a new CEO in 2014 and he was asked to authorise a third payment of £29,000 to DTZ after being told that this was a genuine payment for services rendered. The CEO had suspicions about the legitimacy of the payment and it was stopped. He then initiated an internal investigation, the result of which was the filing of a suspicious activity report with the National Crime Agency and the reporting of the bribes to the London police.

Despite taking these steps to inform the relevant authorities, Skansen was still charged with the corporate offence of failing to prevent bribery.

Skansen’s defence

Skansen argued that due to the size of the company it did not require complex internal controls to be implemented and the localised nature of its operations resulted in a lower risk of bribery. Staff did not need to be made explicitly aware of specific anti-bribery policies as it was common sense not to engage in bribery and other policies were already in place which focused on transparency and integrity when dealing with third parties. Skansen’s contracts also contained standard clauses prohibiting the payment of bribes and financial controls were in place which allowed invoices to be monitored and approved by senior individuals.

But the jury did not consider these measures to be adequate. The Crown Prosecution Service (CPS) claimed that Skansen had made little effort to foster a culture of compliance and that policies were not adequately communicated to employees.

No anti-bribery policy was in place at the time of the offences and there was a lack of staff training on the issue. The fact that the final payment had been stopped only served to demonstrate that before the arrival of the new CEO the procedures in place had not been adequate.

Adequate procedures?

The Ministry of Justice guidance highlights that the level of risk of bribery will be linked to the size of the organisation and the nature and complexity of its business. But size will not be the only determining factor.

It is important for all small and medium sized businesses to undertake a risk assessment to ensure bribery risks are identified and robust procedures put in place. The steps taken to ensure adequate procedures are in place must be documented, irrespective of the size of the organisation. General, ineffective policies which do not focus on the specific bribery risks faced by a company will not be sufficient to satisfy the adequate procedures defence.

Skansen’s new CEO took reactive action by implementing an anti-bribery policy and by stopping further payments but the company could not claim that this amounted to adequate procedures for the acts of bribery already committed. Robust procedures must be implemented ahead of time and regularly monitored and updated based on any changes to the business and its operations.

Self-reporting

The bribery offences committed at Skansen only came to the attention of the authorities because the new CEO reported what he had discovered, albeit to the police and not the Serious Fraud Office (SFO). Self-reporting is the most effective form of mitigation for a company and many hope to receive more lenient treatment by taking this approach. Many self-reported cases result in Deferred Prosecution Agreements (DPA), for example Rolls-Royce and Standard Chartered have both been subject to DPAs in recent years as a ‘reward’ for the companies’ openness during investigations.

However, the SFO has stated that self-reporting does not guarantee that a company will not be prosecuted. DPAs allow a company to avoid prosecution as a settlement figure is agreed, but in this case Skansen was a dormant company and so there would be no benefit of imposing a DPA. The CPS justified the decision to pursue charges against the dormant company by saying it would send a message to others in the industry about the importance of having adequate procedures in place.