Second DPA applied for by the SFO & new guidance on anti-bribery management systems under ISO 37001

In my last post I talked about the Bribery Act 2010 and the lack of prosecutions since the legislation came into play. I however also alluded to how the Bribery Act 2010 had spring boarded into action wider acknowledgment as to companies looking to act with greater responsibility around governance and ethics.

When I have delivered training to in house counsel, finance and compliance teams around the Bribery Act, I always ask what is the general feel as to the risk of prosecution and the response is often from those attending is that it is unlikely. This is no doubt fuelled by the what has occurred so far in the first five years of the Bribery Act’s life.

This often leads to the question as to why then focus on prevention of bribery and wider financial crime. For a regulated client, often the answer is fear of a fine but for non-regulated companies, the main motivation does still remain as fear of prosecution, or association with such conduct and impact on reputation and shareholder value, in other words financial loss.

As a well time shot in the arm now comes the second deferred prosecution agreement (DPA) applied for by the SFO (the first being against Standard Bank). It was revealed this week that the company against which the second DPA has been applied against have remained anonymous due to “ongoing related litigation” but some useful details are now available in the redacted approved judgment of 8 July in relation to their beach of section 7 (failure to prevent bribery).

The actions that caused the breach of the Act related to “contracts to supply its products to customers in a number of foreign jurisdictions,” the SFO said. The SFO suspended the prosecution when the court approved the DPA. The defendant company will pay about £6.55 million for the settlement. The penalty is made up of £6.2 million in disgorgement of gross profits and a £352,000 fine.

The SFO said it investigated the case for two years. It examined 74 contracts and found that 28 were procured with bribes through a small group of employees and agents through commission schemes. The offenses occurred from 2004 to 2012. The defendant company’s U.S. parent implemented a global compliance program in late 2011. The SFO said, In August 2012, this compliance program resulted in concerns being raised within the defendant company about the way in which a number of contracts had been secured. The defendant company took immediate action, retaining a law firm that undertook an independent internal investigation. The law firm delivered a report to the SFO on 31 January 2013, after which the SFO conducted its own investigation.

Summarising the position, in the period 2004-2013, a total of £17.24 million was paid to the defendant company on the 28 implicated contracts on which bribes were offered. This sum represented 15.81% of their total turnover in the period (being £109 million). The total gross profit from the implicated contracts amounted to £6,553,085 out of a total gross profit of £31.4 million (i.e. 20.82%). The defendant company estimated a net profit of approximately £2.5 million in respect of the implicated contracts.

It would not be speaking out of turn to say this corrupt activity will be more common place than many suspect, but not in the form of money but in more subtle ways of providing favours, for example a job offer to a son or daughter of those bribed. How bribery in this company was uncovered was through the implementation of their global compliance programme. Having undertaken the process of enterprise wide risk assessments for organisations, it is no small task but the key is to know where the risk areas may be and why that may be the case. Additionally, a compliance programme needs to be fit for purpose, it need not set such a high standard that it creates an overly burdensome hurdle to clear when that would not be necessary to be compliant. Equally it should not be too basic so to form a tick box exercise.

We have had in place for some time now the ISO 10500 Anti Bribery Management Systems guidance which is a great base for in house counsel and compliance teams to assess the effectiveness of their anti-bribery systems. Hot on the heels of this standard is the evolution of ISO 37001– a new standard for anti-bribery management systems, which is tentatively stated to be published in late 2016.

This new standard is expected to be more detailed and internationally recognised than similar guidance published to date. A draft version of ISO 37001 focuses on a number of areas.

I will just focus on one of those being around conducting background checks of current and prospective third parties as well as other business associates. Due diligence must be weighted according to risk. ISO 37001 takes a strong stance in opposition to a “one-size-fits-all” approach to due diligence. Low-risk business associates, such as retail customers or suppliers, may not require in-depth screening. Medium-or high-risk associates, include people or companies that conduct business in high bribery risk jurisdiction, maintain decentralised operations and management, act as an intermediary or agent, or engage in transactions with public officials. The higher the assessed risk, the deeper the level of due diligence required.

Further guidance is given around red flags, watch lists (i.e. screening) and consideration of shareholders and managers with focus on beneficial ownership relating to the shareholders.

Ultimately, the new guidance does fall back to what is reasonable and proportionate.

If your organisation requires guidance around the review of their anti-bribery processes, please feel free to get in touch with me. I previously led a commercial fraud team for a national law firm and now operate as a consultant direct to in-house counsel, compliance and finance teams requiring ad hoc legal financial crime compliance advice.

Also be sure explore the following fraud prevention tools, which are completely free and offer a excellent starting point for any anti-fraud and corruption investigation.

Thanks for taking the time to read to this bottom line! Please share if you found this post useful.

Arun Chauhan advises on economic crime and litigation at Today Advisory. He is also the Director of Tenet Compliance & Litigation and a Trustee Director of the Fraud Advisory Panel.