Draft Bribery Bill - Joint Committee on the Draft Bribery Bill Contents


Memorandum submitted by PricewaterhouseCoopers LLP (BB 32)

  We appreciate that this written submission is made late in the Joint Committee's scrutiny period. We are not requesting to provide oral evidence. However, if the Joint Committee requires clarification or expansion of any of the points made in our submission, we will be happy to provide this.

OUR INTEREST IN THE DRAFT BRIBERY BILL

  PricewaterhouseCoopers LLP has an interest in the draft Bribery Bill from various perspectives, including:

    — As a UK firm we, and our staff and partners around the world, will be subject to the provisions of the Bill when it becomes law;

    — As a member of the UK business community, we have an interest in the impact of the Bill on the business community generally;

    — As Forensic Accountants, we regularly get involved in internal and external investigations into alleged improper activity; and

    — As Advisors, we assist our clients in the development and implementation of anti-corruption compliance frameworks—both as proactive initiative, and remediation following a failure.

  We are submitting this evidence mainly, but not exclusively, in the context of the work we undertake in the latter two categories—in other words, in our professional capacity working with clients in this area.

  In this context, our comments will focus mainly on the corporate implications of the Bill, rather than the individual offences.

EXISTING AND EVOLVING STANDARDS

  In the course of our work as investigators and advisors, we frequently have cause to reflect on the various anti-corruption standards globally, in order to provide best service to our clients. Of these standards, the US Foreign Corrupt Practices Act (FCPA) is probably the most prevalent in client's minds, due to the robust enforcement regime. Related to the FCPA, and important for us and our clients in seeking to build effective compliance regimes, the US Federal Sentencing Guidelines requirements for an "Effective Compliance and Ethics Program" give clear guidance on specific measures organisations can adopt. Similarly, the OECD Convention on Combating Bribery of Foreign Public Officials and related OECD Guidelines for Multinational Enterprises and OECD Business Approaches to Combating Corrupt Practices, provide additional valuable content. There are numerous other respected guidelines and approaches prepared by learned bodies.

  As full-time practitioners in this area, we are also acutely aware that both expectations and standards have been evolving, and continue to evolve. In this context and directly relevant to the UK, the work and report of the Woolf Committee has proposed challenging new standards for organisations to aspire to.

VALUES-BASED AND RULES-BASED REGIMES

  Whilst this rich body of advice is fundamental, our daily experience leads us to a further observation: to build and sustain an effective anti-corruption regime, organisations need a framework based on both values and rules.

  Our experience and academic research (Dr Donald Cressey) indicates three conditions commonly found together where financial crime occurs: opportunity, incentive or pressure, and attitude or rationalisation. Conversely, the most effective regime to minimise financial crime, including corruption, addresses all three conditions. Whilst many organisations focus heavily on reducing the opportunity, largely through rules-based actions (Codes of Conduct or Ethics, Policies, Guidelines, Standard Operating Procedures, Internal Controls), if both incentive or pressure (eg excessive pressure on delivering financial results) and attitude or rationalisation (eg our competitors do it, it is in the interests of the company, previous breaches or near-misses have been ignored) exist, ingenious personnel will find ways around the rules.

  Positive incentives and pressures can derive from both rules (eg specific compliance-related performance incentives, giving full performance credit for business lost due to ethical behaviour) and values (eg a sense of belonging to an ethically-minded business). Attitude and rationalisation tend to be much more dependent on values (personal and organisational).

  It is therefore our view that to address all three conditions leading to corrupt behaviour, organisations need to adopt compliance frameworks addressing both values and rules. Rules will define some clear operating boundaries; where in complex situations these boundaries are unavoidably unclear, values will ensure personnel make the right judgements.

  In our opinion the combination of rules (prescriptive) and values (judgemental) should be reflected in guidance provided to organisations by the legal and regulatory framework.

SPECIFIC COMMENTS ON THE DRAFT BRIBERY BILL

  We fully support the intent of the Bill and implementation into UK law of the OECD Convention on Combating Bribery of Foreign Public Officials in a clear and unequivocal way.

  We are not lawyers and do not seek to comment on the legal drafting of the Bill; however, as practitioners we have a number of observations relating to the practical adoption and potential effectiveness of the Bill in seeking to reduce corruption. In particular, a number of important terms are not clearly defined within the Bill—the interpretation of these by regulators, enforcement agencies and, ultimately, the courts could have a significant impact on the effectiveness of the Bill and implications for companies and individuals. Consequently we would advocate clearer definition of these terms. Key areas set out below.

"SENIOR OFFICER"

  The inclusion of "manager" or "similar officer" within the definition of a "senior officer" may include a very wide range of company staff within this role, with significant implications for those individuals (in terms of being held responsible for consenting to or conniving in a corporate offence) and for organisations (in terms of negligent failure by these senior officers to prevent bribery disallowing the adequate procedures defence).

  We recommend that separate definitions should be used for:

    1. Those officers who may be held liable for consenting to or conniving in a corporate offence (where a wide definition including "managers" is appropriate);

    2. Those officers whose negligence will disallow an adequate procedures defence.

  In respect of 2 above, the current drafting may encourage companies to define anti-bribery compliance responsibilities at a junior level, in order to try to avoid losing the adequate procedures defence. This would be counter productive, and general good practice (eg US Federal Sentencing Guidelines) would advocate the appointment of a senior official as "Chief Compliance Officer" (or equivalent) with overall responsibility for the programme.

  In our experience as professional advisors, we have noted that in large corporate groups rogue individuals may operate even at subsidiary general manager level without consent from or even knowledge of corporate management; recognising this, in these circumstances the adequate procedures defence should not be denied to the group (although the failure to root out these senior level rogue personnel should be taken into account when assessing the adequacy of the procedures).

  We would therefore suggest a narrower definition when considering corporate liability (case 2 above):

    — Negligent failure by directors or similar, those acting as directors, and the officials designated as holding Chief Compliance Officer and Chief Audit Officer responsibilities (whatever their seniority) should deny the organisation the adequate procedures defence;

    — Negligent failure by management (including directors and other roles as above) in a subsidiary but not by holding company management should negate the adequate procedures defence for the subsidiary but not automatically for the holding company (although weakening the holding company's claim to have adequate procedures in place);

    — Negligent failure by holding company management should negate the defence for all subsidiaries of that holding company.

"CONSENT OR CONNIVE"

  Consent implies active knowledge and agreement, and is therefore clear; however, the interpretation of "connive" is less clear—for example, would wilful ignorance be included? We believe more guidance is required on the nature of connivance in the context of the Bill.

"RESPONSIBLE FOR PREVENTING"

  In our view the issue with responsibility for preventing as used in the Bill relates to how clearly defined or assigned the responsibility has to be by the organisation to apply. We illustrate the potential for responsibility to be taken widely or narrowly through examples we have seen in practice:

    — A Code of Conduct or Anti-Bribery Policy may invoke a general responsibility on all employees not only to ensure that they do not breach anti-bribery provisions personally, but to be vigilant for evidence of wrongdoing around them and report, if they have suspicions, to a whistle blowing facility.

    — Line management may be assigned anti-bribery objectives, which may be specific (particular tasks and actions) or general (oversight of their area of responsibility).

    — A Compliance Officer may well have a specific anti-bribery role covering the relevant area of the business.

  Where responsibility is assigned in a specific and explicit way, there is little room for doubt. However, where anti-bribery compliance responsibilities are more implicit (as in the example above where they are stated in broad terms for all personnel in a Code of Conduct or Anti-Bribery Policy), then the population of responsible persons may be difficult to determine. We recommend more clarity here, perhaps distinguishing between explicitly assigned responsibilities (carrying a more onerous duty of care) and implicitly defined responsibilities (carrying a less onerous duty of care).

"NEGLIGENT FAILURE"

  The degree of default by the responsible persons that would be regarded as "negligent failure" is clearly judgemental on a case by case basis. We have already recommended that consideration should be given as to how the level of default that would constitute negligence might vary depending on the clarity with which the person is assigned responsibility and how specifically that responsibility is defined, as discussed above. Whereas a Chief Compliance Officer or local Compliance Officer would be expected to exercise significant care, personnel assigned a general responsibility in high level Codes or Policies should have a lower duty of care.

"ADEQUATE PROCEDURES"

  The expectation of what would constitute adequate procedures is probably the most significant area of uncertainty for organisations, as it is exactly these procedures that organisations need to ensure are fully in place by the time the Bill becomes law. This area is therefore not only important but also urgent, insofar as design and implementation of a complete compliance framework can take many months of sustained effort.

  We believe "adequate procedures" carries a too narrow implication of the expectations of activities companies should undertake. We prefer the US Federal Sentencing Guidelines terminology "Effective Compliance and Ethics Program", which indicates requirements beyond the procedural, for example governance structures, organisational units, and resourcing.

  What constitutes "adequate procedures" in the context of a corporate defence to negligently failing to prevent bribery is not defined in the current draft. We believe that clear guidance based on current good practice should be provided, preferably outside the Bill itself to facilitate update and greater flexibility.

  There are several sources that can be taken as "standards" in setting this guidance:

    — US Federal Sentencing Guidelines—define for US courts dealing with FCPA cases an "Effective Compliance and Ethics Program"; this, together with common requirements imposed by US Department of Justice appointed compliance monitors provide a comprehensive set of requirements;

    — OECD Guidelines for Multinational Enterprises (Section VI—Combating Bribery) and OECD Business Approaches to Combating Corrupt Practices;

    — Industry-specific standards; and

    — Woolf Committee Report.

  We consider below the main common elements of this body of guidance, together with our experience of working with International clients implementing FCPA and OECD compliance structures, in suggesting core elements that might be included in UK guidance on expectations of standards:

    — Governance—clear definitions of roles and responsibilities for anti-bribery compliance at Board or equivalent governing body and Non-Executive Director (NED) committee level and within central functions (where these exist), particularly Legal, Compliance and Internal Audit, and clearly defined delegations of authority;

    — Board or equivalent governing body to exercise reasonable oversight over the compliance and ethics programme, to devote reasonable time to compliance and ethics responsibilities, and to have adequate training and experience, collectively and individually;

    — Appointment of a specific senior level individual to have overall responsibility for the compliance and ethics programme ("Chief Compliance Officer" role) (may be part time in smaller enterprises), this individual to have adequate time, training and experience to fulfil the role;

    — Allocation of adequate budget, resource and authority to those responsible for the compliance and ethics programme, including direct access to the governing authority and responsible NED committees;

    — Explicit Code of Conduct or Code or Ethics with clear anti-bribery commitments, supported by policies, procedures and internal controls appropriate to the size and risk profile of the organisation;

    — Risk-based programme—regular and formalised bribery risk assessment process with results approved at governing body level, and more effort and resources directed to areas of highest risk;

    — Communication of compliance programme requirements (including Code of Conduct or Code of Ethics, policies, procedures and internal controls) by the governing body to all personnel, and where appropriate, third parties (suppliers, contractors, sales intermediaries, outsourcing partners, joint venture partners and other co-investors, non-controlled associates);

    — Adequate training in anti-bribery compliance provided to all personnel, and where appropriate, third parties, on a regular basis, suitable for their job function and risk exposure, such training to include:

    — Legal requirements;

    — Corporate values;

    — Policies, procedures and internal controls;

    — Recognition of compliance risk in daily duties;

    — Consultation and decision support facilities;

    — Whistleblowing facilities.

    — Compliance programme in relation to third parties (as defined above), the programme to include pre-relationship due diligence, formal contracting, anti-bribery contract terms in contracts, and appropriate performance monitoring and auditing;

    — Personnel measures to reinforce compliance, including performance incentives and performance management, screening of applicants (internal and external) for sensitive positions, and a formal sanction/disciplinary process applied consistently and transparently;

    — Provision of consultation or other decision support facilities to enable personnel to consult and receive advice prior to making sensitive decisions, and communication of the availability of these facilities;

    — Provision of whistleblowing facilities to enable personnel to report confidentially (and where desired anonymously) suspected breaches, and communication of these facilities. Formal procedures for follow-up of whistleblower reports;

    — Regular (eg annual) self-certification by personnel, especially those in sensitive positions, of personal adherence to the compliance standards and all applicable laws, including a self-disclosure requirement, and a reminder that known or suspected breaches by others can be reported through the whistleblowing facility;

    — Update and enhance the programme periodically, including assessing and responding to causes of breaches;

    — Board or equivalent governing body and relevant NED committee to obtain assurance (through Internal Audit or equivalent or through competent external provider) on the effectiveness of the compliance programme;

    — Larger organisations, and those engaged in higher risk business activities and in higher risk locations, should devote more resources to the compliance programme than smaller organisations, including extending support to business partners.

  These provisions should not be taken as individually mandatory (although some will be, for example provision of whistleblowing facilities), but taken as a whole to represent expected good practice. In seeking to assert that "adequate procedures" were in place, an organisation would need to justify any departure from these standards. Hence, the guidance would follow the model advocated by us above, combining values and rules.

  Similarly, where industry standards exist relevant to anti-bribery compliance, failure to implement and follow these standards would be strong evidence that "adequate procedures" were not in place.

ACCOUNTING PROVISIONS

  The Bribery Bill does not contain any accounting and bookkeeping requirements that would correspond to the Books and Records provisions of the FCPA.

  In our experience these provisions have been a valuable tool in the hands of US enforcement agencies. The clandestine nature of financial crime and bribery specifically means that even after extensive investigation it can be impossible to identify the recipient of a payment made through a third party intermediary (as is common in such situations) with certainty. In that case legal proof of a bribe may not be forthcoming; however, asserting a violation of the requirement to maintain accurate books and records will usually be easier and therefore provide a route for regulators and enforcement agencies to act.

  Similarly, the OECD Convention emphasises the importance of accounting, recordkeeping and disclosure requirements and related sanctions.

PROACTIVE ADVICE TO ORGANISATIONS

  The US regime provides for organisations to obtain an opinion from the US Attorney General regarding prospective conduct in relation to the FCPA. In our view this facility is in keeping with the approach of combining both values-based and rules-based regulation, and it ensures that the legislative framework can provide guidance (such as the Federal Sentencing Guidelines "Effective Compliance and Ethics Program") which can be interpreted more precisely on a case-by-case basis in advance.

  We believe a similar mechanism would be a valuable resource for both the corporate world and regulators, enhancing compliance whilst potentially reducing the costs for all parties of testing approaches retrospectively in court.

June 2009








 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2009
Prepared 28 July 2009