Memorandum submitted by PricewaterhouseCoopers
LLP (BB 32)
We appreciate that this written submission is
made late in the Joint Committee's scrutiny period. We are not
requesting to provide oral evidence. However, if the Joint Committee
requires clarification or expansion of any of the points made
in our submission, we will be happy to provide this.
OUR INTEREST
IN THE
DRAFT BRIBERY
BILL
PricewaterhouseCoopers LLP has an interest in
the draft Bribery Bill from various perspectives, including:
As a UK firm we, and our staff and partners
around the world, will be subject to the provisions of the Bill
when it becomes law;
As a member of the UK business community,
we have an interest in the impact of the Bill on the business
community generally;
As Forensic Accountants, we regularly
get involved in internal and external investigations into alleged
improper activity; and
As Advisors, we assist our clients in
the development and implementation of anti-corruption compliance
frameworksboth as proactive initiative, and remediation
following a failure.
We are submitting this evidence mainly, but
not exclusively, in the context of the work we undertake in the
latter two categoriesin other words, in our professional
capacity working with clients in this area.
In this context, our comments will focus mainly
on the corporate implications of the Bill, rather than the individual
offences.
EXISTING AND
EVOLVING STANDARDS
In the course of our work as investigators and
advisors, we frequently have cause to reflect on the various anti-corruption
standards globally, in order to provide best service to our clients.
Of these standards, the US Foreign Corrupt Practices Act (FCPA)
is probably the most prevalent in client's minds, due to the robust
enforcement regime. Related to the FCPA, and important for us
and our clients in seeking to build effective compliance regimes,
the US Federal Sentencing Guidelines requirements for an "Effective
Compliance and Ethics Program" give clear guidance on specific
measures organisations can adopt. Similarly, the OECD Convention
on Combating Bribery of Foreign Public Officials and related OECD
Guidelines for Multinational Enterprises and OECD Business Approaches
to Combating Corrupt Practices, provide additional valuable content.
There are numerous other respected guidelines and approaches prepared
by learned bodies.
As full-time practitioners in this area, we
are also acutely aware that both expectations and standards have
been evolving, and continue to evolve. In this context and directly
relevant to the UK, the work and report of the Woolf Committee
has proposed challenging new standards for organisations to aspire
to.
VALUES-BASED
AND RULES-BASED
REGIMES
Whilst this rich body of advice is fundamental,
our daily experience leads us to a further observation: to build
and sustain an effective anti-corruption regime, organisations
need a framework based on both values and rules.
Our experience and academic research (Dr Donald
Cressey) indicates three conditions commonly found together where
financial crime occurs: opportunity, incentive or pressure, and
attitude or rationalisation. Conversely, the most effective regime
to minimise financial crime, including corruption, addresses all
three conditions. Whilst many organisations focus heavily on reducing
the opportunity, largely through rules-based actions (Codes of
Conduct or Ethics, Policies, Guidelines, Standard Operating Procedures,
Internal Controls), if both incentive or pressure (eg excessive
pressure on delivering financial results) and attitude or rationalisation
(eg our competitors do it, it is in the interests of the company,
previous breaches or near-misses have been ignored) exist, ingenious
personnel will find ways around the rules.
Positive incentives and pressures can derive
from both rules (eg specific compliance-related performance incentives,
giving full performance credit for business lost due to ethical
behaviour) and values (eg a sense of belonging to an ethically-minded
business). Attitude and rationalisation tend to be much more dependent
on values (personal and organisational).
It is therefore our view that to address all
three conditions leading to corrupt behaviour, organisations need
to adopt compliance frameworks addressing both values and rules.
Rules will define some clear operating boundaries; where in complex
situations these boundaries are unavoidably unclear, values will
ensure personnel make the right judgements.
In our opinion the combination of rules (prescriptive)
and values (judgemental) should be reflected in guidance provided
to organisations by the legal and regulatory framework.
SPECIFIC COMMENTS
ON THE
DRAFT BRIBERY
BILL
We fully support the intent of the Bill and
implementation into UK law of the OECD Convention on Combating
Bribery of Foreign Public Officials in a clear and unequivocal
way.
We are not lawyers and do not seek to comment
on the legal drafting of the Bill; however, as practitioners we
have a number of observations relating to the practical adoption
and potential effectiveness of the Bill in seeking to reduce corruption.
In particular, a number of important terms are not clearly defined
within the Billthe interpretation of these by regulators,
enforcement agencies and, ultimately, the courts could have a
significant impact on the effectiveness of the Bill and implications
for companies and individuals. Consequently we would advocate
clearer definition of these terms. Key areas set out below.
"SENIOR OFFICER"
The inclusion of "manager" or "similar
officer" within the definition of a "senior officer"
may include a very wide range of company staff within this role,
with significant implications for those individuals (in terms
of being held responsible for consenting to or conniving in a
corporate offence) and for organisations (in terms of negligent
failure by these senior officers to prevent bribery disallowing
the adequate procedures defence).
We recommend that separate definitions should
be used for:
1. Those officers who may be held liable for
consenting to or conniving in a corporate offence (where a wide
definition including "managers" is appropriate);
2. Those officers whose negligence will disallow
an adequate procedures defence.
In respect of 2 above, the current drafting
may encourage companies to define anti-bribery compliance responsibilities
at a junior level, in order to try to avoid losing the adequate
procedures defence. This would be counter productive, and general
good practice (eg US Federal Sentencing Guidelines) would advocate
the appointment of a senior official as "Chief Compliance
Officer" (or equivalent) with overall responsibility for
the programme.
In our experience as professional advisors,
we have noted that in large corporate groups rogue individuals
may operate even at subsidiary general manager level without consent
from or even knowledge of corporate management; recognising this,
in these circumstances the adequate procedures defence should
not be denied to the group (although the failure to root out these
senior level rogue personnel should be taken into account when
assessing the adequacy of the procedures).
We would therefore suggest a narrower definition
when considering corporate liability (case 2 above):
Negligent failure by directors or similar,
those acting as directors, and the officials designated as holding
Chief Compliance Officer and Chief Audit Officer responsibilities
(whatever their seniority) should deny the organisation the adequate
procedures defence;
Negligent failure by management (including
directors and other roles as above) in a subsidiary but not by
holding company management should negate the adequate procedures
defence for the subsidiary but not automatically for the holding
company (although weakening the holding company's claim to have
adequate procedures in place);
Negligent failure by holding company
management should negate the defence for all subsidiaries of that
holding company.
"CONSENT OR
CONNIVE"
Consent implies active knowledge and agreement,
and is therefore clear; however, the interpretation of "connive"
is less clearfor example, would wilful ignorance be included?
We believe more guidance is required on the nature of connivance
in the context of the Bill.
"RESPONSIBLE
FOR PREVENTING"
In our view the issue with responsibility for
preventing as used in the Bill relates to how clearly defined
or assigned the responsibility has to be by the organisation to
apply. We illustrate the potential for responsibility to be taken
widely or narrowly through examples we have seen in practice:
A Code of Conduct or Anti-Bribery Policy
may invoke a general responsibility on all employees not only
to ensure that they do not breach anti-bribery provisions personally,
but to be vigilant for evidence of wrongdoing around them and
report, if they have suspicions, to a whistle blowing facility.
Line management may be assigned anti-bribery
objectives, which may be specific (particular tasks and actions)
or general (oversight of their area of responsibility).
A Compliance Officer may well have a
specific anti-bribery role covering the relevant area of the business.
Where responsibility is assigned in a specific
and explicit way, there is little room for doubt. However, where
anti-bribery compliance responsibilities are more implicit (as
in the example above where they are stated in broad terms for
all personnel in a Code of Conduct or Anti-Bribery Policy), then
the population of responsible persons may be difficult to determine.
We recommend more clarity here, perhaps distinguishing between
explicitly assigned responsibilities (carrying a more onerous
duty of care) and implicitly defined responsibilities (carrying
a less onerous duty of care).
"NEGLIGENT FAILURE"
The degree of default by the responsible persons
that would be regarded as "negligent failure" is clearly
judgemental on a case by case basis. We have already recommended
that consideration should be given as to how the level of default
that would constitute negligence might vary depending on the clarity
with which the person is assigned responsibility and how specifically
that responsibility is defined, as discussed above. Whereas a
Chief Compliance Officer or local Compliance Officer would be
expected to exercise significant care, personnel assigned a general
responsibility in high level Codes or Policies should have a lower
duty of care.
"ADEQUATE PROCEDURES"
The expectation of what would constitute adequate
procedures is probably the most significant area of uncertainty
for organisations, as it is exactly these procedures that organisations
need to ensure are fully in place by the time the Bill becomes
law. This area is therefore not only important but also urgent,
insofar as design and implementation of a complete compliance
framework can take many months of sustained effort.
We believe "adequate procedures" carries
a too narrow implication of the expectations of activities companies
should undertake. We prefer the US Federal Sentencing Guidelines
terminology "Effective Compliance and Ethics Program",
which indicates requirements beyond the procedural, for example
governance structures, organisational units, and resourcing.
What constitutes "adequate procedures"
in the context of a corporate defence to negligently failing to
prevent bribery is not defined in the current draft. We believe
that clear guidance based on current good practice should be provided,
preferably outside the Bill itself to facilitate update and greater
flexibility.
There are several sources that can be taken
as "standards" in setting this guidance:
US Federal Sentencing Guidelinesdefine
for US courts dealing with FCPA cases an "Effective Compliance
and Ethics Program"; this, together with common requirements
imposed by US Department of Justice appointed compliance monitors
provide a comprehensive set of requirements;
OECD Guidelines for Multinational Enterprises
(Section VICombating Bribery) and OECD Business Approaches
to Combating Corrupt Practices;
Industry-specific standards; and
Woolf Committee Report.
We consider below the main common elements of
this body of guidance, together with our experience of working
with International clients implementing FCPA and OECD compliance
structures, in suggesting core elements that might be included
in UK guidance on expectations of standards:
Governanceclear definitions of
roles and responsibilities for anti-bribery compliance at Board
or equivalent governing body and Non-Executive Director (NED)
committee level and within central functions (where these exist),
particularly Legal, Compliance and Internal Audit, and clearly
defined delegations of authority;
Board or equivalent governing body to
exercise reasonable oversight over the compliance and ethics programme,
to devote reasonable time to compliance and ethics responsibilities,
and to have adequate training and experience, collectively and
individually;
Appointment of a specific senior level
individual to have overall responsibility for the compliance and
ethics programme ("Chief Compliance Officer" role) (may
be part time in smaller enterprises), this individual to have
adequate time, training and experience to fulfil the role;
Allocation of adequate budget, resource
and authority to those responsible for the compliance and ethics
programme, including direct access to the governing authority
and responsible NED committees;
Explicit Code of Conduct or Code or Ethics
with clear anti-bribery commitments, supported by policies, procedures
and internal controls appropriate to the size and risk profile
of the organisation;
Risk-based programmeregular and
formalised bribery risk assessment process with results approved
at governing body level, and more effort and resources directed
to areas of highest risk;
Communication of compliance programme
requirements (including Code of Conduct or Code of Ethics, policies,
procedures and internal controls) by the governing body to all
personnel, and where appropriate, third parties (suppliers, contractors,
sales intermediaries, outsourcing partners, joint venture partners
and other co-investors, non-controlled associates);
Adequate training in anti-bribery compliance
provided to all personnel, and where appropriate, third parties,
on a regular basis, suitable for their job function and risk exposure,
such training to include:
Policies, procedures and internal controls;
Recognition of compliance risk in daily
duties;
Consultation and decision support facilities;
Whistleblowing facilities.
Compliance programme in relation to third
parties (as defined above), the programme to include pre-relationship
due diligence, formal contracting, anti-bribery contract terms
in contracts, and appropriate performance monitoring and auditing;
Personnel measures to reinforce compliance,
including performance incentives and performance management, screening
of applicants (internal and external) for sensitive positions,
and a formal sanction/disciplinary process applied consistently
and transparently;
Provision of consultation or other decision
support facilities to enable personnel to consult and receive
advice prior to making sensitive decisions, and communication
of the availability of these facilities;
Provision of whistleblowing facilities
to enable personnel to report confidentially (and where desired
anonymously) suspected breaches, and communication of these facilities.
Formal procedures for follow-up of whistleblower reports;
Regular (eg annual) self-certification
by personnel, especially those in sensitive positions, of personal
adherence to the compliance standards and all applicable laws,
including a self-disclosure requirement, and a reminder that known
or suspected breaches by others can be reported through the whistleblowing
facility;
Update and enhance the programme periodically,
including assessing and responding to causes of breaches;
Board or equivalent governing body and
relevant NED committee to obtain assurance (through Internal Audit
or equivalent or through competent external provider) on the effectiveness
of the compliance programme;
Larger organisations, and those engaged
in higher risk business activities and in higher risk locations,
should devote more resources to the compliance programme than
smaller organisations, including extending support to business
partners.
These provisions should not be taken as individually
mandatory (although some will be, for example provision of whistleblowing
facilities), but taken as a whole to represent expected good practice.
In seeking to assert that "adequate procedures" were
in place, an organisation would need to justify any departure
from these standards. Hence, the guidance would follow the model
advocated by us above, combining values and rules.
Similarly, where industry standards exist relevant
to anti-bribery compliance, failure to implement and follow these
standards would be strong evidence that "adequate procedures"
were not in place.
ACCOUNTING PROVISIONS
The Bribery Bill does not contain any accounting
and bookkeeping requirements that would correspond to the Books
and Records provisions of the FCPA.
In our experience these provisions have been
a valuable tool in the hands of US enforcement agencies. The clandestine
nature of financial crime and bribery specifically means that
even after extensive investigation it can be impossible to identify
the recipient of a payment made through a third party intermediary
(as is common in such situations) with certainty. In that case
legal proof of a bribe may not be forthcoming; however, asserting
a violation of the requirement to maintain accurate books and
records will usually be easier and therefore provide a route for
regulators and enforcement agencies to act.
Similarly, the OECD Convention emphasises the
importance of accounting, recordkeeping and disclosure requirements
and related sanctions.
PROACTIVE ADVICE
TO ORGANISATIONS
The US regime provides for organisations to
obtain an opinion from the US Attorney General regarding prospective
conduct in relation to the FCPA. In our view this facility is
in keeping with the approach of combining both values-based and
rules-based regulation, and it ensures that the legislative framework
can provide guidance (such as the Federal Sentencing Guidelines
"Effective Compliance and Ethics Program") which can
be interpreted more precisely on a case-by-case basis in advance.
We believe a similar mechanism would be a valuable
resource for both the corporate world and regulators, enhancing
compliance whilst potentially reducing the costs for all parties
of testing approaches retrospectively in court.
June 2009
|