The Bribery Act 10 Years On

  • Gabriella Belgrave, Manager |

4 min read

To mark both the 10 year anniversary of the introduction of the UK Bribery Act and International Anti-Corruption day, I sat down with Annabel Reoch, KPMG’s UK Head of Anti-Bribery and Corruption and Mark Thompson, KPMG’s Economic Crime Advisor and ex-SFO Chief Operating Officer to hear their views on the how the global landscape in respect of bribery and corruption has evolved through increasing regulation and enforcement action. Annabel and Mark also provided their top tips on what companies should consider as they adapt to the changing risk environment and enhance their compliance frameworks.

What has evolved the most since the Bribery Act came into force almost 10 years go and what is the current lay of the land?

Mark: The biggest changes over the past 10 years are how the approach to corporate prosecutions has developed, how companies are viewed favourably for co-operation and the introduction of DPAs to the UK. Since the SFO agreed the first DPA in 2015 we have seen a total of 9 DPAs, although not all were bribery related. Two were agreed last year, and in 2020 we have seen three more which shows the SFO is likely to continue to use them as a resolution in cases it considers appropriate. This should definitely be the focus of companies who may find themselves the subject of a corruption investigation. It is nothing new that co-operation of companies is a key factor considered by the SFO when deciding whether or not to enter into a DPA. However, it is clear that this is front of mind for the SFO as shown by the additional chapter in its Internal Operational Handbook on how the SFO approaches DPAs published in October this year and the wide range of corporate circumstance in which a DPA has been approved.

Annabel:  It is also worth noting that we are seeing parallels in the DPA requirements between the US and the UK; with the UK seeing for the first time this year the requirement for an Independent Reviewer to be appointed under the terms of the DPA. While this is not the same as a Monitorship, it does highlight the SFO’s evolving approach to this relatively new tool in their armoury.

We have also increasingly seen multi-country settlements including between US, UK, France and Brazil.  This has been made possible by the increasing global anti-corruption legislation, for example France’s Sapin II and the Brazil Clean Companies Act. 

With this in mind, what do you see as the future direction of global bribery and corruption enforcement?

Annabel: In terms of what regulators want to see, we can look to the updated guidance from the SFO and DOJ this year; the SFO’s chapter on Evaluating Compliance Programs which was published at the start of this year, and the updated DOJ’s Evaluation of Corporate Compliance Programs in June 2020. Both have a focus on the continuous improvement of a company’s compliance programme through regular review.

Key updates include reminding companies that they should be able to demonstrate why their compliance programme has been set up in a certain way including whether they are adequately resourced especially with appropriately skilled and senior individuals who are able to raise issues through the right governance structures, how lessons learnt have been embedded through effective and periodic data driven risk assessments, the ongoing management of third party risk and procedures for comprehensive pre and post- acquisition due diligence. We cannot ignore these updates as a signal of what the prosecutors will be reviewing in much closer detail.

Mark: What was really quite interesting was the recent announcement from the World Bank’s enforcement arm, the INT [Integrity Vice Presidency], which in October signalled that during investigations the INT will be taking a closer look at a company’s compliance programme to evaluate whether what a company has on paper is actually embedded. The fact that this coincides with the updated DOJ’s guidance, mentioned by Annabel, as well as the SFO’s guidance, really demonstrates that prosecutors, regulators and other anti-corruption bodies are taking an increasingly consistent approach on the importance of having a robust compliance programme in place.

Annabel: I definitely agree with this Mark, it  is just more evidence that companies face scrutiny from all angles with increased cooperation across borders meaning it is important to understand the different anti-corruption requirements of the countries in which you operate or have some form of footprint but also the development agencies with whom you may do business. 

Given this changing landscape, what are some of your top tips you would give to companies continuing their compliance journey?

Mark: With the trajectory of continued use of DPAs being clear as we enter 2021, the primary tip for a company finding itself in a case, which will be no surprise, is the importance of early stage and ongoing cooperation with the SFO during the investigation. A proactive approach with the SFO will be more effective in long run, as the guidance notes what not to do, which includes companies remaining silent on selected issues and protecting specific individuals.

Annabel: And of course, what is most important is avoiding being in this position in the first place. We still see companies struggle with some of the basics of good ethics and compliance, in particular I would call out the following areas where companies need to mature their current framework.

  • Culture and embedding the framework – many companies have a well-designed framework on paper but when you get out in the field and test it in practice it isn’t well adopted and there is a fundamental lack of understanding by the first line of business as to why such a framework is needed. This is sometimes compounded by a lack of strong tone from the top when senior executives are not walking the walk.
  • Data driven risk assessments – collating as much data from the business to evidence well-informed, objective, risk management decisions to develop a tailored, effective and proportionate compliance programme.
  • A robust third party risk management programme – Companies often place too much emphasis on upfront third party due diligence but very little or nothing in respect of ongoing monitoring, such as adverse media or change in beneficial ownership as well as exercising audit rights to check the operation of the third party.

These are just some of the examples we typically see where there is room for improvement. The focus on continuous enhancement of compliance frameworks looks set to continue. Where organisations have invested in an external independent assessment of their programmes this has really helped give them a different perspective, identify priority areas for enhancement and demonstrate their commitment to doing the right thing.