Does Your FCPA Compliance Program Comply With The 2010 UK Bribery Act?

U.S. corporations with overseas operations are learning that compliance with the Foreign Corrupt Practices Act ("FCPA") may not be enough.In April 2011, the UK's Bribery Act 2010 (the "Bribery Act") will take effect, extending the UK's criminal laws to foreign companies outside the UK for the first time. Meant to mimic the FCPA, the Bribery Act is actually much broader in scope and stricter in some respects. Because it reaches companies that carry on any business in the UK, regardless of whether the corrupt acts took place there, the Bribery Act has generated considerable interest and concern in board rooms across the globe. Even FCPA-compliant companies may require revisions to their compliance programs in order to establish a comprehensive compliance program which addresses both acts.

Differences Between The U.S. FCPA and UK Bribery Act

There are several key differences between the Bribery Act and the FCPA that companies should be aware of when updating their compliance programs.

1. While both acts address bribery of foreign government officials, the Bribery Act imposes criminal liability for overseas private sector corruption, although the standard of scrutiny is lower.

2. The Bribery Act covers the act of accepting or requesting bribes as well as giving or offering bribes, while the FCPA only addresses the latter.

3. Unlike the FCPA, the Bribery Act has no carve-out for facilitation payments.Compliance programs that allow facilitation payments may need to be adjusted.

4. The Bribery Act lacks specific books and records provisions, although other UK laws address these concerns.

5. Most importantly for many companies, the Bribery Act includes a new corporate offense that lowers the threshold for convicting a company for bribes paid by its business partners.However, it does expressly provide that a robust compliance program may be a defense.

New Offense

The provision of the Bribery Act that is causing the most concern and that is the driving force necessitating a review of compliance programs for foreign corporations is the corporate criminal offense for failure by commercial organizations to prevent an associated person from bribing another person .This is a strict liability offense, for which companies are held vicariously liable for the bribes paid by their "associated persons."There is no requirement under this offense that the company connived in or turned a blind eye to the bribe.The only proof of intent required is limited to whether the "associated person" bribed another person with the intention of obtaining or retaining business for the organization or obtaining or retaining an advantage in the conduct of business for the organization.

The Bribery Act defines "associated persons" as "persons who perform services for or on behalf of" a company, including consultants and intermediaries; joint venture partners; members of consortia; and franchises.While UK courts generally respect the separate legal personality of individual companies within a group, the "associated person" provisions of the Bribery Act expose companies to risk by their overseas subsidiaries if the subsidiary provides services to the company.Therefore, it may be preferable to apply the compliance program across a group.Further, the Draft Guidance (hereinafter defined) suggests that the compliance program should be extended to subsidiaries under a company's control even if they have no connection with the UK.The potential vicarious liability of the company for "associated persons" dictates a risk-based approach to dealings with joint venture partners and other service performers.Where these third parties may put the company at risk because they are "associated persons" whose function is to assist the company in developing or conducting its business, their compliance programs may be subject to a level of due diligence, training and monitoring.Therefore, companies should consider attaching warranties to their arrangements with "associated persons" that address the additional risks associated with the Bribery Act.

Further, companies will be subject to this offense if they carry on any part of their business in the UK.Unfortunately, there is no guidance currently available regarding the level of business connection with the UK required to meet the standard of "carrying on business in the UK."The issue will ultimately be decided by the courts, although prosecutors in the UK may issue some guidance on the issue.It is clear that companies with a branch in the UK will be subject to the Bribery Act.However, it is unclear whether a company whose sole connection is, for example, a UK debt or equities securities listing on a UK securities exchange, will be subject to the Bribery Act.Therefore, companies that anticipate conducting business in the UK, however minimal, should consider revising their compliance programs to include those risk areas that arise under the Bribery Act but are not covered by their existing FCPA compliance programs.

The Adequate Procedures Defense

The only defense available against the offense described above is proof that adequate procedures are in place to prevent an "associated person" from bribing others (the "Adequate Procedures Defense").In contrast to the FCPA for which a compliance program can only offer penalty mitigation, a compliance program with adequate procedures in place offers a complete defense to the new corporate offense.

In order to take advantage of this defense, companies should consider several of the key differences between the FCPA and the Bribery Act.As set forth above, the Bribery Act includes both bribery of foreign public officials and "bribery of another person," which includes a wide range of private sector commercial bribery.Additionally, bribery includes any misconduct outside the UK which would amount to a violation of the Bribery Act if it occurred in the UK.Accordingly, conduct which may be regarded as normal cultural behavior in a foreign country, or conduct in a foreign country with no private sector bribery laws, could still expose companies to liability under the Bribery Act.

Due to concerns regarding what is required of companies in order to take advantage of this defense, the UK Ministry of Justice published draft guidance on September 14, 2010 (the "Draft Guidance"), with final guidance due to bepublished in January 2011.While the Draft Guidance does not set out a list of mandatory minimum procedures, it does provide six principles which should inform those refreshing their compliance programs.The six principles, which should be familiar to those companies with existing FCPA compliance programs, include:

1. Risk assessment

2. Top level commitment

3. Due diligence

4. Clear, practical and accessible policies and procedures

5. Effective implementation

6. Monitoring and review

It is expected that industry groups for sectors such as construction and banking will develop recommended programs for adoption by other companies in their own sector.

Developing A Comprehensive Compliance Program

In order to address the Bribery Act's requirements regarding private sector bribery, which is not currently prohibited under the FCPA, companies should address two types of situations: (1) where an "associated person" bribes another person in order to induce or reward improper performance by the recipient; and (2) where acceptance of the advantage is in and of itself improper performance (i.e., violations of a client's gifts and hospitality policy).

When addressing the second situation, companies may wish to bifurcate their hospitality policy to permit higher levels of expenditure and a lower level of scrutiny of their private sector entertainment than that to which entertainment of public officials is currently subject. This strategy may help companies confront the Bribery Act's differing levels of scrutiny when it comes to private sector bribery versus bribery of foreign public officials.Regarding the use of absolute limits, the UK Serious Fraud Office has suggested that they are more likely to prosecute if there is no top limit.However, for companies operating in a number of different sectors or entertaining employees of a wide range of different seniorities, tiered approvals by reference to levels of expenditure involving a degree of judgment by those approving should be sufficient.

The Bribery Act's prohibition against facilitation payments also runs contra to the FCPA.However, there have been a number of indications that prosecutors in the UK will not take a hard line on facilitation payments unless the company is unable to demonstrate that it is making efforts to stamp them out.Therefore, it is imperative that companies remove any carve-outs for facilitation payments from their compliance programs.

Finally, when considering transactions which involve government offsets, companies should consult with a local lawyer in the relevant jurisdiction regarding the advantages permitted by written law.

Based upon the differences between the Bribery Act and the FCPA, companies with an FCPA compliance program in place will need to incorporate additional measures into their existing FCPA compliance programs in order to establish a comprehensive compliance program that also addresses the requirements under the Bribery Act.These measures should incorporate the following:

1. Extension of the program to prevent private sector corruption;

2. Prohibition of facilitation payments;

3. Consideration of whether to subject third party business partners to greater scrutiny;

4. Extension of third party warranties to cover private sector corruption; and

5. Review of provisions relating to dealings with foreign public officials, foreign governments and intermediaries.

Conclusion

While companies with FCPA compliance programs should be well ahead in the race to be prepared for the Bribery Act when it comes into force in April 2011, their compliance programs will need to be extended in a number of specific respects and careful thought will need to be given to risks posed by "associated persons" and dealings with foreign public officials.However, having established and operated an infrastructure for anti-bribery compliance to meet the requirements of the FCPA, the task of mitigating against the additional risks posed by the Bribery Act should not pose too great a challenge.

Published .