Financial Crime Risk Management

Anti-Bribery & Corruption - FAQ

May not cover factors relevant to a particular situation or circumstance.


Frequently Asked Questions

Click Questions to see example responses, some of which include embedded links to reference sources.

To access the Bribery Act 2010 and Explanatory Notes ('the Act')

To see Guidance published by the Ministry of Justice about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing (section 9 of the Bribery Act 2010) – click ('Guidance'):

Section 7 is particularly relevant to understand the defence available to a commercial organisation on the offence linked to ‘Failure of a commercial organisation to prevent bribery’. The Guidance states “… The commercial organisation will have a full defence if it can show that despite a particular case of bribery it nevertheless had adequate procedures in place to prevent persons associated with it from bribing. In accordance with established case law, the standard of proof which the commercial organisation would need to discharge in order to prove the defence, in the event it was prosecuted, is the balance of probabilities.”

The short answer is 'Yes'. A commercial organisation can be liable if a person ‘associated’ with it bribes another person intending to obtain or retain business or a business advantage for the organisation.

As part of a broader adequate procedures framework, which is expected to be in place under the Bribery Act, a commercial organisation’s top-level management (i.e. board of directors, the owners or any other equivalent body or person) must be able to demonstrate their commitment to prevent bribery by persons associated with it (e.g. by fostering a culture within the organisation that bribery is never acceptable).

A person associated with a commercial organisation is defined as a person who ‘performs services’ for or on behalf of the organisation. This can be an employee, an agent, an intermediary, or any of a number of association types. This person can also be an individual or an incorporated or unincorporated body.

The capacity in which a person performs services for or on behalf of the organisation does not matter, so employees (who are presumed to be performing services for their employer), agents and subsidiaries are included.

The question as to whether a person is performing services for an organisation will be determined by reference to all the relevant circumstances and not merely by reference to the nature of the relationship between that person and the organisation.

As noted in 'Ministry of Justice Guidance', the concept of a person who ‘performs services for or on behalf of’ the organisation has a broad interpretation and is meant to cover the whole range of persons connected to a commercial organisation - who might be capable of committing bribery on the organisation’s behalf.

The Bribery Act states it is a defence for a commercial organisation to prove that the commercial organisation had in place adequate procedures designed to prevent persons associated with the organisation from undertaking such conduct. But, the Act is also silent on the meaning of ‘adequate procedures.’

'Ministry of Justice Guidance' describes principles that should underpin a commercial organisation’s adequate procedures arrangements. The guidance provides helpful case studies but not a prescriptive solution. In short, it will be for the courts to decide whether the procedures in place are adequate.

The Guidance sets out six principles for bribery prevention for a commercial organisation to consider:

  • Proportionate procedures – the procedures an organisation should take must be proportionate to the risks they face. Guidance suggests, for example, an organisation's size and the nature and complexity of its business are amongst the factors which will influence the appropriateness (i.e. risk-based) response required;
  • Top level commitment – this requires demonstrable engagement by top level management to ensure that the organisation’s staff and those who do business with or for the organisation (e.g. associated persons) understand that bribery is never acceptable;
  • Risk assessment - organisations should assess the nature and the extent of their exposure to internal and external bribery risk (i.e. relevant to the territories it does business within). Such assessment needs to be periodic (i.e. not a one-off exercise), informed (i.e. supported by an appropriate rationale) and documented (i.e. to form part of the corporate defence framework);
  • Due diligence – the Guidance recommends organisations to undertake a proportionate and risk based approach to conducting due diligence, particularly in respect of the range of persons who perform services for and on behalf of the organisation (i.e. to know who you do business with and how business is undertaken in your organisation’s name);
  • Communication (including training & awareness) – it is important to ensure the requirements of policy (i.e. tone form the top) and supporting procedures are cascaded and communicated effectively, to deter bribery. Training should be utilised to raise general awareness and where necessary, provide role oriented guidance relevant to the threat posed by bribery in the areas in which an organisation operates – Noting the extra-territorial reach of the UK Bribery Act;
  • Monitoring and review – Having issued tone-from-the-top messaging by way of policy, senior management should be informed on the effectiveness of their organisation’s implementation, embedding and on-going maintenance of policy requirements (i.e. to gain sufficient comfort on their implementation in practice, or to make improvement where necessary).

The Director of the Serious Fraud Office (‘SFO’) issued joint guidance with the Director of Public Prosecutions, as Guidance for prosecutors, setting out the Directors’ approach to deciding whether to prosecute under the Bribery Act. Click 'here' for more on the SFO.

If you are concerned that you may have got it wrong, it would be sensible to obtain appropriate advice:

  • Legal advice - Interpretation of law; and
  • Other professionals - When considering how to identify and respond to bribery risk in the operating (business-as-usual) environment.

Under the UK Bribery Act a facilitation payment is a type of bribe. This includes where a government official is incentivised (e.g. given money or goods to perform, or speed up performance of, an existing duty).

No. Gifts & hospitality expenditure (or receipt) is a source of bribery risk, but the scope is much broader:

  • ‘Commercial organisation’ - Includes any corporate or partnership with all or any part of its business in the UK - This includes non-domestic or overseas businesses with UK operations.
  • Associated person - Includes ‘any’ person that performs services for or on behalf of the commercial organisation, such as, but not restricted to employees, agents, contractors and subsidiaries.
  • Strict liability - No requirement of ‘fault’ on the part of the commercial organisation. It does not matter if a member of the senior management team in the commercial organisation did not actively participate in, have knowledge of or even suspect that a person associated with the organisation was paying (or receiving) a bribe.
  • As described by the SFO“Doing business with integrity means ensuring compliance with the UK Bribery Act and insisting local partners, agents and distributors adhere to the same high standards. It also means being vigilant for modern slavery and other human rights abuses, both in operations and supply chains, in line with the UK Modern Slavery Act 2015”
  • Other potential risk area (examples) – Giving or receiving anything of Value, including:
    1. Awarding contracts, tendering and request for proposal processes
    2. Gifts and hospitality (e.g., meals, entertainment, transportation, lodging, training and conferences)
    3. Charitable giving/donations
    4. Political contributions
    5. Marketing sponsorship
    6. Employment and work experience (e.g. internships).
  • Penalties – A convicted organisation may be subject to a potentially unlimited fine and disbarment from public procurement tenders. It may also encounter difficulty in its on-going relationship with its existing bankers, or when seeking a new banking relationship, due to being considered potentially higher risk.
  • Corporate defence – The onus will be on the commercial organisation to be able to demonstrate that it had in place ‘adequate procedures’ to prevent its associated persons from giving (or receiving) bribes.

The FCA does not enforce or give guidance on the Bribery Act. The FCA does expect authorised firms to have considered and taken steps to address the risk of bribery and corruption within their business, including where these risks come from third parties.

Reasonable steps are likely to include:

  • senior management that stays up to date with, and fully abreast of, bribery and corruption issues
  • adequate bribery and corruption risk assessment
  • policies and procedures (including staff recruitment, vetting and remuneration) that cover bribery and corruption risks
  • training and awareness programmes that ensure staff have adequate understanding of the risks associated with bribery and corruption
  • adequate and risk-sensitive measures that address the risk that a third party acting on behalf of the firm may engage in corruption

For further detail and examples of good and poor practice in anti-bribery and corruption - see Financial Crime: A Guide for Firms .

No anti-bribery and corruption (‘ABC’) framework can guarantee complete protection against, or prevention of corruption. The framework which is best suited to ‘Enterprise A’, may have some similarities and differences, to ‘Enterprise B’.

The framework arrangements which best suits your organisation’s needs should include:

  • Governance - Senior management risk-appetite, risk ownership and accountability (e.g. by Board member or other individual with authority, expertise and resource), with supporting activity endorsed by the Board or equivalent senior management body
  • Group or firm-wide Policy - With due consideration of legal and regulatory risk in the operating environment, the range of Associated Persons your organisation employs or interacts with (buy-side and sell-side), as well as the culture and locations in which your organisation transacts
  • Risk-based control environment - Design and implement a suitable control framework, which reflects assessed risk and is appropriately resourced to promote ethical business and ensure compliance with policy and supporting procedure(s)
  • Training and Awareness - Development of appropriate training content and ensuring coverage of key ABC framework elements. Content should, as a minimum cover:
    1. Policy, procedure and supporting guidance
    2. Risk-based training of appropriate employees (i.e. generic for all staff, with additional focused content for staff in higher-risk roles’)
    3. Minimum standards for third-party providers and/or key outsource relationships, where applicable, on your organisation’s intolerance for bribery and corruption
  • Compliance monitoring - Controls testing and assurance must be included, to provide assurance or insight for senior management on compliance with policy and procedure
  • Reporting - Mechanisms for employees, customers, suppliers and other third parties, to be able to report ABC concerns.

For more on our ABC services - See ABC Services