My colleague Henry Mixon of Mixon Consulting has an
interesting observation regarding internal controls under the UK Bribery Act.
Unlike the Foreign Corrupt Practices Act (FCPA), the Bribery Act does not have
a books and records component written into the law. However, even without this
books and records component, robust internal controls may be more important
under for the reason that they must be present and functioning if a company is
to assert an "Adequate Procedures" defense available under the Act.
Buried within "Principle Five of the Guidance" is the
requirement that a) a company has appropriate financial controls to prevent and
detect violation of anti-bribery policies; and (b) that these financial
controls be communicated to both employees and relevant third parties. With
this total lack of 'guidance' for companies subject to the Bribery Act to fall
back upon, we believe companies can look to internal controls developed for the
FCPA for some guidance. However, the internal controls put in place for the
Bribery Act will need to address the specifics of that the Bribery Act. Clearly
the two major differences will be lack of distinction between public officials
and the jurisdictional nature of the Bribery Act will require a company's
internal controls to be global in scope.
The Four Cornerstones
We have previously set out the four cornerstones of any
internal controls regime, and just to refresh they are as follows:
As we have also made clear, in prior posts, three key
components are: Documentation, Documentation and Documentation. There must be
written policies and procedures which are clear, assessable and enforced,
however policies alone are not sufficient. There must be evidence of standards
for the performance of internal controls; there should also be ongoing
monitoring and auditing to ensure that they continue to function effectively.
Internal control infrastructure should be evaluated and
enhanced if needed. This would include the tracking of gifts, entertainment,
hospitality and promotional considerations. A similar requirement is found for
travel. Any payments to high risk parties or in high risk countries should not
only be evaluated with internal controls but elevated for approval to an
appropriate level of management for visibility, a delegation of authority
issue. All of these considerations need to include an expanded emphasis under
the Bribery Act, due to the lack of distinction of public officials and
private actors, so all transactions need to have this level of review.
Beyond the FCPA
Other additional considerations or expanded
considerations which a FCPA only based internal controls system may need under
the Bribery Act are a mechanism to deal with a company's interaction with a US
governmental official. As the Bribery Act makes illegal the acceptance of a
bribe, controls will be needed to cover and document this aspect. Lastly, there
should be overall documentation of the company's compliance program to provide
proof of 'Adequate Procedures' so that a defense is available under the Bribery
A suggested approach to evaluate your company's internal
controls under the Bribery Act would include an initial bribery-related risk
assessment to include:
Thereafter, the following should be considered:
As recently reported in the Wall
Street Journal, an astonishing 73% of more than 1,000 business professionals
polled by Deloitte Financial Advisory Services LLP said they were not familiar
with the provisions of the Bribery Act. With an upcoming implementation date of
July 1, 2011, we can only hope that these companies will wake up and smell the
[Bribery Act] coffee, or tea, for our English followers.
Visit the FCPA Compliance and Ethics Blog,
hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and
other forms of risk management for a worldwide energy practice, tax issues
faced by multi-national US companies, insurance coverage issues and protection
of trade secrets.
Henry Mixon is the Principle of Mixon
Consulting and can be reached via email at firstname.lastname@example.org.
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2011
For more information about LexisNexis
products and solutions connect with us through our corporate site.