The Bribery Act 2010 came into force on 1 July 2011. It applies to all commercial organisations, whether in the public or private sector, regardless of size, with operations in the UK. This includes overseas companies with a presence in the UK. It affects all insurance intermediaries.
The Act creates four new criminal offences:
- giving, promising or offering a bribe (section 1)
- requesting, agreeing to receive or accepting a bribe (section 2)
- bribing a foreign public official (section 6)
- failure by a commercial organisation to prevent active bribery being committed on its behalf
As a minimum, firms need to have “adequate procedures” (see below) to prevent bribery being committed on their behalf. The FCA expects firms to identify and assess bribery and corruption risk as part of a business-wide risk assessment. The risk assessment should be comprehensive, but should also be proportionate to the nature, scale and complexity of the firm’s activities. Once completed the risk assessment should form part of a continuous process for oversight of the risk of bribery and corruption.
What is a bribe?
The Act defines a “bribe” widely, as a “financial or other advantage”. It includes obvious things like cash payments, but could also include gifts, corporate hospitality, letting someone off an existing debt or providing someone with free services.
The key point about a bribe is that it must be “improper”, where the “financial or other advantage”:
- is intended to make someone perform a function or activity improperly, or reward them for having done so; or
- is offered or given knowing that it would be improper for them to accept
Firms should ensure that staff are adequately trained in order to recognise a bribe. Some factors to take into account when deciding whether a payment or advantage is improper are:
Factors suggesting no impropriety | Factors suggesting impropriety |
---|---|
Payment / benefit is proportionate, having regard to an existing or potential business relationship | Payment / benefit seems excessive, having regard to an existing or potential business relationship |
Payment is fair compensation for services provided | Payment is disproportionate to services provided |
Payment / benefit is consistent with accepted market practice | Payment / benefit goes beyond accepted market practice |
Benefit complies with internal policies of both giver and receiver | Benefit breaches internal policies of either giver or receiver |
Payment is required by law or agreed in a written contract | Payment is described as a fee or otherwise suggesting it is legally required when it is not |
Benefit is freely offered by the giver (without improper intent) | Payment / benefit is demanded but is not legally or contractually required |
Benefit is given to a recipient already well-known to the payer | Payment / benefit goes to a recipient with whom the payer has no pre-existing relationship |
Benefits are given equally to a pool of individuals | Benefits are targeted exclusively at key decision makers |
Where one or more of the factors suggesting impropriety are present, firms may wish to consider whether the decision to proceed be taken at a more senior level by someone independent.
What should firms be doing?
Firms can embed a number of procedures to meet their responsibilities with respect to anti- bribery and corruption:
- Provide good quality, standard training on anti-bribery and corruption for all staff and additional, more specialised training for staff in higher risk positions;
- Conduct ongoing compliance monitoring to determine whether processes put in place to mitigate the risk of bribery and corruption have been followed. Review the processes themselves to ensure they remain
- Complete a comprehensive risk assessment covering the following:
(a) risks associated with the jurisdictions the firm does business in as well as the sectors they do business with and how they generate business;
(b) risks associated with insurance distribution chains. There may also be a risk with parties that are not immediate relationships e.g. introducers or
(c) risks arising from other aspects of the business e.g. staff recruitment and remuneration, corporate hospitality and individual relationships (see below) - Conduct due diligence, and where appropriate, enhanced due diligence on individual relationships to determine whether they pose a higher risk. Consider
(a) The role of the individual/party in the distribution chain;
(b) The territory in which the individual/party does business
(c) The amount and method of remuneration for the individual/party involved; and
(d) Any political or government connections - Senior Management should collect and review Management Information to assess the effectiveness of their anti-bribery and corruption policies and procedures.
Gifts and corporate hospitality
The Government’s guidance makes it clear that it “does not intend for the Act to prohibit reasonable and proportionate hospitality and promotional or other similar business expenditure”.
Gifts and hospitality should be proportionate to the seniority and status of the recipient. Firms should have regard to both their own corporate policy on gifts and that of the proposed recipient. In the case of some public bodies the threshold may be very low. Indeed, some public or government bodies may prohibit their staff entirely from receiving gifts or hospitality. There should be a justifiable business reason for giving the gift or hospitality to that recipient.
An important consideration will be the accepted ‘norm’ for the market in which the firm operates. Firms also need to consider possible reputational risk and their obligation to manage conflicts of interest fairly. Firms should set levels for gifts or hospitality, above which there is a need for additional senior management approval, prior to sign off.
Case studies:
A has enjoyed a particularly successful year, and decides to reward the companies that are its key introducers of business with a case of non-vintage champagne each.
Assuming that the champagne is likely to be shared among a number of individuals at each recipient company, the total value to each individual is likely to be relatively small. It is therefore less likely to induce those receiving it to act improperly in favour of A in the future. For added reassurance, A could check the gifts policy of the recipient companies.
B decides it wants to target a large potential new client. Having identified the head of procurement as the key person to target, it offers her and her family an all-expenses trip to the Champagne region of France.
There are several factors here which might suggest impropriety, such as the targeting of a single individual, the fact that there appears to be little or no existing business relationship and the size of the gift, including extending it to her family, which would appear to be disproportionate. This could therefore, be a bribe given in order to secure a new client. B should consider whether the scale of the benefit is appropriate, having regard to what B and its competitors would regard as normal market practice and record the decision that it makes.
What should firms be doing – (Gifts & Hospitality)?
- Ensure the anti-bribery and corruption policy gives due consideration to gifts and hospitability;
- Set meaningful thresholds for gifts and hospitality. These should reflect business practice and may be used as a basis to help identify potential issues;
- Record gifts given and received and ensure political and charitable donations are subject to appropriate due diligence. These should also be approved at an appropriate management level (see also third party payments, below);
- Using a risk-based approach, determine what management information should be reported concerning staff expenses, gifts and hospitality. Include details of cases of non-compliance with the intermediary’s policies where relevant.
Commissions
Commissions that are payments in return for services provided are unlikely to be bribes, as there is nothing improper about them. However, a payment received by a broker in breach of its duties to its customer under the law of agency, is likely to be regarded as “improper” for the purposes of the Act. A payment significantly in excess of the value of any service provided could also be a bribe or some other improper payment disguised as commission.
Firms should consider whether the level of a commission reflects the value of the service to be provided in return. Even if it is the “market rate”, it could still be regarded as a bribe if it is intended to induce the person receiving the commission to act improperly – for example, in breach of their duty to their client.
Firms should have a documented policy on how commission rates are arrived at and approved and records that show this policy being applied in practice.
The link between bribes and inducements
There is an overlap with the requirement under ICOBS 2.3 on firms to avoid conflicts of interest, in particular in relation to inducements.
However, while ICOBS 2.3 is concerned with the propriety of an inducement as between a broker and its customers, the Bribery Act would look at an inducement from the perspective of the broker and the insurer or other third party, which is giving or receiving the inducement. So, while in many cases a bribe will also be a breach of ICOBS 2.3, the range of possible offences under the Bribery Act is wider in scope than conflicts of interest under ICOBS. Equally, an arrangement may be entirely “proper” for the purposes of the Bribery Act, but still give rise to a conflict of interest under ICOBS.
This means that firms should consider commissions and other arrangements between brokers, insurers and other third parties in the light of both ICOBS 2.3 and the Bribery Act. Compliance with one does not automatically mean compliance with the other.
Payments to third parties
Firms should also be wary of payments made to others, including payments made at the request of those that you do business with. It may be that, unknown to you, the person asking you to make that payment is related to the third party, or benefiting from the payment in some other way. These might include charitable or political donations or sponsorship agreements. As part of anti-bribery procedures, firms should establish and document policies with a clear definition of a ‘third party’ and the due diligence required when establishing and reviewing third-party relationships. If asked to make such payments, firms should carry out appropriate checks on the third party to ensure that they are legitimate. The firm’s compliance function should have oversight of all third party relationships.
Ownership of bank accounts
Firms should take care to check that where someone provides them with details of a bank account into which to make payments, the account is in fact owned and controlled by the person or company for which the payment is intended. This might include verifying the details with another person at the organisation, such as the Finance Director, or requiring the other party to provide an original bank statement from the third party showing the sort code, account number and name of account holder. A copy of any evidence obtained should be kept on file.
Is there an exemption for facilitation payments?
There is no exemption under the Act for so-called “facilitation payments” (small level payments made to officials to ensure that they perform a particular function, or perform it more quickly).
The UK Government recognises in its guidance that eradication of facilitation payments is “a long term goal” in some parts of the World and in certain sectors. The Serious Fraud Office (SFO), the main prosecuting authority for offences under the Bribery Act, has said that it will exercise its discretion in deciding whether to prosecute in such cases. In particular, where an organisation self-reports and where it has a clear and appropriate policy which has been followed, these are factors which would point the SFO away from prosecution. However, large or repeated payments, and/or a failure to follow an organisation’s own policies would be more likely to lead to a prosecution.
Payments for legally required administrative fees or fast-track services are not facilitation payments.
When does the Act apply?
The Act applies to bribes offered, promised or given not just to government officials, but to employees of other businesses a firm may deal with, or others who are in a position of trust. These might be commercial insureds, insurers, or others who you deal with in the course of your business. The Act also makes it an offence to ask for, agree to receive or accept a bribe. It applies wherever in the world a firm does business, or where others do business on its behalf.
Actions of employees’ and others providing a service?
A business is responsible for their employees’ actions and could be found guilty of the criminal offence of failing to prevent bribery if its employees (or others), offer or pay bribes in the course of their employment. This is a “strict liability” offence, which means a business could be found guilty even if it did not know the bribe was being offered or paid. The only defence is to show that the firm has “adequate procedures” to prevent bribery.
Firms are also responsible for making sure that anyone who provides a service for them or on their behalf (an “associate”) does not offer or pay a bribe with the intention of winning business for them, or getting an advantage for their business. This will include third parties who help win business for them, joint venture partners and outsourcing partners who perform a service on their behalf. This means that firms will need to check what they are doing to comply with the Act. A business could be liable for failing to prevent them from offering or paying bribes, even if they did so without its knowledge or approval.
If business comes to a firm through a chain of intermediaries, it cannot claim to be only responsible for the last in the chain before them. Similarly, if the firm outsource a particular operation, it may also be responsible for the services performed for by sub-contractors of the party that it has contracted with.
What are “adequate procedures”?
The only defence to a charge under section 7 of the Act is to be able to show that the firm has “adequate procedures” in place to prevent bribery being committed on behalf of its business. The Ministry of Justice has prepared guidance on what might amount to adequate procedures. This guidance does not provide a “safe harbour”, so following it will not guarantee immunity from prosecution, but if a firm can show that it acted in accordance with the guidance, it is likely to help its case significantly.
Like FCA requirements, a firms’ procedures should be proportionate to the risk posed and should take into account the size and complexity of business undertaken.
Consequences of getting it wrong?
Individuals could be sent to jail for up to ten years and individuals and businesses could be hit with an unlimited fine. Senior officers within a company who have consented to or connived in bribery would face the same punishments.
In addition, there is the potential for reputational damage and an investigation into alleged bribery or corruption could also take up a lot of management time, even if it does not result in prosecution. A firm would also need to report any investigation to the FCA that may result in the FCA questioning whether the firm and/or its approved persons can continue to be regarded as fit and proper. A bribery conviction could also rule out a firm from tendering to an EU government or local authority in the awarding of public contracts.
Who prosecutes bribery offences?
Currently there are several agencies within the UK that investigate and enforce offences of bribery and corruption. The SFO is the lead authority in the UK for domestic and overseas bribery and corruption.
The City of London Police has a dedicated Fraud Desk, which one can call to seek advice or report any suspicion of a crime within the City of London. They will also investigate potential offences under the Bribery Act 2010. The City of London Police also has a dedicated Overseas Anti-Corruption Unit that often works closely with the SFO in investigating and prosecuting offences.
The National Crime Agency may become involved in investigations where there is a serious or organised criminal element. Similarly, Revenue and Customs Prosecutions Office (now part of the Crown Prosecution Service) could also have a role to play in relevant cases.
The Act provides that a prosecution cannot be started unless it is by or with the consent of a limited number of senior prosecutors. That should help to ensure that sensible judgments are exercised about whether to prosecute possible offences under the Act.
What should you do if you come across possible bribery?
If you come across a possible case of bribery, do not ignore it. If an employee, agent or anyone else providing services for you or on your behalf breaches your anti-bribery and corruption policy, it may be appropriate to take disciplinary proceedings against them. In the case of a third party, it may call into question whether you still want to do business with them.
But it may be that the incident shows that your training was not sufficient, or that your internal controls were inadequate. Make sure that you learn the lessons to prevent a recurrence. For example, the case may show that you have underestimated the risk from a particular area of business.
It is important that you have an effective internal whistle-blowing system, so that staff know who to report any concerns to internally and can do so in confidence. This also ensures that any issues are dealt with by a senior member of staff.
Should we report to the authorities?
The question of whether to report an incident or suspicion to the FCA or one of the prosecuting authorities can be a complicated one, as it often depends on the circumstances. A firm may need to obtain legal advice on how best to proceed. The SFO has said it will look favourably on companies that self report cases of bribery to it. The SFO has published guidance on its website on this issue at https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/corporate-self-reporting/
Who should we report to?
Generally, any report of suspected bribery or corruption would be made to the SFO. The SFO’s anticorruption team will decide if the matter is best dealt with by the SFO or whether to pass it on to one of the other agencies, such as City of London Police. Alternatively, if you think you may have been a victim of financial crime, you might want to report it to the City of London Police or to NCA. In either case, you should consider whether you should also report the matter to the FCA, depending on the circumstances.
Reports to the SFO can be made via its website at:
https://www.sfo.gov.uk/contact-us/reporting-serious-fraud-bribery-corruption/
or in writing to:
SFO Confidential, Serious Fraud Office, 2-4 Cockspur Street, London, SW1Y 5BS. The SFO does not take reports over the telephone.
The City of London Police can be contacted at:
Action Fraud: 0300 123 2040
Anti-Corruption Unit
Overseas Anti-Corruption Unit Reporting Line 020 7601 6969
(This is a 24/7 confidential answer phone service which allows the caller to report their suspicions either openly or anonymously)
Email: OACU@cityoflondon.police.uk
Address:
Overseas Anti-Corruption Unit (OACU)
City of London Police
4th Floor, 21 New Street
London EC2M 4TP
What is the FCA’s involvement in the Bribery Act?
Bribery and corruption is classed by the FCA as financial crime. In May 2010, the FSAs, as it was known, published a report highlighting good and bad practice in this area. This report can be found on the FCA website:
http://www.fca.org.uk/static/documents/fsa-anti-bribery-report.pdf. They found the following weaknesses:
- weak governance of anti-bribery and corruption and a poor understanding of bribery and corruption risk among senior managers;
- poor responses by many firms to significant bribery and corruption events which should have led them to reassess the adequacy of their preventative systems and controls;
- weak monitoring of third party relationships and payments with a worrying lack of documentary evidence of due diligence taking place;
- little or no specific training provided on anti-bribery and corruption, even for staff in higher risk positions; and
- inadequate compliance and internal audit monitoring of anti-bribery and corruption work.
Firms should review the following areas:
- Proportionate procedures to prevent bribery
- Governance and management information;
- Risk assessment and responses to significant events;
- Due diligence on third party relationships;
- Payment controls;
- Staff recruitment and vetting;
- Training and awareness;
- Remuneration structures and associated risks;
- Incident reporting; and
- Role of compliance and internal
Proportionate Procedures
A firm should have proportionate procedures in place to prevent bribery by persons associated with it. These should be based on the bribery risks it faces and the nature, scale and complexity of its activities. They must be clear, practical, accessible, effectively implemented and enforced.
Firms should:
- Review and amend guidance on hospitality, corporate gifts, sponsorship, charitable and political donations and other payments to third parties;
- Check existing payment authorisation processes and mechanisms for flagging unusual payments;
- Clearly communicate to staff and those who perform services on your behalf your ethical business values;
- Ensure policies and procedures are easy to access and understand and relevant to your business;
- Put in place procedures to manage incidents of bribery.
Governance and Management Information
Senior management awareness, involvement and responsibility are vital in ensuring adequate anti-bribery and corruption systems and controls are in place and that appropriate resources are allocated to mitigate identified risks. Senior management need to demonstrate their commitment to preventing bribery and foster a culture where bribery in never acceptable.
Firms should have:
- Clear and documented responsibility for anti-bribery and corruption apportioned to a senior manager or committee. If it is apportioned to a committee then this should have senior management membership, appropriate terms of reference and should report to the Board.
- Good Board level and senior management understanding of the bribery and corruption risks faced by the firm including the materiality to the firm and how to apply a risk based approach.
- Swift and effective senior management led responses to significant bribery and corruption events, which highlight potential areas of improvement in systems and controls.
- Regular MI to the Board and senior management, covering new third party accounts and their risk classification, higher risk third party payments for the preceding period, changes to third party bank account details, unusually high commission paid to third parties and general information about external developments relating to bribery and corruption.
- Actions taken or proposed in response to issues highlighted by management information to be documented and acted on.
- Consider a public statement of commitment to counter bribery.
- Ensure internal communications come from board level.
Risk Assessment and Responses to Significant Events
Firms should:
- Identify the parts of their business which are most exposed to bribery.
- Identify the types of transactions that are most vulnerable.
- Undertake regular assessments of bribery and corruption risks, taking into account the country and class of businesses involved, as well as other relevant factors.
- Perform more robust due diligence tests and monitoring of higher risk third party relationships.
- Conduct thorough reviews and gap analyses of systems and controls against relevant external events with strong senior management involvement or sponsorship.
- Ensure review teams have sufficient knowledge of relevant issues and where necessary supplementing their knowledge with external expertise.
- Have clear plans in place to implement improvements resulting from reviews.
- Have adequate and prompt reporting to NCA and to the FCA of any inappropriate payments identified during reviews.
- Look at payments to third parties – why are they made, how are they approved, and how do you satisfy yourself that they are commensurate with services provided?
- Review how clients and potential clients are entertained and rewarded.
- Identify joint ventures, intermediaries, outsources and other sources of business, who might put you at risk.
- Consider whether your pay structures, such as bonuses, encourage staff to commit bribery or corruption.
- Identify any jurisdictions you may deal with where the bribery and corruption risks are higher.
Due Diligence of Third Party Relationships
This was an area of considerable concern for the FCA and in particular:
- Over reliance on informal market view of integrity of third parties.
- No detailed checking of high risk third parties to ensure that they were not connected to assured, clients or public officials.
- No documented business case for using third parties.
- No regular reviews of third parties.
- No review of third parties as part of acquisitions.
- No consideration as to whether third party payments were commensurate with services provided.
- Making payments to others on instructions of third parties.
- No independent checking of third party due diligence.
- No central list of third parties.
- Inadequate steps taken to confirm the third parties bank account.
Firms should:
- Maintain a central list of third parties used to obtain or retain business.
- Have documented policies with a clear definition of what constitutes a ‘third party’ and the due diligence required when establishing and reviewing any arrangement.
- Perform more robust due diligence checks of higher risk third parties, including a detailed understanding of the business case for using them.
- Have a clear understanding of the roles clients, directors, reinsurers, solicitors and loss adjustors play in transactions to ensure they are not carrying out higher risk activities.
- Use third party forms that ask relevant questions, clearly stating these are mandatory.
- Review third party account open forms and ensuring they are approved by a relevant person or committee such as compliance or risk.
- Use commercially available intelligence tools and databases and/or other research techniques to check third party declarations about connections to public officials, clients or the assured.
- Inform all parties involved in the insurance transaction about the involvement of third parties being paid commission.
- Ensure current third party due diligence is appropriate when business is acquired which is higher risk that existing business.
- Set commission limits or guidelines that take into account risk factors related to the role of the third party, the country involved and the class of business.
- In addition considering paying a one off fee to third parties where the role is purely introducing.
- Ensure all relevant employees understand the definition and the due diligence required in relation to establishing and maintaining relationships with third parties, particularly if they are higher risk. Firms should initially regard all companies and/or individuals involved in insurance transactions who are not the underwriter or the assured to be third parties.
- Consider which types of third parties pose the greatest risk of bribery and corruption and take this into account when refining the definition.
- Take reasonable steps to ensure that bank accounts used by third parties are, in fact, controlled by the third party for which the payment is meant. For example brokers may wish to see third party bank account statements or ask the third party to write them a low value cheque.
- Undertake higher or extra level checks for higher risk third parties.
- Regularly reviewing third party relationships to identify the nature and risk profile.
- Maintain a central record of approved third parties, the due diligence undertaken and evidence of periodic reviews.
Third parties who provide services to refer, assist or facilitate the introduction of the client or the assured are likely to pose a higher risk of bribery and corruption. There is likely to be an increased risk of a third party being the recipient of a bribe or paying a bribe to others from commission received if:
- It is an individual (or a ‘company’ which, is in fact, an individual) – this is because an individual is more likely to be the ultimate recipient of a bribe and generally, it is likely to be more difficult for an individual to influence a client to place insurance business with a particular broker firm.
- It is introducing business from a country which is higher risk from a bribery and corruption perspective – paying bribes can be regarded as ‘how business is done’ in some higher risk countries and there could be inadequate anti-bribery and corruption legislation and/or enforcement of it.
- It is connected to the assured, the client or a public official – this increases the risk that corrupt means could be used to win business, particularly if those to whom the third party is connected have influence over procurement decisions.
- There is no convincing business case for the third party to receive commission or the amount of commission paid appears high compared with the amount of work they do. It is important for firms to understand fully the role of a third party and the services they provide so they can satisfy themselves that they are not making or becoming involved in illicit payments where the case for paying a third party is unclear.
- It is paid commission on the instructions of another party involved in the transaction. In these circumstances, broker firms could be being used by another individual or entity to pay bribes to the third party.
- The third party does not want others involved in the transaction to know it will receive commission. This lack of transparency increases the likelihood of bribery and corruption.
- The third party requires payment of commission in advance of premiums being paid. Here, there is a risk that the commission could either be a bribe or passed on to others as a bribe to secure the business.
Examples of third parties likely to pose a lower risk of bribery and corruption are brokers, clients, reinsurers, solicitors and loss adjusters who are regulated within the EEA or by the FCA. However, there are situations where these types of third parties carry out higher risk activities such as introductions or referrals. It is therefore essential that firms clearly understand the role of third parties such as clients, reinsurers, solicitors and loss adjusters in all transactions and define and treat them as a higher risk third party, where appropriate.
Payment Controls
Firms should:
- Ensure adequate due diligence and approval of the third party relationship before any payments are made.
- Have a risk-based approval process for payments and a clear understanding of why they are being made.
- Check payments individually prior to approval to ensure consistency with the business case for the account.
- Undertake regular and thorough monitoring of third party payments to check, for example, whether the payment is unusual.
- Have a healthily sceptical approach to approving third party payments.
- Have adequate due diligence on new suppliers.
- Set clear limits on staff expenditure, which are fully documented, communicated and enforced.
- Limit third party payments to reimbursement of genuine business costs or reasonable entertainment.
- Ensure reasons for third party payments are clearly documented and appropriately approved.
- Be able to easily produce a list of all payments made to third parties.
- Produce accurate management information to facilitate effective payment monitoring.
Staff Recruitment and Vetting
Firms should:
- Vet staff on a risk-based approach taking into account the financial crime
- Have in place enhanced vetting for staff with higher bribery and corruption risks. This could include:
- credit checks;
- criminal record check; and/or
- financial sanction checks and commercially available intelligence databases including CIFAS Staff Fraud
- Have a risk based approach for dealing with adverse information raised by vetting checks.
- If using employment agencies to recruit staff in higher risk positions, have a clear understanding of the checks they carry out and periodically check that the agencies are in fact complying with the agreed vetting
- Implement a formal process for identifying changes in existing employees’ financial soundness.
Training and Awareness
Firms should:
- Provide good quality standard training on anti-bribery and corruption to all staff and additional training to those staff in higher risk positions.
- Consider extending training to joint venture partners, distributors and other associates.
- Ensure those undertaking the training have had adequate training themselves.
- Ensure training covers practical examples of risk and how to comply with policies and procedures.
- Test staff’s understanding and use the results to assess individual training needs and the overall quality of the training.
- Maintain complete staff training records.
- Ensure penalties for non-compliance are clear.
- Check whistleblowing procedures are in place.
- Ensure internal compliance documentation is up to date and incorporated into contracts of employment.
- Provide refresher training and ensure that it is kept up to date.
Incident Reporting
Firms should:
- Have in place clear whistleblowing and reporting of suspicions procedures and ensure these are communicated to staff including:
- Appointment of a manager to oversee the process and be the main point of contact for staff with concerns regarding their line manager;
- Respect the confidentiality of those who raise concerns;
- Have internal and external suspicious activity reporting procedures;
- Keep records of internal suspicious activity reports;
- Ensure training covers suspicious activities and how to report them;
Role of Compliance and Internal Audit
Firms should:
- Ensure compliance and internal audit staff receive specialist training.
- Have effective compliance monitoring and internal audit reviews that challenge not only whether the processes mitigate bribery and corruption have been followed, but also whether the processes themselves are effective.
- Where appropriate, have independent checking of compliance’s role in approving third party relationships and accounts.
- Routinely undertake compliance and/or internal audit checks of higher risk third party payments to ensure there is appropriate supporting documentation and adequate justification.
- Review your policy regularly: at least once a year, or when there is a significant change in your business.
- Put in place an auditing system to check that staff and associates follow your procedures.
- Make sure adequate records are kept – they are your first line of defence.
- Carry out a bribery and corruption risk assessment when considering moves into new products or territories, or business acquisitions.
- Consider getting external validation of your procedures.
- Be sure to learn the lessons from any incidents that do occur – identify the root cause and ways to prevent a recurrence.
- Review the MI that is provided on anti bribery and corruption to ensure that it remains fit for purpose.
- Monitor publications on this topic from the regulator and updates from trade bodies.
Record keeping
It is important that a firm keeps records that show that they are complying with policy and procedures. For example, if corporate hospitality above a certain level requires sign-off at a senior level, there should be records that demonstrate that the firm has complied with that policy in practice. Similarly, board minutes should record that anti-bribery and corruption issues have been considered at board level and training records should show who has attended anti-bribery and corruption training. Records should also identify every time the policy and procedures have been reviewed, whether in response to a particular event or incident, or just on a rolling basis to ensure that it remains up-to date.