The Bribery Act came into force last July. Hopefully you reviewed your systems and controls at that time. So does that mean job done? In a word – No.
Bribery and corruption risks need to be treated like any other form of business risk. You need to monitor them continuously and be prepared to change the way you deal with those risks. Your approach to risk is only ever as good as your risk assessment, so you need to carry out regular reviews to ensure that you identify any gaps and weaknesses. Remember that you may be unwittingly committing an offence just because your systems and controls are weak – even if no actual bribery has taken place.
Keep up with changes
Risks change, so your risk assessment needs to change as well. In the context of bribery and corruption, this could be because:
• You move into a new line of business
• You find out about practices in your business that you didn’t know about before
• You recruit new staff with a more relaxed approach to compliance
• Your regulator’s expectations change
• Case law develops
Don’t trip over your own rules
You need to ensure that you are complying with your own anti-bribery and corruption policies and procedures. So you need to have systems in place to check that you are meeting the standard you have set yourself.
It’s not enough to say that ‘we have a zero-tolerance’ approach to bribery. You need to be able to show that this is what happens in practice. So if, for example, you say that all gifts and hospitality over a certain value must be recorded, you have to check that this rule is being followed. If not, that suggests there may be a culture of non-compliance.
But everyone else does it!
Just because something is common practice does not give you a defence. However, there may be ways to manage that risk or find a new way of operating that is compliant. Remember that your customers & suppliers are also subject to the Bribery Act, so they should be as alert to these issues as you are. When it comes to bribery, it would be dangerous to assume that there is safety in numbers.
You need to imagine what you would do if the authorities turned up unannounced and asked to see your anti-bribery and corruption policies and procedures. Ideally, you should be in a position to hand over a file showing an up-to-date risk assessment, and a document showing how each of these risks has been addressed and how compliance is monitored. It should also be clear who is responsible for overseeing and enforcing your policies and procedures, and there should be evidence of commitment and engagement at the very top of the organisation.