By Chris Davies.
1. What is the corporate offence of failure to prevent bribery?
The corporate offence of bribery is located in section 7 of the Bribery Act 2010 (the ‘‘Act’’).
A commercial organisation with all or part of its business in the UK will commit the offence of failure to prevent bribery if an associated person (e.g. employees, agents, contractors and subsidiaries) gives a bribe to win business, or an advantage in business, for the commercial organisation.
There is no requirement of 'fault' on the part of the commercial organisation. It does not matter therefore that the senior management in the commercial organisation did not participate in, know about or even suspect that persons associated with the commercial organisation were giving bribes.
2. What is the ‘adequate procedures’ defence?
The (only) defence available for the commercial organisation is for it to demonstrate that it had in place 'adequate procedures' to prevent its associated persons from giving bribes.
The Act is silent on the precise meaning of 'adequate procedures'. The Ministry of Justice has published guidance on the principles that should underpin a commercial organisation's adequate procedures.
R v Skansen is the first case to give an indication of what a jury might find (or perhaps not find) to constitute adequate procedures. For detailed case analysis and practical steps that can be taken by commercial organisations, see Thomas Webb’s article: ‘First case on Bribery Act's 'adequate procedures' defence: five things you need to know'.
3. Why is this important for FCA and PRA regulated firms?
The corporate offence outlined above applies to all commercial organisations with all or part of its business in the UK including financial services firms.
The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) regulated firms are under a twofold obligation in relation to the prevention of bribery. They not only risk criminal liability under section 7 of the Act if the procedures intended to prevent bribery are inadequate but, in addition, may face regulatory action if they do not maintain adequate anti-bribery systems and controls.
The FCA published ‘Financial crime: a guide for firms’ in April 2015 (the ‘2015 Guide’). The 2015 Guide is clear that while the FCA does not enforce the Act or provide guidance on the Act, firms subject to the SYSC rules are under a separate, regulatory obligation to establish and maintain effective systems and controls to mitigate the risk of financial crime. The principal rules are:
- SYSC 3.2.6R: a firm must ‘take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime’
- SYSC 6.1.1R: a firm must ‘establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm … with its obligations under the regulatory system and for countering the risk that the firm might be used to further financial crime’
- SYSC 3.2.6AR: which states that a firm must ensure that the systems and controls in place to counter the risk of financial crime are ‘comprehensive and proportionate to the nature, scale and complexity of its activities’.
‘Financial crime’ in this context is defined as ‘any kind of criminal conduct relating to money or to financial services or markets’ that is wider than the scope of the Act and encompasses both risk of corruption and bribery. The 2015 Guide is clear that the FCA may take action against a firm with deficient anti-bribery systems and controls regardless of whether bribery or corruption has actually occurred. The 2015 Guide also highlights Principle 1 (integrity) of the Principles for Business as being relevant in this context.
In addition to FCA regulated firms, the provisions in SYSC 6.1.1R are mirrored in section 2.1 of the PRA Rulebook (‘Compliance’). PRA regulated firms should be aware of R v Skansen, to ensure that their anti-bribery systems and controls meet the PRA requirements and are adequate for the purposes of the Act.
Furthermore, e-money and payment institutions must satisfy the FCA that they have robust governance, effective risk procedures and adequate internal control mechanisms pursuant to Reg 6, E-Money Regulation (The Electronic Money Regulations 2011) and Reg 6, Payment Services Regulation (The Payment Services Regulations 2017).
In order to avoid the criminal and regulatory consequences outlined above, it is critical that FCA and PRA regulated firms are aware of the section 7 offence, R v Skansen and what amounts to ‘adequate procedures’.
Firms should also consult the 2015 Guide which includes sections on governance, risk assessments, policies and procedures, Dealing with third parties and provides examples of good and poor practice from a regulatory perspective along with real life case studies. While the 2015 Guide is not binding it gives an indication as to the FCA’s expectations.
4. What should financial services firms be doing now?
Financial services firms should reflect on the outcome of the R v Skansen case to ensure that they have the adequate procedures and the required systems and controls to prevent bribery, so as to avoid criminal prosecution and/or regulatory enforcement.
5. How can Burges Salmon help?
We continue to help clients in the design, implementation and review of their adequate procedures and compliance with their regulatory obligations. If you would like help with this please contact us on the details above.