Until 1999 German laws allowed for some bribes to be tax deductible. Bribes or grease payments enabled German companies to get ahead overseas, or so many claimed. These payments were viewed as good for business and good for the German economy. At worst, they were a necessary evil.
In light of international efforts to stamp out bribery and corruption that have seen the US intensify its enforcement efforts under the Foreign Corrupt Practices Act (FCPA) and the UK implement the landmark Bribery Act in 2011, the topography in Europe has dramatically shifted.
In many regards the shift towards tougher anti-corruption measures had been notable through the 2000s, as the US took a harder line on pursuing corporates and prosecutors began to co-operate across borders. But it was after the 2008/09 financial crisis and related recession that the drive to clamp down on corporate excess became clear.
Sascha Kuhn, a German disputes and compliance partner at Simmons & Simmons, comments: ‘Whereas a few years ago facilitation payments were regarded as standard and a risk that needed to be taken, companies now think that even if they are doing these deals hundreds of kilometres away, they can have severe repercussions on management and the company itself.’
Germany and the UK came under pressure from bodies such as the Organisation for Economic Co-operation and Development (OECD) and the United Nations (UN) to attack corruption with increased zeal.
While German legislation is generally regarded as less robust than the UK equivalent, a greater willingness to pursue corruption has been clear since the US/German action against Siemens during the 2000s (see box, ‘Crony capitalism in the firing line’). Corporate criminality is one transformative measure that is under discussion in the Bundestag, although Chancellor Angela Merkel has yet to throw her full weight behind the reforms.
At the same time whistleblowers and internal investigations are uncovering more instances of bribery and corruption as companies move to support rather than marginalise the internal messengers of trouble.
In the UK, the Serious Fraud Office (SFO) is expected to soon announce a series of prosecutions under the Bribery Act.
With anti-corruption policies sure to stay high on the corporate agenda we teamed up with Simmons & Simmons to produce a special report on the topic, drawing on responses from more than 250 general counsel in Europe.
A DEFINING MOMENT – THE BRIBERY ACT CHANGES THE TONE ON BRIBERY
The Bribery Act stands as the defining piece of European anti-bribery and corruption legislation, but its full effect is yet to be felt.The act, which was introduced in the last days of the Labour administration emerged after years of pressure for the UK to improve its record on combating corruption. However, it was frequently attacked by business groups for going further than US legislation in some regards, with critics arguing it hamstrung British business abroad.
In 2011 the Ministry of Justice released guidance on its application that divided opinion, with some seeing it as a common-sense reading of the legislation amid hyperventilated claims regarding banning corporate hospitality, while others felt the government was close to re-writing a statute by the back door. Despite such controversy, the act was widely viewed in the legal profession as well drafted and necessary legislation and has proved effective at getting companies to tighten anti-corruption measures.
Still, with the courts having so far only seen a handful of relatively straightforward cases under the act, it will take years to gauge its full impact. In December 2014, the Serious Fraud Office (SFO) achieved its first convictions under the Bribery Act, when Gary West, the former chief commercial officer of Sustainable AgroEnergy, was found guilty of two offences under the legislation. Stuart Stone, an agent used by the company, was also successfully prosecuted.
In addition, the SFO achieved a successful conviction of two employees of Smith & Ouzman in December 2014 after corrupt payments had been made to public officials in Kenya and Mauritania.
Corporate criminality is a concept gaining traction in the UK and throughout Europe. There have been proposals to create a new criminal offence in the UK of failure to prevent economic crime, extending liabilities beyond bribery to fraud, money laundering and other economic crimes. This controversial proposal was first aired by the British attorney general Jeremy Wright in September 2014 and appeared in the Conservative Party’s election manifesto this year. However, even many practitioners who call for tougher enforcement feel such a broad brush measure will be hard to implement.
The creeping extension of liability for corporates, at both a criminal and civil level, has a been a clear trend in international law for 15 years and many believe that policies that further substantially extend the responsibilities of companies for the acts of their staff are inevitable.
If such a change in the law were to take place, our survey results indicate that 15% of respondents would expect to see a major shake-up to their internal policies, while a further 63% would expect to see amendments to current policies and procedures.
The advent of deferred prosecution agreements (DPAs) in 2014 was also a significant development in helping prosecutors. Under a DPA a company is charged with a criminal offence but proceedings are automatically suspended, with the company agreeing to conditions such as a financial penalty, paying compensation, or co-operating over the prosecution of individuals.
KPMG partner Nigel Layton thinks the DPA regime could have a profound impact. ‘If you hold your hand up, it could save a lot of investigation costs if you are sure that you have committed an offence. It will give the SFO some quicker wins than without the DPA. It is a mechanism to start the enforcement process without long-winded litigation.’
Stronger tools for prosecutors have been backed up by a tougher stance from the SFO under director David Green QC, who has repositioned the agency as a more robust pursuer of corporate crime. While concerns over the strained budget of the SFO are frequently cited by anti-corruption campaigners, the agency’s high-profile success last month in securing a criminal conviction against derivatives trader Tom Hayes for manipulating Libor interest rates will be viewed as a key win for the agency.
Ironically, the election victory of the Conservative Party has raised some questions over whether the UK is softening its stance on corporate crime as a sop to the business lobby. In July the government declined to reappoint Martin Wheatley, the chief executive who had pushed the market watchdog, the Financial Conduct Authority, towards a harder regulatory line. July also saw an announcement that the government is launching a review of the Bribery Act, after inviting companies to comment on whether its anti-corruption measures are ‘a problem’. But given the global trend towards tougher anti-bribery policies, it is unlikely the pressure on UK business will much ease.
The company in the dock
The Bribery Act made boards aware of the risks associated with turning a blind eye to shady businesses practices. The main difference for companies that have a nexus to the UK at least is that prosecutions under the Bribery Act are far easier to bring than comparable offences available under previous legislation.
‘I believe the Bribery Act was a pretty fundamental piece of legislation and something that global organisations certainly had to turn their minds to,’ says Charlotte Heiss, head of legal at RSA Insurance. ‘It has involved more work structurally than organisations would have anticipated at the outset.’
Before the act, company or executive liability only occurred if those in charge were aware of or acquiesced to corruption, an impractical test for prosecutors in most cases. Under the prior legislation, the Public Bodies Corrupt Practices Act 1889 and Prevention of Corruption Act 1906, or the common law offence of bribery, it had to be proved that a senior manager was the ‘directing mind and will’ behind the offence. The Bribery Act put the onus on management to ensure ‘adequate procedures’ have been taken to prevent bribery (see box, ‘The equation’).
Zoë Newman, a managing director in the investigations practice at Kroll, says the Bribery Act hasn’t radically altered the terrain as many multinationals with a connection to the US had already responded to the FCPA with their own compliance programmes. ‘However, we have seen a far greater recognition of the adequate procedures aspect of the Bribery Act, and as a result companies appear more willing to take proactive steps, through risk assessments and third-party compliance programmes to manage these risks.’
Adequate procedures generally include a clearly-stated anti-bribery and corruption policy, an awareness-heightening campaign, and regular training for the workforce as well as any third-party agents.
In 2012, Morgan Stanley’s compliance programme shielded it from FCPA prosecution, despite former executive Garth Peterson being sentenced for conspiring to bribe a Chinese official. The investment bank demonstrated that its procedures were extensive and effective, but that Peterson had ignored these and operated as a lone wolf.
While the US has led the way in aggressively deploying the FCPA – the law was first passed in 1977 but little used until the 1990s – the climate is also changing in Europe towards greater corporate accountability and more robust enforcement.
While the Siemens investigation was a key moment in Germany, the UK’s equivalent inflexion point was the controversy surrounding BAE Systems. In 2008 the UK was heavily criticised by the OECD for its handling of the Al Yamamah corruption scandal in which the defence and aerospace group was alleged to have bribed Saudi Arabian officials for a contract to deliver Tornado fighter aircraft. In December 2006 the then British Attorney General Lord Goldsmith announced that the SFO was dropping its investigation into Al Yamamah citing public interest grounds.
Patrick Moulette, head of the OECD’s anti-corruption division, says that all 34 member countries have signed up to the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, but there are still too few prosecutions: ‘The progress is very clear in terms of legislation, but the laws are not enough to deal with corruption. The problem is that enforcement is uneven. Some countries are good enforcers, but half of our members have not yet concluded a case of bribery through their judicial system.’
Despite the OECD’s frustration, the response has certainly moved away from general apathy. This stance is evident not only in Western economies but also in the key emerging economies that have traditionally represented the biggest corruption risk but which have, in the last five years, begun slowly improving their lax enforcement. The biggest incentive has been the need to encourage direct foreign investment in an age of mounting globalisation, as high levels of corruption make foreign investors wary.
In broader corporate circles facilitation payments are no longer accepted (these so-called ‘grease payments’ are distinguished from bribery and outright corruption as they are supposedly given to officials in the course of carrying out their duties. As they can be constructed as questionable processing fees, such payments have typically been a grey area exploited by companies looking to bend the rules in countries with endemic corruption problems). Other more subtle forms of buying influence that are no longer tolerated include outrageously ostentatious gifts. As FIFA has recently discovered, the public, media and authorities are now less forgiving of such conduct.
Growing cross-border collaboration between prosecutors has also had a major impact on the number of investigations and global liabilities, as seen in the SFO’s recent collaboration with Chinese authorities in its investigation into alleged corruption at GlaxoSmithKline (GSK), which last year saw the company handed a $497m fine in China. Fresh allegations against the British pharma giant emerged in July after a whistleblower claimed that doctors in Romania had been paid to prescribe drugs.
Aside from the US prosecutors’ (sometimes controversial) willingness to pursue cases abroad, Germany’s public prosecutors along with the UK also have powers to pursue companies internationally. Even when such powers do not exist, regulators increasingly swap notes to build cases as standard practice. Also significant is a US framework in which regulators and prosecutors, both civil and criminal, operate in a kind of competitive tension and in some cases have strong financial incentives to secure big-ticket fines.
As yet, enforcement actions under the Bribery Act have yet to take hold and this has limited the deterrent associated with successful prosecutions. It also leaves a gap in precedents set by the first wave of cases.
Nigel Layton, a forensic partner at KPMG, says the compliance world is waiting to gauge the line taken by the SFO over the adequate procedures defence: ‘We have seen enforcement in the US has been very strong, but it has not been formally tested here because adequate procedures have not yet been tested as a defence.’
Businesses cannot be clear on what is expected of them until the first trickle of prosecutions come through; expectations are that these will occur by the end of 2016.
Peter Maher, a forensic partner at Deloitte, comments: ‘It’s only four years since the Bribery Act came into force. That’s quite a short time frame for a complex corruption scheme to be thoroughly investigated and brought to trial.’
CRONY CAPITALISM IN THE FIRING LINE – FIGHTING BRIBERY ACROSS EUROPE
While the UK Bribery Act has been one of the most high-profile pieces of legislation impacting corporates in recent years, mainland Europe has similarly moved to combat bribery.In Germany, where Siemens was caught up in a headline bribery and corruption scandal that led it to pay $1.65bn in fines to the Securities and Exchange Commission (SEC) and Department of Justice (DoJ) in the US, and the Office of the Prosecutor General in Munich, there has also been talk of introducing criminal liability for companies. A further signal of the way the winds are blowing appeared this year when a bill was approved to reform the rules on bribery and corruption in the health sector.
France has issued a series of legislative changes as it changes gear in its battle against corruption. In July this year, the Minister for Economic Affairs and Finance proposed a law which would create an anti-corruption agency, a duty for companies to prevent corruption and gold-plate protection for whistleblowers.
Spain has likewise adapted its own criminal code in recent years to make corporate entities criminally liable. The latest modification occurred in July this year but since 2010, companies could be liable for crimes, including corruption offences, committed on their behalf by representatives, employees and contracted workers.
In 2012, Italy introduced its new anti-corruption law and a new National Anti-Corruption Authority has been tasked with preventing corruption.
In the Netherlands, Rotterdam’s public prosecutor has also taken a harder line in recent years after bribery involving Rotterdam port galvanised public opinion. ‘It is fair to say that until a few years ago, the Netherlands was lagging behind in the enforcement of bribery and corruption rules, but the climate has changed and enforcement has stepped up considerably,’ says Johan Polet, an Amsterdam dispute resolution partner at Simmons & Simmons.
While the extra-territorial nature of US and UK legislation makes it more prominent in the minds of major companies, these initiatives make it clear that the days of nepotistic capitalism and lax governance in Europe are fast drawing to a close.
Growing risks
Our poll of clients confirms that they are well aware of bribery risk, with 35% of respondents citing it as a ‘major risk’ to their business in Europe and only 14% feeling the risk was ‘negligible’ (these are substantial figures given that bribery is generally viewed as far more pressing in emerging economies).
This concern is fuelled by a notable increase in bribery claims in recent years. Nearly half of respondents (49%) reported an increase in internal bribery investigations over the last five years, against 5% seeing a decrease. Only 23% of respondents in our poll are ‘very confident’ that their procedures will prevent bribery occurring in their business, though 70% indicate they are ‘fairly confident’.
Nick Benwell, head of Simmons & Simmons’ crime, fraud and investigations group, says that it is virtually impossible to eradicate bribery risk: ‘If people within the business or third parties are determined to pay bribes, it is very difficult to stop that occurring.’ Benwell says that extensive training must be at the very least consistent and frequent: ‘If you are a multinational, then you are going to have substantial numbers coming into the business on an ongoing basis. You’ll have new employees, contractors, agents and consultants that can give rise to corruption risk.’
Leading up to the launch of the Bribery Act there was a great deal of media and public attention paid to hospitality and gifts and whether this would lead to individuals and businesses falling foul of the legislation. In our survey, respondents indicated that the most frequent bribery-related questions they had to address were hospitality (35%), gifts (23%) and appointment of local agents (23%).
Benwell believes too much debate around the Bribery Act is directed at ‘lavish entertainment and whether going to Wimbledon was or was not overly lavish’, adding: ‘the more significant issues around contracting with third parties were often not properly debated’ and that ‘facilitation payments still remain a very difficult issue’.
Benoit Belhomme, British American Tobacco’s general counsel for Western Europe, says that the Bribery Act did pose a significant test to businesses: ‘We have found that the most striking difference which surprised us and many other businesses we spoke to is the very wide scope of the Bribery Act. This gave rise to a lot of head-scratching particularly in respect of facilitation payment and corporate hospitality.’
Only 12% of our survey participants indicated that facilitation payment issues were the bribery-related questions they dealt with most frequently.
Despite much focus on the supposed strictness of UK legislation, there remains more concern among respondents regarding US prosecutors, supporting the frequent claim of bribery specialists that policies are less important in bribery risk than proactivity of enforcement. Nearly a third of respondents (32%) cited their concern level as ten, nine or eight out of ten regarding US laws, as compared to 28% for the UK Bribery Act.
Such concerns are underlined by the level of penalties being imposed on European companies. The French industrial group Alstom paid a $772m fine to the US Department of Justice (DoJ) for foreign bribery last year. The DoJ said that it had failed to impose adequate procedures to stop bribes paid to officials in Indonesia, Saudi Arabia, Egypt, Taiwan and the Bahamas.
Risk is further associated with transactions and projects of a high value, where there is a greater incentive to grease the palms of the counterparty. Deals involving extraction industries, such as oil and gas, and mining, can often depend on large monetary sums.
David Pinkney, NTT Europe’s general counsel, says anti-corruption procedures have to be more thorough in certain industries: ‘I would be more concerned if the value of potential contracts was in the tens or hundreds of millions, or even billions, which is where the larger companies such as arms and aerospace have far greater exposure since individuals and companies have such a lot to gain and temptation is far higher.’
Of course, sectors that involve regular dealings with foreign officials are at higher risk. The pharmaceuticals industry has also frequently run into problems. The list of major pharma firms that have agreed multimillion-dollar settlements in the US since 2009 after allegations involving kickbacks include Novartis, Johnson & Johnson, Pfizer and Amgen, though such actions have often been conducted under separate US legislation, such as the False Claims Act and Federal Food, Drug, and Cosmetic Act.
THE EQUATION – FINDING AND MANAGING BRIBERY RISK
Zoë Newman, managing director at Kroll, says it is easy to make mistakes in anti-bribery procedures: ‘I will never forget conducting an on-site bribery investigation in China in a remote location where no employees spoke English, but where posters relaying the US HQ’s whistleblowing policy were plastered all over the walls in English.’
In reality most staff in most companies will never have the ability to commit bribery. But the riskiest parts of the business are also often the hardest to educate.
Charlotte Heiss, head of legal at RSA Insurance, says that creating a clear anti-corruption policy is the easy part: ‘The challenge for in-house legal teams is to make that real and create bespoke guidance for every part of the world.’
While our survey indicates that questions relating to the Bribery Act often centre on hospitality and gifts, enforcement actions have largely focused on overt bribery and corruption by overseas employees and third-party agents. Heiss agrees: ‘Under the Bribery Act, you can be accountable for somebody doing something on your behalf, even if you were not aware or supportive of their actions, and that is the biggest risk.’
Elizabeth Wilks-Wood, group compliance director at Royal Mail, likewise, focuses on third parties: ‘It is important for me to understand who our third parties are, what services they provide for us and any potential risks they face. I want to ensure they are clear about our ethical standards and what we expect of them.’
That is easier said than done. Kroll’s 2015 Anti-Bribery and Corruption Benchmarking Report found the average respondent has more than 2,900 third-party relationships. Newman says clients are now going beyond the ‘historical box-ticking approach of policies’ and undertaking more proactive measures such as on-site reviews in high-risk jurisdictions.
Wilks-Wood subscribes to this methodology: ‘We adopt a risk-based approach, with periodic assessments to identify relevant third parties, the potential risks they face and how any risks can best be mitigated. I’m passionate about raising awareness. We all need to be clear about the “red flags” and the continued need for vigilance, as bribery risks are dynamic.’
In our survey, 14% of respondents indicated that employees are not aware enough of bribery as an issue at work. Newman says there are ‘still a surprising number of large corporates who have no measures in place, beyond reliance on employees and third parties’ adherence to anti-bribery and corruption policies and procedures’. The Kroll report says that 48% of respondents never train third parties on anti-bribery and corruption.
Possible bribery and corruption is being uncovered on an increasingly regular basis, not least because more businesses are enabling whistleblowers to sound the alert on unwanted behaviour. Of the respondents to our survey, 43% identified whistleblowers as the most common trigger for internal investigations, followed by internal audits (cited by 38%).
But while a whistleblowing culture has been established and encouraged in jurisdictions such as the US and UK, it has not always taken hold in continental Europe. Luca Basilio, a fraud and investigations specialist at Simmons & Simmons in Italy, remarks: ‘We have weak legislation, but the real issue is cultural. In Italy, a whisteblower is seen as a spy.’
For a business that has uncovered suspected illicit activity, it will then need to decide what to do with that information. Self-reporting or entering a DPA could give a company some control over their liabilities, but there are still some dangers in putting a head above the parapet. Stephanie Lhomme, head of compliance, intelligence, investigations and technology Europe and Africa at Control Risks, comments: ‘The DPA regime is a double-edged sword. Your story is going to get out and it opens the door to other regulators that want to look into you.’
The mounting use of DPAs, self-reporting and internal investigations has led to increased tensions between companies and prosecutors over the use of legal privilege, which regulators argue is used to limit the information available to investigators.
Sweett Group admitted to investors in November 2014 that the SFO considered it to be non-co-operative, because Sweett was persisting with its internal investigation into bribery allegations relating to its Middle East division. At the time the company said that the internal investigation by Mayer Brown was ‘nearing completion’ and that it believed that it was doing all it could to co-operate with the SFO. It subsequently passed the findings to the SFO in April this year.
The SFO’s director, David Green QC, has warned lawyers against using legal privilege to obstruct investigations. In a newspaper interview in February this year Green said: ‘We are prepared to challenge head-on the claims of privilege that we believe are ill-founded.’
With this area little tested in law many practitioners expect the courts to soon be wrestling with the issue.
For legal and compliance professionals, prevention and risk mitigation of bribery and corruption is an enormous but crucial task. Of course, effective policies are key, as having ‘adequate procedures’ under the Bribery Act is the only means for companies to manage their liability for staff corruption. Though some debate exists about how the UK courts will treat the adequate procedures defence, 2011 guidance from the UK government outlines six principles for companies in reviewing their policies:
- Proportionality – actions should be proportionate to risks.
- Top-level commitment to running the business without bribery.
- Risk assessment – companies should think about the bribery risks they face and markets they operate in.
- Due diligence – companies should take steps to know who they are dealing with.
- Effective communication to staff and agents of policies and procedures.
- Monitoring and review – businesses must continue to monitor processes as risks over time.
While global rules on bribery vary considerably, bribery specialists generally advise that policies that are robustly compliant with the US Foreign Corrupt Practices Act provide good working coverage globally, including in the UK.
Alistair Asher, group general counsel at The Co-operative Group, suggests that his task in this domain is multi-faceted: ‘A GC needs to ensure that the business understands and complies with the regulatory framework it operates within, and to be aware of, and to educate the business as to, any changes and developments in that framework.’
The cost of action is considerable. Our respondents reported spending an average of $432,450 over the last three years on bribery compliance, with 17% spending more than $1.5m.
There are also a significant number of internal investigations, with 41% of respondents conducting more than four bribery-related probes over the last year, including 21% who reported more than ten. And creating these policies falls squarely on in-house counsel. Our survey found 41% of GCs have prime responsibility for managing bribery risk, by some margin the most common senior figure cited.
The compliance dividend
For big multinationals, the issue of bribery and corruption has been front-of-mind for legal and compliance departments for some years. According to the OECD Foreign Bribery Report in December 2014, most international bribes are paid by large companies and with the knowledge of senior management.
Nevertheless, small-and-medium-sized enterprises (SMEs) are, by their nature, at risk, particularly if they trade overseas. Simmons’ partner Kuhn says that many of the Mittelstand companies in Germany have international operations, but do not have the same financial and human resource capability as the big multinationals to manage bribery risk. He believes the Mittelstand are also more likely to use third-party distributors and agents in overseas jurisdictions and are unlikely to have substantial compliance departments to limit potential exposure.
Businesses operating in the SME arena have to comply but Benwell indicates that under the UK regime there is some recognition that smaller businesses can draw comfort from the Ministry of Justice’s guidelines: ‘If you are a large multinational with billions of dollars of turnover and a large compliance department, then what is expected of you is greater than for an SME with no dedicated compliance function and perhaps no general counsel. Proportionality is recognised, but it can’t be an excuse for not engaging with the issue at all.’
For many businesses, compliance may seem like an unwelcome and costly burden (on average our respondents spent over $400,000 over the preceding three years on anti-bribery compliance).
Yet EY’s survey in 2015 entitled ‘Fraud and Corruption – the easy option for growth?’ suggests ‘a clear correlation between companies that have experienced revenue growth and those that are seen by respondents as being ethical’.
Kirsty Searles, a partner in the risk advisory practice at Deloitte, concludes that well-developed compliance is not simply a cost: ‘If you are moving into high risk and emerging markets with a framework in place to give you some comfort that risks are being properly managed, that enables you to focus on business growth.’ With the global anti-bribery bandwagon sure to role on, that’s good advice.