Three years ago Bribery Inc. went mad. Every law firm, accounting firm and uncle Tom Cobley and all got into the anti-bribery business. Many detailed anti-bribery policies were sold, placed on corporate intranets and training given.
Three years on and many are reviewing their policies and looking back at how they’ve been operating for the last three years. This is a sensible thing to do.
Many anti-bribery policies are extensive. They cover in detail the six principles set out by the Ministry of Justice and may even cover the ten hallmarks identified by the US DoJ and SEC. They may include statements about rolling risk assessments, due diligence lists, annual training and certifications, M&A due diligence, corporate hospitality approvals, supplier due diligence etc. We could go on. And many policies do.
And this is where they go wrong.
Because the longer they are the less likely it is anyone will read them or even know where to find them. And if no-one is reading your policy because it’s too long then the policy, no matter how erudite the legal prose, is a FAIL.
Answering a question put by Barry at the Pinsent Masons annual regulatory conference about Adequate Procedures, David Green, SFO Director made a couple of common sense observations.
Now, we should flag that Mr Green was keen to point out that the SFO does not offer advice and that he wasn’t about to give any.
So what follows is his opinion, off the cuff and it definitely does not constitute advice from the SFO. But you can consider it advice from us. The SFO Director said that he doesn’t really like long anti-bribery policies. Broadly speaking he is concerned that they probably won’t be read or understood by employees.
The obvious consequence of the anti-bribery policy not being read is that it is unlikely to be followed. His observation and the concern which underpins it resonates with us.
We are often asked to comment on others anti-bribery policies. Often when a company, say in an M&A process is asked (any) question about anti-bribery the stock answer from the vendor is – ‘see the policy’ (regardless of the question).
So we read the policy.
Likewise one of the first things the SFO or anyone else investigating or prosecuting suspected or alleged bribery will do is read your anti-bribery policy.
You should too. If you read your policy today (especially if it is a long one) are you confident that your company does all the things the policy says that it should do?
If the answer is no, then your corporate Adequate Procedures defence is going to face an uphill battle. Good news for the prosecutor. Bad news for the corporate.
The answer is simple.
A short policy and some simple training, made relevant to those to whom it is delivered in the context of what they do and importantly where in the world they do it.
Anti-bribery (and anti-fraud for that matter) systems and controls should not stand alone in a detailed policy but be baked into the mix of other ingredients in your corporate procedures. So for example, due diligence around a supplier should probably be embedded in existing procurement processes, not in a stand alone anti bribery process.
Plain common sense – though as we all know – this is a commodity which is sadly in short supply.
Barry Vitou and Richard Kovalevsky QC blog at thebriberyact.com