The U.S. Department of Justice recently published new guidance on how it will assess corporate compliance programs. The DOJ Guidance streamlines previous U.S. guidance and expands on key subjects; providing a greater insight into how the the DOJ will approach its evaluation of compliance programs when considering whether a prosecution or other resolution is appropriate.
By comparison, the UK Bribery Act 2010 Guidance, which came out in 2011, contains six principles which “commercial organizations” undertaking part of their business in the UK must adhere to if they are to have a defense to a charge of failing to prevent bribery.
It is perhaps unsurprising — given their different purposes, the eight years between them and the broader scope of the UK law regarding commercial bribery — that the DOJ Guidance and UK Guidance have different things to say about anti-corruption compliance programs. Nevertheless, given the extra-territoriality of both laws and active enforcement, many international firms will need to consider both the U.S. and UK guidance when designing and implementing their controls.
A comparison of three of the key differences is set out below:
1. Risk Assessment
The DOJ Guidance emphasises the importance of “tailoring” compliance programs to a company’s needs and therefore the importance of an initial risk assessment, not least as under the “Principles of Federal Prosecution of Business Organizations,” prosecutors must consider whether the program is appropriately designed to “detect the particular types of misconduct most likely to occur in a particular corporation’s line of business.” The DOJ Guidance suggests that risks to be analyzed in this process could include the location of a firm’s operations, the sector in which it operates, the competitiveness of the market, regulatory landscape, transactions with foreign governments, payments to foreign officials and any charitable or political donations, among other things.
The UK Guidance also recognises that the risk assessment is a “necessary first step” in building proportionate procedures and identifies areas of potential risk. However, the UK Guidance suggests that a suitable risk assessment will be characterised by factors including oversight of the risk assessment by top level management and appropriate resourcing as well as five inherent risk types, which is describes as country risk, sectoral risk, transaction risk, and business opportunity risk and business partnership risk.
2. Expectations of Management
In assessing whether a program is well implemented the DOJ will look to both senior and mid-level management, and whether the company creates and fosters “a culture of ethics and compliance.” While this starts with senior management and “tone from the top,” middle-management also need to reinforce and exemplify these standards. Alongside this, the DOJ Guidance requires those responsible for the day-to-day oversight of the compliance program to be able to “act with adequate authority and stature.”
The UK Guidance also highlights the importance of a top-level commitment in fostering “a culture…in which bribery is never acceptable,” providing examples of some of the activities which can set an appropriate tone from the top. However, showing perhaps how far compliance expectations have moved in eight years, it does not tackle middle-management requirements, or go into the same detail in relation to day-to-day oversight of a compliance program.
When checking the effectiveness of implementation, the DOJ will look at how misconduct is investigated, and specifically whether companies have conducted a “root cause analysis.” The UK Guidance takes a higher-level/principles based approach, particularly in setting out expectations for investigations; stating only that “systems set up to deter, detect and investigate bribery…will help provide insight into the effectiveness of procedures…”
Sam Tate, pictured above, is a partner and Head of Financial Crime at Reynolds, Porter Chamberlain LLP based in London. He is a co-author of a leading UK anti-corruption compliance text book “Bribery: a Compliance Handbook” published by Bloomsbury. He can be contacted here.
The author wishes to acknowlede the kind assistance of Katie Fry-Paul, also at RPC.