Insight on the UK Bribery Act

Over the years, several high-profile enforcement actions have been brought against organisations and individuals in the dam construction industry found to have committed acts of bribery and corruption. Firms involved in international projects need to be mindful of their obligations under the Bribery Act 2010 and the Foreign and Corrupt Practices Act. Not only do firms need to set measures in place, they also need to be able to demonstrate that they have done all they sensibly can to prevent misdemeanours. Interestingly, the Bribery Act specifically allows a defence to a corporate breach if an organisation can demonstrate that it has "adequate procedures" in place, designed to prevent persons associated with it from committing bribery.

Compliance with these “adequate procedures” relies heavily on the organisation’s ability to locate and retrieve key documents and data. Getting these procedures right is not solely a requirement encouraged by the Bribery Act – it is also a capability required by various other industry, national and international regulations – so the cost of being litigation ready can be allocated across many different regulatory and legislative requirements, including the Bribery Act.

Corporate offence defence

In accordance with s 9 of the UK’s Bribery Act, the Ministry of Justice has issued guidance upon what will constitute “adequate procedures” (30 March 2011). The Secretary of State summarises that: “The guidance is designed to be of general application and is formulated around six guiding principles [(i) proportionate procedures; (ii) top-level commitment; (iii) risk assessment; (iv) due diligence; (v) communication; (vi) monitoring and review], each followed by commentary and examples. The guidance is not prescriptive and is not a one-size-fits-all document.”

Companies wishing to rely on this defence may face complex challenges as they attempt to demonstrate that they have implemented rigorous policies and procedures aimed at preventing breaches of the Act. Moreover, there is an increasing amount of global regulation in this area and several conflicting international requirements add to the challenge.

For example, the scope of the Bribery Act is considerably broader than the US Foreign Corrupt Practices Act of 1977 (FCPA) in that it applies not just to overseas trading but also to bribery within the UK. The Bribery Act also covers all transactions, not just those involving public bodies, and unlike the FCPA it does not allow facilitation payments. Challenges exist in both complying with domestic legislation and in ensuring compliance with (often competing) foreign legislation.

Proactive measures will allow companies to respond adequately if they either suspect wrongdoing has occurred and wish to conduct internal investigations as a precursor to self-reporting, or if they are faced with a regulatory request for information.

Several critical factors should be addressed when designing a plan to facilitate preparedness for litigation or regulatory action.

Locating the data

Firms will need to acquire the ability to monitor a wide range of activities, by numerous individuals, who may be located in several jurisdictions, using a variety of information management systems and communication tools. Knowledge of how the business communicates with its contacts and where the information is stored will be essential to complying with the Act and avoiding potential judicial criticism. Judge Simon Brown QC expressed the view that: “Potential litigants...need to anticipate having to give disclosure of specifically relevant electronic documentation and the means of doing so efficiently and effectively”(Earles-v-Barclays Bank plc (2009) EWHC 2500).

Accelerating responses

Whether monitoring corporate information for potential breaches, or dealing with an internal investigation, it is important that companies have the ability to search their data for high risk communications using the most up-to-date and appropriate technologies available. They may, for example, benefit from the application of keyword searches to particular document populations. They may also benefit from the ability to group together similar documents from very large document sets, to be appraised on an ongoing basis of potential breaches. If wrongdoing is suspected, or regulators have commenced an investigation, and large document sets need to be reviewed, speed in the response will be vital.

Technology that is able to rank or prioritise data in accordance with decisions made at the outset by a senior reviewer, and thereafter promote those documents which are most likely to be relevant to the front of the review queue will be invaluable in accelerating a response. This technology-based approach is gaining traction in the legal community in the US as well as among the judiciary in the UK (Senior Master Whittaker in Gavin Goodale and Ors v Ministry of Justice and Ors [2009] EWHC B41(QB)).

Data protection considerations

The Bribery Act has extra-territorial reach and applies to acts undertaken both in the UK and in foreign jurisdictions. If information stored on servers in foreign jurisdictions is required as evidence in support of UK proceedings, companies will need to seek local advice about the restrictions which may apply to the transfer of data to the UK. Companies answering a request from the UK authorities may be able to limit the risks by processing and analysing the information within the foreign jurisdiction and seeking advice about the transfer of the reduced amount of information which is essential to the relevant proceedings.

Self-reporting

A particular feature of more recent regulatory action is the encouragement to self-report. In the UK, the Serious Fraud Office issued self-reporting guidelines in 2009. Organisations that have self-reported have, on a number of occasions, been given more lenient punishments such as Civil Recovery Orders.

To self-report, businesses must be able to undertake rigorous self-audits. Technology can help cut through vast amounts of data to find the “smoking gun” while retaining control of the investigation. It is clearly best to have an internal investigation strategy in place and to understand where weak points exist as soon as possible.

Having an effective eDisclosure system in place is critical for firms, especially since this readiness in itself will assist in establishing a defence if a breach should occur. However, the modern firm faces a range of legislative and regulatory compliance duties, many of which have stringent eDisclosure requirements. Therefore, if a suitably flexible and scalable solution is selected, the effort and cost of setting up such an eDisclosure system may be applied to all the compliance strictures that dam construction industry players face.

Epiq Systems is a provider of integrated technology products and services for the legal profession. For further information, please visit www.epiqsystems.com.