That guidance went through several iterations, however, and some of the ways in which the new guidance took a tougher stance are highlighted ahead.
According to the SFO, adequate procedures include a proper “tone at the top” through clear policy and anticorruption guidance, supported at the highest levels in the company. Companies must also have specific training on the company’s anticorruption principles, policies, and procedures. Adequate procedures also include individual accountability, including appropriate whistleblower, disciplinary, and incentive programs.
A company should have a path for clear and direct reporting by executive management to the CEO. A company’s code of ethics and anticorruption principles must apply regardless of whether local laws permit bribery and whether improper payments may be culturally accepted.
The SFO had previously acknowledged that small payments to ensure that public officials carry out normal functions were, unfortunately, endemic in many countries and would take time to eradicate. The new guidance departs from this stance, simply stating: “A facilitation payment is a type of bribe and should be seen as such.”
The company should have a specific policy on gifts as well as policies on hospitality payments that address the corruption risks inherent in these types of actions. These areas can be particularly high risk as there is much open to interpretation when such payments are made, and the agency says that it will prosecute where it seems like the evidence would support a conviction.
We recommend that client policies establish a reasonably low dollar limit, require management approval and tracking, and clearly document any and all hospitality spending. We do not generally recommend a no-hospitality policy but do emphasize a no-quid pro quo statement and active oversight. With respect to facilitation payments, we recommend that those be prohibited unless the life or safety of the employee or agent is threatened, management approves, and there is a clear paper trail and proper accounting.
A specific policy should also be written to address the actions of outside agents, consultants, advisers, and third parties, including appropriate due diligence policies, procedures, and contract terms. Ongoing risk assessments and auditing functions should be included in the program.