1. The new Act in 2010
  2. The bribery offence
  3. Penalties
  4. The defence
  5. Guidance provided
  6. Compliance staff
  7. Enforcement bodies in the UK
  8. Developments
  9. Other countries’ use of the Act and similar
  10. Verdict on the Act

The following is a summary of points and comments, largely for my own education, but which might be helpful to others.


The Bribery Act 2010 received Royal Assent in April 2010, and so has been on the statute book in the UK for some 10 years (although technically it only came into force on 1 July 2011).  After a decade of existence, 2020 presents a timely opportunity to review how effective it has been.

The Act reformed and consolidated the law of the UK in respect of bribery and corruption, replacing both common law provisions and several ageing Acts of Parliament known collectively as the Prevention of Corruption Acts 1889 to 1916[1].

The Act provided for offences under two broad categories – bribing another person and agreeing to accept a bribe.  It also provided for a distinct offence of bribery of a foreign public official, as well as a new offence where a commercial organisation[2] fails to prevent bribery.

Those found guilty of offences under the Act would be liable to a maximum of 10 years’ imprisonment, or an unlimited fine for a corporation.  There were other potential consequences, which I will mention shortly.

Notably, and still relatively uncommon for UK law, it provided for extra-territorial jurisdiction to prosecute bribery committed abroad by persons ordinarily resident in the UK as well as UK nationals and UK corporate bodies.  However, it did not itself extend to the Channel Islands, Isle of Man or the British Overseas Territories[3] so to create offences under their laws – although British citizens from those jurisdictions could still be liable to prosecution under the UK Act, and the OECD Working Group on Bribery in 2019 noted that, despite an ongoing dialogue between the UK and British Overseas Territories, the extension of the OECD Convention has not been finalised in all remaining Territories.

The extra-territorial element means that an offence can be committed where it took place partly, or even entirely, outside the UK, provided that the alleged perpetrator is a British citizen or deemed to have a “close connection” with the UK – and this includes citizens of the British Overseas Territories and companies incorporated in the UK.  This aspect of the law was largely in accordance with pre-existing bribery legislation, and the only significant change being that the Bribery Act applies to foreign nationals who are ordinarily resident in the UK.

The Act had its origins dating back to at least 1995[4], with several reports and a failed earlier Bill, before the final Bill was ready in 2009.

The UK is party to the 1997 OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions[5] and the associated 2009 Council Recommendation[6], as well as the UN Convention against Corruption, which the UK ratified in 2006[7].  The UN Convention covers 5 main areas – preventive measures, criminalisation and law enforcement, international cooperation, asset recovery, and technical assistance and information exchange.  It also covers many different forms of corruption, such as bribery, trading in influence, abuse of functions, and various acts of corruption in the private sector; and a is the inclusion of a specific chapter on asset recovery, aimed at returning assets to their rightful owners, including countries from which they had been taken illicitly.

It is claimed that the OECD Convention (with its 2009 Recommendation) is the first and only international anti-corruption instrument focused on the “supply side” of a bribery transaction.  In December 2018, in order to ensure the continued relevance of the Convention, the OECD launched a review of the 2009 Recommendation, with this undertaken by the Working Group on Bribery, and scheduled for completion by early 2020[8].

The 2009 Recommendation complementing the OECD Convention came about when parties to the Convention agreed to put in place new measures to prevent, detect and investigate foreign bribery, and the subsequent Recommendation contains provisions for combating small facilitation payments, protecting whistleblowers, improving communications between public officials and law enforcement, and included the OECD Good Practice Guide on Internal Controls, Ethics and Compliance[9].

Whilst the compliance framework that businesses need to be aware of does not just include the standard reputational due diligence driven by legislation such as the Foreign Corrupt Practices Act (FCPA) in the US and the Bribery Act.  Consumers and investors are also increasingly wanting or having to assess the environmental, social and governance (ESG) framework before spending their resources.  This requirement often dovetails with bribery and corruption, as the bribery or corruption may often be the result of abuse of ESG principles, or result in ESG abuses, and in the modern world of social media and rapid communications, increases the reputational risks for any business unfortunate enough to be affected.



The Act uses a “reasonable person” test to decide if bribery has taken place and notably excludes taking into account local practice and custom outside the UK – unless such practice or custom is permitted or required by written law[10].

The distinct and strict liability offence of bribery of a foreign official closely follows the requirements of the 1997 OECD Convention, as supplemented by the 2009 Recommendation.  It only covers the offering, promising or giving of bribes, and not the acceptance of them by a foreign official abroad (that, presumably, is a matter for the local authorities in that country) – although bribery is clearly a two-way street.

Hence the Act criminalises the UK-connected person or organisation giving or offering the bribe – which does not have to be a monetary bribe and has no de minimis amount, but not the foreign official (unless that foreign official was in the UK at the time the offence was committed).

The offence of bribing a foreign public official does not require “impropriety” as part of the wrongful act, but only that advantage is given in order to “influence”.   Hence, corporate hospitality intended to influence the recipient to look favourably on the giver of the hospitality can be caught and it is said that the legislation relies on prosecutorial discretion with respect to corporate hospitality given to foreign public officials, i.e. when “normal” hospitality becomes bribery.

The foreign official involved can be either a government official or someone working for and international organisations

The offence has 2 elements – the (illegal) conduct involved and the fault element – what a person must intend in order to commit the offence, such as gaining or retaining an advantage, exercising influence etc.

The types of UK commercial organisations caught by the offence of failure to prevent bribery are –

  • a body incorporated under the law of any part of the UK and which carries on business, whether there or elsewhere;
  • a partnership that is formed under the law of any part of the UK and which carries on business there or elsewhere; and
  • any other body corporate or partnership wherever incorporated or formed which carries on business in any part of the UK (thus an overseas entity that carries on a business or part of a business in the UK is caught by the Act).

The Act does not criminalise bribery by a foreign subsidiary of a UK company committed abroad.

The Act does affect foreign nationals who are in the UK when the criminal act is carried out, and also has extraterritorial effect for foreign nationals who are “ordinarily resident” in the UK.

A 2019 Parliamentary report highlighted an interesting aspect of the law, reflecting a general principle of English corporate law.  This was that the so-called “identification principle”, a central feature of English corporate law, and which requires that any successful prosecution of a business needs to demonstrate that the controlling minds of the business (usually the board of directors) were aware of the criminal actions, and possessed the necessary mens rea (“guilty mind”).  It has been argued that this model is inherently disadvantageous to small- and medium-sized enterprises (SME), compared with large companies (especially transnational corporations), as it is much easier to identify the controlling minds of a small company and hold them responsible[11].  There have been calls for adoption of a form of vicarious liability, where a corporation is liable for the acts or omissions of an employee which take place in the course of that employee’s employment (unless he or she was off on a spree of their own).

The offence is committed where a person associated with the commercial organisation bribes another person (and not only a “foreign official”, as required by the OECD Convention) with the intention of obtaining or retaining business or an advantage in the conduct of business for that organisation.  It does not need to be an offence in the other country.

The offence of bribery is described in section 1 as occurring when a person offers, gives or promises to give a “financial or other advantage” to another individual in exchange for “improperly” performing a “relevant function or activity”.

Section 2 covers the offence of being bribed, which is defined as requesting, accepting or agreeing to accept such an advantage, in exchange for improperly performing such a function or activity. The “relevant function or activity” element is explained in section 3 — it covers “any function of a public nature; any activity connected with a business, trade or profession; any activity performed in the course of a person’s employment; or any activity performed by or on behalf of a body of persons whether corporate or unincorporated”.

Section 1, 2 and 6 offences carry the same maximum penalties of up to 10 years imprisonment and/or an unlimited fine for individuals, and an unlimited fine for a company[12].

The 2019 Parliamentary report (see below) reviewed prosecutions under the Act, highlighting the difficulties of properly assessing whether the Act was being adequately enforced.  These included the long duration of many bribery investigations, which meant that long after the Bribery Act came into force, a majority of bribery-related cases are still being prosecuted under earlier laws.  Indeed, the report said, between 2014 and the second quarter of 2018, the Crown Prosecution Service (CPS) launched 107 proceedings under the previous Prevention of Corruption Act 1906, compared with only around 42 for all offences under the Bribery Act.

Under UK law, bribery and corruption may be charged under various other laws.  For example, misconduct in public office, a common law offence which carries a maximum sentence of life imprisonment, is said to be preferred by prosecutors in the UK in cases where a public official is involved.  Other notable legislation was the Fraud Act 2006[13] and, in respect of money laundering, the Proceeds of Crime Act 2002.  Furthermore, the Financial Conduct Authority (FCA) is also able to impose fines on regulated companies for lax procedures in relation to bribery and corruption, under the Financial Services and Markets Act 2000.



Individuals face up to 10 years in prison and unlimited fines.  Companies face unlimited fines, and would face forfeiture of any financial gain resulting from the illegal activity.  They can also be required to implement a formal anti-bribery programme (which might have saved them if they had had one, or one that worked).

One has also to bear in mind the reputational and business costs from the damage caused, loss of current and potential markets and customers, as well as the legal and other costs of defending an action, investigating matters and remedying shortcomings.

In addition, as already mentioned, the FCA is also able to impose fines on regulated companies for lax procedures in relation to bribery and corruption, under the Financial Services and Markets Act 2000.

The UK Government has also indicated that an individual or a corporation being found guilty under the Act could be expected to be debarred from access to public contracts, although this is purely a discretionary matter for a “failing to prevent” offence by corporations.

Despite the significant penalties available, early offences involved low-level offences and correspondingly modest penalties, none of which involved overseas bribery allegations.



The relevant offence of “failing to prevent” bribery is in section 7 of the Act –

A company or partnership failing to prevent bribery (under sections 1 or 6) committed anywhere in the world by a person performing services on its behalf and intending to obtain or retain business or a business advantage for the company/partnership unless adequate procedures were in place designed to prevent the bribery.

There is a defence for the commercial organisation to show it had adequate procedures in place to prevent persons associated with it from committing bribery offences.  The standard of proof for such a defence is the balance of probabilities.  The 2019 Parliamentary report concluded that it should be made clear in guidance that “‘adequate’ does not mean, and is not intended to mean, anything more stringent than ‘reasonable in all the circumstances’”.  It had been argued that “adequate procedures” was a higher bar than “reasonable procedures”, the standard for prevention of tax evasion offences under the Criminal Finances Act 2017.

Employees of the organisation are presumed to be acting on behalf of the organisation (unless the contrary is shown)[14], but actions of agents, “service providers”[15] and subsidiaries (including a foreign subsidiary) can also be taken to be actions on behalf of the organisation.

There is another defence available, but this is unlikely to be relevant to the business community[16], involving acting on behalf of the intelligence services or armed forces of the UK.

Thus, unlike previous legislation, the Act places strict liability upon businesses for failure to prevent bribes being given (active bribery) and the only real defence is that the business had in place adequate procedures designed to prevent persons associated with it from undertaking bribery.

It should be borne in mind that the adequate procedures defence is a defence to the offence of failing to prevent bribery.  It is not a defence to other offences which may be involved, but may be relevant, and at least provide mitigation, in respect of other offences where prosecutorial discretion is involved.



One thing that one notes when looking at assistance with anti-bribery controls is that there is seemingly no shortage of advice, guidance, and indicative red flags available to assist a conscientious company.  There are also specialist businesses available to help.  As explained, a non-governmental organisation (NGO) with an interest in combating corruption also offers extensive, and free to access, information.

The Act requires the Secretary of State to publish guidance on procedures that relevant commercial organisations can put in place to prevent bribery by persons associated with them[17] – this guidance was published in 2011 by the Ministry of Justice (MoJ).

Pointedly, it has been made clear by the UK authorities that while companies’ anti-bribery programmes may be compliant with the FCPA of the US this does not mean that it therefore also constitutes adequate procedures required under the Bribery Act, as the Bribery Act differs in several respects from the FCPA.

The requirements outlined in the UK-based guidance closely resembles the requirement in French law under Sapin II (see below), particularly in respect of the 8 requirements companies must follow in establishing their compliance programmes.

The UK-issued guidance came in two forms – a “Quick Start Guide[18]” of 9 pages, and a fuller 45-page version[19].

The Quick Start Guide stresses that –

  • there is a full defence if you can show that you had adequate procedures in place to prevent bribery – but you do not need to have such prevention procedures in place if there is no risk of bribery (so you have to undertake a proper risk assessment, and be sure that there really is no risk);
  • hospitality is not prohibited by the Act; and
  • facilitation payments were and remain bribes.

The Guide also sets out 6 principles to help you decide on what you might need to do –

  1. proportionality;
  2. top-level commitment;
  3. risk assessment;
  4. due diligence;
  5. communication; and
  6. monitoring and review.

Expanding each of these 6 principles slightly, we see a need –

  • that action you take should be proportionate to the risks faced – you would need to do more if a large organisation with overseas markets;
  • for top-level commitment from the top of the organisation;
  • for a proper, thorough (and ongoing) risk assessment – especially when entering into new business arrangements and/or new markets;
  • for satisfactory due diligence on who one is dealing with;
  • to ensure your policies and procedures are known to all your staff, agents, representatives etc; and
  • for ongoing monitoring and review of your policies and procedures, your business arrangements, customers, markets –

you would also obviously need to be aware of developments in anti-bribery laws, requirements and trends, not only in the UK and the markets you are involved in, but also where other countries’ laws might affect you (here, of course, we are primarily thinking about the US), or action and reports from organisations such as the EU, UN and World Bank[20].

The MoJ guidance says that while policies, monitoring and necessary due diligence are essential, controls should be proportionate to the size and risk-exposure of the business.

For example, it says that a business only has to think about doing due diligence on persons who will actually perform services for the company, or on its behalf.  Someone who simply supplies goods to the company is unlikely to do that.  It is very unlikely, therefore, that one would need to consider doing due diligence on persons further down a supply chain.  The extent and depth of due diligence required will be decided by the outcome of a risk assessment.

It is said in the guidance that it was not the intention of the UK Government to prevent genuine business hospitality that is “reasonable and proportionate”, saying that, for example, providing clients tickets to sporting events, buying them dinner and offering (reasonable) gifts and travel expenses would be permissible, again if “reasonable and proportionate” for your business.

However, the guidance also makes very clear that hospitality and reasonable and proportionate gifts etc is not to be seen as cover for facilitation payments, which it defines as “payments to officials to perform routine functions which they are otherwise obligated to perform”.  These, it says, are simply bribes.

Legally-required (and genuine) administrative charges, or additional payments for “fast track” services, would not be regarded as facilitation payments.

As regards payments permitted by the written laws of the country in question, these are permissible in the case of foreign official, and in other cases are a factor to be taken into consideration in determining whether acting “improperly”.

The fuller UK guidance includes an Appendix containing a number of case studies designed to demonstrate how the 6 principles mentioned above might be involved in some real-life situations.

For example, one case study deals with how a company might seek having anti-bribery prevention procedures included in any joint venture with another company, with binding commitments on the part of both parties, to protect both.

Another case study is concerned with how one might assess and take onboard a foreign agent – with thorough research of the prospective agent and all those identified as having some control over the affairs of the agent, and verifying any information obtained from questioning of the would-be agent, and not just taking their word at face value.  One should also call for evidence of the prospective agent’s own anti-bribery policies.  As with other risk assessment and due diligence aspects, monitoring of any agent should be seen as an ongoing process, and not a one-off.

For all aspects of a defence arrangement, whether for the business itself, or for any agents, subsidiaries, joint ventures etc, it is self-evident that it is essential that you document your compliance activities, including risk assessments.  This will –

  • demonstrate commitment to combating corruption;
  • facilitate any potential cooperation with authorities;
  • help establish and prove possible legal defences, should these become necessary; and
  • demonstrate compliance to any actual or potential business partners.

Furthermore, whilst complacency has to be avoided, ensuring that you have done as much as you possibly could have reasonably done must provide some peace of mind – at least allowing you to concentrate more of your attention on the very many other problems you might have to face.

In another example of freely available guidance online, in 2018 Lockheed-Martin produced guidance on “red flags”[21], which it describes as a fact, event, or set of circumstances, or other information that may indicate a potential legal compliance concern for illegal or unethical business conduct, particularly with regard to corrupt practices and non-compliance with anti-corruption laws; and may be indicators of potential current or future anti-corruption non-compliance.

It divides its Red Flags into 5 categories –

  • poor reputation – of the country, party or type of transaction involved; including a willingness to violate local law or policy;
  • ties to government and/or public officials;
  • questionable or unusual circumstances – including reluctance to agree to, or cooperate in, anti-bribery or due diligence controls, inconsistencies or apparent misrepresentations;
  • unusual compensation and questionable accounting and invoicing;
  • insufficient capabilities – such as where the other party is not expected to perform substantial work for the compensation involved, or it lacks the staff, facilities, experience or expertise to perform substantial work; or is a shell company or there is vagueness over how it will carry out its role.

In 2016, law firm Ropes & Gray produced an article highlighting what it had identified as then the top 10 red flags in respect of Latin America[22].  These, it said, related to the FCPA and the enforcement actions undertaken by the US Securities and Exchanges Commission and Department of Justice for conduct occurring in the region.  The top 10 were as follows –

  • inadequate supporting documentation – highlighting the need for transactions to be supported by complete documentation;
  • misreporting and misclassifying of payments;
  • transactions lacking a business purpose – such as the provision of benefits to non-employees without a legitimate business purpose;
  • off-the-books records and transactions – which can involve inflated sales, fictitious accounts (or employees, agents or consultants) etc;
  • pricing discrepancies – such as where prices do not match previous written agreements, and where large discounts, premium charges, or commissions might be used for bribes (or equally could be evidence of trade-based money laundering, like some or all of the other red flags);
  • overriding of internal controls after all, an effective compliance programme is only as strong as the response of and adherence by company management;
  • inadequate screening of third parties;
  • failure internally assess compliance programmes – such as having a “tick box” or “that will do” attitude perhaps;
  • an inadequate internal control programme – which, even if enforced and maintained, does not adequately take into account and mitigate the risks faced; and
  • the use of shell companies.

In 2014, Transparency International produced guidance on “adequate procedures”, and a useful and helpful checklist for assessing if an organisation has the necessary and sufficient adequate procedures in place[23] – covering such things as senior management and boardroom buy-in, human resources, risk assessment, policies and procedures, facilitation payments, expenses, gifts and hospitality, political and charitable contributions and sponsorship.

It also covers vital areas such as training and communication channels within the organisation, as well when dealing with subsidiaries and outside persons and organisations, agents and the like.

Transparency International in the UK had also produced a series of online documents intended to help businesses cope with the requirements of the Bribery Act[24].  These dated from the 2010s.  As well as “adequate procedures” guidance and checklist in 2014, there was also, in 2013, guidance for carrying out an effective bribery risk assessment[25].  The latter included another checklist, as well as a sample completed version as an illustration of how it might be used.

As the Transparency International guidance explains, risk management models generally identify two key variables which play a role in the evaluation of risk –

  • the likelihood (or the probability) of the occurrence involved; and
  • the likely impact if it does occur.

The likelihood or probability is chiefly driven by the presence of “risk factors”, and the more significant and/or numerous the risk factors associated with a particular activity, the higher the probability that something adverse might occur.

The “risk factors” are characteristics or circumstances which will tend to increase the risk that bribery might occur.  They do not describe how bribery might occur, but rather why bribery might occur and how likely it is to do so.  Some risk factors may apply to more than one – and possibly all – areas of risk.  For example, a general culture of corruption in a particular location is likely to elevate the risk associated with many, if not all, business activities carried out in that location -thereby raising the risk levels for all the activities across the board.

Of course, one has to decide what weight to give to each of the various risk factors, so that one can properly assess which areas or activities carry the greatest risk.

Then again, the area with the highest risk rating might have the lowest impact, whereas an area with a lower risk rating could have much greater impact on the business.

Therefore, one has to assess and give weight to the impact of each risk factor.  The financial, legal, regulatory, commercial and reputational fallout from one or more bribery allegations will be difficult to predict.

When one has satisfactorily assessed risk factors and their impact, the next question is what can one do to mitigate the risk.  One would probably try to target to target the greatest risks and those with the greatest potential impact.

Transparency International argues that, in the context of bribery, there is an argument to giving greater weight to the potential impact than probability of the risk occurring.  However, if there is a high probability of the risk factor, then there must be an argument that one would be seen to be failing in due diligence if one did not do what one could to prevent or mitigate the risk.

After the risk assessment has been carried out, and one has moved on to putting in place a plan to prevent or mitigate the identified risks, the key next steps are likely to be planning and putting into action an appropriate response to the risk assessment.  This would involve –

  • mapping the risks on to existing controls the business should have in place (for example, to prevent fraud, identify exposure to money laundering, etc);
  • identifying gaps in the existing controls in terms of those risks not adequately addressed (or even that were previously not identified);
  • designing and implementing appropriate remedial actions;
  • putting in place follow-up, monitoring and enforcement processes; and
  • reporting by the compliance official(s) to senior management and/or the board on the operation of the controls.

It is essential – for the anti-bribery controls to be worth the time and effort involved, and for them to have some practical use as a “defence” in the event of any legal problems – that the controls be real, and not just box-ticking or window dressing.  It is a key management responsibility to monitor the effectiveness of the programme in mitigating the risk of bribery, and part of this responsibility is to ensure that there is effective implementation of the policies and procedures laid down.

Remedying identified gaps and shortcomings might involve increased training and awareness-raising for staff, agents, associates etc.  Transparency International recommends obtaining confirmation from time to time from employees (and/or third parties) of awareness of, and compliance with, policies and procedures and their requirements.

High-risk areas and transactions could or should be subject to appropriate monitoring, with review and audit of high-risk transactions.

It is essential (both to protect the business, and to ensure that procedures are seen as being “adequate”) that there are robust responses to any allegations of bribery or other non-compliant behaviour.

For a defence of adequate systems to be seen as realistic the culture within the company, and the attitude of the senior management and boardroom, must be taken into account in any assessment made of the business by a regulator or law enforcement.  In other words, the compliance programme must be more than just a box-ticking exercise, or simply paying lip service to the requirements.

While it is acknowledged that there are practical limits to the extent to which an organisation can control the conduct of third parties, setting the right framework through the imposition of appropriate contract clauses will greatly assist.  Again, in the event of any future legal complications, if one can show that the business has in place genuine and effective controls then the business is in a much better position to defend itself.

In 2017, the Wolfsberg Group[26] produced updated Anti-Bribery and Corruption (ABC) Compliance Programme Guidance for banks[27], replacing the previous 2011 publication.  The publication is designed to also provide guidance to the broader financial services industry on how to develop, implement and maintain an effective ABC Compliance Programme, and should be read in conjunction with applicable guidance issued by authorities in the jurisdictions in which a financial institution is conducting business.  The guidance called for a risk-based approach.

There also exists an international standard, ISO 37001[28], launched in 2016 and which specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system.  The system can be stand-alone or can be integrated into an overall management system.  It covers both the giving and acceptance of bribes, and its provisions are designed to be generic and intended to be applicable to all organisations (or parts of an organisation), regardless of type, size and nature of activity, and whether in the public, private or not-for-profit sectors.  One obvious advantage of the use of ISO 37001 is that it can be certified by accredited outside bodies, thus providing a degree of comfort to both the regulators/law enforcement and the company itself.  It is said to be designed to be capable of being integrated into existing management processes and controls, including those for quality standards, environmental control etc[29].

A large number of situations and occurrences can be seen as “red flags” that might indicate the existence of bribery or corruption, these would include –

  • a request for payment in cash or in kind;
  • payments without a full or proper invoice or receipt, or with their nature misdescribed;
  • inaccurate or incomplete records;
  • an agent or intermediary with close connections (or a family relationship) to those in positions of power or influence in the destination, and/or including a politically-exposed person (PEP);
  • evidence of lavish or unreasonable gifts, entertainment, travel or expenses being provided;
  • a refusal of a third party to provide reasonable and necessary information to undertake due diligence;
  • the discovery of information inconsistent with information provided by a third party;
  • the transaction or a third party is in a country known for widespread corruption and listed as such in reputable indices such as published by Transparency International;
  • a third party has a history of improper payment practices, has a poor business reputation, or has been subject to criminal enforcement actions or civil actions for acts suggesting illegal, improper or unethical conduct;
  • a third party does not have in place an adequate compliance programme or code of conduct, refuses reasonable requests to examine or test it or refuses to adopt one;
  • information provided about the third party, its services or principals is not verifiable;
  • the third party previously worked in the government at a high level, or in an agency relevant to the area of business involved;
  • the third party is a company with an owner, major shareholder or executive manager who is also an official;
  • the third party has (or is believed to have) an undisclosed beneficial owner;
  • a government official requests, urges, insists, or demands that a particular party, company, or individual be selected or engaged;
  • the third party makes large or frequent political contributions, or provides lavish gifts or hospitality to government officials;
  • the third party insists on dealing with government officials without the participation of the company;
  • the third party lacks experience or a “track record” with the product, service, field, or industry;
  • the third party does not have offices or a staff, or lacks adequate facilities or staff, to perform the work;
  • an address is a mail drop location, virtual office, or small private office that could not hold a business the size that is claimed;
  • the third party has not been in business for very long or was only recently incorporated and/or has an unorthodox corporate structure;
  • a third -party provides references which, when taken up provide evasive answers or cannot be contacted at all;
  • the third party has poor financial statements or credit.
  • the third party’s plan for performing the work is vague and/or suggests a reliance on contacts or relationships;
  • requests for an unusual advance payment;
  • any fee, commission, or volume discount provided to the third party is unusually high compared to the market rate;
  • a compensation arrangement is based on a success fee or bonus;
  • an offer to submit or use of inflated, inaccurate, or suspicious invoices;
  • a third party requests an invoice to reflect a higher amount than the actual price of goods provided;
  • invoices which use vague descriptions of the services provided;
  • requests for cash, cash equivalent, or bearer instrument payments;
  • requests for payment in a jurisdiction outside the home country that has no relationship to the transaction or the entities involved in the transaction – especially if the country is an offshore financial centre;
  • requests that payment be made to another third party or intermediary;
  • the proposed the use of shell companies;
  • requests that payments be made to two or more accounts;
  • a third-party shares compensation with others whose identities are not disclosed;
  • requests for an after-award services contract that a third party does not have the capacity to perform;
  • requests that a donation be made to a charity;
  • a refusal to properly document expenses;
  • pressures on the company to make the payments urgently or ahead of schedule;
  • requests for a large up-front payment;
  • payment arrangements that raise local law issues, such as payment in another country’s currency;
  • a refusal to agree to comply with relevant anti-corruption legislation, anti-money laundering laws, or other similar laws and regulations;
  • a refusal to evidence past compliance with anti-corruption legislation, AML laws, or other similar laws and regulations;
  • a third-party refuses to execute a written contract, or requests to perform services without a written contract where one is sought;
  • a third party insists that its identity remain confidential or that the relationship remain secret;
  • a refusal to divulge the identity of its beneficial owners, directors, officers, or other principals;
  • a refusal to answer due diligence questions;
  • a refusal refuses to allow audit clauses in contracts;
  • any suggestion by a third party that anti-corruption compliance policies need not be followed;
  • any suggestion by the third party that otherwise illegal conduct is acceptable because it is the norm or customs in a particular country;
  • suspicious statements such as needing payments to “take care of things” or “finalize the deal”;
  • the type of representation proposed is illegal under local law;
  • the alleged performance of the third party is suspiciously higher than competitors or companies in related industries;
  • guarantees or promises of unusually high rates of return;
  • a third-party requests approval of a significantly excessive budget or unusual expenditures;
  • expense claims and reports or petty cash payments are made and contain insufficient documentation and evidence;

Also, one should ask yourself have you –

  • checked litigation records, bankruptcy and insolvency records?
  • conducted thorough media checks in the local language?
  • checked for regulatory breaches (e.g. major health and safety violations, environmental issues, poor labour practices)?

Media searches need to be much more just a cursory use of Google, more in-depth checks are required and data-mining has been recommended by some experts.

Furthermore, as with anti-money laundering (AML) controls, anti-bribery due diligence checks should not  be seen as just a one-off exercise, but an ongoing one, with a compliance programme providing for repeated or continued checks or monitoring, particularly should any parties or circumstances change.

It also seems to go without saying that, if one takes over a new business, or takes on an existing supply of goods or services, that one of the steps taken should be to extend one’s compliance programme to the new business – and to carry out necessary due diligence to the people, organisations, markets and products involved.  However, one has seen cases in the US, where corporations have faced penalties for failures of businesses (such as for sanctions violations) which they have acquired.



As with AML, the appointment of suitably qualified and senior staff with responsibility for anti-bribery compliance would appear a sensible move.  It is recommended that those in charge of such oversight should be autonomous from management and should have sufficient resources and seniority or authority to ensure the policies and procedures are implemented correctly.

You may, of course, choose to outsource some or all of your compliance to a third party – and it goes without saying that your due diligence checks on such an associate must be as good as, or better, than for any other third party.

Even if making use of a third party to undertake some of the compliance process, it remains important for the business to maintain its own internal compliance programme, the functions of any such third party being incorporated into it.

Th choice of a suitable due diligence provider involves a number of considerations for the business[30], looking at what and how the third party may assist, including such things as –

  • timeliness – are the results notified in a timely manner?
  • completeness – are the checks undertaken sufficient to provide peace of mind and capable of being seen as “adequate”?
  • accuracy of the checks undertaken;
  • the technology used – data-mining, use of AI;
  • available languages – in the language of the customer, destination etc, as well as in English and/or businesses’ home language;
  • justification of price versus value to the business;
  • ongoing monitoring and reporting of new data; and
  • customer service and response times if issues are found.



Those bodies which might be involved in investigating acts of bribery include local UK police forces, the City of London Police (where more complex financial activities are involved), and the National Crime Agency (NCA) – which has a dedicated International Corruption Unit, when a case is national in scope or connected to organised crime.

The CPS is primarily responsible for prosecuting cases, while the Serious Fraud Office (SFO) undertakes both the investigation and prosecution of the largest and most complex cases.

In addition, the regulator the FCA has its own, separate responsibilities and powers, and, as already mentioned, is also able to impose fines on regulated companies for lax procedures in relation to bribery and corruption.



In 2014, the Sentencing Council in the UK issued guidance[31] on sentencing for Bribery Act offences, saying that they were “triable either way”[32], and while the maximum custodial sentence was 10 years, the recommended range of sentences was from discharge[33] to 8 years’ custody.  The guidance set out the types of aggravating and mitigating factors a judge could take into account – factors that could lead to an increased or reduced sentence.

In 2017, the UK published its AML/CFT National Risk Assessment[34], required in advance of a mutual evaluation assessment by FATF.  This made repeated mention of money laundering threats affecting the UK and flowing from international corruption (though “bribery” as a specific term was mentioned only twice, in case studies).  Notably perhaps, “wealth management” and PEP were 2 areas linked to corruption risks, and the acquisition of UK (particularly using “overseas” companies[35]) property with funds that included the proceeds of international corruption.

In September 2019, the CPS and the Director of the SFO published joint guidance on prosecutions under the Bribery Act 2010[36].  This sets out the approach to prosecutorial decision-making in respect of offences under the Act.

Interestingly, the CPS/SFO guidance includes prominently a paragraph saying that “prosecutors dealing with bribery cases are reminded of the UK’s commitment to abide by Article 5 of the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions”.  It goes on to quote said Article 5 –

Investigation and prosecution of the bribery of a foreign public official … shall not be influenced by considerations of national economic interest, the potential effect upon relations with another State or the identity of the natural or legal persons involved“.

How much notice is taken of this statement may be open to doubt in view of past events.  Indeed, the guidance goes on to say that a prosecution will usually take place unless the prosecutor is sure that there are public interest factors tending against prosecution which outweigh those tending in favour – though the factors cited do not include the country’s economic interests.

Good news is that the guidance also prominently says that a factor against a prosecution is that there has been a genuinely proactive approach involving self-reporting and remedial action.

In 2018, the House of Lords Liaison Committee decided to recommend the setting up of a Committee for post-legislative scrutiny of the Bribery Act, it being felt that enough time had passed for a decent assessment of its performance had elapsed.  The House of Lords accepted that recommendation, and the Bribery Act 2010 Committee was set up in May 2018.

The Liaison Committee recommended that the new Committee should in particular consider:

  • whether the Act has led to a stricter prosecution of corrupt conduct, a higher conviction rate, and a reduction in such conduct;
  • whether, as the Confederation of British Industry and others warned, UK business have been put at a competitive disadvantage in obtaining foreign contracts because conduct which was lawful under equivalent foreign legislation might be unlawful under the stricter provisions of the Bribery Act;
  • whether SME were sufficiently aware of the provisions of the Act; and
  • consider Deferred Prosecution Agreements (DPA)[37] as they affect bribery[38], and how DPA have affected the conduct of companies both to prevent corrupt conduct, and in the investigation of such conduct once it is discovered to have occurred.

The Bribery Act 2010 Committee report was published in March 2019[39].  It followed 9 months of scrutiny by the Committee, including consideration of written and oral evidence from government ministers, departments, law enforcement, and the private sector.

As already mentioned, the Committee commented on the extreme difficulty in prosecuting large corporates for the substantive offences of bribery because of the existence of the “identification principle” in English corporate law.

One of the matters considered by the Committee was what role the suspicious activities report (SAR) system in the UK played in the detection of bribery.  The Committee put this question to the NCA, asking how many cases had been detected in this way.  The NCA confirmed that SAR provided a “valuable source of intelligence for law enforcement agencies”, and that they contribute to tackling “a range of threats, including bribery”.  However, the NCA did not provide any figures or examples of situations in which an incident of bribery had been detected through the SAR regime.

The Committee also found that there was no centralised mechanism for reporting bribery, and the City of London Police[40] told the Committee that there is “no single law enforcement or intelligence body within England and Wales [which] leads on routinely receiving information relating to bribery and corruption activity”, and it is “not clear to the public who corruption and bribery should be reported to”.

However, the Committee noted that the Home Office had committed to launching a new reporting mechanism for allegations of bribery and corruption, in line with the Government’s Anti-Corruption Strategy, and was investigating the options.  The Government’s first annual update on its Anti-Corruption Strategy, published in December 2018, described this as an ongoing commitment, with scoping work having been undertaken during the course of the year.

On DPA, the report declined to deal with the clear inconsistency between DPA involved in the Rolls-Royce and Tesco cases and the SFO failure to successfully prosecute individuals in either case, merely concluding that DPA are largely effective in encouraging companies to self-report and that, when used appropriately, are not an “easy way out” (for either side), and not a substitute for successful prosecution.

In its comment on the report, law firm Wilmer Hale said[41] that the outcome of the case of SFO and Tesco Stores Lts suggests that the DPA regime was not drafted with sufficient sensitivity to the potential criminal liability of individuals affected by the company’s DPA.  You had the situation where the DPA, and its inherent statement of facts, stood even when the individuals in question had been acquitted at the direction of the trial judge on the ground that there was no case to answer – inevitably begging the question of the fairness of the situation for those implicated, and if no-one was guilty of wrongdoing who had in fact done wrong.

The OECD Convention (and 2009 Recommendation) involves an inspection process by the Working Group on Bribery.  The most recent evaluation report, revealed that in 2017, expressed continued concern over cooperation between enforcement agencies in respect of corruption, and a follow-up to that report in 2019[42] revealed that the UK had fully implemented 16 recommendations, partially implemented 18 recommendations, and not implemented 10 recommendations.  In the report, the Working Group noted that efforts were underway in a number of areas – notably to enhance detection of foreign bribery through certain key government agencies or whistleblower protection, to engage with the Crown Dependencies[43] and British Overseas Territories on foreign bribery-related issues, and it encouraged the UK to continue to pursue these efforts.

However, the Working Group also expressed regrets that no steps had been taken to address long-standing recommendations to ensure the independence of foreign bribery investigations and prosecutions, or to enhance detection through AML-reporting mechanisms.  It also noted that, despite an increased level of enforcement of foreign bribery laws, the total number of finalised and ongoing cases relative to the size of the UK economy remained relatively low, with only 3 cases concluded since 2017[44].

In 2019, the UK Government announced the launch of a comprehensive Economic Crime Plan, intended as a 3-year plan to tackle economic crime, including strengthening its AML controls and revisions to the SAR (STR) submitted to the FIU in the UK.  The Criminal Finances Act 2017 had provided the UKFIU with new powers, including the authority to direct reporting entities to disclose additional information.

The UK Government had launched its “Flag it Up” campaign[45] in 2017, working with the accountancy, legal and property sectors to promote best practice in AML compliance and the reporting of suspicious activity.  The OECD Working Group on Bribery had welcomed the campaign to raise awareness about some red flags that may relate to foreign bribery, but notes that it only targets a limited number of reporting entities (solicitors, accountants and real estate agents) and is not tailored to specifically detect foreign bribery.

The UK Government has also launch ed the Government Counter Fraud Profession (GCFP) programme[46], described as a structure for counter-fraud (including anti-bribery) specialists working in central government and which aims to bring the counter-fraud community together under a common set of standards and develop that community as they protect public services and fight economic crime.  It is intended to raise the profile of such activity and the complex, evolving skill sets required to do it, whilst setting consistent counter fraud standards across the government.

In December 2019, the UN Office on Drugs and Crime (UNODC) Civil Society Team, in partnership with the UK Prosperity Fund of the FCO, held a special event[47] to showcase the work and testimony of civil society anti-corruption champions through their participation in 4 UNODC regional platforms to fast-track the implementation of the UN Convention.  The platforms cover Latin America, Southern Africa, Eastern Africa and SE Asia.  This was said to emphasise the valuable contributions that civil society organisations (CSO) make in contributing to a meaningful review of the Convention through the recently-established regional platforms, through monitoring of a country’s performance and establishing (or re-establishing) collaborations with governments in the fight against corruption.  Over 100 CSO were involved in the platforms (including 23 in Latin America).



As already mentioned, the Bribery Act 2010 itself did not apply directly in the Crown Dependencies.  However, in 2013, the Isle of Man enacted its own version[48], mirroring the UK model.  Like the UK Act, the Isle of Man version encompassed offences committed outside the Island by a “resident of the Island”[49].

Jersey has a law dating from 2006, i.e. preceding the UK’s Bribery Act, but which, like the UK Act, replaced a mix of previous common law provisions and statute law.  However, it should be remembered that the UK Act potentially has extraterritorial reach in Jersey and is said to have done much to shape practice and approach in Jersey.  In large part it seems that the Jersey law was intended to enable Jersey to play a full part in international efforts to combat the problem of bribery of foreign officials, and thus meet its commitments under the OECD Convention etc.

However, an important fact to note is that the Jersey law contains no specific statutory defences; and there is no equivalent in Jersey of the adequate-procedures defence in the UK Bribery Act.  Similarly, there are no provisions in the Jersey law for plea-bargaining, deferred prosecutions or the like.

Guernsey’s law on bribery dates from 2003[50], and like the Jersey law, was also introduced, in large part, to ensure compliance with the OECD Convention and other international commitments.  As with the other Crown Dependencies, the UK Act also has some effect in Guernsey, it applies to the activities of natural and legal persons with a close connection with the UK, which includes all British citizens (which the British people in the Crown Dependencies remain)

In Australia, a bribery offence[51], largely similar to that under the UK Bribery Act, can be committed where the conduct occurs in Australia, or on board an Australian aircraft or an Australian ship.  It also applies to conduct outside Australia where, at the time of the alleged offence, the person who is alleged to have committed it is an Australian citizen, a resident of Australia, or a body corporate incorporated by or under a law of the Commonwealth or of a State or Territory. The offence applies regardless of the outcome or result of the bribe or the alleged necessity of the payment, and whether or not the alleged offender intended to bribe a particular foreign public official.  A factsheet on foreign bribery is available online[52].

In Canada, the Corruption of Foreign Public Officials Act (CFPOA) aims to discourage companies from engaging in corrupt acts abroad and implements the UN and OECD Conventions in Canadian law.  Recent amendments have increased the maximum penalties under the Act and established accounting provisions comparable to the FCPA, increasing the anti-corruption compliance demands for companies.

The Act applies to bribery of foreign public officials when the offence is committed in whole or in part within Canada and to offences committed outside Canada by a Canadian citizen, permanent resident, or an entity organised under Canadian law[53].

Canada has announced its intention to eliminate the facilitation payments exception under the Act – where payment is permissible for expediting the performance of routine government actions (obtaining permits, processing government documents, police protection, mail and utility services) – but no date for the implementation of this amendment has been announced.

The German Penal Code applies to individuals – not companies – and makes it illegal to offer, pay or accept a bribe.   However, companies can be held civilly liable and face fines of up to €10 million and unlimited confiscation of all “economic advantages” obtained through bribery.   The civil provisions include corruption offences committed by a company’s representatives, and thus implementing effective compliance systems makes good business sense as doing so helps ensure companies avoid breaching German law.

In France[54], the so-called Sapin II law requires companies to evaluate their corruption risks through risk mapping and adequate due diligence of third parties, as well as ensuring training and awareness of employees and third parties, and the establishment of internal controls (including for whistleblowers[55]) – with the law setting out 8 measures they must follow for their compliance programme –

  1. the company must develop and implement a code of conduct;
  2. establish an internal whistleblower system;
  3. develop a risk assessment of the company’s exposure to corruption risks;
  4. assess of third-party risks (from clients, intermediaries, providers, etc.) based on the risk assessment developed;
  5. establish accounting controls to ensure that the company’s books and accounts are not concealing violations such as bribery, gifts or other dubious expenses;
  6. have a compliance training programme that targets senior management, managers and employees most exposed to corruption risks;
  7. establish disciplinary sanctions to be applied in cases where the company’s own code of conduct has been breached; and
  8. set up an internal control programme to evaluate and monitor the effectiveness of company compliance.

 Sapin II also provided for the establishment of the French anti-corruption enforcement agency, the Agence Française Anti-Corruption (AFA), consisting of magistrates from various French institutions and operating under the French Minister of Justice and the Minister of Budget.



In the UK, early convictions following the coming into force of the Bribery Act were either prosecutions under the legislation replaced, or for purely domestic and relatively small-scale cases.  Even in its 2016-17 annual report, the City of London Police were reporting the first bribery convictions for providing customer data from insurance companies and relating to so-called ‘crash for cash’, with guilty verdicts for 6 solicitors and accomplices who orchestrated the insurance frauds.  Although valuable on a domestic front, and important to those affected, such cases had little meaning in the perspective of countering international bribery and corruption.

During 2019, in the US, 14 companies paid a record $2.9 billion to resolve FCPA cases – an amount said to include settlements with the DoJ or SEC or both[56], and with several big name, household names, involved.  It cannot be said that the Bribery Act in the UK is being seen to have the same impact.


Ray Todd

14 January 2020


[1]  Public Bodies Corrupt Practices Act 1889, the Prevention of Corruption Act 1906 and the Prevention of Corruption Act 1916 (known collectively as the Prevention of Corruption Acts 1889 to 1916).

[2]  Including bodies corporate, Scottish partnerships (which have legal personality) and other partnerships.

[3]  Anguilla, Bermuda, the British Antarctic Territory (BAT), the British Indian Ocean Territory, BVI, Cayman Islands, Falkland Islands.

[4]  The Nolan Committee’s Report on Standards in Public Life in 1995 (Cm 2850I), set up in response to concerns about unethical conduct by those in public office, and Law Commission proposals for reform of bribery in a 1998 report (Legislating the Criminal Code: Corruption, Report No. 248).  The Law Commission published its second report Reforming Bribery (Report No. 313) on 20 November 2008.


[6]  The OECD Recommendation for Further Combating Bribery of Foreign Public Officials in International Business Transactions – containing an agreement to put in place new measures to reinforce efforts to prevent, detect and investigate foreign bribery:




[10]  Which can be public international law or local law.

[11] Might this be said to have been illustrated in the Tesco case?


[13]  Fraud by abuse of position.

[14]  That is to say, a rebuttable presumption.

[15]  An “associated person” under the Act.

[16]  The defence involves the proper exercise of any function of a British intelligence service, or the proper exercise of any function of the British armed forces when engaged on active service.




[20]  The World Bank regularly “de-bars” companies and individuals from participation in projects it funds, listing those which have been sanctioned under the Bank’s fraud and corruption policy.  The current list of those debarred is at:



[23] The UK branch also runs training programmes and has designed a number of services to help organisations to improve their anti-corruption capabilities.



[26]  The Wolfsberg Group consists of the following financial institutions: Banco Santander, Bank of America, Bank of Tokyo-Mitsubishi UFJ, Barclays, Citigroup, Credit Suisse, Deutsche Bank, Goldman Sachs, HSBC, JP Morgan Chase, Société Générale, Standard Chartered and UBS.




[30]  In January 2020, The Red Flag Group produced a White Paper on “How to Buy Due Diligence”:


[32]  Meaning they could be tried by summons, on in a jury trial on indictment.  In England and Wales, the defendant can opt for trial by jury for such offences.

[33]  Where the court records a conviction but, on the basis of the evidence heard, decides to impose no sentence by way of fine or imprisonment, with the discharge capable of being absolute or conditional.


[35]  Which would include those in the Crown Dependencies and Overseas Territories.


[37]  The first DPA was announced in November 2015.

[38]  DPA were created by the Crime and Courts Act 2013, and apply to many crimes other than bribery, but to date their main application has been to bribery offences.


[40]  The UK National Policing Lead for Economic Crime.



[43]  Jersey, Guernsey and the Isle of Man.

[44]  Involving the conviction of 12 individuals, with 9 acquittals, 1 civil recovery order for an individual, and 1 conviction of a company.





[49]  A resident of the Island means – (i) an individual who is ordinarily resident in the Island; or (ii) a body corporate or partnership that is incorporated or formed under the laws of the Island (section 18(4)(b)).


[51]  The offence of bribing a foreign public official is contained in section 70.2 of the Criminal Code Act 1995.




[55]  The whistleblower requirement is wider than just for bribery and corruption, as it covers all crimes, offences, and violations of international law. It applies to legal persons, both private and public, with more than 50 employees.