Panama Covid-19 update – in time to catch the daily news conference today, with another 1,028 new cases (the second day over 1,000 in a single day), taking us to 31,686 in total. Another 12 fatalities take the total to date to 604.  La Prensa reports that the patients who had died were aged between 14 and 94 years and had risk factors such as tuberculosis, high blood pressure, diabetes, malnutrition, thrombosis, age, among others. 140 people remain in the ICU, with 712 in other wards. Yesterday “only” 753 new cases were reported, but there were 17 fatalities (which may explain why the numbers in ICU is lower than 2 days ago).

28 June 2020


Zee News in India on 28 June carried an article detailing claims that a government office in Pyongyang hosts something known as ‘Office 39′, involved in activities like drugs manufacturing and trafficking, counterfeiting, gold smuggling, arms dealing and slave labour.  It is claimed that all the money that the Kims’ spend to buy fancy stuff comes from Office 39.



The East African on 28 June reported that Rwanda has launched a new mineral export certificate to curb allegations of smuggling of precious metals from the DRC – for all minerals not usually covered by the International Conference on the Great Lakes Region (ICGLR) export certificate. It therefore now has 2 different mineral export certificates.



On 28 June, NHK World and others reported that Japan will impose heavy penalties on those smuggling meat products into the country in a bid to keep the African swine fever (ASF) at bay.  Meanwhile, the presence of sniffer dogs will be increased across airports and other facilities to bolster the detection of the contraband. Around 140 canines, or 2.6 times the current level, will be deployed at border checkpoints until the end of March 2021.




Stuff on 28 June reported that stricter rules at the border are designed to help snuff out cigarette smuggling and tobacco tax evasion. Tobacco products, leaf and refuse will become prohibited imports, meaning importers will require a permit or it will be seized and destroyed.



On 26 June, an article in Defence Web reported that the Islamist insurgency in northern Mozambique’s Cabo Delgado is becoming increasingly well-coordinated and militant, escalating to levels never predicted by the Mozambican state. The resulting response by the Mozambican government has been insufficient, according to a panel of experts, and in some ways is making the situation worse.



On 28 June, Coin Telegraph reported that  Sergey Medvedev, 33, a Russian national (aka “Stells,” “segmed,” and “serjbear”)  behind the cybercriminal enterprise Infraud Organization has pleaded guilty to racketeering conspiracy in the US, due to his role as a co-founder and admin of the dark web-based carding portal which generated profits over $568 million. He is said to have been involved in an organization created in October 2010 by a Ukraine national, Svyatoslav Bondarenko.



Boston.com carried an AP report on 28 June saying that a woman burned down her $1.6 million suburban Fort Worth mansion while trying to destroy documents from her husband’s health care clinic as authorities were investigating the couple for fraud, prosecutors allege. Her husband, Mark Kuper operated the Texas Center for Orthopedic and Spinal Disorders, with clinics in Fort Worth and Weatherford. The couple and a therapost allegedly submitted $10 million of false claims to Medicare, Medicare or TRICARE, which covers military members and their families, for services they didn’t performed.



On 28 June, the Washington post reported what it described as a basic money laundering loophole that has been known about for decades: the ability to own and control US shell companies without having to disclose their true ownership. It says that US shell companies are used for money laundering in transnational corruption cases more often than those of any other country — including notorious tax havens.  But, it says, the problem assumes a new urgency as US policymakers contemplate a protracted struggle with China.



In its 29 June edition, the Indian Express reported that the  Enforcement Directorate has registered 2 new money laundering cases against Winsome Diamonds and Jewellery Ltd and its former promoter Jatin Mehta, who left India in 2013 and became a citizen of Saint Kitts and Nevis.  It is said that Winsome Diamonds and its subsidiaries owe nearly Rs 10,000 crore, including interest (about $1.3 billion), to a consortium of 15 banks led by Standard Chartered and Punjab National Bank (PNB). Winsome Diamonds and Mehta are being investigated by the ED, CBI and Serious Fraud Investigation Office (SFIO). The company has now been referred to the bankruptcy court for liquidation.









If you would like to say thanks by making a small contribution, in case I need to upgrade or replace my computers and other paraphernalia, I have a page at https://www.buymeacoffee.com/KoIvM842y





On 15 June, the Global Initiative Against Transnational Organised Crime described t a “Triangle of vulnerability” for illicit trafficking is emerging as a key geographic space along Africa’s eastern seaboard – the Swahili coast. At one apex of this triangle is Zanzibar, another apex is northern Mozambique, and the final apex of the triangle is out to sea: the Comoros islands.  It says that the Comoros is not yet a major trafficking hub but are uniquely vulnerable as illicit trade continues to evolve along the wider Swahili coastal region. These 3 apexes are linked by illicit economies and trade routes which take little heed of modern political boundaries. It refers to not only drug trafficking, but also wildlife and timber trafficking – with human trafficking as well.




If you would like to say thanks by making a small contribution, in case I need to upgrade or replace my computers and other paraphernalia, I have a page at https://www.buymeacoffee.com/KoIvM842y


The following are essentially speaking notes that were prepared for a talk earlier this year that was cancelled because of the Covid-19 intervening.




The Bribery Act 2010 received Royal Assent in April 2010, and so has been on the statute book in the UK for some 10 years (although technically the Act only came into force on 1 July 2011).  After a decade of existence, 2020 presents a timely opportunity to review how effective it has been.

The new Act replaced a framework of common law provisions and several ageing Acts of Parliament known collectively as the Prevention of Corruption Acts 1889 to 1916[1].

The Act provided for offences under 2 broad categories

  • Bribing another person; and
  • Agreeing to accept a bribe.

It also provided for a distinct offence of bribery of a foreign public official (to meet OECD Convention requirements), as well as a new offence where a commercial organisation[2] fails to prevent bribery.

The bribery offence has 2 elements

  • The (illegal) conduct involved; and
  • The fault element – what a person must intend in order to commit the offence, such as gaining or retaining an advantage, exercising influence etc.

Section 1 (giving a bribe) and section 2 (accepting a bribe) offences carry the same maximum penalties of up to 10 years imprisonment and/or an unlimited fine for individuals, and an unlimited fine for a company

Notably, and still relatively uncommon in UK law, the Act provided for extra-territorial jurisdiction to prosecute bribery committed abroad by persons who are ordinarily resident in the UK (including foreigners), as well as by UK nationals and UK corporate bodies.

The Act itself did not extend to the Channel Islands[3], Isle of Man or the British Overseas Territories[4] so as to create offences under their own laws – although British citizens from those jurisdictions could still be liable to prosecution under the UK Act – if they had “close connections” to the UK.  Subsequently, the Isle of Man, whose law tends to more closely follow UK law, introduced its own version of the Act in 2013[5].

This extra-territorial effect means that an offence can be committed even where it took place partly, or even entirely, outside the UK, provided that the alleged perpetrator is –

  • A British corporate body (e.g. a company incorporated in the UK);
  • A British citizen; or
  • A person with a “close connection” with the UK (which can include foreign nationals who are ordinarily resident in the UK).

This aspect of the law was largely in accordance with pre-existing bribery legislation – the only significant change being that the Bribery Act includes foreign nationals who are ordinarily resident in the UK.

The Act uses a “reasonable person” test to decide if bribery has taken place, and it notably excludes taking into account local custom and practice outside the UK – unless such customs or practice is permitted or required by written law (which can be local law or public international law).

The UK commercial organisations caught by the offence of failure to prevent bribery are

  • A body incorporated under the law of any part of the UK; and
  • A partnership that is formed under the law of any part of the UK,

and which carry on business in any part of the UK or elsewhere.

As well as –

  • Any other body corporate or partnership, wherever incorporated or formed, and which carries on business in any part of the UK – thus a foreign entity which carries on business in the UK is caught by the Act.

But the Act does not criminalise bribery by a foreign subsidiary of a UK company committed abroad.

Corporate hospitality intended to influence the recipient to look favourably on the provider can be caught by the Act – although it is said that the legislation relies on the discretion of the prosecutor as to where to draw the line in respect of corporate hospitality given to foreign public officials.

There is a defence for the commercial organisation to show it had adequate procedures in place to prevent persons associated with it from committing bribery offences.  This I will come to shortly.


A 2019 Parliamentary report highlighted an interesting aspect of the law, and one which reflected a general principle of English law.  This involved the so-called “identification principle”, a central feature of English corporate law which requires that a successful prosecution of a business needs to demonstrate that the “controlling minds” of the business (usually the board of directors) were aware of the criminal actions, and possessed the necessary mens rea (“guilty mind”).

It has been argued that this model is inherently disadvantageous to SME, as compared to large companies (especially transnational corporations) – as it is much easier to identify the controlling minds of a small company and to hold them responsible[6].


There is a defence for the commercial organisation to show it had adequate procedures in place to prevent persons associated with it from committing bribery offences.  The standard of proof for such a defence is the balance of probabilities. 

A 2019 Parliamentary report concluded that it should be made clear in guidance that “‘adequate’ does not mean, and is not intended to mean, anything more stringent than ‘reasonable in all the circumstances”.  It had been argued that “adequate procedures” was a higher bar than “reasonable procedures”, the standard for preventing of tax evasion offences under the Criminal Finances Act 2017.

Thus, unlike previous legislation, the Act places strict liability upon businesses for failure to prevent bribes being given (active bribery) and the only real defence is that the business had in place adequate procedures designed to prevent persons associated with it from undertaking bribery.

It should be borne in mind that the defence is a defence to the offence of failing to prevent bribery.  It is not a defence to other offences but may be relevant where prosecutorial discretion is involved.

There is another defence available, but this is unlikely to be relevant to the business community[7], involving acting on behalf of the intelligence services or armed forces of the UK.


The distinct and strict liability offence of bribery of a foreign public official closely follows the requirements of the 1997 OECD Convention on the Bribery of Foreign Public Officials in International Business Transactions (as supplemented by a further Recommendation of 2009).  It covers the offering, promising and giving of bribes – but not the acceptance of a bribe by a foreign official (with that presumably being a matter for the local authorities of that country) – although bribery is obviously a two-way street.

In 2019, the OECD Working Group on Bribery issued a follow-up report to its previous inspection of the UK under the terms of the OECD Convention.  In this report, the Working Group noted that efforts were underway in a number of areas – notably to enhance detection of bribery overseas through key government agencies and with whistleblower protection.  It also noted engagement with the Crown Dependencies and British Overseas Territories on foreign bribery-related issues, and encouraged the UK to continue to pursue these efforts.

However, the Working Group expressed regrets, as it said that no steps had been taken to address long-standing recommendations to ensure the independence of foreign bribery investigations and prosecutions, or to enhance detection through the AML-detection mechanisms.

The Working Group also noted that the total number of finalised and ongoing cases, relative to the size of the UK economy, remained relatively low – with only 3 cases concluded since 2017[8].


In 2017, the Criminal Finances Act introduced deferred prosecution agreements (DPA), with these then being available as a tool that could be deployed in bribery and corruption cases.

However, in a commentary on a 2019 Parliamentary report into the impact of the Bribery Act, law firm Wilmer Hale highlighted the fear that the DPA regime was not drafted with sufficient sensitivity to the potential criminal liability of individuals who may be affected by a company’s DPA.  You could have, and have had, the situation where a DPA stood, and the statement of facts on which it was founded, even when the individuals in question had been acquitted at the direction of the trial judge on the ground that they had no case to answer – inevitably raising the question of the fairness of those implicated by the statement of facts and DPA agreement, and if no-one was guilty of wrongdoing then who had done wrong.

This problem with the use of DPA, allied to the problem of the “identification principle” in English law, appeared to weight the risk of prosecution against those responsible for SME, and favour those in charge at large corporations –   indeed, in the Skansen case in 2018, one question asked was why the company was not offered a DPA in the way that larger defendants including Rolls-Royce and Standard Bank had been previously.  For example, in the Rolls-Royce bribery case, although the company did agree a DPA there were no successful prosecutions (in early 2019, the SFO announced that the long-running Rolls-Royce and Glaxo SmithKline investigations had been closed).

July 2019 saw another case where a company had agreed a DPA – where the company accepted in 2016 that it had failed to prevent corrupt payments over an 8-year period – 3 individuals were acquitted of charges of conspiracy to corrupt and conspiracy to bribe in relation to 27 overseas contracts[9].

Finally, in December 2019, 3 individuals were acquitted of conspiring to make corrupt payments to a South Korean public official between 2002 and 2015, despite the company having agreed a DPA in which the company accepted the charges of conspiracy to make corrupt payments and a failure to prevent bribery by employees[10].

The UK Government had launched its “Flag it Up” campaign in 2017, working with the accountancy, legal and property sectors to promote best practice in AML compliance and the reporting of suspicious activity.  Whilst welcoming this campaign, the OECD Working Group noted that it only targeted a limited number of reporting entities (solicitors, accountants and real estate agents) and was not designed specifically to detect foreign bribery.

In 2019, the UK Government announced the launch of an Economic Crime Plan, to be a comprehensive 3-year plan to tackle economic crime, and including strengthening of AML controls and revisions to suspicious activity reports submitted to the UK FIU.

In February 2019, the Crime (Overseas Production Orders) Act 2019 provided a new mechanism by which an application can be made to the courts for an “overseas production order”, requiring a person based overseas to produce or give access to electronic data regardless of where it is stored.   This is seen as a more efficient alternative to the time-consuming and cumbersome mutual legal assistance route (MLAT).  Subsequently, an agreement was signed with the US, which has its own CLOUD Act allowing similar cross-border exchanges.  The agreement would allow authorities in either country to obtain certain electronic data directly from Communications Service Providers located in the jurisdiction of the other country[11], where a “serious crime” is involved – the agreement specifies that serious crime is an offence punishable by a maximum term of imprisonment of at least 3 years[12].

In October 2019, Her Majesty’s Crown Prosecution Service Inspectorate (HMCPSI) published a review of case progression in the SFO from the point of case acceptance to the decision to charge following criticism of the SFO over its handling of cases.  The review made 7 recommendations to improve case handling[13].

Whilst questions have been raised about the actual use of the Act, and some of the legal details affecting its use, the basic concept has been adopted as the basis of an anti-bribery Bill published in Australia in December 2019, apparently being seen as a sound model for such legislation.


The Act required the Secretary of State to publish guidance on procedures that relevant commercial organisations can put in place to prevent bribery by persons associated with them, and this guidance was published in 2011 by the Ministry of Justice.

Pointedly, it has been made clear by the UK authorities that while companies’ anti-bribery programmes may be compliant with the US FCPA, this does not mean that they therefore also constitute adequate procedures under the Bribery Act, as the Bribery Act is said to differ in several respects from the FCPA.

The UK guidance came in 2 forms

  • A “Quick Start Guide” of 9 pages; and
  • A fuller 45-page version.

They set out the 6 principles which I will come to shortly.

The UK guidance says that while policies, monitoring and necessary due diligence are essential, controls should be proportionate to the size and risk-exposure of the business.

For example, it says that a business only has to think about doing due diligence on persons who will actually perform services for the company, or on its behalf.  Someone who simply supplies goods to the company is unlikely to do that.  It says that is very unlikely, therefore, that one would need to consider doing due diligence on persons further down a supply chain.  However, the extent and depth of due diligence required should be decided by the outcome of a risk assessment.

In addition to the Ministry of Justice guidance, the Serious Fraud Office has issued “Corporate Co-operation Guidance (in August 2019) and guidance on “Evaluating Compliance Programmes (in January 2020).

These the SFO will use to assess the effectiveness of any programmes of a company which it is investigating.  Notably, it says that assessment of a company’s compliance can be arranged around the same 6 principles contained in the MoJ guidance.  It can be seen that the SFO guidance clearly places such internal compliance programmes in the spotlight, and requires prosecutors to take account of corporate compliance (or the lack of it) as an important factor in the investigation.

Unlike the FCPA guidance in the US, the SFO, while encouraging cooperation with other countries’ investigations, does not explicitly refer to “anti-piling on” (i.e. where companies receive de facto credit for penalties suffered in other jurisdictions for the same offence or misconduct).

In October 2019, the UK Government promoted its Business Integrity Consultancy Service, which set out to offer practical help to SME to help prevent bribery, corruption and human rights abuses when doing business in emerging markets.  In regards to bribery and corruption, this new service offered limited specialist advice for a reduced fee[14] on such things as –

  • How to develop policies and procedures to prevent bribery and corruption;
  • Understanding and improving compliance with the Bribery Act and other relevant anti-bribery and anti-corruption laws, and reducing the risk of civil liability;
  • Identifying risks that a business might face;
  • Ensuring that the business knows what to do if things go wrong; and
  • How to work with business peers, the public and the public sector to take collective action on fair competition and avoiding corruption risks overseas.

The service is only available to companies employing up to 250 people, and with a turnover of up to £44 million.

Guidance from other quarters included, in 2014, guidance on “adequate procedures” from Transparency International, as well as a useful checklist for assessing if an organisation has the necessary and sufficient procedures in place[15].

The Transparency International guidance covers such things as

  • senior management and boardroom buy-in;
  • human resources aspects;
  • risk assessment, internal policies and procedures;
  • facilitation payments;
  • expenses, gifts and hospitality;
  • political and charitable contributions; and

It also covered such vital areas as training, communication channels within an organisation, as well as relationships with subsidiaries and outside persons and organisations, agents and so on.

Transparency International had previously, in 2013, produced guidance on how to carry out an effective bribery risk assessment, with this including another checklist, as well as a sample, completed version illustrating how it might be used.

Risk management models generally identify 2 key variables which play a role in the evaluation of risk

  • the likelihood or probability of an occurrence; and
  • the likely impact and consequences if it does occur.

The more significant or numerous risk factors associated with a particular activity, the higher the probability that something adverse might occur.

These risk factors are those characteristics or circumstances which will tend to increase risk that bribery will take place, why it might do so and how likely this is.

Following the risk assessment, the next vital thing is to put in place a plan to prevent, or at least mitigate, the identified risks resulting in bribery.  This would involve –

  • mapping the risks identified on to such existing controls the business should have in place (e.g. to prevent fraud, or to identify exposure to money laundering);
  • identifying gaps in the existing controls in terms of risks not adequately addressed (or those not previously identified);
  • designing and implementing appropriate remedial actions to ensure that adequate controls are put in place;
  • putting in place follow-up, monitoring and enforcement processes – to ensure that the plan is followed and is effective, including regular reviews and updating as required; and
  • reporting by those responsible for compliance to senior management and/or the board on the operation of the controls.

It is a key management responsibility to –

  • ensure that adequate controls are in place;
  • monitor the effectiveness of the prevention programme in mitigating the risk of bribery; and
  • ensure that there is effective implementation of the policies and procedures that have been laid down.

In 2016, an international standard, ISO 37001, was launched.  This specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system  It covers both the giving and acceptance of bribes, and it is designed to be generic and adaptable to all organisations (or parts of an organisation), regardless of type, size and nature of its activity, and whether in the public, private or not-for-profit sectors.

One may choose to outsource some of a compliance programme, although it would remain the responsibility of the business to maintain its own internal compliance programme, with the functions of any third party being incorporated into this programme.

In January 2020, the Red Flag Group produced a White Paper on “How to Buy Due Diligence”, pointing out that the choice of a due diligence provider involves a number of considerations for a business, looking at what and how such a third party may assist.  The factors mentioned included the timeliness and accuracy of any checks undertaken, the methods and technology used, and justifying the price involved against the value to the business (including providing some degree of comfort to management and board).  It goes without saying that the considerations must include thorough due diligence of the third-party service provider itself.


A 2019 Parliamentary report reviewed prosecutions under the Act.  It highlighted the difficulties of properly assessing whether the Act was being adequately enforced.  These difficulties included the length of many bribery investigations[16] – which meant that some time after the new Act was in force, many bribery-related cases were still being prosecuted under earlier laws, and the Act did not apply to behaviour from before the Act came into force.

Indeed, in 2018, only one case was actually resolved – with the CPS securing a conviction against a small office refurbishment company for the section 7 offence of failing to prevent bribery.  This case also saw the first contested conviction under the Act, the company arguing that its procedures, while minimal, were adequate for its size and risks involved[17].

In fact, between 2014 and the second quarter of 2018, the CPS had launched 107 cases under the old Prevention of Corruption Acts 1906, but only 42 offences of all kinds under the Bribery Act.

Early offences prosecuted involved relatively low-level ones and correspondingly modest penalties, none of which involved overseas bribery allegations – indeed, the first successful use of the Act involved a court clerk accepting a £500 bribe.

Under UK law, bribery and corruption may also be charged under various other laws.  For example, misconduct in public office is a common law offence carrying a maximum life sentence, and is said to be preferred by prosecutors for use where a public official is involved.

However, some cases did reach conclusion in 2019.

In June, FH Bertling Ltd received a £850,000 fine in connection with around $350,000 in bribes intended to secure freight forwarding contracts worth approximately $20 million in Angola.  The case had already seen a number of former employees convicted (and 1 acquitted) in 2017/18, in an investigation into contracts in the North Sea and Angola that had lasted for over 5 years.

In November 2019, Alstom Network UK Ltd was ordered to pay $21.2 million – a $19.4 million fine and $1.8 million in costs – for conspiracy to corrupt in connection with a contract to supply trams in Tunisia, and ending another long-running investigation.   This case had already seen 3 individuals and 2 companies convicted of conspiracy to corrupt, with 5 individuals acquitted of bribery-related charges.

In addition to any penalties arising from a conviction under the Bribery Act, there are other factors to be considered.  One is the reputational and business costs from the damage caused – the loss of current and potential markets and customers, as well as the legal and other costs of defending an action, investigating matters and remedying shortcomings.

The Financial Conduct Authority is also able to impose fines on regulated companies for lax procedures in relation to bribery and corruption under the Financial Services and Markets Act 2000.

Furthermore, the UK Government has also indicated that an individual or a corporation found guilty under the Act could expected to be debarred from access to public contracts, although this is said to be a purely discretionary matter for a “failing to prevent” conviction of a corporation[18].

A large-scale case involving foreign bribery saw the SFO agreeing a £671 million DPA with Rolls-Royce, with the company admitting bribery across 3 Continents over 3 decades.  However, although investigation into the potential criminal liability of individuals continued, these were controversially dropped in early 2019 (together with another long-running investigation into GlaxoSmithKline)[19].

In fact, no DPA were reached in 2019 in relation to bribery offences, and the SFO has failed to obtain convictions in the first and only prosecution, so far, brought against individuals for corruption offences where their former employers had agreed to DPA.  It remains to be seen to see to what extent the SFO continues to pursue individuals in cases where the companies involved had successfully agreed DPA.

Rolls-Royce was also mentioned in the Unaoil bribery case, which saw the first guilty plea in 2019 (for conspiracy to give corrupt payments to public officials to secure commercial contracts in Iraq) – with the trial of 3 other individuals beginning in January 2020.  The SFO had been investigating allegations involving Unaoil for over 3 years, giving an indication of the length of time such investigations can take.  The affair saw 3 British businessmen admitting their roles in paying multimillion-dollar bribes to officials in 9 countries over 17 years in court in the US.

Very recently we have seen the Airbus case, where that company paid some $4 billion in penalties to the UK, US and France.  While it seems that these authorities have chosen to go for a DPA instead of prosecution (though both the US and UK have indicated that there are a handful of former executives who remain under scrutiny) – there has been a “knock on” effect in several of the countries where bribes were reportedly paid, such as in Sri Lanka and Malaysia – which may see further criminal cases or other penalties resulting[20].

Another interesting aspect of the Airbus case is that it is said to be the source of the first judicial interpretation on the extraterritorial reach of section 7 of the Bribery Act 2010.  Airbus, after all, is nominally a Dutch company, with its main base in France and subsidiaries in a number of other EU (and non-EU) countries, and the admitted bribery took place outside the UK.  In approving the DPA, the UK court appeared to accept the decision of Airbus SE (the Dutch parent company) to agree to submit to UK jurisdiction, by reason of there being 2 Airbus subsidiaries active in the UK (and despite the part of Airbus likely responsible for any bribery being the senior management of the parent company, and a special French-based unit[21]).  The 2011 MoJ guidance said that merely having a UK-based subsidiary would mean that the parent was carrying on business in the UK, as the subsidiary may be acting independently of the parent[22].  It seems likely that the courts will judge each case and situation on their particular facts, but we will have to wait for more cases to be decided to see if this is right.


In March 2019, a committee of the House of Lords published a report into the Act, following 9 months of scrutiny by the committee, which included consideration of written and oral evidence from government ministers, departments, law enforcement and the private sector.

The Committee commented on the difficulty in prosecuting large corporation due to the existence of the “identification principle” in English corporate law[23], and also found that there was no centralised mechanism for reporting bribery.  The City of London Police – the national police lead for economic crime – told the committee that there was “no single law enforcement or intelligence body within England and Wales [which] leads on routinely receiving information relating to bribery and corruption activity”, and that it was “not clear to the public who bribery and corruption should be reported to”.

However, the committee also noted that the Home Office had committed to launching a new reporting mechanism for allegations of bribery and corruption, in line with the government’s Anti-Corruption Strategy, and was investigating options.

Aside from questions about the Act itself, the capability of the SFO has continually come into question, and its ability to successful prosecute high-profile, complex crimes.  The recent acquittal of 4 Barclays executives for alleged fraud connected to the 2008 banking crisis has only added to the doubts.


As already said, the UK Government guidance says that while policies, monitoring and necessary due diligence are essential, controls should be proportionate to the size and risk-exposure of the business; and that the extent and depth of due diligence required will be decided by the outcome of a risk assessment.

It also seems to go without saying that, if one takes over a new business, or takes on an existing supply of goods or services, that one of the steps taken should be to extend one’s compliance programme to the new business – and to carry out necessary due diligence to the people, organisations, markets and products involved.  However, one has seen cases in the US, where corporations have faced penalties for failures of businesses which they have acquired.

As is the case with AML/CFT, fraud and other potential problems confronting a business, one should be alert to “Red Flags” that might indicate the existence of, or the danger of, bribery and corruption being or becoming an issue.

As with the guidance available to business, there appears to be an abundance of material available suggesting potential red flags.

For example, in 2016, the US law firm Ropes & Gray[24] produced an article highlighting what it had identified as then the top 10 red flags in respect of Latin America.

Then, in 2018, Lockheed-Martin produced guidance on “red flags”[25], which it describes as a fact, event, or set of circumstances, or other information that may indicate a potential legal compliance concern for illegal or unethical business conduct, particularly with regard to corrupt practices and non-compliance with anti-corruption laws; and may be indicators of potential current or future anti-corruption non-compliance.

Lockheed-Martin divides its Red Flags into 5 categories

  • poor reputation – of the country, party or type of transaction involved; including a willingness to violate local law or policy;
  • ties to government and/or public officials;
  • questionable or unusual circumstances – including reluctance to agree to, or cooperate in, anti-bribery or due diligence controls, inconsistencies or apparent misrepresentations;
  • unusual compensation and questionable accounting and invoicing;
  • insufficient capabilities – such as where the other party is not expected to perform substantial work for the compensation involved, or it lacks the staff, facilities, experience or expertise to perform substantial work; or is a shell company or thereness is vagueness over how it will carry out its role.

The Ropes & Gray list added some more specific things, such as –

  • overriding of internal controls – as, after all, an effective compliance programme is only as strong as the response of and adherence by company management; and
  • pricing discrepancies – such as where prices do not match previous written agreements, and where large discounts, premium charges, or commissions might be used for bribes (or equally could be evidence of trade-based money laundering, as with some or all of the other red flags);

In early 2020, Transparency International issued a report into what it said were gaps and shortcomings in US arms export controls to prevent corruption and supply to corrupt users.  In doing so, it identified 5 priority risk factors for identifying corruption in arms sales.  These closely mirrored the types of more general red flags one should be alert to in commercial transactions.

The potential list of red flags is seemingly limitless, if one takes into account the specific of the business or industry concerned.  I myself was able to assemble (with online assistance) of 60 or so, almost without trying.  Whilst there may be some obvious red flags associated with a specific business or industry sector, good advice may be to approach compliance with the general categories suggested above, allied to the 6 principles of anti-bribery found in the Bribery Act guidance.

However, 2 general points are worth making

  • firstly, online and media searches need to be much more just a cursory use of Google, more in-depth checks are required and data-mining has been recommended by some experts; and
  • as with AML controls, anti-bribery due diligence checks are not to be seen as just a one-off exercise, but an ongoing one, with a compliance programme providing for repeated or continued checks or monitoring, particularly should any parties or circumstances change.

One potential which may be implied, though not explicit, in the guidance available is that of an insider, particularly a “trusted insider” – is an employee, contractor, or even an agent, who has legitimate access to information, technology, assets, or premises owned by a business or organisation.  Hence, any risk assessments should consider all forms of insider activity[26] , and any precautions should consider if vetting or other checks of employees or others in positions of importance and trust is necessary – in addition to any training and awareness-raising.


The 45-page MoJ guidance includes an Appendix containing a number of case studies designed to demonstrate how the 6 principles might be involved in real-life situations.

For example, one case study deals with how a company might seek having anti-bribery prevention procedures included in any joint venture with another company, with binding commitments on the part of both parties, to protect both.

Another case study is concerned with how one might assess and take onboard a foreign agent – with thorough research of the prospective agent and all those identified as having some control over the affairs of the agent, and verifying any information obtained from questioning of the would-be agent, and not just taking their word at face value.

The 6 principles are provided to help businesses decide on what they might need to do –

  1. Proportionality;
  2. Top-level commitment;
  3. Risk assessment;
  4. Due diligence;
  5. Communication; and
  6. Monitoring and review.

Expanding each of the 6 principles slightly, they would mean –

  • Proportionality – the action taken should be proportionate to the risks faced, with more needed if a large organisation with overseas markets[27];
  • Top-level commitment – the commitment must come from the very top of the organisation, at board and chief officer level, not just from the lower levels of management[28];
  • Risk assessment – a through (and ongoing) risk assessment, especially when entering into new business arrangements and/or new markets[29];
  • Due diligence – there needs to be satisfactory due diligence on those that one is dealing with (agents, associates, intermediaries, local representatives, partners in joint ventures) who might put your organisation at risk;
  • Communication – you have to ensure that your policies and procedures are known to all your staff, as well as agents, representatives etc; and who to report concerns to and how; and
  • Monitoring and review – there is a need for ongoing monitoring and review of the policies and procedures, as well as your business arrangements, customers and markets.

In addition, you must obviously be aware of developments in anti-bribery laws, requirements and trends – not only in the UK and the countries and markets you are involved in.  You need to be aware of other countries’ laws (such as the FCPA and Sapin II) that might affect you, as well as the actions and reports of organisations such as the EU, UN and World Bank[30].

In France, the equivalent Sapin II law sets out 8 measures that must be followed for companies to which the law applies.  These include some of the same things included in the 6 principles in the Bribery Act guidance, plus specific reference to compliance and awareness training for all levels of the organisation and an internal whistleblower system.

The French measures include a specific need for accounting controls to ensure that the company’s books and accounts are not concealing violations such as bribery, gifts or other dubious expenses; as well a requirement for disciplinary sanctions to be applied in cases where the company’s code of conduct has been breached.

The first question is how extensive (and time consuming and costly) your anti-bribery programme should be.  The Ministry of Justice official guidance says that while policies, monitoring and necessary due diligence are essential, controls should be proportionate to the size and risk-exposure of the business.

For example, it says that a business only has to think about doing due diligence on those persons who will actually perform services for the company, or on its behalf.  Someone who simply supplies goods to the company is unlikely to do that.   The extent and depth of due diligence required will be decided by the outcome of a risk assessment.

It is said in the guidance that it was not the intention of the UK Government to prevent genuine business hospitality that is “reasonable and proportionate”, saying that, for example, providing clients tickets to sporting events, buying them dinner and offering (reasonable) gifts and travel expenses would be permissible, if “reasonable and proportionate” for your business.

However, the guidance also makes very clear that hospitality and reasonable and proportionate gifts etc is not to be seen as cover for facilitation payments, which it defines as “payments to officials to perform routine functions which they are otherwise obligated to perform”.  These, it says, are simply bribes.

Legally-required (and genuine) administrative charges, or additional payments for “fast track” services, would not be regarded as facilitation payments.

As regards the exception for “payments permitted by the written laws of the country” in question, these are permissible in the case of foreign official, and in other cases are a factor to be taken into consideration in determining whether acting “improperly”.

To demonstrate the “adequate procedures” necessary to defend oneself it is self-evident that you need to document your compliance activities, including risk assessments undertaken, due diligence checks, and any monitoring and review activity.  This will

  • demonstrate commitment to combating bribery and corruption;
  • facilitate any potential cooperation with the authorities;
  • help to establish and prove potential legal defences, should these become necessary; and
  • be available to demonstrate compliance to any actual or potential business partners, investors etc.

As we have seen, the SFO’s own guidance refers to an assessment of a company’s compliance programme arranged around the same 6 principles contained in the MoJ guidance – although the SFO stresses that the existence of such a programme cannot be relied upon to indicate any leniency would be available, the existence of an effective compliance programme cannot be ignored.

In the guidance, the SFO is told to look for a company’s compliance programme to be “proportionate, risk-based and regularly reviewed, and that the SFO will take investigations initiated by the company itself into account when deciding what (if any) credit a company will receive for cooperation.

It is clear that the SFO guidance puts corporate compliance programmes in the spotlight, requiring prosecutors to consider corporate compliance (or the lack of it) at the outset as an important part of the overall strategy of an investigation.   It also focuses on the cooperation phase of an enforcement investigation, whereas equivalent US and French guidance more broadly examine self-disclosure, cooperation and how to remedy misconduct.

The SFO guidance makes it clear that companies seeking credit for cooperation will be expected to produce documents held overseas wherever possible, particularly “relevant material that is held abroad where it is in the possession or under the control of the organisation”, as well as identifying potential witnesses (including third parties, and, where possible, making agents available for questioning).


Ray Todd


28 June 2020



[1]  Public Bodies Corrupt Practices Act 1889, the Prevention of Corruption Act 1906 and the Prevention of Corruption Act 1916 (known collectively as the Prevention of Corruption Acts 1889 to 1916).

[2]  Including bodies corporate, Scottish partnerships (which have legal personality) and other partnerships.

[3]  However, as they have close connections with the UK, and many of their residents are UK nationals, and their businesses also carry on business in the UK, the risk of prosecution of a Channel Islands resident or company under the Bribery Act is relatively high

[4]  Anguilla, Bermuda, the British Antarctic Territory (BAT), the British Indian Ocean Territory, BVI, Cayman Islands, Falkland Islands.

[5]  Bribery Act 2013.

[6]  Might this be said to have been illustrated in the Tesco case, which involved charges of false accounting, not bribery?  The company agreed a DPA with the SFO in 2017, but the prosecutions of 3 individuals charged separately failed.  In December 2018, the Court of Appeal confirmed a Crown Court ruling that 2 of the 3 had no case to answer and the jury was instructed to return verdicts of not guilty. Following this, in January 2019, the SFO offered no evidence against the third individual and he was acquitted.


[7]  The defence involves the proper exercise of any function of a British intelligence service, or the proper exercise of any function of the British armed forces when engaged on active service.

[8]  These involving the conviction of 12 individuals, with 9 acquittals, 1 civil recovery order for an individual, and 1 conviction of a company.

[9]  Sarclad Ltd.

[10]   Güralp Systems Ltd.

[11]  Under the agreement, the UK may not issue demands for data of US citizens, nationals, or lawful permanent residents, nor may it demand the data of persons located inside the US.  The same restrictions apply to US requests to the UK.

[12]  https://www.insideprivacy.com/surveillance-law-enforcement-access/10167/

[13]  https://www.mondaq.com/Article/887756

[14]  Up to 5 days of consultancy for first-time users, which can be spread over 2 months.

[15]  The UK branch also runs training programmes and has designed a number of services to help organisations to improve their anti-corruption capabilities

[16]  Eurasian Natural Resources Corporation: the investigation involving ENRC has lasted 8 years or more.  In November, a court ruled that the SFO didn’t have to restart an independent review assessing whether its probe into the now defunct mining company owned by 3 wealthy businessmen from the former Soviet Union, had been tarnished by impropriety.  ENRC has alleged that the SFO mishandled evidence and received privileged, leaked information from the company’s lawyers,

[17]  Skansen Interiors Limited: https://www.cps.gov.uk/cps/news/company-directors-jailed-bribery It was involved in the development of prime commercial property in London.  The managing director was jailed for 12 months’ and disqualified as a director for 6 years.  The recipient, a director of another company, was also jailed for 20 months’ and disqualified as a director for 7 years – he was also ordered to pay £10,697 within 3 months or face a further 7 months in prison.


[18]  And it has been noted that one company continued to receive valuable government contracts, despite one arm being found to have defrauded the government under another contract.

[19]  The SFO explained that these cases either lacked sufficient evidence or that there were public interest justifications for avoiding a trial, such as the age or ill health of some of the suspects

[20]  Private Eye in the UK has noted the irony of Airbus having received an anti-corruption compliance certificate in 2014; and of it having chaired the International Forum for Business Ethical Conduct, whose role was said to be to set ethical and compliance standards in the aerospace and defence industry.

[21]  Strategy and Marketing Organisation International (SMO)

[22]  Other factors may influence a decision – such as involvement of UK nationals, funding from the UK Government having been involved etc.

[23]  https://www.mondaq.com/Article/888520

[24]  https://www.ropesgray.com/en/newsroom/alerts/2016/September/Top-10-Anti-Corruption-Red-Flags-In-Latin-America

[25]  https://www.lockheedmartin.com/content/dam/lockheed-martin/eo/documents/ethics/corruption-red-flags.pdf

[26]  https://www.australiandefence.com.au/news/how-defence-smes-can-manage-insider-threats

[27]  In the Airbus case, it is argued that there was a high risk of bribery as the company used third parties in numerous countries to negotiate aircraft sales – so it would have been proportionate to have tight and vigorous controls in place.

[28]  In the Airbus case, it seems that some high-level executives were aware of the bribery, including those on committees set up to oversee compliance issues.  It has been said that there was no ‘compliance culture’ embedded within Airbus, but instead there was a culture which permitted bribery.

[29]  In the Airbus case, there were clearly high external risks as “associated persons” (agents) were dealing in some countries with high levels of corruption and the market they were dealing in was large-scale infrastructure which carries high risks.  When an aircraft was sold, Airbus would pay the agent a commission based on a percentage of the value of the sale of the aircraft which encouraged risk taking.

[30]  The World Bank regularly “de-bars” companies and individuals from participation in projects it funds, listing those which have been sanctioned under the Bank’s fraud and corruption policy.  The current list of those debarred is at: https://projects.worldbank.org/en/projects-operations/procurement/debarred-firms


On 28 June, Forbes carried a useful article saying that there has been an enormous upsurge in interest in FATF Recommendation 16, widely known as the “Travel Rule”.  It is said that prevention of money laundering, terrorism financing, bribery and corruption, tax evasion, international sanctions breaches, and other illicit activity via the exchange of virtual assets such as bitcoin, ether, XRP, and others is at the centre of this activity. It explains that, put simply, the Travel Rule covers VASP such as cryptocurrency exchanges and digital wallet providers, custodians, and some traditional financial institutions transacting in virtual assets. It ensures that originators, intermediaries, and beneficiaries of virtual asset transactions disclose a minimum standard of customer data. It identifies some of the comprehensive tools for the transfer, registration, and reporting of Travel Rule data which, it says, are key.  It sets out the 6 guiding principles it says are needed for Travel Rule implementation and standardisation. These principles should form the cornerstones of any technical solution that facilitates compliance with the Travel Rule.  It also says that VASP must be able, where applicable, to freeze transactions as well as block and prohibit transactions with designated persons, in line with sanctions lists, PEP lists, blacklisted address lists, etc. Finally, it says, regulators need to have meaningful information and remediation to enable them to license VASP and oversee VASP activities in sufficient detail.






If you would like to say thanks by making a small contribution, in case I need to upgrade or replace my computers and other paraphernalia, I have a page at https://www.buymeacoffee.com/KoIvM842y