Publication
Real Estate Focus - December 2024
December has been a very busy month, with a flurry of new government policies and consultations.
Global | Publication | November 2016
The highly-anticipated ISO standard for anti-bribery management systems - ISO 37001 - was recently published. The standard and its guidance represent the outcome of an arduous process, where stakeholders from many nations and representing a range of interests agreed a set of principles that organisations of all sizes (whether public, private or not-for-profit) can use to design anti-bribery management programmes. The ISO does not intend or purport to create new ground, but rather consolidates existing guidance from regulators, intergovernmental organisations and NGOs.
Organisations might consider obtaining ISO certification for any range of reasons. First and foremost, such a certification can indicate to a company’s customers, business partners, investors and any others exposed to the company’s risk profile that the organisation’s programme meets baseline standards.
However, companies considering certification should be mindful that an ISO 37001 certification means that an anti-bribery management programme of a certain design exists, with all of the constituent parts prescribed by ISO; it does not mean that the programme really works. This is an important point, as any government agency looking to take enforcement action against an organisation for bribery and corruption related offences will inevitably undertake its own assessment of whether that organisation’s compliance programme is genuinely effective in its day-to-day application.
In terms of content, ISO 37001 defines bribery by reference to the laws applicable to each organisation and prescribes various actions, measures and controls that would be familiar to experienced legal, compliance and risk professionals. These include:
ISO certification can be a useful indication to external stakeholders that these elements exist within an organisation. For the business partner who requests information about a company's anti-bribery management programme, ISO certification could be shorthand for describing the various elements in place.
Further, regulators who want to encourage a compliance culture in jurisdictions with less enforcement history than the United States or United Kingdom may point to ISO 37001 as guidance for local organisations. Because ISO37001 is a global commercial standard, it may be better received than standards promulgated by the US or UK regulators, whose extraterritorial reach is sometimes perceived as unreasonable.
Anti-bribery management programmes have two main aims:
Programmes that achieve those two aims are those that actually work, rather than just exist.
The message from relevant authorities is unambiguous: only truly effective anti-bribery management programmes merit consideration in terms of penalty mitigation or, where applicable, an affirmative defence. In fact, the UK Government Guidance on Corporate Prosecutions1 lists an ineffective compliance programme as an aggravating factor that should encourage a decision to prosecute. Similar language appears in the UK Deferred Prosecution Agreements Code of Practice.2 A key takeaway from the Standard Bank DPA is that ineffective anti-bribery programmes will not be considered “adequate procedures, despite the moving parts that may exist.3
US authorities ask “three basic questions: Is the company's compliance programme well designed? Is it applied in good faith? Does it work?”.4 US regulators often give some weight to a respondent's compliance programme, but mitigation is only awarded in cases where the programme is truly effective - and where the alleged corrupt activity took place despite the company's best efforts.
ISO certification could certainly be a valuable exercise for any organisation looking to ascertain whether its programme - or at least its plan for developing the programme - hits all the right marks. Seeking certification should not, however, direct company resources away from focussing on meeting the standards regulators set: is the programme mitigating the risk and incidence of corruption, and is it providing a credible response when impropriety nonetheless occurs?
Achieving these goals - as opposed to a certification - is hard work and takes planning, expertise and cultural change management. Reflecting this, the ISO standard notes in its appendix that senior managers must have “genuine intent” and a “genuine commitment to prevent, detect and address bribery in relation to the organisation's business”.5 This matches various guidance documents issued by the authorities, such as the UK Ministry of Justice Bribery Act Guidance,6 the FCPA Resource Guide7 and the US Federal Sentencing Guidelines.8
The dangers of an over-reliance on certification were highlighted earlier this year when Australian journalists alleged that Monaco-based Unaoil had helped various multi-national companies secure government licences using improper payments. Unaoil had previously been certified by a well-known due diligence provider. The matter is now subject to a number of criminal inquiries by authorities including the SFO, and the press has labelled the agent, “The Intermediary That Allegedly Bribed The Entire Oil Industry”.9
Ensuring that your anti-bribery management programme really works takes genuine review and assurance: not just an auditing process, but substantive transaction testing to ensure that legal risks are being appropriately identified and mitigated, that processes are being followed and that the correct decisions are being made by businesses, legal and compliance personnel. Such an outcomes-based assessment provides metrics and management information to executives and boards, which enables a company to determine with confidence whether their programme really works. The same can be done, albeit with more qualitative feedback, with respect to development of ethical culture and training effectiveness. What dilemmas are facing your managers, and how effectively does their reflex meet the challenge? Is your training programme changing hearts and minds, and how can you do better? Is your message being heard?
Real commitment and action is the challenge in any organisation and the key to effective anti-bribery management programmes. The new ISO standard gives corporates a set of tools by which they can meet that challenge, but whether those tools are deployed effectively is a matter of real testing and assurance.
Norton Rose Fulbright was delighted to be represented as the only legal practice on the UK based BSi Anti-Bribery Committee which worked on the ISO standard on anti-bribery (ISO 37001). This followed our earlier work on the British Standards Institute’s panel in connection with the drafting of the first British Standard on Anti-Bribery (BS 10500).
See page 7, available here: https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/codes-and-protocols/
See page 5, available here: https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/deferred-prosecution-agreements/
For further information about the Standard Bank DPA, please see Norton Rose Fulbright’s prior client alert
See page 56, available here: https://www.sec.gov/spotlight/fcpa/fcpa-resource-guide.pdf
See paragraph A.3.1., available here: http://www.iso.org/iso/catalogue_detail?csnumber=65034
See in particular Principle 2, available here: https://www.justice.gov.uk/downloads/legislation/bribery-act-2010-guidance.pdf
See page 56, available here: https://www.sec.gov/spotlight/fcpa/fcpa-resource-guide.pdf
See § 8B2.1(b), U.S. Sentencing Guidelines, available here: http://www.ussc.gov/sites/default/files/pdf/guidelines-manual/2014/CHAPTER_8.pdf
Publication
December has been a very busy month, with a flurry of new government policies and consultations.
Publication
On 13 December 2024 the Financial Conduct Authority (FCA) published Primary Market Bulletin 53 (PMB 53) which includes confirmation of the final form of two new, and one amended, sponsor-related technical notes previously consulted on in PMB 50, and a consultation on various proposed changes to the technical and procedural notes in the FCA’s knowledge base.
Publication
The Regulator has provided a link to its dashboard webinar held on November 26, 2024, which it urges scheme trustees to watch. The Money and Pensions Service also collaborated with the Pensions Dashboard Programme to host a “town hall” dashboard event on December 2, 2024.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023