Following years of anticipation and comment, the past months have seen a flurry of enforcement activity in relation to the offence of failing to prevent bribery, contrary to section 7 of the Bribery Act 2010 (the “section 7 offence”). November 2015 saw the approval of the UK’s first Deferred Prosecution Agreement (“DPA”) between the Serious Fraud Office (“SFO”) and ICBC Standard Bank Plc (“Standard Bank”), with Standard Bank agreeing to make disgorgement and paying a substantial penalty in order to avoid being prosecuted for the section 7 offence.

Standard Bank had self-reported to the SFO, having identified concerns arising from an associated group company’s conduct in obtaining a valuable mandate to issue a sovereign loan note on behalf of the Tanzanian government.  Shortly after, in February 2016, Sweett Group Plc (“Sweett Group”), the UK’s only listed firm of building surveyors, was sentenced to a substantial fine at Southwark Crown Court, Sweett Group having pleaded guilty to the section 7 offence following an SFO investigation into allegations that a subsidiary had engaged in bribery to secure a contract to construct a hotel in the UAE.

The experience of both Standard Bank and Sweett Group should prompt all firms (whether operating within the regulated sector, or not) to consider whether their systems and controls are sufficiently robust to ensure that they, unlike Standard Bank and Sweett Group, can rely on the section 7 offence’s “adequate procedures” defence.  Whilst neither Standard Bank nor Sweett Group contested the SFO’s allegations at trial, the two cases do raise a number of important issues that should prompt firms and their advisors to re-evaluate or re-assess their existing systems and controls, paying heed to the existing Ministry of Justice guidance (the “MoJ Guidance”), the FCA’s Financial Crime: A Guide For Firms (the “FCA Guidance”) and other interpretative aids including guidance published by the British Bankers Association in 2014.

Five lessons for firms from the Standard Bank and Sweett Group investigations are as follows:

(i) Reliance on the systems and controls of a group or connected entity will not be sufficient; firms must take responsibility themselves

Standard Bank operated in Tanzania alongside a local group entity, Stanbic Bank Tanzania Limited (“Stanbic Bank”).  Sweett Group’s business in the UAE was also conducted through a subsidiary, Cyril Sweett International Limited (“CSI”).  In neither case did this insulate the parent company from liability in relation to the section 7 offence.  Commercial organisations will need to be as, if not more conscious of possible bribery and corruption risk in circumstances where the transaction is being handled by a connected party or a subsidiary or affiliate.

(ii) Commercial organisations should conduct a thorough bribery and corruption risk assessment, which should identify any bribery and corruption “red flags”

Neither Standard Bank nor Sweett Group identified a number of key “red flags” which should have indicated that the relevant transactions presented a high level of bribery and corruption risk.

Standard Bank failed to identify the fact that the transaction related to a jurisdiction presenting a high bribery and corruption risk (Tanzania being placed, jointly with Pakistan, at 117 out of 167 countries in Transparency International’s Corruption Index for 2015 (the “TI Index”)).  Principle 3 of the MoJ Guidance is clear that commercial organisations’ systems and controls should include an assessment of “country risk” as part of considering the overall risk posed by a particular transaction or business relationship.

Whilst the UAE scores well on the TI Index, Sweett Group ought to have taken account of the sectoral risk presented by the fact that the transaction related to the construction industry.  Again, Principle 3 of the MoJ Guidance requires commercial organisations to consider sectoral risk as part of any overall risk assessment, and as a number of reports have demonstrated, bribery and corruption is particularly prevalent in construction projects across jurisdictions.

Nor did Standard Bank recognise that the presence of politically exposed persons (“PEPs”) gave rise to an enhanced bribery and corruption risk (the PEPs in question being the members of the Tanzanian Revenue who would ultimately determine to whom the mandate to act on the sovereign loan note would be granted).  The MoJ Guidance and all other best practice is clear that the presence of PEPs is a clear red flag which should result in the application of enhanced due diligence.

In the case of Sweett Group, the relevant contract was signed by Khaled Al Badie, then the vice chairman of Al Ain Ahlia Insurance Company (“AAAI”) and chair of AAAI’s real estate and investment committee.  Given that AAAI was part owned by the Abu Dhabi state, this too should have been considered a possible red flag.  The FCA Handbook, for example, gives as an example of poor practice where a firm “fails to consider whether a customer’s political connections mean that they are high risk despite falling outside the […] definition of a PEP”.

(iii)  Commercial organisations should conduct enhanced due diligence commensurate with identified bribery and corruption risk

Despite the evidence of one or more bribery and corruption red flags, neither Standard Bank nor Sweett Group conducted any enhanced due diligence in relation to the transactions ultimately giving rise to liability for the section 7 offence.  Principle 4 of the MoJ Guidance provides that conducting due diligence commensurate with bribery and corruption risk is an essential component of any adequate procedures that a corporate should have in place.

In the case of Standard Bank, partway through the transaction a “local partner” – Enterprise Growth Market Advisors Limited (“EGMA”) – was introduced by Stanbic Bank.  EGMA was to be remunerated at 1 percent of the transaction value.  Standard Bank conducted no due diligence at all of EGMA, and Stanbic Bank carried out only the most cursory know your client checks.  Had either entity made further enquiries, they might have identified that the ultimate beneficial owners of EGMA were two (then) current and former members of the Tanzanian Revenue.

In the case of Sweett Group, on the same day that the contract between CSI and AAAI was signed, a collateral agreement was made between CSI and North Property Management Limited (“NPM”), providing for payment in monthly instalments of 1.08 percent of the overall project value (circa £680,000).  It appears no due diligence was undertaken in relation to NPM; had it been, it would have been discovered that Khaled was the beneficial owner.

(iv) Applicable policies should be properly implemented and employees should be comprehensively trained

In the case of Standard Bank, at least, the firm had a number of policies and procedures in place that were designed to identify and counteract bribery and corruption risk.  The issue was ultimately that these policies were not followed.  By way of example, Standard Bank’s Introducers and Consultants Policy would, if applied, potentially have identified the issues with EGMA.  Principle 5 of the MoJ Guidance provides that procedures will not be adequate for the purpose of raising a defence to the section 7 offence if they have not been properly implemented, and staff not sufficiently trained on their operation.

(v) Where liability for the section 7 offence is activated, corporates should cooperate fully with the SFO

Standard Bank was the first occasion in which a corporate entity has benefited from a DPA, thus avoiding being prosecuted before the criminal courts.  Sweett Group, by contrast, was forced to plead guilty.  The explanation for these two divergent outcomes, for cases which both related to alleged breaches of the section 7 offence, was contrasting levels of assistance provided by the company under investigation to the SFO.  In particular, the SFO praised Standard Bank for cooperating “fully and honestly”, complying with an exhaustive document disclosure regime.  By contrast, the SFO viewed Sweett Group as paying lip service to cooperation, whilst engaging in efforts to frustrate the agency’s investigation.  Of course each case will turn very much on its facts, but firms wishing to preserve their position in relation to any possible consensual outcome (such as a DPA) will need to approach their dealings with an investigative or regulatory agency carefully.

This blog first appeared on www.enforcd.com.