Thought leadership from our experts

Meeting the rising tide of compliance

, Clayton Utz, Australia Richard Abraham, Clayton Utz, Australia

Compliance is a complex area for product manufacturers and suppliers. Managing compliance issues on an international level is particularly challenging. This area is governed by a matrix of legislative provisions in respect of anti-bribery and corruption. Companies with global operations must take into account local customs and a range of cultures which impacts not only local regulation, but also ethical issues and local business and state practice and actors. A daunting task for any legal or risk professional sitting in a corporate HQ.

Anti-bribery and corruption sits towards the top of many enforcement authorities' priority lists2. Therefore it should be on the radar of companies operating globally and not just those operating in so-called 'high risk' jurisdictions or industries. Further, with corporate "culture" increasingly under the microscope, and the move towards "failure to prevent bribery" offences in a number of jurisdictions, such a failure could give rise to additional legal and reputational risk.

This paper provides a short refresher of key anti-bribery and corruption provisions and concludes with a consideration of matters to take into account when formulating approaches to compliance.

Most agree that the Foreign Corrupt Practices Act of 1977 as amended, 15 U.S.C. §§ 78dd-1, et seq. (FCPA) sets the benchmark in this area. It was enacted for the purpose of making it unlawful for certain classes of persons and entities to make payments to foreign government officials to assist in obtaining or retaining business. For present purposes there are two broad offences under the FCPA:

  • the anti-bribery provisions: It is a criminal offence to make a payment or offer payment to a foreign official for the purposes of obtaining business for any person; and
  • the 'books and records' provisions: These were designed to work in tandem with the anti-bribery provisions and require corporations covered by the provisions to (a) make and keep books and records that accurately and fairly reflect the transactions of the corporation and (b) devise and maintain an adequate system of internal accounting controls.

The anti-bribery provisions of the FCPA originally applied to all US persons and certain foreign issuers of securities, however following amendments in 1998, the anti-bribery provisions now also apply to foreign firms and persons who cause, directly or through agents, an act in furtherance of such a corrupt payment to take place within the territory of the United States. The DOJ takes an expansive approach to jurisdiction – an approach has been mirrored more recently in the legislation and prosecutorial approach in other countries.

The FCPA celebrated its 40th birthday in 2017. It has racked up an impressive resume of enforcement actions and sanctions:3

  • a total of 523 enforcement actions have been brought (205 by the SEC and 318 by the DOJ);
  • of these, the vast majority have been settled (92.50% of defendants settle with the SEC and 76.19% of defendants settle with the DOJ); and
  • $10,712,420,673 in monetary sanctions have been imposed in all FCPA-related enforcement actions.

The rising tide of regulation in this area can be traced to the Organisation for Economic Co-operation and Development (OECD) Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (OECD Convention). The OECD Convention requires signatories to criminalise bribery of foreign public officials in international business transactions and implement a range of related measures to make this criminalisation effective.

There are currently 35 OECD countries and 8 non-OECD countries who are signatories to the OECD Convention – and this list is increasing. The coalescence of global business practices and technology (which could see a nexus with a particular jurisdiction established in unusual and unexpected ways), together with an increasing number of jurisdictions enacting anti-bribery legislation, and aggressive approaches to jurisdiction taken by enforcement agencies in a number of these jurisdictions mean that anti-bribery and corruptions needs to remain top of mind for corporate legal and compliance.

To illustrate the point, in its December 2017 publication "Fighting the Crime of Foreign Bribery",4 the OECD noted:

  • foreign bribery is a crime in all 43 parties to the OECD Convention;
  • in the period between 1999 and the end of 2016, 443 individuals and 143 entities have been sanctioned under criminal proceedings for foreign bribery in 20 countries which are parties to the OECD Convention (while 23 countries had yet to conclude a foreign bribery enforcement action);
  • 500 investigations were ongoing in 29 countries; and
  • 125 individuals and 19 entities were subject to prosecution in 11 countries for offences under the OECD Convention.

The UK Bribery Act 2010 (Bribery Act) was introduced in 2011. One significant difference between the FCPA and the Bribery Act was the introduction of a 'failure to prevent bribery' offence. Under section 7 of the Bribery Act, a commercial organisation is guilty of failure to prevent bribery if a person associated with the commercial organisation bribes another person intending:

a) to obtain or retain business for the commercial organisation, or

b) to obtain or retain an advantage in the conduct of business for the commercial organisation.

It does not matter if the associated person is a British citizen who could be prosecuted for the offence or not, meaning that a company with a jurisdictional link to the UK could be prosecuted for something that a non-British citizen did outside the UK.

If the commercial organisation can prove that it had in place "adequate procedures" designed to prevent persons associated with it from committing these acts, then it has a defence to the charge. The UK Ministry of Justice has published Guidance which deals with what might constitute adequate procedures.5

Following the introduction of the Bribery Act there was a period where section 7 remained untested. This changed when the Serious Fraud Office (SFO) entered into its first Deferred Prosecution Agreement (DPA) in respect of the offence under section 7 in November 2015 (ICBC Standard Bank Plc), and achieved its first conviction in February 2016 when a construction and professional services company (Sweett Group PLC) was sentenced and ordered to pay £2.25 million as a result of a conviction arising from a Serious Fraud Office investigation into the activities of one of its subsidiaries in the United Arab Emirates. In sentencing, the Court observed:

The whole point of section 7 is to impose a duty on those running such companies throughout the world properly to supervise them. Rogue elements can only operate in this way – and operate for so long – because of a failure properly to supervise what they are doing and the way they are doing it.6

More recently, the SFO entered into a DPA with Rolls-Royce PLC which involved the payment of £497.25 million (plus the SFO's costs in the amount of £19 million) – this was the highest ever enforcement action against company in the UK for criminal conduct – and was reached in circumstances where Rolls-Royce PLC fully cooperated in the investigation, and introduced a programme of corporate reform and compliance.7 Importantly, the DPA did not prevent further investigation into the conduct of individuals, and indeed Rolls-Royce PLC agreed as a condition of the DPA to cooperate with any future prosecution of individuals. Similar agreements have been announced between Rolls-Royce PLC and authorities in the US and Brazil.

Australia ratified the OECD Convention in 1999. Australia is also a party to the United Nations Convention against Corruption (UNCAC) of 2003. Both treaties require state parties to criminalise bribery of foreign public officials in the course of international business.

Australia has given effect to its treaty obligations in Division 70 of the Criminal Code Act 1995 (Cth) (Criminal Code). Section 70.2(1) makes it an offence to provide, offer or promise to provide a benefit not legitimately due to another person, with the intention of influencing the exercise of a foreign public official's duties in order to obtain or retain business or a business advantage. The terms "foreign public official" and "benefit" are both broadly defined, and the offence captures bribes made to foreign public officials either directly or indirectly via an agent, relative or business partner.

Unlike the UK, Australia retains the 'facilitation payment' defence.

The legislation prescribes maximum penalties for individuals (up to 10 years imprisonment and fines of up to AUD$2.1, or for corporations the maximum penalties are the greater of:

  • AUD$21 million (USD$16 million, EUR€13.2 million) fine;
  • three times the total benefit obtained from the bribe; or
  • 10% of the company's annual turnover.

In addition to criminal penalties, any benefits obtained by foreign bribery can be forfeited to the Australian government under the Proceeds of Crime Act 2002 (Cth). That Act establishes a regime that allows proceeds of Federal-indictable offences to be traced, restrained and confiscated by a court. It also confers power on a court to order that a person appear before it to demonstrate that unexplained wealth was acquired by lawful means.

In recent years there has been considerable change to the anti-bribery landscape through the enactment (or proposed enactment) of new anti-bribery legislation and progress in the enforcement of such legislation.

In March 2016, the foreign bribery offence was supplemented by 'books and records' style accounting offences. The two new offences criminalise both intentional and reckless false dealing with accounting documents.8 The prescribed penalties for intentional false dealing with accounting documents are the same as for the foreign bribery offence, while those penalties are halved for the offence of reckless false dealing.

In December 2017, the Australian Government introduced further legislation into parliament which, amongst amendments which "aim to remov[e] undue impediments to successful investigation and prosecution of foreign bribery offending",9 seeks to introduce a new offence of failure of a body corporate to prevent foreign bribery by an associate, and a deferred prosecution agreement scheme (which would apply not only to foreign bribery, but also to other corporate offences).10 Like the UK Bribery Act, the offence of failure to prevent bribery would not apply if the body corporate can establish that they had "adequate procedures" designed to prevent the commission of the foreign bribery offence by its associates. What will constitute "adequate procedures" is not defined in the legislation, rather the Minister will be required to publish guidance on the steps that a body corporate can take to prevent an associate from bribing foreign public officials.

Without attempting to be comprehensive we suggest that there are three areas to consider and take into account for global companies – third party due diligence, encouraging positive culture and conduct and not just focussing on policy and procedure, detection and disclosure.

Corporations operating across multiple jurisdictions will inevitably deal with, or conduct business through, third parties. It is not only important to regulate the behaviour of your own organisation, it is also very important to know who you are doing business with and who is doing business on your behalf.

Further, given the potential for successor liability, when considering the acquisition of a business effective due diligence on matters relating to bribery and corruption is a critical step.

The second practical step that an organisation can take is to think about achieving compliance outcomes not only through the means of policies and procedures designed to meet the letter of legal and regulatory obligations, but also through the lens of fostering a positive culture within their organisation in an effort to encourage good conduct and business practices.

Having the right policies in place will only get you so far – 'tone from the top' and the manner in which behaviours are modelled from the top of the organisation through middle management to the front line are crucial. Further, how performance is measured and rewarded, whether poor conduct is detected and punished, and whether communication and challenge is encouraged or stifled, will impact the culture of the organisation and the behaviour of employees.

Speaking on the issue of culture and ethics in the banking sector, Paul Volker (former head of the US Federal Reserve) noted:

"All these banking institutions have fine statements of their ethical practices on paper, but how much it's really enforced, how much is in the instincts of staff…up and down the ranks, is difficult to say."11

(our emphasis)

You want good conduct within your organisation to be a matter of instinct, and not a 'tick-a-box' compliance exercise. The cost of getting culture and conduct wrong can be immense, not only in terms of regulatory fines, customer compensation, and compliance and legal costs, but also in terms of reputational damage.

Detection of bribery or corrupt conduct may arise as a result of a tip-off from a whistleblower, or from other sources within or outside of the business. Once appraised of such allegations, it is important to promptly and properly investigate them. In order to preserve privilege, such investigations are generally driven by in-house counsel. While such investigations may be limited to activities in the home jurisdiction, increasingly they will focus on activities of the corporation (or its employees or agents) abroad. Some matters that should be top of mind when conducting such investigations include:

  • have I provided employees involved in the investigations with the necessary warnings? For example, in the US corporate counsel provide employees with the so-called "Upjohn Warning" which covers matters such as the fact that the counsel represents only the corporation and not the employee as an individual;
  • do I understand how privilege operates (if at all) in the jurisdiction to ensure that I do not take steps which could inadvertently waive such privilege; and
  • are there workplace or labour laws in the jurisdiction which impact the manner in which I can conduct my investigation?

Finally, should you detect bribery or corrupt conduct within your organisation then serious thought should be given to self-reporting and cooperation with the relevant authorities. Care must be taken to manage such reporting and cooperation as the policies and procedures of each jurisdiction vary, and both the enforcement policies, and the tools short of prosecution available to enforcement agencies are in a state of flux.

As global efforts increase to regulate, detect and prosecute bribery and corrupt conduct – wherever it may occur – lawyers must keep appraised of international regulatory developments, understand and embrace the complexity of a global rather than local view, and be ready to act decisively to investigate and address any allegations of such conduct within their own organisations.

Organisations also need to think about corporate culture holistically, and recognise that in so doing such an approach can be used not only to assist in regulatory compliance, but also to enhance competitive advantage.

  1. Colin Loveday is a Partner in the Commercial Litigation team in the Sydney Office of Clayton Utz. Richard Abraham is a Senior Associate in Colin's team.
  2. For example, the
  3. Figures taken from the Stanford Law School Foreign Corrupt Practices Clearinghouse:
  4. Available at:
  5. Available at:
  6. See:
  7. See: The SFO press release explains: "The indictment, which has been suspended for the term of the DPA, covers 12 counts of conspiracy to corrupt, false accounting and failure to prevent bribery. The conduct spans three decades and involves Rolls-Royce's Civil Aerospace and Defence Aerospace businesses and its former Energy business and relates to the sale of aero engines, energy systems and related services. The conduct covered by the UK DPA took place across seven jurisdictions: Indonesia, Thailand, India, Russia, Nigeria, China and Malaysia."
  8. See Division 490 of the Criminal Code Act 1995 (Cth).
  9. Explanatory Memoranda [5].
  10. See Crimes Legislation Amendment (Combatting Corporate Crime) Bill 2017.
  11. See: