The UK Bribery Act 2010 came into force more than a decade ago, with the aim of strengthening regulation in the fight against corporate crime. The act, which applies to any UK citizen, people with a close connection to the UK, and any relevant commercial organisation, makes it an offence to bribe or be bribed at home or abroad.

Financial services organisations can continue to minimise their risk of falling foul of the act in a fast-moving political and regulatory world.

Breaking down the detail

Since April 2011, the Bribery Act 2010 has applied to UK citizens, persons with "a close connection with the UK" (which includes any residents of the UK and UK-incorporated entities), as well as "relevant commercial organisations" — which means any partnership or body corporate (wherever incorporated) which carries on a business, or part of a business, in any part of the UK (England and Wales, Scotland or Northern Ireland).

An offence is committed under sections 1 (bribing someone), 2 (being bribed) or 6 (bribing a foreign public official) if any act or omission which forms part of the offence takes place in any part of the UK, or if the act or omission does not take place in the UK but it would constitute an offence if carried out there and the person has a close connection with the UK.

Section 7 of the act applies to all organisations, and creates a corporate offence of failing to prevent bribery. It stipulates that:

"A relevant commercial organisation ('C') is guilty of an offence ... if a person ('A') associated with C bribes another person intending: (a) to obtain or retain business for C, or (b) to obtain or retain an advantage in the conduct of business for C."

For these purposes, a person (A) is associated with C if (disregarding any bribe under consideration) A is a person who performs services for or on behalf of C. Accordingly, A may (for example) be C's employee, agent or subsidiary.

While failing to prevent bribery can result in an organisation facing a potentially unlimited fine, s 7(2) does provide:

"It is a defence for C to prove that C had in place adequate procedures designed to prevent persons associated with C from undertaking such conduct."

Put simply, any organisation that carries on any part of its business (whether itself or through a subsidiary) in the UK should have such "adequate procedures" in place in the form of an effective anti-bribery policy.

Keeping anti-bribery policies up-to-date

An effective anti-bribery policy should be more than a box-ticking exercise. If responsible organisations are to avoid risk, however, then "should" in this instance really means "must". Every person associated with the organisation must adhere to the policy — not only employees but also agents and subsidiaries.

The policy must also be appended to agency agreements and built into employee agreements and compliance procedures to ensure that, if the worst comes to the worst, the organisation can plausibly argue that it is doing all in its power to ensure that it has "adequate procedures" in place.

Policies need to be updated, at a minimum, on an annual basis, reflecting the actual risks, challenges and real-life scenarios relevant to the organisation in question.

Organisations would be well-advised to provide annual training for staff and others associated with the business, to remind them of their obligations. The training needs to be interesting and engaging to ensure that the recipients pay attention and absorb the central message that bribery is completely unacceptable.

Getting it right

To reiterate, simply having a policy in place is not enough to offset risk or provide a suitable defence in the event of a breach. The UK Ministry of Justice (MoJ) has issued guidance on procedures that organisations can put into place.

This guidance goes further, noting that organisations' anti-bribery policies and procedures should demonstrate that they have done all in their power to place anti-bribery measures at the heart of the organisation's thinking.

The MoJ says that organisations wishing to prevent bribery being committed should be informed by six principles:

Proportionate procedures

As well as being proportionate (see below) an organisation's procedures and policy should be clear, practical, accessible, effectively implemented and enforced.

Top-level commitment/"buy-in"

The involvement of, and messaging to employees by, senior management, including the awareness of, involvement in and oversight of, anti-bribery initiatives, will be a fundamental element of determining the adequacy of the organisation's anti-bribery policies and procedures.

Risk assessment

Each organisation should regularly assesses the nature and extent of its internal and external risks of bribery and keep records of such assessment(s). The team conducting the analysis should be senior persons in the organisation or otherwise be given appropriate powers for the assessment by management.

Due diligence

Each organisation should conduct due diligence on those who perform services on its behalf (whether agents or employees), adopting a risk-based approach. The guidance notes: "Knowing exactly who you are dealing with can help to protect your organisation from taking on people who might be less than trustworthy."

Communication (including training)

Anti-bribery procedures should be "embedded and understood throughout the organisation", and contracts with third-party agents should incorporate anti-bribery standards as strict obligations of doing business with or for the organisation.

Monitoring and review

An organisation's procedures and policy should not be a "one[1]off": it should be a living document which is regularly considered by management and employees, etc., as part of daily business.


These principles are relevant to all commercial organisations. They should be assessed on a proportionate basis (such that small organisations will, for example, face different challenges from those faced by large multi-national enterprises).

The scope of Bribery Act 2010 may seem daunting, but if organisations are thoughtful and create their own focused, tailored anti-bribery policies and procedures, they should have little to worry about.

If a potential breach does occur, and the organisation can successfully show that its policies and procedures, training, and the "tone from the top" were such that it had done all necessary internally to try to avoid any risk of bribery, then they will also have a defence to the corporate offence of failing to prevent bribery.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.