It’s always a little daunting when you find yourself in complete disagreement with both the FCPA Professor and with Alexandra Wrage (rhymes with “foggy,” for those of you who were wondering).
The FCPA Professor wrote here, and Alexandra wrote here, that the UK Bribery Act hullabaloo has been much ado about, if not nothing, then not that much. Stop freaking out, in other words. I find myself having to disagree.
They’re not entirely wrong, mind you. (You never get far betting against Alexandra, in my experience.)
So, the UK Bribery Act. The major changes are well known at this point: no facilitation payments, corporate offense of failing to prevent bribery with defense of having a compliance program, 10 years in prison versus 5 for the FCPA, and prohibitions on commercial bribery.
I would agree that all but the last will cause a yawn in compliance programs. Facilitation payments aren’t an issue because even under the FCPA, you still have the books-and-records provisions to deal with, and no company wants an account on their books for “legal facilitation payments.” I’ve heard Manny Alas say—at least, I think it was Manny—that he’s seen that before, but I haven’t. It seems a little too much like “bribe,” to me. Anyway, for most compliance officers, they wouldn’t know a chart of accounts if it bit them on the behind. That’s another post. But the bottom line here is that companies are wary, and have always been wary, of facilitation payments, because they’re impossible to account for.
Let’s digress a little here because I always hear the question, “it’s tough to define ‘facilitation payment’.” But it’s really not. Write this down: what differentiates a facilitation payment from a bribe is what you’re trying to get. If you’re trying to get a product or service that you’re legally entitled to, it’s a facilitation payment. If you’re trying to get an official to decide something, it’s a bribe. Getting your driver’s license, for example. If you’re paying some money to get someone to enter your test score into the system so you can get your license, that’s a facilitation payment. If you’re trying to get someone to give you a license without having to take the test, that’s a bribe. If you’re trying to get someone to approve an application, bribe. If you’re trying to get someone to process an application that’s been approved, that’s a facilitation payment. See?
Back to our regularly scheduled program.
Because facilitation payments are difficult, lots of companies either say “no,” or say, “if you want to, you have to go to the C-suite to get approval,” which no one wants to do. It’s what I call “deterrence by approval process.” Remember also that facilitation payments are illegal in the country in which they are made. No one allows bribes to local officials.
So facilitation payments won’t cause any problems for companies under the UK Bribery Act.
Neither will the admittedly harsh strict liability provision. Mainly because it’s not really strict liability. You can defend by proving you have an effective compliance program. Which a lot of companies in the US now can say they have. (Whether they actually have an effective compliance program is another question.) So there’s no change. Just have an effective program. Look at the proposed guidelines; there’re no surprises there. Even the differing guidance on meals and hospitality won’t cause real change. Companies already are looking at meals and hospitality. It’s one of the few somewhat principle-based rules we have here: amenities have to be “reasonable,” whatever that means. US companies are already on top of that.
But, and this is a big one, the commercial bribery elements are a sea change. True, in the Control Components case, and in one other I can’t think of right now, there were charges of violating the Travel Act, with the underlying state-law charge being commercial bribery. And Alexandra makes a point of saying that the government has used other tools to get at private bribery. True. But nowhere near FCPA enforcement. More telling, companies didn’t really move after those cases. Now, though, for compliance officers, it’s a total change, with huge effect.
In some ways, the change makes life easier: it’s easier to message because there’s no if/then, it’s easier to train, in that there’s no pre-training triage that has to happen. It has always been a major effort to identify those people within your organization who regularly deal with public officials, to target them for additional monitoring and additional training. Now you just say, all employees. But you have real issues with the disruption. Instead of just government dinners you have to touch, it’s all dinners, all gifts.
And even more importantly, you have to touch all third parties, not just third parties that interact with the government. That’s a huge change. The volume of government-relevant third parties is a small percentage of total third parties. Some companies, very few, put all third parties through a diligence program. A lot of companies, however, even those who put all third parties through a process, use government interaction as a risk factor for additional diligence. So they’re going to have to adjust their risk-setting algorithm. The effect of that change will be increased volume of higher-risk third parties, which means greater monitoring, and more effort down the chain. In other words, with your highest risk third parties, you need annual audit rights, performance indicator measurement, termination provisions, yearly contract renewals, transaction monitoring, etc. But now, there’ll be a huge increase in how many third parties fall into that category. Before, it was pretty small, now, it’ll be much larger. Which means more manpower, more resources, more money, and more effort. For all but the largest corporations, it’ll become the compliance tail wagging the business dog.
Thus, from a value proposition perspective, this makes compliance much more intrusive into business processes, which always is (a) difficult, and (b) resented. It makes the compliance/business relationship that much more difficult. Which, any compliance officer will tell you, is more than half the battle.
So while I agree for the most part, I completely disagree about the impact of the UK Bribery Act as it applies to companies’ compliance programs.