With the Criminal Justice Act 2018 now coming into force, what is required to protect your organisation’s integrity and reputation?
The newly enacted Criminal Justice (Corruption Offences) Act of 2018 is a robust piece of legislation that introduces new corruption-related offences, extra-territorial reach, tougher penalties for those convicted of corruption and the potential for companies to avail of a defence based on taking “reasonable steps” and performing “due diligence” to avoid an offence under the Act.
The Act was one of the key measures contained in the Government’s white collar crime package, which was published in November 2017. The Act is also intended to fulfil national commitments under various international anti-corruption instruments including the Organisation for Economic Co-operation and Development (OECD) Convention on Bribery of Foreign Public Officials, the United Nations Convention against Corruption (UNCAC) and the Council of Europe Criminal Law Convention on Corruption.
The Act introduces the new offence of “trading in influence”, which criminalises bribery of Irish or foreign officials. It has also introduced “strict criminal liability” for organisations. In effect, this means that the body corporate (“corporates” or “organisations”) will be criminally liable for the actions of its directors, managers, employees or agents should they commit a corruption offence for the corporate’s benefit.
The Act includes the following key measures:
- Active and passive corruption: a person who corruptly offers, gives or agrees to give a gift, consideration or advantage to any person doing an act in relation to his or her office, employment, position or business shall be guilty of an offence. A similar provision also applies to the acceptance of a gift, consideration or inducement on this basis. The offences address corruption within both the public and private sectors. Furthermore, the reference to office, employment, position or business is intended to cover all public and private sector positions, including those in voluntary bodies such as sporting or charitable organisations;
- Trading in influence: the Act includes a new offence of “trading in influence”, both active and passive, which criminalises both the offering of a bribe in order to induce a third-party to exert an improper influence over an act of an official, and corruptly accepting the bribe on these grounds;
- Extra-territorial reach: the Act provides for extraterritorial jurisdiction over acts of corruption outside Ireland committed by Irish persons or companies, or other Irish-registered entities;
- Presumption of corruption: the Act introduces a presumption of corruption where benefits have been given to an official. It also introduces the concept of a “connected person”, which was one of the key recommendations arising from the Mahon planning tribunal;
- Strict criminal liability offence: a fundamental element of the Act is the section that will make organisations liable for the corrupt actions committed by its directors, managers, secretaries, employees, agents or subsidiaries. Section 18(2) of the Act affords a possible defence that the corporate took all reasonable steps and exercised all due diligence in order to avoid the commission of the offence; and
- Penalties: the Act provides for sentences of up to 10 years in prison and unlimited fines for conviction on indictment of serious corruption offences. There are also additional penalties in respect of office holders and public officials.
What to do…
Organisations must develop and implement robust anti-corruption policies and procedures. It has become increasingly crucial for organisations to develop anti-corruption programmes to help minimise the risk of non-compliance. Given the extraterritorial reach of the Act, it is important for organisations to take account of both local and international activities.
As outlined earlier, in order to present a defence against a corruption charge, a body corporate must prove that it took all “reasonable steps” and exercised all “due diligence” to avoid the commission of the corruption offence. In terms of developing an anti-corruption programme, there is a need to perform a comprehensive, risk-based assessment that takes account of:
- Country risk: dependent on the level of international activities (i.e. beyond national borders);
- Sectoral risk: a recent fraud-based survey identified corruption as the most common occupational fraud scheme in every global region, including Western Europe. Corruption poses significant risks to several industries and is more prominent in the energy, construction, manufacturing and government and public administration sectors. The survey estimates that the average loss to victim organisations is $250,000;
- Transaction risk: certain types of transaction give rise to higher risks (e.g. charitable or political contributions, licences and permits, and transactions relating to public procurement);
- Project-based risk: such risks might arise in high-value projects, with projects involving many contractors or intermediaries, or with projects that are not apparently undertaken at market prices or do not have a clear legitimate objective; and
- Relationship risk: certain relationships may involve higher risk. For example, the use of intermediaries in transactions with foreign public officials; consortia or joint venture partners; and relationships with politically exposed persons or those with links to prominent public officials.
It is important that the risk assessment is tailored specifically to the organisation’s environment and enables the organisation to identify and prioritise the risks it faces. The risk assessment framework should also recognise:
- Oversight of the risk assessment by top level management;
- Appropriate resourcing;
- Identification of the internal and external information sources that will enable risk to be assessed and reviewed;
- Due diligence enquiries; and
- Accurate and appropriate documentation of the risk assessment and its conclusions.
Lessons from the UK
In many ways, the Act reflects the approach of similar legislation operating in the UK, namely the UK Bribery Act (UKBA) 2010. Under the UKBA, the means of defence against prosecution is based on having established “adequate procedures” to prevent corruption acts. UK-based enforcements and prosecutions reveal that bribery and corruption are significant risks where organisations operate internationally. They also highlight the dangers “associated” persons can pose.
In the UK, a common denominator in the numerous enforcement actions to date has been the role of third parties in paying bribes or facilitating payments. Consequently, third-party due diligence, contractual protections and compliance audits continue to be critical components of companies’ anti-bribery and corruption policies and procedures. In certain cases, it is not sufficient for an organisation to merely have a policy in order to invoke the “adequate procedures” defence. This policy must be reviewed over time to ensure it remains fit for purpose and must be properly implemented.
Beyond the Act, corporate culture plays a significant role in preventing corruption and this ultimately rests on employees’ behaviour. Boards and senior management need to demonstrate and communicate a proactive stance against corruption. The effectiveness of the “tone at the top” cascading throughout the organisation is a key factor in ensuring the commitment of middle managers and staff across all levels of the organisation.
The process of developing adequate procedures to minimise corruption risk does not have to be onerous. A sound assessment of the risk of exposure to bribery and corruption is the starting point. Organisations must be proportionate in their response; a well-managed and risk-aware organisation should not have any difficulty in developing adequate procedures, which form the defence against prosecution, and in making these work.
Detecting any potential corruption offence is a difficult challenge for any organisation. Understanding the methods by which corruption offences are detected is critical for both investigating schemes and implementing effective prevention strategies. Surveys demonstrate that corruption is likely to be detected by tip-offs, which highlights the importance of having secure whistleblowing systems and procedures in place. It is important to note that, while the promotion of arrangements such as the whistle-blower hotline is often aimed primarily towards employees, organisations should also consider promoting their reporting mechanism to outside parties, especially customers and suppliers.
The ultimate test for an anti-corruption programme is whether it actually works, and organisations must be prepared to demonstrate this. Ongoing monitoring and auditing, including culture-based audits, also further strengthen organisations’ means of defence.
Ultimately, organisations should take a common-sense and risk-based approach to developing and implementing anti-corruption programmes in order to protect their integrity, interests and reputation.
Justin Moran is a Director in the Governance, Risk and Internal Controls division at Mazars.