Yesterday, the Commonwealth Attorney-General published guidance on the steps that a corporation can take to prevent an associate from bribing foreign public officials. In this article, we examine those steps and explain what corporations should do to prepare for the foreign bribery reforms that enter into force in September.
Background
In March 2024, the Federal Parliament passed the Crimes Legislation Amendment (Combatting Foreign Bribery) Act 2024, introducing a new “failure to prevent foreign bribery” offence for body corporates under s 70.5A of the Criminal Code Act 1995.
From 8 September 2024, it is an offence if an associate of a body corporate (which includes an officer, employee, agent, contractor or subsidiary) bribes a public official (within the meaning of s 70.2 of the Criminal Code) for the body corporate’s profit or gain. This new offence is one of absolute liability, meaning it is not necessary to prove a mental element to establish a contravention. The usual limited defence of mistaken fact is also unavailable.
The maximum penalty for a contravention of this section is the greater of 10,000 penalty units (currently AUD3.13M), three times the value of the benefit derived from the contravention (which was recently considered in R v Jacobs Group (Australia) Pty Ltd (2023) 44 ALR 202), and/or 10% of the body corporate’s annual turnover.
A corporation will not be liable for this “failure to prevent foreign bribery” offence if it can prove that it had ‘adequate procedures’ in place designed to prevent foreign bribery. The legislation does not explain the circumstances in which (or the types of) procedures that are ‘adequate’ for the purposes of this defence, recognising that the question is invariably circumstantial.
Yesterday, the Attorney-General published its Guidance on Adequate Procedures to Prevent the Commission of Foreign Bribery, to assist corporations in understanding the nature and extent of the defence. The guidance outlines six principles to consider when developing, implementing and monitoring anti-bribery compliance controls. In particular, the guidance is non-binding, and satisfying all six elements will not necessarily enliven the statutory defence. Nevertheless, the guidance establishes a strong theoretical foundation for compliance initiatives, and officers would do well to keep the practical suggestions front-of-mind.
Below, we explore the key takeaways from this regulatory guidance and discuss what you should do to prepare for the commencement of the foreign bribery reforms.
1. Fostering a control environment to prevent foreign bribery
In designing its anti-bribery compliance controls, corporations should consider their individual circumstances. The controls should be both effective, having regard to the corporation’s activities, and proportionate to the level and nature of organisational risk that the corporation faces. This proportionality assessment should be overseen by management and conducted by suitable personnel. Depending on the corporation’s size, the analysis may form part of a wider, more general risk assessment, and may involve input from suppliers and customers.
For all corporations, the main indicators of an effective anti-bribery compliance program are:
- A robust culture of integrity within the corporation;
- Demonstrated pro-compliance conduct by top-level management, including the Board of Directors;
- A strong anti-bribery compliance function (or functional equivalent);
- Effective risk assessment and due diligence procedures; and
- A careful and proper use of third parties.
2. Responsibilities of top-level management
A corporation’s top-level management, including the Board of Directors, should play a critical role in developing, implementing and promoting its anti-bribery compliance program.
In relation to development, management might provide leadership on policies, select senior managers to lead works, endorse bribery prevention publications, and have specific involvement in high-profile and critical decision-making.
In relation to implementation and promotion, management might raise awareness of the corporation’s anti-bribery compliance program, oversee the development of a code of conduct and its responses to a breach of bribery policies, eliminate inappropriate incentives, and seek reciprocal compliance commitments from business partners.
3. Risk assessment
A corporation should adopt a risk-based approach to developing its anti-bribery compliance program. As part of this, corporations should conduct a bribery assessment to identify their exposure to foreign bribery risks. Key considerations might include the jurisdictions and sectors the corporation operates and trades in, common transactions (especially those involving foreign officials), third party risks, offshore operations, corruption perception ratings and financial controls. Bribery risk-rating should reflect the likelihood of the risk occurring and the impact of the risk on the business.
All risks assessments should be documented in a centralised, easily accessible location, like a risk register. The risk assessments should be reviewed periodically and in response to a change in circumstances, including operations or regulatory conditions.
A key aspect of risk assessment is due diligence. A corporation should conduct thorough due diligence before entering into a business relationship, and that due diligence should continue throughout the relationship. The level of due diligence should be proportionate to the risks associated with the particular transaction or relationship. In high risk situations, due diligence procedures might include conducting direct and indirect inquiries and background research.
4. Communication and training
When foreign bribery risks materialise, a corporation’s compliance program should be at the forefront of an employee’s mind. As such, internal communications should convey managerial-level dedication to the program and should make employees aware of how those controls are relevant to the daily work.
As always, training is a critical dimension to managing compliance risks. The corporation should ensure its employees and other associates understand the anti-bribery compliance program and its controls. It is not enough to simply ask employees to acknowledge they have read and understood the compliance program.
The frequency and content of training should be proportionate to the bribery risks faced, but should include information on how to respond to bribe solicitation and where to report bribery concerns. Potential training methods include classroom teaching, external courses, seminars, online learning and conferences.
5. Reporting foreign bribery
All corporations should encourage and facilitate the reporting of actual or suspected instances of bribery or bribery solicitation. Corporations must comply with the whistleblower protection provisions in pt 9.4AAA of the Corporations Act 2001, and should have mechanisms in place to respond to bribery concerns. As part of this, corporations should foster a whistleblowing culture, make eligible whistleblowers aware of their rights, establish secure, confidential and accessible reporting avenues, and (where practicable) adopt the best practice guidance in ASIC RG 270 Whistleblower Policies.
6. Monitoring and review
All corporations should regularly monitor, review and adjust their anti-bribery compliance program to test its effectiveness and to adapt the controls to any changes in business conditions. The scope and frequency of the review process depends on the risks identified and the effectiveness of the corporation’s monitoring procedures. The review mechanism might include internal audit and financial control mechanisms, associate surveys, confidential reporting channels, feedback about training, and engaging a third party to review the effectiveness of the anti-bribery compliance program.