Legal development

Are your company's anti-bribery controls fit for purpose? 

By Rani John

28 August 2024

Share Share
spiral background
Share

    Australia's 'adequate procedures' guidance issued in final form

    What you need to know

    • A company will have a defence to the new Commonwealth offence of failing to prevent foreign bribery, in effect from 8 September 2024, if it can show that it had 'adequate procedures' in place to prevent the commission of foreign bribery by its associates.
    • Following a consultation process earlier in 2024, the Attorney General's Department has issued final guidance on 'adequate procedures', dealing with steps companies can take to ensure their anti-bribery controls are adequate.

    What you need to do

    • Consider, in light of the guidance, whether and how to update your existing anti-bribery and corruption policies, procedures and training to make sure they pass muster as 'adequate procedures' for your company.
    • Ensure that senior leadership plays a role in developing, implementing and promoting anti-bribery compliance programs, and fostering a compliance culture.

    Failure to prevent foreign bribery offence

    On 29 February 2024, the Australian parliament enacted legislation which introduced a new corporate offence of failure to prevent foreign bribery. The new laws take effect from 8 September 2024. We provided an overview of the new failure to prevent foreign bribery offence in an earlier update.

    Under section 70.5A of the Criminal Code, a company will be criminally liable where an 'associate' of the company (meaning its officers, employees, agents, contractors, other service providers, or other associates) has committed foreign bribery for the profit or gain of the company. The company does not need to have been involved in or to have authorised the offending conduct for it to be liable.

    However, a company will have a defence if it can show that it had ‘adequate procedures’ in place to prevent the commission of foreign bribery by its associates.

    'Adequate procedures' guidance issued in final form

    Following a consultation period, on 28 August 2024 the Attorney General's Department issued final guidance on what constitutes 'adequate procedures'. Below, we provide an overview of what the guidance says about steps companies can take to ensure their anti-bribery controls are adequate. It is important to bear in mind, however, that the guidance is just that. What represents 'adequate procedures' for any given company needs to be assessed on a case-by-case basis.

    Key elements of an effective anti-bribery compliance program

    The guidance adopts a principles-based approach to anti-bribery controls, rather than a checklist for companies to comply with. It includes case studies and scenarios throughout to provide practical examples of the specific topics being discussed.

    The guidance is organised so that it fits under six principles that should underpin an effective anti-bribery compliance program. Each of the six principles is discussed below.

    1. Fostering a control environment to prevent foreign bribery

    The two key factors underpinning the first principle of fostering a control environment to prevent foreign bribery are proportionality and effectiveness. In summary:

    • Controls implemented by a company need to be proportionate to its circumstances, including its foreign bribery risks and the nature of its activities.
    • The five main indicators of an effective anti-bribery program are: (1) 'a robust culture of integrity within the corporation'; (2) 'demonstrated pro-compliance conduct by top-level management and, where applicable, the board of directors'; (3) 'a strong anti-bribery compliance function or functional equivalent'; (4) 'effective risk assessment and due diligence procedures'; and (5) 'careful and proper use of third parties'.

    The guidance recognises that the fact that foreign bribery has occurred does not, in itself, mean that adequate procedures were not implemented. This mirrors the language in the Explanatory Memorandum on this topic, as recommended by Ashurst during the consultation process.

    2. Top level management is responsible for developing, implementing and promoting an effective anti-bribery compliance program

    'Top level management' (including the executive team and board of directors) should take the lead in developing, implementing and promoting an effective anti-bribery program. The guidance stresses that small and large companies will likely take different approaches to achieving buy-in from top level management.

    The guidance suggests that top level management's role:

    • in developing an anti-bribery program, may include providing leadership by initiating policy development and reviews, and selecting senior management to take the lead on anti-bribery work;
    • in implementation and promotion of the program, may include publishing visible and easy to read statements demonstrating senior leadership dedication to preventing bribery and corruption; developing and implementing a code of conduct that reflects the anti-bribery compliance program and promoting it to employees and third parties; eliminating incentives that could increase bribery risks; and seeking reciprocal anti-bribery compliance commitments from business partners.

    3. Conduct risk assessments and due diligence to identify and mitigate anti-bribery risks

    Central to the recommendations in the guidance is having companies adopt a 'risk-based approach' to developing their anti-bribery compliance program, with three key steps:

    1. undertaking a bribery risk assessment, which involves identifying where risks lie having regard to the sectors and jurisdictions in which the company operates, its common transactions, its dealings with foreign public officials and third party agents, its regulatory environment and the controls it has in place;
    2. rating the risks, including the likelihood of the risk and the impact of the risk on the company if it were to occur; and
    3. documenting the process and findings of risk assessments, including storing them in a central location that is easily accessible, and maintaining a risk register if appropriate.

    A company should also undertake due diligence in relation to new and existing business relationships, ensuring the level of due diligence is proportionate to the risk posed by the relationship.

    Non-controlled associates

    It is important to manage any risks identified in the due diligence process, including any risks involving non-controlled associates (such as joint venture partners or contractual counterparties) who may not have reasonable anti-bribery compliance programs in place.

    Where there is a foreign bribery risk associated with a non-controlled associate, the company may consider taking measures such as:

    • requiring the associate to demonstrate that it has an effective anti-bribery compliance program in place;
    • including contract clauses which indicate a zero tolerance of bribery;
    • requiring the non-controlled agents to disclose if they are engaging any sub-contractors.

    4. Ensure effective communication and training for employees and other associates so that they understand the anti-bribery compliance program and its practical application

    Companies should undertake communication and training that ensures employees and other associates have a thorough understanding of their anti-bribery compliance programs and how controls are practically applied. The communication and training needs to be proportionate to the risks posed.

    Internal communications about the company's anti-bribery compliance program should convey senior leadership's dedication to the program, make the program front of mind, and illustrate how it is relevant to day to day activities. The guidance also suggests creating opportunities for employees to engage in the program by holding anti-bribery meetings, online training and focus groups, and going beyond simply asking employees to acknowledge they have read and understood the anti-bribery compliance program.

    External communications should convey the company's 'tone from the top', how the anti-bribery program operates and the company's expectations for its business relationships in that regard.

    Relevant considerations for training include offering it in different modes (online, in person) and different languages as necessary; tailoring the training for sector-specific bribery risks for employees who work in higher risk functions like purchasing and contracting; using real-life examples relevant to the business; and ensuring that the training undergoes periodic review and is continuous. As 'associates' extends to non-controlled associates, agents, contractors and suppliers, companies need to consider whether those associates also have access to relevant training, at least for those who are considered to be at risk of foreign bribery.

    5. Adopt effective mechanisms to facilitate reporting of suspected bribery

    The guidance recommends that companies adopt mechanisms to encourage the reporting of suspected bribery or bribery solicitation. It recognises that some companies will already have whistleblower regimes in place as required by the Corporations Act and that a whistleblower policy implemented in compliance with that Act is a sufficient confidential reporting mechanism.

    The guidance otherwise describes the hallmarks of an effective reporting mechanism – that it is visible, secure, confidential and accessible to all employees (regardless of location), and that companies communicate the protections available to those who make a report, and how the company will address those reports.

    The reporting mechanisms should have response systems to allow investigation of allegations of bribery. Those investigations should be 'properly scoped, objective, timely, appropriately conducted, and properly documented'. Companies should also ensure appropriate action is taken to address investigation findings.

    The guidance also states that in addition to establishing adequate procedures, companies should consider voluntarily self-reporting actual or suspected incidents of foreign bribery to the Australian Federal Police.

    6. Implement regular monitoring and review of your anti-bribery compliance program

    Companies should regularly review, monitor and adjust their anti-bribery compliance programs to test their effectiveness and to adapt controls to changes in the business environment. Evaluations may need to be conducted when a company enters a new market; changes its activities; has a bribery incident; has changes to its regulatory or governance environment; or in response to employee or associate feedback.

    The guidance lists a number of mechanisms for a company to consider adopting in monitoring its compliance program, including internal audit and financial control mechanisms; staff surveys; confidential and anonymous reporting channels for staff and associates to raise concerns regarding bribery risks; training feedback; expert reviews; information from industry bodies; and verification of the effectiveness of its anti-bribery program by an external provider.

    If you'd like assistance in assessing whether your anti-bribery controls are fit for purpose, please get in touch.

    Want to know more?

    Authors: Rani John, Partner; Phimister Dowell, Senior Associate; and Jacqui Turner, Lawyer.

    The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.

    Ashurst Australia (ABN 75 304 286 095) is a general partnership constituted under the laws of the Australian Capital Territory.

    Ashurst Risk Advisory Pty Ltd is a proprietary company registered in Australia and trading under ABN 74 996 309 133.

    The services provided by Ashurst Risk Advisory Pty Ltd do not constitute legal services or legal advice, and are not provided by Australian legal practitioners in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services.

    For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com.

    This material is current as at 28 August 2024 but does not take into account any developments after that date. It is not intended to be a comprehensive review of all developments in the law or in practice, or to cover all aspects of those referred to, and does not constitute professional advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.

    Key Contacts

    image

    Stay ahead with our business insights, updates and podcasts

    Sign-up to select your areas of interest

    Sign-up