There are some regions of the world, parts of Africa being a good example, where unreceipted payments to officials have become commonplace – but such business practices are unsustainable in a global economy where the spotlight on illegal and corrupt activity is shining brighter than ever. Increasing levels of legislation and regulation and the activities of Non-Governmental Organisations (NGOs) such as the OECD1, Development Institutions such as the World Bank and the international business community mean that companies are being forced to scrutinise their operations in order to identify and mitigate bribery and corruption risk. Global standards such as the Extractives Industry Transparency Initiative (EITI)2 and reports such as the Corruption Perception Index (CPI) published by Transparency International3 epitomise the global drive towards a fairer business environment.
The President of the World Bank recently stated that “corruption at both the public and private level is the scourge of the developing world”. The Bank has set out its plans to hire more experts in the rule of law and other governance issues in order to provide technical advice to its member countries. This technical support is a further demonstration of the global efforts being undertaken to assist countries to improve their governance structures in order to help to stamp out corruption.
The UK Bribery Act (UK Act), which came into effect in 2011, is currently the most rigorous anti-bribery legislation in the world. The UK Act applies not only to any UK-registered company but also to any non-UK company that does business in the UK, it covers both private and public sector bribery and it includes a ‘corporate offence’ of failing to prevent bribery by an ‘associated person or persons’ (ie, anyone acting on the company’s behalf, which covers a wide range of third parties including agents, subcontractors, and intermediaries).
The only defence to the UK Act’s corporate offence provision is that the company has ‘adequate procedures’ in place to counter corruption and bribery. While ‘adequate procedures’ are not officially defined in the legislation, the UK Ministry of Justice (MOJ) has issued guidance that sets out six guiding principles that are intended to form the basis of the procedures that a company should implement in order to demonstrate that it has done everything in its power to reduce the risk of corrupt activities.
The MOJ guidance states that bribery prevention procedures should be ‘proportionate to risk’ – in other words, the nature, complexity and scale of the organisation’s activities and the markets in which it operates should dictate the level of action. It also says that an organisation should assess the nature and extent of its exposure to potential risks of bribery on its behalf by people associated with it. This assessment should be clearly documented in order that compliance efforts can be tailored appropriately.
The US FCPA and the UK Act present challenges for oil and gas companies operating globally in a high-risk industry with a prevalence of third parties including sub-contractors and agents. Most companies already have anti-bribery procedures in place for their employees, but the need to risk-assess and monitor third parties brings enormous complexity, particularly for smaller companies who might not have the resources of a dedicated compliance department. Nearly all of the bribe payments that have been the subject of the 2013 US enforcement actions were made through third party intermediaries for example; “politically connected” agents, customs brokers, joint venture partners, freight forwarding agents and distributors4.
So what does this mean for oil and gas companies? The risks of noncompliance are considerable, not just in terms of the fines that can be levied (the average penalty paid in FCPA cases in 2013 was $28m5), but also because companies can be forced to pay back any profits arising from the corrupt behaviour. There are also other considerations: the management time and resources involved in defending litigation; reputational damage; and the risk that the company will be dissolved6 or disbarred from working with or for national governments. It is also common for cases to result in the imposition of a corporate monitor for a period of time post event, with its own cost and reputational impact.
The far reaching consequences of a regulatory breach reinforces the need to have stringent procedures in place, this is particularly true in the UK where the introduction of Deferred Prosecution Agreements (DPA) on 24 February 2014 provides a mechanism for effectively settling the criminal liability of a corporate entity, without prosecution, in return for the company agreeing to a number of conditions thereby avoiding a lengthy court case. According to the current guidance, when considering whether to enter into a DPA rather than proceeding to court the SFO may consider:
“...The existence of a proactive corporate compliance programme both at the time of offending and at the time of reporting but which failed to be effective in this instance.”7
It is therefore in the interests of the corporate to establish an effective compliance programme that demonstrates the efforts taken to prevent bribery by employees or associated persons. The UK ‘adequate procedures’ requirements may seem excessive but with many countries introducing equivalent requirements in respect of internal procedures and controls to prevent bribery, if a corporation conforms to the UK Act it is likely that their compliance framework may meet many of the requirements of equivalent legislative developments.
Oil and gas companies need to take a regimented and robust approach to their bribery and corruption risk assessment. A key element of this will be the assessment of their third parties, which can be performed in three stages:
- Identify the complete population of third parties. This raises some difficult questions, such as what to do about joint ventures. An understanding of the level of control of a JV, should help dictate the appropriate response to take;
- Rank the third parties according to the level of bribery risk, for example; those acting as intermediaries or agents in governmental interaction are likely to be higher risk.
- Perform due diligence according to the risk categorisation of each third party. The extent of due diligence performed will vary according to the assessment of risk and may include obtaining evidence of corporate structure and registration, research into the reputation, governance and relevant expertise of each third party, any potential conflicts of interest in relationships with government officials and others. While this is a complicated procedure, there are tools available to help, such as KPMG’s Astrus due diligence application8.
The format of the third party risk assessment is not prescribed but what is essential is that the risk assessment should be dynamic and any significant event, such as a new venture or acquisition, should automatically trigger an update. Anti-bribery procedures should be built around a strong and appropriate corporate governance framework which extends to third parties acting on behalf of the company.
A company’s bribery risk assessments (including the assessment of third party risk) should be incorporated into the overall company risk assessment underpinning the entire corporate governance framework. Risk assessment is a big, complex task – nothing should be left to chance.
1The OECD Anti-Bribery Convention, formed in 1999 and adopted by 40 countries, establishes legally binding standards to criminalise bribery of foreign public officials in international business transactions.
2The EITI aims to increase transparency so that information is made available to hold governments to account for how oil, gas and mineral riches are used (https://www.gov.uk/extractive-industries-transparency-initiative).
4Source: FCPA Digest, Shearman & Sterling LLP, January 2014
5Source: FCPA Digest, Shearman & Sterling LLP, January 2014 (Adjusted Average Penalty). These fines are levied according to US Federal Sentencing Guidelines. The UK has recently issued its own sentencing guidelines which will come into force later in 2014.
6The Brazilian Anti-corruption Law, effected on 29 January 2014 allows the courts to dissolve a company in particularly egregious cases.
7Deferred Prosecution Agreements Code of Practice .