‘Adequate procedures’: Does company size matter in India?

Failing to prevent bribery is a corporate offence under section 7 of the UK Bribery Act 2010, subject to the defence of proving that “adequate procedures” were in place to prevent bribery. The act impacts UK-based and global companies with operations in India because of the extra-territorial nature of the statute, regarded as one of the world’s most stringent anti-bribery statutes. While guidelines have been issued in relation to principles around implementation of adequate procedures, judicial interpretation regarding adequate procedures is limited.

A recent case involving a small refurbishment company provides insight into how the adequate procedures defence is perceived judicially. This can help companies putting in place compliance programmes to meet the required standards.

The company, Skansen Interiors, was charged under section 7 based on the allegation that its former managing director paid bribes to secure contracts worth £6 million. In addition to filing a suspicious activity report with the UK National Crime Agency, the company voluntarily self-reported the conduct to the City of London Police and cooperated with the police investigation.

In its defence, the company cited its modest size (it had total headcount of 30) and limited geographical reach to argue that a company of its size is not required to have a sophisticated anti-bribery programme. The company also argued that it did not require a detailed policy to convey to its staff not to pay bribes because this was common sense and the company should be able to rely on the integrity and honesty of its employees to help avoid bribery. Other arguments that the company raised in its defence hinged on its financial controls, standard form anti-bribery clauses in contracts, etc.

While a jury found the company guilty, the case offers insights into how the jurisprudence on adequate procedures is developing, which may be relevant for a company with operations in India, especially one with modest operations.

Policies and controls: The case shows that having a general policy and normal accounting controls will be insufficient to afford even the smallest company the adequate procedures defence. Companies of any size will need to incur some cost and expend management time in day-to-day operations with respect to anti-bribery policies and controls.

Reinforcing policies: The case makes clear that it is not sufficient to upload the policies on a common server accessible to staff without monitoring or communication to ensure that such policies are read and complied with. Companies with robust management systems software can use functionalities to confirm that all staff members have read the policy being circulated.

Specific people responsible for compliance: Companies need to identify individuals who are responsible for compliance with anti-bribery policies. Sometimes individuals in senior roles can additionally take on an anti-bribery related role. It is important that such people understand the nature and responsibility that this role entails. As a matter of practical implementation, it may be worthwhile for companies to seek external help in hand-holding such an individual for some time before making it a complete internal function.

Reflecting changes: Companies cannot afford to treat the policies as isolated or static. Companies may enter new territories which may present new risks, or laws may change requiring companies to relook at their policies to make sure that those are in sync with the legal requirements. Therefore, companies must ensure that the policies are dynamic and updated from time to time to reflect new risks that may emerge from changes in law or circumstances. An internal audit is a good tool to ensure that such policies are dynamic. Such an audit should focus on evaluating the effectiveness of policies by conducting detailed testing on a sample basis and also update the policies based on any new changes in law or policy.

The case clearly shows that in evaluating adequate procedures regulators will not give small companies a carte blanche based on their size. This becomes relevant even when companies have a small outpost in India or South Asia because of the sheer risk in carrying on business in these counties. No matter how many employees a business has, the steps taken to combat bribery or corruption must be in line with the risk profile of the business, which may, in turn, depend upon factors such as sector, nature of customers, areas of operation, business model, etc. Whatever may be the size of a company, regulators expect a basic minimum level of compliance which is a base line in the new world order.