FCPA Compliance and Ethics Blog

April 21, 2011

Fancy a Brew? Internal Controls under the UK Bribery Act

My colleague Henry Mixon of Mixon Consulting has an interesting observation regarding internal controls under the UK Bribery Act. Unlike the Foreign Corrupt Practices Act (FCPA), the Bribery Act does not have a books and records component written into the law. However, even without this books and records component, robust internal controls may be more important under for the reason that they must be present and functioning if a company is to assert an “Adequate Procedures” defense available under the Act.

Buried within “Principle Five of the Guidance” is the requirement that (a) a company has appropriate financial controls to prevent and detect violation of anti-bribery policies; and (b) that these financial controls be communicated to both employees and relevant third parties. With this total lack of ‘guidance’ for companies subject to the Bribery Act to fall back upon, we believe companies can look to internal controls developed for the FCPA for some guidance. However, the internal controls put in place for the Bribery Act will need to address the specifics of that the Bribery Act. Clearly the two major differences will be lack of distinction between public officials and the jurisdictional nature of the Bribery Act will require a company’s internal controls to be global in scope.

I.                The Four Cornerstones

We have previously set out the four cornerstones of any internal controls regime, and just to refresh they are as follows:

  • Transactions are properly authorized;
  • Transactions are accurately recorded;
  • Accountability for assets is maintained; and
  • Unauthorized access to assets is prevented.

As we have also made clear, in prior posts, three key components are: Documentation, Documentation and Documentation. There must be written policies and procedures which are clear, assessable and enforced, however policies alone are not sufficient. There must be evidence of standards for the performance of internal controls; there should also be ongoing monitoring and auditing to ensure that they continue to function effectively.

II.             Infrastructure

Internal control infrastructure should be evaluated and enhanced if needed. This would include the tracking of gifts, entertainment, hospitality and promotional considerations. A similar requirement is found for travel. Any payments to high risk parties or in high risk countries should not only be evaluated with internal controls but elevated for approval to an appropriate level of management for visibility, a delegation of authority issue. All of these considerations need to include an expanded emphasis under the Bribery Act, due to the  lack of distinction of public officials and private actors, so all transactions need to have this level of review.

III.           Beyond the FCPA

Other additional considerations or expanded considerations which a FCPA only based internal controls system may need under the Bribery Act are a mechanism to deal with a company’s interaction with a US governmental official. As the Bribery Act makes illegal the acceptance of a bribe, controls will be needed to cover and document this aspect. Lastly, there should be overall documentation of the company’s compliance program to provide proof of ‘Adequate Procedures’ so that a defense is available under the Bribery Act.

IV.            Some Suggestions

A suggested approach to evaluate your company’s internal controls under the Bribery Act would include an initial bribery-related risk assessment to include:

  • Location-specific risks;
  • Transaction-specific risks;
  • Process-specific risks;
  • Inherent risks of your industry; and
  • Inherent risks due to the way your company does business.

Thereafter, the following should be considered:

  • Gap analysis, including deficiencies in documentation of the performance of controls;
  • A controls remediation plan, proportionate to identified risks, gap analysis, and the nature of your business operations;
  • An internal controls training plan, including training for Delegation of Authority approvers, persons involved in business development, accounts payable clerks, and others;
  • An internal controls monitoring plan;
  • Address proof of “adequate procedures”;
  • Expand the scope of third party risk assessment (not just foreign public officials and those who interact with them);
  • Address risk of requesting/receiving a bribe; and
  • Consider anti-bribery controls in the US.

As recently reported in the Wall Street Journal, an astonishing 73% of more than 1,000 business professionals polled by Deloitte Financial Advisory Services LLP said they were not familiar with the provisions of the Bribery Act. With an upcoming implementation date of July 1, 2011, we can only hope that these companies will wake up and smell the [Bribery Act] coffee, or tea, for our English followers.

Henry Mixon is the Principle of Mixon Consulting and can be reached via email at hmixon@mixon-consulting.com. 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011


  1. Tom, excellent post! Much to my dismay, however, I wouldn’t call 73 percent of the F 1000 unaware of the Bribery Act ‘astonishing’– depressing, yes, but not one bit surprising.

    Comment by Matt Kelly — April 21, 2011 @ 7:40 am | Reply

  2. ………………..Summary Although much is still unclear about the implementation date or the manner in which the UK Bribery Act will be enforced it is clear that one of the important compliance functions which a company should implement is appropriate internal controls. The previously released Consultative Guidance had the following language regarding internal controls Businesses should also consider how their existing internal company procedures can be used for bribery and corruption prevention.

    Comment by offshore bank accounts — May 2, 2011 @ 12:53 am | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: