Control Risks partner Mark Pulvirenti tells StrategicRISK what risk managers need to do to make sure their firm stays on the right side of new anti-bribery legislation 

The OECD has long been a substantial source of criticism of Australia’s efforts in enforcing its foreign bribery laws (in the Criminal Code) - and rightfully so. The OECD performed its phase 4 evaluation of Australia’s enforcement efforts last year (with the phase 3 evaluation having been conducted in 2012) and released its report in December. (see

While the OECD noted an improvement in Australia’s efforts, it found that Australia must continue to increase its level of enforcement. 

The Senate Economics References Committee commenced an inquiry into foreign bribery in June 2015. While it was delayed by the last election, the inquiry continued, having held public hearings in August and October 2017 and is currently due to report on 28 March 2018.

While some momentum was slowly building via the Senate inquiry, I expect that the main driver for the new legislation last year was the government’s desire to avoid further OECD criticism through its phase 4 evaluation.

Where the challenges lay

The likely largest challenge to risk managers will be the proposed strict-liability, corporate offence of “failing to prevent bribery of foreign officials” (proposed section 75A of the Criminal Code). Due to the strict-liability nature of the offence, the only defence open to an organisation will be to demonstrate that it has in place “adequate procedures” to prevent bribery.

The meaning of “adequate procedures” has yet to be fully tested in Court, however, US and UK regulators have issued guidance and it is expected that the Australian government will issue similar guidance.

Companies will need to put in place effective risk-based anti-corruption programs (rather than just “paper programs” that might just include a code of conduct or other policy sitting on a shelf).

Corruption risk assessments will need to be conducted and appropriate policies, procedures and controls will need to be put in place. These will likely include:

  • a stand-alone anti-corruption policy (and related policies and procedures/standards),
  • communications to staff,
  • training of staff,
  • senior oversight of the program with adequate resources,
  • monitoring of transactions, internal and external reporting (including whistleblower hotlines),
  • investigative and disciplinary procedures and management of third parties (including performing due diligence,
  • ensuring proper contractual provisions, monitoring and communications.

Actions speak louder than words

The key to successful corruption compliance programs is that they are dynamic - not static. They can’t be “done once” and then forgotten about - they need to be “living” and incorporated into how a company does business. It’s about building values rather than just “thinking compliance”.

As businesses grow or change, new risk assessments need to be performed to ensure that the current program is still addressing the types of risks facing a business. If it is not, the program should be amended as the business grows or changes to meet the new risks faced. 

Several decades ago safety was virtually a non-issue, whereas now, it is critically central to all that some companies do and how they do it. Integrity and values need to go down the same path.

Not only do we find clients that are values-driven rather than compliance-driven being more successful, the consequences of getting foreign bribery wrong can be dire.

Lessons to be learned

The proposed failure-to-prevent offence is broadly modelled on section 7 of the UK Bribery Act (UKBA). Risk managers should definitely learn lessons from the UK in this regard.

For larger Australian companies that were already subject to the UKBA, there won’t be as big a change coming - save that the focus on these issues will now be far closer to home rather than on the other side of the world.

For companies that were subject to the US Foreign Corrupt Practices Act, there may be a bit to do in enhancing compliance programs. For Australian companies that were not previously also subject to US or UK jurisdiction, there will need to be quite a shift in their risk and compliance focus.

Risky business

The proposed amendments to the wording of the current section 70.2 of the Criminal Code will make it easier for the AFP and CDPP to investigate and prosecute instances of foreign bribery.

The proposed section 70.5A failure-to-prevent offence will present a significant risk (as outlined above), particularly as the company will be held liable for the actions of its “associates”, which is fairly broadly defined in the proposed amendments (section 70.1) anywhere in the world.

What goes up, must come down

The initial downside for businesses will be the investment needed to implement risk-based adequate procedures to prevent corruption. There will be a short-term cost involved as well as significant cultural changes required. Boards and senior management will need to see these measures as becoming integral to how organisations do business - both for the benefit of the business and to avoid their own prosecution.

While there is a new focus on corporate convictions, prosecuting individuals is still a cornerstone of global law enforcement agencies.

While this represents some initial short-term downside, companies that have these procedures in place and change the way they do business, will likely find far greater value in the mid to long term as their business will better function and should, therefore, be more profitable. They will be less likely to be approached for bribe payments abroad and they and their staff will be better placed to handle them. With a reduction in corruption demands should come a reduction in the costs of doing business.