- Anti-bribery and corruption during COVID-19: key compliance steps
- 'Invisible loans' – misuse of COVID-19 Government support schemes
- ICGN Guidance on Anti-Corruption Practices for Investors – 2020 update
- UK economic crime – enforcement update
- Civil litigation risk in anti-bribery and corruption investigations
Bribery and corruption risks are often elevated in times of crisis. This is particularly true in respect of the COVID-19 pandemic due to a financially volatile climate, increased cyber-security threats and diverted corporate focus towards other COVID-19 risks. These factors make it important for companies to re-assess bribery and corruption risks and have in place adequate anti-bribery and corruption ("ABC") mitigation measures.
This article explores the bribery and corruption challenges faced by organisations in light of COVID-19, and ways in which internal compliance policies and procedures should be updated to address such challenges.
See our earlier ABC newsletter here for an overview of the rise of fraudulent activity during COVID-19 and other key updates in this area.
A changing risk landscape
Given the speed with which lockdown measures have been implemented, there is limited chance for organisations to assess bribery and corruption risks which may arise as a result of new working practices or operational processes. Existing ABC procedures have taken a back seat while addressing business disruption and operational concerns due to COVID-19.
COVID-19 global restrictions, including pressure on government resources, have affected due diligence investigations into potential targets located in foreign jurisdictions. With in-person meetings and access to authorities more difficult, potential ABC risks associated with such targets are more challenging to assess.
Recognising these risks, the Working Group on Bribery at the Organisation for Economic Cooperation and Development (“OECD”) recently announced that it would examine the possible impact and consequences of the coronavirus pandemic on foreign bribery, particularly in the health industry. The OECD also re-iterated that “it is vital that countries remain actively engaged in anti-corruption efforts and work together to ensure their efforts to overcome this crisis are not weakened by corruption”.
Striking the right balance
Striking a balance between, on the one hand, the need to adjust controls to manage issues relating to business and supply chain disruption, staff illness and cash flow shortages and, on the other hand, maintaining sufficient controls to limit potential exposure to bribery and corruption risks is a tricky but crucial part of corporate risk management.
Transparency International, which published 'Anti-bribery and corruption during Covid-19 - six tips for compliance officers' in April 2020, has focussed on this difficult balance.
The ICGN, a non-profit leading authority on global standards of corporate governance, has also recently published updated 'Guidance on Anti-Corruption Practices'. The updated guidance advises investors to consider corruption as a systematic risk to be addressed alongside other critical systems risks such as the COVID-19 pandemic, climate change or wealth inequality. For more on this guidance, please see our article below.
The following best practice steps should be considered to help redress the balance:
- New materials may mean new suppliers. If your business model has changed as a result of COVID-19, you may seek new suppliers. For example, some manufacturers have turned to the production of personal protective equipment or other COVID-related supplies. Make sure new suppliers go through proper on-boarding channels with written contractual agreements requiring ABC compliance. If they have not, consider retrospective analysis of the supplier and implementation of ABC contractual requirements.
- Communicate with staff and remind them about ABC policies, procedures training and other guidance for employees (including in relation to codes of conduct and ethical business practices). Ensure that employees are reminded of their legal and ethical obligations, and of the consequences of breaching the company's compliance policies, even in times of business disruption. Any new controls, such as those relating to new suppliers and contractors, should be communicated and explained to employees in charge of managing these relationships.
- Revisit your risk assessments. ABC risk assessments which are regularly reviewed will continue to play a key role in your company's risk compliance programme and should be updated to reflect any changes in a company's operations, customer base, or business prospects. Even a decision to increase charitable donations in light of the COVID-19 pandemic, for example, whilst a laudable move, may present an increased bribery and corruption risk without suitable verification measures.
Consider whether any such changes may require an update to your ABC Policy and related risk mitigation measures.
- Re-start ABC processes which may have been paused. For example, check that gift and hospitality registers continue to be properly updated and monitored and consider whether any other diligencing controls should be re-tightened. Any new gift and hospitality procedures, such as the increased use of gift vouchers and other online rewards instead of physical hospitality, should be included in the company's ongoing risk assessment.
- Deal diligence and other forms of customer/ payment diligence should continue to be prioritised, but flexibility is key. Where in-person meetings are impossible, video conferences facilitate face-to-face meetings. With responses from customers or authorities likely to be delayed, flexibility with transaction and other deadlines may allow proper controls to remain in place.
Re-assessment of bribery and corruption risks, whilst maintaining operational flexibility, will be important over the coming months to ensure that ABC compliance programmes remain fit for purpose.
More broadly, organisations could use the COVID crisis as an opportunity to invest time in improving corporate culture to help to weather the challenges that lie ahead.
A cross-departmental panel of the UK's leading anti-fraud organisations has warned the Chancellor of the Exchequer of the significant fraud risks associated with the UK Government's roll out of COVID-19 support schemes without tighter controls on tracking and recording the payment of such funds.
The Fraud Advisory Panel, Spotlight on Corruption, and Transparency International highlighted the risks associated with the failure to publish an accessible list of those persons and entities in receipt of UK Government loans under the COVID-19 support schemes, including, potentially:
- collusion between fraudulent actors to obtain loans under BBLS or CBILS for criminal funding companies;
- use of schemes by companies where the directors knew that the company was unviable before the onset of the crisis or where the company could not operate as a going concern; and
- the misuse of loans for personal purposes or purposes that go against the spirit of the scheme (for example, money diverted to fraudsters or used to pay off outstanding personal debts).
When these organisations alerted the Treasury to the fraud risk back in June, the UK Government had already issued approximately £35 billion of loans under the various schemes, to around 800,000 business, raising concerns that the speed at which these schemes have been rolled out has come at the expense of minimal background checks on companies and persons applying for and receiving the funds.
Of particular concern is the BBLS, where applicants effectively self-certify their application and receive payments within 24 hours of application.
These organisations have called for the UK Government to publish the names of all recipients of funds under the schemes to deter and detect fraudulent conduct, for example by spotting suspicious activity prior to loan applications or assessing the legitimacy of any sudden revival of dormant companies. In addition, an increase in the transparency over recipients would likely assist in enhancing investor and public confidence in the UK Government Schemes.
- The Coronavirus Business Interruption Loan Scheme ("CBILS") - Small and Medium Sized Enterprises can borrow up to £5 million with an 80% Government guarantee.
- The COVID Corporate Financing Facility ("CCFF") - Bank of England buys corporate debt to aid liquidity.
- The Coronavirus Large Business Interruption Loan Scheme ("CLBILS") - large businesses can borrow up to £200 million with an 80% Government guarantee.
- The Future Fund - loans of up to £5 million to innovative businesses administered by the Government British Business Bank.
- The Bounce Back Loan Scheme ("BBLS") - small businesses can borrow up to £50,000 with a 100% Government guarantee.
The International Corporate Governance Network ("ICGN") is an investor-led organisation aimed at promoting effective standards of corporate governance and investor stewardship. It produces industry-wide guidance, which can be used as a helpful benchmarking tool for investor due diligence.
The ICGN's Anti-Corruption guidance was updated earlier this year to reflect the increasing visibility of bribery and corruption issues on the corporate agenda internationally.
As with previous iterations, the updated guidance takes the form of a series of detailed due diligence questions on ABC issues (although the question may be relevant to other stakeholders).
The ICGN questions are based around five key areas:
- ABC policy
- Procedures and enforcement
- Reporting, auditing and benchmarking; and
- Voluntary initiatives
- Is there formal regular training, particularly for at-risk personnel and other key individuals inside and outside the company? Is company policy made clear to all staff?
- Is there regular internal audit or external assurance of the effectiveness of these systems?
- To what extent is “anti-corruption” embedded within the culture of the company? What sort of actions will prove “counter cultural”?
- Is the anti-corruption policy part of the selection process for new contractors?
Whilst the updated guidance does not materially alter the original version (nor the 2015 revision), it reflects some legislative developments and recent incidents which underline the importance of enhancing the ABC procedures of corporate entities.
The guidance also aims to increase awareness around the distinction between bribery, which is relatively easy to describe/legislate against, and generally corrupt practices, which can be harder to define. For instance, under some international ABC regimes, most notably the U.S. Foreign Corrupt Practices Act, "facilitation payments" (i.e. grease payments to a foreign official), are permissible, but they may be considered "corrupt" in the broader sense of the word (and therefore may run contrary to ESG investment criteria and/or best practice guidance).
It can be difficult for an investor to gain insight into the approach taken by an organisation to ABC risks (and wider ESG compliance), given that policies and procedures can be informal/undocumented.
The questions in the guidance are therefore designed to establish that these risks are being addressed proportionately, which may be important in gaining investment committee approval. The guidance also directs the reader to other resources that may be useful when undertaking ABC due diligence, such as those provided by Transparency International.
The ICGN's updated guidance can be found here.
The Financial Conduct Authority ("FCA") has confirmed its commitment to reducing economic crime and supporting businesses through the COVID-19 crisis over the past year, as summarised below.
FCA Business Plan
In April, the FCA published its business plan for 2020 – 2021. Despite the economic shock triggered by COVID-19, firm culture and controls to prevent and detect financial crime remain key focus areas for the FCA, echoing other UK and global bodies who share concern that the UK financial system is a favoured target for cyber-criminals, attracted by its sensitive data and high value assets.
Culture, governance and financial crime
The FCA intends to transform culture in financial services and reduce conduct failings by assessing firms':
- governance, and
- approach to managing and rewarding their employees
The FCA will test the effectiveness of these four culture drivers in reducing the potential harm from firms' business models and strategies.
It expects FCA solo-regulated firms to comply with the requirements of the Senior Managers and Certification Regime ("SMCR") and will "move more swiftly to enforcement action" against firms which fail to meet the requisite FCA standards.
In line with the commitments made in the UK's Economic Crime Plan, the FCA plans to reduce financial crime by utilising data to identify potentially vulnerable firms. Where serious misconduct is uncovered, particularly where there is a high risk of money laundering, the FCA commits to taking enforcement action.
The FCA will also consult on extending the Financial Crime Data Return to help strengthen its risk-based supervision as part of its wider Anti-Money Laundering strategy.
Finally, the FCA's ScamSmart campaign focuses on mitigating consumer harm arising from scams.
To implement these strategies, the FCA will invest in new technologies to make better use of data.
Economic Crime Levy
In March, the UK Government unveiled plans to introduce a new levy on banks and other regulated firms to raise approximately £100 million for new technology for law enforcement in the finance sector and to recruit and train additional investigators. The Treasury is now consulting on the proposal, which, if progressed, is likely to come into force in 2022/2023. The consultation closes on 14 October 2020.
The FCA has issued guidance to enable firms to continue operating during the pandemic but expects certain obligations still to be met.
The FCA and PRA have published a joint statement setting out expectations for dual-regulated firms, requiring the continuation of annual certifications for employees, to confirm they remain fit and proper to conduct business functions and to maintain public trust in the individuals delivering critical financial services.
If an individual carrying out Senior Management Functions ("SMFs") falls ill with COVID-19, another individual (under ordinary FCA and PRA rules) is entitled to perform SMFs without approval for up to 12 weeks if the SMF vacancy is temporary or reasonably unforeseen. If the illness from COVID-19 lasts longer than 12 weeks, and temporary cover is needed, the FCA must be notified and an extension of up to 36 weeks.
The FCA has also allowed regulatory returns due up to 30 June 2020 to be delayed by either one or two months.
The FCA emphasised the need for vigilance on money laundering and terrorist financing risk. Whilst it recognised operational challenges such as delays in customer due diligence reviews, the FCA requires amendments to control processes to be clearly risk-assessed and documented and subject to proper governance.
FCA enforcement actions
- In June 2020, the FCA fined Commerzbank £37.8m for anti-money laundering failures (reduced from £54m to recognise Commerzbank's cooperation with the FCA's investigation). Commerzbank had breached Principle 3 of the FCA's Principles for Businesses, which requires firms to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.
Specifically, Commerzbank had:
- had failed to carry out timely due diligence on clients
- had inadequate policies and procedures and
- had not addressed previously identified weaknesses in its AML systems.
In May 2017, Commerzbank had been required to appoint a "skilled person" under s166 of the Financial Services and Markets Act 2000 to report on the bank's systems and controls to ensure any failings had been remedied.
- £1.6 million has been seized from numerous UK bank accounts in a money laundering investigation. Dozens of shell companies had been set up in the UK, with false identities, to obtain banking facilities with a major bank. The seizure was made using an Account Freezing Order, a relatively new tool which has proven successful and is likely to become more widely used in the future. The identity of the financial institution involved has not been disclosed.
The transition to a more transparent and cooperative culture to combat bribery and corruption is introducing a risk of subsequent civil litigation resulting from ABC investigations. Follow-on actions are already common in the US.
Follow-on claims in an ABC investigation remain relatively rare in the UK, in part because of the increased prevalence of deferred prosecution agreements ("DPAs"). Where a DPA is awarded, those shown to have suffered a loss are likely to be compensated and are therefore unlikely to commence further proceedings.
However, DPAs may not always be available.
Shareholders, suppliers and other third parties may have a valid cause of action against the company being investigated and are now better able to exploit information made public by ABC investigations to launch a civil litigation claim.
The success rate for bribery investigations remains low and has been further impacted by the challenges associated with COVID-19. The SFO has reported that between 2009-2019, only two companies which self-reported concerns of bribery and corruption were prosecuted by the SFO. Over the same period, the remaining self-reporting companies were either granted a DPA or faced no further action.
Potential claimants may attempt to bring claims following the determination of an investigation, regardless of whether the investigation was successful, although as noted below, it remains a challenge for potential claimants to obtain the evidence they need to pursue a successful civil claim.
Some examples of potential civil claims are explored further below.
Breach of contract claims
The obligation to comply with the Bribery Act has become a standard contractual term, giving rise to a potential cause of action for contracting parties following a bribery investigation. Depending on the wording of the contract, the investigation itself may be enough to bring about a breach of contract claim, even if no prosecution is launched.
Shareholders may attempt to recover share price losses arising from a bribery investigation, as was the case with the investigation into Tesco (see below). Such investigations damage investor confidence and consumer trust, which in turn impacts share value.
Finally, there is scope for shareholders to bring a claim on the company's behalf against the directors (a "derivative claim") for their failings. This could take the form of a negligence claim or claim for breach of director's duty. However, derivative claims are rare as they are often lengthy and expensive with little guarantee of success, and criminal action against the directors is a more realistic prospect.
All such claims also face practical and legal hurdles.
Firstly, there must be a legitimate cause of action. A shareholder, for example, would need to establish that the company has breached a fiduciary duty or a duty of care.
Arguing causation is also likely to be complex, especially if the ABC investigation by the SFO was unsuccessful. As regulators do not always release the full details of their determination, potential claimants may need to conduct independent investigations, the cost of which must be weighed against the loss already suffered and the likelihood of success.
The Tesco Stores shareholder action
In April 2017, the SFO and Tesco entered into a three-year term DPA for Tesco's false accounting practices. Investors sued Tesco under s.90A of the Financial Services and Markets Act 2000 for Tesco's publication of misleading financial statements.
A group of investors sought compensation for losses incurred as a result of the reputational damage which flowed from the case.
The Tesco case illustrates the scope for action taken by investors claiming to have suffered a loss of shareholder value as a result of the company's fraudulent or corrupt acts, even where the main prosecution has been settled.
Under the DPA, which ended in April 2020, Tesco paid a £129m fine and £3m in investigation costs. The investor claims have also now settled.