This new offence is similar to other 'failure to prevent' provisions that apply in other jurisdictions such as the United Kingdom, Malaysia and Spain. Whilst each jurisdiction has its own guidance in relation to what is required for the company to establish a defence, a common element in the guidance is the need for a risk assessment. Without a risk assessment a company will find it difficult to assess what procedures it should put in place to protect itself and to determine priorities in the allocation of its resources. The UK has also recently introduced a similar offence of failing to prevent fraud committed by employees or agents acting on behalf of the company and risk assessments can also be used to determine what measures can be put in place to mitigate these risks (more on this development can be read here).
Whilst the new Australian legislation only applies to bribery of foreign public officials, given the significant fines and reputational damage which companies face from any involvement in bribery or corruption, a similar approach should be considered in relation to the risks of bribery of Australian public officials and private bribery.
The Bill also makes a number of other changes to Australia's foreign bribery offences with the intention of making foreign bribery easier to prosecute with the expectation that will result in an increase in enforcement action which has been the experience in other jurisdictions.
Baker McKenzie will be providing a webinar to assist companies to prepare for this new legislation utilising the experiences from our offices in other jurisdictions with similar regimes.
If you would be interested in attending this webinar please register your interest here to be added to the mailing list.
Recommended actions
The new offence of failing to prevent foreign bribery is set to commence six months after the Bill receives Royal Assent, meaning that Australian companies will have a grace period in which to review their internal compliance frameworks and ensure they have 'adequate procedures' in place that are effective in preventing foreign bribery.
The Bill also refers to guidance the Attorney-General will publish on the steps that a company can take to prevent an associate from bribing public officials. The draft guidance on a previous version of the Bill can be read here but updated guidance is anticipated.
We expect the Attorney-General's guidance will be similar to guidance published in the UK relating to 'adequate procedures' under the UK Bribery Act (available here), the guidance in Malaysia which is summarised in a recent alert following three years of implementation (available here) and the guidance in Spain which requires companies to have a compliance program to avoid criminal liability (which is summarised here).
Many companies have anti-bribery and corruption policies in place but a policy alone will not be enough to establish that a company had 'adequate procedures' and a more tailored and comprehensive approach is required. For example, the evaluation guidelines issued to the Public Prosecutor in Spain make clear that 'off the shelf' compliance programs will not be considered a valid defence to criminal prosecution and that compliance certifications which companies sometimes require employees and agents to sign are not per se evidence of compliance.
Companies therefore need to consider the attributes of their own business which may give rise to risk and consider testing their anti-bribery frameworks through a risk assessment rather than waiting to be tested by the new legislation. Risk assessments are a key element referred to in the guidance from UK, Malaysia and Spain, with the Malaysian Guidelines recommending that a comprehensive risk assessment be done every three years, with intermittent assessments when necessary, and setting out areas which should be considered as part of a risk assessment.
A comprehensive risk assessment will allow a company to focus its efforts in tailoring its anti-bribery policies and procedures and determine where resources should be allocated to reduce the risks. Whilst a risk assessment can be done as a desk-top exercise, a company is more likely to identify risk areas and appropriate mitigation steps by asking questions of those in the business with front line involvement compared with the preparation of a compliance program solely involving its compliance or legal teams. Once a risk assessment has been undertaken companies are better able to assess what are proportionate procedures including in relation to due diligence, training, monitoring and review which are all elements of the guidance from the other jurisdictions which have implemented similar regimes.
A risk assessment should examine:
- Opportunities for corruption, bribery and fraud resulting from weaknesses in governance frameworks and internal control systems and procedures
- The effectiveness of any financial controls that have been implemented to prevent corrupt payments
- Business activities in countries or sectors that pose a higher corruption risk
- The compliance of contractors, agents and other external parties acting on behalf of the company with their legal and regulatory requirements. This may include, for example, exercising any audit rights pursuant to agreements with external parties to ensure their compliance with anti-bribery laws
- Relationships with third parties which expose the company to heightened corruption risks, such as dealings with foreign governments, foreign officials and foreign state owned entities.
In more detail
A company will be liable under the new offence of failing to prevent bribery of a foreign public official if:
- An associate of the company commits an offence of foreign bribery or engages in conduct outside Australia that, if engaged in Australia, would constitute a foreign bribery offence
- The associate does so for the profit or gain of the company.
The Bill has a broad definition of who can be an 'associate', which includes officers, employees, agents or contractors of a company, someone who performs services for or on behalf of the company as well as subsidiaries or other entities controlled by the company.
Absolute liability applies to certain elements of this new offence, meaning that a company will not be able to avoid criminal liability committed by its associate for the profit or gain of the company because one or more fault elements (intention, knowledge, recklessness or negligence) cannot be attributed to it.
The penalty for the offence is a fine not more than the greatest of the following:
- 100,000 penalty units (currently AUD 31.3 million)
- If the court can determine the value of the benefit that the associate obtained, three times the value of that benefit
- If the court cannot determine the value of that benefit—10% of the annual turnover of the company for the previous 12 months.
In addition to the new offence of failing to prevent foreign bribery, the Bill makes a number of other changes to Australia's foreign bribery offences, which are intended to make it easier to prosecute the offence and align Australia with other jurisdictions, including:
- Extending the foreign bribery offence to include the bribery of candidates for public office (not just current holders of public office)
- Extending the foreign bribery offence to include bribery conducted to obtain personal advantage (the current offence is restricted to bribery conducted to obtain or retain a business advantage)
- Removing the existing requirement that the benefit or business advantage be 'not legitimately due' and replacing it with the concept of 'improperly influencing' a foreign public official
- Removing the existing requirement that the foreign public official be influenced in the exercise of their official duties
- Making it clear that the foreign bribery offence does not require the prosecution to prove that the accused had a specific business, or business or personal advantage, in mind, and that the business, or business or personal advantage, can be obtained for someone else.