Does your compliance program address UK exposure?

8 min read

White & Case Technology Newsflash

Tech companies of U.S. origin tend to have compliance programs focused on U.S. laws, including the Foreign Corrupt Practices Act (the "FCPA") and relevant tax and labor laws. The UK has enacted laws covering bribery and corruption, tax evasion and modern slavery, which have extra-territorial application and are unaffected by Brexit:

  • The Criminal Finances Act 2017 which covers the facilitation of tax evasion;
  • The Modern Slavery Act 2015 which covers modern slavery; and
  • The Bribery Act 2010 which covers bribery.

Corporations may need to address these laws if they carry on business in the UK, even if they are incorporated in the U.S. or elsewhere.  If a corporation needs to comply, then an existing compliance program can be reviewed and amended efficiently by reference to UK Government guidance. In particular, companies will need to conduct a risk assessment exercise and conduct due diligence on certain classes of counterparties.  In this article, we briefly outline the relevant laws and how a corporation's compliance program can address potential risks.

The UK Bribery Act 2010

The Bribery Act took effect in July 2011 and was intended to modernize the UK's approach to bribery and corruption law. The aim was to make it easier for prosecutors to prosecute corporations regarding bribery and corruption and to incentivize corporations to put in place an anti-bribery and corruption compliance program.

The Bribery Act is broader than the FCPA – it covers public and private sector bribery and contains specific offenses relating to: (a) offering, promising or giving a bribe; (b) requesting, agreeing to receive or accepting a bribe; and (c) bribing a foreign public official. The scope of these offenses is extensive with significant extra-territorial reach.  There is also a strict liability offense that applies to corporations. However, a corporation may assert an affirmative defense to this offense if it can prove that it had an anti-bribery and corruption compliance program in place of the "adequate procedures" standard. This incentivizes corporations to put in place a program that is fit for this purpose.

In the past, UK laws regarding corporate criminal liability had made it difficult for corporations to be held accountable for corruption and other crimes. As a general rule, to establish corporate liability, a prosecutor must prove that the directing mind of the corporation was complicit in the relevant criminal conduct.  That principle is restricted to senior officers of the company. Previously, prosecutors found it difficult to gather sufficient evidence against senior officers of large corporations to prosecute the company. 

To combat this issue, the Bribery Act introduced a strict liability offense, which covers corporations incorporated in the UK or that carry on a business, or part of a business, in any part of the UK.  It does not matter where the alleged bribery took place.  The offense provides that a corporation will be strictly criminally liable for bribes paid by employees or any other third parties (such as an agent or a subsidiary) performing services for or on their behalf. Thus, obviating the need to prove senior officers were complicit in the criminal conduct.

There is a compliance-based defense available if a company has "adequate procedures" in place meant to prevent bribery from occurring. The UK Government issued guidance regarding "adequate procedures" based on high-level principles.  In order for a corporation to assert this defense, the compliance program must address this guidance and must also:

  1. Be founded on a written risk assessment covering bribery and corruption risks faced by the company. While corporations often undertake some sort of informal risk assessment, some corporations do not have a written risk assessment in place.
  2. Include implemented and proportionate policies and procedures based on this risk assessment, which address key risk areas such as interactions with government officials, whistleblowing, counterparty risk, and gifts and hospitality. We have seen weak controls in each of these areas in practice.
  3. Demonstrate the commitment of top-level management to preventing bribery and corruption.
  4. Include proportionate and risk-based due diligence procedures, which cover those who perform services for or on behalf of the company. This is another area where corporations sometimes do not have sufficient procedures.
  5. Demonstrate that the policies and procedures are implemented and understood through internal and external communication (including training).
  6. Monitor, review, and improve systems and controls. 

The UK Criminal Finances Act 2017

The Criminal Finances Act was intended to bolster the UK's anti-money laundering and counter-terrorist financing framework.  It also introduced two new offenses for corporations relating to the failure to prevent facilitation of tax evasion by employees, agents, or any other person performing services for or on behalf of the corporation. 

The offenses are modelled after the strict liability offense in the Bribery Act. The jurisdictional element is also similar to the Bribery Act; the offenses apply to corporations incorporated in the UK or that carry on a business, or a part of a business, in the UK or if any part of the non-UK tax evasion facilitation offense takes place in the UK.  Again similar to the Bribery Act and its guidance, there is a compliance defense available if the corporation had in place "reasonable prevention procedures."  The UK Government also offered guidance on the meaning of "reasonable prevention procedures."

These offenses took effect in September 2017 and with a shorter lead in time as compared to the Bribery Act.  As a result, some corporations are still coming to terms with the offenses and putting in place an appropriate compliance program.

The UK Modern Slavery Act 2015

The Modern Slavery Act includes a provision for businesses over a certain size (i.e. with a turnover over GBP 36 million, approximately USD 45 million) to produce a statement setting out the steps they have taken to ensure there is no modern slavery in their supply chains.  The statement must include the steps the organization has taken during the prior financial year to ensure that slavery and human trafficking is not taking place in any of its supply chains, or in any part of its own business.  The Modern Slavery Act sets out additional issues companies must address in the statement, including information on the risk of slavery and human trafficking taking place (which will require a risk assessment exercise), relevant due diligence, the policies in place and details of any training available to staff. 

Unlike bribery and the facilitation of tax evasion, the UK Government did not seek to incentivize corporate compliance by threatening corporations with criminal liability.  Instead, the UK Government has the ability to seek an injunction requiring a corporation to comply with the reporting requirement.  In practice, the incentive to comply will be pressure from consumers, investors and NGOs.  NGOs and the UK's Home Office have written to companies in the tech sector saying that they will publish a list of all companies that had failed to produce a compliant statement by early 2019.  Companies are encouraged to publish their statements on and

The Modern Slavery Act is similar to, and some say was inspired by, the California Transparency in Supply Chains Act ("CATSCA").  If a company falls within both acts, it can consider a single statement to address its global supply chain.  But there are some important differences.  The California legislation applies to certain retailers and manufacturers of tangible goods determined by reference to their tax codes.  In contrast, the UK law applies to all commercial companies that sell goods or services, and that carry on their business, or part of their business, in the UK, regardless of their industry or place of incorporation. The UK's Modern Slavery Act also requires board level approval and a company director to sign off on the statement.  The financial turnover threshold is also lower in the UK (approximately USD 45 million, against USD 100 million under CATSCA).

The UK Government commissioned an independent review of the Modern Slavery Act in October 2018, with an express focus on how to ensure compliance with the reporting requirements and improve the quality of statements.  As a result, there may be further sanctions in the future.  Other jurisdictions are also developing legislation to combat modern slavery, such as France's duty of vigilance (2017) and Australia's Modern Slavery Act (2018), and the proposed laws in Canada and Switzerland. 

Building on an Existing Program

Corporations often have a compliance program of a reasonable standard in place. However, unless a corporation has set out specifically to address the relevant UK legislation, it will be unlikely that a corporation has a program that meets the required standard to make out a defense to a strict liability offense under either the Criminal Finances Act or the Bribery Act.

Looking to the future, the UK Government is considering extending the failure to prevent model of criminal liability to other economic crimes.  The results of a consultation process are expected later in 2019.

For corporations that need to update their anti-bribery and corruption procedures and which are subject to the Criminal Finances Act and the Modern Slavery Act, it may be most efficient for the corporation to address the legislation together as part of a refresh of its existing compliance program.


This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2019 White & Case LLP