Guidance

How to Counter Bribery and Corruption Practice Note (HTML)

Published 12 August 2024

Purpose and Scope

This guide is produced to support the development of your response to Bribery and Corruption in the public sector.

This guide has been developed by the Government Counter Fraud Profession (GCFP) Centre of Learning, who operate out of the Public Sector Fraud Authority. The guidance aligns to agreed GCFP standards for professionals in the Counter Bribery and Corruption (CBC) Standards[footnote 1], produced by GCFP. This guide is aimed at practitioners who are leading efforts to plan and implement an effective CBC response for their organisation.

Sections 1 and 2 of The Bribery Act 2010 (BA 2010)[footnote 2] create general offences relating to Bribery. While there is no legal definition of corruption, corruption is often seen as a precursor to bribery and His Majesty’s Government uses the definition developed by Home Office.

Corruption is often seen as a precursor to bribery and has been defined as:

“…the abuse of entrusted power for private benefit that usually breaches laws, regulations, standards of integrity and/or standards of professional behaviour.”[footnote 3]

In broad terms the Bribery Act 2010 defines Bribery as:

“Offering, promising or giving a financial or other advantage to induce or reward improper performance and/or the request or receipt of such an advantage. It includes the corporate offence of failing to prevent bribery”.[footnote 4]

Applying the Bribery Act 2010

The Bribery Act 2010 creates an offence under Section 7, which is committed by commercial organisations that fail to prevent persons associated with them from committing bribery on their behalf. There is a statutory defence if the organisation had ‘adequate procedures’ in place to prevent persons associated with it from bribing.

Whether a public sector organisation is liable under the BA 2010 as a ‘commercial organisation’ is dependent on the nature of its activities and its statutory form. Detailed guidance has been issued by the Ministry of

Justice[footnote 5] and should be read in conjunction with these standards.

It is good practice for all public sector organisations to have adequate procedures in place where there are no specific exemptions under the Act.

How corruption is pursued (as opposed to bribery) will likely depend on interpretation. However significant parallels can be drawn from the extensive guidance available concerning the Bribery Act 2010.

Steps to Take to Develop Your Counter Bribery and Corruption Response

Policy and Process Review

Policies

  • Do your policies detail and apply the Seven Principles of Public Life?[footnote 6]
  • Do you have a process in place for all staff to sign up to knowledge of, and adherence to, your bribery and corruption policies at induction and then on an annual basis?
  • Do you have policies in place for staff to declare any conflicts of interest and secondary employment?
  • Do you have additional processes in place for those in fiduciary or contract management roles to declare nil interests as well as any conflicts?
  • Do you have processes for regular recording against gifts and hospitality registers?

Monitoring

  • Do you have a process to monitor compliance with your organisations conduct standards and adherence to your bribery and corruption policies?
  • Do you have a process to monitor progress against your bribery and corruption strategy and how the organisation will define success?
  • Do you have a process in place to join up your organisations measurement findings (fraud loss measurement) to those leading the organisations risk management?

Information

  • Do you have a process and policy for publishing information on relevant individuals and organisations you interact and contract with?
  • Do you have a process for the gathering of intelligence that may be required from across the organisation and third parties to enforce your bribery and corruption policy and meet your strategy aims?
  • Do you have a process to bring together the bribery and corruption policies and approaches from across your organisational families/Arms Length Bodies and supply chains?

Stakeholder Engagement

  • Do you have a way of identifying organisations and third parties who undertake activities on behalf of the organisation?
  • Do you have memorandums of understanding and service level agreements in place with the organisations to allow the sharing of information and investigative outcomes related to bribery and corruption?

Response

  • Do you have a defined response plan and process for the investigation of detected bribery and corruption?
  • Do you have a process for sanctions and redress including civil and criminal options?

Review Monitoring

After the planning phase the next stage is to review your monitoring arrangements using the 5 steps below:

Step 1

Does your organisation conduct procurement and monitoring in a fair and transparent manner? This would require third parties to evidence their own effective counter bribery culture prior to any contractual arrangement, whether by way of a specific instruction or entry onto a framework agreement. Such third parties should also be required to provide periodic confirmation of initial evidence as required during the period of the framework agreement and/or on instruction regarding a specific contract.

Step 2

Does your organisation undertake effective risk based due diligence as part of recruitment practices and before entering contractual arrangements with third parties?

Policies should reflect where ongoing monitoring is required such as with large corporate accounts, high profile contracts or overseas jurisdictions in which bribery is recognised as a common practice.

Step 3

Does your organisation undertake due diligence on existing associated parties? This should be completed adopting a risk based approach such that those working in jurisdictions or with industries with higher risk profiles are reviewed first.

Step 4

Does your organisation undertake effective contract monitoring to identify errors as well as fraud? Monitoring may identify discrepancies in contract awards, additional payments for related services and performance issues which could be linked to bribery. Having and promoting effective monitoring practices in place can act as a deterrent and should be implemented across the organisation.

Step 5

Do you have monitoring in place to ensure that senior managers are informed if there are insufficient funds available to conduct prevention and deterrent measures identified as appropriate and the potential impact and organisational risk of this for the business?

Review Capability

To execute your plan to manage Bribery and Corruption effectively in your organisation:

  • Ensure all those concerned with bribery investigations are aware of information security and restrict access to information to those that need to know.
  • Consider the level of specialist knowledge required to undertake bribery investigations and whether this can be provided in-house, or by other government resources or external agencies. If provided externally, processes should be in place to agree the provision of appropriate resources.
  • Ensure investigations are undertaken by those with the appropriate knowledge, skills and understanding[footnote 7]. By their nature bribery investigations may lack documentary evidence and involve individuals and entities outside the public sector organisation. Gathering information directly from such parties is likely to involve criminal powers which may be unavailable to the organisation or inappropriate for it to use given the potential breadth of such an investigation. As such any investigation is likely to focus on the roles of organisational staff.

Horizon Scan

For you to build an effective Counter Bribery and Corruption response it is helpful to seek information from a range of sources to build your understanding.

These 3 key steps can support your review process as set out below:

  1. Review national, sectoral or typology initiatives to detect or prevent bribery and reflect findings in organisational approaches
  2. Review Bribery Act decisions and ensure lessons learned are factored into organisational counter bribery measures.
  3. Review reported instances of bribery and compare with publicly available sector analysis and the organisation’s own substantive risk review to evaluate the scale of bribery issues and whether issues detected correspond to risk analysis within and outside the organisation.

Products to Assist in Countering Bribery and Corruption

Risk Assessment[footnote 8]

The organisational risk assessment should reflect that bribery and corruption may be linked to fraud and other criminal and inappropriate behaviour and be part of a collective approach to risk.

The assessment should be developed around the following principles, identifying and considering critical touch points and applied on an ongoing basis across all activities of the organisation.

  • Commitment: by the organisation to implement the risk assessment process and ensure sufficient resources are made available.
  • Design: the assessment should be bespoke to the organisation taking into account its nature and range of activities.
  • Implementation: ensure it is implemented across the organisation.
  • Monitor and review: ensure it is a continuous activity within the organisation.

The risk assessment should use a range of data and tools to inform the assessment. The risk assessment should consider the following factors in determining risk:

  • Geographical spread of organisational activities.
  • Business sector.
  • Transactions.
  • Use of third parties.
  • Scale of critical touch points.
  • Collaborative working between sectors.

The assessment should consider both the impact and likelihood of the identified risk. The assessment should assess whether policies, procedures and controls are adequate to reduce those risks to an acceptable level.

New procedures and activities should be subject to bribery risk assessment before implementation. This may be part of a wider fraud risk assessment, but where it is, it should also consider bribery and corruption risks that do not necessarily lead to fraud.

The risk assessment process should include a reflection of the value and sensitivity of data generally and specific data sets and address access to, and downloads of, such information. The more valuable the data, the more susceptible those with access to it might be to bribery.

Risk assessment should include horizon scanning for potential future corruption risks. Having identified their risks, organisations should assess how they might analyse internal information to identify trends, which could suggest bribery. Relevant data will depend on the nature of an organisation’s activities but may include comparing:

  • Sources and offers of hospitality with supplier information.
  • Travel and expense claims against work requirements.
  • The number of whistleblowing claims against individuals and within certain business areas.
  • Relationships between private organisations and staff looking to move to such organisations.

The risk assessment process should prioritise addressing risks that have been identified in the order of their potential impact.

Control Improvement Plan [footnote 9]

This should include a range of controls to mitigate the risks identified in the CBC Risk Assessment.

Controls to mitigate identified risks may include:

  • Publishing a top-level management statement.
  • Publishing and circulating an organisational policy on hospitality, donations, sponsorship and gifts.
  • Disseminating the anti-bribery and corruption policy and statement. Prohibiting facilitation payments.
  • Implementing anti-bribery and corruption management system. Defining levels of responsibility.
  • Ensuring anti-bribery and corruption terms are in contracts. Business associate checks undertaken.
  • Reporting procedures in place.
  • Ensuring due diligence is undertaken throughout the organisations activities. Ensuring anti-bribery and corruption financial controls.
  • Record keeping procedures in place
  • Introducing anti-bribery and corruption induction training and guidance. Mandating anti-bribery and corruption e-learning packages.
  • Undertaking targeted anti-bribery and corruption workshops.
  • Communicate the anti-bribery policy and statement.
  • Undertaking a compliance review.

Registers

Important controls to counter bribery and corruption are the Gift, Hospitality and Entertainment register, Conflicts of Interest register and Secondary Employment register. The registers should be easily accessible to all those associated with the organisation and the format should be in a durable form.

The use of the registers should be mandatory for all staff. It should be embedded in processes including new staff inductions and staff handbooks. There is the requirement for managing reporting of interests including conflicts due to relationships, and/or secondary employment.

As a minimum the register should meet the below criteria:

Gift, Hospitality and Entertainment Register Guide

  • Detail who should use the Gift, Hospitality and Entertainment register, to include all employees.
  • Ensure all offers are recorded, whether accepted or declined.
  • Define when entries in the register should be made e.g. at the time of offer.
  • Gifts, hospitality and entertainment should be kept to an absolute minimum.
  • Detail who is making the offer (individual and organisation).
  • Define if line management approval is required.
  • State that the offer of gifts, hospitality and entertainment to employees should normally be refused and only accepted in exceptional circumstances.
  • Define the audit process of the register.
  • If the refusal to accept the gift offered may cause offence, then clear guidance should be available on the process to be followed.
  • Detail the financial limits on gifts, hospitality and entertainment that may be accepted.
  • Ensure sponsorship, charitable and political donations are covered within the policy.
  • Detail that the offer and/or the payment of facilitation payments is an offence under the BA 2010 and the action to be taken if a facilitation payment is requested.
  • Detail the action to be taken if free or discounted travel and accommodation are offered.
  • Detail how records relating to gifts, hospitality and entertainment are to be securely stored and how long they are to be retained.

Conflict of Interest Register[footnote 10]

The National Audit Office defines a conflict of interest as[footnote 11]: “A set of circumstances that creates a risk that an individual’s ability to apply judgement or act in one role is, or could be, impaired or influenced by a secondary interest. It can occur in any situation where an individual or organisation (private or government) can exploit a professional or official role for personal or other benefit. Conflicts can exist if the circumstances create a risk that decisions may be influenced, regardless of whether the individual actually benefits.

The perception of competing interests, impaired judgement or undue influence can also be a conflict of interest.”

Conflicts of interest should be declared in accordance with the conflicts of interest policy that is set down by the organisation. Conflicts of interest should be recorded within the conflict of interest register.[footnote 12]

You must take steps to avoid any conflict of interest or perception of such a conflict in undertaking external activity.

A conflict of interest register should be made up of:

  • Date conflict identified.
  • Name of Individual.
  • Employment Type.
  • Role.
  • Details of conflict (including all parties involved and capacity of individual involved payment received by individual or individuals associate, relative, organisation etc.)
  • Conditions in place to manage conflict.
  • Action taken.
  • Date no longer valid.
  • Date reviewed.

Secondary Employment

Secondary employment is any additional work, including paid and unpaid work an employee undertakes, or is planning to undertake, for another employer or work they may undertake as a self-employed person or as the partner of a self- employed person.

Specific consideration should be given to whether the role could be said to overlap with or draw on the knowledge or skills used in their roles as this will likely present a conflict of interest.

A secondary employment register should include:

  • Start date of secondary employment.
  • Name of Individual.
  • Employment Type/Secondary employment organisation.
  • Role.
  • Details of secondary employment:
    • Personal interests.
    • Financial interests.
    • Private shareholdings.
    • Outside occupations.
    • Voluntary roles.
    • Previous employment, appointment or other outside roles.
    • Business interests.
    • Procurements.
    • Position held.
  • Date no longer valid.
  • Date reviewed.

Counter Bribery and Corruption Strategy

The final product in this guide is an overview of how to develop a strategy to counter bribery and corruption and should be read in conjunction with the Strategy Guide for Counter Fraud.13

Based on the risk assessment of bribery and corruption, an organisation may choose to either have a separate Counter Bribery and Corruption (CBC) strategy or integrate CBC into its overall fraud strategy. If the latter approach is taken, the CBC components within the fraud strategy should be clearly identifiable.

Where there is a separate counter bribery and corruption strategy, it should follow the standards for a counter fraud strategy, as set out below:

10 steps to developing your CBC strategy

  1. Clearly define its scope, what parts of the business and its supply chain are/are not covered by the strategy.
  2. Define the current ‘tactical’ challenges that the business is facing in the area. These may include bribery and corruption challenges, key threats and risks, as well as operational, structural, reputational and internal and external challenges.
  3. Define the future strategic challenges that the business and fraud function may face. These may include fraud challenges as well as operational, structural, reputational and internal and external challenges.
  4. Use tools, such as PESTLE analysis, to understand the wider environment of the organisation, the sector, associated sectors and administrations and bribery and corruption risk in these contexts.
  5. Demonstrate how the organisation’s fraud and/or bribery and corruption risk assessment feeds into the strategy.
  6. Evaluate the key strengths and weaknesses of the current CBC provision and approach.
  7. Present a clear picture of what the aspirational future state is. This should address some of the challenges identified.
  8. Define key activities that will be undertaken to move to the aspirational future state in the timescale defined.
  9. Define the time frame that the strategy will cover, who has ownership of it and the date for review.
  10. Define who the key stakeholders are (this may be in the strategy itself or a complimentary document).

Overall, it is important to ensure it uses accessible language and is compelling, in language appropriate to the business.

It is also important to define how progress against the strategy will be monitored and what the key metrics for success are. This may be in an action plan.

Further Information

A Standard for the Counter Bribery and Corruption Professional

Ministry of Justice guidance on Bribery Act 2010 (PDF, 432KB)

United Kingdom Anti-Corruption Strategy 2017-2022 (PDF, 2.7MB)