FSA v Willis, the UK Bribery Act, Recording Facilitation Payments and the FCPA

What does the UK’s Bribery Act have to say about the ‘practices’ alluded to in the title of the ‘Foreign Corrupt Practices Act’?

An Article  by David MacLeod

The United States’ Foreign Corrupt Practices Act 1977 (15 U.S.C. [section] 78dd-1 et seq.) may fairly be regarded as the fore-runner of the OECD’s ‘Convention on Combating Bribery of Foreign Public Officials in International Business Transactions’. The Convention was adopted by five member States in November 1997 and ratified by Westminster on 14 December 1998.

The product of this Convention obligation was a wholesale review of the law tackling the issue of bribery and corruption in the UK and subsequently, the promulgation of the Bribery Act 2010 (c.23), which entered into force on 1st July 2011.

Section 6 (bribery of foreign public officials) and section 7 (failure of commercial organisations to prevent bribery) of the Act have generated much discussion as section 7 provides for a ‘strict liability’ offence.  There is however a ‘complete defence’ available to the accused if it can be proven that there were ‘adequate procedures’ in place designed to prevent persons bribing.

The purpose of sections 6 and 7 is to meet Convention obligations by proscribing the payment of a bribe to a foreign public official to win or retain business.  The Foreign Corrupt Practices Act also proscribes the same act. However, the two legislative instruments differ.  This is well illustrated in their approach to what are commonly termed ‘facilitation payments’.

The Bribery Act proscribes the payment of government officials to carry out ‘routine governmental tasks’, that is, paying the official an additional fee to simply carry out their function.  The FCPA, unlike the Bribery Act, allows facilitation payments to be made.

This is because the FCPA recognises a de-minimas threshold in its application and specifically exempts that kind of payment in certain circumstances (see 15 U.S.C. [section] 78dd-1(3)(b)).  However - and this is the key difference between the Bribery Act and the FCPA – should the payer of the facilitation payment fail to record the transaction itself, (when paying the facilitation payment), then the payer will transgress the FCPA.  This is because the FCPA whilst allowing the payment, specifically requires, that the payment be recorded in the books and records of the payer.

So in general terms, in addition to proscribing the overt act of paying a bribe, the FCPA also addresses behaviour (practices) commonly associated with the payment of a bribe by a company, provided the company is either listed on the US stock exchange or is required to make ‘filings’ on its own behalf to the ‘Securites and Exchange Commision’ (SEC) in terms of the relevant (US) Securites Exchange Act.

The part of the FCPA transgressed (in failing to record a facilitation payment) is often referred to as the ‘books and records’ provision (see 15 U.S. [section] 78mb(2)(A).  Essentially, the provision requires that ‘the issuer’ “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer” and also; “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that…(i) transactions are executed in accordance with management's …specific authorization (ii)…”.

In so doing, the FCPA addresses the internal structures of a business where the ‘practices’ commonly associated with the payment of a bribe are to be found.  Expressed another way, the FCPA intimately links an ‘issuer’s’ internal management controls which direct an ‘issuer’s’ accounting mechanisms to the financial crime of paying a bribe.

Perhaps the difference in the treatment of ‘facilitation payments’ between the two pieces of legislation highlights a more fundamental issue. It may be that one (the Bribery Act) is designed as a tool of a prosecutor; the other (the FCPA) is designed as both a tool of a ‘regulator’ (in the US the SEC) and a prosecutor (the Dept. of Justice).

The significance of the difference is of course that a prosecutor does not, in the ordinary course, exercise an ‘audit’ function, whereas a regulator ordinarily will.

Also, the focus of an audit makes for a different emphasis in an investigation from the outset, as the outcome of the investigation is anticipated to be, at least to some extent, less serious for an entity subjected to an audit than a prosecution.

A number of these issues are illustrated in the Decision Notice (dated 21 July 2011) issued to Willis Ltd by the Financial Services Authority (FSA).  The FSA is a regulator (but can also prosecute) in terms of the Financial Services and Markets Act 2000 (FSMA) for companies who fall within the statutory definition of a regulated body, as did Willis Ltd on this occasion.  The Decision Notice emphasised that the FSA “…did not seek to determine as part of its investigation whether any of this business was corrupt” (see paragraph 6.9).

The FSA’s central criticism of Willis Ltd was that, they “did not take reasonable care to establish and maintain effective systems and controls for countering the risks of bribery and corruption associated with making payments to Overseas Third Parties who helped Willis Limited win and retain business from overseas clients.” (see paragraph 2.1)

Interestingly, the FSA in the course of their investigation - which was directly concerned with how Willis Ltd sought to win and retain overseas business – applied their own ‘Principles for Business’ and ‘Rules’ which they promulgate in terms of powers devolved to them by the FSMA 2000.  These Principles and Rules function as a key tool in discharging the FSA’s statutory remit to protect the integrity of the financial markets and fight financial crime.

The thrust of their investigation was to guard against “[T]he involvement of UK financial institutions in corrupt or potentially corrupt practices overseas … ”.  As the Decision Notice makes clear, the FSA examined the business practices of Willis Ltd in the context of the potential for those internal controls to counter the risks of paying bribes.  The FSA, in linking internal controls and accounting systems with practices around the payment of bribes, approached their audit function in the same way one might expect the SEC to approach matters employing the FCPA’s ‘books and records’ provisions.

The striking aspect of the Willis case however, is that the closest parallel to the SEC which the UK enjoys (the FSA), did not utilise the Bribery Act in discharging its regulatory function, in a similar way the SEC would utilise the FCPA.  It may be that the FSA’s own Principles and Rules are better suited to that task. Alternatively, it may be because the Bribery Act is silent on ‘books and records’ and consequently the ‘practices’ around the paying of bribes which the FSA addressed in Willis Ltd.

In practical terms, the FCPA engages with ‘issuers’ (companies) at a level which addresses the practices around the payment of bribes through an ‘interventionist’ approach to the management controls and accounting systems of the issuer.

By contrast, the Bribery Act is simply silent on this matter, in fact and law. Neither is the answer to be found in the Bribery Act’s ‘adequate procedures’ defence. This is because, what are held up as ‘adequate procedures’ around corporate practice in a company (in the context of the payment of a bribe), will not be scrutinised by a regulator specifically exploring a link between (internal company) practice and the payment of a bribe, with the exception of those regulated by the FSA (who don’t use the Act).  The concept of ‘adequate procedures’ is not relevant in terms of the Bribery Act unless and until a bribery offence is alleged, brought to trial and proven, at which time the Act will engage with corporate practice. Most tellingly, what constitutes ‘adequate procedures’ are not legislated for in the Act nor are they (consequently) capable of attracting a sanction prior to a successful prosecution.  In other words, there is no middle ground in the Act, if middle ground equates to a Willis Ltd type FSA investigation and resolution of corrupt practices.

What is perhaps most informative (and also uncontested) on the subject of practices surrounding the payment of a bribe is that the ‘books and records’ provision of the FCPA comprise the vast majority of cases in the US in which the FCPA is deployed successfully by the State, not prosecutions for overt acts of bribing.

It would seem that the Bribery Act then has nothing to say about the ‘practices’ referred to in the title of the Foreign Corrupt Practices Act, in as much as, ‘adequate procedures’ are neither enshrined in statute in the Bribery Act nor anywhere else. Adequate procedures cannot be transgressed as an offence separable from the overt act of paying a bribe, nor comprise a regulatory regime breaching which would incur either a civil or criminal sanction.  Further, ‘adequate procedures’ are designed to be of no assistance to either a regulator (were there one) or a prosecutor (who is tasked with proving the overt act of paying a bribe and nothing less, nor indeed anything more).  This is in stark contrast to the US position regarding the ‘books and records’ provision.

Perhaps there is an opportunity to re-visit the import of ‘Article 8’ (Accounting) of the OECD’s ‘Convention on Combating Bribery of Foreign Public Officials in International Business Transactions’ (and its absence) in the Bribery Act. The Act may then address itself to corporate corrupt ‘practices’ surrounding the payment of a bribe in international business transactions –as the FCPA has done so elegantly – think facilitation payment!

“Follow the money …” - The role of Article 8 (Accounting) of the OECD Convention and the law of Bribery and Corruption

“Follow the money …”

David MacLeod and Mark Rainsford QC consider the role of Article 8 (Accounting) of the OECD Convention and its implementation in the legislative schema governing the law of Bribery and Corruption.

There has been much ink spilt on the enactment of the new Bribery Act 2010, which came into force on July 1st 2011.

The Act sweeps away the common law of Scotland, England and Wales (see section 17) and a patchwork of statutory provision: the three principal Prevention of Corruption Acts are repealed, along with the piecemeal legislation hurriedly enacted in section 47 of the Criminal Justice Act (1988), sections 108 to 110 of the Anti-Terrorism Crime and Security Act (2001), and sections 68 and 69 of the Criminal Justice (Scotland) Act (2003), (see Schedule 2).

Westminster ratified the OECD ‘Convention on Combating Bribery of Foreign Public Officials in International Business Transactions’ as far back as December 17th 1997. The Bribery Act - which sets out to implement the UK’s Convention obligations – has been a long time in the making.

There was however a significant issue identified in the Peer Review process regarding the UK’s implementation of the Convention, specifically Article 8, which deals with “Accounting”.

Article 8 (taken short) provides that,

“[I]n order to combat bribery of foreign public officials effectively, each party shall take such measures as may be necessary, … to prohibit the establishment of … inadequately identified transactions, … the entry of liabilities with incorrect identification of their object, as well as the use of false documents, by companies … for the purpose of bribing foreign public officials or of hiding such bribery.”

The OECD Working Group – experts tasked with examining the implementation of the Convention into the law and regulatory framework of signatory states – were concerned prior to the passing of the Bribery Act, that UK law did not proscribe the “activities” set out in Article 8 of the Convention.

Accordingly, the Working Group made a “recommendation” in their report on UK compliance to that effect, for the UK to follow up (dated 21st June 2007).

Prior to that, the Working Group in their “Follow-Up Report on the Implementation of the Phase 2 Recommendations” (dated 17th March 2005), had observed that, in the UK

“[N]either company law nor accounting standards set out specific requirements in respect of the recognition, measurement, presentation or disclosure of matters relating to bribery offences.”

This followed on from a previous observation by the Working Group in the same Report that,

“[T]o date, the activities listed under Article 8 of the OECD Convention are not specifically prohibited under the United Kingdom legislation, and only basic requirements are imposed by law on companies to produce true and fair accounts.”

The DTI (as it then was) stated in its response to the Working Group that it had,

“assessed UK compliance with Article 8 and is confident that the requirements are met under UK company law …”

That is, the accounting regime set out in section 386 (Duty to keep Accounting Records) of the Companies Act (2006) are sufficient to meet Convention obligations in terms of Article 8

The Working Group further observed,

“[A]s regards internal controls and the role of company directors, companies are not obligated to maintain or report on the effectiveness of internal controls.”

It’s interesting to consider the observations of the Working Group set out above in the context of a ‘regulatory action’, which was to come to fruition in the UK in 2009. The Financial Services Authority (FSA) is the sole regulator of “authorised persons”, broadly, financial institutions. The FSA has a number of statutory objectives (see the Financial Services and Markets Act 2000), amongst which is fighting financial crime. It has statutory authority to promulgate ‘rules’ to govern “authorised persons”, in accordance with its remit to further its statutory objectives.

In December 2008 the FSA gave Aon Limited a Decision Notice pursuant to s.206 of the FSMA. This was followed by a Final Notice in January 2009 in which the FSA required Aon to pay a financial penalty of £5.25M (in an agreed settlement). The penalty related to a breach of the FSA’s Principles for Business (specifically Principle 3), which occurred between January 2005 and September 2007.

Principle 3 states that;

“a firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems”

It is worth quoting directly from the text of the FSA’s Final Notice.

“Aon Limited did not take reasonable care to establish and maintain effective systems and controls for countering the risks of bribery and corruption associated with making payments to non FSA-authorised overseas third parties (Overseas Third Parties) who assisted Aon Ltd in winning business from overseas clients, particularly in high risk jurisdictions. As a result, Aon Ltd made suspicious payments to a number of Overseas Third Parties amounting to approximately US2.5 million and €3.4 million …This gave rise to an unacceptable risk that Aon Ltd could become involved in potentially corrupt payments to win or retain business.”

Two specific issues singled out by the FSA in Aon’s conduct as breaches of Business Principle 3, also feature as “activities” proscribed in Article 8 of the Convention. The first relates to “inadequately identified transactions”. At paragraph 4.24 of the Final Notice the FSA stated,

“Other completed Third Party Agreement forms did not provide any information regarding the nature of the services the Overseas Third Party was performing for Aon Ltd”

The second activity proscribed by Article 8 relates to “the entry of liabilities with incorrect identification of their object”. At paragraph 4.25 (1) of the Final Notice the FSA stated,

“The terms of the agreement did not correspond with what Aon Ltd had been told by its client”.

It is noteworthy that the nature of the censure by the FSA directed at Aon Ltd was not the payment by Aon of bribes to overseas third parties to win or retain business; rather it was their not taking reasonable care to counter the risk of bribery and corruption when making a payment.

The regulatory regime established by the FSA directly links internal controls exercised in the course of business by an “authorised person” and financial crime. That is, without the necessity of the FSA proving the commission of a financial crime, in this case the payment of a bribe, the “authorised person” can be liable to a significant financial penalty. That would seem to be the import of Article 8 of the OECD ‘Convention on Combating Bribery of Foreign Public Officials in International Business Transactions’.


The regulatory regime established by the FSA is not available to the lead enforcement agency (the Serious Fraud Office) policing the Bribery Act, as the SFO is not tasked with a regulatory function similar to that of the FSA.

It would seem that the SFO to achieve the same outcome as the FSA in the Aon case, would have to establish one further step than the FSA were required to before the imposition of a financial penalty. Namely, prove the commission of an overt act of bribery. This would necessitate dealing wtih all of the ensuing evidential and admissibility issues.

It does not seem likely that section 386 of the Companies Act (2006), nor for that matter the terms of section 17 (false accounting) of the Theft Act (1968), could place the SFO in the enviable position of the FSA.

As the Hollywood scriptwriter wrote, “follow the money …” it would seem that the money trail for the FSA to follow is considerably shorter than that of the SFO! The next article will compare and contrast the ‘books and records’ provisions of the FCPA with the Bribery Act 2010.