Australia has moved a step closer to the introduction of a new corporate offence of failing to prevent foreign bribery. Proposed amendments to the Criminal Code will seek to hold corporations criminally liable where an ‘associate’ bribes a foreign public official. Associates could include officers, employees, agents, contractors, subsidiaries and controlled entities of the corporation. The new offence would be coupled with an ‘adequate procedures’ defence. In the event of an incident, the corporation would have a defence if it could show its anti-bribery and -corruption (ABC) program included ‘adequate procedures’ to prevent foreign bribery. So, what are ‘adequate procedures’? The Minister will publish guidelines following public consultation, but the Attorney General has already indicated the guidelines will be principles-based and informed by the guidelines issued by the UK Ministry of Justice following promulgation of the UK Bribery Act 2010. Those UK guidelines set out six principles for the development of adequate procedures, set out below, together with some key questions for Boards and Executives. 1. Proportionate procedures Clear, practical and effectively implemented procedures to prevent foreign bribery – proportionate to the risks faced. Do you have a clear corporate policy prohibiting bribery and corruption? Do you know who all your associates are, and does the corporate policy cover them? Is your corporate policy supported by clear and practical procedures? Do you have accessible reporting channels, enabling confidential reporting – and are they promoted? Do you have robust processes in place to respond to concerns? 2. Top-level commitment Top-level management are committed to preventing bribery by persons associated with the organisation. They foster a culture within the organisation in which bribery is never acceptable. Does your Executive articulate a zero-tolerance approach to bribery and corruption? Are integrity messages embedded into corporate communication, and the management of employee performance? Is the tone coming from the middle as well as the top? 3. Risk assessment The organisation regularly assesses the nature and extent of potential external and internal bribery risks involving persons associated with it. Have you defined your risk appetite? Is the management of bribery and corruption risk underpinned by an assessment of the risks, their likelihood and consequences? Do you have a defendable process to manage risks? 4. Due-diligence Proportionate and risk-based anti-bribery due diligence procedures are deployed on all persons and entities that will (or do) perform services for the organisation. Do you conduct firmly established, risk-based due diligence of staff and third parties? 5. Communication (including training) The organisation ensures that its bribery prevention policies and procedures are embedded and understood throughout the organisation, through internal and external communication which is proportionate to the risks. Does corporate communication convey the tone from the top? Are training needs identified and responded to? Does training enhance awareness and understanding of the organisation’s ABC policies and procedures? 6. Monitoring and review The organisation monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where necessary. Have to allocated ownership to designated individuals for managing bribery and corruption risk? Is there a process for monitoring and reviewing the effectiveness of ABC processes? How is the effectiveness of your ABC program assessed? Care is needed here. Regulators are on the look-out for ‘cookie-cutter’ approaches and organisations need to ensure that their ABC programs are carefully considered, particularly given the likely broad definition of ‘associates’ covered. Ensuring that level of care, of course, means starting with a foreign bribery risk assessment. And yet, in 2017, we surveyed risk leaders across Australian and New Zealand about their experiences and perceptions of bribery and corruption. In our report, One Step Ahead, we revealed that not only had more than half not conducted such an assessment, but almost half also did not expect to implement or upgrade an ABC framework in the next five years. Risk assessment is the cornerstone of an effective ABC governance framework. Without it, an organisation cannot be assured that it has an accurate picture of its risk, upon which to base proportionate and effective adequate procedures. The absence of such an assessment can be a key enabler for non-existent, ineffective or onerous controls. Now that ‘adequate procedures’ may become a matter of law, there is even more reason to reflect on your ABC program. Do you really have those procedures, and are they really adequate? New systems take time to embed, and we have some indication of the probable contours of the ‘adequate procedures’ already. Now, then, is the right time to start considering your level of exposure. Deloitte’s ABC subject matter experts offer insights from their work within the US and UK systems that this legislation might emulate, and combine this knowledge with practical understanding of the realities of supply chain management and modern business environments. Talk to us about how to make your organisation more resilient to these risks, and in turn deliver your mission more safely and sustainably.