I’ve just returned from a trip across the pond where I spoke at IQPC’s Information Retention and eDisclosure Management conference, which was well attended by both local practitioners and experts from the States.
In addition to numerous discussions comparing and contrasting the US e-discovery and UK e-disclosure practices, there was also a ton of time spent focusing on regulatory compliance. In particular, the Bribery Act 2010 was a hot topic, not surprisingly given its looming implementation date of July 1.
It occurred to me that both with the Bribery Act and its kissing cousin, the FCPA, the UK and US are strikingly similar in many ways. We both speak the same language (sort of), but there are any number of things that are just different enough that Americans must take pause. As an easy example, crossing the street in London can be a perilous journey given our tendency to “look left.” Fortunately our friends abroad don’t want their lorries dented up by hapless yanks so they kindly paint numerous “look right” signs on street corners throughout their fair city.
As e-discovery and e-disclosure continue to mature in their respective lands, the sense is that the difference will rapidly become obscured, especially in light of how well the countries seem to be collaborating around best practices and civil procedure standards. During the judges’ panel at the IQPC event, noted e-discovery legends (Judges Grimm, Peck and Facciola) roundly complimented the UK’s disclosure process, often describing how much the US can learn from our allies.
Similarly, it’s interesting to see how the Bribery Act has “gone to school” on the FCPA. For the past decade or so the UK has been criticized for its Laissez-faire attitude towards commercial bribery, particularly with a glaring gap in applicable legislation (like the FCPA). And, while a wee bit late to the party, the UK finally enacted its anti-bribery statute (on April 8, 2010), curiously dubbed the “Bribery Act 2010,” which in many way leapfrogs the 34 year old FCPA.
While ostensibly similar, the Act differs from the FCPA in a number of ways, many of which broaden applicability. For example, unlike the FCPA, the Act covers bribes to both the public and private sector and does not make an exception (like the FCPA) for facilitation payments (small payments given to public officials to speed up a routine service). Similarly, the Act applies to all organizations that do business in the UK, even if they’re not based there, and even if the bribery occurs in another country.
The Bribery Act was originally scheduled to become effective in October of last year but, after numerous delays and outcries from the business community, the Ministry of Justice recently issued its “Bribery Act 2010: Guidance” and announced that the Act will finally take effect on July 1, 2011. This guidance has been eagerly awaited by anxious enterprises given the extremely broad potential of the Act.
In concert with the recently promulgated prosecutorial guidelines, the guidance document gives some insight into how UK prosecutors (as enforced by the Serious Fraud Office) will initially decide who to pursue and then how the Act will be applied. Fortunately, the promulgated guidance documents suggest that the Act is “directed at making life difficult for the mavericks responsible for corruption, not unduly burdening the vast majority of decent, law-abiding firms.”
To this end, the Guidance states that “[i]t is a full defence for an organisation to prove that despite a particular case of bribery it nevertheless had adequate procedures in place to prevent persons associated with it from bribing.” It is these “adequate procedures” that provide a safe harbour of sorts and therefore should be perused quite carefully by impacted organisations to ensure that their compliance programs are up to muster. The following six “guiding principles” are designed not to be prescriptive or “one-size-fits-all,” but rather to suggest a “risk-based” and proportionate approach to managing bribery risks.
1. “Proportionate procedures: A commercial organisation’s procedures to prevent bribery by persons associated with it are proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisation’s activities. They are also clear, practical, accessible, effectively implemented and enforced.
2. Top-level commitment: The top-level management of a commercial organisation (be it a board of directors, the owners or any other equivalent body or person) are committed to preventing bribery by persons associated with it. They foster a culture within the organisation in which bribery is never acceptable.
3. Risk assessment: The commercial organisation assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented.
4. Due diligence: The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.
5. Communication (including training): The commercial organisation seeks to ensure that its bribery prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication, including training, that is proportionate to the risks it faces.
6. Monitoring and review: The commercial organisation monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.”
Organisations looking for clarity should certainly start with an analysis of how well their existing anti-bribery procedures (many likely designed with the FCPA in mind) map to the six principles. The hope of many is that the Bribery Act won’t inherently require a complete reboot for entities trying to comply.
Instead, a more measured and reasonable goal should be to have complaint entities examine the Act to see if any augmentation is necessary. Fortunately, the Guidance principles are peppered with terms like “proportionate”, “risk-based” and “practical” that should give solace to the entities that had significant indigestion when the Act was first released.
Traditional e-discovery solutions may very well be called into duty to help augment an organisation’s “adequate procedures” particularly regarding the “risk assessment” and “due diligence” principles. These two principles specifically call out procedures that proactively facilitate:
- Identification of the internal and external information sources that will enable risk to be assessed and reviewed.
- Accurate and appropriate documentation of the risk assessment and its conclusions.
- Conducting direct interrogative enquiries, indirect investigations, or general research on proposed associated persons.
- Appraisal and continued monitoring of recruited or engaged “associated” persons may also be required, proportionate to the identified risks.
Re-purposing of e-discovery tools in this compliance context makes sense given how things have played out here in the States with the FCPA and provides yet another way to rationalize bringing solutions in-house. In this scenario the advanced analytical components will likely come more into play than will the downstream review and production elements. This expansion of traditional e-discovery concepts, procedures and applications is logical and coincides with a leftwards movement on the EDRM spectrum.
It’s also aligned with rapidly expanding notions of IMRM and information governance. I postulate that soon it will be too limiting to just talk about pure “e-discovery”tools since it inherently leaves out the rest of the compliance story. In addition to looking “right” we’ll also need to look “left” (on the EDRM) to take into account use cases like the Bribery Act.