Blogs

After heated discussions, delays and even a false start, the UK Bribery Act 2010 has finally taken effect this summer.

The Bribery Act intends to respond to threats to sustained economic progress in developing and emerging economies and to enforce the proper operation of free markets. The Serious Fraud Office (SFO) – part of the British Ministry of Justice is responsible for enforcing the Bribery Act against foreign corrupt payments. The Bribery Act applies to all companies that do business in Britain and will;

• Make it a criminal offence to give, promise or offer a bribe and to request, agree to receive or accept a bribe either at home or abroad. The measures cover bribery of a foreign public official.
• Introduce a corporate offence of failure to prevent bribery by persons working on behalf of a business. A business can avoid conviction if it can show that it has adequate procedures in place to prevent bribery.
• Increase the maximum penalty for bribery from seven to 10 years imprisonment, with an unlimited fine.

The new act is called “FCPA on steroids” because it is even stricter than the already harsh Foreign Corruption Practices Act that is enforced by the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) in the US.

The UK Bribery Act does significantly expand the scope of inquiry and enforcement from just the government dealings covered under the FCPA to encompass commercial bribery and makes main offences both active and passive (i.e. giving and receiving).

The UK Bribery Act also explicitly prohibits facilitation payments, while the FCPA has a carve-out of such small, "one of" payments to expedite performance of routine governmental actions.

At first glance, the UK Bribery Act is stricter than previous anti-corruption laws, including the FCPA. Because of the expansive reach of its jurisdiction, any company that conducts any part of its business in the UK should immediately re-examine its anti-bribery policies and prevention efforts. Failure to do so can result in unlimited fines and even imprisonment.

Fortunately, proactive companies that establish adequate procedures to prevent bribery can avoid prosecution.

How to Defend Yourself?

In case of offenses, organizations can defend themselves if they can prove adequate procedures are in place to prevent bribery. A solid risk assessment is the foundation for the design of an adequate anti-bribery program.  The actions that follow the risk assessment should be proportionate to the risks a company face and to the size of the business.

The guidance of the British Ministry of Justice provides 6 principles that will help you decide what you need to do:

• Proportional procedures.
• Top level commitment.
• Risk assessment.
• Due diligence.
• Communication.
• Monitoring and review.

Technology is Essential

Information management technology solutions ideally help address today’s compliance, risk, e-discovery and early case-assessment challenges, but organizations must implement the right tools—if there is something out there that is relevant to a case, it must be found. The best positioned tools are those that are optimized for high recall, that can also find non-obvious issues such as misspellings, word patterns, concepts or people that do not want to be found and are deliberately hiding information. In this context, advanced search, text analytics and data visualization are very important.

Workflow, data identification and collection technologies are what is needed for the legal hold, identification and collection process. Both corporate legal and IT organizations are in great need for technology that will help manage the first phase of an electronic information request. In this phase there is more demand for technology to addresses the specific e-discovery process.

Automatic content-based archiving will solve the enterprise information management problem. Text analytics and text mining are also essential in this phase. Many organizations are implementing this last phase in the development of the e-discovery marketplace in order to realize proper enterprise information management.

Data monitoring technology is required for ongoing auditing and compliance on dynamic and static (archived) data. Known current awareness and selective dissemination of information (SDI) technology from the intelligence and security industry is going through a second live phase due to these new (corporate) compliance requirements.

Litigation Response and Readiness are Moving Targets

While the latest e-discovery and information management technologies have made great progress toward putting organizations in control of their information assets and liabilities, the environment is dynamic and requires solutions that can scale and adapt to new realities:

• The legal industry is one of the most conservative industries out there. Adoption of new technology is not a revolutionary process, but an evolutionary one which leads to higher costs from prolonged inefficiency.
• The use of new social media such as Twitter and Facebook and non-searchable multimedia platforms like YouTube is growing exponentially.
• With the introduction of cloud computing, information is everywhere and nowhere at the same time.
• The number of law suits will only increase in the coming years due to the credit crisis, but also due to the increasingly litigious nature of our society.
• Therefore, the only real solution to solve the e-discovery burden now and in the future is to start properly managing all of your enterprise information as part of daily operations.

Reaction Mode versus Smart, Proactive Practices

In-house e-discovery systems are generally implemented to investigate a specific legal matter, but more and more organizations are looking for a solid and robust foundation from which to pursue proactive, enterprise wide objectives for information management.

In fact, the costly and disruptive nature of e-discovery often triggers a broader information management initiative championed by executive leadership.

Proper information management initiatives may be based upon principles similar to e-discovery (i.e., identification, collection, review, etc.), but it often requires additional technology, procedures and user training to help organizations achieve corporate governance despite the continued— and rapid—growth of their data populations.

Information management involves not only archiving, but also the implementation and enforcement of retention and disposition schedules to ensure organizations are not storing vast volumes of information unnecessarily. It is actually quite similar to the culling process during e-discovery, yet in a broader form that is widely adopted as part of daily operations in all departments.

Email, SharePoint, HRM files, project files, customer files, official company records and legal contracts all contain potential future legal liability and cost considerations.  For example, retaining 100,000 emails—which may have important files attached—in one’s inbox, sent folder or hard disk exposes the organization to more risk and unnecessary storage costs. And the vast information stored on backup tapes and in MS SharePoint collections in a completely unstructured format presents its own potential risks, especially if the data is related to projects or litigation involving human resources or C-level management. Organizations will always have these types of unstructured data sets, but their potential risk can be managed by the right information management technology and protocol.

Information collections such as the ones noted above need to be ordered and classified in a filing plan, which can be done in a rather straightforward and pragmatic way. This action limits the amounts of data (and thus the potential cost of litigation), makes early case assessment possible on your live data, and limits the need for the expensive processes to collect and preserve all data in advance.

In the end, an organization will become litigation ready by making litigation response as unobtrusive as any other daily operating procedure.

Companies that are trying to comply with increasingly harsh international regulations on fraud and corruption would be wise to explore the added value of technology to support and enforce their anti-fraud and compliance strategy.

Recommendations on how to prepare for the UK Bribery Act

Prevention is better than cure, every company should use technology either to ‘Discover' when you need to responds to investigations and litigation (and regulator is coming in) or to ‘Detect' beforehand by regular compliance checks. There’s no modern legal investigations practice without modern technology and all the law enforcement and regulatory agencies use it.

Technology is essential and the possibilities are abound: advanced culling; processing and (forensic)  full-text indexing; concept and fuzzy search; automatic pre-classification of documents into privileged, claim-related and non-related documents; intelligent redaction; machine translation; pattern recognition; relevance ranking; exact and near de-duplication; email trail visualizations; and many other smart and innovative solutions.

However, organizations need more than just software. Organizations should also rely on professional services from specialists and—just as importantly best-practice methodologies including quality control, reporting and auditing that will help organizations bring e-discovery, records management, risk control and compliance in-house in a defensible manner.