Australia moves a step closer to new corporate criminal offence of failure to prevent bribery of foreign public officials by "associates." Do you know who your associates are and what they are doing?
The Legal and Constitutional Affairs Legislation Committee has published its report recommending that the Crimes Legislation Amendment (Combatting Corporate Crimes) Bill 2019 (Cth) (the Bill) be passed by the Australian Senate. A copy of the report is available here.
The Bill would amend the Criminal Code 1995 (Cth) and Director of Public Prosecutions Act 1983 (Cth) and would bring Australia more in line with the regimes to combat corporate crime in the United Kingdom and other jurisdictions.
Key elements of the Bill are to:
- introduce a new offence of failure of a body corporate to prevent foreign bribery by an associate; and
- implement a Commonwealth deferred prosecution agreement (DPA) scheme.
What is an associate?
If the Bill is enacted, companies can be charged with a criminal offence if:
- an "associate" commits the offence of foreign bribery (under Australian law, or engages in conduct outside Australia that would constitute an offence under Australian law if that conduct occurred in Australia);
- that associate's conduct was "for the profit or gain" of the company;
- unless the company can establish that it had "adequate procedures" in place.
"Associate" is defined as "an officer, employee, agent, contractor or subsidiary of the other person, is controlled by the other person, or otherwise performs services for or on behalf of another person." This is a very broad definition and two particular categories should be carefully considered by companies:
The inclusion of "subsidiary" does not just capture wholly owned subsidiaries it captures entities:
- where the company controls the composition of the subsidiary's board;
- where the company controls more than half of the votes;
- where the company holds more than half of the share capital; and
- any entity that is a subsidiary of a subsidiary (applying these same tests).
This will mean that Australian parent companies can be liable under this section for the acts of their overseas and local subsidiaries even where they are not wholly owned. Companies need to carefully consider what procedures they have in place to ensure that such subsidiaries, particularly but not limited to subsidiaries in high risk jurisdictions for bribery, can be trained and monitored to ensure that they do not face liability.
Individuals or entities who "perform services for or on behalf of" the company
The inclusion of this category takes the scope of the offence beyond those who might usually be seen as the responsibility of the company as agents or contractors. For example, a distributor would usually not be considered to be an agent, but if, for example, their contract includes the provision of marketing or promotional services for the company then they might be considered to be an associate.
What does "for the profit or gain of the company" mean?
Companies will not be responsible for all actions of their associates. This is because the associate's conduct must also be for the "profit or gain" of the company. For example, one entity might be an agent for multiple companies and if it pays a bribe for another company that does not result in liability for your company (although of course there may be reputational consequences).
Whilst the concept of "for the profit or gain" is not further defined in the Bill, the Explanatory memorandum notes that "the ordinary meaning of these words, however, is very broad. ‘Gain’ would include any sort of benefit or advantage to the body corporate. The term would cover, for example, situations where a company benefits merely because it is the beneficial owner of a subsidiary company that commits the foreign bribery offence."
What are adequate procedures?
If a company can demonstrate that it had "adequate procedures" in place to prevent foreign bribery by associates this will constitute an adequate defence. Once the legislation is enacted, the Attorney-General will be required to publish guidance on the adequate procedures. In the meantime, companies should familiarise themselves with the draft guidance which provides that "adequate procedures" in a company bribery prevention policy include:
- risk assessment and due diligence procedures;
- whistle-blower reporting mechanisms;
- monitoring and reviewing compliance programs;
- board and managerial-level dedication to foreign bribery prevention; and
- staff training.
These procedures are based on equivalent guidance from the UK and other jurisdictions. Even so, when the Australian guidance is finalised companies should still ensure that they check their current procedures against the Australian guidance.
In preparation for the legislation coming into effect, companies should ensure that their compliance programs feature:
- a clear pro-compliance conduct by top management level;
- a strong anti-bribery compliance function;
- effective risk assessment and due diligence procedures; and
- careful and proper use of third parties.
The measures should be proportionate to the company's circumstances. However, case law in the UK has demonstrated that even small companies may have to have more substantial procedures in place than Codes of Conduct, financial controls and anti-bribery clauses in contracts in order to escape liability.
This proposed "failure to prevent" offence will carry a maximum penalty of either an AUD 21 million fine, 10% annual turnover of the company in the 12 months before the conduct occurred, or three times the benefit gained.
Deferred Prosecution Agreement scheme (DPA)
The Bill will also introduce a DPA regime to encourage companies to self-report serious misconduct to Australian authorities. The DPA is a regime already used in the United States and has also been introduced to the United Kingdom, France, Canada, Singapore and Japan.
The terms of the DPA may require the corporation to cooperate with an investigation, pay a financial penalty, admit to agreed facts detailing its misconduct, and implement or improve a compliance program.
If a company self-reports misconduct and enters into a DPA with the Commonwealth Director of Public Prosecutions (CDPP), it will provide a level of certainty that an investigation has concluded, and the company's exposure to pay a civil penalty will be known. Another benefit for companies is that there will be no court findings (and no admission of guilt) that the company has contravened the law.
Companies will need to weigh up these benefits against the risks associated with entering into a DPA. It is possible that the CDPP may not be willing to negotiate entering into a DPA with a company even if the company self-reports misconduct. Another risk is the potential for private class actions or civil claims in connection with the statement of agreed facts under the terms of the DPA, which could result in further financial exposure to the company.
Steps companies should take
Given the increasing likelihood that the Bill will be enacted companies should be:
- reviewing their compliance procedures and asking themselves the question - "are they adequate";
- considering who their "associates" are, including potentially reviewing contractual terms to consider who provides services on their behalf, what oversight and control they have in relation to their conduct and what they know about their compliance procedures; and
- considering what visibility and oversight there is in relation to subsidiaries, both in Australia and overseas.