What every SME can learn about bribery risk

The recent sentencing of two company directors and two NHS employees in Scotland serves as a powerful reminder: Bribery and corruption are not confined to multinational corporations or overseas dealings. They can, and do, occur in small, seemingly innocuous firms operating in local markets.

The case, which culminated in a landmark conviction at the High Court in Glasgow, involved Oricom Ltd, a small Ayrshire-based telecommunications company that grew from humble beginnings into a supplier for multiple NHS Scotland health boards. Its rise, however, was tainted by a web of  false invoicing, bribery and abuse of public trust. This isn’t just a story of  corruption. It’s a wake-up call for small and medium-sized enterprises (SMEs) everywhere.

A shed-to-scandal story

Oricom started in 2008 with modest ambitions, operating out of a garden shed. By 2010, it was securing multi million-pound public contracts for telecoms and video conferencing systems across NHS Lothian, NHS Lanarkshire, NHS Greater Glasgow and Clyde, and others.

But behind those deals lay serious breaches of trust. The company’s directors, Adam Sharoudi and Gavin Brown, secured lucrative contracts not through merit, but through bribes and kickbacks paid to NHS insiders Alan Hush and Gavin Cox, who abused their positions of public authority to award contracts unfairly.

One contract alone was worth over £3 million. In return, Hush received cash payments and gifts totalling over £18,000; Cox received over £70,000. The bribes may appear modest when compared to headlines involving millions exchanged in global corporate scandals, but they were enough to subvert public procurement processes and divert NHS funds.

The scale of the corruption

Investigations by NHS Scotland’s Counter Fraud Services (CFS), supported by Police Scotland and digital forensic experts, revealed the depth of the scheme. Over 4,000 items of evidence were reviewed. More than 250 witnesses were interviewed. Text messages showed NHS staff explicitly requesting “commission” in exchange for contract favours. Evidence of inflated, duplicated,or false invoices uncovered how public money was misused.

Lord Arthurson, the presiding judge, said the case demonstrated the “corrosive effect of corruption upon commercial and public life.” The individuals were each sentenced to between six and eight years in prison, a striking result for a case involving relatively small bribes but large consequences.

A lesson for SMEs

This case shatters a common myth that bribery only affects large, international organisations operating in high-risk jurisdictions. In reality, any company can be at risk and that risk is amplified when there is a lack of internal controls or ethical oversight. SMEs are particularly vulnerable. Many are still growing, have lean operations and may not see the need for formal anti-bribery and corruption policies. But this mindset can be dangerous. Specifically, in this case, the absence of strong compliance processes allowed a culture of unethical shortcuts to take root. Bribery wasn’t a backroom anomaly: It was the business model.

Why anti-bribery measures matter

The UK Bribery Act 2010 imposes a strict liability offence on companies that fail to prevent bribery. The only defence is to demonstrate adequate procedures were in place to prevent such misconduct. This applies to companies of all sizes.

For SMEs, this means:

• Implementing clear anti-bribery policies
• Conducting due diligence on suppliers, clients, and third parties
• Training staff regularly on recognising and reporting red flags
• Maintaining accurate financial records to prevent and detect false invoices
• Establishing whistleblowing channels that are confidential and accessible 

Even modest hospitality, gifts, or commissions, especially involving public officials, can fall foul of the law if not transparently handled.

The wider implications

This conviction also reinforces the strength of UK enforcement. Despite the relatively low monetary value of the bribes, the Crown Office and Procurator Fiscal Service (COPFS) pursued a lengthy 16-week prosecution. Their success sends a clear message: bribery of any scale will be taken seriously.

Moreover, for public sector suppliers, the consequences of unethical behaviour go beyond legal penalties. Reputational damage, disqualification from future contracts and the loss of public trust can be business-ending.

The Oricom case is a warning shot to the private sector, not just about what can happen, but what will happen when companies lack proper safeguards.

Bribery isn’t always about lavish gifts or offshore accounts. Sometimes, it’s a text message, an under-the-table payment or a favour that goes unrecorded. And sometimes, it’s enough to shake public institutions, drain taxpayer money and land people in prison.

Every company, whether a startup in a garden shed or a multinational in a skyscraper, needs to take anti-bribery compliance seriously. Because the cost of getting it wrong isn’t just financial. It’s criminal.

Want to know how to manage and mitigate your bribery risks? With gamified learning, customised content and real-life scenarios, VinciWorks’ suite of anti-bribery courses will ensure your entire staff is trained to avoid corruption. Get it here.

And don’t miss our upcoming webinar, How to avoid a bribery prosecution: Lessons from the SFO and recent case studies. Register here.