The Bribery Act 2010: Ten years on

What Is the UK Bribery Act 2010?

The UK Bribery Act 2010 is a robust piece of legislation in the UK designed to combat bribery and corruption. It establishes offences for active and passive bribery, bribery of foreign officials, and the failure of commercial organisations to prevent bribery. The act has extraterritorial reach, holding UK individuals and organisations accountable for bribery committed abroad. Penalties for individuals include imprisonment and fines, while commercial organisations face unlimited fines. The act emphasises the need for organisations to have “adequate procedures” in place to prevent bribery and sets clear principles for establishing such measures.

Anti-bribery and corruption laws in the post-Brexit world

The Bribery Act 2010 came into force in July 2011. For UK businesses operating in the emerging and frontier markets its effect was seismic. Organisations were suddenly faced with having to comply with some of the toughest anti-corruption rules in the world. As we approach ten years on, we reflect on some of the key convictions of the last decade.

R v Patel, 2011

This was the first conviction under the Bribery Act. Mr Patel, who worked at Redbridge Magistrates Court, was found guilty of accepting bribes in return for arranging escape from disqualifications, fines or points on their licences for those who came before the Court for driving offences. Mr Patel’s conduct amounted to the systematic perverting of the course of justice including at least 53 cases. It lasted over a year and it netted Mr Patel over £90,000. On appeal, the sentence (which also reflected other offences) was reduced from six to four years’ imprisonment.

R v Mushtaq,  2012

In this case Mr Mushtaq was successfully prosecuted under the Act for offering (as opposed to receiving) a bribe. He had failed a driving test before an Oldham Council licensing officer.  He was required to pass the test to obtain a taxi licence. Mr Mushtaq then offered the officer a £200 bribe in exchange for changing the test to a pass. The officer refused the bribe and the matter was reported to the police. Mr Mushtaq was sentenced to two months’ imprisonment and suspended for 12 months with a two-month curfew order.

R v Yang, 2013

Mr. Yang, a Chinese postgraduate student, attended a UK university but failed to pass his dissertation by a few marks and offered his professor £5,000 in cash in exchange for raising his grade. The professor refused. As Mr. Yang was putting the cash away a loaded air pistol fell out of his pocket. He pleaded guilty to bribery and possessing an imitation firearm and was sentenced on 23 April 2013 to 12 months’ imprisonment and also ordered to pay £4,800 in prosecution costs.

First corporate conviction, 2014

The first major conviction under the Bribery Act in a corporate case was made at Southwark Crown Court in December 2014.  The charges were brought by the Serious Fraud Office and related to an alleged “Ponzi scheme” involving Sustainable Agroenergy Plc, a company that had promoted biofuel investment products linked to tree plantations in South-East Asia. Investments of tens of millions of pounds, predominantly consisting of pension savings, were obtained on the basis of fraudulent representations as to the state of the plantations and the commercial viability of the venture. The total value of the fraud was £23 million. Following the failure of the plantations, the group of companies to which the Sustainable Agroenergy Plc was part of was placed in administration. The SFO brought charges of conspiracy to commit fraud by false representation, fraudulent trading and conspiracy to disseminate false information, against all the defendants. Three men were convicted for a total of 28 years.

First failure to prevent conviction, 2016

In 2016, the Serious Fraud Office successfully secured its first conviction under section 7 of the UK Bribery Act 2010, known as ‘failure to prevent bribery’. On 19 February 2016, Sweett Group PLC, a UK-based construction and professional services company, was convicted for the offence of failing to prevent its subsidiary Cyril Sweett International (CSI) from paying bribes on its behalf. The unlawful conduct took place over a three-year period from 2012 to 2015 in the United Arab Emirates. 

First contested Section 7 conviction 2018

In 2018, Skansen Interiors became the first case where the “adequate procedures” defense was rejected by a jury. Skansen declined to plead guilty to the failure to prevent offence on the grounds that it had adequate procedures in place to prevent bribery. Although its controls were limited, it argued that they were proportionate for a small company operating only in the United Kingdom. The jury did not agree and returned a guilty verdict. Given that the company had no assets by this time, the only penalty available was an immediate discharge.

What next for the Bribery Act?

The UK didn’t introduce the law because of pressure from the EU. Rather, it was a broader international consensus that found the UK’s laws outdated. It’s unlikely then that British bribery laws will be watered down. Conversely, given the UK’s new positions on tax compliance, cutting out major parts of DAC6 for instance, if a blind eye is turned towards grey-area financial crime such as tax avoidance, then the more obvious crimes of bribery and corruption could be in for additional scrutiny.

VinciWork’s online anti-bribery training

It’s imperative that all organisations offer annual bribery training as part of their adequate procedures. VinciWorks will soon be releasing a new bribery course called Anti-Bribery: Fundamentals. The course is suitable for all types of users in an organisation, from rookies to veterans, and begins with a unique course builder to ensure that every user completes their own personalised course, individually tailored to their training requirements.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.