In November 2011 the Swiss Criminal Authorities fined Alstom Network Schweiz AG (ANS) and stripped it of profits to a total amount of almost 60 million Euros.
ANS is a part of the Alstom Group, which is headquartered in France. It is active worldwide in the power and transport industries, undertaking large infrastructure projects, mostly for governments and government agencies, in most parts of the world. ANS was incorporated in order to centralise the monitoring and management of Alstom’s business units use of in country consultants who won business for them.
The Swiss Criminal Code criminalises the active bribery of foreign public officials, their equivalent of S6 of the Bribery Act. In addition Article 102 of the Code states that where there is an offence of bribery of a foreign public official the business concerned will be penalised if it is responsible for the bribery by failing to take all reasonable organisational measures required to prevent bribery.
This is obviously a direct equivalent of the offence created by S7 of the Bribery Act which imposes criminal liability on a business that fails to prevent bribery on its behalf, and the consultants employed would be associated persons under the UK legislation.
The organisational measures taken by ANS to prevent bribery were sensible and obvious. Internal guidelines forbade payment to consultants for bribes. To prevent bribes being paid consultants had to provide proof of the services they claimed payment for, and payment was only made after the proof was checked and verified. In addition consultants had to be established corporates operating and having bank accounts in the project country and no off shore or shelf companies were permitted to be consultants.
This would seem to be, to use the UK language, a perfect example of adequate procedures being in place designed to prevent associated persons bribing on the company’s behalf. So what went wrong?
The reason ANS was convicted and fined was that the excellent systems devised and put in place were simply not adhered to. Consultants were appointed in breach of the internal guidelines. Some payments were made to consultants appointed outside the guidelines that were used to pay bribes to win business.
More importantly, and the real lesson here, is that the reasons the guidelines were breached were that the employees of ANS charged with compliance responsibilities were not trained appropriately, did not have enough authority within the corporate structure to challenge what was happening and were under resourced to carry out their functions properly. In addition ANS was charged with sales support, which on the face of it was incompatible with effective compliance monitoring of sales consultants. It was a classic example of having good procedures in place that were not properly and effectively implemented.
One of the other issues which it is important to have regard to is how it came about that the Swiss authorities knew what had happened. This in itself is an object lesson for all businesses. During an audit Alstom’s accountants came across documents that evidenced bribery. Acting under their professional reporting obligations they informed the relevant authorities, but were of course not permitted to tell Alstom what they had done. The first Alstom were aware of anything untoward was when police and investigators raided their offices in a number of countries.
The message from these events is clear. The best procedures in the world are useless to prevent criminal liability if they are not properly implemented. That means training which is more than superficial, which creates not simply awareness of Bribery Act issues but also a genuine understanding of them. It means proper compliance resourcing, and recognition that in today’s regulatory landscape an under resourced compliance team can be a business’s weakest link.
An investigation for an allegation of bribery can bring huge reputational damage to a business. A conviction for failing to prevent bribery can bring huge fiscal damage to a business. What the ANS story highlights so clearly is that not getting Bribery Act compliance right in the first place, and then not keeping it effective, is a ridiculously huge risk for any business to take.