Hogan Lovells

ComplexContracting | Supply Chain

Supply Chain: Issues & Analysis: Bribery and Corruption

1. Overview 

Businesses are exposed to risk for corrupt acts in their supply chains. Bribery or corruption can trigger severe consequences for you even if not undertaken by your own employees.

It is essential for businesses to have in place systems to manage their own compliance with anti-bribery rules. However, it is equally important to look beyond your business, to the exposure you have to things that may happen elsewhere in your supply chain.

Potential Risks 

Fines imposed on conviction or agreed to as part of settlements can total tens or hundreds of millions of US dollars. Internal anti-bribery investigations can take up management time and prove highly expensive.  Companies found guilty of bribery may also find that they are debarred from tendering for public contracts. 

Even the mere allegation that a business has paid bribes can severely damage its reputation and share price, not least because other private sector companies concerned to protect their own reputation may choose to steer clear of companies that are under investigation for bribery.  

At the same time, individuals (including senior management) involved in corporate bribery are being increasingly targeted for prosecution and can face lengthy jail terms.

There may also be further indirect impacts , if one of your suppliers is fined or sent to prison for bribery, this may have business continuity implications. 

2. Global Legislative and Enforcement Trends  

The last decade has seen increasing international pressure on countries to strengthen their anti-bribery legislation and increase enforcement of laws preventing bribery by their nationals overseas.  International bodies and supranational organisations including the UN, EU and African Union have been active in this area, and the OECD has put in place a framework for monitoring and periodically reporting on how well signatories to its Anti-Bribery Convention are performing in implementing the Convention's requirements.

Recent Anti-Bribery Legislation

This international pressure has borne fruits. The UK, France, Italy, Spain, Russia, Canada, Brazil and China have all passed new anti-bribery legislation or strengthened existing laws since 2010, and India is due to do so imminently. 

As a result, companies need to consider the impact not only of local anti-bribery laws, but also the effect of laws with extraterritorial effect such as the US Foreign Corrupt Practices Act and UK Bribery Act 2010.

Four trends are clearly visible:

A. The circumstances in which corporates can be held liable are widening

To take the position in the UK as an example, it used to be the case that a company could only be held criminally liable for bribery if the company's most senior management was involved. Under the Bribery Act 2010, a company is now liable if anyone who performs services for or on the company's behalf (a so-called "associated person") pays a bribe for the company's benefit.  Associated persons can include suppliers, distributors, contractors, agents, sales intermediaries etc.  

B. Countries are increasingly asserting jurisdiction over conduct outside their borders

An increasing number of countries now assert jurisdiction over acts of bribery committed by their nationals while overseas.  Some countries, notably the UK and US, have taken matters even further.  Notably, eight of the ten largest corporate FCPA settlements have involved non-U.S.based companies.  Moreover, if a company "carries on a business" in the UK, that is sufficient to bring the company within the jurisdictional reach of the Bribery Act, even if the company is incorporated outside the UK and the bribe is paid outside the UK.  While it remains to be seen how the courts will interpret this provision, it may be sufficient if, for example, a company has shares listed on the London Stock Exchange.

C. Tolerance for facilitation payments is decreasing

"Facilitation payments", also known as "grease" or "speed" payments, are increasingly being seen as indistinguishable from other forms of bribery.  This is visible from a 2009 recommendation by the OECD that its member states should encourage companies to prohibit or discourage the use of facilitation payments.  

It is also apparent from Canada's decision in the summer of 2013 to phase out (albeit at a future date to be determined) its exemption for facilitation payments. Even in the US, where the FCPA contains an exemption for facilitation payments, this is being narrowly interpreted by the US authorities.

D. More countries are actively enforcing laws against overseas bribery

In the past, the only really active enforcer of laws prohibiting foreign corruption was the US.   

Enforcement against Foreign Bribery

However, spurred on by the OECD, other countries including the UK, Germany and Italy are now catching up.  The map shows the level of enforcement activity amongst OECD members.

Non-OECD members are also becoming more active in enforcing their anti-bribery laws.  For example, last year saw the Chinese authorities commence investigations against more than a dozen domestic and foreign pharmaceutical companies for alleged bribery of doctors. 

3. Impact on the Supply Chain

To assess the impact of these issues on the supply chain we can examine the position of an entity in a supply chain such as this.

  • How far upstream and downstream does that potential legal exposure go (i.e. for whom in the supply chain is there potential legal liability)?
  • Does the entity need to adopt compliance procedures in relation to the entirety of my supply chain?

There are two central questions:

A. Does the individual or entity perform a service for me or on my behalf?

The highest risk of being criminally liable for bribes paid by a third party is where that third party performs a service for or on your behalf. In these circumstances, the third party will often be termed an "associated person".  

By contrast a company that sells you goods, or to whom you sell goods in an arms-length transaction, is less likely to fall within this category.  As part of your risk assessment, consideration needs to be given to the contractual framework within which entities in your supply chain are operating.  


Take the example of a simplified supply chain:

Simplified Supply Chain 

If the Importer has contracted with the Processor in relation to the importation of raw materials, then the Importer is performing a service for the Processor, and the Processor may be liable for bribes paid by the Importer.  

However, unless there is also a contractual relationship with the Manufacturer, the Importer is not performing a service for or on behalf of the Manufacturer, and it is unlikely that the Manufacturer will be liable for bribes paid by the Importer.

B. How much control do I have over this person/entity?

The degree of control that you exercise over a person/entity will impact on the measures that you are required to take to prevent bribery on their behalf.  The greater the control the greater, the greater the extent to which you will be expected to exercise responsibility.

As a general principle, a spectrum of control can be identified with respect to this responsibility with control at its greatest in the case of those in whom you have an ownership or managements interest, significant for your direct contractual counterparties and least for those further away in the supply chain.

Supply Chain Protections to Consider 

 4. Broader Risk Mitigation Strategies

Faced with toughening anti-bribery legislation and increased levels of enforcement, the safest course of action that companies can adopt is to implement a robust anti-bribery compliance programme.  The laws of some countries (including the UK, Russia and Spain) either positively require that companies have a compliance programme in place or provide that it is a defence if the company can demonstrate that it has a compliance programme in the event that one of its "associated persons" pays a bribe.  In other countries (e.g., the US), prosecutors will take the strength, of  company's compliance programme into account when determining whether to prosecute and what level of penalties are appropriate.

For a corporate group operating in multiple countries, the safest approach is to adopt a compliance programme that accords with global best practice and that is designed with the tough standards of the FCPA and Bribery Act in mind.  It may then be appropriate to take local advice to refine the programme and ensure that it complies with all applicable requirements. 

For companies in a supply chain, there are three key stages in developing an anti-bribery compliance programme, summarised in the following diagram.

Compliance Programme










The first stage is to conduct a risk assessment. The purpose of this assessment is to enable you to gain an overview of your company's "associated persons" – for whom the company can be held liable if they pay bribes – and assess whether they pose a high or low risk by reference to relevant factors such as their country of operation, exposure to public officials, etc.  The level of scrutiny should increase if red flags emerge.  The risk assessment will also throw up weaknesses in controls and potential areas of risk within the company itself.  

The second stage is to design an appropriate due diligence process for third parties and training, policies and procedures for your company's employees. These will be informed by the results of the risk assessment, which will indicate where the company should focus its efforts. Contractual provisions requiring other entities in the supply chain to comply with anti-bribery laws and, in appropriate circumstances, implement an anti-bribery compliance programme, should also be considered.

The final stage of monitoring commences once a due diligence process and training, policies and procedures for employees are up and running. Monitoring of third-party relationships may include, where appropriate, periodically updating due diligence, exercising audit rights, providing periodic training, and requesting annual compliance certifications by the third party. Periodic training and updating of employee certifications may also be appropriate.  As the business develops, new risks may emerge and there may be specific incidents which require adjustments to the anti-bribery programme.