Guide
Bribery Act 2010: compliance for businesses
How to prevent bribery in your business and comply with the Bribery Act 2010. Covers the Section 7 corporate offence, the "adequate procedures" defence, the six principles for prevention, due diligence on third parties, and penalties including unlimited fines for organisations.
The Bribery Act 2010 is the UK's principal anti-corruption legislation. It creates criminal offences for individuals and organisations involved in bribery, and uniquely makes it a criminal offence for a commercial organisation to fail to prevent bribery by persons associated with it.
This "failure to prevent" offence (Section 7) means your organisation can be prosecuted even if you had no knowledge of the bribery - unless you can prove you had "adequate procedures" in place to prevent it.
Who needs to comply:
- All "commercial organisations" - companies, partnerships, and LLPs
- Organisations incorporated or formed in the UK, OR
- Organisations carrying on business (or part of a business) in the UK, regardless of where they are incorporated
The Act applies to conduct anywhere in the world - if your UK company bribes a foreign official overseas, you can be prosecuted in the UK.
The four bribery offences
The Bribery Act 2010 creates four distinct criminal offences:
Section 1 - Bribing another person:
Offering, promising, or giving a financial or other advantage to induce someone to perform a function improperly, or to reward them for doing so.
Section 2 - Being bribed:
Requesting, agreeing to receive, or accepting a financial or other advantage in return for performing a function improperly.
Section 6 - Bribing a foreign public official:
Offering, promising, or giving a financial or other advantage to a foreign public official with the intention of influencing them in their official capacity to obtain or retain business or a business advantage. There is no need to prove the official actually acted improperly.
Section 7 - Failure of commercial organisations to prevent bribery:
A commercial organisation commits an offence if a person associated with it bribes another person intending to obtain or retain business, or an advantage in the conduct of business, for the organisation. This is a strict liability offence - the organisation is guilty unless it can prove it had adequate procedures in place.
The corporate offence: failure to prevent bribery
Section 7 creates a unique form of corporate criminal liability. Unlike most criminal offences, your organisation can be convicted without any need to prove that senior management knew about or authorised the bribery.
Elements of the offence:
- A person "associated" with your organisation bribes another person
- The bribery was intended to obtain or retain business for your organisation, OR to obtain or retain an advantage in the conduct of business for your organisation
Who is an "associated person":
Anyone who performs services for or on behalf of your organisation, including:
- Employees (presumed to be associated persons)
- Agents
- Subsidiaries
- Joint venture partners
- Consultants and contractors
- Intermediaries and distributors
- Anyone acting in a similar capacity
The capacity in which the person is acting determines whether they are associated - an employee acting in a personal capacity unconnected to work would not be an associated person for that activity.
The "adequate procedures" defence
An organisation charged under Section 7 has a complete defence if it can prove that it had adequate procedures in place designed to prevent persons associated with it from undertaking bribery.
This is the only defence available to a Section 7 charge. The burden of proof is on the organisation - you must prove on the balance of probabilities that your procedures were adequate.
What "adequate" means:
- There is no single model - what is adequate depends on your circumstances
- Procedures must be proportionate to the bribery risks you face
- Small businesses may need only simple procedures; multinational corporations will need more sophisticated systems
- Procedures must be genuinely implemented, not just on paper
- They must be designed to prevent the specific bribery that occurred
Key point: The adequate procedures defence is assessed at the time of the bribery, not retrospectively. You cannot implement procedures after a bribery incident and claim the defence.
The six principles for adequate procedures
The Ministry of Justice guidance sets out six principles that commercial organisations should follow when developing bribery prevention procedures. These are not prescriptive rules - they are flexible, outcome-focused principles that should be applied proportionately to your organisation's bribery risks.
Principle 1: Proportionate procedures
Your anti-bribery procedures should be proportionate to the bribery risks you face, and to the nature, scale, and complexity of your activities.
What this means in practice:
- A small UK-only business with low-risk activities may need only basic policies and training
- A multinational operating in high-risk jurisdictions needs comprehensive compliance programmes
- Procedures should be clear, practical, accessible, and effectively enforced
- One-size-fits-all approaches are unlikely to be adequate
Factors affecting risk:
- Countries where you operate (some have higher corruption levels)
- Sectors you work in (some are higher risk, such as extractives, defence, construction)
- Types of transactions (government contracts, licensing, permits)
- Business partners and intermediaries you use
- Charitable or political contributions you make
Principle 2: Top-level commitment
Senior management must be genuinely committed to preventing bribery and must foster a culture where bribery is never acceptable.
What this means in practice:
- Board-level or senior management responsibility for anti-bribery compliance
- Regular communication from leadership about the organisation's zero-tolerance stance
- Leaders must model ethical behaviour - actions speak louder than policies
- Involvement of senior management in developing and overseeing anti-bribery procedures
- Adequate resources allocated to compliance
- Clear consequences for bribery, consistently applied regardless of seniority
Why this matters: If employees see that management tolerates or turns a blind eye to bribery, or that "rainmakers" are protected, no written policy will be credible.
Principle 3: Risk assessment
You should assess the nature and extent of your exposure to potential external and internal risks of bribery.
What this means in practice:
- Conduct a documented, periodic risk assessment
- Consider both external risks (corruption in countries/sectors) and internal risks (pressure to meet targets, weak controls)
- Identify your highest-risk business activities, relationships, and geographies
- Use the assessment to prioritise resources and tailor procedures
- Review and update the assessment when circumstances change
Common high-risk areas:
- Operations in countries with high corruption (use Transparency International's Corruption Perceptions Index)
- Government contracts and public procurement
- Use of agents, intermediaries, or distributors
- Joint ventures where you have limited control
- Charitable donations, sponsorships, and hospitality
- Facilitation payments (illegal under UK law even if local custom)
Principle 4: Due diligence
You should apply due diligence procedures to persons who perform or will perform services for or on your behalf, in order to mitigate identified bribery risks.
What this means in practice:
- Due diligence should be proportionate and risk-based - more intensive for higher-risk relationships
- Know who you are doing business with and who is acting on your behalf
- Investigate the background and reputation of agents, intermediaries, and business partners
- Understand the commercial rationale for relationships (are fees reasonable for services provided?)
- Conduct enhanced due diligence on high-risk third parties
- Refresh due diligence periodically and when circumstances change
Red flags requiring enhanced scrutiny:
- The third party has a reputation for bribery or is on a debarment list
- Unusual or excessive commission rates
- Payment to jurisdictions different from where services are provided
- The third party was recommended by a government official
- Requests for cash payments or unusual payment arrangements
- The third party is unwilling to agree to anti-bribery terms
Principle 5: Communication and training
Your anti-bribery policies and procedures should be embedded and understood throughout your organisation through communication and training that is proportionate to the risks you face.
What this means in practice:
- Clear written anti-bribery policy communicated to all staff
- Training tailored to different roles and risk levels
- Staff in high-risk roles (sales, procurement, government relations) need more intensive training
- External communication to business partners, suppliers, and agents about your standards
- Anti-bribery terms included in contracts with third parties
- Confidential reporting channels (whistleblowing) for staff to raise concerns
- Regular refresher training and updates
Training should cover:
- What bribery is under UK law
- Red flags to watch for
- The organisation's policies and procedures
- How to report concerns
- Consequences of non-compliance
Principle 6: Monitoring and review
Your procedures should be monitored and reviewed, and improvements made where necessary.
What this means in practice:
- Regular review of anti-bribery policies and procedures
- Internal audit of compliance with procedures
- Monitor high-risk transactions and relationships
- Track and investigate any allegations or concerns
- Learn from incidents and near-misses
- Update procedures in response to changes in business, law, or best practice
- Seek external assurance if appropriate (e.g., for higher-risk businesses)
Indicators of effective monitoring:
- Compliance with financial controls is audited
- Due diligence records are maintained and reviewed
- Training completion is tracked
- Whistleblowing reports are investigated
- Disciplinary action is taken for breaches
- Procedures are updated based on lessons learned
Due diligence on third parties
Third parties - agents, intermediaries, consultants, distributors, joint venture partners - represent one of the highest bribery risks for organisations. Due diligence is critical because your organisation can be liable for their actions under Section 7.
Risk-based approach to third-party due diligence:
Low-risk third parties:
- Established businesses in low-corruption jurisdictions
- Clear, reasonable fees for identifiable services
- No government interaction involved
- Basic checks: company registration, references, standard terms
Medium-risk third parties:
- Operations in medium-corruption jurisdictions
- Some government interaction or public sector work
- Standard due diligence plus: background checks, sanctions screening, anti-bribery representations
High-risk third parties:
- Agents or intermediaries in high-corruption jurisdictions
- Acting on your behalf with government officials
- Large or unusual commission payments
- Enhanced due diligence: in-depth background investigation, beneficial ownership, site visits, ongoing monitoring, robust contractual protections, audit rights
Contract terms for third parties:
- Anti-bribery warranties and representations
- Obligation to comply with applicable anti-corruption laws
- Right to audit and access records
- Termination rights for breach
- Flow-down provisions to their subcontractors
Penalties for bribery offences
The penalties for Bribery Act offences are severe, reflecting the serious harm corruption causes to business, society, and development.
Individuals (Sections 1, 2, and 6 offences):
- On indictment: Up to 10 years' imprisonment and/or an unlimited fine
- Summary conviction: Up to 12 months' imprisonment and/or a fine up to the statutory maximum
Organisations (Sections 1, 2, 6 offences):
- On indictment: Unlimited fine
- Summary conviction: Fine up to the statutory maximum
Organisations (Section 7 - failure to prevent):
- On indictment: Unlimited fine
Additional consequences:
- Confiscation of proceeds of crime
- Deferred prosecution agreements (DPAs) - financial penalty, compliance monitoring, and undertakings to avoid prosecution
- Debarment from public contracts (mandatory in some cases)
- Reputational damage
- Directors may face personal liability if the offence was committed with their consent or connivance
Deferred prosecution agreements
Since 2014, the Serious Fraud Office (SFO) can offer deferred prosecution agreements (DPAs) to organisations for economic crimes including bribery. Under a DPA, prosecution is suspended in exchange for the organisation:
- Paying a financial penalty
- Disgorgement of profits
- Compensation to victims
- Implementing or improving compliance programmes
- Cooperating with ongoing investigations
- Being subject to monitoring
DPAs must be approved by a Crown Court judge as being in the interests of justice and fair, reasonable, and proportionate.
Benefits of DPAs:
- Avoid criminal conviction (which could trigger debarment from contracts)
- Certainty and resolution of the matter
- Credit for self-reporting and cooperation
Key point: Early self-reporting and genuine cooperation significantly increase the likelihood of being offered a DPA rather than facing prosecution.
What to do if bribery is discovered
If you discover or suspect bribery in your organisation, how you respond can affect both the legal outcome and whether a DPA may be available.
Immediate steps:
- Preserve evidence: Secure documents, emails, and financial records. Do not destroy or alter anything.
- Take legal advice: Engage external legal counsel experienced in bribery investigations immediately.
- Consider self-reporting: Voluntary disclosure to the SFO is a significant factor in their decision on how to proceed. Delaying can undermine the benefits of self-reporting.
- Investigate internally: Conduct an investigation to understand what happened, led by counsel to preserve legal privilege where appropriate.
- Take remedial action: Address control weaknesses, consider disciplinary action against those involved, and enhance compliance procedures.
Self-reporting considerations:
- The SFO encourages self-reporting and will give credit for it
- Self-reporting increases the chance of a DPA rather than prosecution
- However, there is no guarantee - the SFO retains discretion
- Take legal advice before self-reporting on strategy and timing
-
Conduct a bribery risk assessment
Document your organisation's exposure to bribery risk by geography, sector, transaction type, and business relationships. Identify high-risk areas requiring enhanced controls.
-
Secure top-level commitment
Ensure the board or senior management formally endorses a zero-tolerance approach to bribery. Appoint a senior individual responsible for anti-bribery compliance.
-
Develop an anti-bribery policy
Create a clear policy prohibiting bribery, facilitation payments, and improper hospitality. Include guidance on gifts, hospitality, and donations. Ensure the policy is proportionate to your risks.
-
Implement due diligence procedures
Establish risk-based due diligence for third parties including agents, intermediaries, and business partners. Require anti-bribery terms in contracts and apply enhanced scrutiny to high-risk relationships.
-
Train your staff
Provide anti-bribery training to all staff, with enhanced training for those in high-risk roles. Cover what bribery is, red flags, your policies, and how to report concerns.
-
Establish confidential reporting channels
Create a whistleblowing procedure for staff to report bribery concerns confidentially. Ensure reports are investigated and that staff are protected from retaliation.
-
Monitor and review your procedures
Regularly audit compliance with your anti-bribery procedures. Review and update policies in response to changes in your business, new risks, or lessons from incidents.