Summary

As part of a new anti-corruption package announced on 3 May 2023, the European Commission has proposed a new directive (Directive) which, if implemented, would require EU member states (Member States) to meet common standards in their anti-corruption legislation.

More detail on the EU’s anti-corruption package, including the proposed new rules, an overview of the EU anti-corruption framework and expected next steps is set out here. The average timeline for a directive to become EU Law from Commission proposal stage (if adopted) is eighteen months. If the proposal is adopted, Member States would then have a further eighteen months to transpose the Directive into national law (i.e. until roughly 2026). The proposed Directive could significantly increase the risk for many companies of prosecution for anti-bribery and corruption (ABC) offences, and further increase scrutiny of ABC compliance programmes.

The Directive will require companies with operations in / a nexus to Member States to ensure their ABC compliance programmes meet the new standards (the implementation of which may vary between different jurisdictions). Given the practical challenges of identifying which legislation may apply, particularly for multi-national companies, it is likely that companies may need to adopt the ‘high-water mark’ approach. In practice, this may mean ensuring compliance with the most stringent aspects not only of laws implementing the new Directive, but also other applicable laws and associated guidance, for example the US Foreign Corrupt Practices Act 1977 (FCPA), UK Bribery Act 2010 (UKBA) and the French Criminal Code as well as the law n°2016-1691 (the Sapin II law). For example, companies with multi-national operations may need to consider guidance issued by UK and US authorities in relation to compliance programmes, and may need to consider putting in place policies and procedures to protect against improper payments made by ‘associated persons’ (for example, agents, service providers or intermediaries) as whilst these might not be caught by the Directive, they may be considered an offence under other applicable laws. Comparisons between the Directive and these legislative frameworks are set out below.

Aside from keeping a watching brief, companies should consider their EU operations (and any other operations likely to be subject to the Directive) and consider the strength of their ABC compliance programme in those jurisdictions (and whether any enhancements are likely to be required, including training of senior managers who may trigger liability under the Directive).

Key elements of the Proposed Directive: how does this compare with the UKBA, FCPA and the Sapin II law?  

The Directive aims to introduce a number of measures across Member States, including a number of new offences[1] and minimum penalties. We have summarised below a comparison of the Directive with the UKBA, FCPA and the French Criminal Code and Sapin II law.

 Proposed DirectiveUKUSFrance  
Active vs. passive briberyThe Directive criminalises both ‘passive’ and ‘active’ bribery (i.e. both the promising, offering and giving of a bribe – active bribery – and the request or receipt of a bribe – passive bribery).This is aligned with the UKBA, in which both active and passive bribery are offences.This goes further than the FCPA, which only prohibits offers, promises, authorisations of, or the payment of a bribe (active bribery).  This is aligned with the French Criminal Code, in which both active and passive bribery are offences.
Private vs. public sector briberyBoth public and private bribery are proposed offences under the Directive.   Public officials are defined broadly, to include not only EU officials, but also those working in international organisations (including the institutions of the European Union), and national and international courts.  This is aligned with the UKBA, in which public and private bribery are both offences.   Foreign public officials are even more widely defined than in the Directive and include individuals who (i) hold any legislative, administrative or judicial position of any kind in any country; (ii) exercise a public function for a foreign country or for the country’s public agencies / enterprises; or (iii) are officials or agents of public international organisations.  The FCPA only prohibits bribery of government officials / public bribery, although there are other federal and state laws that prohibit commercial / private bribery.   Foreign Official is broadly defined in the FCPA and includes officers or employees of: (i) any non-US government, whether national, state, provincial, or local; (ii) any department, instrumentality, or agency of a non-US government; (iii) any state-owned or controlled company; (iv) any non-US political party; and (v) any public international organisation (e.g., the World Bank), as well as any candidate for non-US political office.  The FCPA would apply to these individuals regardless of rank or title.This is aligned with the French Criminal Code, in which public and private bribery are both offences.

Public officials are also defined broadly in France and include persons (i) in a position of public authority (officials, civil servants, prefects…); (ii) “entrusted with a public service mission” (which could include being a director of a hospital or the chairman of a college) or (iii) invested with a public elective mandate (including local and national elected officials), in France, a foreign State, or within a public international organisation.    
Corporate liabilityA company can be held liable for offences committed for its benefit where the offence is committed by a person with a “leading position” (someone with a power of representation, the authority to take decisions on behalf of the company or the authority to exercise control within the company).                            In the UK, this is similar to the concept of the “directing mind and will” of the company. However, this concept is likely to be broadened in coming months as proposals have recently been tabled for this to also include “senior managers” more generally, so as not to limit the “directing mind and will” only to the most senior executives.   However, the Directive does not go as far as the UKBA, which has a corporate ‘failure to prevent’ bribery offence, in which a company can be liable for failing to prevent bribery by employees and other associated persons (which is defined very broadly to include third party service providers and subsidiaries). This applies even where the company had no knowledge of any improper payment being made.     Corporations can similarly be held liable for improper payments made by third parties to government officials, where: (i) these are made to direct, obtain or retain a business advantage for the company; and (ii) the company knew or was wilfully blind to the corrupt conduct. Wilful blindness is not limited to top level management but applies to any employee (for example where an employee fails to conduct sufficient due diligence on a third party or, having conducted due diligence and found red flags, proceeds to engage that third party).     Like the UKBA, the FCPA goes further than the Directive in that companies are liable for the acts of their agents, including employees acting within the scope of their employment and who intended at least in part to benefit the corporate entity.  In France, a company can similarly be held liable for offences committed on its behalf by its agents. This also includes situations where a company indirectly commits the offence through an intermediary. However, in such cases, companies would be held liable only where they have the intent to commit the offence (through their agents).
Deferred Prosecution Agreements (DPAs)The Directive does not include a requirement for Member States to introduce a concept similar to DPAs.In the UK, companies can enter into DPAs for bribery offences, as well as for other economic crimes.  Under a DPA, prosecutors and the company in question can reach an agreement suspending the prosecution for a specified period.  Companies will generally agree to a number of terms when entering into the DPA, which may include by way of example: payment of a fine, payment of compensation and cooperation with the prosecution of individuals.   In the United States, a company can resolve an FCPA case through a DPA.  Under a DPA, a company will enter into an agreement with the DOJ that allows the company to avoid a criminal conviction in exchange for satisfying a period of supervision.   DPAs can result in the payment of criminal penalties, the imposition of a corporate monitor and requirements to take certain other remedial actions.In France, legal persons can enter into a public interest judicial agreement (“Convention judiciaire d’intérêt public”) for bribery offences.   In such cases, the company avoids a declaration of guilt but generally agrees to pay a fine and implement a compliance programme monitored by the French Anticorruption Agency (AFA).    
Effective internal controls, ethics awareness and compliance programmesThe Directive mandates that effectiveinternal controls, ethics awareness, and compliance programmes” aimed at preventing corruption will be considered a mitigating factor where an offence has been committed by a corporate, though not a defence.There is a similar concept in the UK of ‘adequate procedures’ (albeit that this can be a defence to a failure to prevent offence, rather than just a mitigating factor).   Firms regulated by the FCA are also required to put in place financial crime systems and controls.    While a compliance programme is not a defence to an FCPA violation, the DOJ is required to consider the adequacy and effectiveness of compliance programmes, both at the time of the offence and at the time of the charging decision, in deciding whether to bring an indictment and again when resolving the case.The Sapin II law goes further than the Directive by imposing a separate obligation to implement a compliance programme for companies, or groups of companies, with (i) more than 500 employees; and (ii) an annual turnover of €100 million Senior individuals can be fined up to €200,000 and companies can be fined up to €1 million for not putting in place a compliance programme, even in the absence of any bribery offence.    However, the implementation of a compliance programme is not considered a mitigating factor in criminal proceedings, and so the Directive would therefore require amendments to French legislation which have been long-anticipated.    
JurisdictionThe Directive gives jurisdiction to a Member State over bribery offences which are committed: (i) in whole or in part in the territories of that Member State; (ii) by its national or someone ordinarily resident in its territory; or (iii) for the benefit of a company established in the Member State’s territory.This position is similar to the UKBA, in which jurisdiction extends to: (i) offences committed in the UK; or (ii) offences committed outside the UK where the person committing them has a close connection with the UK by virtue of being a British national / resident, or a company incorporated in the UK.   Jurisdiction for the corporate failure to prevent offence extends to companies which carry on a business in the UK, even if the bribe was paid by an ‘associated person’ (e.g. a service provider or intermediary), anywhere in the world.     The FCPA applies to any companies that are listed on a US stock exchange or who are required to file periodic reports with the US Securities Exchange Commission (“issuers”).  It also applies to any individuals who are citizens, nationals or residents of the US or entities organised under the laws of the US (“domestic concerns”).  For issuers and domestic concerns, the FCPA anti-bribery provisions will apply to their conduct no matter where they are worldwide.

The FCPA anti-bribery provisions also apply to non-US nationals and entities that are not issuers or domestic concerns that, either directly or indirectly, engage in any act in furtherance of a corrupt payment while within the territory of the US (e.g. use of interstate wires for emails that were routed through servers in the US or for payments through US banks).
In France, jurisdiction also extends broadly to bribery offences which are: (i) committed in whole or in part in France; (ii) committed outside France by a French national or a person who habitually resides or carries out all or part of his or her economic activity on French territory; and / or (iii) committed outside French territory where acts of complicity or concealment took place in France.

[1] The Directive also introduces further offences, including misappropriation (article 9), trading in influence (article 10), abuse of function (article 11), obstruction of justice (article 12) and enrichment from corruption offences (article 13).