The recently introduced section 34A of the Prevention and Combating of Corrupt Activities Act 12 of 2004 (PRECCA), which came into effect on 3 April 2024, creates a new broadly framed offence where members of the private sector or incorporated state-owned entities (SOEs) can be held liable for corrupt activities perpetrated by others in certain circumstances.
Section 34A(1) provides that any member of, for example, a company within the private sector or an incorporated SOE is guilty of an offence, if a person associated with that member gives or agrees or offers to give any gratification prohibited in terms of Chapter 2 of PRECCA (prohibited gratification) to another person, with the intention of obtaining or retaining either business or an advantage in the conduct of business for that private sector company or incorporated SOE. Chapter 2 of PRECCA sets out various offences that are categorised as ‘corrupt activities’.
However, section 34A(1) is qualified, so that no offence is committed, where that company within the private sector or incorporated SOE had in place adequate procedures designed to prevent persons associated with that company or incorporated SOE from giving, agreeing, or offering to give any prohibited gratification. What constitutes ‘adequate procedures’ is not defined in PRECCA.
It is widely accepted that Section 34A is based on section 7 of the United Kingdom’s Bribery Act 2010 (UK Bribery Act), which creates an offence where commercial organisations fail to prevent bribery. The UK Bribery Act is considered a key piece of legislation that has influenced anti-bribery and corruption (ABC) law globally. Its ‘six principles’ for ‘bribery prevention’ will probably influence the interpretation of what ‘adequate procedures’ means, in the South African courts.
However, another powerful and influential piece of ABC legislation is the United States’ (US) Foreign Corrupt Practices Act of 1977 (FCPA), which whilst broad in scope applies primarily to instances of bribery and corruption of foreign (state) officials, in order to obtain an advantage. Importantly, subsidiaries of US-held companies are subject to the FCPA – including those subsidiaries that are based in South Africa.
The FCPA does not expressly make provision for an offence of ‘failing to prevent bribery’, as the entities responsible for enforcing the FCPA – the US Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC) – recognise that ‘a company’s failure to prevent every single violation does not necessarily mean that a particular company’s compliance program was not generally effective […] and they do not hold companies to a standard of perfection’.
Rather, when deciding whether to conduct an investigation or bring charges and/or render fines or accept self-reporting of corrupt and unethical business practices, and therefore reduce the fines levied, in terms of the FCPA, the DOJ and SEC will consider, inter alia, the adequacy and effectiveness of a company’s internal organisational safeguards and compliance procedures and programme/s at the time that the alleged violation of the FCPA is committed.
There are examples of criminal investigations that have resulted in substantial fines being imposed on US companies due to insufficient internal organisation to prevent bribery of foreign public officials leading to the payment of bribes abroad to secure contracts.
The establishment and extent of internal organisational structures are factors considered when determining whether to reduce fines and the remedial steps that are required to be implemented by an offending company, including whether to appoint a monitor to oversee the introduction of these internal organisational safeguards (compliance programmes).
Other important considerations may include, inter alia, the nature and seriousness of the offence, the pervasiveness of wrongdoing within the company, the company’s history of similar misconduct, and whether the company has self-reported, cooperated, and taken appropriate remedial action.
It should be noted that the DOJ and SEC may choose not to pursue charges against a company for violating the FCPA where the company in question has an effective compliance programme and may even ‘reward a company for its program, even when that program did not prevent the particular underlying FCPA violation that gave rise to the investigation’.
The DOJ and SEC apply a pragmatic, common-sense approach when considering compliance programmes, involving the following three broad questions:
- Is the compliance programme well designed?
- Is the compliance programme adequately resourced to function effectively?
- Does the compliance programme work in practice?
Compliance programmes that merely employ a ‘tick-box’ approach will likely be ineffective and companies should consider the specific needs, challenges, and risks associated with their businesses when creating a compliance programme.
The DOJ and SEC have identified the following ‘hallmarks of effective compliance programs’. However, those responsible for compliance should carefully consider what their specific business would require from a compliance programme to effectively prevent, detect, and remedy violations of the FPCA. This would include:
- Commitment by senior management to a culture of compliance, which is reinforced and implemented at all levels of the business and is accompanied by a clearly articulated policy against corruption.
- An effective code of conduct that is clear, concise, and accessible to all employees and other parties associated with the company, as well as policies and procedures designed to mitigate risks associated with the business.
- Oversight and implementation of the compliance programme by the senior executive/s of the company who should be sufficiently autonomous from management and should have the necessary resources to effectively implement the programme in the organisation.
- A comprehensive, risk-based compliance programme that is tailored to address the specific risks associated with the company’s business, is adequately resourced, and is implemented in good faith.
- Steps taken to ensure that relevant policies and procedures are effectively communicated throughout the company through periodic training, certification, and/or ongoing advice and guidance in respect of the compliance programme.
- Clear and appropriate disciplinary procedures that are applied across the company on a prompt, reliable, fair, and consistent basis. Positive incentives may also facilitate greater compliance and the SEC has encouraged companies to reward ‘doing the right thing’.
- Risk-based due diligence in respect of third parties associated with the company – considering the third party’s qualifications and associations and the business rationale for the third party’s inclusion in the transaction – and ongoing monitoring of relationships with third parties.
In conclusion, a company in the private sector that complies with section 34A of PRECCA, by adopting adequate procedures to prevent persons associated with that company from conducting corrupt activities, will probably find that it employs the same kind of or similar compliance practices recognised by the FCPA, as the ‘adequate procedures’ to prevent corruption.
Of crucial importance is that South African subsidiaries of US-held corporations, or any corporation that falls within the FCPA definition of such, ensure that when their ‘adequate procedures’ are implemented, they similarly consider and comply with the provisions of FCPA. If there is any doubt as to the application of the FCPA, the adoption of these procedures can only stand a corporation in good stead.