A pound doesn’t go as far as it used to and time seems to pass ever more quickly. Both statements have some substance to them but neither provides a good excuse in the witness box.

Inadequate investment in compliance is now the single biggest threat to a company’s bottom line and is the key risk that no board member can afford to ignore. According to a recent survey, barely a quarter of compliance officers feel that they have sufficient resources to do their job.

Even a few months ago, concerns about the burden and cost of compliance still featured as a common complaint in boardroom discussions, combined with a robust cynicism as to whether the compliance function was simply a drag on progress and profit. In a few short months since then, a number of developments have signalled that the government’s agenda is set firmly at increased levels of corporate compliance. This, no doubt, is an attempt to minimise fraud and corruption, increase tax revenues and to shift the burden of policing illegal conduct firmly into the boardroom.

Increased enforcement

As a result, the conversation in many boardrooms has begun to change in both content and tone as a grim realisation dawns that time is up and the threat of increased enforcement is real.

The Bribery Act, introduced more than five years ago, was the first major step in criminalising companies that failed to prevent bribery, anywhere in the world, by their “associated persons”—essentially, anyone who provided services on the company’s behalf: employees, agents, intermediaries, subsidiaries, subcontractors, etc.

Earlier this year, the attorney general referred to the government’s intention to issue consultation about extending the provisions of the Bribery Act, to include the much more expansive corporate offence of failing to prevent “economic crime”. The expression is likely to be defined broadly to include matters such as fraud, theft, forgery, false accounting, destroying company documents and money laundering. This will represent a huge increase in corporate criminal liability.

Failure to prevent

As if that weren’t enough, new legislation will be introduced next year which will make it a criminal offence for a company to fail to prevent the “facilitation of tax evasion”, anywhere in the world, by an associated person.

As with the Bribery Act, the law will apply to any company that is incorporated in, or which conducts business—or part of a business—in the UK (e.g. via sales operations, a subsidiary or even simply by virtue of a listing on the London Stock Exchange). However, the new tax offence will also apply to an overseas company that has no connection to the UK if a person associated with it assists a UK person or company to evade tax (including foreign tax) anywhere in the world.

The Bribery Act, its proposed extension to include “economic crime” and the new tax offence (to be implemented in the second half of next year) all point to a clear strategy of introducing corporate criminal liability via the back door. Why via the back door? Well, in the UK, criminal liability for companies only really exists where a prosecutor can prove that a crime was committed by the “guiding mind” of the company—essentially, the board, or individual members with significant control over the affairs of the company.

However, prosecutors have traditionally found this difficult to achieve. Indeed, the Serious Fraud Office (SFO) has repeatedly noted how frustrating, and intriguing, it is that incriminating emails and other evidence always seem to stop short of the boardroom. To make prosecutions against companies easier, the concept of a failure to prevent crime has been made a crime in itself.

Tone from the top

As a result, more than ever before, the concept of good corporate compliance both starts, and ends, in the boardroom. The requirement for active “board-level engagement” (or “tone from the top”, as the Americans like to call it) is expressly referenced in formal government guidance.

Prosecutors and regulators know all too well how the threat of a corporate prosecution will focus minds at the top, regardless of whether an individual board member can also be prosecuted. They know what profound effects the mere announcement of a criminal investigation can have on a company and its bankers, creditors, customers, staff and other stakeholders. The recent unsuccessful attempt by Soma Oil & Gas to force the SFO to terminate an investigation that it considered to be groundless shows how the law is stacked against a company, once the SFO has received a credible complaint and an investigation is commenced.

Such complaints can be made by anyone—from overseas, by a competitor, from within the company by a whistleblower or a disgruntled employee. There may or may not be any substance to the complaint but the immediate impact is still the same: potentially disastrous.

Broader agenda

Other proposals in relation to tax compliance indicate that preserving and increasing tax revenues is an item firmly on the government’s agenda, but recent developments in relation to economic crime, health and safety, environmental damage and financial regulatory compliance suggest a far broader agenda. It would be a mistake to think that Brexit will encourage the UK government to adopt a softer stance. To the contrary, it is likely that the authorities will come down hard on any company that tries to undercut good ethical conduct, whether in the UK or overseas.

Some might speculate that this is part of a wider geopolitical initiative to make life difficult for corrupt companies and jurisdictions overseas, but the risk closer to home should not be ignored. Corporate ethics and good governance are not just buzzwords. Even the myopic can’t fail to note that a number of significant global initiatives have been specifically designed to achieve a more level playing field.

In many instances, there is no need for undue concern, and certainly not panic. As with the Bribery Act, it is expected that a defence of having “adequate procedures” in place to prevent “economic crime” will be available; and a defence of having “reasonable procedures” in place to prevent the facilitation of tax evasion has already been included in the draft legislation. In essence, this means that a company should focus on six key compliance principles: a proper risk assessment, procedures that are proportionate to the risks identified, board-level engagement, training and communication, due diligence in relation to third parties, and periodic monitoring and review.

A risk assessment should be robust and its development assisted by research and opinion sought from those positioned throughout the company. This requires open and frank discussion, which may be encouraged if it can be facilitated in a legally privileged environment for the purposes of providing the company with a legal assessment.

The advice will then need to be carefully considered when preparing the formal risk-assessment document. This document will need to be thoughtfully drafted, because the assumption is that it will be subject to disclosure in the event of a regulatory enquiry.

A proper risk assessment will identify key risks and issues and should be accurate and complete if it is to fulfil its purpose of highlighting deficiencies (and perhaps satisfying a regulator—or jury—that a company has discharged its obligations). However, it would be a mistake if the risk assessment were carelessly drafted or served simply as a “road map” to the greatest areas of toxicity in a business.

Sound investment

The current value of the pound may be good for exports but essentially the cost of compliance is increasing in real terms, as is the amount of time to be devoted to meeting ever-increasing standards.

However, done properly and proportionately, the exercise need not be unduly burdensome. Indeed, it is likely to represent a sound investment that will pay dividends on many levels. In the words of one distinguished judge, Lord Woolf: “Those at the leading edge will gain competitive advantage, in part from their high reputation.”

As the compulsion from regulators, investors and the public to demonstrate proper business ethics and integrity continues to climb, the pressure to throw money at the problem will increase. Beware the charlatans who seek to sell you expensive solutions to problems that your company does not have. A proper risk assessment and a tailored and proportionate set of policies and procedures is, in essence, all that is required—plus, of course, appropriate board-level engagement and a corporate culture to match.

The task need not be daunting. Target your time and resources carefully and the witness box will be an unlikely prospect.

Simon Airey is a partner, and Joshua Domb an associate, of global law firm DLA Piper in London.

This article has been prepared in collaboration with DLA Piper, a supporter of Board Agenda.