The UK law reform initiated by the Bribery Act 2010 created new criminal offences, with both individuals and employers potentially liable for a breach. The same year, the US Securities and Exchange Commission (SEC) enacted the Dodd-Frank Wall Street Reform and Protection Act. The US Act included a whistleblower incentive programme, encouraging employees to submit tips related to violations of the law. These submissions have risen 20% in the last two years alone. Globally, antibribery and whistleblower guidelines have been merging steadily as the main principles are acknowledged across borders.

Firms need to take a look at the different types of bribery they could be exposed to. In the financial services industry, most firms have carried out risk-based assessments to address the compliance needs of their local regulators. These assessments should be revisited and extended as regulations and associated case-law take effect.

It can be important to draw up a policy document that reflects how the company will manage bribery and other corruption risks. The document should be a living one and subject to regular review. All staff should be aware of the document and have access to it. Additionally, like all risk framework-related activities, longer-term success will also only really be achieved with board-level sponsorship and an effort to embed awareness from the top down, inspiring the company culture.

Companies that fail to ensure the provision of adequate compliance procedures for staff risk liability for the action of any employee. It is also worth noting that the principles within Dodd-Frank are growing in international significance and apply universally to organisations beyond US corporations to their foreign subsidiaries and to overseas operators listed in the US or with subsidiaries subject to US securities regulations.

In its 2014 annual report, the SEC reveals the growing traction of the law. In total, 14 whistleblower awards have been made since the law’s enactment almost five years ago. Nine of those were in 2014. Each whistleblower provided “original information that led or significantly contributed to a successful enforcement action”. The US has also overseen an increase in monetary reward for information, with one tip even paying the whistleblower US$30 million, though this is exceptional. In contrast, UK law does not tend to offer provision for financial reward except in the case of information leading to the uncovering of cartel activity – this, by its nature, thought to be so secretive as to be almost impossible to detect without inside information.

Despite the legal foundations of compliance, companies still have a duty to implement their own internal policies as a priority requirement. Each should encourage potential whistleblowers or anyone with concerns about activity within or in relation to the company to present the information first and foremost to the company reporting channels set up specifically within the compliance programme to escalate the anomaly for further investigation.

Crucially, the company is obliged to act on this information so that the individual does not seek recourse to external enforcement action. The penalties for failure to do this are severe. The SEC notes that 80% of whistleblowers who turned to it for help last year had tried at first to report concerns to their company but been ignored.

As a result of the SEC’s continued efforts to issue rewards, enforce anti-retaliation provisions and protect whistleblower confidentiality, it says it received 3,620 tips in 2014, a more than 20% increase in two years. Faith in the scheme is becoming stronger as the SEC shows it means business, to both whistleblower and criminal. Companies should do at least as much to take control internally before the SEC becomes involved.

UK whistleblowers acting in the UK are protected by two pieces of legislation: the Public Interest Disclosure Act 1998 (PIDA) and the Employee Rights Act 1996. PIDA protects workers who make a “qualifying disclosure”, that is, one where “reasonable belief” can be shown that one of the following has occurred: a criminal offence; failure to comply with a legal obligation; a miscarriage of justice; a danger to health and safety; damage to the environment; or deliberate concealment of any of the above. The UK model is similar to programmes seen in Australia, New Zealand and Canada.

UK legislation does not require an employer to establish formal whistleblowing procedures. However, as employees who make a qualifying disclosure are automatically protected under PIDA, many employers choose to implement an internal structure and to limit the protection offered to their employees to the same degree established under PIDA.

Further advantages to an internal programme include the fact it acts as a deterrent to engage in improper conduct, it shows that an employer is serious about identifying and remedying criminal activity, it can limit damage by encouraging the earlier detection of wrongdoing and, if employees have access to an internal procedure, they are generally less likely to go to the authorities – who will conduct investigations under their own terms.

A whistleblowing procedure is seen as fundamental to the so-called “adequate procedures” that companies must have in place if they want to avoid prosecution under the Bribery Act. For more detailed information, the British Standards Institution’s Whistleblowing Arrangements Code of Practice is a key piece of general guidance.