Anti-Bribery for Sales · Module 1 of 2
Friday night dinner at Quay. Three days from a $4.2M renewal, your client slides an envelope across the table.
Senior Account Director, Meridian Australia
Twelve years at Meridian. AUD $18M brought in last year, more than anyone else in BD. The Caleendar Energy account is yours. The renewal is Tuesday.
Meridian Australia. Sydney CBD HQ. 280 to 600 staff in four years on the back of east-coast infrastructure and energy work. That growth is what brought ASIC and AFP attention onto the company's hospitality controls.
The Gifts & Hospitality Policy: pre-approval is required above $500. During an active tender or renewal, the threshold drops to $250. Compliance signs off, not BD.
Your CFO is Sasha O'Brien. Compliance is Lila Tran. The customer tonight is Greg Donoghue, Procurement Director at Caleendar Energy, a Western Sydney mid-cap utility. Eighteen years at Caleendar. Twelve years buying from you.
A branching scenario. The choices you make shape how the night ends, how the deal closes, and whether your name stays clear of NSW s.249B.
Tip: Highlighted text like ISO 37001 is clickable. Tap to read the underlying standard in full.
Dessert arrives. Greg has just signalled the sommelier for a third bottle. He sets a stiff white envelope on the tablecloth between the candles and slides it across with two fingers.
Cooper, listen. We've got a corporate suite for State of Origin Game 3 next Wednesday night. Suncorp. Take Hannah, make a thing of it.
Renewal's a formality, by the way. Tuesday is housekeeping. Procurement aren't going to muck around with twelve years of clean delivery.
He doesn't open the envelope. He doesn't need to. The Caleendar logo on the corner says enough. Two corporate-suite seats for Origin Game 3 are not $200 of hospitality.
Tickets are still in the envelope. Hannah is asking what you'd like for breakfast. You open the policy on your phone.
| Detail | Value |
|---|---|
| Item | Two corporate-suite seats, State of Origin Game 3 (NSW v QLD), Suncorp Stadium |
| Date offered | Friday 4 July (last night) |
| From | Greg Donoghue, Procurement Director, Caleendar Energy |
| Estimated face value | ~$2,500 per seat |
| Total estimated value | $5,000 |
| Caleendar renewal decision | Tuesday, 8 July · 3 working days away |
| Pre-approval obtained? | No |
| Register entry? | None yet |
| Policy threshold (active renewal) | $250 · offer is 20× over |
Twenty times over the threshold. Three days before the decision goes through procurement. No pre-approval. The fact you didn't accept on the spot is the only thing keeping this clean.
Your phone buzzes. Lila Tran in compliance: "Cooper, Greg's EA called my line at half eight. Mentioned 'Origin tickets for Wednesday'. Find me Monday first thing."
Saturday morning. Tickets on the counter. Renewal is Tuesday. Lila already knows. The next move is yours.
Decline in writing today. Log offered-not-accepted. Brief Lila by email.
Return the tickets to Caleendar reception Monday. Log as offered, declined. Under NSW s.249B timing is the load-bearing fact, and you've broken the link.
Sit on it. Take the tickets to Lila Monday for a retrospective pre-clear.
Don't go to the game. Walk into Lila's office Monday and ask her to pre-clear it after the fact. Defensible if she agrees, but you've held the offer over the weekend with no paper trail.
Take Hannah. Go to Origin. Sort the paperwork Monday.
Twelve years of clean delivery. Greg is a mate. Log it Monday and get on with the renewal.
Read your email at 11pm Saturday. Walked in expecting a problem. Got an audit trail instead.
Dropped them at Caleendar reception at 8am. Note said "can't take it during a renewal window".
Warm. Clean. Documented. If they pull the renewal because you didn't take $5,000 of footy, it was never about delivery.
The NSW s.249B test asks whether the benefit was a corrupt reward for acting in a principal's affairs. By declining in writing within hours and logging the offer as offered-not-accepted, you've broken the link before it could form. Under ISO 37001 Clause 4, the response is proportionate to value ($5,000) and timing (three days from a $4.2M decision).
Greg gave me these Friday. Didn't accept, didn't decline. Need a retrospective pre-clear so we can return them today.
Pre-clear exists so I can answer before you take the offer home. You held it for two nights.
I didn't go.
Good. Return them today, log as declined. We need to think about how this looked from the outside.
Pre-clear has to happen before the benefit is held. Under ISO 37001 Clause 9 the procedure only counts if it operates as designed. Under AS 8001 + AFP guidance, value and timing are the strongest indicators of corrupt purpose. Holding $5,000 through the renewal weekend put you on the timing axis whether you went or not.
You went.
Took Hannah. I'll log it this morning. The law doesn't prohibit reasonable hospitality.
NSW s.249B prohibits a corrupt reward. AFP and ASIC look at value and timing. $5,000 three days before a $4.2M decision. That's both flags.
Three weeks later, Caleendar's internal audit asks for last year's supplier hospitality. Your seat numbers are on it. Your register entry, made the morning after, isn't.
NSW s.249B makes it an offence to receive a benefit on account of acting in a principal's affairs. AS 8001 + AFP guidance treats value and timing as the strongest indicators of corrupt purpose. Logging only after the game creates the paper trail an investigator would build the case from. Meridian's ISO 37001 position is harder to defend when the salesperson closest to the customer ignored the threshold.
Lila opens the gifts register on her screen and turns it toward you.
October 5th. Accor Stadium. NRL Grand Final. Two corporate-box seats hosted by Caleendar. Estimated value $1,800. Attendees: Cooper Banks and Mark Stelovich from your bid team. Logged after the fact by your line manager as a "client relationship event". Never pre-approved by compliance.
Two events. Same client. Same procurement contact at Caleendar. Combined value $6,800. The renewal cycle was already open in October, you just hadn't focused on it.
Sasha has texted you twice this morning: "Don't make this bigger than it is. The contract is signed. Move on."
Wednesday, 6:12 PM. Greg calls your mobile. He's relaxed, friendly, no preamble. Wants to book a thank-you dinner at Quay for the Thursday after next. Pick your next line.
Greg, generous as always. Let's park dinner until after Q1 board, mid-February. Anything inside this quarter still feels too close to the renewal review.
Greg, sounds great. Anything between us over $250 still goes through Lila this year, even outside renewal weeks. If you book it I'll need her sign-off, and she'll probably suggest a working lunch on the books. Same evening, different ledger.
Greg, put it on Caleendar's account rather than yours personally. That way it sits in your supplier-relations budget, not as a name-on-a-line. We're both covered.
Greg, why don't I host you instead? Quay, my shout this time, Meridian's account. Twelve years, you've earned a return.
Log the Origin offer in your own words. Every field matters. A wrong value here means the entry doesn't trigger the compliance flag it should, or a defensible event gets escalated unnecessarily. Be specific. Lila will read this in five minutes.
Sasha pulls you in Tuesday afternoon. "$6,800 over two events with the same procurement contact, in a year we just renewed. Going to the board turns a clean win into a problem. I'm not asking you to bury it. I'm asking you to be commercially proportionate."
Follow the policy. Notify the board.
Policy says board notification above $500 during an active renewal. $6,800 isn't borderline. Write the note jointly with Finance.
Propose a documented compromise.
No board notification. Written disclosure to Caleendar's compliance team, both events flagged in Lila's quarterly memo, signed undertaking that future hospitality goes through pre-clear. Sasha signs the same.
Defer to Sasha. She's the CFO.
Sasha has the board context. Renewal is signed. Going around her on $6,800 damages the relationship you need for the next bid.
For the record, I think this is heavier than it needs to be. But the policy says board notification.
I'm flagging the pattern, not the renewal. I want it on record so next time someone's in my chair, they know the line.
The non-execs take the disclosure cleanly. A former Crown prosecutor on the board says afterwards she's never seen a salesperson volunteer this kind of pattern unprompted.
An ISO 37001 programme asks whether procedures are followed in practice. Taking the pattern to the board turns a paper procedure into a documented one. Clause 9 calls this performance evaluation: the salesperson who flags the pattern is the strongest evidence the procedure is real.
No board notification this time. But three things on the record. I write to Greg's compliance counterpart at Caleendar disclosing both events. Lila flags both in this quarter's compliance memo. You and I both sign a note saying any future Caleendar hospitality goes through pre-clear before I accept.
That works.
One more. If anything close to this happens with any other client this year, it goes to the board automatically. I want that commitment in writing.
Fine. Draft it.
ISO 37001 Clause 4 requires procedures proportionate to the risk. Your compromise creates a paper trail and a tripwire for next time, which is real. But you've also documented a case in which the company's own $500 board-notification threshold was negotiated down to a personal undertaking, and a future auditor will ask what the threshold actually is. The signed undertaking is doing the work the policy was supposed to do.
Look, you're the CFO. The renewal is signed, the entries are in the register, Lila knows. I don't think we need to take it further.
Sensible. Sometimes proportionate means knowing when not to turn a clean week into a four-week board cycle.
The board never hears that $6,800 of hospitality was exchanged with Caleendar during a live renewal. The policy says board notification above $500. You have now created a documented case in which the threshold was negotiated down because the salesperson agreed with the CFO that it was inconvenient. Anyone reading the file in a year, including a future Cooper, learns one thing: the policy is optional.
If the salesperson closest to the customer doesn't escalate when their own policy says escalate, the policy has no credibility on the next account. Under ISO 37001 Clause 7, staff have to believe the procedures are real, and patterns of selective enforcement are exactly what they read. The ISO 37001 position is materially weaker when the documented practice is "we follow the threshold when convenient".
Mark runs your bids. Twenty-two years in industrial sales, knows every procurement contact between Sydney and Brisbane. He doesn't sit down.
Cooper, level with me. You went to compliance about the Origin thing. That's fine. But I have to tell you what you've just done. Every BD I've worked with in twenty years stops telling compliance the second compliance tells the board. And we lose deals when BD doesn't tell compliance. Visibility is the whole game.
I'm not asking you to bury the next one. I'm asking what you put in place so that the next person on this account doesn't walk straight past Lila's office because they watched what happened to you.
Mark is not wrong. The procedure is only useful if BD actually uses it. The next decision is what you put in place so BD trusts the procedure enough to keep using it.
Friday, 10:00 AM. The pattern is on record. Mark's warning is in your head. You've been asked to draft a recommendation BD and Compliance both put their names on.
A 90-second pre-clear flow, scenario training for BD, and quarterly board reporting.
Web form for any spend over $250 during a tender, routed to Lila, 24-hour SLA. Joint annual scenario training. Quarterly board reporting. Compliance as sales enabler, not brake.
Update the register threshold and send a company-wide reminder.
Drop pre-approval from $500 to $250 during active tenders. Reminder to all staff. No new system, clearer rules.
File the incident note. The policy already covers it.
The procedure exists. Register entries are made. Lila knows. A file note for next year's audit is enough.
Walk me through it.
Pre-clear: 90-second form, anything over $250 during a tender, 24-hour SLA. Training: joint scenarios once a year. Reporting: aggregate data to the board quarterly.
BD will push back on the form.
If I'd had it on my phone Friday night, this conversation never happens. The form is the lifeline, not the brake. ISO 37001 gives us the framework.
Clause 4: the form is calibrated to BD's workflow. Clause 7: joint training teaches the why. Clause 9: quarterly reporting makes the system self-correcting. A programme works when BD trusts it enough to use on a Friday night.
Threshold drops to $250 during active tenders. Reminder goes out Monday. Lila and I cover it at the next all-hands.
Sensible. Not heavy-handed.
The email goes out Monday. Open rate is 71%. By Friday it has been forgotten. Eight months later, a junior BD on a different account accepts an invitation to a corporate box at Allianz Stadium from a contractor that's bidding on a subcontract. He doesn't pre-clear it because he didn't read the email.
ISO 37001 Clause 7 separates communication (telling people the policy exists) from training (making sure they can apply it under pressure). An email is the first. A scenario walkthrough is the second. If a similar incident hits Meridian after the email goes out, an external auditor or AFP investigator will ask what was done beyond the email. If the answer is "nothing", the ISO 37001 position is harder to defend than before, because the company knew the system wasn't working and chose not to upgrade it.
I've drafted the file note. Procedure is there, register is updated, Lila has the audit trail. We don't need to make it heavier.
Fair. These things happen.
The note goes on file. Nothing else changes. The pre-approval rule remains a paragraph on page seven of the staff handbook. Eight months later, a different BD on a different account accepts a similar invitation in similar circumstances. The register catches it after the fact, again. Lila opens her quarterly review and finds the same shape of pattern, with a different supplier, on a different account. The training did not happen. The form did not get built. Nothing about the system improved.
An ISO 37001 programme places the duty on the company, not the individual. The question is whether the company's procedures were adequate to prevent the conduct. A file note on one salesperson is not monitoring, not training, and not procedural improvement. ISO 37001 Clause 9 requires the company to review and update procedures in light of experience. The company had experience here. Nothing was updated.
Six months on
The renewal signed Tuesday. The hospitality offer never moved the procurement decision. What happens between Cooper, Greg and Meridian from here depends on what Cooper put in place.
NSW s.249B
Corrupt commissions
AS ISO 37001
Anti-bribery management
ISO 37001 Cl. 4
Risk-based design
ISO 37001 Cl. 7
Training & awareness
ISO 37001 Cl. 9
Monitoring & review
AS 8001 + AFP
Hospitality (by analogy)
Take the 5-question knowledge check to record your completion.
Take the Module Quiz →A $2.8M bid. The prospect's procurement lead has hinted at a "gesture". Your bid manager wants to send Grand Final tickets. You're running point.