Anti-Bribery for Sales · Module 1 of 2

Hospitality

Friday night dinner at Quay. Three days from a $4.2M renewal, your client slides an envelope across the table.

Portrait of Cooper Banks, Senior Account Director at Meridian Australia
Your Role

Cooper Banks

Senior Account Director, Meridian Australia

Twelve years at Meridian. AUD $18M brought in last year, more than anyone else in BD. The Caleendar Energy account is yours. The renewal is Tuesday.

Meridian Australia. Sydney CBD HQ. 280 to 600 staff in four years on the back of east-coast infrastructure and energy work. That growth is what brought ASIC and AFP attention onto the company's hospitality controls.

The Gifts & Hospitality Policy: pre-approval is required above $500. During an active tender or renewal, the threshold drops to $250. Compliance signs off, not BD.

Your CFO is Sasha O'Brien. Compliance is Lila Tran. The customer tonight is Greg Donoghue, Procurement Director at Caleendar Energy, a Western Sydney mid-cap utility. Eighteen years at Caleendar. Twelve years buying from you.

Before You Start

How This Works

A branching scenario. The choices you make shape how the night ends, how the deal closes, and whether your name stays clear of NSW s.249B.

+3 The move that protects the deal AND keeps you off the regulator's file.
+1 Defensible but partial. You'll see what got missed.
−2 Looks commercial. Reads as a corrupt reward to NSW DPP or AFP.

Tip: Highlighted text like ISO 37001 is clickable. Tap to read the underlying standard in full.

Portrait of Greg Donoghue, Procurement Director at Caleendar Energy
Friday, 9:42 PM · Quay, Sydney harbour
Narrator

Dessert arrives. Greg has just signalled the sommelier for a third bottle. He sets a stiff white envelope on the tablecloth between the candles and slides it across with two fingers.

Greg Donoghue

Cooper, listen. We've got a corporate suite for State of Origin Game 3 next Wednesday night. Suncorp. Take Hannah, make a thing of it.

Greg Donoghue

Renewal's a formality, by the way. Tuesday is housekeeping. Procurement aren't going to muck around with twelve years of clean delivery.

Narrator

He doesn't open the envelope. He doesn't need to. The Caleendar logo on the corner says enough. Two corporate-suite seats for Origin Game 3 are not $200 of hospitality.

Saturday, 8:14 AM · your kitchen, with the envelope on the counter

You did not say yes. You did not say no.

Tickets are still in the envelope. Hannah is asking what you'd like for breakfast. You open the policy on your phone.

DetailValue
ItemTwo corporate-suite seats, State of Origin Game 3 (NSW v QLD), Suncorp Stadium
Date offeredFriday 4 July (last night)
FromGreg Donoghue, Procurement Director, Caleendar Energy
Estimated face value~$2,500 per seat
Total estimated value$5,000
Caleendar renewal decisionTuesday, 8 July · 3 working days away
Pre-approval obtained?No
Register entry?None yet
Policy threshold (active renewal)$250 · offer is 20× over

Twenty times over the threshold. Three days before the decision goes through procurement. No pre-approval. The fact you didn't accept on the spot is the only thing keeping this clean.

Your phone buzzes. Lila Tran in compliance: "Cooper, Greg's EA called my line at half eight. Mentioned 'Origin tickets for Wednesday'. Find me Monday first thing."

Portrait of Cooper Banks, Senior Account Director
Decision Point 1 of 3

Saturday morning. Tickets are on the counter, unsigned. Renewal is Tuesday. Lila already knows. Greg hasn't been thanked, hasn't been declined. The next move is yours, and it sets the tone for everything that happens after Tuesday.

What do you do this weekend?

Your choice

Decline in writing this morning. Log offered-not-accepted. Brief Lila over email.

Send Greg a short, warm message returning the tickets. Drop them at Caleendar's reception in person Monday morning. Log the offer in the register as offered, declined. Email Lila the timeline before bed so Monday's meeting is preparatory, not investigatory. Under NSW s.249B the timing is the load-bearing fact, and you've broken the link.

Your choice

Sit on it. Take the tickets to Lila Monday and run a retrospective pre-clear.

Don't go to the game. Leave the envelope sealed on the kitchen counter. Walk into Lila's office Monday with it and ask her to pre-clear it after the fact. Argue the renewal is a formality so the timing isn't really a corrupt inducement. Defensible if Lila agrees, but you've held the offer over the weekend without a paper trail.

Your choice

Take Hannah. Go to Origin. Sort the paperwork Monday.

Twelve years of clean delivery on this account. Greg is a mate. NSW s.249B doesn't prohibit reasonable corporate hospitality. Log it in the register Monday morning, mention it to Lila when you bump into her in the kitchen, get on with the renewal.

Portrait of Lila Tran, Compliance Manager
Monday, 8:30 AM · Lila's office +3
Lila Tran

I read your email at 11pm Saturday. Walked in this morning expecting a problem. Got an audit trail instead.

Cooper Banks

I dropped the envelope at Caleendar's reception at 8am. Their security signed for it. The note to Greg said "good of you to think of us, can't take it during a renewal window, let's do something proper after Tuesday".

Lila Tran

Warm. Clean. Documented. If Greg comes back with another version of the same offer, that's a pattern, and we treat the second one differently.

Cooper Banks

And the renewal?

Lila Tran

If they pull it because you didn't take $5,000 of footy, the renewal was never about delivery. We'd want to know that now, not after we've signed.

Why This Held Up

The NSW s.249B test asks whether the benefit was given or accepted as a corrupt reward for the recipient acting in their principal's affairs. By declining within hours, in writing, and logging the offer as offered-not-accepted, you've broken the corrupt-reward link before it could form. Under ISO 37001, this is also exactly the evidence Meridian needs: a real-time decision, by the person closest to the customer, that matched the policy. ISO 37001 Clause 4 is satisfied because the response was proportionate to the value ($5,000) and the timing (three days from a $4.2M decision).

Portrait of Lila Tran, Compliance Manager
Monday, 8:30 AM · Lila's office +1
Cooper Banks

Brought you something to look at. Greg gave me these Friday. I didn't accept, didn't decline. Renewal's tomorrow. I'd like a retrospective pre-clear so we can return them properly today.

Lila Tran

Cooper, the pre-clear form exists so I can answer before you take the offer home. You took it home for two nights and the game was Wednesday. The window for pre-clear closed Friday.

Cooper Banks

I didn't go.

Lila Tran

Good. That's the only thing standing between us and a real problem. Return them today, log the offer as declined, and we'll need to think about how this looked from the outside over the weekend.

The Gap That Cost You The Top Mark

You didn't go to the game, which is what kept this defensible. But pre-clear has to happen before the benefit is held, not after. Under ISO 37001 Clause 9, the procedure only counts if it operates as designed. A retrospective sign-off creates a documented case where the policy was not followed at the moment it mattered. If a similar offer lands next year, the question on file is "what did Cooper do last time" and the answer is "took it home for the weekend". Under AS 8001 + AFP guidance, value and timing are the two strongest indicators of corrupt purpose. Holding $5,000 of hospitality unsigned through the renewal weekend put you on the timing axis whether you went or not.

Portrait of Lila Tran, Compliance Manager
Monday, 8:30 AM · Lila's office −2
Lila Tran

You went.

Cooper Banks

Took Hannah. Cracking night. Look, Lila, I'll log it this morning. The law doesn't prohibit reasonable hospitality. Greg and I have been doing this for twelve years.

Lila Tran

NSW s.249B prohibits a corrupt reward. AFP and ASIC look at value and timing as the two flags. $5,000 of corporate-suite seats. Three days before a $4.2M decision. That's both flags.

Narrator

The renewal goes through Tuesday on schedule. Three weeks later, an internal-audit team at Caleendar opens a routine review and asks for a list of supplier hospitality given over the past year. Your seat numbers are on it. Your register entry, made the morning after, isn't.

The "Everyone Does It" Trap

NSW s.249B makes it an offence to receive a benefit on account of doing or not doing something in your principal's affairs. The benefit doesn't need to be cash. The AS 8001 + AFP guidance treats value and timing as the two strongest indicators of corrupt purpose, and $5,000 three days before a renewal hits both. By accepting, going, and logging the offer only after the game, you've created the exact paper trail an investigator would build their case from. Meridian's ISO 37001 position is now harder to defend, because the salesperson closest to the customer ignored the threshold the policy specifies for this exact moment.

Tuesday, 11:40 AM · the morning after the renewal signs

The NRL Grand Final entry

Lila opens the gifts register on her screen and turns it toward you.

October 5th. Accor Stadium. NRL Grand Final. Two corporate-box seats hosted by Caleendar. Estimated value $1,800. Attendees: Cooper Banks and Mark Stelovich from your bid team. Logged after the fact by your line manager as a "client relationship event". Never pre-approved by compliance.

Two events. Same client. Same procurement contact at Caleendar. Combined value $6,800. The renewal cycle was already open in October, you just hadn't focused on it.

Sasha has texted you twice this morning: "Don't make this bigger than it is. The contract is signed. Move on."

Activity · What do you say next?

Wednesday, 6:12 PM. Greg calls your mobile. He's relaxed, friendly, no preamble. Wants to book a thank-you dinner at Quay for the Thursday after next. Pick your next line.

Your choice

Greg, generous as always. Let's park dinner until after Q1 board, mid-February. Anything inside this quarter still feels too close to the renewal review.

Your choice

Greg, sounds great. Anything between us over $250 still goes through Lila this year, even outside renewal weeks. If you book it I'll need her sign-off, and she'll probably suggest a working lunch on the books. Same evening, different ledger.

Your choice

Greg, put it on Caleendar's account rather than yours personally. That way it sits in your supplier-relations budget, not as a name-on-a-line. We're both covered.

Your choice

Greg, why don't I host you instead? Quay, my shout this time, Meridian's account. Twelve years, you've earned a return.

Activity · Gifts & Hospitality Register

Log the Origin offer in your own words. Every field matters. A wrong value here means the entry doesn't trigger the compliance flag it should, or a defensible event gets escalated unnecessarily. Be specific. Lila will read this in five minutes.

Portrait of Sasha O'Brien, CFO
Decision Point 2 of 3

Sasha pulls you into her office Tuesday afternoon. "Cooper, I've read Lila's note. $6,800 over two events with the same procurement contact, in a year we just renewed with them. If this goes to the board it turns a clean win into a problem. Three non-execs, half of whom don't know Caleendar from a hole in the ground. We could lose the relationship over the optics." She doesn't sit down. "I'm not asking you to bury it. I'm asking you to be commercially proportionate."

How do you respond?

Your choice

Follow the policy. Notify the board.

The policy says board notification above $500 during an active renewal. $6,800 across two events with the same procurement lead is not a borderline call. Tell Sasha you'll write the note jointly so the board hears it from BD and Finance together, not from Compliance over their heads.

Your choice

Propose a documented compromise.

No board notification this time, but: full written disclosure from you to Caleendar's compliance team, both events flagged in Lila's quarterly compliance memo, and you sign a personal acknowledgement that any future hospitality from Caleendar goes through pre-clear before you accept anything. Sasha signs the same.

Your choice

Defer to Sasha. She's the CFO.

Sasha has more context on the board dynamics and the wider commercial picture. The renewal is signed. The events are in the register. Going around her on a $6,800 disclosure two days after she's asked you not to would damage the working relationship you need for the next bid.

Portrait of Sasha O'Brien, CFO in the boardroom
Thursday, 10:00 AM · boardroom +3
Sasha O'Brien

For the record, I think this is heavier than the situation needs. But Cooper wanted it on the table, and he's right that the policy says board notification.

Cooper Banks

Combined hospitality with Caleendar this cycle came to $6,800 across two events. The renewal is signed and clean. I'm flagging the pattern, not the renewal. The reason I want it on the board's record is so that next time someone is in my chair on this account, they know the line.

Narrator

Sasha doesn't agree. But she doesn't overrule. The non-executive directors take the disclosure cleanly. One of them, a former Crown prosecutor, says quietly afterwards that she has not seen a salesperson volunteer this kind of pattern unprompted before, and that it's exactly what good governance looks like.

Why Volunteering The Pattern Pays Off

An ISO 37001 programme asks whether Meridian had proportionate procedures and whether they were followed in practice. By taking the pattern to the board through your own initiative, you've turned a paper procedure into a documented one. ISO 37001 Clause 9 calls this performance evaluation and treats it as the difference between a policy that exists and a policy that works. The salesperson who flags the pattern is the strongest evidence the procedure is real.

Portrait of Sasha O'Brien, CFO
Wednesday, 3:30 PM · Sasha's office +1
Cooper Banks

No board notification this time. But three things on the record. I write to Greg's compliance counterpart at Caleendar disclosing both events. Lila flags both in this quarter's compliance memo. You and I both sign a note saying any future Caleendar hospitality goes through pre-clear before I accept.

Sasha O'Brien

That works.

Cooper Banks

One more. If anything close to this happens with any other client this year, it goes to the board automatically. I want that commitment in writing.

Sasha O'Brien

Fine. Draft it.

Where The Compromise Holds, And Where It Doesn't

ISO 37001 Clause 4 requires procedures proportionate to the risk. Your compromise creates a paper trail and a tripwire for next time, which is real. But you've also documented a case in which the company's own $500 board-notification threshold was negotiated down to a personal undertaking, and a future auditor will ask what the threshold actually is. The signed undertaking is doing the work the policy was supposed to do.

Portrait of Sasha O'Brien, CFO
Wednesday, 3:30 PM · Sasha's office −1
Cooper Banks

Look, you're the CFO. The renewal is signed, the entries are in the register, Lila knows. I don't think we need to take it further.

Sasha O'Brien

Sensible. Sometimes proportionate means knowing when not to turn a clean week into a four-week board cycle.

Narrator

The board never hears that $6,800 of hospitality was exchanged with Caleendar during a live renewal. The policy says board notification above $500. You have now created a documented case in which the threshold was negotiated down because the salesperson agreed with the CFO that it was inconvenient. Anyone reading the file in a year, including a future Cooper, learns one thing: the policy is optional.

What The File Now Says About The Policy

If the salesperson closest to the customer doesn't escalate when their own policy says escalate, the policy has no credibility on the next account. Under ISO 37001 Clause 7, staff have to believe the procedures are real, and patterns of selective enforcement are exactly what they read. The ISO 37001 position is materially weaker when the documented practice is "we follow the threshold when convenient".

Portrait of Cooper Banks at his desk
Thursday, 3:00 PM · bid room
Narrator

Mark runs your bids. Twenty-two years in industrial sales, knows every procurement contact between Sydney and Brisbane. He doesn't sit down.

Mark Stelovich

Cooper, level with me. You went to compliance about the Origin thing. That's fine. But I have to tell you what you've just done. Every BD I've worked with in twenty years stops telling compliance the second compliance tells the board. And we lose deals when BD doesn't tell compliance. Visibility is the whole game.

Mark Stelovich

I'm not asking you to bury the next one. I'm asking what you put in place so that the next person on this account doesn't walk straight past Lila's office because they watched what happened to you.

Narrator

Mark is not wrong. The procedure is only useful if BD actually uses it. The next decision is what you put in place so BD trusts the procedure enough to keep using it.

Portrait of Lila Tran, Compliance Manager
Decision Point 3 of 3

Friday, 10:00 AM. Renewal is signed. The pattern is on the record. Mark's warning is in your head. You've been asked to draft a recommendation that BD and Compliance both put their names on, so it lands as a joint paper not a Compliance edict. What does the recommendation say?

What do you put in place?

Your choice

A 90-second pre-clear flow, scenario training for BD, and quarterly board reporting.

A short web form for any spend over $250, routed to Lila, 24-hour SLA. Annual scenario training run by BD and Compliance jointly so it sounds like work, not a lecture. Quarterly aggregate reporting to the board so the system is visible. Treats compliance as a sales enabler, not a brake.

Your choice

Update the register threshold and send a company-wide reminder.

Drop the pre-approval threshold from $500 to $250 during active tenders, send the policy reminder to all staff, raise it at the next all-hands. Proportionate, not heavy-handed. No new system, but the rules are clearer.

Your choice

File the incident note. The policy already covers it.

The procedure exists. The register entries are made. Lila knows. The renewal is signed and clean. Drafting a note on the file for next year's audit is enough. Anything more risks signalling that BD's normal client work is under suspicion.

Portrait of Sasha O'Brien, CFO
Following Monday, 9:00 AM · Sasha's office +3
Sasha O'Brien

Walk me through it.

Cooper Banks

Three pieces. Pre-clear: 90-second form, anything over $250 during a tender, 24-hour SLA from Lila. Training: scenarios run by Mark and Lila together once a year, half a day, no slides. Reporting: aggregate hospitality data to the board every quarter, so the system is visible to non-execs without dragging them into individual decisions.

Sasha O'Brien

BD is going to push back on the form.

Cooper Banks

If I'd had it open on my phone Friday night, this whole conversation never happens. The form is the lifeline, not the brake. ISO 37001 gives us the framework if we run procedures like this. Every BD I've ever worked with would rather get a yes in 24 hours than write a register note in a panic on Monday morning.

The Three Pillars Of A Real Programme

Clause 4 (Risk-Based Design): a 90-second form is calibrated to Meridian's actual risk and to BD's actual workflow. Clause 7 (Training and Awareness): scenario training run jointly by BD and Compliance teaches the why, not just the what. Clause 9 (Monitoring and Review): quarterly aggregate reporting makes the system visible and self-correcting. The thing that makes a programme work is that BD trusts it enough to use it on a Friday night.

Portrait of Sasha O'Brien, CFO
Friday, 2:00 PM +1
Cooper Banks

Threshold drops to $250 during active tenders. Reminder goes out Monday. Lila and I cover it at the next all-hands.

Sasha O'Brien

Sensible. Not heavy-handed.

Narrator

The email goes out Monday. Open rate is 71%. By Friday it has been forgotten. Eight months later, a junior BD on a different account accepts an invitation to a corporate box at Allianz Stadium from a contractor that's bidding on a subcontract. He doesn't pre-clear it because he didn't read the email.

Communication Is Not Training

ISO 37001 Clause 7 separates communication (telling people the policy exists) from training (making sure they can apply it under pressure). An email is the first. A scenario walkthrough is the second. If a similar incident hits Meridian after the email goes out, an external auditor or AFP investigator will ask what was done beyond the email. If the answer is "nothing", the ISO 37001 position is harder to defend than before, because the company knew the system wasn't working and chose not to upgrade it.

Portrait of Sasha O'Brien, CFO
Friday, 2:00 PM −2
Cooper Banks

I've drafted the file note. Procedure is there, register is updated, Lila has the audit trail. We don't need to make it heavier.

Sasha O'Brien

Fair. These things happen.

Narrator

The note goes on file. Nothing else changes. The pre-approval rule remains a paragraph on page seven of the staff handbook. Eight months later, a different BD on a different account accepts a similar invitation in similar circumstances. The register catches it after the fact, again. Lila opens her quarterly review and finds the same shape of pattern, with a different supplier, on a different account. The training did not happen. The form did not get built. Nothing about the system improved.

Individual Note Versus Systemic Fix

An ISO 37001 programme places the duty on the company, not the individual. The question is whether the company's procedures were adequate to prevent the conduct. A file note on one salesperson is not monitoring, not training, and not procedural improvement. ISO 37001 Clause 9 requires the company to review and update procedures in light of experience. The company had experience here. Nothing was updated.

Six months on

Where the Caleendar account sits

The renewal signed Tuesday. The hospitality offer never moved the procurement decision. What happens between Cooper, Greg and Meridian from here depends on what Cooper put in place.

Your Result
/ 13

Your Decisions

What to take into next week's meetings

1. A refusal you can use at the table. "Greg, sounds great. Anything over $250 goes through Lila. If you book it, I need her sign-off, and she'll probably steer it to a working lunch on the books rather than dinner." Names the threshold, names the person, keeps it warm.
2. Three signals the customer is testing where your line is. Escalating spend across consecutive meetings. "Don't bother with the paperwork on this one." Anything offered with a renewal or tender decision in the same fortnight.
3. Two-click pre-clear before the dinner, not after. The 90-second form is the lifeline, not the brake. If compliance can answer in 24 hours, you can use it on a Friday night without losing the moment.
4. The NSW s.249B timing test in plain English. AFP and ASIC will ask two questions about any hospitality you took: how big was it, and how close was it to a decision in your gift. Big plus close reads as a corrupt reward, no matter what either side intended.

Key Legal References

NSW s.249B

Corrupt commissions

AS ISO 37001

Anti-bribery management

ISO 37001 Cl. 4

Risk-based design

ISO 37001 Cl. 7

Training & awareness

ISO 37001 Cl. 9

Monitoring & review

AS 8001 + AFP

Hospitality (by analogy)

Ready to complete this module?

Take the 5-question knowledge check to record your completion.

Take the Module Quiz →
Module 2 of 2

Next: Tender

A $2.8M bid. The prospect's procurement lead has just hinted at a "gesture". Your bid manager wants to send NRL Grand Final tickets to keep things warm. You're running point.

Continue to Module 2 →