Anti-Bribery & Corruption — Module 1 of 4

Hospitality

When a client's invitation blurs the line between networking and inducement — three days before a contract decision.

Portrait of Alexa Reeves, Compliance Manager at Meridian Engineering
Your Role

Alexa Reeves

Compliance Manager, Meridian Engineering

Two years into the role. You were hired to build the compliance programme from scratch — the policies exist, the training is planned, but it hasn't been truly tested yet. Today, it will be.

Meridian Engineering has grown from 280 to 600 employees in four years, driven by international project wins in infrastructure and energy.

The Gifts & Hospitality Policy requires pre-approval for hospitality above £500. During active tenders or contract renewals, the threshold drops to £250.

David Mercer, Business Development Director, brought in £18M of contracts last year. He is Meridian's most commercially important employee. You report to Helen Carr, CFO.

Before You Start

How This Works

This is a choose-your-own-adventure scenario. You'll face real decisions — and your choices shape how the story unfolds.

+3 Best practice — the response a compliance expert would choose
+1 Reasonable but incomplete — you're on the right track
−2 Risky or non-compliant — learn why this path creates problems

Tip: Highlighted text like Section 7 is clickable — tap to read the legal reference in full.

Portrait of David Mercer, Business Development Director
Tuesday, 4:47 PM
Narrator

You're heading to the kitchen when David Mercer catches you in the corridor. Just back from London — suit jacket over one arm, looking relaxed. He mentions it almost as an afterthought.

David Mercer

Alexa — good timing. Quick one. I was at Wimbledon over the weekend. Corporate box, Haldane's invite. Took Jenny from proposals. Spectacular match — Sinner vs. Alcaraz. Anyway, just thought I'd mention it. Should I log it somewhere?

You

David, the Haldane contract renewal is next week.

David Mercer

Exactly. That's why the relationship matters. Look, this isn't a brown envelope, Alexa. It's tennis. Everyone does it.

Tuesday, 5:10 PM

Back at your desk

You pull up the details. The picture is worse than you thought.

DetailValue
EventWimbledon Championships — Centre Court Corporate Box
DateSaturday, 5 July
HostHaldane Infrastructure (client)
Estimated value per person~£2,500 (hospitality package incl. champagne, lunch, afternoon tea)
Meridian attendeesDavid Mercer (BD Director) + Jenny Ashworth (Proposals Manager)
Total estimated value£5,000
Haldane contract renewal decisionWednesday, 9 July — 4 days after the event
Pre-approval obtained?No
Gifts register entry?None
Policy threshold (active contract period)£250 — exceeded by 20×

The hospitality exceeds your policy threshold by a factor of twenty. Accepted during an active contract renewal. No pre-approval, no register entry.

Your phone buzzes. Helen Carr: "David mentioned the Wimbledon thing. Come see me first thing tomorrow."

Portrait of Alexa Reeves, Compliance Manager
Decision Point 1 of 3

Tuesday, 5:25 PM. You have the facts: £5,000 of hospitality, ten times the policy threshold, accepted during an active contract renewal with no pre-approval. David doesn't think there's a problem. Helen wants to talk tomorrow morning. What you do in the next 12 hours determines whether this stays a policy breach or becomes a potential criminal exposure.

What is your first action?

Your choice

Log, notify, and brief Helen

Formally log the hospitality retrospectively, require David to disclose to Haldane's compliance team that the event has been recorded, and prepare a full briefing for Helen. Under Section 7, the company must demonstrate 'adequate procedures' — reactive logging and disclosure are the minimum defensible response.

Your choice

Log it and have a quiet word with David

Enter the hospitality retrospectively in the gifts register, have a private conversation with David about the pre-approval requirement. No need to involve the client or escalate beyond Helen's existing awareness. Proportionate response to what is, ultimately, a paperwork failure.

Your choice

No action needed — it's corporate hospitality

Corporate hospitality is a normal part of business development. The Bribery Act specifically does not prohibit reasonable hospitality. David is right — this is how relationships work. Escalating it would damage David's trust and potentially the client relationship.

Portrait of Helen Carr, CFO
Wednesday, 8:15 AM — Helen's Office +3
You

Helen, I've logged the Wimbledon hospitality — £5,000 total, accepted during the contract renewal window, no pre-approval. I've drafted a disclosure letter for David to send to Haldane's compliance team.

Helen Carr

A letter to their compliance team? That's a bit much, isn't it? We don't want Haldane thinking we're accusing them of anything.

You

It's not accusatory — it's transparency. We're telling them we received hospitality, we've logged it, and it doesn't influence our commercial relationship. If we don't disclose and someone asks questions later, the silence looks worse than the hospitality.

Helen Carr

And if David pushes back?

You

He will. But this is exactly what our procedures are for. Section 7 holds the company liable if we don't have adequate procedures. We have a policy — we just need to enforce it.

Why This Was Defensible

By logging the hospitality, requiring client-side disclosure, and briefing your CFO, you've created the documentation trail that Section 7 demands. Adequate procedures are not just written policies — they're enforced policies. Retrospective logging plus proactive disclosure demonstrates enforcement, not just documentation. Under MoJ Principle 1, the response must be proportionate to the risk — £5,000 of hospitality three days before a £4.2M decision is a material risk.

Portrait of Helen Carr, CFO
Wednesday, 8:15 AM — Helen's Office +1
You

Helen, I've logged the Wimbledon event in the gifts register. £5,000 total, no pre-approval. I've spoken to David about the pre-approval requirement.

Helen Carr

Good. And David?

You

He understands. Says it won't happen again.

Helen Carr

Fine. Let's move on.

The Gap in This Approach

You've created a register entry, which is better than nothing. But a retrospective log without disclosure to the client leaves a gap. If Haldane's own compliance team later discovers the hospitality during their audit, Meridian will be asked: "You knew about this and said nothing?" Under MoJ Principle 6, adequate procedures require not just recording but reviewing and acting on hospitality that exceeds thresholds. A verbal warning with no documented follow-up means, if this happens again, you have no evidence that David was told — which weakens your Section 7 defence.

Portrait of Helen Carr, CFO
Wednesday, 8:15 AM — Helen's Office −2
Helen Carr

Alexa, what's your assessment on the Wimbledon thing?

You

Honestly, Helen, I think it's standard corporate hospitality. David's been doing this for years. The Bribery Act doesn't prohibit reasonable hospitality — the SFO has said as much.

Helen Carr

That's reassuring. I didn't want to overreact.

Narrator

You're right that the Bribery Act doesn't prohibit hospitality. But you've missed the critical word: reasonable. £5,000 of hospitality three days before a procurement decision is not the SFO's definition of reasonable. And by not logging it, you've ensured there's no record that Meridian even knew about it — which is exactly the gap Section 7 was designed to close.

The "Everyone Does It" Trap

Section 1 of the Bribery Act makes it an offence to give anything of value intending to induce improper performance — and hospitality doesn't need to be a "brown envelope" to qualify. The SFO guidance is clear: value and timing are the two strongest indicators. This event scores high on both. By taking no action, you've failed the most basic test under Section 7: you knew about a breach and did nothing.

Wednesday, 11:30 AM

Pattern in the register

You're reviewing the gifts register when you find something you didn't expect.

Three months ago, Meridian hosted Haldane's procurement team at a Six Nations rugby match — corporate tickets worth £1,800. Logged by David as 'client relationship event', pre-approved by his line manager (not compliance). The same Rob Langley from Haldane attended.

This isn't a one-off. It's a pattern. Two hospitality events, same client, same procurement contact, within a single contract cycle. Combined value: £6,800.

Your policy says hospitality above £500 during an active contract renewal requires board notification. Helen has already asked you to keep this 'proportionate' — she doesn't want it going to the board.

Activity — Listen & Decide

David follows up after the meeting. Listen to his pitch before deciding what to do.

David Mercer — follow-up call
Press play to listen

Listen to the audio to unlock your choices.

Your choice

Accept, but first get Helen to authorise it in writing so there\'s a paper trail.

Your choice

Decline, and log David\'s approach in the gifts register as an offered (not accepted) item.

Your choice

Decline and self-report the offer to the SFO as a precaution.

Your choice

Accept and attend — you\'ll log it in the register the next day to keep records clean.

Activity — Gifts & Hospitality Register

Log the Criterion Restaurant dinner accurately. Every field matters — a wrong value here could mean this entry doesn\'t trigger the compliance flag it should, or that a defensible event gets escalated unnecessarily.

Portrait of Helen Carr, CFO
Decision Point 2 of 3

Helen calls you into her office. She's read your register review. "Alexa, I appreciate the thoroughness. But taking this to the board turns a manageable situation into a crisis. Three non-executives, two of whom have no context on Haldane. They'll panic. David will feel ambushed. And we could lose the contract over optics." She pauses. "I'm not asking you to bury it. I'm asking you to be proportionate."

How do you handle the escalation?

Your choice

Follow the policy — notify the board

The policy is clear: hospitality above £500 during an active contract requires board notification. £6,800 across two events with the same procurement contact isn't borderline. Under MoJ Principle 6, selective enforcement of your own policy is worse than having no policy at all.

Your choice

Propose a documented compromise

Don't escalate to the board if David sends a written disclosure to Haldane's compliance team, both events are fully documented with a compliance review note, and David signs a written acknowledgement of the pre-approval policy. Creates a defensible paper trail without board-level alarm.

Your choice

Defer to Helen — she's the CFO

Helen hired you to build the programme, and she's telling you this is proportionate. She has more context on board dynamics and the commercial relationship. Going over her head would damage the working relationship you need to be effective in this role.

Portrait of Helen Carr, CFO in the boardroom
Thursday, 10:00 AM — Boardroom +3
Helen Carr

For the record, I think this is disproportionate. But Alexa has a point about the policy.

You

The combined hospitality with Haldane totals £6,800 during an active contract renewal. Our policy requires board notification above £500. I'm not suggesting anyone acted in bad faith — I'm asking the board to note the disclosure and confirm next steps.

Helen is unhappy, but she hasn't overruled you. The board receives the disclosure professionally. One non-executive director — a former regulator — notes that this is exactly how adequate procedures should work.

Why Enforcement Matters More Than Policy

The Section 7 defence requires 'adequate procedures.' Courts and the SFO look at whether procedures were followed in practice, not just whether they existed on paper. Selectively ignoring your own escalation threshold — even at the CFO's request — creates a precedent that undermines every policy you've written. Under MoJ Principle 6, monitoring and review means the policy is enforced when triggered, not just when convenient.

Portrait of Helen Carr, CFO
Wednesday, 3:30 PM — Helen's Office +1
You

Helen, I won't take it to the board — yet. But I need three things: David sends a written disclosure to Haldane's compliance team, both events get a full compliance review note on file, and David signs a written acknowledgement of the pre-approval policy.

Helen Carr

That sounds reasonable. I'll talk to David.

You

One more thing. If anything similar happens again — with any client — it goes to the board automatically. I need that commitment from you.

Helen Carr

Agreed. Let's close this out.

The Proportionality Judgment

MoJ Principle 1 says procedures must be 'proportionate to the bribery risks faced.' Your compromise creates documentation, which is positive. But bypassing your own board notification threshold means a future auditor or prosecutor may ask: 'What was the real threshold?' The documented safeguards partially mitigate this — but they don't fully replace the governance step your policy requires. You've created a precedent that the board notification rule is negotiable.

Portrait of Helen Carr, CFO
Wednesday, 3:30 PM — Helen's Office −1
You

You're right, Helen. I'll keep this at our level. The register entry is there, David knows the policy. I don't think we need to escalate further.

Helen Carr

Good call. Sometimes proportionate means knowing when not to make a mountain out of a molehill.

Narrator

Helen is relieved. The board never learns that £6,800 of hospitality was exchanged with a client during a live £4.2M contract renewal. Your policy says board notification is required above £500. You've now created a documented case where the policy wasn't followed — and the reason was your boss told you not to.

Independence of the Compliance Function

If the Compliance Manager doesn't follow the compliance policy, the policy has no credibility. Under MoJ Principle 5, staff must believe the company's anti-bribery procedures are real. When the compliance function makes exceptions on request, the message to the organisation is clear: the rules are optional. The Section 7 defence is significantly weakened when 'adequate procedures' existed only on paper.

Portrait of David Mercer in Alexa's office
Thursday, 3:00 PM
David Mercer

David is in your office. He's not hostile — but he's not happy.

"Alexa, I've been at Meridian for twelve years. I've built relationships that keep 600 people employed. I've never taken a bribe, I've never offered one, and I resent the implication that a day at the tennis makes me corrupt."

"If compliance is going to question every client dinner, every event invitation — good luck getting anyone in BD to tell you anything in future. They'll just stop reporting."

He's not wrong about the reporting risk. If people stop telling you about hospitality because they're afraid of the consequences, you'll have no visibility at all. The question now: what do you put in place so this doesn't happen again?

Portrait of Alexa Reeves, Compliance Manager
Decision Point 3 of 3

Friday, 10:00 AM. The immediate situation is contained. Now you need to decide what to recommend to the CFO — and ultimately to the board — to prevent this from recurring. David's warning about people 'stopping reporting' is genuine. Whatever you propose needs to make compliance feel like a business enabler, not a police function.

What do you recommend?

Your choice

Mandatory pre-approval, training, and board reporting

Propose: (1) mandatory pre-approval for all hospitality above £250 via a 90-second online form, (2) annual anti-bribery training using real scenarios, (3) quarterly hospitality reporting to the board. Implements MoJ Principles 1, 5, and 6 as an integrated system.

Your choice

Update the register and send a policy reminder

Update the gifts and hospitality register to require pre-approval above £500, send a company-wide reminder email, and include the policy in the next all-hands meeting. Proportionate response that raises awareness without creating a new bureaucracy.

Your choice

Note David's file and move on

The policy already covers this — the problem was David not following it. Draft a note for his personnel file recording the breach. If it happens again, there's a documented pattern. No need to change a policy that already works on paper.

Portrait of Helen Carr, CFO
The following Monday, 9:00 AM +3
Helen Carr

Walk me through this proposal.

You

Three components. First, a pre-approval form — 90 seconds, auto-routes to compliance, responses within 24 hours. Not a barrier, a checkpoint. Second, annual training with real scenarios. Third, quarterly reporting to the board — aggregate data, trends, anything above threshold.

Helen Carr

David's going to hate the form.

You

David will use the form if it takes 90 seconds and we approve most requests within 24 hours. If David had called me before Wimbledon, we could have approved it with conditions — log it, document the business rationale. He'd have gone to the tennis and we'd have a clean file. Total additional cost: approximately zero. The cost of not doing it is a Section 7 prosecution where we can't demonstrate adequate procedures.

The Three Pillars of Adequate Procedures

Principle 1 (Proportionate Procedures): the pre-approval system is calibrated to Meridian's actual risk. Principle 5 (Communication and Training): scenario-based training ensures staff understand the why, not just the what. Principle 6 (Monitoring and Review): quarterly board reporting makes the system self-correcting. Compliance systems that are easy to use get used. Systems that feel like policing get circumvented.

Portrait of Helen Carr, CFO
Friday, 2:00 PM +1
You

I've updated the register to require pre-approval above £500 and drafted a company-wide reminder. I'll present the policy at the next all-hands.

Helen Carr

Sensible. Not too heavy-handed.

Narrator

The email goes out on Monday. 73% of staff open it. By Friday it's forgotten. Eight months later, another BD manager accepts an invitation to the Emirates Stadium from a contractor bidding on a subcontract. He doesn't pre-approve it — because he didn't read the email either.

Communication vs. Training

MoJ Principle 5 distinguishes between 'communication' (telling people the policy exists) and 'training' (ensuring they understand and can apply it). An email achieves the first but not the second. If a similar breach occurs after the email, a prosecutor will ask: 'What did you do beyond sending an email?' If the answer is 'nothing,' your Section 7 defence is weaker than before — because now you knew the system wasn't working and still didn't fix it.

Portrait of Helen Carr, CFO
Friday, 2:00 PM −2
You

I've drafted a note for David's personnel file documenting the policy breach. The policy already covers this — he just didn't follow it.

Helen Carr

Fair enough. These things happen.

Narrator

The note goes into David's file. David never sees it. No one else in the business learns anything from the incident. The pre-approval process remains a paragraph on page 7 of the employee handbook. The gifts register remains a spreadsheet that compliance reviews annually — retroactively, after the events have already happened.

Individual vs. Systemic Failure

Section 7 holds the commercial organisation liable, not the individual employee. Even if David is personally at fault, Meridian's exposure depends on whether the company's procedures were adequate to prevent the conduct. A file note on one employee's record does not constitute monitoring, review, training, or procedural improvement. Under MoJ Principle 6, the company must show it reviews and updates its procedures in light of experience. This incident is experience — and nothing changed.

Six Months Later

The Reckoning

The Haldane contract was renewed — the hospitality didn't influence the outcome. But what happens next depends on the system you built.

Your Result
/ 9

Your Decisions

Key Lessons

1. Corporate hospitality isn't automatically a bribe — but value, timing, and proximity to a commercial decision are the three factors the SFO examines first.
2. The Section 7 defence requires adequate procedures that are enforced, not just written. A policy on the intranet that nobody follows is not an adequate procedure.
3. Compliance systems that are easy to use get used. A 90-second pre-approval form is a business enabler. A 30-page policy manual is a filing exercise.
4. MoJ Principles 1, 5, and 6 work as a system: proportionate controls + training that explains the why + monitoring that catches patterns before they become prosecutions.

Key Legal References

Section 1

Bribing another person

Section 7

Failure to prevent

MoJ Principle 1

Proportionate procedures

MoJ Principle 5

Communication & training

MoJ Principle 6

Monitoring & review

SFO Guidance

Hospitality approach

Ready to complete this module?

Take the 5-question knowledge check to record your completion.

Take the Module Quiz →
Module 2 of 4

Next: Grease

Equipment stuck at Accra port. Liquidated damages ticking at £8,500/day. The customs official wants $2,000 to clear it.

Continue to Module 2 →