Anti-Bribery & Corruption — Module 1 of 4
When a client's invitation blurs the line between networking and inducement — three days before a contract decision.
Compliance Manager, Meridian Engineering
Two years into the role. You were hired to build the compliance programme from scratch — the policies exist, the training is planned, but it hasn't been truly tested yet. Today, it will be.
Meridian Engineering has grown from 280 to 600 employees in four years, driven by international project wins in infrastructure and energy.
The Gifts & Hospitality Policy requires pre-approval for hospitality above £500. During active tenders or contract renewals, the threshold drops to £250.
David Mercer, Business Development Director, brought in £18M of contracts last year. He is Meridian's most commercially important employee. You report to Helen Carr, CFO.
This is a decision-driven scenario. You'll face real decisions — and your choices shape how the story unfolds.
Tip: Highlighted text like Section 7 is clickable — tap to read the legal reference in full.
You're heading to the kitchen when David Mercer catches you in the corridor. Just back from London — suit jacket over one arm, looking relaxed. He mentions it almost as an afterthought.
Alexa — good timing. Quick one. I was at Wimbledon over the weekend. Corporate box, Haldane's invite. Took Jenny from proposals. Spectacular match — Sinner vs. Alcaraz. Anyway, just thought I'd mention it. Should I log it somewhere?
David, the Haldane contract renewal is next week.
Exactly. That's why the relationship matters. Look, this isn't a brown envelope, Alexa. It's tennis. Everyone does it.
You pull up the details. The picture is worse than you thought.
| Detail | Value |
|---|---|
| Event | Wimbledon Championships — Centre Court Corporate Box |
| Date | Saturday, 5 July |
| Host | Haldane Infrastructure (client) |
| Estimated value per person | ~£2,500 (hospitality package incl. champagne, lunch, afternoon tea) |
| Meridian attendees | David Mercer (BD Director) + Jenny Ashworth (Proposals Manager) |
| Total estimated value | £5,000 |
| Haldane contract renewal decision | Wednesday, 9 July — 4 days after the event |
| Pre-approval obtained? | No |
| Gifts register entry? | None |
| Policy threshold (active contract period) | £250 — exceeded by 20× |
The hospitality exceeds your policy threshold by a factor of twenty. Accepted during an active contract renewal. No pre-approval, no register entry.
Your phone buzzes. Helen Carr: "David mentioned the Wimbledon thing. Come see me first thing tomorrow."
Tuesday, 5:25 PM. £5,000 of hospitality, ten times the policy threshold, accepted during an active contract renewal with no pre-approval. David sees no problem. Helen wants to talk tomorrow. The next 12 hours decide whether this stays a policy breach or becomes criminal exposure.
Log, notify, and brief Helen
Log the hospitality retrospectively, require David to disclose to Haldane's compliance team, and brief Helen. Under Section 7, the company must show 'adequate procedures'. Logging plus disclosure is the minimum defensible response.
Log it and have a quiet word with David
Enter it in the gifts register and have a private word with David about pre-approval. No need to involve the client. Proportionate response to a paperwork failure.
No action needed — it's corporate hospitality
Corporate hospitality is a normal part of BD. The Bribery Act doesn't prohibit reasonable hospitality. Escalating would damage David's trust and the client relationship.
Helen, I've logged the Wimbledon hospitality. £5,000, accepted during the renewal window, no pre-approval. I've drafted a disclosure letter for David to send to Haldane's compliance team.
A letter to their compliance team? That's a bit much, isn't it? We don't want Haldane thinking we're accusing them of anything.
It's not accusatory, it's transparency. We received hospitality, we logged it, it didn't influence the commercial relationship. If we stay silent and it surfaces later, the silence looks worse than the hospitality.
And if David pushes back?
He will. But this is what the procedures are for. Section 7 holds the company liable if procedures aren't adequate. We have a policy. We just need to enforce it.
Logging the hospitality, requiring client-side disclosure, and briefing the CFO builds the trail Section 7 demands. Adequate procedures aren't written policies — they're enforced ones. Retrospective logging plus proactive disclosure demonstrates enforcement. Under MoJ Principle 1 the response must be proportionate to the risk, and £5,000 of hospitality three days before a £4.2M decision is material risk.
Helen, I've logged the Wimbledon event in the gifts register. £5,000 total, no pre-approval. I've spoken to David about the pre-approval requirement.
Good. And David?
He understands. Says it won't happen again.
Fine. Let's move on.
You've created a register entry, which is better than nothing. But a retrospective log without disclosure to the client leaves a gap. If Haldane's own compliance team later discovers the hospitality during their audit, Meridian will be asked: "You knew about this and said nothing?" Under MoJ Principle 6, adequate procedures require not just recording but reviewing and acting on hospitality that exceeds thresholds. A verbal warning with no documented follow-up means, if this happens again, you have no evidence that David was told — which weakens your Section 7 defence.
Alexa, what's your assessment on the Wimbledon thing?
Honestly, Helen, I think it's standard corporate hospitality. David's been doing this for years. The Bribery Act doesn't prohibit reasonable hospitality — the SFO has said as much.
That's reassuring. I didn't want to overreact.
You're right that the Bribery Act doesn't prohibit hospitality. But you've missed the critical word: reasonable. £5,000 of hospitality three days before a procurement decision is not the SFO's definition of reasonable. And by not logging it, you've ensured there's no record that Meridian even knew about it — which is exactly the gap Section 7 was designed to close.
Section 1 of the Bribery Act makes it an offence to give anything of value intending to induce improper performance — and hospitality doesn't need to be a "brown envelope" to qualify. The SFO guidance is clear: value and timing are the two strongest indicators. This event scores high on both. By taking no action, you've failed the most basic test under Section 7: you knew about a breach and did nothing.
You're reviewing the gifts register when you find something you didn't expect.
Three months ago, Meridian hosted Haldane's procurement team at a Six Nations rugby match — corporate tickets worth £1,800. Logged by David as 'client relationship event', pre-approved by his line manager (not compliance). The same Rob Langley from Haldane attended.
This isn't a one-off. It's a pattern. Two hospitality events, same client, same procurement contact, within a single contract cycle. Combined value: £6,800.
Your policy says hospitality above £500 during an active contract renewal requires board notification. Helen has already asked you to keep this 'proportionate' — she doesn't want it going to the board.
David follows up after the meeting. Listen to his pitch before deciding what to do.
Listen to the audio to unlock your choices.
Accept, but first get Helen to authorise it in writing so there's a paper trail.
Decline, and log David's approach in the gifts register as an offered (not accepted) item.
Decline and self-report the offer to the SFO as a precaution.
Accept and attend — you'll log it in the register the next day to keep records clean.
Log the Criterion Restaurant dinner accurately. Every field matters — a wrong value here could mean this entry doesn't trigger the compliance flag it should, or that a defensible event gets escalated unnecessarily.
Helen calls you in. She's read your register review. "Alexa, taking this to the board turns a manageable situation into a crisis. Three non-execs, two with no Haldane context. They'll panic. David will feel ambushed. And we could lose the contract over optics." She pauses. "I'm not asking you to bury it. I'm asking you to be proportionate."
Follow the policy — notify the board
The policy is clear: hospitality above £500 during an active contract requires board notification. £6,800 across two events with the same procurement contact isn't borderline. Under MoJ Principle 6, selective enforcement is worse than no policy at all.
Propose a documented compromise
Skip the board if David sends a written disclosure to Haldane, both events are documented with a compliance review note, and David signs an acknowledgement of the pre-approval policy. Defensible paper trail without board-level alarm.
Defer to Helen — she's the CFO
Helen hired you and she says this is proportionate. She has more context on board dynamics and the commercial relationship. Going over her head damages the working relationship you need to be effective.
For the record, I think this is disproportionate. But Alexa has a point about the policy.
The combined hospitality with Haldane totals £6,800 during an active contract renewal. Our policy requires board notification above £500. I'm not suggesting anyone acted in bad faith — I'm asking the board to note the disclosure and confirm next steps.
Helen is unhappy, but she hasn't overruled you. The board receives the disclosure professionally. One non-executive director — a former regulator — notes that this is exactly how adequate procedures should work.
The Section 7 defence requires 'adequate procedures.' Courts and the SFO look at whether procedures were followed in practice, not just whether they existed on paper. Selectively ignoring your own escalation threshold — even at the CFO's request — creates a precedent that undermines every policy you've written. Under MoJ Principle 6, monitoring and review means the policy is enforced when triggered, not just when convenient.
Helen, I won't take it to the board — yet. But I need three things: David sends a written disclosure to Haldane's compliance team, both events get a full compliance review note on file, and David signs a written acknowledgement of the pre-approval policy.
That sounds reasonable. I'll talk to David.
One more thing. If anything similar happens again — with any client — it goes to the board automatically. I need that commitment from you.
Agreed. Let's close this out.
MoJ Principle 1 says procedures must be 'proportionate to the bribery risks faced.' Your compromise creates documentation, which is positive. But bypassing your own board notification threshold means a future auditor or prosecutor may ask: 'What was the real threshold?' The documented safeguards partially mitigate this — but they don't fully replace the governance step your policy requires. You've created a precedent that the board notification rule is negotiable.
You're right, Helen. I'll keep this at our level. The register entry is there, David knows the policy. I don't think we need to escalate further.
Good call. Sometimes proportionate means knowing when not to make a mountain out of a molehill.
Helen is relieved. The board never learns that £6,800 of hospitality was exchanged with a client during a live £4.2M contract renewal. Your policy says board notification is required above £500. You've now created a documented case where the policy wasn't followed — and the reason was your boss told you not to.
If the Compliance Manager doesn't follow the compliance policy, the policy has no credibility. Under MoJ Principle 5, staff must believe the company's anti-bribery procedures are real. When the compliance function makes exceptions on request, the message to the organisation is clear: the rules are optional. The Section 7 defence is significantly weakened when 'adequate procedures' existed only on paper.
David is in your office. He's not hostile — but he's not happy.
"Alexa, I've been at Meridian for twelve years. I've built relationships that keep 600 people employed. I've never taken a bribe, I've never offered one, and I resent the implication that a day at the tennis makes me corrupt."
"If compliance is going to question every client dinner, every event invitation — good luck getting anyone in BD to tell you anything in future. They'll just stop reporting."
He's not wrong about the reporting risk. If people stop telling you about hospitality because they're afraid of the consequences, you'll have no visibility at all. The question now: what do you put in place so this doesn't happen again?
Friday, 10:00 AM. The immediate situation is contained. Now: what do you recommend to the CFO, and ultimately the board, to stop this recurring? David's warning that people will 'stop reporting' is genuine. Whatever you propose has to feel like a business enabler, not a police function.
Mandatory pre-approval, training, and board reporting
(1) Mandatory pre-approval above £250 via a 90-second form, (2) annual scenario-based anti-bribery training, (3) quarterly hospitality reporting to the board. MoJ Principles 1, 5, and 6 as one integrated system.
Update the register and send a policy reminder
Update the register to require pre-approval above £500, send a company-wide reminder, and cover the policy in the next all-hands. Raises awareness without adding bureaucracy.
Note David's file and move on
The policy already covers this. The problem was David not following it. File a note recording the breach. If it recurs, there's a documented pattern. No need to change a policy that works on paper.
Walk me through this proposal.
Three parts. One: a pre-approval form — 90 seconds, auto-routes to compliance, 24-hour response. Not a barrier, a checkpoint. Two: annual scenario-based training. Three: quarterly board reporting — aggregate data, trends, anything above threshold.
David's going to hate the form.
He'll use it if it's 90 seconds and most requests clear in 24 hours. If David had called before Wimbledon, we could have approved it with conditions. He'd have gone to the tennis, we'd have a clean file. Cost: roughly zero. The alternative is a Section 7 prosecution we can't defend.
Principle 1 (Proportionate Procedures): pre-approval calibrated to Meridian's actual risk. Principle 5 (Communication and Training): scenarios teach the why, not just the what. Principle 6 (Monitoring and Review): quarterly reporting makes the system self-correcting. Easy systems get used. Systems that feel like policing get circumvented.
I've updated the register to require pre-approval above £500 and drafted a company-wide reminder. I'll present the policy at the next all-hands.
Sensible. Not too heavy-handed.
The email goes out on Monday. 73% of staff open it. By Friday it's forgotten. Eight months later, another BD manager accepts an invitation to the Emirates Stadium from a contractor bidding on a subcontract. He doesn't pre-approve it — because he didn't read the email either.
MoJ Principle 5 distinguishes between 'communication' (telling people the policy exists) and 'training' (ensuring they understand and can apply it). An email achieves the first but not the second. If a similar breach occurs after the email, a prosecutor will ask: 'What did you do beyond sending an email?' If the answer is 'nothing,' your Section 7 defence is weaker than before — because now you knew the system wasn't working and still didn't fix it.
I've drafted a note for David's personnel file documenting the policy breach. The policy already covers this — he just didn't follow it.
Fair enough. These things happen.
The note goes into David's file. David never sees it. No one else in the business learns anything from the incident. The pre-approval process remains a paragraph on page 7 of the employee handbook. The gifts register remains a spreadsheet that compliance reviews annually — retroactively, after the events have already happened.
Section 7 holds the commercial organisation liable, not the individual employee. Even if David is personally at fault, Meridian's exposure depends on whether the company's procedures were adequate to prevent the conduct. A file note on one employee's record does not constitute monitoring, review, training, or procedural improvement. Under MoJ Principle 6, the company must show it reviews and updates its procedures in light of experience. This incident is experience — and nothing changed.
Six Months Later
The Haldane contract renewed. The hospitality didn't sway the outcome. What happens next depends on the system you built.
Section 1
Bribing another person
Section 7
Failure to prevent
MoJ Principle 1
Proportionate procedures
MoJ Principle 5
Communication & training
MoJ Principle 6
Monitoring & review
SFO Guidance
Hospitality approach
Take the 5-question knowledge check to record your completion.
Take the Module Quiz →Equipment stuck at Accra port. Liquidated damages at £8,500/day. The customs official wants $2,000 to clear it.