Anti-Bribery & Corruption — Module 4 of 4 — The Finale

Middleman

A £15M contract. A local consultant on 15% commission. His brother-in-law evaluates the bid. And he won’t sign anti-bribery clauses.

Your Role

Alexa Reeves

Compliance Manager, Meridian Engineering

Three modules behind you. The hospitality policy is enforced. The facilitation payment incident is in training material. The tender integrity framework is in place. Now comes the test the entire programme was built for — a £15M contract where everything you’ve built either holds up or falls apart.

Meridian is bidding for a £15M government-funded road bridge in Oman — 22% of annual revenue if won.

Commercial Director Richard Hale has spent 18 months cultivating the opportunity and found a local consultant, Tariq Al-Rashidi, essential to the bid.

Al-Rashidi’s proposed commission: £2.25M (15% of contract value). Market rate: 3–5%. He will not sign ABC clauses.

Before You Start

How This Works

This is a choose-your-own-adventure scenario. You’ll face three decisions — and your choices shape whether the compliance programme you’ve built survives an SFO investigation.

+3 Best practice — the response a compliance expert would choose

+1 Reasonable but incomplete — you’re on the right track

−2 Risky or non-compliant — learn why this path creates problems

Tip: Highlighted text like Section 7 is clickable — tap to read the legal reference in full.

Portrait of Richard Hale, Commercial Director

Tuesday, 2:15 PM

Narrator

Richard Hale has called a commercial review meeting. You, Helen Carr, and two members of the commercial team are seated around the boardroom table. Richard is presenting from a slide deck titled ‘Oman Bridge Project — Market Entry Strategy.’ He’s spent twenty minutes on the opportunity. Now he gets to the slide you’ve been waiting for.

Richard Hale

So, local representation. I’ve been working with Tariq Al-Rashidi for six months. He runs a consultancy — Al-Rashidi Advisory. He knows the procurement landscape inside out. Regulatory navigation, stakeholder management, site logistics. Full-service.

Richard Hale

His proposal is 15% of contract value. That’s £2.25 million. I know that sounds high, but this is a full-service retainer covering pre-bid, bid support, and 18 months of post-award facilitation.

Helen Carr

Fifteen percent. What’s market rate for this kind of work?

Richard Hale

For a project this size, in this region, with this level of access? He’s at the upper end, sure. But the value he brings — you can’t quantify that by hourly rate.

Helen Carr

Alex, you’ve reviewed the brief. What are your initial thoughts?

Tuesday, 2:35 PM

Your initial risk notes

You open the brief Richard circulated yesterday. You’ve marked four items.

From: Alexa Reeves (Compliance Review Notes)

To: Internal — Not Circulated

Subject: Al-Rashidi Advisory — Initial Risk Assessment

Red Flag 1 — Commission Rate: 15% of contract value (£2.25M). Independent benchmarking by TRACE International puts legitimate consulting fees for Oman government infrastructure projects at 3–5%. Al-Rashidi’s fee is 3x the upper bound.

Red Flag 2 — PEP Connection: Tariq Al-Rashidi’s brother-in-law is Mahmoud Al-Rashidi, Deputy Director of Infrastructure Procurement at the Omani Ministry of Transport. This is the department that will evaluate Meridian’s bid.

Red Flag 3 — Contract Terms: Al-Rashidi has pushed back on including anti-bribery and corruption clauses in his engagement contract. His stated reason: ‘These clauses are offensive to my professional reputation.’

Red Flag 4 — Deliverables: The proposal contains no breakdown of specific deliverables, milestones, or measurable outputs. The scope is described as ‘advisory and facilitation services’ with no further detail.

Portrait of Alexa Reeves, Compliance Manager

Helen is looking at you. Richard is looking at you. The room is quiet. Richard genuinely believes this is standard regional practice. Helen wants a clear steer. You have four red flags and a £15 million opportunity sitting on the table.

What is your recommendation?

Your choice

Hold engagement. Full due diligence first.

Recommend pausing until comprehensive checks are completed: beneficial ownership, PEP screening of Al-Rashidi and associates, independent market rate verification, Transparency International CPI review for Oman, and references from other international clients. Present the four red flags formally to Helen. Under MoJ Principle 4, proportionate due diligence on third parties is a legal requirement before engagement.

Your choice

Raise red flags privately with Richard.

Talk to Richard one-on-one after the meeting. Ask him to get Al-Rashidi to reduce the commission to market rate (5%), provide a deliverables breakdown, and accept standard ABC contract clauses. If he agrees to all three, proceed with lighter due diligence. This keeps the commercial relationship warm while addressing the most visible risks.

Your choice

Log the risks but don’t block the deal.

Note the red flags in the risk register but don’t delay engagement. Richard knows the region better than you do, and the commercial opportunity justifies moving quickly. Request that Al-Rashidi sign a standard anti-corruption declaration and proceed. The declaration provides documentary evidence of good faith.

Tuesday, 3:10 PM +3

You

Helen, I have four red flags on this engagement. The commission is three times market rate. There’s a direct family connection to the procurement decision-maker. He’s refused ABC clauses. And the deliverables are undefined. I’m recommending a hold until we complete full due diligence.

Richard Hale

Alex, with respect — you’re applying a UK lens to a Gulf market. This is how business works out there. If we delay, we lose the bid window.

Helen Carr

Richard, I hear you. But four red flags on a single intermediary is not a lens problem. Alex, what does the due diligence look like and how long?

You

Beneficial ownership check, PEP screening, independent fee benchmarking, client references, and a CPI review. Two to three weeks if we use our external provider.

Richard Hale

Three weeks could cost us this contract.

Helen Carr

And skipping due diligence could cost us the company. Alex, proceed. Richard, find out if the bid timeline has any flexibility.

Why This Was Defensible

MoJ Principle 4 requires organisations to apply due diligence procedures that are proportionate to the bribery risk. Four concurrent red flags — above-market fees, PEP connection, refusal of ABC clauses, and undefined deliverables — demand the highest level of scrutiny. MoJ Principle 3 identifies three categories of risk present here: country risk (Oman CPI 52/100), transaction risk (government procurement), and business partnership risk (intermediary with PEP connections). If this engagement later comes under SFO scrutiny, this meeting — documented in minutes — is the first piece of evidence that Meridian’s compliance function was operational.

Tuesday, 4:30 PM +1

You

Richard, can I grab you for ten minutes? I want to talk through the Al-Rashidi engagement before we take it further.

Richard Hale

Sure. Look, I know the commission looks high on paper. But Tariq’s offering things you can’t get from a law firm — relationships, introductions, local intelligence.

You

I get that. But I need three things before I can sign off: commission at market rate — five percent max — a proper deliverables breakdown, and standard ABC clauses in the contract. Non-negotiable.

Richard Hale

Five percent? He’ll walk. This isn’t a law firm billing by the hour, Alex. Let me talk to him. Maybe I can get eight, nine percent with a scope document. And I’ll push on the ABC clauses, but don’t be surprised if he pushes back.

You

If he walks over ABC clauses, that tells us everything we need to know.

Partial Protection

Reducing the commission and inserting ABC clauses are necessary steps — but they are not sufficient. MoJ Principle 4 requires verification of the third party’s background, not just contractual safeguards. A contract clause saying ‘I won’t bribe anyone’ has limited defensive value if you never checked whether the person was in a position to funnel payments to a government official. The PEP connection — Al-Rashidi’s brother-in-law at the Ministry — is the central risk, and you haven’t investigated it.

Tuesday, 5:00 PM −2

You

I’ve noted the risk factors in the register. The commission is above benchmark and the family connection needs monitoring, but I don’t want to block a deal of this size without stronger evidence of actual wrongdoing.

Helen Carr

So you’re comfortable proceeding?

You

With conditions. I want Al-Rashidi to sign an anti-corruption declaration, and I want quarterly payment reviews.

Richard Hale

Absolutely. I’ll get it done. Helen, if Alex is satisfied, can we move forward with the engagement letter?

Helen Carr

Alex, one more time — you’re giving this a green light?

You

Amber. Proceed with monitoring.

The Adequacy Gap

Under Section 7, Meridian’s only defence to a failure-to-prevent charge is proving it had ‘adequate procedures’ in place. An anti-corruption declaration, without underlying due diligence, does not meet the adequacy standard. The Petrofac case is instructive: the company had anti-bribery policies on paper but failed to conduct meaningful due diligence on its sales agents. The result: £77 million in fines and the conviction of a senior executive. MoJ Principle 3 requires a risk assessment proportionate to the risk. Four concurrent red flags on a single intermediary, with a direct PEP connection, represents the highest risk category. Monitoring alone is not a proportionate response.

Three weeks later — 9:15 AM

Kroll's enhanced due diligence report

Re: Al-Rashidi Advisory LLC

Company formation: incorporated in Muscat 8 months ago — two weeks after Meridian's interest in the bridge project. No website. No client history.

PEP screening: Tariq's brother-in-law, Mahmoud Al-Rashidi, is Deputy Director of Infrastructure Procurement at the Omani Ministry of Transport — the department awarding this contract.

Market rate: TRACE benchmark for Oman govt infra is 3–5%. Al-Rashidi's 15% is 3× the upper bound.

References: two provided. Neither verifiable. One disconnected number. One company with no record of them.

Portrait of Richard Hale on video call from Dubai

Wednesday, 10:30 AM — Helen’s office

You’ve shared the Kroll report with Helen. She’s called Richard — who’s currently in Dubai for a client meeting — on video. You’re in Helen’s office.

Helen Carr

Richard, the due diligence report on Al-Rashidi is in. It’s not good. Alex, summarise.

You

Shell company formed eight months ago, no verifiable clients, brother-in-law is the Deputy Director who’ll evaluate our bid, commission three times market rate, unverifiable references.

Richard Hale

Right. Let me address each of those. The company is new because Tariq was working inside a larger firm before — he set up on his own to take on this engagement. The brother-in-law thing — family connections ARE the business culture in the Gulf. That doesn’t mean he’s corrupt. It means he has access.

Helen Carr

Access to the person deciding whether we win a £15 million contract.

Richard Hale

Helen, if we walk away from Tariq, we walk away from this bid. No international firm wins Gulf government contracts without local representation. I’ve checked — our three main competitors all use intermediaries.

You

The question isn’t whether we use local representation. It’s whether this particular intermediary passes the due diligence threshold.

Richard Hale

What threshold? The man hasn’t done anything wrong. You’re treating every cultural norm as a red flag.

Helen Carr

Alex, I need your formal recommendation by end of day. Proceed, proceed with conditions, or walk away.

Activity — Commission Rate Analysis

Meridian has used intermediaries on five previous projects. The chart shows each agent's commission rate. The TRACE International industry benchmark for Oman government contracts is 3–5%. Click the bar that warrants further due diligence.

Helen wants it in writing by 5 PM. Richard is convinced Al-Rashidi is legitimate. The due diligence says otherwise — or at least, it can’t confirm he’s legitimate. The £15 million contract would be transformative for Meridian. But Section 6 of the Bribery Act doesn’t care about transformation — it cares about whether payments to intermediaries are intended to influence foreign public officials.

What is your formal recommendation to the CFO?

Your choice

Walk away from Al-Rashidi entirely.

Recommend terminating the Al-Rashidi engagement. The combination of a shell company, unverifiable references, PEP connection to the decision-maker, above-market commission, and refusal of ABC clauses constitutes an unacceptable bribery risk under s.6. Propose Meridian bid independently using a legitimate Omani law firm for regulatory navigation, accepting lower odds of winning.

Your choice

Proceed only with radical restructuring.

Recommend engagement only if all conditions are met: commission capped at 5% (£750,000), full transparency on all payments and recipients, Meridian audit rights over Al-Rashidi’s accounts, ABC termination clauses, quarterly compliance reporting, and written disclosure of all government connections. If Al-Rashidi refuses any single condition, walk away immediately.

Your choice

Proceed with enhanced monitoring.

Recommend proceeding with the engagement under enhanced oversight: payments through a UK escrow account, anti-bribery declaration, and compliance sign-off on each payment tranche. The PEP connection is a risk factor, not evidence of corruption. Enhanced monitoring provides adequate controls without killing the deal.

Wednesday, 4:45 PM +3

You

Helen, my recommendation is to terminate the Al-Rashidi engagement. The due diligence findings, taken together, present an unacceptable risk under Section 6. I’ve drafted the formal assessment — it’s in your inbox.

Helen Carr

Richard will fight this.

You

I know. But if we pay £2.25 million to a shell company run by the brother-in-law of the man deciding our bid, and the SFO ever looks at this, there’s no version of that story that ends well for us.

Helen Carr

Can we still bid without him?

You

Yes. I’ve identified two established Omani law firms with international client lists and clean compliance records. They charge 3–4% and they’ll sign ABC clauses without blinking. We won’t have the political access, but we’ll have a clean bid.

Helen Carr

Do it. I’ll handle Richard.

The Section 6 Analysis

Section 6 of the Bribery Act makes it an offence to bribe a foreign public official with the intention of influencing them in their capacity as a public official, to obtain or retain business. Mahmoud Al-Rashidi — Deputy Director of Infrastructure Procurement — is unambiguously a foreign public official. A shell company, formed specifically for this engagement, with no other clients, paying 3x market rate to the brother-in-law of the decision-maker, is the textbook fact pattern for a s.6 prosecution. Walking away from a £15 million opportunity because the intermediary doesn’t pass due diligence is exactly what Section 7 is designed to incentivise. In the Petrofac case (2021), David Lufkin was convicted of 14 counts relating to payments channelled through intermediaries to government officials — exactly the structure refused here.

Thursday, 2:00 PM +1

Helen Carr

Alex’s recommendation: proceed with Al-Rashidi but only under strict conditions. Richard, can Tariq accept these terms?

Richard Hale

Five percent commission, audit rights, quarterly reporting, full disclosure of government connections? Let me put it to him. He won’t like the audit rights.

You

If he rejects any single condition, my recommendation becomes a full walk-away. That needs to be clear before you call him.

Richard Hale

Fine. I’ll call him tonight.

Narrator

Richard calls back the next morning. Al-Rashidi accepts the commission cap (reluctantly) and the government disclosure. He refuses the audit rights. Richard persuades him to accept ‘annual compliance reviews’ instead — weaker than what you asked for, but documented.

Associated Persons and Adequate Procedures

Section 8 defines an ‘associated person’ as anyone who performs services for or on behalf of the organisation. Al-Rashidi, engaged to represent Meridian in the Oman bidding process, is unambiguously an associated person. Any bribe he pays is legally attributed to Meridian under Section 7. The ‘adequate procedures’ defence requires procedures proportionate to the risk. You’ve reduced the commission and inserted contractual safeguards. But you knew the intermediary was a PEP-connected shell company with no verifiable clients — and you proceeded anyway. A regulator may ask: if the due diligence raised these flags, were contractual safeguards alone an adequate response?

Wednesday, 5:30 PM −1

You

My recommendation: proceed with enhanced monitoring. Escrow payments, anti-bribery declaration, compliance sign-off on each tranche.

Helen Carr

You’re comfortable with the PEP connection?

You

It’s a risk factor. Not evidence of corruption. The monitoring framework gives us oversight of where the money goes.

Helen Carr

And if the money goes from Al-Rashidi to his brother-in-law after it leaves escrow?

You

We can’t control what he does with legitimately earned fees.

Helen Carr

Alex, I’m going to put that in the board minutes exactly as you said it. Are you comfortable with that?

Monitoring Is Not Due Diligence

MoJ Principle 4 distinguishes between due diligence (verifying who you’re dealing with) and monitoring (watching what happens after engagement). Both are required. But monitoring cannot substitute for due diligence that should have been acted on. In the Glencore case (2022), the company had monitoring frameworks in place for its West African agents. The SFO found these inadequate because the underlying due diligence had identified red flags that were not acted upon. The fine: £182.9 million, plus confiscation. A DPA was refused — Glencore pleaded guilty. Your due diligence identified a shell company, a PEP connection, above-market fees, and unverifiable references. Proceeding with monitoring means you knew — and decided to manage rather than resolve.

Six months later — Monday, 8:30 AM

A sealed envelope

Six months have passed. The Oman bid was submitted. Life moved on.

A courier delivers a sealed envelope to Meridian's registered office — marked 'PRIVATE AND CONFIDENTIAL', addressed to the Company Secretary.

Section 2 Notice — Criminal Justice Act 1987

Compulsory disclosure from the Serious Fraud Office. An anonymous tip has triggered an investigation into British firms using intermediaries in Gulf infrastructure. Meridian is one of six companies named.

The SFO wants: all ABC procedures, all third-party DD, all Oman-bid communications, all intermediary payment records.

"This is the moment everything you've built in this role either holds up or falls apart." — Helen

Activity — Due Diligence Review

The SFO wants your due diligence records. Before you hand them over, review this third-party questionnaire response. Click every response that raises a compliance concern. Watch out for false positives.

Q1

How long have you operated in this market?

"We have been active in the Gulf infrastructure sector since 2019 across multiple client engagements."

Q2

How do you prefer to receive payment for services?

"Wire transfer to our operating account. For local disbursements we may ask for cash advances, which we reconcile quarterly."

Q3

In which jurisdiction is your company registered?

"Registered in our regional operating jurisdiction. Tax residency is the same. Local regulatory environment is developing and continues to evolve."

Q4

Can you provide references from previous international clients?

"We can provide two references from regional partners. Both are available on request."

Q5

Please disclose all beneficial owners with more than 10% ownership.

"Our principal is the sole 100% shareholder. Full details are available under a standard NDA covering commercially sensitive information."

Q6

Do you maintain an anti-bribery and corruption policy?

"We operate in full compliance with all applicable local regulations and have done since inception."

Q7

Do any of your directors or principals have relationships with government officials involved in this project?

"Our principal has professional relationships across the sector consistent with market expectations."

Q8

Have you or any connected persons been subject to regulatory investigation in the past 5 years?

"No investigations, sanctions, or regulatory actions have been brought against us or any associated persons."

Helen needs a response strategy by noon. The Section 2 notice is legally compulsory — you must produce the requested documents. But how you respond, how quickly, and what posture you adopt will shape the SFO’s view of Meridian for the entire investigation. This is where the cumulative weight of your decisions — across all four modules — either protects Meridian or exposes it.

How does Meridian respond to the SFO?

Your choice

Full cooperation. Immediate disclosure.

Produce all documentation immediately. Brief the board today. Engage specialist external counsel (not your usual commercial solicitors — an SFO-experienced firm). Self-report any concerns identified during internal review. Position Meridian as a cooperating company that took the right steps. Under SFO DPA guidance, early cooperation and self-reporting are the strongest factors in securing a DPA over prosecution.

Your choice

Cooperate but manage the disclosure.

Comply with the Section 2 notice — you’re legally required to. But engage experienced counsel to manage the disclosure process strategically. Produce what’s required, no more. Don’t volunteer additional context or self-report concerns. Let the SFO draw its own conclusions from the documents.

Your choice

Cooperate, but review everything first.

The Section 2 notice gives a 28-day deadline. Use all 28 days. Review every document internally before production to understand your exposure. Brief counsel, but instruct them to focus on Meridian’s legal position, not on cooperating with the SFO. You want to know what they’ll find before they find it.

Monday, 11:00 AM — and the months that follow +3

You

Helen, my recommendation: full cooperation, immediate production, specialist counsel, and a board briefing today. If we have anything to self-report, we do it proactively.

Helen Carr

And if the documents show we made mistakes?

You

Then it’s better the SFO hears it from us first. Self-reporting doesn’t guarantee a DPA, but failing to self-report almost guarantees prosecution.

Helen Carr

Get me counsel by noon. I’ll convene the board for three o’clock.

Why Cooperation Matters

Section 2 of the Criminal Justice Act 1987 gives the SFO compulsory powers to require production of documents. Non-compliance is a criminal offence. But the notice itself is not an accusation — it’s a request for information. The SFO’s DPA guidance identifies factors favouring a DPA over prosecution: genuine proactive cooperation, self-reporting of wrongdoing, remedial action taken, and no history of similar conduct. How you respond to the Section 2 notice determines the first two. Contrast Rolls-Royce (self-reported, DPA, £497M) with Glencore (investigated, DPA refused, guilty plea, £182.9M confiscation). The difference was cooperation.

Over the following weeks +1

You

We comply with the notice. We produce what’s required. But we don’t volunteer additional context or self-report. Let the documents speak for themselves.

Helen Carr

What’s the risk of that approach?

You

If the documents are clean, minimal. If they’re not, the SFO may view us as less cooperative than companies who came forward proactively.

Helen Carr

And the alternative?

You

Self-report. But that means admitting we think there might be a problem before they’ve found one.

The Cooperation Spectrum

The SFO’s DPA guidance distinguishes between ‘genuine cooperation’ and ‘compliance with legal obligations.’ Producing documents because a Section 2 notice compels you to is not cooperation — it’s compliance. The SFO gives credit for going beyond what’s required. In the Airbus case (2020, £830M DPA — UK element), the company’s early and extensive cooperation was a decisive factor. The SFO noted that Airbus ‘went far beyond its legal obligations’ in producing documents and making witnesses available. Bare compliance would not have achieved the same outcome.

Week 3 of the 28-day deadline −2

Helen Carr

Alex, the SFO’s deadline is in five days. Where are we on document production?

You

We’re reviewing everything internally first. I want to understand our exposure before the SFO does.

Helen Carr

And what have you found?

You

There are... some documents I’d want to add context to. The Al-Rashidi engagement file, specifically. Some of the emails between Richard and Tariq could be read in ways we didn’t intend.

Helen Carr

Alex, tell me you’re not suggesting we curate the production.

You

I’m suggesting we produce everything — but with explanatory cover notes for the sensitive documents.

Helen Carr

The SFO isn’t looking for our commentary. They’re looking for the documents. Produce them. Today.

Delay as a Signal

Section 2 of the Criminal Justice Act 1987 sets a legal deadline for document production. Meeting the deadline is the minimum legal requirement. But the SFO’s assessment of cooperation begins before the deadline — from the moment the notice is served. Adding ‘explanatory cover notes’ to document productions is a red flag for investigators. It suggests the company is trying to control the narrative rather than produce raw evidence. Under SFO DPA guidance, the speed, completeness, and candour of a company’s response to a Section 2 notice are primary indicators of genuine cooperation. Delay undermines all three. The Glencore case is a warning: the SFO noted that cooperation was ‘too little, too late.’ A DPA was refused. The company pleaded guilty.

The Outcome

Four Modules. One Verdict.

Your decisions across this module — and across all four modules of this course — have determined whether Meridian’s anti-bribery procedures were adequate, proportionate, and defensible under the scrutiny of the UK’s most serious financial crime prosecutor.

Your Result

/ 9

Your Decisions

Key Lessons

1. Third-party intermediaries are the highest-risk vector for bribery exposure. The combination of above-market fees, PEP connections, refusal of ABC clauses, and unverifiable references demands the highest level of due diligence scrutiny.

2. Section 8 makes intermediaries ‘associated persons’ — any bribe they pay is legally attributed to the company. You cannot outsource bribery risk by using an agent.

3. Monitoring is not due diligence. Enhanced oversight after engagement cannot compensate for failing to act on red flags before engagement — the SFO treats this distinction as decisive.

4. How you respond to a Section 2 notice shapes the entire investigation. Genuine cooperation and self-reporting are the primary factors separating a DPA (Rolls-Royce, Airbus) from prosecution and guilty plea (Glencore).

Key Legal References

Section 6

Foreign public officials

Section 7

Failure to prevent

Section 8

Associated persons

MoJ Principle 3

Risk assessment

MoJ Principle 4

Due diligence

CJA s.2

SFO disclosure powers

SFO DPA

Cooperation guidance

Ready to complete this module?

Take the 5-question knowledge check to record your completion.

Take the Module Quiz →

Course Complete

You’ve finished all four modules.

Hospitality. Facilitation payments. Tender integrity. Third-party intermediaries. You’ve navigated the full breadth of the UK Bribery Act 2010 — from policy breach to SFO investigation. Meridian’s compliance programme is now yours.

Back to Course Home →