Anti-Bribery & Corruption — Module 4 of 4 — The Finale
A £15M contract. A local consultant on 15% commission. His brother-in-law evaluates the bid. And he won’t sign anti-bribery clauses.
Compliance Manager, Meridian Engineering
Three modules behind you. The hospitality policy is enforced. The facilitation payment incident is in training material. The tender integrity framework is in place. Now comes the test the entire programme was built for — a £15M contract where everything you’ve built either holds up or falls apart.
Meridian is bidding for a £15M government-funded road bridge in Oman — 22% of annual revenue if won.
Commercial Director Richard Hale has spent 18 months cultivating the opportunity and found a local consultant, Tariq Al-Rashidi, essential to the bid.
Al-Rashidi’s proposed commission: £2.25M (15% of contract value). Market rate: 3–5%. He will not sign ABC clauses.
This is a decision-driven scenario. You’ll face three decisions — and your choices shape whether the compliance programme you’ve built survives an SFO investigation.
Tip: Highlighted text like Section 7 is clickable — tap to read the legal reference in full.
Richard Hale has called a commercial review meeting. You, Helen Carr, and two members of the commercial team are seated around the boardroom table. Richard is presenting from a slide deck titled ‘Oman Bridge Project — Market Entry Strategy.’ He’s spent twenty minutes on the opportunity. Now he gets to the slide you’ve been waiting for.
So, local representation. I’ve been working with Tariq Al-Rashidi for six months. He runs a consultancy — Al-Rashidi Advisory. He knows the procurement landscape inside out. Regulatory navigation, stakeholder management, site logistics. Full-service.
His proposal is 15% of contract value. That’s £2.25 million. I know that sounds high, but this is a full-service retainer covering pre-bid, bid support, and 18 months of post-award facilitation.
Fifteen percent. What’s market rate for this kind of work?
For a project this size, in this region, with this level of access? He’s at the upper end, sure. But the value he brings — you can’t quantify that by hourly rate.
Alex, you’ve reviewed the brief. What are your initial thoughts?
You open the brief Richard circulated yesterday. You’ve marked four items.
Red Flag 1 — Commission Rate: 15% of contract value (£2.25M). Independent benchmarking by TRACE International puts legitimate consulting fees for Oman government infrastructure projects at 3–5%. Al-Rashidi’s fee is 3x the upper bound.
Red Flag 2 — PEP Connection: Tariq Al-Rashidi’s brother-in-law is Mahmoud Al-Rashidi, Deputy Director of Infrastructure Procurement at the Omani Ministry of Transport. This is the department that will evaluate Meridian’s bid.
Red Flag 3 — Contract Terms: Al-Rashidi has pushed back on including anti-bribery and corruption clauses in his engagement contract. His stated reason: ‘These clauses are offensive to my professional reputation.’
Red Flag 4 — Deliverables: The proposal contains no breakdown of specific deliverables, milestones, or measurable outputs. The scope is described as ‘advisory and facilitation services’ with no further detail.
Helen and Richard are both looking at you. Richard believes this is standard regional practice. Helen wants a clear steer. Four red flags. A £15 million opportunity on the table.
Hold engagement. Full due diligence first.
Pause until comprehensive checks are done: beneficial ownership, PEP screening, independent market rate verification, Oman CPI review, references from other international clients. Put the four red flags to Helen formally. Under MoJ Principle 4, proportionate due diligence on third parties is required before engagement.
Raise red flags privately with Richard.
Talk to Richard one-on-one. Ask him to get Al-Rashidi down to market rate (5%), provide a deliverables breakdown, and accept standard ABC clauses. If he agrees to all three, proceed with lighter due diligence. Keeps the commercial relationship warm and addresses the most visible risks.
Log the risks but don’t block the deal.
Note the red flags in the risk register but don’t delay engagement. Richard knows the region. The commercial opportunity justifies moving quickly. Get Al-Rashidi to sign an anti-corruption declaration and proceed.
Helen, four red flags. Commission three times market rate. Direct family connection to the decision-maker. ABC clauses refused. Deliverables undefined. I’m recommending a hold until we complete due diligence.
Alex, with respect, you’re applying a UK lens to a Gulf market. If we delay, we lose the bid window.
Four red flags on a single intermediary isn’t a lens problem, Richard. Alex, what does it look like and how long?
Beneficial ownership, PEP screening, fee benchmarking, client references, CPI review. Two to three weeks with our external provider.
Skipping due diligence could cost us the company. Alex, proceed. Richard, find out if the bid timeline has any flexibility.
MoJ Principle 4 requires due diligence proportionate to the bribery risk. Four concurrent red flags demand the highest scrutiny. MoJ Principle 3 identifies all three risk categories here: country (Oman CPI 52/100), transaction (government procurement), and business partnership (PEP-connected intermediary). If the SFO ever looks at this engagement, the minuted meeting is the first piece of evidence that Meridian’s compliance function was operational.
Richard, ten minutes? I want to talk through Al-Rashidi before we go further.
Sure. The commission looks high on paper, I get it. But Tariq offers things a law firm can’t: relationships, introductions, local intelligence.
Three things before I sign off: commission at five percent max, a proper deliverables breakdown, and standard ABC clauses. Non-negotiable.
Five percent? He’ll walk. Let me try for eight or nine with a scope document. I’ll push on ABC but he may push back.
If he walks over ABC clauses, that tells us everything we need to know.
Reducing the commission and inserting ABC clauses are necessary, but not sufficient. MoJ Principle 4 requires verifying the third party’s background, not just contractual safeguards. A clause saying ‘I won’t bribe anyone’ has limited defensive value if you never checked whether the person was positioned to funnel payments to a government official. The PEP connection at the Ministry is the central risk, and you haven’t investigated it.
Risk factors noted in the register. Commission’s above benchmark, family connection needs monitoring. I don’t want to block a deal this size without stronger evidence.
So you’re comfortable proceeding?
With conditions. Anti-corruption declaration signed, and quarterly payment reviews.
I’ll get it done. Helen, if Alex is satisfied, can we move on the engagement letter?
Alex, one more time, you’re giving this a green light?
Amber. Proceed with monitoring.
Under Section 7, Meridian’s only defence is proving it had ‘adequate procedures’. An anti-corruption declaration without underlying due diligence doesn’t meet that standard. Petrofac is instructive: anti-bribery policies on paper, no meaningful due diligence on sales agents. Result: £77M fines and a senior executive convicted. MoJ Principle 3 demands proportionate risk assessment. Four concurrent red flags plus a direct PEP connection is the highest risk category. Monitoring alone isn’t proportionate.
Re: Al-Rashidi Advisory LLC
Company formation: incorporated in Muscat 8 months ago — two weeks after Meridian's interest in the bridge project. No website. No client history.
PEP screening: Tariq's brother-in-law, Mahmoud Al-Rashidi, is Deputy Director of Infrastructure Procurement at the Omani Ministry of Transport — the department awarding this contract.
Market rate: TRACE benchmark for Oman govt infra is 3–5%. Al-Rashidi's 15% is 3× the upper bound.
References: two provided. Neither verifiable. One disconnected number. One company with no record of them.
You’ve shared the Kroll report with Helen. She’s pulled Richard onto video from Dubai. You’re in her office.
Richard, the Al-Rashidi report is in. It’s not good. Alex, summarise.
Shell company, eight months old. No verifiable clients. Brother-in-law is the Deputy Director evaluating our bid. Commission three times market rate. References don’t check out.
The company is new because Tariq came out of a larger firm to take this engagement. The brother-in-law thing, family connections ARE the business culture in the Gulf. It doesn’t mean he’s corrupt. It means he has access.
Access to the person deciding whether we win a £15 million contract.
If we walk from Tariq, we walk from the bid. Our three main competitors all use intermediaries.
The question isn’t whether to use local representation. It’s whether this one passes the due diligence threshold.
Alex, formal recommendation by end of day. Proceed, proceed with conditions, or walk.
Meridian has used intermediaries on five previous projects. The chart shows each agent's commission rate. The TRACE International industry benchmark for Oman government contracts is 3–5%. Click the bar that warrants further due diligence.
Helen wants it in writing by 5 PM. Richard is convinced Al-Rashidi is legitimate. The due diligence can’t confirm he is. Section 6 of the Bribery Act doesn’t care that £15M would transform Meridian. It cares whether payments to intermediaries are intended to influence foreign public officials.
Walk away from Al-Rashidi entirely.
Terminate the engagement. Shell company plus unverifiable references plus PEP connection plus above-market commission plus refusal of ABC clauses is an unacceptable bribery risk under s.6. Bid independently using a legitimate Omani law firm for regulatory navigation, accept lower odds of winning.
Proceed only with radical restructuring.
Engage only if every condition is met: commission capped at 5% (£750,000), payment transparency, Meridian audit rights, ABC termination clauses, quarterly compliance reporting, written disclosure of all government connections. Any single refusal, walk away.
Proceed with enhanced monitoring.
Engage under enhanced oversight: UK escrow payments, anti-bribery declaration, compliance sign-off per tranche. The PEP connection is a risk factor, not evidence of corruption. Monitoring gives us adequate controls without killing the deal.
Helen, recommendation: terminate. The findings taken together are an unacceptable Section 6 risk. Formal assessment is in your inbox.
Richard will fight this.
I know. But if we pay £2.25M to a shell company run by the brother-in-law of the man deciding our bid, and the SFO ever looks at it, there’s no version of that story that ends well.
Can we still bid without him?
Yes. Two Omani law firms with international clients and clean records, 3–4%, they’ll sign ABC clauses. We lose the political access but the bid is clean.
Do it. I’ll handle Richard.
Section 6 makes it an offence to bribe a foreign public official to influence them in their official capacity to obtain or retain business. Mahmoud Al-Rashidi (Deputy Director of Infrastructure Procurement) is unambiguously a foreign public official. A shell company with no other clients, paying 3x market rate to the brother-in-law of the decision-maker, is the textbook s.6 fact pattern. Walking away is exactly what Section 7 is designed to incentivise. In Petrofac (2021), David Lufkin was convicted of 14 counts for payments channelled through intermediaries to government officials, the structure refused here.
Alex’s recommendation: proceed under strict conditions. Richard, can Tariq accept these terms?
Five percent, audit rights, quarterly reporting, full government disclosure? Let me put it to him. He won’t like the audit rights.
Any single rejection and my recommendation becomes a full walk-away. That needs to be clear before you call.
Fine. I’ll call him tonight.
Richard calls back next morning. Al-Rashidi accepts the cap (reluctantly) and the disclosure. Refuses audit rights. Richard talks him into ‘annual compliance reviews’ instead. Weaker than asked, but documented.
Section 8 defines an ‘associated person’ as anyone performing services for the organisation. Al-Rashidi, engaged to represent Meridian, is one. Any bribe he pays is attributed to Meridian under Section 7. The adequate procedures defence demands proportionality. You reduced the commission and inserted safeguards. But you knew the intermediary was a PEP-connected shell company with no verifiable clients, and proceeded anyway. A regulator will ask: if the due diligence raised these flags, were contractual safeguards alone enough?
Recommendation: proceed with enhanced monitoring. Escrow, declaration, compliance sign-off per tranche.
You’re comfortable with the PEP connection?
A risk factor, not evidence. Monitoring gives us oversight of where the money goes.
And once the money leaves escrow and goes from Al-Rashidi to his brother-in-law?
We can’t control what he does with legitimately earned fees.
Alex, that’s going in the board minutes exactly as you said it. Comfortable with that?
MoJ Principle 4 separates due diligence (verifying who you’re dealing with) from monitoring (watching what happens after). Both are required. Monitoring can’t substitute for due diligence that should have been acted on. In Glencore (2022), monitoring frameworks were in place for West African agents. The SFO found them inadequate because the underlying due diligence had flagged risks that weren’t acted on. £182.9M fine plus confiscation. DPA refused, guilty plea. Your due diligence identified a shell company, PEP connection, above-market fees, unverifiable references. Proceeding with monitoring means you knew and chose to manage rather than resolve.
Six months have passed. The Oman bid was submitted. Life moved on.
A courier delivers a sealed envelope to Meridian's registered office — marked 'PRIVATE AND CONFIDENTIAL', addressed to the Company Secretary.
Section 2 Notice — Criminal Justice Act 1987
Compulsory disclosure from the Serious Fraud Office. An anonymous tip has triggered an investigation into British firms using intermediaries in Gulf infrastructure. Meridian is one of six companies named.
The SFO wants: all ABC procedures, all third-party DD, all Oman-bid communications, all intermediary payment records.
"This is the moment everything you've built in this role either holds up or falls apart." — Helen
The SFO wants your due diligence records. Review this third-party questionnaire first. Click every response that raises a compliance concern. Watch for false positives.
How long have you operated in this market?
"Active in Gulf infrastructure since 2019 across multiple engagements."
How do you prefer to receive payment?
"Wire transfer. For local disbursements we may request cash advances, reconciled quarterly."
In which jurisdiction is your company registered?
"Registered in our regional operating jurisdiction. Local regulatory environment continues to evolve."
Can you provide references from previous international clients?
"We can provide two references from regional partners. Both are available on request."
Disclose all beneficial owners above 10%.
"Our principal is sole 100% shareholder. Details available under NDA."
Do you maintain an anti-bribery and corruption policy?
"We comply with all applicable local regulations and always have."
Do any directors have relationships with government officials on this project?
"Our principal has professional relationships across the sector consistent with market norms."
Any regulatory investigations of you or connected persons in the past 5 years?
"No investigations, sanctions, or actions against us or any associated persons."
Helen wants a response strategy by noon. The Section 2 notice is legally compulsory. But how you respond, how fast, and what posture you take will shape the SFO’s view of Meridian for the whole investigation. The cumulative weight of every decision across this course lands here.
Full cooperation. Immediate disclosure.
Produce everything immediately. Brief the board today. Engage specialist SFO-experienced counsel (not your usual commercial firm). Self-report anything found in internal review. Position Meridian as cooperating early. Under SFO DPA guidance, early cooperation and self-reporting are the strongest factors in securing a DPA over prosecution.
Cooperate but manage the disclosure.
Comply with the Section 2 notice, you’re legally required to. Engage experienced counsel to manage disclosure strategically. Produce what’s required, no more. Don’t volunteer extra context. Let the SFO draw its own conclusions.
Cooperate, but review everything first.
The notice gives 28 days. Use them. Review every document internally before production to understand your exposure. Counsel focuses on Meridian’s legal position, not on cooperating with the SFO. Know what they’ll find before they find it.
Helen, my recommendation: full cooperation, immediate production, specialist counsel, and a board briefing today. If we have anything to self-report, we do it proactively.
And if the documents show we made mistakes?
Then it’s better the SFO hears it from us first. Self-reporting doesn’t guarantee a DPA, but failing to self-report almost guarantees prosecution.
Get me counsel by noon. I’ll convene the board for three o’clock.
Section 2 of the Criminal Justice Act 1987 gives the SFO compulsory powers to require production of documents. Non-compliance is a criminal offence. But the notice itself is not an accusation — it’s a request for information. The SFO’s DPA guidance identifies factors favouring a DPA over prosecution: genuine proactive cooperation, self-reporting of wrongdoing, remedial action taken, and no history of similar conduct. How you respond to the Section 2 notice determines the first two. Contrast Rolls-Royce (self-reported, DPA, £497M) with Glencore (investigated, DPA refused, guilty plea, £182.9M confiscation). The difference was cooperation.
We comply with the notice. We produce what’s required. But we don’t volunteer additional context or self-report. Let the documents speak for themselves.
What’s the risk of that approach?
If the documents are clean, minimal. If they’re not, the SFO may view us as less cooperative than companies who came forward proactively.
And the alternative?
Self-report. But that means admitting we think there might be a problem before they’ve found one.
The SFO’s DPA guidance distinguishes between ‘genuine cooperation’ and ‘compliance with legal obligations.’ Producing documents because a Section 2 notice compels you to is not cooperation — it’s compliance. The SFO gives credit for going beyond what’s required. In the Airbus case (2020, £830M DPA — UK element), the company’s early and extensive cooperation was a decisive factor. The SFO noted that Airbus ‘went far beyond its legal obligations’ in producing documents and making witnesses available. Bare compliance would not have achieved the same outcome.
Alex, the SFO’s deadline is in five days. Where are we on production?
Reviewing internally first. I want to know our exposure before the SFO does.
What have you found?
A few I’d want to add context to. The Al-Rashidi file. Some Richard-Tariq emails could be read in ways we didn’t intend.
Tell me you’re not suggesting we curate the production.
Produce everything. But cover notes for the sensitive ones.
The SFO isn’t looking for our commentary. They want the documents. Produce them. Today.
Section 2 of the Criminal Justice Act 1987 sets a legal production deadline. Meeting it is the minimum. The SFO’s cooperation assessment begins from the moment the notice is served. ‘Explanatory cover notes’ are a red flag for investigators: they suggest the company is shaping the narrative rather than producing raw evidence. Under SFO DPA guidance, speed, completeness, and candour are the primary cooperation indicators. Delay undermines all three. Glencore was the warning: cooperation was ‘too little, too late’, DPA refused, guilty plea.
The Outcome
Your decisions across this module — and across all four modules of this course — have determined whether Meridian’s anti-bribery procedures were adequate, proportionate, and defensible under the scrutiny of the UK’s most serious financial crime prosecutor.
Section 6
Foreign public officials
Section 7
Failure to prevent
Section 8
Associated persons
MoJ Principle 3
Risk assessment
MoJ Principle 4
Due diligence
CJA s.2
SFO disclosure powers
SFO DPA
Cooperation guidance
Take the 5-question knowledge check to record your completion.
Take the Module Quiz →Hospitality. Facilitation payments. Tender integrity. Third-party intermediaries. You’ve navigated the full breadth of the UK Bribery Act 2010 — from policy breach to SFO investigation. Meridian’s compliance programme is now yours.