Petrofac – lessons for effective anti-bribery processes
Petrofac pleaded guilty on 1 October to seven counts of failing to prevent bribery, after its anti-bribery procedures failed to prevent systematic corruption. What went wrong, and what lessons does this case offer for ensuring that anti-bribery procedures actually work?
"Systemic, serious and grave" was how the judge described the corruption in the Petrofac case. Yet the company apparently had many of the same procedures in place adopted by other international companies which were, ostensibly, designed to prevent bribery. This article looks at the lessons that can be learned from the way in which Petrofac employees "easily bypassed" the anti-bribery controls that the group had in place, and at why the sentencing, on 4 October 2021, of David Lufkin, and Petrofac itself, was not more severe.
The modus operandi of the bribery is very familiar. Over a period of years, from 2011 to 2017, employees of the group in-country (Saudi Arabia, Iraq and the UAE) agreed to pay a percentage of the overall contract value to "agents" whose sole function was to arrange for the contracts to be directed to Petrofac. While some of the contracts won in this way actually resulted in a loss for Petrofac, and on some occasions Petrofac did not even get the contract despite paying the bribe, overall, the scheme was lucrative, with around USD 81 million having been paid, to obtain contracts worth approximately USD 8.4 billion (or USD 44 million in bribes for USD 3.67 in respect of the Petrofac offences).
The group had policies and procedures in place intended to prevent corruption, including a policy for the appointment of agents. Its anti-bribery checks on the appointment of third party intermediaries included due diligence by the compliance team, and a review of prospective agents by the Group Head of Compliance; the appointment needed the approval of the Agents and Consultants Committee. So what went wrong?
It wasn’t just that Petrofac's systems to prevent corruption were based in London, while the sales team operated out of Sharjah. The court found that the controls were "easily bypassed" by various methods. For example, an objection to the need for the appointment of the Iraq agent submitted to the Agents and Consultants Committee in October 2016 was, by December 2016, simply overruled by senior officers. Similarly, in 2016, the Group Head of Compliance, having carried out due diligence on a Saudi Arabian agent, and conducted a follow up interview, submitted an adverse report, which found a lack of any visible business activity or support in the office. The agent himself admitted that Petrofac probably did not need an agent. However, the agency agreement was not terminated and remained in place until April 2017. In other instances, payments were made against falsified invoices or false sub-contracts for services, or through companies already contracted to provide services to Petrofac, or a sham agency agreement was drawn up to legitimise payments. Corrupt payments in Iraq were supported by invoices for a ghost fleet of Toyota Landcruisers.
The secret to the apparent ease with which systems were bypassed was that senior personnel at the group were directing the bribery schemes, and able to override or ignore compliance objections. In the judge's Sentencing Remarks, it was noted that the Petrofac Board had delegated the power to appoint agents to the same senior corporate officers who directed the relevant employee, Peter Lufkin, to make contact with the agents. So, misleading information on due diligence was provided, and objections raised by the compliance team were simply overridden. Petrofac accepted that its anti-bribery procedures in place up to 17 May 1017 were inadequate.
There are clear lessons to be learned here in the conduct of an effective ABC risk assessment to ensure processes do not exist merely on paper.
- Compliance objections must carry weight, and any attempt to overrule them should be scrutinised carefully.
- Exceptions or waivers from compliance procedures should be escalated appropriately.
- Senior officers should not be able to override compliance decisions without clear justification, and should not be able to approve the appointment of agents that they themselves have directed be used.
- Internal audit or accounting checks should scrutinise all agency / introducer type arrangements closely, with extra oversight where operating in high risk jurisdictions. Oversight should extend to verifying performance of agreed contractual duties.
The judge described Mr Lufkin as being at the centre of the scheme but, taking into account that Mr Lufkin had fully cooperated with the Serious Fraud Office, had admitted his guilt, and provided detailed witness statements and documentary evidence, without which the judge found that Petrofac would not have pleaded guilty, said that it was appropriate to reduce the penalty to a suspended sentence of two years.
With regard to Petrofac, the disgorgement figure included USD 6 million, which the judge said Petrofac had 'saved' by not having in place adequate procedures to prevent bribery.
In determining the fine, the judge found that the offending had taken place over a sustained period of time, had involved serious underlying criminal activity, including false accounting and fraud, and was endemic within the subsidiaries concerned. Mitigating factors included that the offending was committed under previous executive management, who were no longer with the company. Petrofac had engaged in an extensive programme of corporate reform, and had provided some cooperation. The judge also took into account the financial position of Petrofac and its available means, in imposing a fine which the company would be able to pay without going out of business. The penalty of GBP 77 million therefore consisted of GBP 22.8 million in confiscation, a GBP 47.2 million fine, and GBP 7 million in costs.