Whistleblowing | Workplace Compliance

UK Bribery Act 2010

A key UK law and one of the world’s most stringent anti-corruption laws, criminalizing bribery in all its forms and creating commercial liability for organizations that fail to prevent bribery committed by anyone acting on their behalf, where they have not implemented adequate procedures.

Region: UK/
Sector: Public & Private/
Effective date: 07/01/2011/
Last regulatory update: 01/22/2025/
Mandatory:Yes/
Schedule a Consultation

Table of contents

    What Is the UK Bribery Act?

    The Bribery Act 2010 is the primary anti-corruption statute in the UK, replacing previous legislation, including the Public Bodies Corrupt Practices Act 1889 and the Prevention of Corruption Acts 1889 - 1916. The Act created a consolidated framework of four criminal offenses and introduced a model of strict corporate liability with worldwide reach for certain offenses.

    The Act covers commercial organizations that operate their business, or at least a part of it, in the UK, regardless of where misconduct occurs or where the business was founded. Under Section 8, liability extends to any “associated person”, meaning anyone who performs services on behalf of the business, including employees, agents, subsidiaries, and possibly contractors acting in that capacity.

    Moreover, individual exposure applies to UK nationals, residents, and persons ordinarily resident in the UK who engage in bribery anywhere in the world. The four key offenses are as follows:

    Key UK Bribery Act Provisions

    Bribing Another Person

    Defined in Section 1 as offering, promising, or giving a financial or other advantage to induce improper conduct.

    Accepting a Bribe

    Defined in Section 2 as requesting, agreeing to receive, or accepting an advantage for improper conduct.

    Bribing a Foreign Public Official

    Defined in Section 6 as paying or promising an advantage to influence a foreign official in order to obtain or retain business.

    Failure to Prevent Bribery

    Defined in Section 7 as a commercial organization committing an offense if a person associated with it bribes another person with the intent to obtain or retain business for the organization.

    Section 7 of the Act is the most relevant provision for corporate compliance programs because it establishes a strict-liability offense. The organization need not have authorized or even been made aware of the bribery for liability to be created. The only available defense is to demonstrate that the organization had adequate procedures in place to prevent the bribery, even if they failed in practice. 

    Who Is Responsible for the UK Bribery Act?

    The Serious Fraud Office (SFO) conducts investigations into serious or complex bribery cases. The National Crime Agency’s (NCA) International Corruption Unit (ICU) investigates international bribery and corruption alongside the SFO. The Crown Prosecution Service (CPS) prosecutes cases investigated by the NCA and other enforcement bodies.

    The Ministry of Justice (MoJ) is responsible for publishing guidance under Section 9 of the Act, which covers the procedures commercial organizations can put in place to avoid liability. The most recent update to the official MoJ guidance was published on the 22nd of January, 2025.

    What Are the Possible Penalties Under the UK Bribery Act?

    Individuals convicted of bribery offenses under sections 1,2, or 6 face up to 10 years in prison and an unlimited fine. Organizations convicted of failing to prevent bribery under Section 7 similarly face an unlimited fine. Additionally, courts may order confiscation of proceeds under the Proceeds of Crime Act 2002 (POCA).

    Convicted individuals may be disqualified from acting as company directors. Senior officers convicted under sections 1,2, and 6 of the Act, whose consent or connivance contributed to the offense, may also face personal criminal liability under Section 14 of the Act.

    Deferred Prosecution Agreements (DPAs) are available in cases where a corporation voluntarily discloses conduct and cooperates with investigators. Several high-profile DPAs have been concluded under the Act, including with multinational companies in the defense, financial services, and technology sectors in the UK.

    What Does the UK Bribery Act Require?

    While the Act does not directly prescribe a fixed compliance program, the Section 7 defense depends entirely on demonstrating that the organization had implemented adequate procedures that existed at the time any bribery occurred. The MoJ guidance sets out six core principles:

    Core Bribery Act Prevention Requirements

    Proportionate Procedures

    Anti-bribery controls must be proportionate to the organization’s size, nature, and risk exposure. 

    Top-Level Commitment

    The board and senior leadership must visibly endorse anti-bribery policies and a culture of anti-bribery.

    Risk Assessment

    Periodic, documented assessments of bribery risk must be conducted across business lines, geographies, and relationships.

    Due Diligence

    The organization must carry out risk-based checks on associated third parties, agents, and joint venture partners.

    Communication & Training

    Anti-bribery policies must be communicated internally and externally, with relevant training for at-risk staff.

    Monitoring & Review

    Organizations must conduct ongoing monitoring of procedures and regular reviews following material changes to risk exposure or operations.

    These six principles closely mirror those set out in the government’s Failure to Prevent Fraud Guidance under the Economic Crime and Corporate Transparency Act 2023 (ECCTA), which came into force on 1 September 2025. They also align with the framework established by the Criminal Finances Act 2017 for failure to prevent the facilitation of tax evasion.

    Together, these three regimes promote a consistent, risk-based approach to corporate compliance. Organizations subject to the Bribery Act should consider aligning their anti-bribery, anti-fraud, and anti-tax-evasion controls wherever possible.

    Organizations should also maintain clear and accessible internal reporting channels for employees and associated persons, enabling them to safely raise concerns about potential bribery without fear of retaliation. Whistleblower protections established by the Public Interest Disclosure Act 1998 (PIDA) apply to workers who disclose information in the public interest.

    The Act has extraterritorial reach, meaning that bribery does not need to occur on UK soil to be punishable. An organization can face prosecution for conduct by an overseas subsidiary, agent, or contractor if the intent was to benefit the UK-connected entity and no adequate procedures existed to prevent it. 

    Why Is the UK Bribery Act Important?

    For multinational organizations, the UK Bribery Act is one of the most operationally significant pieces of legislation in their compliance landscape. Unlike the US Foreign Corrupt Practices Act (FCPA), the UK Act covers domestic bribery in the private sector as well as the corruption of foreign public officials.

    There is no “de minimis” exception disqualifying smaller offenses, no facilitation payment defense for commercial organizations, and no statutory territorial carve-out for local customs. In practice, this means that organizations operating in high-risk markets face real exposure if their third-party relationships are not properly governed. 

    The MoJ guidance does, however, clarify that reasonable and proportionate corporate hospitality is not intended to be criminalized. Organizations should document the business rationale for gifts and entertainment rather than avoiding them entirely.

    The reputational consequences of enforcement actions under the Act have proven severe. DPA disclosures are made public, and criminal convictions of organizations or their senior officers attract regulatory and media scrutiny. Furthermore, a conviction or DPA can trigger parallel investigations by the Financial Conduct Authority (FCA), the Financial Reporting Council (FRC), or sector regulators.

    How FaceUp Helps Comply with the UK Bribery Act

    While the Act does not directly require organizations to implement anonymous whistleblowing channels, the sanctions for failing to prevent bribery create a strong business case for effective internal reporting. FaceUp helps organizations strengthen their anti-bribery compliance by implementing a reporting and case management solution in as little as two hours.

    Multichannel intake across web forms, QR codes, iOS/Android mobile apps, and 24/7 hotlines supports employees in reporting anonymously in 113 languages. Centralized case management with automatic data logging enables compliance teams to respond to reports effectively and create audit-ready assurances demonstrating their compliance. 

    Quick Facts

    Big Icon Whistleblowing

    Full legislation

    Applies to

    Commercial organizations carrying on a business in the UK; 
    UK nationals and residents worldwide.

    Penalties

    Up to 10 years in prison for individuals; 
    unlimited fine for organizations; 
    potential asset confiscation.

    The FaceUp Solution

    FaceUp is an anonymous reporting and compliance platform designed to help businesses meet whistleblowing regulations worldwide, including those in the US, EU, UK, and UAE.

    • Fully Anonymous Reporting

      Give staff multiple secure channels to report their concerns, complete with an anonymous two-way chat.

      • Mobile-First Accessibility

      • No IP storage, no device IDs, encrypted submissions

      • Customizable forms, categories, routing rules, and more

      Explore Reporting
    • Customizable Case Management

      Create an easily verifiable audit trail through a customizable case management system with automatic routing.

      • Supports multiple locations, subsidiaries, or units

      • Entity-specific routing and access permissions

      • Optional notifications via email, Teams, or Slack

      Explore Case Management
    • FaceUp - Risk & Compliance Analytics

      Real-Time Data Analytics

      Identify trends, repeated issues, and escalation risks early with customizable visual real-time dashboards.

      • Filter by category, region, channel, and more

      • Share without revealing sensitive information

      • ISO 27001 and SOC 2-certified local servers

      Explore Analytics

    Explore How FaceUp Can Help Your Organization