Regulatory & Enforcement Regulatory

Anti-bribery & corruption

Bribery · FCPA reach

Bribery is not merely a domestic criminal risk in the UAE. A business operating from Dubai can breach three legal orders at once — the UAE Penal Code, the United States Foreign Corrupt Practices Act, and the UK Bribery Act — from a single improper payment. Understanding where each begins is the first act of compliance.

The domestic offence: two distinct prohibitions

The UAE Penal Code (Federal Decree-Law No. 31 of 2021, in force since 2 January 2022 and amended by Federal Decree-Law No. 36 of 2022) criminalises bribery across two spheres that businesses too often conflate.

The first is bribery of public officials. Articles 275, 276, 280 and 281 capture the full transactional chain: an official who demands, accepts or receives an undue benefit to perform, omit or breach a duty; the person who promises, offers or grants that benefit; and the intermediary who carries it. Critically, the offence reaches beyond Emirati public servants to foreign public officials and employees of international organisations, closing a gap that once let cross-border payments escape domestic reach.

The second is commercial (private-sector) bribery. The Penal Code separately criminalises a manager or employee of a private-sector entity who demands or accepts an undue gift or advantage to act, or refrain from acting, in the course of their duties — and the person who offers it. This matters for ordinary commerce: a kickback to a procurement manager at a private company is a crime in its own right, not a mere contractual or disciplinary matter.

Penalties are serious. Individuals face imprisonment and fines calibrated to the value of the bribe, together with confiscation. And under Article 66, a legal person is itself criminally liable where its representatives, directors or agents commit an offence in its name or on its behalf — corporate exposure, not merely personal.

Facilitation payments and gifts

Two practical points recur in advisory work. First, facilitation or "grease" payments have no safe harbour in the UAE — a small sum to expedite a routine act by an official falls within the same bribery articles as a large inducement. Second, there is no blanket statutory ban on gifts, travel or hospitality, but the analysis is functional, not nominal: hospitality becomes a crime the moment it is intended to influence an act or omission. The label on the payment is irrelevant; the intent behind it is everything.

The long arm: why UAE businesses are exposed to US and UK law

A UAE company that has never filed in Washington or London can still be prosecuted there. Two statutes are engineered for extraterritorial reach.

The US Foreign Corrupt Practices Act prohibits corrupt payments to foreign officials to obtain or retain business. Its jurisdiction is wide: it binds US "issuers" (companies listed or registered in the US) and "domestic concerns" (US citizens, residents and companies) wherever they act, and it reaches foreign persons and companies who cause any act in furtherance of a corrupt payment to occur within US territory — a dollar-clearing transaction routed through a US correspondent bank, an email traversing a US server, a meeting on US soil. The FCPA's separate books-and-records and internal-controls provisions bind issuers even absent proof of bribery, penalising inaccurate accounting that conceals improper payments.

The UK Bribery Act 2010 is broader still. Alongside offences of giving and receiving bribes (sections 1 and 2) and bribing foreign public officials (section 6), section 7 creates the corporate offence of "failure to prevent bribery." This is a strict-liability offence: a "relevant commercial organisation" is guilty where an associated person — an employee, agent, subsidiary or intermediary — bribes anyone, anywhere, to win business for it. Prosecutors need not prove that the board knew. The Act binds any organisation that "carries on a business, or part of a business" in the UK, wherever it is incorporated. A UAE firm with a UK branch, listing or meaningful UK operations is squarely within scope.

A single improper payment made in the Gulf can be prosecuted in Abu Dhabi, indicted in New York, and charged in London — three sovereigns, one act.

The one shelter the UK Act offers is a full defence: the organisation can show it had "adequate procedures" in place to prevent bribery. That defence is the entire commercial case for building a compliance programme — it converts governance from cost into legal protection.

The enforcement and reputational reality

The direct sanctions — imprisonment, fines, confiscation, corporate criminal liability — are only part of the exposure. The heavier blow is often collateral. An investigation can trigger debarment from tenders, loss of licences, and correspondent-banking de-risking, where international banks sever relationships with entities carrying corruption risk. For a business dependent on US-dollar clearing or trade finance, losing banking access can be more terminal than any fine. Reputational damage compounds it, deterring counterparties and investors long after a matter closes.

Building a defensible compliance programme

An effective anti-bribery programme is proportionate to risk and genuinely operational — not a binder on a shelf. Its core components are settled:

  • Risk assessment. Map exposure by country, sector, transaction type, and the use of intermediaries. Interactions with public officials and public procurement carry the highest risk and warrant the tightest controls.
  • Third-party and intermediary due diligence. Agents, consultants, sponsors and distributors are the most common conduit for bribery and the most common source of liability. Screen them, document the commercial rationale for their fees, and secure contractual anti-bribery warranties and audit rights.
  • Gifts and hospitality policy. Set clear monetary thresholds, an approval and registration process, and an outright prohibition on anything given to influence an official act.
  • Books and records. Accurate accounting that reflects the true purpose of every payment — both a legal requirement and the evidentiary backbone of any defence.
  • Training and speak-up. Role-targeted training for high-risk functions, plus a confidential whistleblowing channel with a firm no-retaliation stance.

The board's role

Directors should treat anti-bribery as a governance obligation, not a delegated compliance chore. Boards ought to set an unambiguous tone from the top, approve the programme, receive periodic reporting on bribery risk and incidents, and ensure the programme is tested and refreshed. Under a "failure to prevent" model, that documented board oversight is not decorative — it is the evidence that procedures were adequate. In an enforcement environment where three jurisdictions may examine the same conduct, the credible, well-evidenced programme is the single best protection a UAE business and its directors can hold.

Instruments referred to: UAE Penal Code (Federal Decree-Law No. 31 of 2021, as amended by Federal Decree-Law No. 36 of 2022), including the bribery provisions at Articles 275, 276, 280 and 281, corporate liability under Article 66, and extraterritorial jurisdiction under Article 285; the US Foreign Corrupt Practices Act 1977 (including its anti-bribery and books-and-records/internal-controls provisions); and the UK Bribery Act 2010 (including sections 1, 2, 6 and the section 7 "failure to prevent" corporate offence with its adequate-procedures defence). This page is general information, not legal advice.

A regulatory or enforcement matter on your desk?

Every matter is handled personally. Tell me about your situation and I'll advise on the best way forward — confidentially and without obligation.

Get in touch