Anti-Bribery Strategy: How to Bubble Wrap Your Company

The UK Bribery Act is very clear when it comes to corporate responsibility for bribery and corruption. Under this law, companies can be prosecuted for failing to implement the necessary policies and procedures to prevent bribery.

The US Foreign Corrupt Practices Act (FCPA) takes a similar, albeit less hardline approach to the issue of corporate responsibility. As such, it is essential for Asian organizations that fall under their remit to develop a robust anti-corruption framework that actively aims to prevent corruption and mitigates the risk of violations.
Other jurisdictions also have strict anti-corruption legislation with or without extra-territorial reach. Even though historically anti-corruption legislation may not have been diligently enforced, the trend is quickly changing, following in the FCPA’s footsteps.
In order to properly protect your organization against bribery and corruption and mitigate the risk you face, there are four key steps companies in Asia should follow. These steps are widely recognized as tried-and-tested best practices, implemented by leading companies all over the world as a defense against FCPA and UK Bribery Act violations.
Step one: Risk assessment
The first step in developing a robust anti-corruption framework is actually to take a step back and properly assess the risk you face under your industry business model and structure. There are typically four key areas of risk that companies should review:
Internal risk: Unless you are a sole individual working for yourself, there is always going to be an inherent internal risk of bribery and corruption present in your company from the people who work for you. As such, it is important to gauge the level of exposure you face from within.
This can be done by asking, among others, several key questions:
  • Have you properly screened your employees for previous corrupt activity?
  • Have they been properly trained in compliance best practices?
  • Do they thoroughly understand the company’s policies around gifts, entertaining and travel expenses?
  • Do they have associations that could potentially expose your organization to accusations of bribery?
  • Do you ask your employees to commit to the company’s code of conduct?
Country risk: The geographies in which you operate also play a role in determining your exposure to risk. Do you operate in countries that are perceived to have high levels of corruption? Where do they rate on Transparency International’s Corruption Perceptions Index? Does the country have lax penalties when it comes to bribery and corruption?
Transactional risk: Smart companies also assess the level of transactional risk they are exposed to. The questions to ask include:
  • How does your organization go about obtaining licenses and permits?
  • How regularly do you sell to government bodies and how do you go about this?
  • Has your company traditionally paid facilitation payments and made political contributions to help secure contracts and licenses?
  • Do you have government-linked clients?
  • Are you operating in an industry where your competitors have faced corruption charges?
Third-party risk: Under the FCPA and the UK Bribery Act, you are also accountable for the transactions completed on your behalf by vendors, partners and agents. As such, you must be confident that these parties are acting ethically when conducting business on your behalf.
Have you conducted adequate background screening on your agents and vendors? How transparent are your business partners about their business protocols? Do they have a history of corrupt practices and bribery?
When assessing the risk of corruption within your company, it is important to explore not only the likelihood of a violation occurring, but also the potential financial and reputational impact on your business. The impact to your business is not the amount of bribe that you pay but the fine you may be charged – which often includes disgorgement of profits – and the reputational impact, which could cause the downfall of the business.
Step two: Assessing your current controls
Once you have properly assessed your level of exposure and identified the areas of high risk, it is important to assess how effective your existing anti-corruption systems, controls and procedures are in mitigating the risks you face.
Again, there are several critical questions you should ask when conducting a review:
  • Do your policies address all areas of bribery and corruption risk you are exposed to?
  • How do you go about communicating these procedures?
  • Have you implemented adequate training to ensure your employees not only understand but also adhere to your policies?
  • Do you have an effective internal audit function to ensure compliance?


  • What employee and third party screening policies do you have in place?
  • How do your policies help identify corrupt activities?
  • Have you clearly outlined how the company will react if it suspects bribery and corruption, either from employees or third parties?
  • What are the gaps between risk and control?
Once you’ve answered these questions, your anti-corruption policies and procedures may need to be updated, expanded and enforced in order to ensure inclusion of the critical elements of a robust anti- corruption framework.
Step three: Developing a framework that works
In order for any anti-corruption framework to be successful, it is essential that the company’s senior management act as champions and clearly demonstrate their commitment to best anti-corruption practices.
Further, the company should have at least one Board member who is well qualified in enterprise risk management and compliance issues.
Code of conduct: The framework should include a clearly articulated code of conduct and compliance that strictly prohibits bribery and corruption, provides reporting channels and clearly outlines the disciplinary procedures the company will undertake if violations are uncovered.
This code should be communicated throughout the organization, in multiple languages if necessary, on an on-going basis. All existing and new employees should be formally trained in the code of conduct and understand the consequences they face if they are found to be in breach.
This communication and training should be completed periodically and not simply upon joining the company. Employees should be provided with practical examples to assist them when facing unethical requests such as corrupt payments.
The code of conduct should also be properly communicated to all foreign agents, distributors and vendors who operate on behalf of the company. Written contracts should be prepared for all employees, vendors, distributors and third-party agents, citing this code.
The company should ensure it has sufficiently stringent financial controls in place to prevent corrupt payments being made on behalf of the company, with multiple checks in place. This should also include clear limits on staff expenditure – whether in terms of third-party invoices or entertainment accounts.
Whistleblowing system. A comprehensive whistleblower reporting system should be established and properly communicated throughout the company, including an anonymous, confidential hotline that employees can call if they suspect corrupt practices. This system should also be extended to vendors and agents.
Vetting: The anti-corruption framework should also incorporate rigorous vetting of all employees, business partners, foreign agents, distributors, customers and vendors, with a view to ensuring they do not have a history of corrupt practices or questionable alliances. Background screening of stakeholders should be also performed on existing relationships.
Step four: Risk assessment and protocols monitoring
While all of the above steps are critical, perhaps the most important step to protecting your organization against bribery and corruption is to ensure the on-going monitoring of all business activities and the routine updating of all policies and protocols.
You should also update your risk assessment matrix on a regular basis. How frequently this should occur depends entirely on the level of risk to which you are exposed. However, as a rule, it should be done no less than once a year or every time your company expands to new countries or markets or when new legislation or amendments are enacted. 
At the end of the day, the cost of being found in violation of global anti-corruption legislation is high. Given the ever-increasing scrutiny on the region from regulatory watchdogs and the growing number of Asian companies under investigation, now more than ever companies within the region need to ensure they have the proper systems, processes and controls in place to protect themselves against bribery and corruption.
After all, prevention is always better than cure, and the financial and reputational impact of an investigation on a company is often overlooked.
About the Authors
Penelope Lepeudry, Colum Bancroft and David Liu are managing directors at Kroll Advisory Services, which delivers solutions that span investigations, due diligence, compliance, cyber security and physical security. This article is part of the company's Complying With Global Anti-Corruption Legislation: Perception Versus Reality campaign (see

Suggested Articles

Some of you might have already been aware of the news that Questex—with the aim to focus on event business—will shut down permanently all media brands in Asia…

Some advice for transitioning into an advisory role

Global risks are intensifying but the collective will to tackle them appears to be lacking. Check out this report for areas of concern