Compliance Program Guide

Want to set up a compliance program, but not sure where to start? The Compliance Program Guide walks you through the steps you should follow to set up a basic compliance program from start to finish. You’ll find guidance and sample tools to download including anti-corruption policies, eLearning courses, and due diligence tools.   You’ll also find country-specific guidance to help you optimize your program to the unique compliance requirements of countries like the US, UK, China, and more. 

Compliance Program Guide

Companies must create and implement anti-corruption policies and procedures to meet their legal compliance obligations and mitigate corruption risks. Corruption creates potential criminal, civil and business consequences. Implementing adequate procedures can help manage these risks while creating a competitive business advantage.

Compliance is not just common sense – it's good business sense: 

 
Liability
Criminal and civil penalties for corruption offences can cost your company millions and result in tough prison sentences. Some pieces of anti-corruption legislation have near global jurisdiction and can hold almost any company liable for corruption.
 
Opportunity

Business partners and suppliers are increasingly required to document their anti-corruption compliance programs or risk losing contracts.

 
Reputation

Your company’s reputation is its most valuable asset. Corruption investigations can harm business opportunities.

 
Blacklisting

Companies convicted of corruption offences can be excluded from bidding on contracts. The EU, the World Bank and others blacklist convicted companies.

Navigate the compliance guide steps using the icons:

Proportional Procedures

Your company's policies and procedures must be proportionate to the size, nature and complexity of your business activities.

  • Form an accurate understanding of your business’ geographic scope, industry sector, products and services, government interactions, third-party agents and customers to produce a code of conduct.
  • Work out policies and procedures to outline responsibility for the compliance system, internal controls, auditing practices, documentation practices and disciplinary procedures. 
  • Adopt protocols on cooperating with law enforcement authorities and prevent the creation and use of altered documents. See the Russian Compliance Guide on these matters. 
  • Implement appropriate financial and accounting procedures and relevant internal controls.
  • Outline assistance and reporting channels
  • Assign a person with adequate authority, autonomy and sufficient resources as responsible for the overall compliance program to ensure effective implementations.
  • Make sure that company policies and procedures should apply to all company personnel.

Top-Level Commitment

Your company's top management should show visible support for the company's compliance policies and activities; this will foster a culture of integrity in which bribery is unacceptable. Demonstrating top-level commitment for preventing corruption involves internal and external communication of your policies and top management’s involvement in developing the corruption-prevention procedures. This may include top management setting prevention policies; assigning management to create, implement and monitor procedures; and keeping these under regular review. The commitment of top-management involves formalizing the company's anti-corruption position in an available written document.

Risk Assessment

Your company should perform periodic assessments of its internal and external risks. Your company must focus most on managing the most serious corruption risks. Perform a periodic and comprehensive risk assessment to identify and weigh internal and external risks and in turn define your priorities. Remember to work together with those familiar with your company’s processes and sales channels to make effective risk assessments.

 

Geographical Risks

Identify the nature and levels of corruption including relevant regulations in the countries you do business. The Portal’s country profiles are a good starting point for your country-level assessments. The Chinese Compliance Guide, for example, underlines the high risk of official bribery as many Chinese companies are state-owned enterprises.

 
Sectors and Products
 
Your market sector may entail a higher risk of corruption than others. If you operate in sectors dependent on large-scale government contracts or tightly controlled licences your business may be exposed to a higher risk of agents or subcontractors committing a corruption offense on your company’s behalf.
 
 
Representatives
 
Make sure to identify current and anticipated future representatives. Different types of representatives have different risk profiles and include third-party agents, consultants and joint venture business partners.
 
Corruption Types
Evaluate risks for the various forms of corruption. Does your company risk encountering big-value kickback payments, or small-value bribery or facilitation payments? Does your company give gifts or donations, and could these be seen as a corrupt influence on their recipients? Keep in mind that some legislation does not distinguish between bribery and facilitation payments (see the UK Compliance Guide and the Brazil Compliance Guide) while others do (See the FCPA Compliance Guide)
 
Keep Records
Document your compliance activities, including your risk assessments. This will demonstrate your commitment to fighting corruption, facilitate potential cooperation with authorities, help establish possible legal defences, and demonstrate compliance to your business partners.
 
Define Priorities
Your risks should be evaluated for likelihood, impact and velocity. And tools can be used to help visualise your assessments to distinguish risk levels. Remember, your compliance activities should be proportionate to your risks!

Oversight Autonomy and Resources

Designate departments, structural units and officers responsible for the prevention of bribery and related offenses. Make sure that individuals in charge of oversight should be autonomous from management and should have sufficient resources to ensure the program is implemented correctly. See for example the Canadian Compliance Guide which emphasizes the importance of establishing a compliance oversight team.

Due Diligence

Companies risk criminal and civil liability for corruption offences committed on their behalf, including management, employees and third parties. Third parties present a higher risk because there is a lower-degree of control over third parties compared to employees.  You should therefore take a risk-based approach and conduct a heightened-level of scrutiny or due diligence before engaging others to represent your company (agents, consultants, joint ventures, etc.). See as an example the German Compliance Guide, which stresses the civil liability of individuals committing corruption on behalf of companies.

Check out our Due Diligence Tools page  which provides you with sample tools to carry out due diligence in public procurement and partner, agent, contractor and consultant screening. 

Conducting effective due diligence on third parties and follow an extensive amount of work that may be difficult to keep track of. You are therefore advised to take a more systemic approach to the task. The Definitive Guide to Due Diligence Automation outlines six crucial steps you should follow to establish a comprehensive framework for conducting due diligence.

  • Capture key data and authorize it.
  • Internally assess third party risk
  • Control external due diligence
  • Submit the due diligence questionnaire for review
  • Approve or reject.

Communication & Training

Your policies and procedures should be communicated and understood throughout your company and by key stakeholders. This may include communicating with and training external stakeholders, such as suppliers and contractors. These activities should be documented to help meet your compliance demands, especially your code of conduct and anti-corruption policy. Effective communication and training may take many forms, including e-learning courses (see E-Learning Course sample here), traditional on-site training, e-mail and intranet communications, and electronic and physical policy signings.

 Monitoring & Review

Your anti-corruption policies and procedures should be monitored and reviewed continuously to account for changes in risks and the effectiveness of your procedures. This process should be reflected in changes being made as necessary.

  • Access to data (such as financial records) and complaint channels and proxies (such as key performance indicators - KPIs) help you to monitor and review your policies and procedures.
  • Evaluation findings should be reported to your top management and those responsible for the compliance system.
  • Finally, your annual report should disclose the level of implementation of the compliance system to inform stakeholders.

Reporting

Employees should be able to report violations without fear of retaliation through a whistleblowing mechanism based on confidentiality. Establish disciplinary measures to penalize non-compliance.

Information on irregularities among employees and third parties should be shared. Further, the compliance program and internal controls should be updated after an internal investigation.

The last and final step in the process is to "tune" your program to the unique compliance requirements of the countries your company does business in using these country-specific compliance guides: 

Compliance Guides

German Compliance Guide

Read our German anti-corruption legislation compliance guide for fast and practical information and compliance tips. ...

Compliance Guides

Chinese Compliance Guide

China's anti-corruption laws are increasingly being enforced against foreign companies. Use our quick compliance guide ...

Compliance Guides

UK Compliance Guide

The UK Bribery Act Compliance Guide provides fast and practical information for anti-corruption compliance through ...

Compliance Guides

Brazil Compliance Guide

Quick Guide to Brazilian anti-corruption compliance under the Clean Company Act 2014. No recommendations for compliance ...

Compliance Guides

FCPA Compliance Guide

The FCPA Compliance Guide provides fast and practical information for anti-corruption compliance through concise and ...

Compliance Guides

Canada Compliance Guide

Quick Guide to Canadian anti-corruption compliance under the Corruption of Foreign Public Officials Act (CFPOA).

Compliance Guides

Russian Compliance Guide

Russia's Federal Anti-Corruption Law No. 273 requires domestic and foreign companies operating in Russia to implement ...