Anti-Corruption Compliance: Meeting the Global Standard

Bloomberg Law®, an integrated legal research and business intelligence solution, combines trusted news and analysis with cutting-edge technology to provide legal professionals tools to be...

By Keith Korenchuk, Samuel Witten and Daniel Bernstein  

Keith Korenchuk counsels and advises global companies on regulatory and compliance matters worldwide, with a focus on compliance program effectiveness, compliance program implementation, operations and evaluation, and related regulatory counseling and advice. Samuel Witten has an extensive background in international law, the development and implementation of corporate compliance programs, international dispute settlement, and international law enforcement cooperation. Daniel Bernstein is an Associate at Arnold & Porter LLP, where he focuses on complex commercial litigation, corporate internal investigations, and white collar defense.  

While much attention is paid to the U.S. Foreign Corrupt Practices Act (“FCPA”)1 and the U.K. Bribery Act2, an array of other anti-corruption laws apply to multinational companies. For example, the so-called “BRIC” countries—Brazil, Russia, India and China—all recently enacted, and have begun taking initial steps to enforce, more stringent anti-corruption laws.3 Meanwhile, forty countries have signed the OECD Anti-Bribery Convention, which requires criminalizing the bribery of foreign public officials and prescribes measures for the implementation of domestic legislation.4

Designing an effective anti-corruption compliance program that meets the requirements of many different jurisdictions seems like a daunting task. Executives at global companies are likely to ask themselves: Do we need dozens of different compliance programs? Will we be subject to conflicting standards in the various countries where we do business? How can we ensure proper oversight of activity that occurs all over the globe?

In addressing these questions, multinational companies should take note of the broad global consensus that has developed around what governments and international organizations expect of corporate anti-corruption compliance programs. While there is no one-size-fits-all program—and a company must bear in mind applicable local laws—this global standard is welcome news.

Here we review the commonly accepted best practices for an anti-corruption compliance program.

I. The Global Standard

For those seeking to design or enhance a truly global compliance program, the most appropriate starting place may be the “Good Practice Guidance for Companies,” published by the Organisation for Economic Co-operation and Development's Working Group on Bribery in International Business Transactions (the “OECD Guidance”).5 The OECD Guidance, which is intended to help multinational companies comply with the OECD's Anti-Bribery Convention, includes twelve key elements:

  • 1. strong, explicit and visible support and commitment from senior management for preventing and detecting foreign bribery;
  • 2. a clearly articulated and visible corporate policy prohibiting foreign bribery;
  • 3. making compliance the duty of individuals at all levels of the company;
  • 4. oversight of compliance as the duty of one or more senior corporate officers, with autonomy, resources and authority;
  • 5. generally applicable measures that focus on high-risk areas;
  • 6. ensuring the compliance of relevant third parties;
  • 7. financial and accounting procedures, including a system of internal controls;
  • 8. periodic communication and documented training;
  • 9. encouragement and positive support for compliance;
  • 10. appropriate disciplinary procedures to address violations;
  • 11. guidance, advice, confidential reporting and whistleblower protections; and
  • 12. periodic reviews.6

    In recent years, many countries around the world have at least implicitly endorsed these guidelines. For example, the U.S. Department of Justice's (“DOJ”) and U.S. Securities and Exchange Commission's (“SEC”) Resource Guide to the U.S. Foreign Corrupt Practices Act (“FCPA Guide”) identifies “hallmarks” of an effective anti-corruption compliance program that bear a striking resemblance to the good practices set forth in the OECD Guidance. 7 National authorities in the United Kingdom, Canada, Brazil, Japan and South Africa have encouraged many of the same good practices. 8 Numerous public and private international organizations, such as the World Bank, United Nations, International Chamber of Commerce (“ICC”) and Transparency International, recommend these practices as well. 9    

    II. Core Components of an Effective Anti-Corruption Compliance Program

    Support and Commitment from the Top.As an initial matter, senior management and boards of directors should create a “tone at the top” that promotes a culture of compliance. The OECD recommends “strong, explicit and visible support” for preventing and detecting foreign bribery.10 The World Bank Group's Integrity Compliance Guidelines (“World Bank Guidelines”) sum this up as “Leadership.”11

    In evaluating a company's compliance with anti-corruption laws, U.S. authorities say they will consider “whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”12 As noted by U.K. authorities, “[t]hose at the top of an organisation are in the best position to foster a culture of integrity where bribery is unacceptable.”13

    A clearly articulated and visible corporate policy.Companies should have written policies and/or codes of conduct that prohibit foreign bribery.14 These documents should be “clear, concise, and accessible to all employees and to those conducting business on the company's behalf.”15 Brazilian authorities have explained, for example, that an anti-corruption code “serves to provide all agents operating on behalf or in name of the enterprise and other stakeholders with full knowledge of the principles, values, and standards and types of permissible activities and expected conduct in the enterprise.”16

    Making compliance the duty of individuals at all levels of the company.While “tone at the top” and written policies are necessary components of a compliance program, they are not sufficient in and of themselves. A commitment to compliance must be reinforced by middle-management and others throughout the organization. Indeed, compliance “is the duty of individuals at all levels of the company.”17 Under the World Bank Guidelines, “Individual Responsibility” is key.18 Thus, the effectiveness of an anti-corruption program depends on the commitment of everyone at the company—directors, officers, and employees alike.

    Oversight by senior corporate officers with autonomy, resources and authority. A dedicated compliance infrastructure, with “one or more senior corporate officers” responsible for compliance, is also needed.19 The responsible corporate officer (or officers) “must have appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company's compliance program is implemented effectively.”20 Indeed, Russian law now requires the designation of an officer and a department or structural unit responsible for the prevention of corruption and related offenses.21

    According to the FCPA Guide, U.S. enforcement authorities will look at whether a “company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”22 At a minimum, U.S. authorities expect that lead compliance personnel will have “direct access to an organization's governing authority,” such as the board of directors or an audit committee.23 Other countries similarly expect companies to establish “direct reporting obligations to independent monitoring bodies,”24 which oversee compliance with applicable standards of conduct.25

    Although central oversight may create tension in a company with historically decentralized operations, an effective anti-corruption compliance program will necessarily require some involvement from the home office. This central oversight should complement, not replace, compliance measures at the local, operational level.

    Generally applicable compliance measures focused on high-risk areas.The OECD encourages multinational companies to implement specific anti-corruption measures in high-risk activities, and to apply such measures to “all directors, officers, and employees” and to “all entities over which a company has effective control.”26 In this respect, the OECD Guidance recognizes that there is no standard compliance program: an effective program, according to the OECD, “should be developed on the basis of a risk assessment addressing the individual circumstances of a company.”27 Nevertheless the OECD identifies common high-risk areas, including “gifts; hospitality, entertainment and expenses; customer travel; political contributions; charitable donations and sponsorships; facilitation payments; and solicitation and extortion.”28

    The FCPA Guide advises companies to design a compliance program that considers risk factors such as level of government oversight and interaction; reliance on third parties who interact with governments on behalf of the company; business strategies using mergers, acquisitions or other business combinations; exposure to customs and immigration authorities; involvement in joint venture agreements and the importance of licenses and permits to the operations of a business.29

    Similarly, under Transparency International's Business Principles for Countering Bribery (“Transparency International Principles”), a corporate compliance program “should be tailored to reflect an enterprise's particular business circumstances and culture, taking into account such potential risk factors as size, business sector, nature of the business and locations of operation.”30

    Since the essence of a compliance program is the prevention, detection, and remediation of wrongdoing, a company's resources should be allocated to activities that pose the highest risk—and when a company's corruption risk grows, the FCPA Guide notes, “that business should consider increasing its compliance procedures.”31

    Ensuring the compliance of third parties.A compliance program should not be limited to mitigating risks presented by a company's direct employees. The OECD recommends that a compliance program pay attention to “third parties such as agents and other intermediaries, consultants, representatives, distributors, contractors and suppliers, consortia, and joint venture partners.”32 Specifically, the OECD advises multinational companies to perform documented due diligence of business partners, inform business partners of the company's commitment to compliance, seek a reciprocal commitment, and monitor compliance.33

    The World Bank Guidelines echo this advice and further recommend assuring that “any payment made to [a] business partner represents an appropriate and justifiable remuneration for legitimate services performed or goods provided … and that it is paid through bona fide channels.” According to the World Bank Guidelines, companies should “[a]void dealing with contractors, suppliers and other business partners known or (except in extraordinary circumstances and where appropriate mitigating actions are put in place) reasonably suspected to be engaging in misconduct.”34 Indeed, many recently reported cases of anti-corruption enforcement against multinational companies are based on the actions of third-party agents.

    Financial and accounting procedures, including a system of internal controls.Internal controls help safeguard a company's assets. The OECD recommends financial and accounting procedures that are “reasonably designed to ensure the maintenance of fair and accurate books, records, and accounts, to ensure that they cannot be used for the purpose of foreign bribery or hiding such bribery.”35

    Countries generally expect companies to maintain a robust set of internal controls.36 For example, Russia's Anti-Corruption Law now requires companies to have controls that prevent the falsifying of accounting records.37 Brazil's new Clean Company Act, when applying penalties, considers the existence of internal controls, including audits, that ensure the integrity of a company's operations.38

    Internal controls are especially important where corruption risks are high. As the FCPA Guide observes, “[b]usinesses whose operations expose them to a high risk of corruption will necessarily devise and employ different internal controls than businesses that have a lesser exposure to corruption, just as a financial services company would be expected to devise and employ different internal controls than a manufacturer.”39 A robust set of internal controls can help ensure, for example, that an interaction subject to prior approval is only authorized for payment after an appropriate review.

    Periodic communication and documented training.The OECD recommends “periodic communication and documented training … for all levels of the company, on the company's ethics and compliance program.”40 As the FCPA Guide emphasizes, a compliance program cannot be effective without adequate communication and training.41

    Anti-corruption training is not a one-time event. Brazilian authorities, for example, have highlighted the importance of a company training existing employees, as well as new hires.42 The ICC Rules on Combating Corruption state that “key personnel in areas subject to high corruption risk should be trained and evaluated regularly.”43 The World Bank Guidelines likewise advise that training programs should be “tailored to relevant needs, circumstances, roles and responsibilities.”44 In this vein, the FCPA Guide suggests that training sessions include hypothetical situations that are specific to the trainee's day-to-day work experiences.45 The ultimate goal of training and communication is to make sure that individuals understand what is expected of them and are able to follow compliance guidelines in their everyday activities.

    Moreover, communication regarding compliance issues should not take place only in formal settings. Brazilian authorities therefore recommend “implementation of a permanent communications policy,” which could include such elements as “internal newsletters for employees; a separate space on the intranet devoted to ethics; dissemination of examples of good practices of ethical conduct; posting of pamphlets and announcements on bulletin boards; presentation of positive results obtained from the implementation of the code of conduct; and incorporation of the ethical and integrity principles and values in the organization's mission and vision statements.”46 The World Bank Guidelines recommend that an organization “make statements in its annual reports or otherwise publicly disclose or disseminate knowledge about its [compliance program].”47

    Encouragement and positive support for compliance.Companies also should reward their employees for good behavior, including compliance with anti-corruption policies and procedures.48 The ICC Rules on Combating Corruption suggest that multinational corporations include “the review of business ethics competencies in the appraisal and promotion of management and measuring the achievement of targets not only against financial indicators but also against the way the targets have been met and specifically against the compliance with the Enterprise's anti-corruption policy.”49 In this regard, the FCPA Guide recommends incorporating adherence to compliance as “a significant metric for managements' bonuses,” “recognizing compliance professionals and internal audit staff,” and making “working in the company's compliance organization a way to advance an employee's career.”50

    Appropriate disciplinary procedures to address violations.Just as carrots are important to an anti-corruption compliance program, so are sticks. Anti-corruption rules are only effective if they are enforced. That is why the OECD Guidance contemplates the implementation of appropriate disciplinary measures to address violations.51 To evaluate the credibility of a compliance program, U.S. authorities will assess whether “a company has appropriate and clear disciplinary procedures, whether those procedures are applied reliably and promptly, and whether they are commensurate with the violation.”52 As the World Bank Guidelines make clear, disciplinary measures should include possible termination and apply to “all persons involved in [m]isconduct or other program violations, at all levels.”53 In the words of the FCPA Guide, “[a] compliance program should apply from the board room to the supply room—no one should be beyond its reach.”54

    Guidance, advice, confidential reporting, and whistleblower protections.An effective anti-corruption program must provide resources for company employees and relevant third parties to obtain compliance information.55 Specific company personnel should be designated to help answer questions.

    An effective program also should provide mechanisms for reporting potential or actual misconduct.56 Indeed, when punishing violations, Brazil's new Clean Company Law takes into account the existence of a company's incentives for employees to report irregularities.57 According to the APEC Anti-corruption Code, the goal is to ensure that relevant information travels “to responsible enterprise officials as early as possible.”58 For this to happen, of course, employees must not fear retribution or retaliation for the good faith reporting of their concerns. The FCPA Guide thus recommends the institution of hotlines, ombudsmen, or other anonymous reporting systems.59

    A company's response to a report of potential misconduct is also critical. Companies must have an infrastructure in place to respond to the report, conduct appropriate investigations, and document the response process, in a consistent manner.60

    Periodic reviews. A compliance program that remains static is likely to become ineffective as risks shift. Periodic reviews and assessments are therefore essential.61 Companies must consider, among other things, “business changes over time”;62 weaknesses and shortcomings that may require enhancements;63 and “relevant developments in the [anti-corruption] field” and “evolving international and industry standards.”64 The U.K. Bribery Act Guidance recommends benchmarking with other organizations to help assess whether best practices are being implemented.65

    The FCPA Guide contains some specific suggestions for periodic reviews and assessment: companies may (1) use “employee surveys to measure their compliance culture and strength of internal controls, identify best practices, and detect new risk areas” and/or (2) conduct “targeted audits to make certain that controls on paper are working in practice.”66

    III. Conclusion

    As this article illustrates, a convergence of expectations regarding anti-corruption compliance programs has led to a new global standard. Companies that fail to live up to this global standard unnecessarily increase their risk of exposure. The absence of an effective compliance program not only makes it more likely that improper conduct will occur, but also makes it more difficult for companies to defend themselves in enforcement situations by arguing that individual wrongdoers alone and not the company itself, should be held liable.

    While an effective compliance program must address the specific risks a company faces, the global standard embodied in the guidance of governments and international organizations discussed in this article provide international businesses with a path to developing or enhancing a compliance program that prevents, detects and responds to anti-corruption risks worldwide.



    U.S. Foreign Corrupt Practices Act, 15 USC. §§78dd-1, et seq. (1977), available at


    2010 U.K. Bribery Act, Chapter 23,

    available at


    SeeArnold & Porter LLP, Global Anti-Corruption Insights (Feb. 2014) at 5, 31–32, available at Winter2014.pdf.

    For a detailed discussion of Brazil's Clean Company Act, see K. Korenchuk, M. Asner, S. Witten and B. Spiewak, Responding to Anti-Corruption Concerns in Brazil: Considerations for the Pharmaceutical and Medical Device Sectors, Pharmaceutical Compliance Monitor (Jan. 2, 2014), available at For additional information about Russia's anti-corruption law, see K. Korenchuk, M. Asner, S. Witten and J. Wiesner, Doing Business in Russia: Managing Anti-Corruption Risk, Pharmaceutical Compliance Monitor (Nov. 26, 2013), available at For additional information about anti-corruption developments in India, see K. Korenchuk, M. Asner, S. Witten and M. Davar, Developing an India Strategy: Practical Considerations to Seek Opportunities and Mitigate Corruption Risks in the Medical Products Sector, Pharmaceutical Compliance Monitor (Nov. 1, 2013), available at And for additional information about the Chinese government's anti-corruption investigations, see K. Korenchuk, M. Asner and S. Witten, Responding to Anti-Corruption Compliance Challenges in China: The Way Forward in Light of the Ongoing Investigations in the Pharmaceutical Industry, Pharmaceutical Compliance Monitor (Sept. 26, 2013), available at  http://www.pharmacompliancemonitor .com/responding-to-anti-corruption-compliance-challenges-in-china-the-way-forward-in-light-of-the-ongoing-investigations-in-the-pharmaceutical-industry/5571/.


    Organisation for Economic Co-operation and Development, Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, entered into force 1999, 37 I.L.M. 1 (“OECD Anti-Bribery Convention”) available at


    Working Group on Bribery, OECD, Good Practice Guidance on Internal Controls, Ethics, and Compliance (2010) (“OECD Guidance”) available at




    A Resource Guide to the U.S. Foreign Corrupt Practices Act, Criminal Division of the U.S. Department of Justice and the Enforcement Division of the U.S. Securities and Exchange Commission (Nov. 2012) (“FCPA Guide”), at 57–63, available at For a road map to the entire FCPA Guidance, see Advisory: The FCPA Guidance Road Map (November 2011), available at


    SeeU.K. Ministry of Justice, the Bribery Act of 2010, Guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing (2011) (“U.K. Bribery Act Guidance”), available at; Probation Order, Court of Queen's Bench of Alberta, Judicial District of Calgary, Her Majesty the Queen and Niko Resources Ltd., June 23, 2011 (“Canada's Niko Probation Order”); Brazil's Office of the Comptroller General and Ethos Institute for Business and Social Responsibility, Business Social Responsibility in Combating Corruption (2009) (“Brazil's CGU Guidance”), available at; Japanese Ministry of Economy, Trade, and Industry, Guidelines to Prevent Bribery of Foreign Public Officials (May 1, 2006) (“Japan's METI Guidelines”), available at; Institute of Directors in Southern Africa, King Committee on Governance, The King Code of Governance for South Africa 2009 (“South Africa's King Code”), available at:; Ministry of Trade and Industry Companies Regulations, 2011, §43(5)(bb), available


    World Bank Group, Integrity Compliance Guidelines (2011) (“World Bank Guidelines”), available at; U.N. Global Compact, A Guide for Anti-Corruption Risk Assessment (2013) (“UN Guide”), available at; ICC Rules on Combating Corruption (2011) (“ICC Rules on Combating Corruption”), available at; Transparency International, Business Principles for Countering Bribery (2d ed. 2009) (“Transparency International Principles”), available at AccordAsia-Pacific Economic Cooperation, APEC Anti-corruption Code of Conduct for Business (2007) (“APEC Anti-corruption Code”), available at; World Economic Forum, Partnering Against Corruption - Principles for Countering Bribery(2009) (“WEF Principles”), available at


    OECD Guidance, Annex II at ¶ A1.


    World Bank Guidelines §2.1.


    FCPA Guide at 57.


    U.K. Bribery Act Guidance at 23.


    OECD Guidance, Annex II at ¶ A2.


    FCPA Guide at 57.


    Brazil's CGU Guidance at 31.


    OECD Guidance, Annex II at ¶ A3. AccordAPEC Anti-corruption Code at §4; ICC Rules on Combating Corruption at Art. 10; Transparency International Principles at §5.1; WEF Principles at §5.1. At the national level, see Canada's Niko Probation Order at ¶ 2(b)(ii); Japan's METI Guidelines at 10; Bundesverband der Deutschen Industrie, Federation of German Industries, Preventing Corruption—BDI Recommendations, 3d Edition (2007) (“Germany's BDI Recommendations”) at 6, available at


    World Bank Guidelines §2.2.


    OECD Guidance, Annex II at ¶ A4.


    FCPA Guide at 58. AccordBrazil's CGU Guidance at 36; Canada's Niko Probation Order at ¶ 2(e); Japan's METI Guidelines at 10; South Africa's King Code at 43; U.K. Bribery Act Guidance at 24. At the international level, see, e.g., ICC Rules on Combating Corruption at Art. 10; World Bank Guidelines at §2.3; WEF Principles at §5.1.


    SeeRussian Federal Law No. 273-FZ, “On Fighting Corruption,” Dec. 25, 2008 (the “Russian Anti-Corruption Law”).


    FCPA Guide at 58.




    SeeCanada's Niko Probation Order at ¶ 2(e).


    SeeBrazil's CGU Guidance at 36.


    OECD Guidance, Annex II at ¶ A5.






    FCPA Guide at 59.


    Transparency International Principles at §3.2; accord World Bank Guidelines at §3.


    FCPA Guide at 59.


    OECD Guidance, Annex II at ¶ A6.




    World Bank Guidelines at §5.1; accordICC Rules on Combating Corruption at Art. 3; Transparency International Principles at ¶ 5.2.3. At the national level, see, e.g., FCPA Guide at 60–61; U.K. Bribery Act Guidance at 27–28; Canada's Niko Probation Order at ¶¶ 2(j)(ii)–(iii), 3(a)–(c).


    OECD Guidance , Annex II at ¶ A7.


    See, e.g., U.K. Bribery Act Guidance at 21–22; Japan's METI Guidelines at 8; Germany's BDI Guidance at 11–12; Canada's Niko Probation Order at ¶ 2(b)(iii).


    SeeRussian Federal Law No. 273-FZ, “On Fighting Corruption,” Dec. 25, 2008.


    Brazil Clean Company Act, Law No. 12.846 (2013), at Art. 7.


    FCPA Guide at 40; see also 58 (noting that internal controls systems often have “built-in flexibility so that senior management, or in-house legal counsel, can be apprised of and, in appropriate circumstances, approve unique requests”).


    OECD Guidance, Annex II at ¶ A8.


    FCPA Guide at 59; accordU.K. Bribery Act Guidance at 29–30; Canada's Niko Probation Order at ¶ 2(g); Brazil's CGU Guidance at 31, 37, 44; Japan's METI Guidelines at 11; Germany's BDI Recommendations at 11; South Africa's King Code at 43. At the international level, see, e.g., APEC Anti-corruption Code at §4; ICC Rules on Combating Corruption at Art. 8; Transparency International Principles at ¶ 5.4; World Bank Guidelines at §7; WEF Principles at §5.4


    Brazil's CGU Guidance at 31.


    ICC Rules on Combating Corruption at Art. 8.


    World Bank Guidelines at §7.


    FCPA Guide at 59.


    Brazil's CGU Guidance at 31, 34.


    World Bank Guidelines at §7.


    See OECD Guidance, Annex II at ¶ A9; accordWorld Bank Guidelines at §8.


    ICC Rules on Combating Corruption at Art. 10.


    FCPA Guide at 60.


    OECD Guidance, Annex II at ¶ A10. AccordICC Rules on Combating Corruption at Art. 10; Transparency International Principles at §5.1.4; World Bank Guidelines at §8; WEF Principles at §5.3.3. At the national level, see, e.g., U.K. Bribery Act Guidance at 22; Canada's Niko Probation Order at ¶ 2(i); Japan's METI Guidelines at 9, 11.


    FCPA Guide at 59.


    World Bank Guidelines at §8.2.


    FCPA Guide at 59.


    OECD Guidance, Annex II at ¶ A11.


    See, e.g., FCPA Guidance at 61; U.K. Bribery Act Guidance at 23; Canada's Niko Probation Order at ¶ 2(h)(ii); Japan's METI Guidelines at 10–11. At the international level, see, e.g., APEC Anti-corruption Code at §4; ICC Rules on Combating Corruption at Art. 10; Transparency International Principles at §5.5; World Bank Guidelines, §9; WEF Principles at §5.5.


    SeeBrazil Clean Company Law at Art. 7.


    APEC Anti-corruption Code at §4.


    FCPA Guide at 61.


    See, e.g., FCPA Guide at 61; Canada's Niko Probation Order at ¶ 2(h)(iii); Brazil's CGU Guidance at 36.


    OECD Guidance, Annex II at ¶ A12; accordFCPA Guide at 61–62; APEC Anti-corruption Code at §4; ICC Rules on Combating Corruption at Art. 10; Transparency International Principles at ¶ 5.8; World Bank Guidelines at §3. At the national level, see, e.g., U.K. Bribery Act Guidance at 31; Canada's Niko Probation Order at ¶ 2(d); Japan's METI Guidelines at 5, 8; South Africa's King Code at 33, 68.


    FCPA Guide at 61.


    See, e.g., FCPA Guide at 62; Transparency International Principles at ¶ 5.8; World Bank Guidelines at §3.


    OECD Guidance, Annex II at ¶ A12.


    U.K. Bribery Act Guidance at 31.


    FCPA Guide at 62.

    Request Bloomberg Law