Skip to content


Compliance Risk Assessment Components: Personnel

By GAN Integrity (Updated )

Our series of posts on conducting an anti-corruption compliance risk assessment has thus far focused on where your business activities are located, who your customers are, how your company interacts with foreign government officials, and the business sector in which you operate. But the risks associated with your company’s personnel require special attention: if corporate bribery is going to take place, the human element will necessarily be involved. This final post in the risk assessment series discusses those personnel roles of particular significance—those most likely to be subject to corruption risks and those in the best position to help mitigate those risks.

  1. Who interacts with government officials?

Care needs to be taken with regard to any company employee or agent who interacts directly with government officials, whether with high-level ministers or employees of local agencies or state-owned enterprises. Your employees or agents with these roles are in an ideal position to be the recipients of bribe requests, or to offer or provide bribes or other improper benefits to get business. Accordingly, they should receive training regarding the specific risks and situations they may encounter. Regular communication with these individuals about the issues they face will help them to feel comfortable discussing concerns and reporting potential problems.

  1. Who sells products or gets business?

Company employees under pressure to make large sales or bring in new business face special pressures and may be inclined to cut corners on compliance. Anti-corruption training should target those involved in the sales process, including sales administration. In addition, management should consider whether developing an effective anti-corruption compliance program means changing compensation packages to remove incentives to cut corners (for example, wages based purely on sales results). Similarly, sales management bonuses could be structured such that no payments are made or any payments previously made must be repaid if an employee in the reporting chain is found to have violated the anti-corruption policy to make a sale helping to produce the bonus.

  1. Who controls funds leaving the company?

Any individual who has involvement with or oversight over funds leaving the company should receive training regarding the circumstances under which payments may be made. This includes, in particular, lower-level employees who may be in a good position to recognize and report unusual payment requests. Accounts payable, travel and entertainment, charitable giving, and petty cash accounts, among others, should be subject to regular monitoring and audit—legal as well as financial.

  1. Who are the company leaders?

Good senior management sets the tone at the top, of course, to help guide and direct a corporate compliance program that is embedded within a company’s culture and operations. Tone at the middle is also important: local managers and other middle management can have a disproportionate influence on the tone (positive or negative) in particular locations, departments, or divisions. Any individual with responsibility for other employees should be appropriately trained, fully appreciate your company’s commitment to compliance, and help communicate this commitment, so that he or she can help establish an appropriate culture of compliance in his or her areas of responsibility.

  1. Who is operating in the most corrupt environments?

We have discussed elsewhere the way location factors into a compliance risk assessment. In certain areas of the world, corruption may be so endemic that all employees and agents in that area should receive the same rigorous compliance training—regardless of function or seniority. Strong procedures and controls will be critical in these geographies to help employees identify and manage the higher corruption risks.

  1. Who is in the best position to detect problems?

Your compliance program should not only target those individuals likely to directly encounter corruption risks, it should also target those in your company who may be able to help detect problems. For example, back office sales personnel, though not directly involved in sales, may have access to information about how sales are generated. Line-level accounting personnel may be aware of improper payments. HR personnel may be asked to help interpret the company code of conduct concerning “hypothetical” issues.

In some cases, employees may be hesitant to discuss problems because of fear of retaliation by their superiors. Your compliance program should seek to establish safe methods for these individuals to report concerns, such as a whistleblower hotline. Both global and local management should emphasize that compliance is everyone’s concern, not just the concern of those who directly encounter risks.

Related reading

Join the E&C Community

Get the latest news from GAN Integrity in your inbox.