Want to set up a compliance program, but not sure where to start? The Compliance Program Guide walks you through the steps you should follow to set up a basic compliance program from start to finish. You’ll find guidance and sample tools to download including anti-corruption policies, eLearning courses, and due diligence tools. You’ll also find country-specific guidance to help you optimize your program to the unique compliance requirements of countries like the US, UK, China, and more.

Compliance Program Guide

Companies must create and implement anti-corruption policies and procedures to meet their legal compliance obligations and mitigate corruption risks. Corruption creates potential criminal, civil and business consequences. Implementing adequate procedures can help manage these risks while creating a competitive business advantage.

Compliance is not just common sense – it’s good business sense:

Criminal and civil penalties for corruption offenses can cost your company millions and result in tough prison sentences. Some pieces of anti-corruption legislation have near global jurisdiction and can hold almost any company liable for corruption.
Business partners and suppliers are increasingly required to document their anti-corruption compliance programs or risk losing contracts.
Your company’s reputation is its most valuable asset. Corruption investigations can harm business opportunities.
Companies convicted of corruption offenses can be excluded from bidding on contracts. The EU, the World Bank and others blacklist convicted companies.

Proportional Procedures

Your company’s policies and procedures must be proportionate to the size, nature and complexity of your business activities.

  • Form an accurate understanding of your business’ geographic scope, industry sector, products and services, government interactions, third-party agents and customers to produce a code of conduct.
  • Work out policies and procedures to outline responsibility for the compliance system, internal controls, auditing practices, documentation practices and disciplinary procedures.
  • Adopt protocols on cooperating with law enforcement authorities and prevent the creation and use of altered documents. See the Russian Compliance Guide on these matters.
  • Implement appropriate financial and accounting procedures and relevant internal controls.
  • Outline assistance and reporting channels
  • Assign a person with adequate authority, autonomy and sufficient resources as responsible for the overall compliance program to ensure effective implementations.
  • Make sure that company policies and procedures should apply to all company personnel.


Top-Level Commitment

Your company’s top management should show visible support for the company’s compliance policies and activities; this will foster a culture of integrity in which bribery is unacceptable. Demonstrating top-level commitment for preventing corruption involves internal and external communication of your policies and top management’s involvement in developing the corruption-prevention procedures. This may include top management setting prevention policies; assigning management to create, implement and monitor procedures; and keeping these under regular review. The commitment of top-management involves formalizing the company’s anti-corruption position in an available written document.


Risk Assessment

Your company should perform periodic assessments of its internal and external risks. Your company must focus most on managing the most serious corruption risks. Perform a periodic and comprehensive risk assessment to identify and weigh internal and external risks and in turn define your priorities. Remember to work together with those familiar with your company’s processes and sales channels to make effective risk assessments.


Geographical Risks

Geographical Risks

Identify the nature and levels of corruption including relevant regulations in the countries you do business. The Portal’s country profiles are a good starting point for your country-level assessments. The Chinese Compliance Guide, for example, underlines the high risk of official bribery as many Chinese companies are state-owned enterprises.

Sectors and Products

Sectors and Products

Your market sector may entail a higher risk of corruption than others. If you operate in sectors dependent on large-scale government contracts or tightly controlled licences your business may be exposed to a higher risk of agents or subcontractors committing a corruption offense on your company’s behalf.



Your market sector may entail a higher risk of corruption than others. If you operate in sectors dependent on large-scale government contracts or tightly controlled licences your business may be exposed to a higher risk of agents or subcontractors committing a corruption offense on your company’s behalf.

Corruption Types

Corruption Types

Evaluate risks for the various forms of corruption. Does your company risk encountering big-value kickback payments, or small-value bribery or facilitation payments? Does your company give gifts or donations, and could these be seen as a corrupt influence on their recipients? Keep in mind that some legislation does not distinguish between bribery and facilitation payments (see the UK Compliance Guide and the Brazil Compliance Guide) while others do (See the FCPA Compliance Guide)

Oversight Autonomy and Resources

Designate departments, structural units, and officers responsible for the prevention of bribery and related offenses. Make sure that individuals in charge of oversight should be autonomous from management and should have sufficient resources to ensure the program is implemented correctly. See for example the Canadian Compliance Guide which emphasizes the importance of establishing a compliance oversight team.

Due Diligence

Companies risk criminal and civil liability for corruption offences committed on their behalf, including management, employees and third parties. Third parties present a higher risk because there is a lower-degree of control over third parties compared to employees.  You should therefore take a risk-based approach and conduct a heightened-level of scrutiny or due diligence before engaging others to represent your company (agents, consultants, joint ventures, etc.). See as an example the German Compliance Guide, which stresses the civil liability of individuals committing corruption on behalf of companies.

Check out our Due Diligence Tools page  which provides you with sample tools to carry out due diligence in public procurement and partner, agent, contractor and consultant screening.

Conducting effective due diligence on third parties and follow an extensive amount of work that may be difficult to keep track of. You are therefore advised to take a more systemic approach to the task. The Definitive Guide to Due Diligence Automation outlines six crucial steps you should follow to establish a comprehensive framework for conducting due diligence.

  • Capture key data and authorize it.
  • Internally assess third party risk
  • Control external due diligence
  • Submit the due diligence questionnaire for review
  • Approve or reject.


Communication & Training

Your policies and procedures should be communicated and understood throughout your company and by key stakeholders. This may include communicating with and training external stakeholders, such as suppliers and contractors. These activities should be documented to help meet your compliance demands, especially your code of conduct and anti-corruption policy. Effective communication and training may take many forms, including e-learning courses (see E-Learning Course sample here), traditional on-site training, e-mail and intranet communications, and electronic and physical policy signings.


Monitoring & Review

Your anti-corruption policies and procedures should be monitored and reviewed continuously to account for changes in risks and the effectiveness of your procedures. This process should be reflected in changes being made as necessary.

  • Access to data (such as financial records) and complaint channels and proxies (such as key performance indicators – KPIs) help you to monitor and review your policies and procedures.
  • Evaluation findings should be reported to your top management and those responsible for the compliance system.
  • Finally, your annual report should disclose the level of implementation of the compliance system to inform stakeholders.


Employees should be able to report violations without fear of retaliation through a whistleblowing mechanism based on confidentiality. Establish disciplinary measures to penalize non-compliance.

Information on irregularities among employees and third parties should be shared. Further, the compliance program and internal controls should be updated after an internal investigation.

The last and final step in the process is to “tune” your program to the unique compliance requirements of the countries your company does business in using these country-specific compliance guides.

Want to receive more corruption report updates?

Subscribe here.