Case studies

Implementing an anti-bribery and corruption policy

5 minute read

This is a case study for business owners on how to effectively implement an anti-bribery and corruption policy.


Finlay operates a tech start-up, and is ready to launch an application that may expand into several countries. She spent a lot of time “running the numbers” and has not had time to consider many regulatory risks for the business. In particular, she has not turned her mind to whether planned growth into other countries may increase bribery and corruption risk to her business. She read online that technology companies are currently being targeted by regulators of certain countries who are particularly focused on potential violations of bribery and corruption laws. She read an article about corruption risks for start-ups, particularly when dealing with intermediaries in foreign markets and through various investments methods. Finlay is starting to put in place appropriate compliance policies and controls for the business and she is eager to implement an anti-bribery and corruption (ABC) compliance framework as part of the overall business strategy.

Prevention is the best method to deter bribery and corruption

An ABC compliance framework is the first line of defence for an organisation. Implementation of an ABC policy, regular training, and controls (including systems and processes for monitoring and auditing) are essential in efforts to stamp out bribery and corruption.

What can Finlay’s business do to manage the risks of bribery and corruption?

It should implement an ABC compliance framework, including an ABC policy and fit for purpose controls, to prevent any breach of Australian or foreign anti-bribery laws, and prevent other business and reputational risks.

Step 1: Make a commitment from the top

There must be dedication to preventing bribery and corruption from senior management. Setting the tone for a visible and robust ABC compliance framework will help foster a culture of compliance. Finlay’s eagerness to get on the front foot with implementing an ABC compliance framework in the early stages of her business is a great start.

Step 2: Perform a risk assessment

An organisation must regularly perform risk assessments to identify the bribery and corruption risks associated with its operations and the controls that are needed to effectively prevent and mitigate those risks. It should understand the jurisdictions where it does business and the industries it does business with (directly or through intermediaries), what the regulatory framework is, and what types of red flags may exist in connection with its operations in those places.

Ongoing due diligence checks are required, particularly with regards to business partners, third parties, and consultancy services. This should include an assessment of their track record (e.g. previous allegations of bribery) and the likelihood they are linked to politically exposed persons.

Finlay’s business is only starting out, so in addition to focusing on the markets it is going to be operating in and the type of services it will offer, Finlay may also need to consider:

  • How the business will manage its relationships (including implementation of the ABC framework) with third party service providers and particularly any agents or intermediaries engaging on behalf of the business;
  • If and how it will interact with any government officials; and
  • Whether any of its dealings carry a heightened risk of the potential for requests for improper payments.

As the business grows, the risk assessment should be re-visited as the business model changes, providing a systematic way to assess ABC risks and the appropriateness of the compliance framework.

Step 3: Draft and implement an ABC policy

An ABC policy should address the risks identified in the risk assessment and be proportionate to the operations of the business. It should contain the following essentials:

  • Prohibition on bribery and corruption in any form, including the falsification of books and records;
  • Acknowledgment of the serious criminal and civil penalties that may be incurred by both the company and its employees;
  • The reputational damage that may be done if the organisation is involved in bribery or corruption;
  • Explanation of the bribery and corruption risks that the organisation faces;
  • Provision for training of managers and employees likely to be exposed to bribery or corruption about how to recognise and deal with it;
  • Requirement for third party service providers to acknowledge the ABC compliance framework (i.e. a statement that they will comply with these standards);
  • Outline the controls the business has in place to prevent or mitigate bribery and corruption risks (such as identifying when a risk assessment is required, due diligence requirements, mandatory approvals for engagements with government officials and third party agents or consultants, requiring staff to report red flags or potential breaches of the policy, monitoring of compliance with controls and regular audits); and
  • Reference to a whistleblowing policy and reminder to staff that whistleblowers are in many cases legally protected from adverse consequences, and failure to protect and support whistleblowers may result in penalties for the business.

Step 4: Provide ongoing communication and training

It is vital that an ABC policy is communicated and understood throughout the business by key stakeholders, including through regular training. Training provides the knowledge and skills needed to implement procedures and deal with any bribery and corruption related questions or issues that may arise. Effective training may take the form of e-learning courses, traditional on-site training, e-mail and intranet communications, and policy signings. All staff should complete ABC training. It may also be appropriate for employees whose responsibilities are inherently high risk (with respect to bribery) to undertake additional tailored training or receive targeted communications.   

Step 5: Incentivise ethical behaviour and reporting

It must be clear that compliance with the ABC compliance framework is mandatory for all staff and that no employee will suffer adverse consequences for refusing to pay bribes or for whistleblowing, even where that stops or delays a business transaction. Disciplinary measures should be established for non-compliance. Remuneration frameworks should be structured so that staff will not be incentivised to make unlawful payments to reach performance benchmarks.

Step 6: Conduct regular monitoring and review

Your business should regularly monitor and review the effectiveness of your ABC compliance framework. This is done to assess whether it is adequate and proportionate – that is, whether the compliance framework is fit for purpose and being implemented and operating effectively. A periodic audit will provide a level of assurance about whether the ABC compliance framework is working as intended and help to identify adjustments, as required. A record should be kept of all steps taken towards compliance.

The Bribery Prevention Network acknowledges the pro-bono contribution of Corrs Chambers Westgarth in developing this case study.

Relevant resources

Putting in place an anti-bribery policy is an important part of establishing and maintaining adequate procedures to prevent bribery and corruption. Use this template as a starting point when creating a tailored anti-bribery policy for your business. Adapt this template to your business's specific operating risks, including the activities and geographies that present the highest risk of bribery and corruption issues.

See how your organisation’s anti-bribery and corruption policy compares with the policies of the top ASX listed companies. If your organisation does not yet have an anti-bribery and corruption policy, identify key features that you might incorporate into a future policy. This collection contains links to policies from large organisations across a variety of industries – including the financial, materials, mining, healthcare, real estate, consumer staples, telecommunications, IT, industrials and energy industries.

This short, 15 minute learning module can be used by businesses to help develop employees’ awareness of the foreign bribery offence. The module provides information about Australia’s anti-bribery policy, relevant laws and how to report foreign bribery. It features video interviews with Australian Federal Police representatives, links to relevant agencies and a short quiz, and supports users with accessibility requirements.

Launched in 2021, this interactive tools is designed for a diversity of small and medium sized enterprises. The tool supports businesses to implement corruption risk assessments throughout global supply chains. It offers a good first step for understanding what actions can be taken to improve business corruption risk assessments and provides a list of information sources to do so.

Create a compliance program that seeks to prevent and address bribery and corruption with this guide. It includes country risk reports that outline risks associated when engaging with state-owned enterprises. Also included are key actions to take when building a compliance program, a six-step process for conducting third party due diligence, sample policies, training procedures, risk assessment templates and due diligence tools.

Support the delivery of an effective compliance program by ensuring business leaders and senior managers demonstrate commitment to compliance programs. This resource discusses the importance of setting the tone from the top and identifies practical steps to demonstrate top level commitment and build a culture of compliance. This webpage is available in three languages: English, Spanish and Portuguese.