16303127


Anti-Corruption Programme for Organisations

This anti-corruption programme is designed to be used by all organisations, including:

  • Contractors, consulting engineers, and any organisations providing equipment, materials, work or services.
  • Funders (i.e. organisations providing financing)
  • Government departments
  • Project owners (i.e. organisations which own or are developing projects)
  • Any other types of organisation.

It is applicable to small, medium and large organisations in the public, private and voluntary sectors.

Organisations face serious risk of incurring criminal and civil liability, financial loss and reputational damage due to corruption by their personnel and business associates.  To minimise this risk, organisations should implement a management programme to prevent, detect and deal with corruption both within their own organisation and in their dealings with their business associates.

An anti-corruption programme will not guarantee that there will be no corruption. However, it could materially assist in its prevention and detection. In addition, in the event of possible prosecution of the organisation or its personnel, such a programme could provide important evidence that the organisation had taken reasonable steps to prevent corruption. This may help to avoid or mitigate criminal liability.

GIACC provides below an anti-corruption programme (which includes programme measures, guidance and templates), which can help an organisation implement or improve its anti-corruption programme.   As all GIACC tools are prepared specifically for the infrastructure sector, this programme has been designed with this sector in mind.  However, the programme can be used by organisations in all sectors. 

This GIACC programme incorporates international good practice, and so can be used in any country.  It is consistent with the international standard ISO 37001 Anti-bribery Management System.  It comprises policies and procedures which an organisation can integrate into its management procedures so as to help it reduce the risk of corruption. 

The intention of this programme is to reduce the risk of corruption:

  • by the organisation, or by its personnel or others acting on its behalf or for its benefit
  • against the organisation, or its personnel or others acting on its behalf or for its benefit
  • whether direct or indirect
  • within the country in which the organisation is based, and in other countries in which the organisation operates
  • of any value, whether large or small.

The anti-corruption programme should be implemented by the organisation with care and attention at least equal to that given to any other corporate management or audit process (e.g. safety or quality).  The measures recommended in this programme should be adapted by the organisation to take account of the organisation’s specific requirements, and should be implemented in a manner which is reasonable and proportionate to the corruption risk which the organisation faces.   In particular, the programme should be modified according to applicable laws, the size of the organisation, value and nature of business transactions, location of projects, and perception of risk.  Low value or low risk contracts or projects are likely to require a lower level of preventive action than high value or high risk contracts or projects. However, it should be remembered that while commercial risk may be lower in relation to lower value contracts or projects, the criminal risk may remain the same.  There is no precise recipe for such modification. This is a value judgment to be made by the organisation itself.  Guidance is given in the links below to assist in such judgement. 

An organisation can copy and use the GIACC programme below at no charge. However, no organisation is permitted to sell the whole or part of GIACC’s programme.

GIACC is providing the following anti-corruption programme (which includes programme measures, guidance and templates) at no cost in order to help prevent corruption.  GIACC does not guarantee that the programme will in practice stop all corruption or prevent or mitigate criminal liability, and GIACC is not liable to any organisation or person who uses the programme.

Anti-Corruption Programme

The following paragraphs list a series of measures which constitute the anti-corruption programme.

Guidance on implementation of the measures is contained on separate web-pages.  Click on the measure title to access the relevant guidance.  In some cases, templates have been provided in order to assist in implementation.  These can be accessed from the relevant guidance page.

Definitions

The following definitions apply to this programme:

  • “board” means the body or person(s) who controls the organisation at the highest level (for example, the board of directors, supervisory council, or other top leadership individual or body).
  • “business associate” means any party with which the organisation has, or plans to establish, some form of business relationship, including but not limited to clients, customers, joint venture partners, consortium partners, contractors, consultants, sub-contractors, suppliers, vendors, advisors, agents, distributors, representatives and intermediaries (but excluding personnel).
  • “compliance manager” means the relevant manager appointed by the organisation to undertake the compliance manager responsibilities.
  • “corruption” means bribery, extortion, fraud, cartels, abuse of power, embezzlement, money-laundering and other similar activities.  (The organisation may, if it wishes, choose to limit the programme to cover specific corruption risks only, such as bribery.  However, this GIACC programme is intended to cover all the above defined corruption risks).
  • “implement” means design, develop, introduce, operate, maintain, monitor and continually improve.
  • “organisation” means the organisation implementing the anti-corruption programme.
  • “personnel” means the organisation’s directors, officers, employees, staff or workers (whether full time or part time, permanent or temporary).

Anti-corruption measures

The organisation should implement the following anti-corruption measures.

  1. Anti-corruption policy: The organisation should adopt an anti-corruption policy.  The policy should be a commitment by the organisation that it:
    • prohibits corruption; and
    • will implement measures to:
      • prevent corruption; and
      • detect, report and deal with any corruption which does occur.
  2. Anti-corruption programme: The organisation should implement an anti-corruption programme in order to give effect to the anti-corruption policy.  The programme should:
    • comprise the appropriate policies, procedures and controls specified in paragraphs 3 to 20 below; and
    • be implemented in a manner which is reasonable and proportionate having regard to the nature and extent of corruption risks which the organisation faces.
  3. Board and management responsibility for the policy and programme:
    • The board should take overall responsibility for the effective implementation of the anti-corruption policy and programme.
    • The board should ensure that the organisation’s managers assume responsibility for overseeing day-to-day compliance by personnel within their department, function or project with the anti-corruption policy and programme.
  4. Communicating the policy and programme: 
    • The chief executive (or equivalent leader) of the organisation should issue a written statement to personnel confirming the board’s commitment to the anti-corruption policy and programme.
    • This statement and the anti-corruption policy should be communicated to all personnel and be published on the organisation’s website.
    • All personnel should be required to sign a document that they have received, read and understood the anti-corruption policy, and will comply with it.
  5. Compliance manager:  A senior manager should be made responsible for ensuring that the anti-corruption programme is adequate to deal with the corruption risks faced by the organisation, and is effectively implemented and complied with by the organisation and its personnel.  The manager should be provided with sufficient resources and proper authority to implement all programme activities, and should have direct and prompt access to the chief executive and board. This compliance responsibility can be on either a full-time or part-time basis, depending on the size of the organisation and the nature and extent of corruption risk which the organisation faces. If on a part-time basis, the compliance manager can combine the compliance function with other responsibilities.
  6. Resources:  The organisation should provide the resources needed to implement the anti-corruption programme.
  7. Employment controls:  In relation to all personnel who could pose a corruption risk to the organisation, and to the extent permitted by applicable law, the organisation should implement procedures which provide that:
    • Personnel should be vetted before they are employed to ascertain as far as is reasonable that their employment is appropriate, and that they are the type of person who is likely to comply with the organisation’s anti-corruption policy and programme.
    • Conditions of appointment should require personnel to comply with the anti-corruption policy and programme.
    • Personnel should be informed of the organisation’s anti-corruption policy and programme to ensure that they understand them, and understand the importance of complying with their requirements.
    • Personnel should be required to declare any conflict of interest.  A register of conflict of interests should be maintained. 
    • The organisation should ensure that personnel have the necessary competence to undertake the responsibilities entrusted to them, based on their experience and / or training. 
    • Disciplinary procedures should be in place which entitle the organisation to take appropriate disciplinary action against any personnel who breach the anti-corruption policy or programme.
    • Personnel must not be penalised (e.g. by demotion, disciplinary action, transfer or dismissal) for refusing to participate in, or for turning down, a business opportunity in respect of which they have reasonably and in good faith judged there to be an unacceptable risk of corruption.  Nor should any personnel be penalised for reporting in good faith any actual or suspected corruption.
    • Performance bonuses, performance targets and other incentivising elements of remuneration should be reviewed periodically by an appropriate manager to ensure that there are reasonable safeguards in place to prevent these from encouraging corruption.
  8. Training:  The organisation should provide appropriate anti-corruption training on a regular basis to all relevant personnel to make them aware of the types of corruption they could encounter, the risks of engaging in corrupt activity, the organisation’s anti-corruption policy and programme, and how they may report corruption.
  9. Gifts, hospitality, entertainment, donations and other benefits:  The organisation should adopt a policy which prohibits the offer, giving or receipt of gifts, hospitality, entertainment, donations or other benefits where the offer, giving or receipt is, or could reasonably be perceived to be, for the purpose of corruption.  The organisation should implement procedures which minimise the risk of breach of this policy.
  10. Facilitation payments:  The organisation should adopt a policy which prohibits the making of facilitation payments except where the safety and liberty of personnel is perceived to be at risk. The organisation should implement procedures which minimise the risk of breach of this policy.
  11. Risk assessment and due diligence:
    • Risk assessment:  The organisation should on a regular basis assess the risk of corruption in relation to its existing and proposed activities, and assess whether its policies, procedures and controls are adequate to reduce those risks to an acceptable level.
    • Due diligence:  In the event that the organisation’s risk assessment identifies a more than low corruption risk in relation to any country, transaction or project, or business associate, the organisation should undertake further appropriate enquiries on the relevant aspects in order to learn more about them and the possible corruption risks they may pose. 
  12. Implementation of anti-corruption measures by controlled organisations and by business associates:
    • The organisation should implement procedures which ensure that all other organisations over which it has control implement anti-corruption procedures which are reasonable and proportionate having regard to the nature and extent of corruption risks which the controlled organisation faces.  (An organisation might have control, for example, over a subsidiary, joint venture or consortium, either through exercising management control or through having a majority ownership interest.)
    • In relation to business associates over which the organisation has no control, and in relation to which the organisation’s risk assessment has identified a more than low corruption risk, the organisation should implement procedures which ensure the following:
      • Where it is reasonable for the organisation to do so, it should take steps to ensure that its business associate implements anti-corruption procedures which include the relevant business transaction within their scope, and which are reasonable and proportionate to the nature and extent of relevant corruption risks.
      • Where it is not reasonable for the organisation to require the business associate to implement anti-corruption procedures, or for the organisation to verify the existence or effectiveness of the business associate’s anti-corruption procedures, then the absence of such procedures, or inability to verify them, is a negative factor which should be taken into account by the organisation in undertaking the risk assessment on the business associate.
  13. Decision-making process:  The organisation should establish a procedure which ensures that the decision-making process and the seniority of the decision-maker(s) is appropriate for the value of the transaction and the perceived risk of corruption.
  14. Contract terms:  The organisation should implement procedures which ensure that, in relation to all business associates which pose a more than low corruption risk:
    • as far as is reasonable, all contracts between the organisation and the business associate should contain a prohibition of corruption
    • where it is not reasonable to require the contract to contain such prohibition, then the absence of the prohibition is a negative factor which should be taken into account in undertaking the relevant risk assessment. 
  15. Financial controls:  The organisation should implement financial controls which minimise the risk of corruption by, on behalf of or against the organisation.
  16. Commercial controls:  The organisation should implement commercial controls which minimise the risk of corruption by, on behalf of or against the organisation.  These controls should include, for example, sales, procurement, supply chain management, operational, project management and other commercial controls.
  17. Reviewing and improving the programme:  The organisation should review and improve the anti-corruption programme in order to ensure that the programme is adequate to manage effectively the corruption risks faced by the organisation and is being effectively implemented.
  18. Reporting:  The organisation should implement procedures which enable personnel to report suspected or actual corruption or breach of the anti-corruption policy or programme in a safe and confidential manner.
  19. Investigating and dealing with corruption:  The organisation should implement procedures which:
    • require appropriate investigation by the organisation of any corruption, or any breach of the anti-corruption policy or programme, which is reported, detected or reasonably suspected
    • require appropriate action in the event that the investigation reveals corruption, or breach of the anti-corruption policy or programme.
  20. Records: The organisation should keep reasonably detailed records of its anti-corruption policy and programme and any compliance issues which arise.
  21. Independent assessment and certification:  While not an essential component of an anti-corruption programme, it would be advantageous for the organisation to commission an independent assessment and certification of its anti-corruption programme.  This provides assurance both to the organisation and to third parties that the organisation’s anti-corruption programme is operating effectively and complies with good practice.  It is possible for an organisation to obtain independent certification to the international anti-bribery standard, ISO 37001, which was published in 2016.  See GIACC summary on ISO 37001.
  22. Co-operating with other stakeholders:  While not an essential component of an anti-corruption programme, it would be advantageous for the organisation to co-operate with other stakeholders, in the public and private sectors, to help reduce corruption in the infrastructure sector.  Preventing corruption requires open co-operation between all parties who are able to influence the agenda.  Co-operation also helps the organisation learn from other organisations’ experiences and best practice.

Other Resources

Several organisations have published resources which assist in the implementation of anti-corruption measures. These organisations and their resources are listed below in alphabetical order. If the following details are inaccurate or incomplete, or if there are other recognised international resources to be added, please send details to GIACC.

APEC has published the Hanoi Principles for Voluntary Codes of Business Ethics in the Construction and Engineering Sector.

British Standard BS 10500: Specification for an anti-bribery management system. This is a management systems standard, together with attached guidance, published by British Standards.  It can be independently certified in a similar manner to ISO 9001, ISO 14001 and ISO 45001.  See GIACC summary on BS 10500.  BS 10500 was superseded in October 2016 by ISO 37001 but is still being used by some organisations. See GIACC summary on ISO 37001.

Business Anti-Corruption Portal has produced the following anti-corruption resources and tools:

  • Country Profiles:  Corruption related information on various countries.
  • Compliance system guidance
  • Due Diligence Tools:  Tools related to vetting an agent, consultant or contractor, setting up a joint venture and participating in public procurement.
  • Training:  On-line training modules.

Centre of Anti-Corruption Studies provides resources for the study and analysis of issues pertaining to the fight against corruption in Hong Kong and internationally.  It is a research institute established in 2009 under the auspices of the Hong Kong Independent Commission Against Corruption.

FIDIC – International Federation of Consulting Engineers has published its Integrity Management System (FIMS), which is designed to help businesses deal with integrity risks.

Global Transport Knowledge Partnership (GTKP) is developing a data base of reports and actions in relation to good governance and corruption prevention on road projects.

International Chamber of Commerce (ICC) has published Combating Extortion and Bribery:  ICC Rules of Conduct and Recommendations (2005).

International Organisation for Standardization (ISO) ISO 37001 anti-bribery management systems standard.  This is a management systems standard, together with attached guidance, which was published in October 2016.  It can be independently certified in a similar manner to ISO 9001, ISO 14001 and ISO 45001.  See GIACC summary on ISO 37001.

Organisation for Economic Co-operation and Development (OECD) has produced the following resources:

Transparency International has produced, in conjunction with several leading international organisations, the Business Principles for Countering Bribery suite of documents designed to assist organisations to implement and manage an effective anti-bribery system.

  • Business Principles for Countering Bribery is an anti-bribery code that organisations can either adopt or use to benchmark against their own systems.
  • Business Principles for Countering Bribery – Small and Medium Enterprises Edition is an edition of the Business Principles tailored to the needs of small and medium enterprises.

World Economic Forum – Partnering against Corruption Initiative (PACI) has adopted the PACI Principles for Countering Bribery which are closely modeled on TI’s “Business Principles for Countering Bribery”.

World Federation of Engineering Organisations (WFEO) has published an Anti-Corruption Action Statement recommending anti-corruption actions for professional engineers, professional engineering institutions, governments, project owners, project funders, and companies.  This has been published in two language versions:

Updated on 10th April 2020

© GIACC