Anti-bribery and corruption procedures: Time to review them?

Third-party bribery and corruption scandals are rocking boardrooms and making headlines worldwide. Just last year, a major defence contractor was fined £2.25 million for bribing a Navy official. Two years earlier, Glencore became the first company convicted under the UK Bribery Act for actively allowing bribery instead of failing to stop it. 

It’s never been more crucial to know the third parties you work with. And that starts with having robust ABC procedures embedded in your third party due diligence programme. While compliance leaders carry much of the pressure, boards and executives are now equally accountable for meeting regulatory expectations. 

Regulators expect visible, top-down ownership of anti-bribery and corruption (ABC) frameworks, with real engagement around key questions: Are we resourced properly, is our technology keeping up with risk, and are we ready for what’s next? 

ABC regulations and expectations

Regulatory expectations continue to change, with enforcement agencies showing increased sophistication and cross-border cooperation:

• Investigations are increasingly multi-jurisdictional, with agencies sharing information across borders
• Penalties have reached record levels, often exceeding hundreds of millions of dollars
• Individual accountability is growing, with more executives facing personal liability

Key regulatory frameworks:

• UK Bribery Act: Maintains the “adequate procedures” defence but with evolving standards
• US FCPA: While lacking a formal adequate procedures defence, demonstrating programme effectiveness can substantially mitigate penalties
• EU Anti-Corruption Framework: Increasingly harmonised approach across member states
• Emerging market regulations: Countries like Brazil, China, and India have strengthened their anti-corruption laws, creating complex compliance challenges

Why review your ABC procedures?

Regularly auditing your anti-bribery and corruption procedures isn’t just good practice, but protects your organisation from reputational damage. In jurisdictions like the UK, demonstrating that you had “adequate procedures” in place is a formal legal defence under the Bribery Act. While there isn’t an identical provision in the US, similar logic applies: show you have strong controls, audits, and an embedded culture of compliance. 

The keyword here is adequate, and that’s a moving target. What regulators considered adequate two years ago isn’t the same as today. An annual review assumes risk evolves on a slow, predictable timeline. It doesn’t. Emerging threats—be it a political shift in a key region, a regulatory crackdown, or an investigative article on a third party—can unfold in weeks or even days. By the time your next annual review rolls around, you may already be exposed. Consider this:

• Risk-based review cycles: More frequent updates for high-risk geographies or business units.
• Trigger-based assessments: Reviews initiated by acquisitions, market entries, or internal alerts.
• Continuous monitoring: Using automated tools to flag anomalies in real time.

Common weaknesses within ABC procedures

To truly understand a third party’s risk level, companies need nuanced insights drawn from open sources such as news articles, interviews, press releases, exposés, and market reports. As a result, thorough due diligence has traditionally been a human-led effort. However, this approach isn’t sustainable as the volume of data about organisations grows exponentially. A single third party can generate thousands of relevant data points each year. Even well-staffed compliance teams can manually review only a fraction of this information. This leaves organisations with a choice: continue operating with partial insight into their third parties, or adopt a new, technology-enabled approach.

Conducting a one-time ABC risk assessment is another key weakness. Risk assessments, like risk itself, aren’t static. Just because a third party has a clean media footprint today doesn’t mean it will remain clean next week, next month, or next year. Yet many organisations assess risk only during onboarding or at fixed intervals, often annually. This approach can overlook subtle changes that, over time, indicate a deteriorating risk profile. As a result, organisations may find themselves reacting to a crisis instead of acting early on warning signs. To maintain an accurate view of risk, compliance teams need anti-bribery and corruption procedures that continuously monitor third parties using real-time information.

Then there are the language and cultural barriers. Global risk information often surfaces first in local-language publications, well before it reaches international outlets. However, professional translation services are prohibitively expensive. Without technology-enabled multilingual capabilities, important risk signals may be missed or misinterpreted. Organisations operating internationally with English-only due diligence expose themselves to significant risks, potentially leading to unexpected ABC compliance failures.

The benefits of investing in anti-bribery and corruption technology

Companies that invest in anti-bribery and corruption technology—especially tools that automate processes—gain far more than just regulatory compliance. They achieve clear, measurable returns across various business areas, including internal cost savings, operational efficiency, risk reduction, and revenue growth.

These technologies directly cut both external and internal costs. Companies that use automated research tools significantly lower their operational expenses. Deloitte found that 58% of organisations reduced costs after implementing such tools. AI-based systems automate third-party screening, conduct deeper due diligence, and carry out ongoing monitoring at scale. According to McKinsey, automation increases the productivity of human-led research by up to 50%, enabling teams to shift from routine checks to strategic oversight without growing headcount.

Manual due diligence often slows third-party onboarding, causing delays that can reduce revenue. When companies use AI-powered research tools, they onboard third parties much faster, cutting timelines from weeks to just a few days. This acceleration brings major business benefits. Quick third-party approvals speed up supply chains, help distributors generate revenue sooner, and free up teams from chasing documentation. Faster onboarding enables companies to operate more responsively and scale more effectively.

AI also helps companies detect red flags early and accurately. It scans massive amounts of data in real time, uncovering risks that manual processes might miss. This strengthens compliance and prevents costly incidents. Missing corruption risks can lead to severe consequences; many bribery enforcement actions cost companies over $100 million in fines, legal fees, and reputational damage. KPMG reports that organisations with mature compliance programmes face a lower likelihood of enforcement actions.

With faster and more confident decision-making supported by real-time risk insights, commercial teams are empowered to pursue opportunities in higher-risk regions or markets that might otherwise have been avoided. This balance of risk and reward creates a competitive advantage. For instance, Accenture found that companies with strong risk and governance frameworks outperformed their peers by up to 20% in revenue growth. It shows that when compliance doesn’t slow business down, it becomes a growth enabler.