Why anti-bribery and corruption due diligence must be a priority

A new wave of corporate bribery and corruption investigations has reignited concerns about whether companies are doing enough to protect themselves. Recent enforcement actions reveal a troubling pattern: companies that neglect thorough anti-bribery and corruption due diligence are paying the price. 

In September 2023, Albemarle, the U.S.-based chemicals firm, agreed to pay over $218 million to resolve allegations that it used third-party intermediaries to bribe officials of Indonesia’s state-owned oil company to secure business. Despite lacking direct knowledge of the bribes, Albemarle was held liable under the Foreign Corrupt Practices Act (FCPA) because it failed to implement adequate internal controls to prevent such misconduct.

This isn’t an isolated case. In December, the French financial prosecutor (PNF) fined a nuclear power company $5 million for foreign bribery. Before that, in November 2024, multinational aviation and defence electronics group Thales became the subject of a UK Serious Fraud Office bribery and corruption investigation.

These cases serve as stark reminders that, more than a decade after the UK Bribery Act came into force, many companies still fall short of ensuring they have “adequate procedures” to prevent bribery and corruption. And time is running out.

Firms have less than seven months to prepare for the UK’s new corporate “failure to prevent fraud” offence under the Economic Crime and Corporate Transparency Act. Without demonstrable reasonable procedures, companies risk liability and reputational harm.

What is anti-bribery and corruption due diligence?

Anti-bribery and corruption (ABAC) due diligence is a specialised form of third-party risk assessment designed to identify, assess, and mitigate corruption risks associated with business partners, suppliers, and intermediaries. The most common corruption risks include:

• Bribery: Offering or accepting anything of value to gain a business advantage.
• Kickbacks: Undisclosed payments made to influence business decisions.
• Fraudulent contracts: Use of shell companies or falsified invoices.
• Political exposure: Undue influence through politically exposed persons (PEPs).

Why procedures must be proportionate to risk

Due diligence procedures should be tailored to a third party’s risk level. A one-size-fits-all approach is ineffective. Instead, companies must assess and adapt their compliance frameworks based on factors such as industry, geography, and the nature of third-party relationships.

Regulators expect companies to demonstrate that their procedures are:

• Risk-based: Due diligence should be proportionate to the level of risk posed by third parties and business transactions.
• Continuously reviewed: Compliance frameworks should be updated regularly to reflect evolving regulatory expectations and emerging risks.
• Embedded in corporate culture: Policies and controls must be actively enforced and communicated across all levels of the organisation.

Failing to align compliance procedures with actual risk exposure can be just as damaging as having no procedures at all. Companies must conduct regular risk assessments to ensure their systems remain effective and defensible in the face of regulatory scrutiny.

Flaws in anti-bribery and corruption due diligence

Many companies still rely on outdated methods such as questionnaires, desk research, and outsourced investigations—each with critical weaknesses:

Questionnaires

Questionnaires are sent to third parties as part of an onboarding workflow tool to capture risk-related information. However, this method has significant limitations. The process is often laborious and can lead to missing critical risk information. Data quality concerns arise as third parties may selectively provide information that portrays them in a favourable light. Additionally, suppliers often take considerable time to complete, return, and clarify responses, leading to delays that slow down risk assessment and business operations.

Desk research

Desk research involves screening and categorising third parties based on their risk levels. This process involves manually checking them against databases and conducting web searches to gather risk information from public sources. However, it is highly time-consuming and demands significant effort from compliance teams. The consistency of results varies between analysts, which can lead to discrepancies in risk assessments. Additionally, managing false positives is challenging and requires extra manual work to verify the relevance and accuracy of flagged risks.

Risk consultancies

For medium-to-high-risk third parties, due diligence is sometimes outsourced to external firms. While this can provide deeper risk insights, it comes with considerable drawbacks. The cost of outsourcing is often high, with some due diligence reports reaching five-figure sums. Additionally, the turnaround time can be slow, with reports taking anywhere from two days to two weeks to be completed. Waiting for these reports can stall decision-making and increase exposure to unchecked risks.

Adequate systems have to keep pace with technology

Applying a risk-based approach is a key foundation of most modern compliance programmes, yet current tools often fall short of achieving this. Database checks are quick but incomplete, and manual keyword searches provide context but take too long for in-depth analysis of every third party. Most compliance teams lack the tools to perform due diligence in proportion to risk. How can they take a risk-based approach to ABAC diligence if they don’t fully understand the risk level from the start?

This requires a triage process, where third parties are assessed upfront so compliance teams can identify which ones need deeper investigation. However, today’s compliance systems within companies don’t facilitate this initial due diligence process. Many have a pre-screening or questionnaire-based system which is time-consuming and laborious. These processes rely on databases and manual data entry and don’t account for the full scope of information and risks.

With advances in AI technology, what defines an adequate compliance system is now more robust and scalable. AI’s ability to remove the manual constraints hindering compliance teams makes it clear that there’s little reason not to integrate it into ABAC diligence programmes. AI transforms due diligence by:

• Automating research: Scanning global news, regulatory filings, and legal records in real-time.
• Enhancing accuracy: Reducing false positives and presenting the most relevant risk information.
• Processing unstructured data: Extracting insights from obscure sources such as court filings and news reports that a local search result might not find.

The regulatory landscape is shifting, and companies that fail to embrace AI-driven due diligence could soon find themselves unable to defend their compliance system. Starling Bank is an example of this: it was fined £29 million by the FCA for failing to implement sufficient financial crime controls. The regulator criticised its systems as “shockingly lax.” If Starling had leveraged AI-driven monitoring, such failures might have been prevented.

As the hype cycle transitions to a stage where AI’s benefits crystallise, companies must now consider how to integrate AI into their processes. This will help reduce the manual burden on compliance teams, allowing them to focus more on analysis and decision-making.

But it isn’t just about speed. It’s also about accuracy and breadth. Unlike manual processes, which are prone to oversight and inconsistency, AI ensures that no relevant data is overlooked—whether it’s buried in a local news story or hidden in an obscure blog post. AI enables companies to move beyond structured lists, tapping into vast pools of unstructured data and presenting findings in a comprehensive, digestible format.

With that in mind, not using AI could soon be seen as negligent. AI provides a more effective and efficient means of preventing criminal behaviour, and it is both widely accessible and easy to implement. Choosing not to adopt it risks falling behind technological progress and could therefore fail to meet modern standards.

AI will push companies to rethink their systems

Today, no company can maintain an adequate compliance system without the ability to analyse vast amounts of unstructured information about third parties quickly. Without this capability, compliance teams can’t truly take a risk-based approach to anti-bribery and corruption due diligence and maximise the value of their resources. AI provides a strategic advantage by enabling them to identify and manage third-party risks earlier in the business relationship.

While implementing change is challenging, especially when it comes to adopting new systems, companies can unlock regulatory and broader business benefits. This includes streamlining third-party onboarding processes and enhancing the experience for external partners. Given these advantages, there’s little reason not to explore how this technology can transform your programme.

Download our latest whitepaper to learn more about using AI to capture ABAC risks before it’s too late.