Revisiting anti-corruption compliance program: A must for companies.


Madhvi Datta is a partner in Kochhar & Co’s Gurugram (India) office. She specialises in anti-corruption, white-collar crime and employment practice areas.

Earlier this year, the international anti-graft watchdog, Transparency International, ranked India 93rd out of 180 on its 2023 Corruption Perceptions Index. In the recent years, there has been a steady increase in regulatory investigations, and enforcement authorities continue to enforce stricter standards of corporate governance and transparency. Worldwide stringent laws are prompting businesses to review and strengthen their compliance program.

The Prevention of Corruption Act, 1988, India’s primary anti-corruption statute, was amended in 2018 and introduced significant changes. Companies, for the first time, are now liable if “any person” associated with them gives or promises to give any undue advantage to a public servant unless they establish that they have in place adequate internal safeguards to prevent bribery and corruption. Similarly, the Indian Companies Act 2013, was amended in 2019 to bring in, among other things, stricter provisions against fraud and misgovernance. These amendments highlight the importance of an effective anti-corruption compliance program, especially for multinational companies in India. In addition to this, with the aim to strengthen the corporate governance framework for companies in India, in 2020 the Companies (Auditor’s Report) Order 2020 (CARO 2020) was issued by the Ministry of Corporate Affairs. Recent statistics show increasing enforcement of anti-corruption laws. Along with reputational damage, companies disregarding their obligations will incur significant monetary penalties.

In the past decade, companies breaching their legal and regulatory duties have been fined heavily. 2021 saw the world’s largest advertising group paying US$19 million to the US Securities and Exchanges Commission (SEC) for Foreign Corrupt Practices Act (FCPA) violations at its subsidiaries in India, Brazil, China, and Peru. Similarly, in 2022, a technology firm paid US$23 million to the SEC for violating the anti-bribery books, records, and internal accounting control provisions of the FCPA at its subsidiaries in India, Turkey, and the UAE. These cases illustrate aggressive enforcement and educate companies on the challenges of keeping their compliance program at a level that meet the expectations of regulators / enforcement agencies.

To match increased enforcement, companies have increased their efforts to strengthen internal controls and are addressing issues more diligently than ever before. However, there is room for more holistic, risk-based proactive approach than merely reacting to issues as they arise. There is no one-size-fits-all solution, and companies are well-advised to follow best practices, and continuously learn and improve. For starters, companies should adopt comprehensive anti-bribery and anti-corruption (ABAC) policies, which should include provisions to ensure full compliance with applicable domestic and international anti-bribery legislations. Policies should specifically set out the consequences of corruption and other violations. To bolster governance, companies should have comprehensive vigilance mechanisms, including whistleblower hotlines to ensure confidentiality, non-retaliation, and anonymity.

Companies operating in India must focus on third party risks and government touchpoints in regular operations. Globally, most prosecutions and regulatory settlements arise from payments involving third parties. In 2019, a US multinational retail corporation paid US$282 million to settle criminal and civil claims related to payments made by outside consultants in India, Brazil, China and Mexico. A leading alcoholic beverage maker in 2020 agreed to pay US$19 million to resolve charges under the FCPA of improper payments by an Indian subsidiary. To effectively manage corruption risk companies should have effective third-party risk management policies and procedures. Thorough due diligence should be conducted, and comprehensive risk management controls should be in place to detect and prevent misconduct on an ongoing basis. Formal commitment (in writing) should be sought to ensure compliance with internal policies. Appropriate ABAC provisions should be incorporated in contracts, including the right to audit and terminate if the third party fails to abide by their obligations.

To better promote awareness of ethics and compliance, mandatory workshops and training should be conducted for employees and third parties, particularly those with high-risk profiles. A dedicated compliance officer should oversee program’s development, implementation, and monitoring. The tone from the top is crucial in setting corporate culture and ensuring that the company’s expectations are communicated throughout the organisation. Undertaking periodic risk assessments are essential. Companies cannot blindly assume that their global compliance programmes will be operationalised where they conduct business, rather, they should drill down to understand the specific risks.

With corporate conduct increasingly under scrutiny, compliance with anti-corruption laws cannot be a box-ticking exercise. Nothing can completely insulate a company from corruption, but by taking and rigorously implementing positive actions companies can effectively detect, prevent, respond to, and mitigate corruption-related risks, penalties and other damages. This commitment to integrity fosters trust and ethical excellence, valued by customers, investors, and partners, leading to sustained growth and success.