Considerations for managing your anti-corruption compliance programme

Monday 18 May 2020

Back to Anti-Corruption Committee publications >>

Cuneyt A Akay
Greenberg Traurig, Denver

Sandra D Gonzalez
Greenberg Traurig, Austin

Michael X Marinelli
Greenberg Traurig, Austin

Adelaida Vasquez Mihu
Greenberg Traurig, Houston


The severity of the business disruption caused by the Covid-19 (Coronavirus) pandemic varies by sector, region and country. In some companies, the business slowdown may leave compliance departments with reduced staff and workloads. In companies that remain largely operational, the challenges may involve a steady or increasing workload for staff working remotely and external chaos.

The current disruption to 'business as usual' may also bring opportunities for compliance teams to enhance compliance programmes. This article provides practical suggestions on managing such a programme during the crisis. The challenges and opportunities it details are organised around the elements identified in the US Department of Justice’s Evaluation of Corporate Compliance Programs.

Risk assessments

‘Assessment of risk is fundamental to developing a strong compliance program and is another factor DOJ and SEC evaluate when assessing a company’s [anti-corruption] compliance program.’[1] Crises, such as the current Covid-19 pandemic, and major business disruptions generally alter a company’s risk profile for multiple reasons. First, government responses to crises can vary from country to country. Second, external factors, such as supply chain disruptions or changing regulatory environments (eg, closed borders), create potential new corruption risks. Third, internal factors, such as increased pressure to meet business expectations, lower demand for services or products, and decreased ability to develop business due to travel restrictions, may lead company employees to disregard anti-corruption compliance policies and procedures.

Due to these increased corruption risks, it is even more important for compliance professionals to assess the changing risk profile of the company and take steps to mitigate those risks. Proactive identification of corruption risks in many cases is critical. While in-person interviews will necessarily be delayed, compliance teams may want to consider using videoconferences, telephone calls, and questionnaires to help identify the company’s changing risk profile. Real-time risk assessments are not always possible but understanding how the business will change and new potential corruption risks is important. In addition, companies may want to consider establishing a system to rank risks and prioritise company resources to help mitigate the riskiest transactions and areas of the business.

Policies and procedures

One common feature of businesses in distress is pressure to relax policies and reduce procedural requirements. In managing the inevitable requests, it may be useful for the business to identify the procedures and controls that go to the heart of preventing and detecting bribery (such as third-party screening and financial controls) and those that are complementary or secondary (such as annual certifications). This could help the compliance team work with the business to evaluate whether requirements can be modified, or deadlines eased to reduce the administrative strain on the organisation.

Also consider taking this opportunity to review and update policies and procedures to assess whether they are consistent when reviewed in context of all company policies. Consider whether it is necessary to issue guidance on procedural issues in the context of change operations and business needs. For example, from a training perspective, determine whether the company needs to remind its employees that in-person training includes video conferences using Zoom or Microsoft Teams.

While procedural requirements during the crisis may be temporarily modified, you may also want to assess them for permanent changes on the return of business as usual. This may be a good time to address any issues the business has had with complying with the procedural requirements in the past. If so, consider scheduling time to meet with the departments that experience the most difficulty with compliance and discuss where the issues arise in the process. For example, work with the company’s social responsibility team to analyse charitable giving limits and procedures to make it easier to make certain lower-risk types of donation. See if there is opportunity to make the requirements more efficient for the business without sacrificing the effectiveness of the programme.

Consider reaching out to the finance department, as financial controls are particularly important in turbulent times. The current environment may create a tendency to make disbursements that lack required approvals. Close and frequent coordination between the compliance and finance departments may help mitigate such tendencies. It will be important to make sure that the finance department understands any changes to the current requirements. This may also be an opportunity for the compliance and finance departments jointly to analyse the procedural requirements and ensure that the company has the right financial controls in place, particularly for when the crisis ends, and business returns to operations.

The current environment may also provide an opportunity to address issues that have not been a priority in the past. For example, it may be a good time to tweak procedures and review documentation requirements to determine the effectiveness of retention. You may also want to consider if now is a good time to update and systemise the company’s record-keeping.

Third-party management

For most companies, third parties often present the greatest corruption risk and the Covid-19 pandemic can make third-party management more difficult. In a rapidly changing environment, the way companies use third parties may change quickly. Companies may want to consider identifying whether new types of third parties will be or have been engaged, and whether they will interact with government entities, including state-owned entities, on behalf of the company.

Selling products and services to government entities, such as state-owned hospitals, has historically carried high corruption risk, as the enforcement cases demonstrate. Items that are essential in the Covid-19 pandemic can be considered even higher risk (eg, surgical masks, hospital gowns, respirators, N95 masks). If possible, company employees should sell the high-risk items directly to the government as opposed to using a third-party distributor or reseller. If that is not possible, the company may want to prioritise using existing distributors or resellers that have been vetted (due diligence and new vendor paperwork) rather than using the services of a new third party.

Similarly, as economies slow, demand for certain products is declining, in some cases dramatically. Companies may want to re-evaluate Key Performance Indicators (KPIs) and communicate to employees the company’s expectations. Retaining unrealistic sales goals during the Covid-19 pandemic may result in pressure to make improper payments.

The Covid-19 pandemic is slowing the movement of goods, which may create scenarios ripe for corruption. Specifically, company employees or customs brokers might be tempted to bribe a customs official to clear the goods more quickly once they arrive at the port. The American Association of Port Authorities issued a statement at the end of February predicting that ‘cargo volumes at many US ports during the first quarter of 2020 may be down by 20 per cent or more compared to 2019.’[2] Moreover, new Chinese export restrictions have delayed supplier shipments to the United States – goods such as face masks and test kits that are necessary to fight Covid-19.[3]

To mitigate this risk, companies may want to review third-party intermediary contracts to ensure that they are current, have a well-defined scope of work, and clear payment terms. Frequent reminders to third parties of the company’s zero tolerance of bribery may be helpful. Compliance professionals may want to explore options to implement online tools for due diligence, expense approvals and contract signatures.

Training and communication

Training is more important in a crisis, rather than less. Some people will focus on immediate impacts and may lose sight of basic business practices. Roles and responsibilities may also change, depending on conditions within the company. In these circumstances, maintaining the existing training programme may help refocus people on its requirements and, perhaps, bring a sense of normality to employees.

Compliance teams may want to ensure that existing training materials are accurate and relevant in the current climate, including updating materials to reflect any programme changes and whether scenarios used in the materials reflect operational realities on the ground.

With large numbers of people working remotely, regular communication is crucial. As companies are inundated with virus-related communications from internal and external sources, cutting through the noise is a challenge. Getting attention requires focused messaging to targeted groups and short communications.

Communications should also reflect the fact that these are anxious times for both management and employees. Useful messages may include:

  • management expressing confidence that the company will continue to ‘do the right thing’ during the crisis. That sort of message need not be specific to anti-corruption;
  • the compliance team informing people about what is and is not changing in the programme. This may involve quashing rumours and speculation; and 
  • alerting management and relevant groups about staffing changes, emerging issues and lessons learnt.

Commitment by senior and middle management

Effective compliance for any organisation often begins with the board of directors and senior executives setting the proper tone because middle management and employees may often take their cues from the corporate leaders.[4] In times of crisis, senior and middle management should consider reinforcing the company’s commitment to compliance.

Senior leadership may want to continue reinforcing the integrity and ethics of the company through leading by example and with effective communication. Direct communication from senior leadership to employees and regular communication from middle management to their respective teams are often considered key. As a company’s response to the crisis unfolds, management may want to provide regular updates on general business operations, remind employees of their compliance obligations while still acknowledging the current business challenges and highlight some of the compliance successes.

Confidential reporting structure and investigation process

It is not unusual for reports of possible ethics violations to increase during disruptive events. You may want to evaluate/test whether the confidential reporting and investigations processes are functioning properly. If the company’s processes are time-bound, assess whether the current time limits remain reasonable, considering any personnel changes. Work with legal and management to triage reports and investigations by risk.

Consider taking the time to fully understand the extent of the company’s technology resources, particularly when conducting investigations. Also consider developing a procedure for remote investigations with input from the relevant departments such as legal, human resources and IT to ensure consistency and preservation of data.

Continuous improvement, periodic testing and review

Constraints on travel and in-person contact necessarily constrain the scope of transaction testing, but monitoring, audits and remediation should continue to the degree possible. Factors to consider in this evaluation include the extent of company operations for the business unit (real estate may not be buying new properties); the degree of implementation of the programme (Covid-19 may have slowed implementation); and the budget for conducting an audit and willingness by management to remediate any findings. Compliance professionals may want to evaluate what testing can take place remotely. A frequent theme in corruption enforcement actions are companies that repeatedly fail to remediate audit findings. For open findings, consider identifying any remediation items that are critical and determine whether and to what degree they can be addressed under current conditions. In addition, the company may want to create an action item list for when the company is back to more normal operations.


Global M&A activity for Q1 2020 is down 39.1 per cent by value and is comparable to the first quarter of 2008, which were the early days of the Global Financial Crisis.[5] The Global M&A activity for Q1 2020 is an indicator of what is to come. Mergermarket noted that it took 11 quarters for deal making to reach prerecession levels.[6] If you have a slow period as we ride out the Covid-19 pandemic, now may be a good time to review controls to ensure that as activity moves ahead or picks up, your compliance team has an opportunity to run anti-corruption due diligence on acquisition targets. Companies may want to think creatively about how they conduct due diligence by conducting interviews, via telephone or videoconference. Do not assume that a business slowdown means there’s less risk. Due diligence is a must.


[1] ‘A Resource Guide to The US Foreign Corrupt Practices Act’, Criminal Division of the US Department of Justice and the Enforcement Division of the US Securities & Exchange Commission, FCPA, 2012, available at:, last accessed 12 May 2020. [hereinafter, 'Resource Guide'].

[2] ‘Coronavirus Impacts Significant to Ports, Shipping, Logistics’, American Association of Port Authorities, 28 February 2020, available at: /, last accessed 12 May 2020.

[3] Katie O’Keefe, Liza Lin and Eva Xiao, ‘China’s Export Restrictions Strand Medical Goods U.S. Needs to Fight Coronavirus, State Department Says’,The Wall Street Journal, 17 April 2020, available at:, last accessed 12 May 2020.

[4] Resource Guide at 57.

[5] Mergermarket, Global & Regional M&A Report 1Q20, available at:, last accessed 12 May 2020); The National Bureau of Economic Research, US Business Cycle Expansions and Contractions, 23 April 2012, available at:, last accessed 12 May 2020.

[6] Mergermarket, Global & Regional M&A Report 1Q20,, last accessed 12 May 2020.

Back to Anti-Corruption Committee publications >>