Are Corporate Anticorruption Compliance Programs Effective?

Requiring business corporations to institute an anticorruption compliance program should be a part of any national strategy to fight corruption.  The argument is simple.  Corporate employees or their agents are always on the paying side of a bribery offense and often a facilitator of conflict of interest and other forms of corruption.  Making it against company policy for employees or agents to participate in any corrupt act with stringent sanctions up to and including termination for a violation will help shut down the supply side of the corruption equation.

Even where a company’s compliance program is a sham, established simply to comply with the law, it can still help in combating corruption.  A sham program would be a violation of law, and were the company investigated, the existence of a sham program would be easy for investigators to spot, easing their task of determining wrongdoing.  So there seems to be no reason why lawmakers shouldn’t insist that firms subject to their law, whether state-owned or privately-held, establish a program.  And between the many guides published by international organizations (examples here and here), NGOs (here and here), academics, the burgeoning compliance industry, and the issuance of an international standard for such programs, there is no dearth of information on how to create and operate an effective one.

I have argued the case for a compliance requirement in several posts (examples here and here), as have many other GAB contributors (examples here and here).  My most recent plea for mandating private sector compliance programs came in this one noting such a requirement in Vietnam’s new anticorruption law.  But one thing I have not done is address two obvious questions about compliance programs that Matthew posed in a comment to the Vietnam post: How are compliance requirement laws enforced? How effective are they in practice?

It turns out these obvious, innocent sounding questions (the kind law professors always seem to ask) aren’t all that easy to answer.  What I have found so far follows.  Readers with more information earnestly requested to supplement it.

United States. Under American federal law, companies awarded a public contract of $5 million or more that will take at least 120 days to perform must establish a compliance program.  The law is enforced in two ways.  One, the public servant responsible for overseeing the contract must ensure the contractor has a program (Federal Acquisition Regulation 42.302(a)(71)).  Two, during an audit, the auditors may examine whether a contractor has a program as they did in this review of a USAID project where they found an NGO hired to monitor the project did not have one.

I have seen no data or reports on how effective contracting officers’ oversight of contractors is in ensuring compliance.  Nor have I uncovered any list of audit reports that have examined the compliance program issue.  Again, a plea to readers with additional information to share it — either by contributing a comment to this post or by submitting a guest post.

United Kingdom.  Section 7 of the 2010 United Kingdom Bribery Act imposes criminal liability on any company that fails to have “in place adequate procedures designed to prevent persons associated with [it]” from paying a bribe.  In a 2017 article, Genevieve LeBaron and Andreas Rühmkorf of Sheffield Law School examined its effectiveness.  They reviewed the publicly available documents of 25 large British firms — their codes of ethics, terms and conditions imposed on companies in their supply chain, and other documents and reports of their conduct since 2010; they conducted an in-depth analysis of how one company’s conduct had evolved since 2010 as well.  Their conclusion: “bribery has become a genuine compliance issue that companies are addressing through due diligence mechanisms.”

Granted that the LeBaron and Rühmkorf research isn’t the kind of rigorous quantitative analysis that would find a home in the American Economic Review and that my findings speak to attempts to enforce the law rather than the law’s effectiveness.  But as reviews (here and here) of the research on deterring corporate crime observe, precise measures of the effect of law on corporate behavior remain out-of- reach. Data bases on corporate crime are non-existent; systematic procedures for identifying unreported crime similar to crime victimization surveys are not conducted; identifying the many ways corporate behavior is affected is a conceptual and methodological challenge of the first-order, and even the definition of “corporate crime” is contested.  What the LeBaron and Rühmkorf work and my own findings do provide is evidence confirming that most powerful of scientific principles: common sense.  That demanding companies act to stop employees and agents from engaging in corruption is a useful weapon in the fight to contain corruption.

2 thoughts on “Are Corporate Anticorruption Compliance Programs Effective?

  1. This is an excellent question (and not just for companies, but for state institutions as well – I feel like there are way too many compliance programs in different public sector agencies and very few of them seem to be following whether they work). I have no additional information to share, but I think that a mechanism tracking the effectiveness of a compliance program should actually be an inevitable part of any good such program. In other words – the companies themselves should be able to tell HOW do they know the program is effective. I already hear voices of critics shouting that it is too complex, but I refuse to believe it. A good compliance program should be reviewed often, employees should be somehow engaged in evaluating how effective it is – and the entire program should be always be based on an up-to-date risk analysis. Otherwise, you might as well just not have one.

  2. I agree with Ruta’s point on state institutions: it goes without saying that there’s an “enforcement gap” between public integrity laws as written and as applied. Nonenforcement can be a function of inadequate funding, legal loopholes, or executive disregard.

    Readers interested in the anticorrpution practices of U.S. states may find the work of The Center for Public Integrity interesting. CPI bakes the enforcement gap into its ratings of U.S. state corruption. For a description of how the enforcement gap factors into its ratings, see For the ratings themselves and their underlying data, see

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.