Anti-corruption programme for organisations

This anti-corruption programme is designed to be used by all organisations, including:

  • Contractors, consulting engineers, and any organisations providing equipment, materials, work or services.

  • Funders (i.e. organisations providing financing)
  • Government departments

  • Project owners (i.e. organisations which own or are developing projects)

  • Any other types of organisation.

It is applicable to small, medium and large organisations in the public, private and voluntary sectors.

Organisations face serious risk of incurring criminal and civil liability, financial loss and reputational damage due to corruption by their personnel and business associates.  To minimise this risk, organisations should implement a management programme to prevent, detect and deal with corruption both within their own organisation and in their dealings with their business associates.


An anti-corruption programme will not guarantee that there will be no corruption. However, it could materially assist in its prevention and detection. In addition, in the event of possible prosecution of the organisation or its personnel, such a programme could provide important evidence that the organisation had taken reasonable steps to prevent corruption. This may help to avoid or mitigate criminal liability.


GIACC provides below an anti-corruption programme, together with supporting guidance and templates, which can help an organisation implement or improve its anti-corruption programme.   As all GIACC tools are prepared specifically for the infrastructure, construction and engineering sectors, this programme has been designed with these sectors in mind.  However, the programme can be used by organisations in all sectors. 


This GIACC programme incorporates international good practice, and so can be used in any country.  It is consistent with British Standard BS 10500 Anti-bribery Management System.  It comprises policies and procedures which an organisation can integrate into its management procedures so as to help it reduce the risk of corruption. 


The intention of this programme is to reduce the risk of corruption:

  • by the organisation, or by its personnel or others acting on its behalf or for its benefit

  • against the organisation, or its personnel or others acting on its behalf or for its benefit.

  • whether direct or indirect

  • within the country in which the organisation is based, and in other countries in which the organisation operates

  • of any value, whether large or small.

The anti-corruption programme should be implemented and monitored with care and attention equal to that given to any other corporate management or audit process (e.g. safety or quality). The measures recommended in this programme should be adapted by the organisation to take account of the organisation’s specific requirements, and should be implemented in a manner which is reasonable and proportionate to the corruption risk which the organisation faces.   In particular, the programme should be modified according to applicable laws, the size of the organisation, value and nature of business transactions, location of projects, and perception of risk.  Low value or low risk contracts or projects are likely to require a lower level of preventive action than high value or high risk contracts or projects. However, it should be remembered that while commercial risk may be lower in relation to lower value contracts or projects, the criminal risk may remain the same. There is no precise recipe for such modification. This is a value judgment to be made by the organisation itself.  Guidance is given in the links below to assist in such judgement. 


An organisation can copy and use the GIACC guidance and templates below at no charge. However, no organisation is permitted to sell GIACC’s guidance and templates.


GIACC is providing the following guidance and templates at no cost in order to help prevent corruption.  GIACC does not guarantee that the guidance and templates will in practice stop all corruption or prevent or mitigate criminal liability, and GIACC is not liable to any organisation or person who uses the guidance and templates.


Template: Anti-Corruption Programme

The following paragraphs list a series of measures which constitute the anti-corruption programme.


Guidance on implementation of some measures is contained on separate web-pages.  Click on the measure title to access the relevant guidance.  In some cases, templates have been provided in order to assist in implementation.  These can be accessed from the relevant guidance page.





The following definitions apply to this programme:


“board” means the body or person(s) who controls the organisation at the highest level (for example, the board of directors, supervisory council, or other top leadership individual or body).


“business associate” means any party with which the organisation has, or plans to establish, some form of business relationship, including but not limited to clients, customers, joint venture partners, consortium partners, contractors, consultants, sub-contractors, suppliers, vendors, advisors, agents, distributors, representatives and intermediaries (but excluding personnel).


“compliance manager” means the relevant manager appointed by the organisation to undertake the compliance manager responsibilities.


“corruption” means bribery, extortion, fraud, cartels, abuse of power, embezzlement, money-laundering and other similar activities.  (The organisation may, if it wishes, choose to limit the programme to cover specific corruption risks only, such as bribery.  However, this GIACC programme is intended to cover all the above defined corruption risks).


“implement” means design, develop, introduce, operate, maintain, monitor and continually improve.


"organisation" means the organisation implementing the anti-corruption programme.


“personnel” means the organisation’s directors, officers, employees, staff or workers (whether full time or part time, permanent or temporary).

  1. Anti-corruption policyThe organisation should adopt an anti-corruption policy.  The policy should be a commitment by the organisation that it:

    1. prohibits corruption; and

    2. will implement measures to:

      • prevent corruption; and

      • detect, report and deal with any corruption which does occur.

  2. Anti-corruption programmeThe organisation should implement an anti-corruption programme in order to give effect to the anti-corruption policy.  The programme should:

    1. comprise the appropriate policies, procedures and controls specified in paragraphs 3 to 20 below; and
    2. be designed and implemented in a manner which is reasonable and proportionate having regard to the nature and extent of corruption risks which the organisation faces.

  1. Board and management responsibility for the policy and programme:

    • The board should take overall responsibility for the effective implementation of the anti-corruption policy and programme.


    • The board should ensure that the organisation’s managers assume responsibility for overseeing day-to-day compliance by personnel within their department, function or project with the anti-corruption policy and programme.

  2. Communicating the policy and programme:

    • The chief executive (or equivalent leader) of the organisation should issue a written statement to personnel confirming the board’s commitment to the anti-corruption policy and programme.
    • This statement and the anti-corruption policy should be communicated to all personnel and be published on the organisation’s website.
    • All personnel should be required to sign a document that they have received, read and understood the anti-corruption policy, and will comply with it.

  3. Compliance managerA senior manager should be made responsible for ensuring that the organisation has an adequate anti-corruption programme, and complies with the programme. The manager should be provided with sufficient resources and proper authority to implement and monitor all programme activities, and should have direct and prompt access to the chief executive and board. This compliance responsibility can be on either a full-time or part-time basis, depending on the size of the organisation and the nature and extent of corruption risk which the organisation faces. If on a part-time basis, the compliance manager can combine the compliance function with other responsibilities.

  4. Resources:  The organisation should provide the resources needed to implement the anti-corruption programme.

  5. Employment procedures: In relation to all personnel who could pose a corruption risk to the organisation, and to the extent permitted by applicable law, the organisation should implement procedures which provide that:

    1. Personnel should be vetted before they are employed to ascertain as far as is reasonable that their employment is appropriate and that they are the type of person who is likely to comply with the organisation’s anti-corruption policy and programme.
    2. Conditions of appointment should require personnel to comply with the anti-corruption policy and programme.
    3. New personnel should be informed of the organisation’s anti-corruption policy to ensure that they understand it and the importance of complying with it.
    4. Personnel should be required to declare any conflict of interest.  A register of conflict of interests should be maintained. 
    5. The organisation should ensure that personnel have the necessary competence to undertake the responsibilities entrusted to them, based on their experience and / or training. 
    6. Disciplinary procedures should be in place which entitle the organisation to take appropriate disciplinary action against any personnel who breach the anti-corruption policy or programme
    7. Personnel must not be penalised (e.g. by demotion, disciplinary action, transfer or dismissal) for refusing to participate in, or for turning down, a business opportunity in respect of which they have reasonably and in good faith judged there to be an unacceptable risk of corruption.  Nor should any personnel be penalised for reporting in good faith any actual or suspected corruption.
    8. Performance bonuses and performance targets and other incentivising elements of remuneration should be reviewed periodically by an appropriate manager to ensure that there are reasonable safeguards to prevent these from encouraging corruption.

  6. Training: The organisation should provide appropriate anti-corruption training on a regular basis to all relevant personnel to make them aware of the types of corruption they could encounter, the risks of engaging in corrupt activity, the organisation's anti-corruption policy and procedures, and how they may report corruption.

  7. Gifts, hospitality, entertainment, donations and other benefits: The organisation shall adopt a policy which prohibits the offer, giving or receipt of gifts, hospitality, entertainment, donations or other benefits where the offer, giving or receipt is, or could reasonably be perceived to be, for the purpose of corruption.  The organisation shall implement procedures which minimise the risk of breach of this policy.

  8. Facilitation payments: The organisation should adopt a policy which prohibits the making of facilitation payments except where the safety and liberty of personnel is perceived to be at risk. The organisation should implement procedures which minimise the risk of breach of this policy.

  9. Risk assessment and due diligence:


    Risk assessment:  The organisation should on a regular basis assess the risk of corruption in relation to its existing and proposed activities, and assess whether its policies and procedures are adequate to reduce those risks to an acceptable level.

    Due diligence:  In the event that the organisation’s risk assessment identifies a more than low corruption risk in relation to any country, transaction or project, or business associate, the organisation should undertake further appropriate enquiries on the relevant aspects in order to learn more about them and the possible corruption risks they may pose. 

  10. Implementation of anti-corruption measures by controlled organisations and by business associates:

    1. The organisation should implement procedures which ensure that all other organisations over which it has control implement anti-corruption procedures which are reasonable and proportionate having regard to the nature and extent of corruption risks which the controlled organisation faces.  (An organisation might have control, for example, over a subsidiary, joint venture or consortium, either through exercising management control or through having a majority ownership interest.)
    2. In relation to business associates over which the organisation has no control, and in relation to which the organisation’s risk assessment has identified a more than low corruption risk, the organisation should implement procedures which ensure the following: 

      • Where it is reasonable for the organisation to do so, it should take steps to ensure that its business associate implements anti-corruption procedures which include the relevant business transaction within their scope, and which are reasonable and proportionate to the nature and extent of relevant corruption risks.
      • Where it is not reasonable for the organisation to require the business associate to implement anti-corruption procedures, or for the organisation to verify the existence or effectiveness of the business associate’s anti-corruption procedures, then the absence of such procedures, or inability to verify them, is a factor which should be taken into account by the organisation in undertaking the risk assessment on the business associate.

  11. Decision-making Process:  The organisation should establish a procedure which ensures that the decision-making process and the seniority of the decision-maker(s) is appropriate for the value of the transaction and the perceived risk of corruption.

  12. Contract terms:  The organisation should implement procedures which ensure that, in relation to all business associates which pose a more than low corruption risk:

    • as far as is reasonable, all contracts between the organisation and the business associate contain a prohibition of corruption; and
    • where it is not reasonable to require the contract to contain such prohibition, that the absence of the prohibition will be a negative factor taken into account in undertaking the relevant risk assessment.


  13. Financial controls:  The organisation should implement financial controls which minimise the risk of corruption by, on behalf of or against the organisation.

  14. Commercial controls:  The organisation should implement commercial controls which minimise the risk of corruption by, on behalf of or against the organisation.  These controls should include, for example, sales, procurement, supply chain management, operational, project management and other commercial controls.

  15. Reviewing and improving the programme:  The organisation should review and improve the anti-corruption programme in order to ensure that the programme is adequate to manage effectively the corruption risks faced by the organisation and is being effectively implemented.

  16. Reporting:  The organisation should implement procedures which enable personnel to report suspected or actual corruption or breach of the anti-corruption programme in a safe and confidential manner.

  17. Investigating and dealing with corruption:  The organisation should implement procedures which:

    • require appropriate investigation by the organisation of any corruption, or any breach of the anti-corruption programme, which is reported, detected or reasonably suspected; and
    • require appropriate action in the event that the investigation reveals corruption, or breach of the anti-corruption programme.

  18. Records: The organisation should keep reasonably detailed records of its anti-corruption programme and any compliance issues which arise.

  19. Independent assessment and certification:  While not an essential component of an anti-corruption programme, it would be advantageous for the organisation to commission an independent assessment and certification of its anti-corruption programme.  This provides assurance both to the organisation and to third parties that the organisation's anti-corruption programme is operating effectively and complies with good practice.  It is now possible for an organisation to obtain independent certification to a new international anti-bribery standard, ISO 37001 which was published in October 2016.  See GIACC summary on ISO 37001.

  20. Working with other stakeholders:  While not an essential component of an anti-corruption programme, it would be advantageous for the organisation to work with other stakeholders, in the public and private sectors, to help reduce corruption in the infrastructure, construction and engineering sectors.  Preventing corruption requires open collaboration between all parties who are able to influence the agenda.  Collaboration also helps the organisation learn from other organisation's experiences and best practice.

Other Resources

Several organisations provide services and/or have developed tools to assist in the implementation of anti-corruption measures. These organisations are listed below in alphabetical order. If the following details are inaccurate or incomplete, or if you wish your organisation to be listed below, please send details to GIACC. Only services and tools which are available free of charge will be listed.

APEC has published the Hanoi Principles for Voluntary Codes of Business Ethics in the Construction and Engineering Sector.

British Standard BS 10500: Specification for an anti-bribery management system. This is a management systems standard, together with attached guidance, published by British Standards.  It can be independently certified in a similar manner to ISO 9001, ISO 14001 and OHSAS 18001.  See GIACC summary on BS 10500.  This was replaced in October 2016 by ISO 37001. See GIACC summary on ISO 37001.

Business Anti-Corruption Portal
has produced the following anti-corruption resources and tools:

  • Country Profiles:  Corruption related information on various countries.
  • Compliance system guidance:
  • Due Diligence Tools:  Tools related to vetting an agent, consultant or contractor, setting up a joint venture and participating in public procurement.
  • Training:  On-line training modules

Centre of Anti-Corruption Studies provides resources for the study and analysis of issues pertaining to the fight against corruption in Hong Kong and internationally.  It is a research institute established in 2009 under the auspices of the Hong Kong Independent Commission Against Corruption.

FIDIC - International Federation of Consulting Engineers has published its Business Integrity Management System (BIMS), which is designed to help businesses deal with integrity risks.

Global Transport Knowledge Partnership (GTKP) is developing a data base of reports and actions in relation to good governance and corruption prevention on road projects.

International Chamber of Commerce (ICC) has published Combating Extortion and Bribery:  ICC Rules of Conduct and Recommendations (2005)

International Organisation for Standardization (ISO) ISO 37001 anti-bribery management systems standard.  This is a management systems standard, together with attached guidance, which was published in October 2016.  It can be independently certified in a similar manner to ISO 9001, ISO 14001 and OHSAS 18001.  See GIACC summary on ISO 37001.

Organisation for Economic Co-operation and Development (OECD) has produced the following two tools:

Transparency International has produced, in conjunction with several leading international organisations, the Business Principles for Countering Bribery suite of documents designed to assist organisations to implement and manage an effective anti-bribery system.

  • Business Principles for Countering Bribery is an anti-bribery code that organisations can either adopt or use to benchmark against their own systems.
  • Business Principles for Countering Bribery - Small and Medium Enterprises Edition is an edition of the Business Principles tailored to the needs of small and medium enterprises.

UK Anti-Corruption Forum has published an Anti-Corruption Action Statement recommending anti-corruption actions for business associations and professional institutions, companies, project owners, funders and governments.  It has also published the following papers:

The Woolf Committee has published the Woolf Committee Report (May 2008) which advises on an ethical compliance programme for BAE Systems plc.

World Economic Forum – Partnering against Corruption Initiative (PACI) has adopted the PACI Principles for Countering Bribery which are closely modeled on TI’s “Business Principles for Countering Bribery”.

World Federation of Engineering Organisations (WFEO) has published an Anti-Corruption Action Statement recommending anti-corruption actions for professional engineers, professional engineering institutions, governments, project owners, project funders, and companies.  This has been published in two language versions:


Most recent update on 30th November 2016

Page first published on 1st May 2008


© 2019 GIACC