Most leaders think anti-bribery is a legal department's problem until the day it becomes theirs, a third party caught paying off an official, an export deal that suddenly carries a fine larger than the contract. The shift in the law over the last fifteen years is the part worth understanding: it has moved from punishing the person who paid the bribe to punishing the company that failed to prevent it. That changes anti-bribery from a compliance form into a leadership job, building a system proportionate enough to be real and light enough to be used.

The quick version

  • Bribery is offering, giving, requesting or accepting something of value to improperly influence a decision. Corruption is the wider abuse of entrusted power for private gain, bribery is its most common form.
  • Two laws set the global standard with long reach: the UK Bribery Act 2010 (strict, includes private-sector and "failure to prevent") and the US Foreign Corrupt Practices Act (foreign officials, plus books-and-records rules). Both can catch a company far outside their home country.
  • The UK regime gives you a defence if you had "adequate procedures" built on six principles, proportionate procedures, top-level commitment, risk assessment, due diligence, communication & training, and monitoring & review.
  • The risk usually lives in third parties, agents, distributors, intermediaries. "We didn't know" is not a defence; failing to do diligence on who acts in your name is the exposure.

The idea in depth: what actually counts as a bribe

Start with the definitions, because loose language is where trouble hides. Transparency International, the anti-corruption NGO, defines corruption as "the abuse of entrusted power for private gain", a usefully broad frame that covers bribery, embezzlement, fraud and nepotism. Bribery is the specific act inside it: offering, promising, giving, requesting or accepting an advantage to induce someone to act improperly. The thing of value need not be cash. A lavish "fact-finding" trip, a job for a minister's nephew, a discount with strings, all can be bribes if the purpose is to buy a decision the recipient should be making on the merits.

The legal centre of gravity for any internationally-active business sits in two statutes. The UK Bribery Act 2010 is the stricter of the two: it criminalises bribery in the private sector as well as of public officials, makes no general exception for so-called facilitation payments, and, the genuinely novel part, creates a corporate offence of failing to prevent bribery by anyone "associated with" the organisation. The US Foreign Corrupt Practices Act (FCPA) targets the bribery of foreign officials and pairs it with strict accounting provisions, companies must keep accurate books and maintain internal controls, which is how many FCPA cases are actually proven. Both laws reach across borders: a foreign company listed on a US exchange, or one merely doing part of the deal through the UK, can be in scope.

Stop asking "are we a UK or US company?" The useful question is "whose laws can reach this transaction?" If you sell into multiple markets, use overseas agents, or touch the US or UK financial system, assume the strictest applicable standard applies and build to that. Working it out in an investigation costs a great deal more.

An honest limitation. The line between a bribe and legitimate hospitality is genuinely fuzzy, and the law leaves it that way on purpose. A modest working lunch is fine; flying a procurement officer business-class to a "conference" in a resort the week a tender closes is not. There is no universal dollar threshold that makes a gift safe, the test is the purpose and the timing, not the price tag. That ambiguity is uncomfortable, but it's why judgement, recorded and reviewable, matters more than a number in a policy.

The two questions every gift and payment must pass

For day-to-day decisions, you don't need to memorise statutes. You need two questions your people can apply at the moment of pressure. First: would this influence, or look like it influences, a decision that should be made on the merits? Second: would I be comfortable if this payment, this gift, this trip appeared in full on the record with my name beside it? If either answer is shaky, it stops and goes up a level. This is the same front-page test that good ethics programmes use generally, applied to the specific shape of bribery.

flowchart TD
  A(["A gift, payment, trip
or favour is proposed"]) --> B{"Could it influence
a decision that should
be made on the merits?"}
  B -->|"No, clearly trivial
& unconnected"| C(["Record it, proceed"])
  B -->|"Maybe / yes"| D{"Would you defend it
openly, on the record?"}
  D -->|"Yes"| E(["Document the rationale,
get sign-off, proceed"])
  D -->|"No / unsure"| F(["Stop. Escalate.
Don't let one person
decide alone"])
The two-question test for any benefit changing hands, purpose and defensibility, not price. Leaders Loop

One special case trips people up: facilitation payments, small "grease" payments to make an official do something they should do anyway, like releasing goods from customs. Here the two big regimes diverge, which is exactly the kind of detail that gets a multinational into trouble. The FCPA Resource Guide notes a narrow exception for facilitating payments tied to "routine governmental action," turning on the purpose of the payment rather than its value. The UK Bribery Act has no such exception, a facilitation payment is simply a bribe. For any business with UK exposure, the simplest possible rule wins: facilitation payments are banned, full stop, with a documented carve-out only for genuine threats to someone's safety. A single global standard is easier to train and far easier to defend than a patchwork that asks a warehouse clerk in another country to apply two countries' law correctly under pressure.

"Adequate procedures": a system, not a policy PDF

The most practical gift the UK regime gives leaders is its defence. If bribery happens, an organisation can avoid the failure-to-prevent offence by showing it had "adequate procedures" in place. The Ministry of Justice's official guidance builds this on six principles, and they double as a checklist for any anti-bribery programme, UK-exposed or not:

The six principles of adequate procedures (UK MOJ guidance)

  • 1. Proportionate procedures, sized to the actual bribery risk and the nature, scale and complexity of the business. A small domestic firm and a global construction group need very different things.
  • 2. Top-level commitment, leadership visibly sets a culture in which bribery is never acceptable. This is the "tone from the top" that the rest depends on.
  • 3. Risk assessment, periodic, informed and documented assessment of where the exposure actually is (countries, sectors, third parties, transactions).
  • 4. Due diligence, a risk-based look at the people and firms who perform services on your behalf, before they act in your name.
  • 5. Communication & training, policies that are genuinely understood, not just published, through proportionate internal and external communication.
  • 6. Monitoring & review, checking the procedures still work as risks change, and improving them when they don't.

Read those again and notice what they are not: a single document. They describe a living system with an owner, a risk map, real diligence on third parties, training people remember, and a review loop. The word "proportionate" appears first for a reason, the MOJ guidance is explicit that procedures should match the risk, which protects the smaller business from gold-plating and denies the larger one any excuse for doing the minimum.

Modern anti-bribery law doesn't ask whether you paid the bribe. It asks whether you built a system to stop it.

Make one named person accountable for the programme, not "compliance" as an abstraction, but a person who owns the risk assessment, signs off third-party diligence, and reports to the board. The principles only work if someone is responsible for keeping them alive. This is also where psychological safety earns its place in the conversation: the controls catch nothing if the person who spots the dodgy agent payment believes that raising it will mark them as a troublemaker. A safe, used reporting channel is part of the system, not a nice-to-have beside it.

A note on scale and honesty about why this matters beyond fines: Transparency International's 2024 Corruption Perceptions Index found that more than two-thirds of the 180 countries assessed score below 50 out of 100, with the global average stuck at 43. Corruption is not a rare edge case in international business, it is the operating weather in much of the world, which is precisely why a proportionate, risk-based system beats a one-size policy.

A worked example

Take a fictional mid-sized engineering firm, call it Mendel Systems. (Illustrative throughout; not a real company.) Mendel wins its first contract in a higher-risk overseas market and, as is normal there, engages a local "sales agent" to navigate the permitting process. The agent asks for a 15% success fee (an illustrative figure) and an upfront "expediting budget" of $40,000 (illustrative) to "manage relationships" at the licensing authority. The deal is worth far more; the country head wants to sign.

Run it through the principles. Risk assessment already flags this as the textbook danger zone: high-corruption market, government touchpoints, a third party acting in Mendel's name. Due diligence is the gate, who is this agent, who owns the company, why is the fee so far above market, and what exactly does "expediting budget" pay for? An unexplained payment to "manage relationships" with the very officials granting the permit is a bribe wearing a consultant's badge. The failure-to-prevent offence means that if the agent bribes an official, Mendel is liable, and "the agent did it, not us" is not a defence.

flowchart LR
  A(["Local agent: 15% fee
+ $40k 'expediting budget'"]) --> B(["Risk assessment:
high-risk market,
govt touchpoint,
third party"])
  B --> C(["Due diligence:
who owns the agent?
what does the
budget pay for?"])
  C --> D{"Can every payment
be explained &
defended openly?"}
  D -->|"No"| E(["Don't engage on these terms.
Renegotiate to a transparent,
capped, deliverable-based fee,
or walk away"])
  D -->|"Yes, documented"| F(["Proceed with contract terms,
audit rights & anti-bribery
clauses built in"])
The third-party gate: diligence before engagement, and a contract that lets you see and stop the money. Leaders Loop

The disciplined answer isn't necessarily "abandon the market." It's: do the ownership diligence, refuse any payment that can't be tied to a real, defensible deliverable, restructure the fee to a transparent capped rate, and put anti-bribery warranties and audit rights into the contract so Mendel can see where the money goes. If the agent won't accept transparency, that is the answer. The deeper lesson is the same as in any ethics failure: the country head wasn't corrupt, just under pressure to close, so the system has to make the safe path the easy path, before the quarter does the deciding.

Frequently asked questions

What's the difference between bribery and corruption?

Corruption is the umbrella term, the abuse of entrusted power for private gain, and it covers embezzlement, fraud, nepotism and more. Bribery is the most common specific form: giving or taking something of value to improperly influence a decision. In everyday business the word you'll meet most is bribery, but the controls you build (diligence, transparency, a reporting channel) defend against the wider family of corruption too.

Can my company really be liable for what a third party does?

Yes, that's the whole point of the UK Bribery Act's "failure to prevent" offence. If someone associated with your business (an agent, distributor or intermediary) pays a bribe to win business for you, the company can be prosecuted even if leadership never knew. The defence is having had adequate procedures in place. This is why third-party due diligence isn't bureaucracy; it's the single highest-value control most companies have.

Are small gifts and hospitality banned?

No. Reasonable, proportionate hospitality given in good faith, a working lunch, a normal corporate event, is legitimate and the law isn't trying to stop it. The danger is purpose and timing: a gift designed to influence a specific decision, or lavish entertainment of someone who's about to award you a contract. The practical safeguard is a clear policy with a register for anything above a modest threshold, so judgement is recorded rather than hidden.

What about facilitation payments to get things moving?

Treat them as banned. The US FCPA has a narrow exception for small payments tied to routine, non-discretionary government action, but the UK Bribery Act has no such carve-out, there, a facilitation payment is just a bribe. For any business with UK exposure, a single global "no facilitation payments" rule is far easier to train, apply and defend than trying to run two countries' standards side by side. Allow a documented exception only where someone's safety is genuinely at risk.

We're small and domestic, does any of this apply to us?

The principle of proportionality means your procedures should be light, but "none" is the wrong number. Private-sector bribery is covered too, so a kickback to a customer's purchasing manager is in scope. A short code that bans bribes and facilitation payments, a simple gifts register, a way to raise concerns safely, and basic diligence on any partner who acts in your name is a proportionate programme for a smaller firm, and it's the difference between an incident and a liability.

Related in the Toolkit

Anti-bribery sits on top of how a company defines right and wrong (business ethics & ethical frameworks) and is, before it is anything else, a reputational and operational risk the board must own.

Where to go next