Anti-Bribery and Corruption Compliance: ESG Governance for Australian Businesses

Anti-bribery and corruption compliance is increasingly central to ESG governance and regulatory expectations. Australia has committed internationally to combat corruption through the OECD Anti-Bribery Convention, and domestic law imposes serious penalties for bribery and corruption. For Australian businesses, particularly those operating internationally, corruption risks can result in criminal liability for individuals and organisations, substantial penalties, loss of contracts, and irreparable reputational damage.

This article explores anti-bribery and corruption legal frameworks applicable to Australian businesses, the governance obligations, and practical compliance strategies. For broader ethics governance context, see our articles on business ethics governance and whistleblower protections.

Australian Criminal Code and Anti-Bribery Obligations

Bribery of Foreign Public Officials

Part 10.7 of the Criminal Code Act 1995 prohibits bribery of foreign public officials. The offence applies to any person (Australian citizens, residents, and companies incorporated in Australia) and applies to conduct occurring anywhere in the world. The prohibition covers:

• Offering, promising, or giving benefits to foreign officials
• Obtaining benefits intended as bribes for foreign officials
• Acting as intermediary in bribery arrangements
• Conspiring or attempting to commit bribery

The definition of “foreign public official” is broad and includes officials of foreign governments, international organisations, and state-owned enterprises. It extends to family members or associates of officials in some cases.

Penalties for individuals include imprisonment up to 10 years and fines up to AUD 1.05 million. Companies face fines up to AUD 210 million (or higher if calculated as percentage of revenue).

Bribery of Australian Public Officials

Part 10.1 of the Criminal Code prohibits bribery of Australian public officials. Offences include offering, promising, or giving benefits with intent to influence official conduct. Penalties are comparable to foreign bribery offences.

Organisational Liability under Part 2D

Part 2D of the Criminal Code establishes criminal liability for organisations where directors or senior employees engage in dishonest conduct (including bribery) intended to obtain advantage for the organisation. This significantly expands liability beyond individual perpetrators—organisations face criminal liability for employee misconduct even if senior management was unaware.

Organisations can defend against Part 2D liability by demonstrating adequate procedures were in place to prevent the kind of conduct that occurred. This creates powerful incentive for organisations to implement robust anti-corruption programs.

The OECD Anti-Bribery Convention and Australia

Australia is signatory to the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. The Convention requires countries to criminalise bribery of foreign officials in international business transactions. Australia’s Criminal Code Part 10.7 implements this obligation.

The Convention also establishes peer review mechanisms assessing countries’ compliance with anti-bribery obligations. Australia has undergone peer reviews, and OECD publishes findings and recommendations. Companies operating internationally should be aware of OECD expectations regarding anti-corruption compliance programs.

Regulatory Enforcement and ASIC Perspective

ASIC enforces anti-bribery and corruption laws affecting financial services. ASIC has brought enforcement actions against companies and individuals for bribery and corruption, including cases involving overseas entities and agents. ASIC guidance emphasises that companies must have adequate systems and procedures preventing and detecting bribery.

ASIC’s enforcement has focused on:

• Companies operating in high-corruption-risk jurisdictions without adequate controls
• Failure to conduct adequate due diligence on agents and intermediaries
• Inadequate documentation and oversight of transactions
• Failure to disclose corruption-related conduct or misconduct investigations

Key Elements of Anti-Bribery Compliance Programs

1. Written Anti-Bribery Policy

Organisations should have documented policies prohibiting bribery and corruption. Policy should address:

• Definition of bribery and corruption (with examples)
• Prohibition of offerings or promises to officials or business partners
• Guidance on legitimate business courtesies (gifts, meals, entertainment)
• Transactions with state-owned enterprises (higher-risk due to official involvement)
• Use of agents, consultants, and intermediaries
• Record-keeping and documentation requirements
• Consequences for policy breaches
• Reporting mechanisms

2. Risk Assessment

Organisations should conduct anti-corruption risk assessments identifying:

• Geographic risks (countries where company operates, particularly those with high corruption risk)
• Transaction risks (government procurement, licensing, permits, customs)
• Counterparty risks (intermediaries, agents, joint venture partners)
• Sectoral risks (sectors with higher corruption vulnerability)
• Existing vulnerability (history of corruption, deficient controls)

Risk assessment should inform compliance program intensity—higher-risk operations warrant more intensive controls.

3. Third-Party Due Diligence

Organisations should conduct due diligence on agents, consultants, distributors, and other intermediaries before engaging them. Due diligence should assess:

• Business reputation and track record
• Regulatory history and enforcement actions
• Beneficial ownership and connections to government officials
• Geographic risk (operating in high-corruption jurisdictions)
• Qualifications relative to role (agents lacking legitimate skills may indicate bribery purpose)

Due diligence should be documented and reviewed periodically, particularly if material information emerges about third parties.

4. Approval and Authority Controls

Organisations should establish approval authorities and controls for high-risk transactions:

• Government procurement transactions require documented approval by designated authority
• Significant payments to intermediaries require documentation explaining purpose and justification
• Expense reimbursements and business expenses require supporting documentation and approval
• Transactions in high-risk jurisdictions require enhanced scrutiny

Multiple approvals provide checks and reduce risk of undetected corruption.

5. Accounting and Transparency

Organisations should maintain accurate records of all transactions and ensure financial accounting truthfully reflects transactions. This includes:

• Accurate recording of transaction purpose and amounts
• Prohibition of off-books payments
• Prohibition of false documentation masking payment purpose
• Audit trail enabling transaction verification

Financial reporting should fairly represent business transactions. Falsifying records to conceal bribery creates additional criminal liability for fraud and accounting misconduct.

6. Training and Communication

Organisations should provide mandatory anti-corruption training to all employees, with enhanced training for higher-risk roles (government relations, procurement, regulatory affairs). Training should cover:

• Definitions of bribery and corruption
• Applicable laws and consequences for violations
• Company policy and reporting obligations
• Case studies illustrating bribery scenarios
• Reporting procedures and whistleblower protections

Training should be documented and assessed for understanding.

7. Investigation and Remediation

Organisations should have procedures for investigating corruption allegations and taking remedial action:

• Prompt investigation of reported concerns
• Disciplinary action proportionate to breach severity
• Termination of relationships with third parties engaged in corruption
• Remediation of systemic issues identified through investigations
• Reporting to regulators if legally required

8. Board and Management Oversight

Anti-corruption compliance should be overseen at board or management committee level. Oversight responsibilities include:

• Approving anti-corruption policy
• Receiving regular reporting on corruption risk assessments and compliance metrics
• Monitoring investigation outcomes and remedial actions
• Assessing compliance program effectiveness
• Approving due diligence standards and procedures

FCPA and International Anti-Corruption Obligations

Australian companies operating internationally should be aware of foreign anti-corruption laws. The US Foreign Corrupt Practices Act (FCPA) prohibits US persons and US-listed companies from bribing foreign officials. The UK Bribery Act establishes similar obligations for UK activities. These laws may apply to Australian companies operating in or dealing with the US or UK.

Australian organisations should assess whether international anti-corruption laws apply to their operations and implement compliance programs meeting international standards.

Consequences of Non-Compliance

Non-compliance with anti-bribery laws creates serious consequences:

• Criminal prosecution: Individuals face imprisonment up to 10 years and significant fines
• Organisational liability: Companies face substantial fines, potentially reaching hundreds of millions of dollars
• Debarment: Conviction may result in debarment from government contracts
• Reputational damage: Corruption scandal causes lasting reputational harm affecting business relationships and market valuations
• Regulatory enforcement: ASIC enforcement actions may include licence suspension or cancellation for financial services companies
• Civil liability: Victims of corruption may bring civil claims against companies

Key Takeaways

Anti-bribery and corruption compliance is essential to ESG governance and regulatory compliance. Australia’s Criminal Code prohibits bribery of foreign and domestic officials, with severe penalties. Part 2D creates organisational liability for employee misconduct. Effective compliance programs include written policies, risk assessments, third-party due diligence, approval controls, accurate accounting, training, investigation procedures, and board oversight. Organisations operating internationally should assess applicability of foreign anti-corruption laws such as the FCPA and UK Bribery Act.

Frequently Asked Questions

What is the difference between facilitation payments and bribes?

Facilitation payments (unofficial payments to expedite routine administrative actions) are prohibited under Australian law. Legitimate business courtesies (reasonable gifts, meals, travel) for business development purposes may be permissible if properly documented and not intended to improperly influence official conduct. The distinction depends on intent and context.

Can companies use agents or intermediaries in high-risk jurisdictions?

Yes, but with appropriate controls. Organisations must conduct due diligence on agents, establish clear arrangements regarding compliance obligations, monitor their conduct, and ensure proper documentation of payments. Using agents does not reduce company responsibility for their conduct.

What is Part 2D and how does it affect company liability?

Part 2D of the Criminal Code imposes criminal liability on organisations for dishonest conduct by directors or senior employees intended to benefit the company. Companies can defend by proving they had adequate procedures in place to prevent the conduct. This creates strong incentive for robust compliance programs.

How often should anti-corruption training occur?

Mandatory training should occur upon hire and annually thereafter at minimum. Enhanced training for higher-risk roles and additional training when policies or regulations change is advisable.

What records should companies maintain for anti-corruption compliance?

Companies should maintain records of third-party due diligence, transaction documentation (with business purpose), approval decisions, training completion, investigations, and audit findings. Records should be retained for at least 5-7 years.

How should companies respond if corruption is suspected?

Organisations should promptly investigate suspected corruption, preserve evidence, terminate conduct, take disciplinary action, remediate systemic issues, consider regulatory reporting obligations, and communicate with affected stakeholders appropriately.