Anti-Bribery and Corruption Risk Assessment –
ABAC Compliance, Third-Party Due Diligence & Prevention of Corruption Act Advisory
Bribery and corruption are no longer risks Indian businesses can treat as a cost of doing business or a matter of individual ethics. Since the Prevention of Corruption (Amendment) Act 2018 introduced corporate liability into Indian anti-corruption law, a company itself can be prosecuted for bribery committed by any associated person. The only statutory defence is demonstrating that adequate procedures were in place to prevent it — and an anti-bribery and corruption risk assessment is the foundation of that defence.
Overview
End-to-End ABAC Risk Assessment & Compliance Programme
N D Savla & Associates provides anti-bribery and corruption risk assessment services for Indian companies, Indian subsidiaries of multinational groups, and businesses operating in high-risk sectors such as infrastructure, public procurement, pharmaceuticals, defence, and financial services. We cover the full scope — identifying where bribery exposure exists, evaluating the adequacy of current controls, assessing third-party relationships, reviewing existing policies against applicable legal requirements, and producing a prioritised action plan. We also help implement the compliance framework the assessment identifies as needed.
The Legal Framework
Prevention of Corruption Act, FCPA & UK Bribery Act
Understanding which anti-bribery laws apply to a business is the starting point of every risk assessment. Most Indian businesses are subject to at least one of these frameworks — and those with international operations or foreign shareholders are often subject to two or three simultaneously:
- Prevention of Corruption Act, 1988 (Amended 2018) — corporate criminal liability where bribery is committed by an associated person (employee, agent, consultant, contractor) intending to benefit the company; criminalises bribe-giving by commercial organisations
- The "adequate procedures" defence — the only statutory protection available; conducting and acting on a documented risk assessment is the foundation
- US Foreign Corrupt Practices Act (FCPA) — applies to Indian subsidiaries of US-listed parents and to any company using US persons, US territory, or US banking infrastructure; books-and-records and internal accounting controls obligations
- UK Bribery Act 2010 — broadest extraterritorial reach; applies wherever a company carries on part of its business in the UK; covers commercial bribery between private parties, not just public officials
- Facilitation payments — prohibited under the UK Bribery Act; permitted in narrow circumstances under the FCPA
- ISO 37001 — international anti-bribery management system standard, increasingly required by multinationals and foreign investors
- Successor liability — under FCPA and UK Bribery Act, acquiring a company inherits its prior bribery exposure unless pre-acquisition due diligence is documented
Applicability
Who Needs an ABAC Risk Assessment?
A risk assessment is relevant for any organisation where bribery exposure is material. In practice, this covers a wider range of businesses than most management teams initially assume:
- Indian subsidiaries of US or UK multinationals — where the parent's FCPA or UK Bribery Act compliance obligations flow down and the group compliance team requires a documented Indian risk assessment
- High-risk sector companies — infrastructure, public procurement, defence, pharmaceuticals, oil and gas, mining — where interaction with government officials is frequent and the corruption risk is inherently elevated
- Companies using agents, distributors, or brokers who interact with government decision-makers — the highest-risk third-party profile in any assessment
- Companies preparing for PE investment or debt financing where investors and lenders require an anti-corruption due diligence report as part of the transaction process
- Companies that have received a whistleblower allegation, regulatory inquiry, or adverse media report relating to corruption — where a documented assessment is required to demonstrate adequate procedures
- Companies with audit findings on payment patterns — internal or external audit findings identifying unusual payment flows, off-book transactions, or vendor anomalies that may indicate corruption exposure
- Companies pursuing ISO 37001 certification or qualifying for contracts with multinational customers that require independently audited ABAC frameworks
Indian companies with international operations or foreign shareholders frequently have exposure under two or three frameworks simultaneously. Our assessment identifies which laws apply and what each requires.
Engagement Pillars
Risk Assessment & Compliance Programme Build-Out
Every engagement runs in two connected halves — the assessment that identifies the gaps, and the compliance programme that fills them. Each half can be delivered independently or as a single integrated workstream.
The Risk Assessment — Mapping Exposure to Applicable Law
The assessment begins with structured interviews across senior management, finance, procurement, legal, and sales teams to understand interactions with government officials, third-party intermediaries, and business partners. Geographies are scored using Transparency International's Corruption Perceptions Index and sector-specific risk intelligence. Existing policies — codes of conduct, gifts and hospitality, third-party management, whistleblower mechanisms — are reviewed against the PCA, FCPA, and UK Bribery Act. Output is a corruption risk map ranking exposure points by severity, plus a prioritised gap register driving the remediation programme.
The Compliance Programme — Filling the Gaps
The assessment identifies the gaps; the programme fills them. We develop or revise core anti-bribery policies — code of conduct, gifts and hospitality, third-party management, whistleblower mechanism, facilitation payment policy — drafted to address the specific exposure profile and applicable law. Targeted training is delivered for board, management, and frontline staff in high-risk roles (procurement, sales, government relations). Where ISO 37001 certification is the goal, a gap assessment maps the current programme against every ISO 37001 clause and identifies the actions required to close the gap.
High-Risk Exposure Points
Where Bribery Risk Is Highest in the Business
Every assessment maps the business against the points in its operations where corruption risk is highest. The exposure points below are the recurring high-risk categories — and each carries a specific control requirement that an effective compliance programme must build.
Critical risk — agents on commission interact with government officials. Controls: pre-engagement due diligence, commission benchmarking, contractual ABAC obligations, periodic re-screening.
High risk — staff dealing with licensing, customs, regulators, tax officers, tender committees face direct solicitation. Controls: facilitation/gifts policy, mandatory escalation, interaction logs.
High risk — kick-back arrangements where vendors pay purchasing staff. Controls: segregation of duties, vendor due diligence, staff rotation, tender approval matrix.
High risk — minority-stake JVs can create successor liability under FCPA and UK Bribery Act. Controls: pre-investment DD, ABAC representations in JV agreements, audit rights.
Medium risk — gifts, meals, travel can constitute bribery if intended to influence decisions. Controls: financial thresholds, mandatory pre-approval, gifts & entertainment register.
High risk where M&A active — acquiring a company inherits its prior bribery exposure. Controls: pre-acquisition anti-corruption DD, compliance reps, post-deal integration.
Our Methodology
The Five-Component Engagement
Our anti-bribery and corruption risk assessment is structured as a five-component engagement. Each component can be delivered independently or as part of a full integrated assessment-plus-programme rollout.
Corruption Risk Mapping
Structured interviews across senior management, finance, procurement, legal, and sales; geography scoring via Transparency International CPI and sector intelligence; produces a ranked corruption risk map — the foundation of the entire assessment.
Policy & Control Gap Assessment
Existing codes of conduct, gifts/hospitality policies, third-party frameworks, and whistleblower mechanisms reviewed against PCA, FCPA, and UK Bribery Act. Connects directly to the Risk Control Matrix mapping required controls to roles and monitoring.
Third-Party Due Diligence Review
Third parties are the primary vector through which corporate bribery occurs. We assess current vetting and monitoring approaches, screen high-risk parties (commission-based, government connections, high-risk geographies), and run targeted background investigations where warranted.
Anti-Bribery Policy Development & Training
Policies drafted to address the specific exposure profile and applicable law — code of conduct, gifts & hospitality, third-party management, whistleblower, facilitation payment. Training delivered at board, management, and frontline levels — documented as evidence for the adequate procedures defence.
ISO 37001 Gap Assessment
For clients pursuing certification or qualifying for multinational contracts, we map the current programme against every ISO 37001 clause and identify the specific actions required to close the gap — a recognised qualifying credential for foreign investors and large MNC customers.
The Adequate Procedures Defence Starts With a Risk Assessment — Not After a Prosecution.
N D Savla & Associates handles corruption risk mapping, PCA / FCPA / UK Bribery Act compliance review, third-party due diligence, policy development, training, and ISO 37001 gap assessment — under one coordinated engagement. Reach out to discuss your ABAC exposure.
Ready to scope your anti-bribery risk assessment?
Talk to our team about corruption risk mapping, PCA / FCPA / UK Bribery Act compliance review, third-party due diligence, and ISO 37001 gap assessment — under one integrated engagement.
Get in TouchF.A.Q.
An anti-bribery and corruption risk assessment is a structured evaluation of where a business is most exposed to bribery and corruption risk — in its transactions, relationships, geographies, and processes. It maps the exposure points against applicable laws, evaluates the adequacy of existing controls, and produces a prioritised action plan. For Indian companies, it is the foundation of the adequate procedures defence under the Prevention of Corruption (Amendment) Act 2018. Our anti-bribery and corruption risk assessment covers Indian law, FCPA, and UK Bribery Act requirements as applicable. The Risk Control Matrix service maps the required controls to specific roles and monitoring mechanisms after the assessment is complete.
The 2018 amendment introduced corporate criminal liability into Indian anti-corruption law. A company can now be prosecuted for bribery committed by an associated person — employee, agent, or contractor — where the bribery was intended to benefit the company, even without senior management knowledge. The only defence available is demonstrating adequate procedures to prevent bribery. This makes an anti-bribery and corruption risk assessment the starting point of every corporate compliance defence — not an optional governance exercise. Where actual bribery is suspected, our White Collar Investigation service conducts the internal investigation.
Yes — both laws can apply in specific circumstances. The FCPA applies to Indian subsidiaries of US-listed parent companies and to any company using US persons or US territory in connection with a payment. The UK Bribery Act applies to any company that carries on part of its business in the UK — which includes UK customers, UK employees, or a UK office. Indian companies with international operations or foreign shareholders frequently have exposure under both laws simultaneously. Our anti-bribery and corruption risk assessment identifies which laws apply and what each requires. Our Corporate Governance service addresses the board-level oversight obligations that flow from these multi-jurisdiction obligations.
Third parties are the most common channel through which corporate bribery occurs. Companies are held liable under FCPA, UK Bribery Act, and the Prevention of Corruption Act for bribes paid by their agents and contractors on their behalf. Third-party due diligence — screening for red flags, verifying beneficial ownership, reviewing past conduct, and imposing contractual compliance obligations — is therefore a mandatory component of an effective anti-bribery and corruption risk assessment and compliance programme. Where deeper investigation is needed on a specific party, our Corporate Intelligence service provides structured background investigation.
ISO 37001 is the international standard for anti-bribery management systems — it sets out requirements for implementing, maintaining, and improving an ABAC compliance programme. Certification demonstrates to regulators, investors, and multinational customers that the organisation has a systematic, independently audited approach to anti-bribery and corruption compliance. For Indian companies seeking contracts with large multinationals or foreign investment, ISO 37001 is increasingly a qualifying criterion. Our anti-bribery and corruption risk assessment can include an ISO 37001 gap assessment. Our Internal Audit service subsequently audits compliance with the anti-bribery management system on an ongoing basis.
