Anti-Corruption and Business Ethics in ESG Governance
How Do ESG Investors Assess Anti-Corruption and Business Ethics?
Corruption is one of the most direct paths from governance failure to financial loss. US FCPA enforcement, UK Bribery Act prosecutions, and OECD anti-corruption conventions have transformed anti-bribery compliance from a theoretical concern to a source of multi-billion-dollar fines for companies that fail to maintain adequate controls. Beyond legal compliance, the quality of a company's ethics culture — reflected in whistleblowing systems, ethics training programs, and demonstrated leadership commitment — signals the broader governance discipline that predicts whether other ESG commitments will be credibly executed.
Anti-corruption governance encompasses the policies, programs, processes, and controls through which a company prevents, detects, and responds to bribery, corrupt payments, and other ethics violations across its operations and supply chain.
Key Takeaways
- US FCPA enforcement has produced over $10 billion in penalties annually in peak enforcement years; the DOJ/SEC maintain a public list of resolved enforcement actions.
- ISO 37001 (Anti-Bribery Management Systems) provides the most widely recognized third-party certifiable standard for anti-bribery program quality.
- UNGC Principle 10 (anti-corruption) is incorporated into SFDR PAI indicators 9 and 10, making anti-corruption a mandatory reporting dimension.
- Third-party risk management — auditing distribution partners, agents, and joint venture partners — is where most FCPA violations originate.
- Whistleblowing effectiveness is a leading indicator of ethics culture quality; companies with low whistleblowing rates may have suppression problems, not clean compliance records.
The Regulatory Landscape
US Foreign Corrupt Practices Act (FCPA)
The FCPA, enacted in 1977 and strengthened in 1998, prohibits US persons and issuers from bribing foreign government officials to obtain or retain business. It also requires issuers to maintain accurate books and records and adequate internal controls. The DOJ enforces criminal violations; the SEC enforces civil violations for issuers.
Notable recent enforcement:
- Ericsson (2022): $1.1 billion criminal resolution; FCPA violations in multiple countries
- Glencore (2022): $1.5 billion multi-jurisdiction resolution (DOJ, UK SFO, Brazilian authorities) for bribery and market manipulation
- Goldman Sachs 1MDB (2020): $2.9 billion DOJ/SEC FCPA resolution
- Airbus (2020): €3.6 billion multi-jurisdiction settlement (France, UK, US)
The DOJ FCPA Resource Guide (updated 2020) describes the "hallmarks of effective compliance programs" — the standard against which corporate anti-corruption programs are assessed in enforcement.
UK Bribery Act (2010)
The UK Bribery Act creates offenses for bribery of domestic officials (unlike FCPA's focus on foreign officials), receiving a bribe, and failure of a commercial organization to prevent bribery. The Section 7 corporate failure-to-prevent offense is strict liability — a company is guilty unless it had "adequate procedures" to prevent bribery. Adequate procedures are defined in Ministry of Justice guidance as six principles: proportionate procedures, top-level commitment, risk assessment, due diligence, communication and training, monitoring and review.
OECD Anti-Bribery Convention
The OECD Working Group on Bribery produces peer reviews of member countries' enforcement of the Convention on Combating Bribery of Foreign Public Officials. The Working Group's Phase 4 review reports for each country are public and assess enforcement quality — relevant for investors assessing whether companies operating in specific jurisdictions face genuine legal risk or regulatory arbitrage.
Anti-Corruption Program Quality Assessment
DOJ "Hallmarks of Effective Compliance"
The DOJ's FCPA Resource Guide identifies compliance program quality elements that inform both enforcement discretion and corporate governance assessment:
- Commitment from senior and middle management
- Code of conduct and compliance policies
- Oversight, autonomy, and resources for the compliance function
- Risk assessment
- Training and continuing advice
- Incentives and disciplinary measures
- Third-party due diligence
- Confidential reporting and internal investigation
- Continuous improvement: periodic testing and review
- Mergers and acquisitions: pre-acquisition due diligence and post-acquisition integration
For ESG governance analysis, these ten elements translate into specific due diligence questions that can be answered through public disclosures, sustainability reports, and engagement.
ISO 37001
ISO 37001, published in 2016, provides a certifiable anti-bribery management system standard covering:
- Anti-bribery policy and commitment from leadership
- Anti-bribery risk assessment
- Due diligence on personnel and business associates
- Financial controls
- Non-financial controls (gifts, hospitality, political contributions)
- Reporting and investigation mechanisms
- Monitoring and auditing
ISO 37001 certification by an accredited third party provides credible evidence that an anti-corruption management system meets international standards. Certification does not guarantee zero violations, but demonstrates systematic risk management commitment.
Third-Party Corruption Risk
Most FCPA and Bribery Act violations involve third parties — agents, distributors, consultants, joint venture partners — who pay bribes on behalf of the company. The FCPA creates liability for "knowing" violations including willful blindness (failing to perform due diligence on red flags).
Third-party risk management quality includes:
- Anti-corruption due diligence procedures for new third parties
- Ongoing monitoring of existing third-party relationships
- Anti-bribery contractual representations and warranties in third-party agreements
- Right-to-audit clauses enabling investigation of third-party payments
- Termination procedures for third parties found to have made improper payments
ESG investors engaging companies on anti-corruption often focus specifically on third-party programs, because this is where compliance programs most often fail.
Whistleblowing: Ethics Culture Indicator
Effective whistleblowing mechanisms allow employees, suppliers, and other stakeholders to report suspected violations confidentially and without fear of retaliation. Their effectiveness is a leading indicator of ethics culture:
High whistleblowing rates with high investigation rates: Good signal — employees trust the system, use it, and see results; compliance is effective at detecting issues before they escalate.
Zero or very low whistleblowing rates: Ambiguous — may indicate a clean company with no violations, or may indicate employees do not trust the reporting system or fear retaliation. Companies in high-risk sectors with zero reports should be scrutinized.
High reports, low investigation/substantiation: Poor signal — either the reporting system generates frivolous reports or substantiated issues are not being pursued.
SEC Whistleblower Program
The SEC whistleblower program (created by Dodd-Frank 2010) provides financial awards of 10–30% of sanctions exceeding $1 million to individuals providing original information leading to successful enforcement actions. Since inception through 2023, the SEC has awarded over $1.9 billion to over 300 whistleblowers. This external channel is an important corporate governance complement to internal reporting systems.
Common Mistakes
Treating the existence of a code of conduct as anti-corruption program quality. Code of conduct documents are near-universal among listed companies. The quality of anti-corruption compliance is determined by whether the code is implemented, tested, and enforced — not whether it exists.
Ignoring sector and geographic risk concentration. Anti-corruption risk is not uniform across operations. Companies with significant operations in high-corruption-risk jurisdictions (Transparency International Corruption Perceptions Index bottom quartile) or in sectors with high bribery incidence (construction, oil and gas, defense, pharmaceuticals in certain markets) face systematically higher risk requiring proportionately stronger controls.
Underweighting post-acquisition integration risk. A significant proportion of FCPA violations involve acquired companies that maintained corrupt practices from before the acquisition. Due diligence before acquisition and rapid compliance integration after closing are ESG governance requirements, not optional enhancements.
Frequently Asked Questions
Is the Transparency International CPI useful for investment analysis? The Corruption Perceptions Index (CPI) provides country-level perceptions of public sector corruption. It is a useful starting point for risk calibration — companies with significant operations in low-CPI countries face higher baseline corruption risk. But CPI is not company-level data, and many companies operating in low-CPI countries maintain excellent compliance programs. Country CPI should inform risk assessment depth, not substitute for company-level anti-corruption program assessment.
How does anti-corruption governance relate to ESG ratings? All major ESG rating agencies include anti-corruption in their governance scoring. MSCI assesses business ethics through its governance pillar covering business ethics controversies, anti-corruption policies, and whistleblowing program quality. UNGC Principle 10 violation (working against corruption in all forms, including extortion and bribery) triggers PAI indicator 9 under SFDR.
Related Concepts
Summary
Anti-corruption and business ethics governance combines legal compliance obligations (FCPA, UK Bribery Act) with culture and program quality assessment. ISO 37001 certification and DOJ compliance program hallmarks provide the primary quality frameworks. Third-party risk management is the area of greatest practical weakness in most corporate anti-corruption programs and the most common source of enforcement violations. Whistleblowing effectiveness is a culture quality leading indicator. For ESG investors, anti-corruption governance quality is both a standalone investment concern — FCPA penalties can run to billions — and a proxy for broader governance discipline: companies with strong ethics cultures are less likely to experience the spectrum of governance failures that produce financial losses.