Free Word download β’ Edit online β’ Save & share with Drive β’ Export to PDF
An Anti Fraud and Anti Corruption Policy is a formal internal governance document that defines what constitutes fraud, bribery, and corruption within an organization, establishes the obligations of employees and third parties to prevent and report such conduct, and sets out the procedures for investigating allegations and applying disciplinary consequences. It covers the full spectrum of relevant misconduct β from falsified expense claims and asset misappropriation to vendor kickbacks and facilitation payments β and gives every person in the organization a clear, consistent standard of conduct to follow. The policy typically references applicable laws such as the US Foreign Corrupt Practices Act and the UK Bribery Act, and integrates with related policies including whistleblower protections and conflict-of-interest disclosure requirements.
Operating without a documented anti fraud and anti corruption policy leaves your organization exposed in four concrete ways. First, employees with no written standard have no clear line between acceptable hospitality and a prohibited inducement β ambiguity is where misconduct takes root. Second, when fraud does occur, the absence of a formal policy undermines your ability to discipline or terminate the responsible employee and defend that decision in an employment dispute. Third, regulators, auditors, and institutional investors increasingly treat a documented compliance program as a baseline requirement β companies that cannot produce one face heightened scrutiny and, in enforcement actions, lose access to the mitigating defenses that a credible program provides. Fourth, internal fraud is statistically most damaging in organizations that lack the controls and reporting channels to detect it early. This template gives you a professionally structured starting point that covers every critical component β from gift thresholds to investigation escalation paths β so you can move from no program to a defensible one in hours rather than weeks.
| If your situation is⦠| Use this template |
|---|---|
| Company operates in multiple countries with FCPA or UK Bribery Act exposure | Anti-Bribery and Anti-Corruption Policy |
| Focused specifically on financial statement fraud and accounting controls | Fraud Risk Management Policy |
| Protecting employees who report wrongdoing internally | Whistleblower Policy |
| Regulating gifts, entertainment, and hospitality from vendors | Gifts and Entertainment Policy |
| Addressing conflicts of interest in procurement and vendor selection | Conflict of Interest Policy |
| Establishing a broader code of conduct for all employees | Code of Business Conduct and Ethics |
| Setting rules for employee use of company funds and expenses | Expense Reimbursement Policy |
Why it matters: Third-party agents and contractors are responsible for a significant share of FCPA and UK Bribery Act violations β excluding them from scope leaves the highest-risk population ungoverned.
Fix: Add explicit language covering all contractors, consultants, agents, distributors, and joint-venture partners who act on the company's behalf.
Why it matters: Employees who fear retaliation β or who are reporting on a senior colleague β will not use a channel that requires their identity, meaning the most serious allegations go unreported.
Fix: Implement at least one genuinely anonymous option such as a third-party hotline or web-based platform, and publicize it explicitly in the policy.
Why it matters: Without a log, employees can receive multiple gifts from the same source that individually fall below the threshold but cumulatively constitute a conflict of interest or inducement.
Fix: Require employees to log all gifts above a nominal floor (e.g., $25) regardless of whether approval is needed, and have the compliance officer review the register quarterly.
Why it matters: Listing only termination as the consequence makes the policy harder to enforce for minor violations and creates legal exposure when the punishment is challenged as disproportionate.
Fix: Include a range of outcomes β verbal warning, written warning, suspension with or without pay, termination, and referral to authorities β with the severity calibrated to the nature and intent of the violation.
Why it matters: A policy with an outdated effective date signals to auditors, regulators, and courts that the compliance program is cosmetic rather than active β undermining any defense based on having a policy in place.
Fix: Schedule an annual calendar reminder for the policy owner to review, update if necessary, and re-approve the policy, then reissue it to all covered parties with a new acknowledgment cycle.
Why it matters: If the subject of the investigation is the direct manager, or has influence over that manager, findings can be suppressed before any corrective action is taken.
Fix: Route all investigation findings to a party independent of the subject β the audit committee, board chair, or an external compliance counsel β and document this escalation path in the policy.
Replace all placeholders for company name, entity type, and jurisdictions. Confirm whether the policy covers subsidiaries, joint ventures, and third-party agents in addition to direct employees.
π‘ If your company uses staffing agencies or outsourced procurement, explicitly name those categories β leaving them out creates an enforcement gap regulators will flag.
Insert specific dollar amounts for acceptable gift values per occasion and per year. Confirm these thresholds align with any existing expense policy and with the regulatory standards of your primary operating jurisdiction.
π‘ A threshold of $50 per occasion and $150 per year per source is a widely used starting point for mid-sized businesses β adjust up or down based on your industry norms.
Enter the compliance officer's name and email, the anonymous hotline number or URL, and any external regulator reporting option applicable to your jurisdiction.
π‘ At least two channels β one named and one anonymous β are considered the minimum for a credible reporting framework by most governance standards.
Assign a specific role (compliance officer, internal audit, external counsel) to each stage of the investigation process. Specify that findings go to the audit committee or board for allegations involving senior management.
π‘ For companies without an audit committee, designate the most senior leader not implicated as the escalation point β and name a backup in case of conflict.
List the range of disciplinary outcomes (written warning, suspension, termination, referral to law enforcement) and confirm they align with your employee handbook and applicable employment law.
π‘ Cross-reference with your HR policies β disciplinary language that conflicts with the employee handbook creates inconsistency that can be exploited in unfair dismissal claims.
Enter the number of days new employees have to complete initial training and confirm the annual recertification window. Specify whether training is online, in-person, or a signed acknowledgment.
π‘ Require employees to sign or electronically confirm they have read the policy β without acknowledgment records, enforcement in a dispute becomes significantly harder.
Enter the effective date, version number, policy owner, and next scheduled review date. Obtain approval from the CEO, board, or compliance committee before distributing.
π‘ Store the signed approval alongside the policy in your document management system β regulators and auditors routinely request evidence that leadership formally approved the policy.
Send the policy to all covered parties with a required acknowledgment deadline. Retain acknowledgment records in employee files or your HR system for at least the duration of employment plus three years.
π‘ Include the policy in your onboarding checklist so every new hire receives and acknowledges it before handling any company funds or procurement decisions.
An anti fraud and anti corruption policy is an internal governance document that defines what constitutes fraud, bribery, and corruption, establishes employee obligations to prevent and report such conduct, and sets out the investigation and disciplinary process when violations occur. It forms a core component of a company's compliance and ethics program and demonstrates to regulators, auditors, and investors that the organization actively manages these risks.
Any organization that handles financial transactions, procures goods or services, operates in regulated industries, or employs people with purchasing authority benefits from a formal policy. It is particularly important for companies with government contracts, international operations, or activity in high-risk sectors like construction, oil and gas, defense, and financial services. Many investors and lenders now require documented fraud and corruption controls as part of due diligence.
Fraud involves deliberate deception to obtain an unauthorized financial or personal benefit β for example, falsifying expense claims or manipulating financial records. Corruption involves the misuse of entrusted authority for private gain, most commonly through bribery or kickbacks. The two often overlap: a procurement manager who accepts a kickback from a vendor commits both corruption (abuse of authority) and fraud (deception of the employer). A comprehensive policy addresses both.
Yes, and often urgently. Studies consistently show that small businesses suffer disproportionately from occupational fraud because they have fewer internal controls than large companies. A documented policy β combined with basic controls like expense approval requirements and segregation of duties β significantly reduces the incidence and duration of fraud. It also protects the business legally by demonstrating that appropriate governance was in place.
The clause should commit the company to protecting employees who report concerns in good faith from any adverse employment action β demotion, dismissal, harassment, reduction in pay, or exclusion from opportunities. It should specify who handles retaliation complaints, what the investigation process looks like, and that retaliation itself is a disciplinary offense. Including a good-faith qualifier protects the company from malicious or knowingly false reports while preserving protection for genuine reporters.
At minimum once every 12 months, and additionally after any significant business change β an acquisition, entry into a new jurisdiction, a regulatory update, or a fraud incident. Annual review ensures the policy reflects current laws (including FCPA, UK Bribery Act, and applicable local statutes), updated reporting channels, and any lessons learned from near-misses or incidents. The review date and version number should be recorded in the policy's document control section.
Depending on jurisdiction, an anti fraud and anti corruption policy supports compliance with the US Foreign Corrupt Practices Act (FCPA), the UK Bribery Act 2010, the OECD Anti-Bribery Convention, the EU Anti-Fraud Office requirements, and various national anti-corruption statutes. For publicly traded companies, Sarbanes-Oxley Section 301 requires audit committees to maintain procedures for receiving fraud-related complaints. Having a documented policy and training program is a recognized mitigating factor in enforcement actions under most of these frameworks.
Yes. ISO 37001 is the international standard for anti-bribery management systems, and a documented anti-bribery policy is a required element of certification. This template covers the core policy requirements of ISO 37001, including scope, prohibited conduct, risk assessment references, training requirements, reporting channels, and management review. You will typically need to supplement it with a risk assessment, due diligence procedures for third parties, and evidence of top management commitment to meet the full certification standard.
Effective training explains the definitions of fraud and corruption in plain language, walks through real-world scenarios relevant to the employee's role, explains how to use the reporting channels, and confirms the non-retaliation commitment. Training should be completed within the first 30 days of hire and annually thereafter. Require employees to sign or electronically acknowledge completion β this record is essential if disciplinary action or litigation arises from a later violation.
A whistleblower policy focuses specifically on the mechanics of reporting and protecting reporters β channels, confidentiality, and non-retaliation procedures. An anti fraud and anti corruption policy is the broader governance document that defines prohibited conduct, investigation processes, and disciplinary consequences. Most organizations need both: the anti-fraud policy sets the rules; the whistleblower policy operationalizes safe reporting.
A code of conduct covers the full spectrum of ethical behavior β respect, confidentiality, social media use, conflicts of interest, and more. An anti fraud and anti corruption policy goes deeper on a narrower domain: it defines fraud and corruption with legal precision, sets specific gift thresholds, and establishes formal investigation procedures. Large organizations typically maintain both, with the anti-fraud policy referenced from the code of conduct.
A conflict of interest policy addresses situations where an employee's personal interests may influence their professional decisions β vendor relationships, outside employment, or family connections to counterparties. An anti fraud and anti corruption policy includes conflicts of interest as one component but also covers active wrongdoing like bribery, asset misappropriation, and financial statement fraud. The conflict-of-interest policy is preventive; the anti-fraud policy is both preventive and remedial.
An internal audit charter establishes the mandate, independence, authority, and responsibilities of the internal audit function. An anti fraud and anti corruption policy is an employee-facing governance document, not a function charter. The two are complementary: the audit charter empowers auditors to test fraud controls; the policy gives them the documented standards against which to assess compliance.
Enhanced focus on market manipulation, insider trading, and client fund misappropriation, with mandatory escalation to board-level audit and risk committees.
Procurement and subcontractor kickback risks make gift thresholds, vendor due diligence, and bid-rigging prohibitions the most critical policy sections.
Anti-kickback and Stark Law compliance in the US requires explicit rules on physician referral arrangements, pharmaceutical samples, and vendor-sponsored education.
Client entertainment limits, fee-splitting prohibitions, and conflict-of-interest disclosure for multi-client engagements are the primary focus areas.
Supply chain corruption risks β inflated invoices, counterfeit materials, and customs fraud β require robust vendor due diligence and purchase-order controls.
Internal theft, supplier invoice fraud, and returns manipulation are the primary fraud risks, making point-of-sale controls and segregation of duties central to implementation.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Small to mid-sized businesses establishing a compliance program for the first time | Free | 1β2 hours to customize and approve |
| Template + professional review | Companies with international operations, government contracts, or regulated industry obligations | $500β$1,500 for a compliance consultant or legal review | 3β5 business days |
| Custom drafted | Multinationals pursuing ISO 37001 certification or subject to active FCPA or UK Bribery Act scrutiny | $3,000β$10,000+ for specialist legal counsel | 2β6 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Start freeΒ Β·Β No credit card required
