Bribery Risk Assessment

By considering the source and breadth of bribery risk to which a firm could be exposed, either directly from its workforce or via associated persons, an assessment can also be made of the likelihood of occurence and potential impact.

For activity or relationships considered to be higher-risk, enhanced measures should be maintained to reinforce the anti-bribery culture; with controls, assurance testing and management information requirements reflecting the risk-based approach.


For FCA regulated firms, the regulator expects firm's to assess bribery and corruption risk in the systems and controls framework:

  1. There should be clarity of accountability and responsibility in the senior management team, for ensuring appropriate risk assessment and for keeping it up to date
  2. Consideration should be afforded to risk associated with products and services, customers, agents and suppliers, jurisdictions where the firm does business, the firm's exposure to public officials (and public office holders); and the firm's internal business practices (e.g. corporate hospitality, sponsorships, charitable and political donations, and the use of third parties)?
  3. Senior management should be confident in arrangements used for identifying risk; and that they provide a true reflection the firm's actual risk-profile (e.g. The risk of persons acting on the firm’s behalf offering or receiving bribes)


A properly scoped and successfully completed risk-assessment will provide senior management with an informed view on the following:

How we can help you

FCRM assists clients to identify bribery and corruption risk in the operating environment. Our personnel utilise experience of conducting regulatory reviews (e.g. s166), knowledge of systems and controls risk, and our investigative capability, to provide clients with a report and analysis on the firm's arrangements for managing bribery risk.

We consider various sources, including: (i) incident data; (ii) control-gap risk assessment; (iii) output of structured meetings/workshops; (iv) trend analysis; (v) Guidance on adequate procedures published by the Ministry of Justice; and (vi) regulatory considerations (e.g. FCA published papers, guidance and thematic reviews).

Risk-assessment findings can used by senior management to inform risk-appetite priorities and form the baseline for any subsequent review/refresh, as part of the firm's bribery and corruption risk-management framework.

Integrity in Business Practice