Business economic security

Anti-Corruption Programme for Business: When It Is Mandatory

8 min read

Who must adopt an anti-corruption programme under Ukraine's Law on Prevention of Corruption, what the NAZK Model Programme requires, and how to keep it from being a mere formality.

Executives often learn about the anti-corruption programme at the last moment — when the company is already preparing to bid for a large public tender and the tender documentation demands a finished, approved document. Below I set out who is genuinely required to have such a programme under Ukrainian law, what it must contain, and why a “tick-the-box” document creates more risk for a business than having none at all.

What an anti-corruption programme is and why a business needs one

An anti-corruption programme is an internal document of a legal entity that sets out the rules, standards and procedures for detecting, preventing and countering corruption in the company’s activity. Its legal basis is the Law of Ukraine “On Prevention of Corruption” — specifically the part devoted to preventing corruption in the activity of legal entities.

It is important to understand that this is not a declaration of intent but a working instrument. In my expert practice, the presence (or absence) of genuinely functioning anti-corruption procedures often becomes a subject of assessment — both during due diligence ahead of a deal and within forensic economic examinations, when transactions with counterparties or the justification of expenses are being scrutinised.

Who is legally required to have one

For most private companies an anti-corruption programme is voluntary (though increasingly desirable for reputational reasons). But Article 62 of the Law “On Prevention of Corruption” defines the categories for which it is a direct obligation.

CategoryCondition of obligation
Public procurement participantsProcurement value equal to or above UAH 20 million — the programme must be approved before participation
State and municipal enterprises, and companies with a majority state / municipal shareBased on the average headcount and gross income thresholds established by law

Public procurement participants

This is the most common situation for private business. If your company takes part in a procurement procedure under the Law “On Public Procurement” and the expected value of the procurement subject is equal to or above UAH 20 million, having an approved anti-corruption programme becomes a condition of participation. The contracting authority is entitled to require confirmation, so the document must exist before the tender bid is submitted — it cannot be “finished off” after the fact.

State and municipal enterprises

A separate category covers state and municipal enterprises and business companies with a majority state or municipal share. For them the programme is mandatory if the average headcount for the reporting year exceeds 50 employees and gross income (revenue) from the sale of products, works or services over that period exceeds UAH 70 million. These criteria apply regardless of participation in procurement.

A practical note: even if your firm formally falls outside these criteria but works systematically with the public sector, large corporations or international partners, it is worth adopting a programme voluntarily. Increasingly, counterparties themselves make it a requirement.

What the programme must contain: the NAZK Model Programme as a benchmark

There is no need to write the document from scratch. The benchmark is the Model Anti-Corruption Programme approved by a decision of the National Agency on Corruption Prevention (NAZK) — the state body responsible for anti-corruption policy. It sets the structure and the minimum list of provisions a company should address.

A working programme usually covers:

  1. Scope and the range of persons to whom it applies (employees, management, sometimes business partners).
  2. The company’s anti-corruption standards and policies, including a prohibition on any form of bribery.
  3. The corruption risk assessment procedure.
  4. Rules on managing conflicts of interest.
  5. A policy on gifts, hospitality and entertainment expenses.
  6. A mechanism for reporting corruption and protecting whistleblowers.
  7. A procedure for vetting business partners.
  8. The status and powers of the Authorised Officer responsible for the programme.
  9. Arrangements for staff training and monitoring compliance.

The Model Programme should not be copied word for word but adapted to the real processes, industry and structure of your specific company — otherwise the document remains a formality.

The Authorised Officer for the programme

The key figure is the Authorised Officer responsible for implementing the anti-corruption programme. This is an official (or a structural unit) accountable for putting the programme into practice and monitoring compliance.

The law provides guarantees of the Officer’s independence, and this is not a formality. Points to watch:

  • Direct subordination to the head of the legal entity, rather than to intermediate managers whose decisions the Officer is meant to oversee.
  • Protection from pressure and dismissal connected with the proper performance of duties — conditions under which their status cannot be arbitrarily worsened.
  • Real powers: access to documents, the right to obtain explanations, to initiate checks and to take part in reviewing corruption reports.
  • No conflict of interest on the part of the Officer themselves.

A common error is to appoint as Officer someone who simultaneously makes commercial decisions — for example, the head of the procurement department. This undermines the very idea of independent oversight.

Key procedures that make the programme work

It is the procedures that distinguish a living document from a piece of paper. Let me focus on the most important.

Corruption risk assessment

This is the starting point. The company analyses its own processes and identifies where vulnerabilities arise: procurement, tenders, dealings with regulators, issuing permits, cash handling, entertainment expenses. The results form a risk map together with mitigation measures. The assessment should be updated periodically, not done once “for the file”.

Reporting channels and whistleblower protection

The programme must provide accessible channels for reporting corruption (whistleblowing) — both internal ones and the option of turning to external bodies. The law grants whistleblowers a special status and guarantees of protection from persecution. In practice, three things matter: the channel genuinely works, reports are reviewed, and the person who reported is protected from retaliation. Anonymity and confidentiality are not a whim but the condition under which people will use the channel at all.

Counterparty due diligence

Vetting business partners protects the company from “toxic” ties. The basic minimum:

  • analysis of open registers (ownership structure, ultimate beneficiaries, litigation — including through the Unified State Register of Court Decisions);
  • screening against sanctions lists and signs of a sham entity, including the counterparty’s tax status per data from the State Tax Service (DPS);
  • accounting for the risks targeted by the financial monitoring system (the State Financial Monitoring Service, Derzhfinmonitoring) in higher-risk transactions;
  • an assessment of the counterparty’s business reputation and any prior offences.

In my practice I have repeatedly seen how the lack of basic partner vetting later turned into reputational and financial losses for an otherwise conscientious company, while transactions with such a counterparty became a focus for law enforcement and economic examination.

Conflict of interest and gifts policy

The programme should describe how to identify and manage conflicts of interest (for example, when an employee influences a decision concerning a related person) and set clear limits on gifts, hospitality and entertainment: what is permissible, what requires disclosure and what is prohibited outright. Vague rules here are the single largest source of disputes.

ISO 37001: when to go beyond the minimum

The international standard ISO 37001 (Anti-bribery management systems) is a logical next step for companies that want not merely to satisfy the law but to build a system. It sets a management approach: policy, a risk-based orientation, allocation of responsibility, training, monitoring, corrective action and continuous improvement.

ISO 37001 certification is not mandatory in Ukraine, but it:

  • strengthens the trust of international partners and investors;
  • systematises internal procedures beyond the formal minimum;
  • can serve as a weighty argument that the company took reasonable steps to prevent corruption.

For exporters and participants in large tenders this is often a matter of competitiveness, not only ethics.

Liability and NAZK’s supervisory role

Having a programme does not automatically release a company from liability — but its absence or fictitious nature significantly worsens the company’s position. The law allows criminal-law measures to be applied to a legal entity if a person authorised by it commits a corruption offence on behalf of and in the interests of the company. Individual persons may bear disciplinary, administrative (under the Code of Ukraine on Administrative Offences) or criminal liability.

The supervisory and methodological function is performed by NAZK: it approves model documents, issues clarifications, maintains the registers provided for by law and exercises control within its powers. The Bureau of Economic Security (BEB), the State Tax Service and other bodies are also involved in uncovering the economic component of corruption offences, and contested financial and economic transactions frequently become the subject of forensic economic examination, assigned and conducted under the rules set by the Ministry of Justice (in particular the Instruction on the Assignment and Conduct of Forensic Examinations No. 53/5).

A common mistake: the “paper” programme

The most widespread and dangerous mistake is to approve a handsome document and leave it “in the drawer”. The signs of such a programme:

  • its text is copied word for word from the model template without adaptation;
  • employees do not know it exists and have never been trained;
  • the Officer is appointed formally and has no real powers;
  • the risk assessment was done once and never updated;
  • the reporting channel exists only on paper.

The paradox is that a fictitious programme can do more harm than none: it shows the company was aware of the risks yet took no real measures. A working programme means staff training, regular review of risks, documented decisions and a live response to reports.

Where to go from here

If your company is preparing for a large procurement, or wants to build a system that will withstand scrutiny from regulators and partners, it is worth assessing the real corruption risks of your specific business and bringing the document into line with the law’s requirements. I would be glad to help with an expert analysis of your procedures and financial and economic operations — so that the anti-corruption programme becomes a safeguard rather than a formality.

Need a forensic economic examination or a consultation?

Maryna Rudaia is a qualified court expert in three specialties. Write or call to discuss your case.

Read also