A Reflection on the OECD’s Report (Part I): Companies’ Assessments of Anti-Corruption Compliance

by Veronica Root Martinez and Liz Carrasco

Left to right: Veronica Root Martinez and Liz Carrasco (photos courtesy of authors)

As anti-corruption compliance programs have become standard within corporations, an increasing number of companies are shifting their focus to the effectiveness of these programs. The Organisation for Economic Cooperation and Development (OECD) report Companies’ Assessments of Anti-Corruption Compliance[1] provides a detailed look at this shift within the private sector. Drawing on survey data and examples from a range of companies, the report highlights a growing recognition that compliance cannot be isolated from a company’s culture, leadership, or structure. In short, the question is not merely whether a compliance program exists, but whether it is effective.

The report includes anonymized company case studies to illustrate various approaches and insights. This blog post explores three key aspects of the report: (1) why companies assess the effectiveness of their anti-corruption compliance programs; (2) what methodologies they use to do so; (3) the tools companies leverage to monitor progress over time. 

According to the OECD, corporate anti-corruption compliance is primarily driven by risk avoidance. Many companies view compliance with anti-corruption legislation as a “means to an end,” with the end being the avoidance of sanctions and reputational damage. As a result, corporations tailor their programs to the applicable law and evaluate effectiveness by assessing their ability to reduce the risk of enforcement. Companies reported using United States Department of Justice, the Agence Francaise Anticorruption, or the United Kingdom Serious Fraud Office standards as frameworks for their compliance programs. Such programs are classified as “reactive” since they respond to existing regulations, in contrast to programs driven from within the company. 

The report notes that reactive compliance programs may have unintended consequences. First, their efforts are focused on short-term compliance with existing law rather than long-term improvement. With the aim of avoiding enforcement, reactive assessments may characterize issues that are reported as “failures,” discouraging reporting and allowing issues to worsen before they are addressed. In contrast, investigating the root-cause of the issue allows companies to address problems that may not be apparent and provide long-term solutions. This approach may encourage employees to report smaller issues earlier on and allow for more efficient and cost-effective solutions. 

Although risk avoidance is understandably at the forefront of many companies’ initiatives, it is important for compliance departments to frame the utility of these programs in business terms as well. Showing a return on compliance investments may justify the cost of corporate compliance programs and encourage additional funding to achieve the desired outcomes. It may also support investing in assessment tools, which may be expensive but are important for long-term success in compliance efforts. Thus, compliance departments should articulate the expected benefits of such investments and secure support from management. This is especially important for companies with limited resources as compliance programs might otherwise be seen as an unnecessary expense. 

The report discusses one company’s return on compliance project (Box 2) and highlights its main findings. The science-based model identifies compliance competence, decision relevance, and adaptability as key factors for effective compliance. “Compliance competence” is defined as employees’ ability to identify and appropriately respond to potential compliance risks. “Decision relevance” means that compliance is part of the organization’s strategic and operational decision making. “Adaptability” looks at whether a compliance program is able to respond to changes in the business environment. The findings indicate that effective and efficient compliance accounts for 15-18% of variance in business performance, suggesting that corporate compliance is a significant factor of business success. In addition, it identifies the measure of success as dependent on input and process-oriented Key Performance Indicators (“KPIs”), while calling for the creation of outcome-oriented KPIs. 

The culture within an organization largely influences the perception and treatment of corruption within it. Surveyed companies identified a culture of integrity as the foundation for effective compliance, looking at whether their employees knew how to act ethically, did so, and felt comfortable reporting misconduct when needed. While most companies recognized the importance of a culture of integrity, only a subset reported taking deliberate steps to build it.  The companies that actively fostered this culture had advanced, proactive compliance programs, often because of prior enforcement. Moving towards a holistic approach to anti-corruption compliance requires changing assessment methodology to place greater importance on long-term compliance instead of reactive compliance. 

The report also highlights a company’s project (Box 3) which provides a scale to assess the extent to which corporate anti-corruption efforts are rooted in a culture of integrity. It states that deliberation is necessary to foster an ethical culture within an organization, defining deliberation as “a discursive process in which stakeholders exchange and justify their positions, show mutual respect, and are willing to reevaluate and revise their initial preferences.”[2] The OECD report presents several quantitatively measurable items to determine whether anti-corruption efforts are based on a culture of ethics and integrity, such as involvement by all levels of the organization, the inclusion of external stakeholders, and participants being free to express their views. 

Shifting from a reactive to proactive anti-corruption compliance program requires changing the methodology employed to assess its effectiveness. It also requires changing the way that anti-corruption compliance measures are developed. Compliance officers will need to identify objectives, determine how to achieve those objectives, and develop relevant initiatives in response. The specific goals of individual compliance measures should guide anti-corruption programs and their assessments. For example, companies seeking to foster a culture of integrity can assess whether their employees know how to apply their standards of conduct to concrete situations. 

The OECD’s Good Practice Guidance, an annex of the OECD Anti-Bribery Recommendation, says that compliance efforts should be tailored to the corruption risks that the company is exposed to. In addition to company-specific corruption risks, ethical considerations should be factored into assessment methodology to evaluate the extent to which the culture of integrity has become part of the company. To determine how ethical standards are reflected in employee behavior, companies should look at employees’ capacity to self-regulate and draw on internal motives, rather than external enforcement of rules. A combination of quantitative and qualitative inputs allows for a more comprehensive analysis of whether a compliance program effectively mitigates corruption risks and fosters ethical values. 

Regular testing of compliance measures is necessary to develop an effective anti-corruption program. When undesired outcomes occur, testing allows the company to determine the root cause and address it, adjusting their program as needed. Surveyed companies performed root cause analyses after low survey scores, undertook transactional testing processes, and utilized survey responses as grounds for improvement. While linking compliance activities to desired outcomes is difficult, companies may be able to overcome these challenges by testing and using proxies to understand causal parameters. 

It is imperative that leadership and multidisciplinary teams are part of assessments measuring program effectiveness. Surveyed companies reported that the ‘tone from the top’ and middle management influence staff responses to anti-corruption efforts. This means that senior and middle management should take ownership and lead the implementation of such efforts. To set the ‘tone from the top’, some companies made ethics and compliance part of their recruitment processes, performance management, and financial incentive policies and processes. As seen in Box 4, one company incorporated an integrity component into their management structure and saw improvement in their employees’ willingness to report misconduct. 

It is also important that cross-disciplinary teams work together to ensure that compliance efforts are embedded in the business policies, procedures, and training. Such collaboration may reduce the difficulty of measuring the effectiveness of behavioral interventions by involving experts from different departments with various skill sets. Box 5 discusses the importance of involving cross-disciplinary teams in data analytics, tying it to better outcomes for the organization. Companies should also incentivize behavior that aligns with their objectives, actively taking measures to weave ethical behavior into daily operations. 

Companies must measure outcomes and activities to assess the effectiveness of their programs. To do so, they must develop and utilize proper indicators, examples of which can be seen in Table 1.  Importantly, the OECD cautions that an overemphasis on activity-based indicators—such as the number of trainings delivered—may obscure whether these efforts are actually changing behavior or reducing corruption risk.

Many of the companies surveyed did not share the indicators they used to assess effectiveness, and the ones that did were focused on activities. This may be related to the difficulty of measuring outcome-based indicators, which may be mitigated by using proxy indicators. The companies called for information sharing and government support to develop indicators to assess anti-corruption performance. 

Surveys may be an effective means to assess the extent to which a culture of integrity has been embedded within an organization. Companies with more advanced compliance programs go further by incentivizing ethical behavior among third parties and using surveys that will guide future compliance measures. To mitigate self-selection biases and improve the reliability of findings, companies can use factorial surveys that assign scenarios for participants to respond to. 

The report suggests that governments may be able to supplement company efforts to evaluate effectiveness by utilizing data analytics and artificial intelligence (“AI”). Companies can leverage data analytics to detect and monitor areas of weakness specific to their company, examples of which can be seen in Boxes 8 and 9. Generative AI has the potential to make assessments of compliance efforts more efficient and improve the quality of their findings. AI systems based on statistical algorithms and machine learning may provide advanced reports that identify correlations between types of anti-corruption efforts and corruption incidents. 

While data-driven anti-corruption compliance programs might provide more sophisticated results and observations, they also pose additional costs. First, companies must identify and map data in all the systems across their organizational structure, which may take time and require the involvement of different departments. They also need to consider the potential for biases in AI systems and proactively take steps to mitigate the associated risks. Companies may be able to address concerns about the confidentiality of information by aggregating and anonymizing data before analyzing it. 

Companies can also utilize internal and external audits to evaluate the effectiveness of their anti-corruption compliance programs. Many of the large companies reported using monitoring functions and inputs from internal audits to assess their compliance programs. Some companies took an additional step and utilized external audits to evaluate effectiveness from outside of the company. While large companies with advanced compliance programs reported finding less utility in external audits, they may be valuable to smaller companies at an earlier point in their compliance journey. Using behavioral science in audits may help companies assess how a compliance program has impacted the organization’s culture.

Cooperation across companies may improve assessments of anti-corruption compliance effectiveness. Benchmarking, peer learning, and collective action may maximize collective thinking and expand the data with which companies are working. Peer learning between companies in industries facing similar challenges may be especially useful if done on a confidential basis. Airbus explains the utility it found in peer learning in Box 10. Other companies reported wanting to engage in peer learning but lacking the resources and networks to facilitate it. Companies may also compare their anti-corruption compliance programs to a group of companies or the industry average, a practice known as benchmarking that is highlighted in Box 11. 

Collective action initiatives involving the efforts of government entities, companies and nongovernmental organizations may also encourage collaborative thinking and produce better assessments of program effectiveness. Sectoral initiatives, industry alliances, anti-corruption coalitions, and collaborative platforms are several approaches to collective action. Such initiatives may foster open dialogue among companies, building a positive culture around anti-corruption compliance. 

However, company stakeholders have expressed reluctance to engage with others due to confidentiality concerns and the potential to jeopardize legitimate business interests. Other stakeholders contended that public disclosure would build trust among consumers, employees, and other businesses, potentially leading to further collaboration. Companies have called for government intervention to encourage public-private dialogue and foster a more transparent environment for anti-corruption compliance. 

Whether companies are beginning their compliance journey or leveraging new tools to improve the reliability of their findings, corporations must recognize that anti-corruption compliance is the responsibility of an organization and not a single department. Creating a culture of integrity demands cross-functional leadership, long-term investment, and meaningful measurement. By embracing these practices, companies may be able to not only reduce corruption risk but also demonstrate genuine ethical leadership.

[1] OECD (2025), Companies’ assessments of anti-corruption compliance, OECD Publishing, Paris, https://doi.org/10.1787/977ed5a8-en.

[2] Organisation for Economic Cooperation and Development, Companies’ assessments of anti-corruption compliance, 13 (2025), https://www.oecd.org/content/dam/oecd/en/publications/reports/2025/03/companies-assessments-of-anti-corruption-compliance_363b6821/977ed5a8-en.pdf.

Veronica Root Martinez is the Simpson Thacher & Bartlett Distinguished Professor of Law at Duke University School of Law and Lead Consultant to the OECD on its Strengthening Compliance Assessments Initiative. Liz Carrasco is a J.D. student at Duke University School of Law, Anticipated Class of 2027. 

The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright of this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).