Anti-Bribery and Corruption Risk Assessment Services in India
Bribery and corruption are among the most consequential risks a company operating in India faces — not because corruption is uncommon or unknown, but because the legal and reputational consequences of getting it wrong have never been higher. An Indian subsidiary that allows a sales agent to pay a customs official to expedite a clearance has potentially exposed its US-listed parent to an FCPA enforcement action with criminal penalties and Securities and Exchange Commission consequences. A company with any UK business connection whose distributor bribes a procurement officer has potentially triggered a UK Bribery Act prosecution. And the Prevention of Corruption (Amendment) Act 2018 has made the Indian legal position equally serious — bribe givers now face the same penalties as receivers.
The consequence is that every company with meaningful India operations — whether Indian, multinational, or Indian subsidiary of a foreign parent — needs a structured Anti-Bribery and Corruption (ABAC) risk assessment to understand its exposure, evaluate the adequacy of its existing controls, and build the compliance infrastructure that the law requires. For a company subject to the UK Bribery Act, 'adequate procedures' is not a best-practice aspiration — it is the only available defence against a corporate bribery prosecution.
N D Savla & Associates provides Anti-Bribery and Corruption risk assessment services for companies across Mumbai and India — from initial risk universe mapping through third-party due diligence, ABAC policy review, internal control testing, and board-level risk reporting. Our ABAC advisory is integrated with our corporate governance advisory and internal audit services — so the ABAC risk assessment feeds directly into the company's broader risk and governance framework. For the regulatory framework, refer to the Ministry of Corporate Affairs at mca.gov.in.
FCPA vs UK Bribery Act vs Prevention of Corruption Act — Key Differences
India's ABAC landscape is governed by a layered framework of domestic and international laws — and for many companies, multiple laws apply simultaneously. Understanding which laws apply to your company is the essential first step before an ABAC risk assessment:
| Dimension | FCPA (USA, 1977) | UKBA (UK, 2010) | Prevention of Corruption Act, India (PCA 1988, amended 2018) |
| Scope of Applicability |
US companies, US-listed companies, and any person acting within US territory — regardless of where the bribery occurs. Extra-territorial in reach. |
Any company that carries on business in the UK (any part of the business, any group entity) — regardless of where the bribery occurs. Extremely broad extra-territorial reach. |
Public servants and persons giving or abetting bribes in India. The 2018 amendment extended to commercial organisations — making bribe-givers equally liable as receivers. |
| Who Can Be Prosecuted |
Company and its officers, employees, agents — if they corruptly make payments to foreign government officials. Facilitation payments prohibited. |
Any person and any commercial organisation that fails to prevent bribery. No facilitation payment exception. Both public and private bribery covered. |
Public servants, persons giving bribes, abettors, and (post-2018) commercial organisations. Presumption of corruption in certain cases shifts burden of proof to the accused. |
| Corporate Defence |
Demonstrates existence and implementation of adequate internal controls and compliance programme — FCPA does not have a formal 'adequate procedures' defence but DOJ guidance emphasises it. |
Formal 'Adequate Procedures' defence — commercial organisation not guilty of failure to prevent bribery if it can prove it had adequate anti-bribery procedures in place. |
Post-2018: a commercial organisation that gives bribes through a person associated with it is liable unless it proves it had adequate procedures in place to prevent such conduct. |
| Key Risk for Indian Companies |
Indian subsidiaries of US-listed companies face FCPA exposure — any payment to Indian government officials can trigger FCPA violation. India is consistently among the top three countries for FCPA enforcement actions. |
Indian subsidiaries of UK companies, or Indian companies with any UK business connection, face UKBA exposure — the 'carries on business in the UK' threshold is very broadly interpreted. |
All Indian companies and persons dealing with government procurement, contracts, licences, permits, and regulatory approvals face PCA exposure. Post-2018, bribe givers face the same penalties as receivers. |
| Maximum Penalty (Company) |
Criminal: no statutory cap — fines up to USD 2 million per violation or twice the benefit gained. Civil: up to USD 16,000 per violation. |
Unlimited fine for commercial organisations found guilty of failing to prevent bribery. |
Post-2018: companies can be fined up to 7 years of average profit or the full amount of the bribe, whichever is higher. Directors can face up to 7 years imprisonment. |
?? The 2018 amendment to India's Prevention of Corruption Act was transformative — it reversed the earlier legal position where companies could give bribes with relatively limited liability. Post-2018, any company that gives, abets, or is represented by a person who gives a bribe is equally liable. The 'adequate procedures' defence introduced by the 2018 amendment mirrors the UK Bribery Act model — making a structured ABAC programme a legal defence requirement, not just a governance best practice.
Highest-Risk ABAC Areas for Companies in India
The ABAC risk landscape in India is shaped by the intersection of regulatory complexity, government interface frequency, and third-party dependence. Based on our risk assessment experience across Indian industries, the highest-risk areas are:
Government Procurement and Contract Awards
Companies that sell to government entities — central government departments, state governments, public sector undertakings (PSUs), railways, defence establishments, and municipal bodies — face the highest inherent bribery risk. The combination of large contract values, significant official discretion, and complex procurement procedures creates an environment where bribery pressure is persistent. The FCPA enforcement record for India shows government procurement to be the single most common trigger for enforcement actions.
Licences, Permits, and Regulatory Approvals
Companies that require government licences — factory licences, pollution clearances, drug licences, FSSAI approvals, SEBI registrations, and sector-specific permits — face chronic bribery risk at the interface with the licensing authority. The use of third-party agents to 'manage' licence applications is a particularly high-risk practice that frequently appears in FCPA and PCA enforcement actions.
Customs and Border Clearance
Import-dependent businesses and exporters face bribery risk at customs — both at the point of filing and at physical examination. The time pressure of perishable goods or production-line materials creates a vulnerability to 'facilitation payments' for expedited processing — payments that are explicitly prohibited under both FCPA and UK Bribery Act, regardless of local custom or business necessity.
Third-Party Agents and Intermediaries
The single most dangerous channel for bribery is the third-party intermediary — the sales agent who 'knows the right people', the consultant retained specifically for government relationship management, or the distributor in a high-risk state whose actual sales volume doesn't match their reported commission earnings. Under FCPA and UKBA, the company is responsible for the conduct of its agents even if the company claims it was unaware of the specific bribery. Our Risk Control Matrix services map the specific third-party relationships that represent highest ABAC exposure.
Land Acquisition and Real Estate Transactions
Companies acquiring land for manufacturing, warehousing, or commercial development in India face bribery risks across multiple interaction points — revenue department, town planning, conversion approvals, registration, and mutation. The combination of large transaction values and multi-stage government involvement makes real estate one of the consistently high-risk ABAC areas in India.
Tax and Compliance Administration
Direct tax assessments, GST audits, professional tax, and customs duty disputes all create interface points with government officers where bribery demand can arise. A company that relies on its tax consultant to 'handle' revenue authorities without adequate oversight and documentation is creating undisclosed ABAC exposure.
What Should an ABAC Policy Framework Include?
An effective ABAC policy framework is the written articulation of a company's anti-bribery commitments and procedures. Our SOP implementation services design and implement the documented process controls that make ABAC policies operational. A complete ABAC policy framework covers:
- Anti-Bribery and Corruption Policy: The overarching policy statement — what constitutes bribery, what is prohibited (including facilitation payments under FCPA/UKBA), what is required of employees, and the consequences of violation.
- Gifts, Hospitality, and Entertainment Policy: A specific policy with value limits, approval requirements, and documentation obligations for receiving and giving gifts and hospitality. A gift register is a mandatory control under most ABAC frameworks.
- Political Contributions Policy: Restrictions and controls on corporate political contributions — which are prohibited under FCPA for influencing foreign government officials.
- Charitable Donations and Sponsorships Policy: Controls on charitable contributions that could be used to benefit government officials or their relatives — a common FCPA and UKBA red flag.
- Third-Party Due Diligence Procedure: The documented process for screening, approving, contracting with, and monitoring third parties — including sanctions list checks, PEP screening, adverse media, and contractual ABAC representations.
- Whistleblower and Ethics Hotline Mechanism: A confidential channel for reporting suspected bribery or corruption — with a documented non-retaliation policy and a defined investigation procedure.
How We Conduct an ABAC Risk Assessment — Our 7-Step Process
- Law and Jurisdiction Mapping
We begin by identifying which anti-bribery laws apply to the company — Indian PCA, FCPA, UKBA, or other jurisdiction-specific laws. For Indian subsidiaries of multinational companies, the applicable law framework can include multiple jurisdictions simultaneously. We map the specific compliance obligations that arise from each applicable law — including facilitation payment prohibition (FCPA/UKBA), adequate procedures requirements (UKBA/PCA 2018), and books-and-records obligations (FCPA).
- Bribery Risk Universe Mapping
We work with the company's management across functions — procurement, sales, regulatory affairs, customs, finance, and legal — to map all processes, transactions, government interactions, and third-party relationships that create bribery exposure. The risk universe mapping covers both domestic operations and (where applicable) operations across multiple states or international locations.
- Inherent Risk Scoring and Prioritisation
Each identified risk area is scored on two dimensions: likelihood of a bribery event occurring (based on industry norms, geography, government interaction frequency, and third-party dependence) and impact if it does (regulatory penalty, reputational damage, business disruption). The scores produce a heat map of the company's ABAC risk landscape — directing the depth of assessment to the highest-risk areas.
- Third-Party Due Diligence Review
We review the company's entire third-party portfolio against the bribery risk criteria — classifying parties by risk level, reviewing existing due diligence documentation, identifying gaps in screening and contractual protection, and flagging relationships with red flags for deeper investigation. This is the most time-intensive step for companies with large agent or distributor networks. Where forensic investigation is warranted for specific third parties, our forensic investigation and dispute advisory capabilities support deeper investigation.
- ABAC Policy and Control Gap Assessment
We review existing ABAC policies, procedures, training programmes, approval authorities, payment controls, gift registers, and monitoring mechanisms against the requirements of the applicable laws and international best practice frameworks (including the UK MoJ's six principles for adequate procedures). Each gap is documented, rated for severity, and included in the remediation plan.
- Internal Control Testing
For the highest-risk control areas identified in Step 5, we conduct substantive testing — reviewing samples of transactions, approvals, gift register entries, third-party payments, and management override instances to assess whether the controls that exist on paper are actually functioning in practice. Control failures identified in testing are reported to management and the audit committee.
- Risk Report and Remediation Plan
We prepare a comprehensive ABAC risk report — covering the risk universe, risk scoring, due diligence findings, control gap assessment, and testing results — with specific, prioritised remediation recommendations for each identified gap. The report is structured for audit committee and board presentation. Where the ABAC risk assessment reveals systemic governance gaps, we connect the findings to the company's broader corporate governance and internal audit programmes for integrated remediation.
Who Needs an ABAC Risk Assessment in India?
Indian Subsidiaries of US-Listed or US-Connected Companies
The FCPA applies to any company whose securities are listed in the US — and to their subsidiaries worldwide. For any Indian subsidiary of a US-listed parent, every payment to an Indian government official is a potential FCPA event. DOJ enforcement practice consistently holds parent companies responsible for subsidiary conduct when the parent had governance systems that should have detected the payment.
Indian Subsidiaries of UK Companies
The UKBA's extra-territorial reach applies to any company that 'carries on a business or part of a business in the United Kingdom' — and courts have interpreted this very broadly. A company with a UK sales office, a UK shareholder, or UK-based management has potential UKBA exposure for bribery conducted anywhere in the world, including through Indian agents and distributors.
Indian Companies Seeking to List Internationally or Attract Foreign Investment
Indian companies pursuing overseas listings — on NYSE, NASDAQ, or AIM — or seeking investment from US or UK institutional investors face ABAC due diligence scrutiny as a standard part of the pre-listing or pre-investment process. An absence of documented ABAC risk assessment and compliance programme is a significant red flag for sophisticated foreign investors.
Companies in High-Risk Sectors
Pharmaceuticals, construction and real estate, energy and mining, defence, infrastructure, telecommunications, and financial services are consistently identified as high-risk sectors for corruption in India — based on the combination of government interface frequency, large transaction values, and historical enforcement patterns. Companies in these sectors face elevated ABAC risk regardless of their ownership structure.
Why N D Savla & Associates for ABAC Risk Assessment
- Integrated with internal audit and corporate governance. ABAC risk assessment is most effective when it connects to the company's existing internal audit programme and corporate governance framework — not conducted as a standalone exercise that produces findings no one acts on. We design every ABAC engagement to feed into the annual internal audit plan and the audit committee's risk oversight agenda.
- Process-level control assessment. Bribery risk is a process-level control risk — it arises where specific processes have inadequate controls. Our risk control matrix expertise means we assess ABAC controls within the existing process control framework, not as an overlay that duplicates existing audit work.
- Multi-law capability. India's ABAC landscape involves PCA, FCPA, and UKBA — three different legal frameworks with different standards, different defences, and different enforcement authorities. We advise on the requirements of each framework as applied to the specific company's fact pattern — not a generic ABAC checklist that ignores the differences between them.
- Board-ready reporting. Every ABAC risk assessment produces a report designed for audit committee and board presentation — clear, actionable, and candid about the risk exposure the company faces. We do not produce reports that minimise findings to avoid uncomfortable conversations. The purpose of an ABAC risk assessment is to give management and the board an accurate picture.
- Partner-led engagement. Every ABAC engagement is supervised by a CA partner with risk advisory experience. Risk scoring, control gap assessments, and third-party review findings are reviewed at partner level before the report is finalised.
Frequently Asked Questions — Anti-Bribery and Corruption Risk Assessment in India
What is ABAC risk assessment?
Anti-Bribery and Corruption (ABAC) risk assessment is a structured process of identifying, scoring, and prioritising bribery and corruption risks across a company's operations, transactions, and third-party relationships. It covers: government interaction risk (procurement, licences, permits, customs), third-party agent and distributor risk, internal process control gaps, and policy framework adequacy. The output is a risk-rated picture of the company's exposure and specific remediation recommendations — covering ABAC policy updates, control improvements, third-party programme enhancements, and monitoring mechanisms.
Which laws govern anti-bribery compliance in India?
Indian companies are subject to the Prevention of Corruption Act 1988 (as amended 2018) — which since 2018 makes bribe-givers equally liable as receivers and introduces an 'adequate procedures' defence for commercial organisations. Indian subsidiaries of US-listed companies or companies with US connections are additionally subject to the US Foreign Corrupt Practices Act (FCPA) 1977 — which prohibits corrupt payments to foreign government officials and requires accurate books and records. Companies with UK business connections face the UK Bribery Act 2010 — which covers both public and private bribery, prohibits facilitation payments, and imposes strict corporate liability for bribery by associated persons.
What is third-party bribery risk?
Third-party bribery risk arises when a company's agents, distributors, intermediaries, or other business partners pay bribes on the company's behalf — whether or not the company authorised the payment. Under FCPA, a company is liable if it knew or was wilfully blind to agent corruption. Under UKBA, a company is strictly liable for bribery by associated persons unless it had adequate procedures. Under post-2018 PCA, companies are liable for abetting corruption through intermediaries. Third-party due diligence — screening, contractual protection, and ongoing monitoring — is the most critical ABAC control for most Indian companies.
What are the FCPA requirements for Indian operations?
The US FCPA applies to US companies, US-listed companies, and any person or company acting within US territory — and to their officers, employees, agents, and subsidiaries worldwide. For Indian operations of FCPA-subject companies, any payment to an Indian government official — federal, state, PSU, or person acting in official capacity — that is intended to obtain or retain business is a potential FCPA violation. FCPA also requires accurate books and records and adequate internal controls. India is consistently among the top three countries for FCPA enforcement actions — making India operations a high-priority FCPA compliance area.
What are 'adequate procedures' under the UK Bribery Act?
'Adequate procedures' is the only defence available to a commercial organisation charged with failing to prevent bribery under the UK Bribery Act 2010. The UK Ministry of Justice's guidance identifies six principles: proportionate procedures (risk-based, not one-size-fits-all); top-level commitment (visible board and senior management commitment); risk assessment (regular, documented ABAC risk assessment); due diligence (on third parties and transactions); communication and training (ABAC policies understood across the organisation); and monitoring and review (regular testing and updating). A company with any UK business connection must demonstrate adequate procedures or face unlimited corporate fines.
Ready to Assess and Strengthen Your Anti-Bribery Compliance?
Whether you need a comprehensive ABAC risk assessment across your India operations, third-party due diligence review for your agent and distributor network, FCPA or UKBA compliance review, ABAC policy framework development, or internal control testing for bribery prevention, we are ready to help.
?? +91 9821 83 26 83 | ?? WhatsApp: +91 9819 000 511 | ?? nainitsavla@savlagroup.in
Contact Us Today