An anti-fraud and anti-corruption policy establishes your organization's zero-tolerance stance on dishonest conduct and sets clear standards for prevention, detection, and response. Companies without one often discover the gap only after a loss occurs. This page gives you a complete, editable anti-fraud and anti-corruption policy template, guidance on what each section must address, and practical steps for building a culture of integrity that makes the policy meaningful.
An anti-fraud and anti-corruption policy defines fraud, bribery, corruption, and related misconduct, communicates that these behaviors are prohibited regardless of role or seniority, and establishes what employees should do when they suspect a violation. The Association of Certified Fraud Examiners (ACFE) 2022 Report to the Nations found that organizations lose an estimated 5% of annual revenues to fraud, and the median fraud case lasts 12 months before detection. Most frauds are detected by tips from employees, not by audits. A policy that tells employees what to report, how to report, and that they will be protected for reporting is one of the most effective fraud prevention tools available.
A well-structured anti-fraud and anti-corruption policy policy covers far more than a general statement of intent. Each section below serves a specific legal or operational purpose. Here is what you need, and why it matters.
• Definition of Prohibited Conduct: Define fraud, bribery, corruption, embezzlement, conflicts of interest, and related terms clearly so employees recognize prohibited behavior.
• Scope and Applicability: Cover all employees, officers, directors, contractors, and third-party agents acting on behalf of the company.
• Conflicts of Interest: Require disclosure of any personal interest that could influence professional decisions, including vendor relationships, investments, and family connections.
• Gifts and Entertainment Standards: Set specific thresholds for acceptable gifts and entertainment, and require disclosure and approval above those thresholds.
• Reporting Obligations: Make clear that all employees are obligated to report suspected fraud or corruption and define the reporting channels available.
• Whistleblower Protections: State clearly that retaliation against anyone who reports in good faith is prohibited and constitutes a separate disciplinary violation.
• Investigation Process: Define who conducts fraud investigations, what authority they have, and how findings are documented and reported.
• External Reporting Requirements: Address when and how the company will report fraud to law enforcement, regulators, or insurers.
• Corrective Action and Recovery: State that substantiated fraud may result in termination, civil action, criminal referral, and restitution demands.
• Training and Awareness: Specify any required fraud awareness training and how often it should be completed.
Anti-Fraud and Anti-Corruption Policy Policy
Effective Date: [DATE]
Approved by: [NAME / TITLE]
Policy Owner: [HR DEPARTMENT / TITLE]
Review Date: [DATE]
Version: [1.0]
[COMPANY NAME] is committed to [brief statement of policy intent and values]. This policy establishes the standards and procedures that govern [policy topic] for all covered employees and stakeholders. The goal is to [primary operational or legal purpose of the policy].
This policy applies to all [full-time / part-time / contract] employees of [COMPANY NAME] employed in [location / all locations]. [Note any exclusions, such as employees under a specific collective bargaining agreement or in specific roles.]
[Define the core rules, standards, and procedures that govern this policy area. Use sub-headings for distinct components. Be specific enough to be enforceable — use defined terms, numeric thresholds, and named roles where applicable.]
• [Read and acknowledge this policy as part of onboarding and upon any material update.]
• [Comply with all requirements set out in this policy and any accompanying procedures.]
• [Report any violations, concerns, or questions to [HR CONTACT / MANAGER] promptly.]
• [Complete any required training associated with this policy by the stated deadline.]
• [Cooperate fully with any investigation conducted under this policy.]
• [Communicate this policy clearly to all direct reports and ensure they have access to the full document.]
• [Handle all requests, reports, or disclosures made under this policy promptly and in accordance with the procedures defined herein.]
• [Escalate potential violations to HR or [DESIGNATED CONTACT] within [TIMEFRAME] of becoming aware.]
• [Maintain confidentiality of employee information related to this policy to the extent possible.]
• [Document all relevant actions, decisions, and communications related to policy administration.]
Violations of this policy may result in disciplinary action up to and including termination of employment, in accordance with [COMPANY NAME]'s progressive discipline policy. The severity of corrective action will reflect the nature, frequency, and impact of the violation. [COMPANY NAME] reserves the right to involve law enforcement where violations constitute criminal conduct.
• If your company is publicly traded or a government contractor, the Foreign Corrupt Practices Act (FCPA) applies and should be referenced explicitly. FCPA violations carry criminal penalties.
• For companies with international operations, reference the UK Bribery Act and any local anti-corruption statutes in your operating markets. The UK Bribery Act has broader jurisdiction than the FCPA and applies to facilitation payments.
• Your gifts and entertainment threshold should reflect your industry norms. Healthcare organizations subject to the Sunshine Act have strict federal limits on what can be offered to or received from healthcare providers.
• Mid-size companies often lack an anonymous reporting channel. Implementing a third-party ethics hotline before completing this policy significantly increases the credibility of your reporting obligations section.
• Communicate this policy to vendors and third-party agents, not just employees. Include anti-corruption standards in your supplier code of conduct and contract terms.
• Implement an anonymous, third-party-managed ethics hotline. The ACFE data shows that organizations with hotlines detect fraud 50% faster than those without.
• Make conflict of interest disclosures annual, not just at onboarding. Business relationships and personal investments change, and a disclosure collected four years ago may not reflect current conflicts.
• Separate fraud investigation authority from HR authority. Investigations involving senior leadership should involve external forensic accountants or legal counsel, not internal HR alone.
• Preserve all evidence before anyone is interviewed. Premature conversations with suspects frequently result in evidence destruction.
• Train managers to recognize behavioral fraud indicators, such as employees who never take vacation, refuse to cross-train others, or show unexplained lifestyle changes. These are recognized red flags in forensic accounting.
• Include a process for self-disclosure. Employees who come forward proactively should receive different treatment than those caught in investigations. This encourages early reporting.
• Applying the policy only to financial roles: Fraud occurs across every function. Expense fraud, data theft, and procurement kickbacks are common in non-financial departments.
• No anonymous reporting channel: If employees must identify themselves to report, most will not report. The result is longer fraud durations and larger losses.
• Vague gift thresholds: 'Nominal gifts are acceptable' is unenforceable. Set a specific dollar amount and require documentation above it.
• Investigating allegations informally: Undocumented investigations create legal liability and compromise evidence that may later be needed in court.
• Terminating without legal review: Terminating an employee for fraud without HR and legal review, particularly for senior employees, increases the risk of wrongful termination claims.
Q: What should an anti-fraud and anti-corruption policy include?
A: A complete policy defines all forms of prohibited conduct, covers employees, contractors, and agents, sets conflict of interest disclosure requirements, defines gift and entertainment limits with specific dollar thresholds, establishes reporting channels including anonymous options, outlines the investigation process, and states consequences up to termination and criminal referral.
Q: Is an anti-fraud and anti-corruption policy legally required?
A: Public companies are required by Sarbanes-Oxley to establish internal controls against fraud and provide whistleblower protections. Government contractors face requirements under the Federal Acquisition Regulation. The FCPA and UK Bribery Act require documented compliance programs for companies with relevant international operations. Private companies are not always legally mandated but face significant liability without a written policy.
Q: How often should an anti-fraud policy be updated?
A: Review annually and update when your business model, markets, or regulatory obligations change. If your company expands internationally, adds government contracts, or changes ownership structure, update the policy before those changes take effect.
Q: What happens when an employee reports a fraud concern in good faith but is wrong?
A: Good-faith reports made with a reasonable basis for concern should not result in any adverse action, even if an investigation finds no violation. This protection is the foundation of an effective reporting culture. Document that the report was made in good faith and that the investigation found no evidence of the suspected conduct.
Q: Can the company recover funds from an employee found to have committed fraud?
A: Yes, typically through civil litigation, wage offsets where legally permitted, or claims under fidelity insurance bonds. Recovery options and feasibility vary by state law, employment type, and the nature of the fraud. Legal counsel should be involved in any recovery strategy.
Q: How do you communicate an anti-fraud policy to employees?
A: Include it in onboarding, collect signed acknowledgments, and train employees specifically on how to use the reporting channel. Annual reminders help. Publishing case studies of policy violations that resulted in discipline, without identifying individuals, reinforces that the policy has teeth.