Global Best Practices
Examining Global
Anti-Corruption Regulation
and Enforcement
The pace of global anti-corruption enforcement is accelerating, driven by stronger cooperation among regulators and growing alignment of standards across jurisdictions. As updates to major regulatory regimes converge, organizations face increasing pressure to ensure their compliance programs meet expanding expectations. This issue explores how internal audit can help organizations reduce regulatory complexity while enhancing oversight, strengthening organizational integrity, and supporting long-term enterprise value.
The focus on anti-corruption regulation and enforcement is accelerating worldwide, reshaping expectations for how organizations prevent, detect, and respond to misconduct. For internal auditors, this presents both a challenge and a strategic opportunity.
Staying informed about anti-corruption requirements across countries, regions, and industries is essential to protecting enterprise value and reputation. Several regulatory regimes set the global tone, including:
- The U.S. Foreign Corrupt Practices Act, including new guidelines published in 2025.
- The UK Bribery Act, alongside emerging guidance from the International Anti-Corruption Prosecutorial Taskforce and a new anti-corruption alliance among the UK, France, and Switzerland.
Timothy Jickell
- Related and evolving EU legislation.
- Canadian transparency, anti-bribery, and anti-corruption regulations.
“Global enterprises will have to ensure their compliance programs meet the requirements of the growing expectations that these bodies are setting,” says Timothy Jickell, director of Fraud Prevention and Investigations at Nutrien.
Plans for an Anti-Corruption Taskforce
In 2025, leaders from the UK’s Serious Fraud Office, the Swiss Confederation, and France’s National Financial Prosecutor’s Office committed to establishing an International Anti-Corruption Prosecutorial Taskforce to address the threat of bribery and corruption. Taskforce steps are expected to include:
- Creating a Leaders’ Group to enable a regular exchange of insight and strategy.
- Forming a Working Group that will develop proposals for cooperation on cases.
- Maximizing the group’s combined expertise through enhanced sharing of best practices.
- Strengthening the foundation for seizing opportunities to collaborate operationally.
- Inviting other agencies involved in addressing international bribery and corruption to join the task force.
Colin Shaw
The good news is that these expectations are starting to coalesce. “We are beginning to see much more cross-border coordination between regulators,” in the form of mutual recognition agreements and other arrangements, says Colin Shaw, a seasoned CAE and executive-in-residence. As a result, “enforcement becomes more global and faster, as well, because you’ve got regulators actually trusting and collaborating with each other.”
Coordination makes sense because instances of corruption often are not contained within one country or region, notes Crystal Trout, director of Financial Crime Compliance Services, Business Risk Services, at Baker Tilly. In reality, one corrupt act can have an effect across numerous borders, given the level of international trade and interconnected supply chains impacting virtually all companies, she says.
Because of greater cooperation among regulators and increased harmonization of anti-corruption standards, internal auditors have less guidance to understand and monitor, says Emmanouil Takos, head of Internal Audit, Greece, at Euronet Merchant Services. As a result, internal auditors can spend less time tracking and deciphering stacks of different regulations. They can take on more of an advisory role, one in which they can provide value and develop more productive relationships with other parts of the organization, he says.
EU Agreement on Anti-Corruption Rules
Late last year, the EU came to a provisional agreement on a first directive harmonizing criminal laws against corruption. According to the EU, the directive creates:
- A more coherent approach to address emerging corruption risks.
- Stronger deterrence measures.
The provisional agreement must be formally approved by Parliament and the Council before adoption.
The Auditor’s Role
Internal auditors can begin by determining whether the organization has a comprehensive program for addressing corruption, says Adil Buhariwalla, senior partner for Internal Audit and Risk Consulting, UAE, at UHY James. If it does not, internal audit should identify what anti-corruption efforts do exist. It should assess the organization’s maturity in terms of how management evaluates and implements measures to mitigate the risks of corruption.
“Don’t look at anti-corruption as a separate process,” Buhariwalla says. Awareness of anti-corruption issues “is something that should be ingrained in every process of the company, and it should start with tone at the top.” At the same time, the organization should actively demonstrate that it has zero tolerance for corruption.
Crystal Trout
In addressing anti-corruption concerns, internal auditors’ dual roles come into play, notes Trout.
From an assurance perspective, internal audit might evaluate the design of the anti-bribery or anti-corruption program, assessing the effectiveness of monitoring systems, controls, and policies and procedures, and providing assurance that management has anti-corruption risk assessments in place for the organization. “We are really ensuring that the overall 360 design makes sense,” Trout says. Auditors should keep in mind that while organizations may have robust policies, those policies will not be effective without monitoring systems and controls.
In their advisory role, internal auditors identify gaps in controls, recommend improvements for compliance frameworks, and share information about emerging risks. That includes discussing what due diligence should look like when it comes to anti-corruption concerns, she says. The organization can use internal audit’s observations to address and prioritize anti-corruption initiatives. If an organization already has a formal anti-corruption program, internal audit can assess the effectiveness of each element and the overall effort in preventing, detecting, and correcting actions that could lead to corruption.
Scanning the Environment
Maintaining knowledge of current trends in anti-corruption regulation and enforcement is critical for internal auditors. In preparing the internal audit plan, Shaw’s team performs an external scan using sources such as:
- Internal Audit Foundation Risk in Focus
- IIF/EY Global Bank Risk Management Survey – Agility in Volatility
- World Economic Forum Global Risks Report 2025
- IIA International Conference
- PwC Risk Agendas for Assurance Functions 2026: Commercial and Government, Insurance and Asset & Wealth Management, and Banking and Capital Markets
- Protiviti 2026 Executive Perspectives on Top Risks and Opportunities
- MNP Risk Trends: 2026 and Beyond
- AuditBoard Top Takeaways from 2026 Focus on the Future: Internal Audit’s Existential Value Shift in the Age of AI
Internal auditors also can reach out to their legal teams or to the regulators, themselves, to better understand and stay ahead of new regulations and legislation, Shaw says.
In its scan, his team identifies five common top risks and megatrends. The next step is to articulate these risks and their implications for the organization in plain language that will resonate with the board. While internal audit will certainly focus on testing controls and their operating effectiveness, presenting the results of this external scan “is a great opportunity for internal auditors to provide forward-looking insights,” he says, in addition to assurance.
To provide greater assurance on its results, Shaw’s team relies on its core skills. “Testing is our superpower,” he says, so the internal auditors test hypotheses: “say what you do” (control design) and “do what you say” (operating effectiveness). “We can help the organization achieve its objectives and improve operations, rather than focusing on just compliance,” he says.
Assessing Corruption Risk
Transparency International’s Anti-Corruption Toolkits for Business include information on assessing inherent risks of corruption by:
- Industry.
- The countries in which the business operates.
- Business-specific corruption risks, such as procurement processes, interaction with public officials, use of intermediaries, political contributions, and facilitation payments.
The risk assessment evaluates the effectiveness of existing risk-mitigating measures to determine the residual risks of corruption in the business. It considers:
- Changes in the legal environment.
- New or increased risk exposure.
- Technological developments (e.g., continuous auditing).
- Past experience (e.g., internal audit reports and incidents).
Emmanouil Takos
Putting the Pieces Together Using Technology
Along with monitoring and understanding new regulations, auditors also must determine how best to incorporate new regulations into their audit plans and advise the teams they audit on how to implement them. “The biggest challenge is making all these things operational,” Takos says.
In many cases, technology can enhance internal audit’s approach to anti-corruption regulation and enforcement. Internal auditors are using technologies — AI, data analytics, data mining, and data processing — to analyze and summarize documents, whether they are new regulations or evidence in an engagement.
Technology can give internal auditors an edge against bad actors. “AI, big data, and other technologies allow organizations to stay at par” with corruption efforts and with anti-corruption regulations and enforcement, says Amal Al Khaburi, group chief audit executive at Galfar Engineering and Contracting SAOG in Oman.
Takos notes that while new technologies get a great deal of attention, internal auditors should continue to consider the vulnerabilities and effectiveness of existing programs, such as an accounts payable program on an old legacy system, which may be neglected as the organization concentrates on installing new tools. They are often considered low risk, Takos notes, but they are just as much a target for corruption activities as a new system.
Adil Buhariwalla
Amal Al Khaburi
In any case, “for both prevention and detection of corruption, we have some significant firepower at our disposal,” he says.
Providing Clarity
Anti‑corruption rules are changing quickly, and internal auditors play a key role in helping organizations keep up. As regulators work together more closely and technology reshapes how risks appear, internal audit can provide clarity and direction. By staying informed, using the right tools, and offering practical advice, auditors will be well-equipped to support their organizations in managing corruption risks more effectively.
Disclaimer
The IIA publishes this document for informational and educational purposes only. This material is not intended to provide definitive answers to specific individual circumstances and as such is only intended to be used as peer-informed thought leadership. It is not formal IIA Guidance. The IIA recommends seeking independent expert advice relating directly to any specific situation. The IIA accepts no responsibility for anyone placing sole reliance on this material.
Learn more with our other resources
AI Regulation Is Here: What Internal Auditors Need to Know Now
January 21, 2026