Answer ... Here are a few points based on practice and experience:

• Top management must be committed to preventing and detecting corruption. There must be compliance expertise at the top management level. Top management must support a zero tolerance policy, including the integration of anti-corruption measures in all aspects of the organisation.
• The compliance officer (or the person in charge with compliance) must have sufficient seniority and stature, and be supported by adequate resources (staff, budget, information, time). The compliance officer must be able to work autonomously (direct access to board, risk and audit committee).
• Policies and procedures must integrate the culture of compliance into day-to-day operations (the scope of which depends on the risks identified).
• In order to be effective, the programme must include a reporting system (hotline, whistleblowing), an investigation process and an action plan in case of non-compliance (eg, sanctions, lessons learnt, revision of policies or procedures).
• Communication and training must be risk based and tailored to the audience. It must cover prior incidents and include tests.