The 10 Key Risk Categories

The Defence Companies Index on Anti-Corruption and Corporate Transparency (DCI) assesses companies using publicly available information across the following 10 key risk areas, in which stronger controls and greater transparency can reduce corruption risk. The good practice standards identified through specific indicators under these risk areas can also serve as a framework for change for companies.

For further explanation on the rationale behind what we assess and propose as good practice in the risk areas, see our report Out of the Shadows: Promoting Openness and Accountability in the Global Defence Industry.

For more detail on the indicators assessed in each category, see the DCI Indicators.

Leadership and Organisational Culture

Company leadership comes under significant scrutiny in corruption cases, and with good reason. While it might be convenient for companies to point to a few ‘rogue employees’, accountability – if not always culpability – lies at the top. Effective and ethical supervision at every level of a company is crucial if staff are to have the confidence and support to make ethical decisions, even if it affects the company’s bottom line. International best practice currently stipulates that companies should adopt a comprehensive anti-bribery and corruption policy – prohibiting practices such as the bribery of foreign officials and facilitation payments – which applies and is accessible to all employees across the organisation.

Internal Controls

Anti-bribery and compliance programmes play a vital role in safeguarding companies against corruption. Embedding anti-corruption ethics into the culture of an organisation and integrating compliance into the business model is essential in both practice and law. Enforcement agencies and prosecutors have made it clear that anti-bribery programmes which exist on paper only will not be sufficient to avoid prosecution. Thorough and periodic risk assessments are the foundation of successful anti-corruption programmes. Responsible companies will periodically assure themselves that programmes are still fit for purpose. The ultimate test of whether a company is living up to its ethical standards will be whether it chooses to self-report incidents of wrongdoing to the relevant authorities.

Support to Employees

Robust internal controls do not exist in isolation. Controls also need to be accessible and tailored to all employees, across all divisions and areas of operation. Training forms a central part of this support system promoting an understanding of bribery and improper business conduct in order to develop employees’ capacity to identify, avoid and resist corrupt approaches, but training alone is insufficient. Several of the most recent investigations into defence corruption are a result of reports from whistleblowers; yet in many cases, employees may be reluctant to do the right thing for fear of retribution. Defence companies should consider whether they are really doing enough to support employees who refuse to behave unethically. International best practice states that companies should adopt an explicit policy of non-retaliation against whistleblowers in all circumstances, as well as establishing and monitoring the accessibility of whistleblowing channels.

Conflict of Interest

Conflicts of interest are a major risk in defence, where a small number of companies compete for high value, opaque and relatively infrequent contracts with a small number of customers. The movement of employees between the public and private sector – or the “revolving door” – also presents significant risk. At a minimum, these risks can be controlled through comprehensive policies and procedures to identify and manage actual, potential and perceived conflicts of interest. A designated body should hold responsibility for overseeing such declarations, together with deciding how such conflicts will be mitigated. The next step is for companies to institute clear policies covering the movement of employees between the public and private sector, to guard against the underlying dangers of the ‘revolving door’.

Customer Engagement

Closed-door meetings between public officials and defence companies can be legitimate and sometimes necessary, but they also create opportunities for bribery, influence-peddling and the development of relationships which could lead to potential or actual conflicts of interest. Arms manufacturers may seek to exert influence on national governments through strategic lobbying, to increase their likelihood of being selected for a specific high-value tender or to influence policymaking. While some of these interactions may be legitimate business strategies, some may jeopardise the integrity of public office and decision-making. Furthermore, charitable donations, political contributions, gifts and hospitality can all be used as vehicles for bribery and corruption if not closely monitored or regulated. The risks associated with inappropriate customer engagement are best mitigated through robust procedures and increased public disclosure. International best practice already calls for companies to adopt clear policies to regulate political contributions, charitable donations, sponsorships; gifts, hospitality and expenses; and lobbying, to protect against the exertion of undue influence on policymakers.

Supply Chain Management

Many companies in the defence sector navigate complex supply chains, involving multiple entities and operating across different geographies and sectors. Supply chain corruption can manifest in both supplier selection, as well as contract delivery. Governments are also increasingly intervening in supply chains, requiring the use of domestic suppliers or single-source tenders, in order to create jobs, retain investment, and enhance their domestic defence industry. In many cases, this market intervention takes place in regions of the world where corporate ethics are often poor and regulation is weak. As tiers of suppliers become more remote from the principal contractor, the opportunities for corruption become greater with less clarity over issues ranging from conflicts of interest to beneficial ownership and financial transparency. The most responsible companies will assure themselves of every supplier’s beneficial ownership and ensure that each company’s anti-bribery and corruption policies are, at minimum, comparable to their own ethical standards and assisting them in improving if needs be. Best practice means including anti-bribery and corruption clauses in all contracts with significant external suppliers, with specific audit and termination rights.

Agents, Intermediaries, and Joint Ventures

The use of third parties, intermediaries, and agents in defence procurement is widely recognised as one of the most significant and pervasive bribery and corruption risks in defence. A cross-sectoral OECD study highlighted that, between 1999 and 2014, three out of four foreign bribery cases involved the improper use of intermediaries. According to the study, the majority of these cases involved the payment of bribes to obtain public procurement contracts. As such, companies that choose to use such third parties despite the risks – especially in the often secretive and opaque defence sector – must implement stringent processes to manage them. International best practice emphasises procedures to conduct enhanced due diligence on all business associates. At minimum, this should include checks to determine whether the third party (including agents, intermediaries and joint ventures) has any actual or potential conflicts of interest, past involvement in dishonest business practice, or unclear beneficial ownership. Companies should also include formal anti-bribery and corruption clauses in all contracts with third parties, providing the company with audit and termination rights.


Offsets represent one of the most opaque practices in the defence sector. The frequent lack of transparency and adequate oversight makes them one of the most profound areas of corruption risk for the sector. The opacity of offset contracting is exacerbated by its complexity, where credits and multipliers can distort the market value of the transaction. Although offset obligations are often determined by the purchasing government, there are several steps that companies can take to increase transparency and minimise the associated corruption risks. At a minimum, companies should publicly acknowledge the corruption risks associated with offset contracting and indicate that any offset partners or projects are subject to enhanced due diligence procedures.

High Risk Markets

As multinational companies develop and expand into new and emerging markets, the ability of businesses to identify and impose controls on the relevant corruption risks will continue to be a crucial part of best practice. In almost all cases, the level of risk in a particular market is determined by the depth of transparency and oversight of both the government and the defence industry. Companies operating in countries with very low transparency and oversight inevitably face a much higher risk of corruption. Therefore, the more information that companies proactively put into the public domain, the easier it is for government oversight bodies as well as public scrutiny to function effectively. Overall, current good practice for companies operating in high-risk markets tends to rely on doing “more of the same”. Measures such as enhanced due diligence and interrogation of beneficial ownership will help. However, in countries where the military effectively runs the government, and the finance ministry may have no oversight of defence procurement, greater openness is essential to mitigate the risk of corruption.

State-Owned Enterprises

State-owned enterprises (SOEs) need not pose an inherent corruption risk. However, such companies can encounter particular vulnerabilities that privately-owned companies do not. An intrinsically close relationship with the ownership entity – in this case, the state – can leave SOEs vulnerable to significant political interference. Even where companies are only partially state-owned, the potential for influence and intervention from state actors is very high. The governance structure of SOEs also creates the opportunity for anti-competitive behaviour. The evidence suggests that this results in much higher corruption risks. Adding to this, instances of corruption within SOEs can have devastating consequences on the national government, economy and general population; it can impact citizens’ trust in state institutions in a way that private company corruption scandals may not. In addition to the guidance for private companies already discussed, the most progressive state-owned defence companies should strive to: disclose the structure of its shareholder voting rights, alongside details of its shareholder ownership; follow a transparent process in the nomination and appointment of its board members; ensure that its audit committee is composed of a majority of independent directors; and, implement procedures to ensure that asset transactions are conducted according to market value.