Anti-Bribery Policy (Ireland)

An Anti-Bribery Policy in Ireland sets out the standards, responsibilities, and procedures the organisation expects everyone to follow, under the framework of the Data Protection Act 2018.

The Criminal Justice (Corruption Offences) Act 2018 consolidated and modernised Irish anti-corruption law, repealing the Prevention of Corruption Acts 1889 to 2010 and implementing Ireland's obligations under the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, the Council of Europe Criminal Law Convention on Corruption, and the United Nations Convention Against Corruption (UNCAC). The 2018 Act creates a thorough range of criminal offences covering active bribery (offering or giving a corrupt advantage), passive bribery (requesting or accepting a corrupt advantage), trading in influence, corruption in office or employment, and the bribery of foreign public officials.

A defining feature of the 2018 Act is the corporate liability provision in section 18. Where a person connected with a body corporate commits a corruption offence with the intention of obtaining or retaining business or a business advantage for that body corporate, the body corporate itself commits an offence. The maximum penalty for a body corporate convicted under section 18 is an unlimited fine. The critical 'adequate procedures' defence — available where the organisation can prove it took all reasonable steps and exercised all due diligence to prevent the offence — makes a documented, thorough anti-bribery policy not just good governance practice, but a legal necessity for any Irish organisation of substance.

The Policy applies to all directors, officers, employees (full-time, part-time, and temporary), contractors, consultants, agents, and any other person acting on behalf of the organisation. It applies to conduct in Ireland and abroad — the 2018 Act has extraterritorial reach in respect of certain offences. The Policy must be adopted at board level, communicated to all staff, supported by regular training, and reviewed at least annually.

IBEC, Ireland's national employer body, has published detailed guidance on implementing adequate procedures under the 2018 Act. Leading Irish law firms advising on corporate compliance recommend that the policy be accompanied by a documented bribery risk assessment, a gifts and hospitality register, a third-party due diligence procedure, and a confidential reporting channel (in accordance with the Protected Disclosures Acts 2014–2022, which protect whistleblowers who report corruption offences).

The Data Protection Commission (DPC) may also be relevant where the policy involves monitoring employee communications or processing personal data in connection with corruption investigations — the organisation must comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Data Protection Act 2018 when conducting any such monitoring or investigation.

Ireland has also ratified the United Nations Convention Against Corruption (UNCAC) and the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, meaning that Irish law must meet the international standards set by those instruments. The Criminal Justice (Corruption Offences) Act 2018 reflects these obligations. Organisations operating across jurisdictions should also be aware of the UK Bribery Act 2010, which has extraterritorial reach and may apply to Irish companies with operations in or connections to the United Kingdom. The Irish Government has also published a National Anti-Corruption Action Plan, coordinated by the Department of Justice, which sets out the strategic framework for anti-corruption enforcement in Ireland across the public and private sectors. Compliance with this framework, and with the IBEC guidance on adequate procedures, is essential for Irish organisations that wish to demonstrate ethical governance and to protect themselves from the severe reputational, financial, and criminal consequences of corruption offences under the 2018 Act.

An Irish Anti-Bribery Policy is needed by every organisation that operates in Ireland, regardless of size or sector, because the corporate liability offence under section 18 of the Criminal Justice (Corruption Offences) Act 2018 applies to any body corporate carrying on business in or from Ireland. However, the urgency and complexity of the policy will depend on the organisation's specific risk profile.

You need an Anti-Bribery Policy if your organisation: employs staff who interact with public officials, government bodies, or local authorities in connection with procurement, licensing, planning, or regulatory approvals; operates in sectors historically associated with elevated corruption risk, such as construction, infrastructure, healthcare, pharmaceuticals, defence, or financial services; engages agents, distributors, or consultants who act on its behalf, particularly in overseas markets; participates in competitive public tender processes governed by the European Union procurement directives and transposed into Irish law by the European Union (Award of Public Authority Contracts) Regulations 2016 (S.I. No. 284 of 2016); is subject to oversight by a regulatory body such as the Central Bank of Ireland, the Health Information and Quality Authority (HIQA), or the Competition and Consumer Protection Commission (CCPC); or has experienced a bribery or corruption concern (whether reported or investigated) and wishes to demonstrate remediation to regulators or prosecutors.

Organisations listed on Euronext Dublin (formerly the Irish Stock Exchange) or that are subsidiaries of listed companies are typically subject to additional compliance requirements under the Market Abuse Regulation (MAR) (Regulation (EU) 596/2014) and the rules of their listing authority, which mandate disclosure of material legal risks including corruption exposure. These organisations will need a more sophisticated anti-bribery policy supported by a compliance function, regular audits, and board-level oversight.

For smaller SMEs and micro-enterprises, a proportionate anti-bribery policy — one that is shorter and simpler but addresses the key risk areas — remains necessary. The IBEC guidance makes clear that the adequacy of procedures is assessed relative to the organisation's size and risk profile, so a smaller organisation will not be expected to have the same elaborate infrastructure as a multinational corporation. However, having no policy at all is indefensible if a corruption offence is committed by an associated person.

Solicitors and accountants who advise Irish organisations on compliance regularly recommend that an anti-bribery policy be adopted as part of a broader compliance framework alongside a conflict of interest policy, a gifts and hospitality register, a whistleblower policy, a code of conduct, and staff training records.

Under the Companies Act 2014, the Companies Registration Office (CRO) maintains the register of Irish companies. Section 343 of the Companies Act 2014 sets annual confirmation obligations. The Competition and Consumer Protection Commission (CCPC) enforces the Consumer Rights Act 2022. The Central Bank of Ireland regulates financial services under the Central Bank Act 1971. The High Court of Ireland has jurisdiction under Section 212 of the Companies Act 2014.

A thorough Irish Anti-Bribery Policy should contain several essential provisions to satisfy the 'adequate procedures' defence under section 18(3) of the Criminal Justice (Corruption Offences) Act 2018 and to provide effective guidance to all persons covered by the policy.

The purpose and scope clause sets out the objectives of the policy (zero tolerance for bribery and corruption, protection of the organisation's reputation, compliance with Irish and applicable foreign law) and specifies the categories of persons to whom it applies: directors, employees, contractors, agents, and all other persons acting on behalf of the organisation in Ireland or internationally.

The definitions clause defines key terms — bribery, corruption, advantage, public official, facilitation payment, hospitality — by reference to the Criminal Justice (Corruption Offences) Act 2018. Clear definitions confirm that all staff understand the scope of the prohibited conduct and are not misled by euphemisms such as 'commissions', 'service fees', or 'introductory payments'.

The prohibition clause provides an unequivocal statement that the organisation has zero tolerance for bribery and corruption in all its forms, whether direct or indirect, in Ireland or abroad, and whether involving public officials or private sector counterparties. The clause should expressly prohibit: offering, promising, or giving bribes; accepting or requesting bribes; making or authorising facilitation payments; making or authorising political donations that could constitute corrupt payments; using a third party as a conduit for bribery.

The gifts and hospitality clause establishes the organisation's rules for giving and receiving gifts, hospitality, and entertainment. The clause should set monetary thresholds (for example, EUR 50 per gift, EUR 100 per hospitality occasion), require disclosure to a line manager above the threshold, mandate recording in a gifts and hospitality register, and prohibit gifts or hospitality given to or received from any person at a time when a procurement decision is pending or a regulatory matter is under consideration.

The third-party due diligence clause requires that all agents, distributors, joint venture partners, and other third-party intermediaries are subject to a risk-based due diligence assessment before engagement and periodically thereafter. The clause must require that all third-party contracts include anti-bribery representations, warranties, and termination rights.

The reporting and investigation clause establishes the process by which suspected bribery or corruption must be reported — typically to a designated compliance officer, to the board audit committee, or through the organisation's confidential whistleblower reporting channel. The clause must confirm that reports made in good faith will not give rise to retaliation, consistent with the Protected Disclosures (Amendment) Act 2022 (which came into operation on 1 January 2023 and substantially expanded the 2014 Act, transposing the EU Whistleblowing Directive). Private sector organisations with 50 or more employees must now establish formal internal reporting channels, designate an impartial person to handle disclosures, acknowledge reports within seven days, and follow up diligently. The Office of the Protected Disclosures Commissioner (held by the Ombudsman) handles external reports. The burden of proof in penalisation proceedings now lies on the employer under the 2022 Act. The organisation's process for investigating reports, preserving evidence, and, where appropriate, reporting to the Garda Síochána or the Corporate Enforcement Authority (CEA — formerly the ODCE, reconstituted under the Companies (Corporate Enforcement Authority) Act 2021) should also be outlined.

The consequences of breach clause specifies that violations of the policy will result in disciplinary action up to and including summary dismissal, and that the organisation will report suspected criminal conduct to the relevant authorities and cooperate fully with any investigation. This clause deters misconduct and demonstrates the organisation's commitment to compliance.

The training and awareness clause requires that all persons covered by the policy receive anti-bribery training proportionate to their role and risk level, and that training records are maintained by the compliance officer. New employees must complete training during induction, and annual refresher training should be provided to all staff, with enhanced training for those in high-risk roles such as procurement, sales, and client-facing positions. Evidence of completed training — attendance records, e-learning completion certificates, and assessment results — forms a key component of the documented adequate procedures that underpin the corporate defence under section 18(3) of the Criminal Justice (Corruption Offences) Act 2018. Without evidence of training, an organisation will struggle to demonstrate adequate procedures even if it has a well-drafted written policy. The forms-legal.com Anti-Bribery Policy (Ireland) template covers the mandatory elements under Companies Act 2014.