EU ratifies new anti-corruption directive in 2026
The European Union ratified a new anti-corruption directive at the end of April, one that both increases the penalties for corporate corruption and harmonizes those penalties across all 27 EU member states.
The Directive is a big deal in anticorruption compliance. Compliance officers will need to review how your ethics and compliance programs currently operate and make adjustments as necessary to ensure your program is ready to address the heightened enforcement risks introduced by the new directive.
But in our age of artificial intelligence and powerful compliance technology systems, what do phrases like “make adjustments as necessary” even mean anymore? What do you, the ethics and compliance officer, need to do? And what can – or more precisely, should – you let the technology do for you?
This is on my mind because immediately after the European Council gave its final blessing to the new directive on April 21, the usual flood of analysis ensued, with all the usual advice: compliance officers should perform a gap analysis; you should update your policies; you should strengthen your internal controls.
That advice is all correct at the abstract level. In the real world, however, compliance officers need to think more practically:
- How can I integrate the demands of this new directive into my program, given the technology capabilities I have?
- What can the tech do for me, and what are the things that only I and my staff can do?
Those are the real questions compliance officers need to ponder, for the EU Anticorruption Directive and any other new rule that comes along.
The fundamentals of responding to regulatory change
Let’s use the EU Anticorruption Directive as an example of what we mean here. The Directive’s main points are:
- It sets a single standard for criminal liability for corruption, including corporate criminal liability, across the EU
- It defines minimum penalties for corporations of at least 3% of global revenue or €24 million (5% or €40 million for certain serious offenses, including public corruption)
- It confirms the importance of whistleblowers and anti-retaliation protections for them
- It requires member states to give credit for cooperation in an investigation, and allows them also to give credit for an effective compliance program, too
So, if you’re a business operating in Europe, the arrival of the new Anticorruption Directive means your compliance program should take several steps right away. They’re mostly the same abstract snippets of advice we mentioned earlier:
- Perform a gap analysis to see whether your risk management frameworks cover all the obligations the Anticorruption Directive requires
- Update your policies as necessary to be sure they satisfy the Directive’s expectations for an effective compliance program
- Update training and messaging as necessary so that employees in Europe or who work with European customers (the Directive bans corruption against both government officials and private businesses) know what’s expected of them
- Review your internal controls for sourcing and paying third parties to assure you can identify and govern high-risk parties
Except, the four bullet points above are always true for every new regulation. The real challenge for compliance officers is to understand where you should place your focus as you “adjust your program as necessary.”
What can you entrust to AI and related technology; and what should remain in your hands so there’s a true culture of compliance, rather than a program that just exists in name only?
The goal: more automation and better adoption
These days, AI, automation, and data analytics can do a lot to help you integrate a new regulation into your compliance program. For example, you can ask it to:
- Perform that gap analysis, to help you identify where your risk management framework might come up short
- Review the demands of a new regulation, compare those demands to your current policies, identify which policies might need to be updated, and even suggest new policy language for you
- Analyze due diligence reviews or payment records, to identify patterns among your high-risk third parties
- Translate policies, procedures, codes of conduct, or training materials into other languages. (Especially useful for cross-border regulations such as the EU Anticorruption Directive!)
All of that is great. All of it will save your compliance budget precious dollars. And all of it can still leave you with a paper tiger of a compliance program.
That is, AI can create a valid compliance program for you – but only human judgment, effort, and persuasion can make that compliance program work in practice; and lead to a true culture of ethics and compliance.
And that true culture is what allows you to avoid compliance violations in the first place, which is what really saves a company money and allows it to navigate the modern business environment.
Let’s keep going with the EU Anticorruption Directive as an example.
Imagine you do find numerous instances of high-risk third parties receiving payments without proper due diligence or documentation. You’d then want to redesign your third-party risk management processes. That’s a task AI can’t do. It requires thoughtful human judgment to design a process that both reduces compliance burden and respects how employees actually work within your business, so they’re more accepting of the new process.
The Anticorruption Directive also means your business will need to pay more attention to conflicts of interest. Yes, AI can help with managing conflicts, such as bulk analysis of the most common conflicts or routing certain types of conflicts to appropriate people for review. But success will still depend foremost on your human ability to encourage trust in the system, so that employees will feel comfortable submitting potential conflicts and accepting any necessary oversight.
Third, and most important, only the compliance officer can explain – to senior management, employees, first line team leaders, union leaders, and others – why a higher standard of conduct is necessary. The goal is to shift the whole corporate culture toward a stronger embrace of ethics. AI can’t do that for you.
Conclusion
The EU Anticorruption Directive is here, and it does require a compliance officer’s attention – but let’s be more precise in how compliance officers need to address this Directive, or whatever regulation comes next.
AI, analytics, and automation will be able to handle a lot of the change management the Anticorruption Directive will require of you. Far-sighted compliance leaders will consider how they can let their compliance technology handle that, so they can focus on the bigger process and culture changes that will drive a better organization over the long term.
Learn how NAVEX can strengthen your risk and compliance program with third-party risk management, policy and procedure management, hotline and case management, training, and more to keep up with regulatory demands.
