Asset Management – Compliance & ESG | Major increase expected in Norwegian corporate fines for lack of risk-based anti-corruption programmes

With the recent launch of its dedicated anti-corruption unit, ØKOKRIM has published a draft of its first public guidelines on corporate penalties in international corruption cases. This marks the first formal statement of ØKOKRIM’s expectations for companies seeking lower penalties. In practice, it also establishes welcomed guidance for anti-corruption compliance programmes. Although corruption may not seem like the most critical risk for Norwegian asset managers, non-compliance within a portfolio company can still result in severe consequences. In this newsletter, we highlight key points from the draft guidelines and consider their potential impact on Norwegian asset managers, including implications for investment decisions and portfolio management.

Background

ØKOKRIM and the Norwegian Attorney General have been tasked with developing guidelines for determining corporate penalties in international corruption cases (the Guidelines). A draft was published for public consultation on 6 June 2025. The Guidelines clarify ØKOKRIM’s expectations for an effective anti-corruption programme and should, therefore, be regarded as the primary benchmark for anti-corruption efforts going forward.

Although corruption may not initially appear as the most pressing risk for Norwegian asset managers, the repercussions of non-compliance in a portfolio company can be severe. Depending on the circumstances, a corruption case may be viewed as a sign of inadequate oversight by the manager. Managers rely on their investor’s trust as a licence to operate. Corruption cases can effectively undermine that trust or trigger scrutiny, investigations, and lengthy processes that disrupt business and fundraising.

For institutional investors, such cases may be a decisive factor in withholding investment. In addition, many fund mandates prohibit investing in companies that have been found culpable of corruption under particular conditions, risking mandate breaches. From a regulatory standpoint, corruption issues in a portfolio can hinder access to certain international markets, including the US, making fundraising more difficult. In an already challenging fundraising climate, this additional scrutiny can be the deciding factor.

Key highlights

Major increase expected in Norwegian corporate fines

When determining the criteria for calculating fines, ØKOKRIM looks to practices in the UK, France, the Netherlands, and the U.S. Particularly in the U.S. corruption offenses have been heavily fined. For instance, in 2020, Goldman Sachs consented to pay over 2.9 billion USD as part of a coordinated settlement with criminal and civil authorities. The Swedish Ericsson agreed to pay total penalties of more than 1 billion USD to resolve a corruption case in 2019. The calculation method suggested in the Guidelines indicates that the level of fines will dramatically increase going forward in Norway.

Effective anti-corruption programmes and self-cleaning measures can substantially reduce penalties

It is now clear that effective anti-corruption compliance programmes are likely to benefit companies in several ways. ØKOKRIM indicates that companies may receive up to a 50% penalty reduction for self-reporting corruption, depending on factors like timing and completeness. Self-reporting is to a large extent facilitated by an effective anti-corruption compliance programme, which includes robust whistleblowing and investigation procedures.

Furthermore, based on the Norwegian Penal Code, Norwegian authorities shall place significant weight on a company’s anti-corruption policies and procedures when determining whether and to what extent the company should be penalized. Also, self-cleaning measures initiated after corruption was identified may result in leniency, as demonstrated in the Norconsult-case.

BAHR comments

Preventive compliance efforts are recognised as crucial in decisions to initiate investigations and determine potential fines. These signals should heighten the awareness of asset managers about the importance of appropriate anti-corruption efforts in the portfolio.

A strategic approach to compliance based on the specific asset class is essential. For example, venture funds may not have operational control and hence have less ability to influence a company after investment. Therefore, they are dependent on assessing anti-corruption compliance prior to making an investment. Buyout strategies, on the other hand, offer controlling stakes in portfolio companies, enabling more comprehensive oversight of internal controls, policies, and training programmes. Because buyout managers typically engage more closely in day-to-day operations, they must be particularly vigilant in identifying and mitigating corruption risks, with typical high-risk areas including sourcing and contracting, sales, joint venture and other partnerships, and international expansion.

The scope of anti-corruption efforts also depends on the risk profile of each mandate. Investments in higher-risk sectors – where the use of agents, distributors, or reliance on public licences is common – often demand more intensive preventive measures compared to mandates focusing on small, privately held Norwegian companies.

Regardless of the investment strategy, asset managers should adopt a systematic approach to due diligence, conducting targeted risk assessments to identify potential exposure both before and after an investment is made. The following high-level measures should form part of such a process:

A qualitative assessment (health check) of existing anti-corruption programmes against the criteria outlined in the Guidelines. For new investments, this should be carried out in the due diligence. For existing investments, a gap analysis should be initiated. The process should be based on a structured methodology and tools to ensure a robust foundation for identifying and comparing material gaps across the portfolio.
Based on the outcome of the assessment, support portfolio companies in the implementation of a program compliant with the Guidelines, with focus on higher risk areas:
- Regular compliance risk assessments and action plans;
- Independent compliance function with defined roles and resources;
- Tailored policies and guidance material based on risk exposure;
- Tailored, risk-based training and awareness raising programmes;
- Incentive schemes encouraging adherence to company guidelines, and a clear “tone from the top” demonstrated by management;
- Risk-based due diligence processes and monitoring of business partners including agents and joint venture partners;
- A structured process for reporting and handling of concerns (whistleblowing), including escalation procedures;
- If corruption has been confirmed: consistent sanctions and disciplinary actions of individuals involved, and careful evaluation of the advantages and disadvantages of self-reporting; and
- Specific controls and monitoring activities to test the effectiveness of risk mitigation measures and the programme as such.
Independent audits and spot checks should be performed where the risk is higher or if red flags are identified.

Example of a holistic, risk-based anti-corruption compliance programme at portfolio level, based on legal requirements, the Guidelines, and best practice: