To protect its publicly funded projects against fraudulent and corrupt practices, the World Bank established the Integrity Compliance Office (ICO) in 2010 as part of the Integrity Vice Presidency (INT). The ICO supports sanctioned companies in implementing compliance measures and independently decides on the lifting of sanctions on the basis of the Integrity Compliance Guidelines. These Guidelines are aligned with international best practices, which are applied on a company-specific basis in assessments. They broadly correspond to frameworks such as those of the U.S. Department of Justice or the UK Serious Fraud Office, which has also recently updated their guidance, but are specifically tailored to projects financed by the World Bank.
At the end of 2025, the ICO announced the first revision of the Integrity Compliance Guidelines in 15 years. The amendments are extensive. The Guidelines are now structured into the thematic areas of “Fundamental Principles” and “Internal Controls”.
Key amendments to the Guidelines:
- Consideration of Obstructive Practices
Obstructive practices by companies may now not only be sanctioned but are also classified as misconduct in the context of an investigation, alongside fraud, corruption, collusive practices and coercion. Companies should therefore ensure – through training programs and internal communications, for example – that their employees provide the necessary information promptly, comprehensively and truthfully during INT investigations.
- Risk Assessment Criteria
The revised Guidelines further provide that companies should “ideally” conduct risk assessments on an annual basis. The scope of such risk assessments is described in considerable detail and is to encompass the entire workforce, all business activities and transactions. In addition, the technologies used (such as AI-based tools), their reliability and confidentiality, as well as cooperation with other companies (for example, in joint ventures) and business partners must be taken into account. Insights gained from the company’s own experience and from comparable companies are likewise to be considered. The Guidelines emphasize that senior management, compliance personnel and other individuals responsible for the design, implementation and monitoring of the compliance management system should be actively involved in the risk assessment process, with particular emphasis placed on the role of middle management.
- M&A Due Diligence
Newly acquired entities are to be subjected to an integrity risk assessment in light of any potentially significant compliance issues. This includes reviewing the provision of additional resources to ensure compliance and considering a possible conditional withdrawal from the transaction in the event that substantial compliance deficiencies are identified. Accordingly, the Guidelines call for the prompt and comprehensive integration of the acquired entity into the acquirer’s compliance management program.
- Segregation of Duties in Business Development
New internal controls are intended to ensure that competitive bidding processes under competition law are based on accurate and complete information, are conducted in compliance with applicable laws, and are free from misconduct. These requirements are driven by World Bank investigations into false statements regarding references, curricula vitae and experience. The Guidelines further require a clear separation of sales-related functions from tasks connected with the preparation and submission of bids.
- No Substantive Changes for Whistleblower Protection in the EU
With respect to whistleblower protection, the Guidelines set out specific criteria that will not be new to companies subject to the EU Whistleblower Directive 2019/1937 or the German Whistleblower Protection Act (HinSchG). Companies must provide secure and confidential reporting channels and may also allow for anonymous reports. External third parties and business partners should likewise be able to report violations. Retaliation against whistleblowers and individuals supporting investigations is expressly prohibited.
- Identification of Politically Exposed Persons
The revised Guidelines expand the concept of corruption to include politically exposed persons, i.e. individuals entrusted with prominent public or political functions, as well as their immediate family members and close associates. This broader scope is intended to comprehensively prevent conflicts of interest and improper financial relationships with politicians who are not (or no longer) part of a governing body or formally appointed as public officials, but who are currently active or in office.
- Due Diligence for Donations and Sponsorships
The new Guidelines tighten controls on political donations beyond mere legality and transparency by introducing risk-based reviews as well as management and compliance approvals. This also applies to donations and sponsorships more generally, which may be supplemented by written agreements containing integrity-related obligations.
What Should Affected Companies Do?
Companies involved in World Bank projects, in particular those that have been sanctioned by the World Bank, should review their compliance frameworks and management systems and align them with the updated Guidelines and the relevant global standards, not least to avoid competitive disadvantages. To this end, companies should be able to demonstrate an adequate and risk-based integrity compliance program that includes due diligence procedures and business partner screenings. The use of, and reliance on, AI assistants and chatbots should be critically assessed. With regard to risk assessments, companies operating with shorter review cycles should not feel compelled to extend them to match the World Bank’s annual cycle.
We would be pleased to assist you with an independent review and enhancement of your existing compliance management system (CMS) or to support you in establishing an appropriate CMS.
Authors: Julia Kahlenberg, Luisa Tregner & Theresa Schöfl.