Strengthening corporate defences against corruption in Singapore: Practical takeaways

As Singapore continues to strengthen its enforcement posture, corruption risk has become an increasingly central concern for boards, senior management and in-house legal teams.

Regulatory expectations now extend well beyond the existence of formal policies, focusing instead on whether companies can demonstrate credible, effective and lived compliance frameworks.

These themes were explored at a recent closed-door discussion in Singapore among general counsel and senior in-house lawyers, hosted by Withers KhattarWong. Drawing on the discussion, this article distils key takeaways relevant to companies operating in Singapore and across the region.

Compliance frameworks are necessary, but no longer sufficient

Most organizations are familiar with Singapore's anti-corruption architecture, including the Prevention of Corruption Act (PCA), CPIB enforcement practices and the guidance set out in PACT: A Practical Anti-Corruption Guide for Businesses. However, regulators increasingly look past whether policies exist to how they operate in practice.

"Tone from the top" must be reinforced throughout the organization

While "tone from the top" remains a cornerstone of anti-corruption guidance, participants acknowledged that senior leadership messaging can be diluted as it moves through an organization. Formal ethical statements may be undermined by:

• aggressive commercial targets
• informal workarounds tolerated in practice
• incentive structures that reward results without regard to risk

As Harjeet Kaur, Senior Associate in the white-collar crime team at Withers KhattarWong, noted, "Effective anti-corruption defences begin with senior management setting the tone; making it clear that compliance is a preventive framework, not merely a set of prohibitions."

The key takeaway is that tone from the top must be reinforced through consistent behaviour at all levels, particularly middle management, where day-to-day decisions are made.

Anti-corruption is an enterprise risk, not just a legal one

A further insight was the growing expectation that corruption risk should be managed as part of enterprise risk management rather than as a standalone legal or compliance issue. Boards are increasingly expected to understand how corruption risk intersects with:

• regional expansion strategies
• ESG and sustainability commitments
• reputational and operational resilience

For in-house counsel, this often requires reframing discussions with senior management; shifting from narrow legal compliance to broader questions of risk appetite and governance. 

Tools such as the SGX Code of Corporate Governance and international benchmarks like ISO 37001 are most effective when used to support meaningful oversight rather than as compliance checklists.

Whistleblowing systems often fail where trust is lacking

Despite widespread adoption of whistleblowing policies, many organizations continue to experience under-reporting. Participants noted that employees frequently avoid formal channels due to:

• fear of retaliation or career impact
• doubts about confidentiality or anonymity
• scepticism about whether concerns will be acted upon

Shashi Nathan, white-collar crime Partner and Joint Managing Partner at Withers KhattarWong, emphasized that responsiveness and protection are central to making whistleblowing credible. "Whistleblowing should not only be encouraged but also addressed fairly and quickly," he explained. "The fear of reprisal is real, and organizations must put in place safeguards for whistleblowers."

The discussion underscored that effective whistleblowing mechanisms depend less on policy wording and more on organizational trust. Prompt, visible and proportionate responses, even where allegations are unsubstantiated, play a significant role in encouraging future reporting.

Third‑party whistleblowing platforms are becoming a critical pillar of modern compliance systems. Pardeep Khosa, Partner and Head of Litigation at Withers KhattarWong, observed that "Independent platforms enhance confidentiality because they remove reporting from internal hierarchies, giving employees confidence that their concerns will not be intercepted, influenced, or traced back to them." This independence not only reassures employees but also strengthens the organisation's governance posture by ensuring that reports are captured, triaged and escalated through tamper‑resistant, standardized processes.

These platforms also play a crucial evidentiary role. Pardeep explained that "A third‑party system creates a clear and defensible audit trail, which allows organizations to demonstrate that concerns were properly escalated and addressed." Just as importantly, the structured intake and review mechanisms "help prevent misuse by disgruntled former employees, because all submissions are timestamped, documented and reviewed impartially," ensuring that the system cannot be weaponized or distorted by bad‑faith actors.

Third-party risk remains one of the weakest links

Third-party and intermediary relationships continue to present one of the most significant corruption risks, particularly for companies operating across multiple jurisdictions. While due diligence at onboarding is common, risks frequently emerge later through:

• changes in scope or commercial arrangements
• informal or undocumented practices
• insufficient monitoring after onboarding

Participants emphasized the importance of proportionate, ongoing oversight and clear internal accountability for third-party relationships, particularly where third parties interact with public officials or operate in higher-risk markets.

Investigations require early, disciplined decision-making

When issues do arise, early decisions around internal investigations can materially affect outcomes. Key pressure points for in-house counsel include:

• scoping the investigation appropriately at the outset
• preserving evidence while managing confidentiality
• maintaining privilege and managing internal communications
• determining when and how to engage regulators

Participants shared that organizations with rehearsed investigation protocols and clear escalation thresholds are better placed to respond effectively.

Technology supports, but does not replace, governance

While data analytics and monitoring tools can assist in detecting anomalies, there was consensus that technology should be viewed as an enabler rather than a solution in itself. Without strong governance, technology risks becoming reactive rather than preventative.

Gary Beh, corporate Partner at Withers KhattarWong, highlighted, "Internal audit functions are often best placed to pick up issues that are not immediately visible through standard reporting lines, particularly where behaviour sits in grey areas rather than obvious policy breaches." He also noted that AI-driven tools and transaction analytics are increasingly relevant in detecting harder-to-identify risk patterns, including in the context of M&A transactions, where time pressure and information asymmetry can create blind spots.

More effective programmes combine technology with:

• clear accountability and ownership
• regular training and risk awareness
• credible escalation and response mechanisms

Looking ahead

As Singapore's enforcement environment continues to evolve, corruption risk management is increasingly judged by substance rather than form. For in-house counsel, the challenge lies in translating regulatory expectations into practical, defensible systems that reflect how the business actually operates.

Organizations that invest in credibility, consistency and preparedness are better positioned not only to withstand scrutiny, but to build long-term resilience in an increasingly complex risk landscape.

If you need support navigating corruption risk or strengthening your compliance framework, our legal experts are here to guide you.