Risky business: how stretched UK legal teams can outsmart bribery, modern slavery and sanctions risk
28 October 2025
What you need to know
- We recently hosted a roundtable with in-house lawyers in London (in conjunction with Crafty Counsel) to answer one business critical question: how do you keep your organisation safe when budgets are shrinking, headcount is frozen and the geopolitical dial won’t sit still?
What you need to do
- First, assess your financial crime risks on a regular basis. Bribery, modern slavery and sanctions risks are complex, evolving and require proactive risk-based management.
- Second, ensure your policies are robust, transparent and actionable.
- Third, test how effective your whistleblowing and investigation procedures are in practice. Although the process will look robust on paper, the only way to know if people trust it is to use it.
Setting the scene
We recently hosted a roundtable with in-house lawyers in London (in conjunction with Crafty Counsel) to answer one business critical question: how do you keep your organisation safe when budgets are shrinking, headcount is frozen and the geopolitical dial won’t sit still?
In-house lawyers from a variety of industries participated in the roundtable, representing education, financial services, retail, real estate and energy.
Despite the variety of industries represented, the concerns around the table will feel familiar to any GC running a lean team. Bribery remains the headline act, modern slavery risk is climbing the bill fast, and sanctions compliance has turned into a daily sprint. With enforcement becoming increasingly global and often leading to severe legal, financial and reputational consequences, it's no wonder these issues are keeping our in-house community awake at night.
By the end of the morning we had surfaced three clear messages and a handful of no-nonsense tactics that any team, however small, can lift and use.
Three moves you can make to turn the dial
First, assess your financial crime risks on a regular basis. Bribery, modern slavery and sanctions risks are complex, evolving and require proactive risk-based management. Engage your key stakeholders and ask: where do we interact with public officials, which suppliers sit outside our direct line of sight, and is there a risk of touchpoints with a sanctioned person or entities within their ownership or control? Even a rapid heat-map will highlight blind spots worth a deeper dive.
Second, ensure your policies are robust, transparent and actionable. Participants agreed that lengthy manuals deter compliance. Digestible guidance, reinforced with real-life scenarios, sticks better and travels faster.
Third, test how effective your whistleblowing and investigation procedures are in practice. Although the process will look robust on paper, the only way to know if people trust it is to use it. One strategy is to send an anonymous tip via your whistleblowing platform to monitor response speed and tone. It costs nothing and surfaces process weaknesses before regulators do.
Bribery: an old crime requiring modern tactics
More than half (56%) of the room told us bribery risks keeps them awake at night, and with good reason. Global enforcement is up, facilitation payments remain prevalent in certain markets, and the UK’s “failure to prevent” offence heightens the risk of criminal liability for corporates. The key point to keep in mind is that any advantage or reward can constitute a bribery; not only cash but internships, hospitality and even charitable donations.
We examined a case study in which a disgruntled employee alleged that a senior member of the team showed preferential treatment to a supplier, providing lavish gifts and hospitality. The employee claimed they were subsequently dismissed because they had previously raised concerns. Strategies for managing this situation included investigating the claims and remediating controls including whistleblowing procedures.
The key mitigant is getting ahead of these types of scenarios. Dashboard analytics can assist you to monitor “outlier” entertainment spend and gifts. Another tactic is to issue periodic business-wide communications which keep compliance front of mind for key stakeholders without “training fatigue.” What matters is embedding micro-controls that work even when compliance resources are stretched.
Modern slavery: shining a light beyond tier one suppliers
A quarter (25%) of participants ranked modern slavery as their number-one concern, and the discussion proved why. Supply chains have grown in size and complexity, third-party data can be patchy, and consumer sentiment is unforgiving when suspected issues are made public. There was agreement around the room that the obligation under the Modern Slavery Act to publish an annual statement has limited preventative effect for mitigating supply chain risks on a day-to-day basis.
We discussed a case study where an anonymous source alleged a supplier's products are made overseas with forced labour. Suggested strategies to respond to the issues include investigation and engagement with the supplier in question. It was also agreed that future-proofing measures need to be adopted, including a review of procurement controls and enhancements to supplier due diligence, as well as implementing organisational whistleblowing mechanisms.
Companies across industry sectors should be working to increase their visibility of compliance risks downstream and beyond direct counterparties in the supply chain.
This should include mapping and assessing your supply chains for risk (for example, through ongoing monitoring or audit rights), and undertaking due diligence before signing on new suppliers. It is also important to communicate and document your organisation's expectations. Finally, remediation trumps finger-pointing. If a partner stumbles, step in, fix and document: that’s what regulators, investors and customers want to see.
Sanctions: managing the geopolitical roller-coaster
Sanctions continue to evolve at pace, thereby creating compliance challenges. The Russia regime alone has seen over a dozen major updates since 2022, and the EU will shortly criminalise serious breaches in every Member State. For small teams, tracking changes and ensuring internal procedures and rules are kept up-to-date are the key priorities.
The group considered a case study in which a new IT service provider requested a right to transfer an organisation's data to a sub-supplier in a high-risk jurisdiction. There are a variety of risks in this scenario, including sanctions breaches, concerns over data security and reputational harm.
Spotting ownership links—remember the 50 per cent rule—takes more than a Google search. One option is to utilise procurement’s ERP system to run automated screenings each time a vendor record is created or changed. Another is to engage with your external counsel to keep abreast of changes to sanctions regimes and relay the key updates to frontline staff.
Another concern raised was the potential for discrimination that arises when people from high-risk jurisdictions set-up companies in another jurisdiction. The answer lies in thorough due diligence of ownership, control and operational activities. This allows you to assess the actual risk posed by all suppliers in a clear, transparent and objective manner.
Looking ahead
All three risk areas share a cruel twist: your workload tends to spike just as budgets tighten. Yes, the risks are complex and the stakes are high, but the tools exist for legal teams of all sizes to mitigate the risks effectively. The trick is to stay curious, lean on your peers and call in extra hands when the tide rises.
In the meantime, if the compliance to-do list is outgrowing your headcount, let’s talk. Ashurst combines legal, risk and NewLaw to deliver comprehensive and solutions-oriented support. Ashurst Reach can match pre-vetted lawyers for your in-house team when audits loom, investigations flare up, or your policy review is overdue. Together we can turn risky business into smart business.
Want to know more?
The role of in-house legal teams – and the roles of the lawyers within those teams – are increasingly becoming broader, more business-embedded, and multi-disciplinary in nature. It is clear that the traditional boundaries that previously existed between in-house legal teams and other business units are blurring.
As the global economy continues to reel from pandemic-related measures, geopolitical instability and high inflation, we explore the key measures in-house legal teams can implement to thrive in challenging market conditions.
