Sectoral Licences (Telecom/BTRC) in Bangladesh: The Complete 2025 Playbook for Every Kind of Company
By TRW Law Firm — Telecom, Technology & Cross-Border Practice (Dhaka & Dubai)
Why this guide
If your business touches connectivity—whether you run a bank with data centers, an e-commerce marketplace, a factory with private radios, a logistics fleet with trackers, or a telecom operator—you are inside the Bangladesh Telecommunication Regulatory Commission (BTRC) universe. BTRC controls who may provide telecom services, use radio frequencies, import equipment, and operate networks. Getting the licensing right is not just “paperwork”; it’s how you unlock numbering resources, spectrum, interconnection, short codes, and lawful network operations without disruption.
This is a comprehensive, practical manual that explains BTRC licence categories, who needs what, step-by-step application checklists, ongoing obligations, renewals, and common traps. It’s written for operators, ISPs, fintechs, exporters, contact centers, logistics and mobility, industry/enterprise networks, media/content players, and for foreign companies entering Bangladesh.
Numbers, fees, formats and timelines can change by circular or guideline. Treat this as your operating blueprint and verify the latest specifics during filing.
How BTRC’s ecosystem is structured (plain English)
Service licences let you provide telecommunication services to others (e.g., ISP, IPTSP, IIG, ICX, IGW, MVNO, tower company, call center/BPO, VAS/VSP, NTTN).
User/enterprise licences & authorisations let non-operators use telecom/radio resources for their own operations (e.g., private VHF/UHF radios, microwave links for factories, VSAT user terminals, vehicle tracking service use).
Spectrum assignments and numbering resources are tied to licensed services or authorised uses.
Type approval & import NOC control the devices/equipment you can bring into the country or connect to networks (handsets, BTS, routers, radios, satellite terminals, IoT devices).
Codes & identifiers (short codes, M2M ranges, toll-free numbers, A2P sender IDs, IP addresses through IIG/ISP, ASNs where applicable) are allocated after the correct licence is in place.
Security & compliance rails sit underneath everything: KYC/SIM/IMEI, data retention, lawful interception, emergency services, QoS reporting, outage notifications, and cyber incident coordination.
Big map of BTRC licence baskets
Below is a practitioner’s taxonomy. Exact names sometimes vary across guideline versions; use the descriptions to locate your fit.
A) Infrastructure & backbone
NTTN (Nationwide Telecommunication Transmission Network) – national fibre backbone and duct infrastructure with open access obligations; rights-of-way (RoW) across highways/railways/utilities; strict QoS and sharing rules.
Telecommunication Tower Company – passive infrastructure provider (towers, power, shelters) with mandatory co-location and standard pricing frameworks.
International Terrestrial Cable (ITC)/Cross-Border Fibre – cross-border links to India/Myanmar for IP transit; interconnects to IIGs and ISPs under approved capacity/PoP plans.
B) International gateways & interconnect
IIG (International Internet Gateway) – upstream internet capacity into Bangladesh, interfacing with BSCCL/cable landing stations or cross-border peers; supplies IP transit to ISPs/large enterprises.
IGW (International Gateway for Voice) – international voice termination/origination; anti-fraud systems, SH/CLI requirements, lawful interception.
ICX (Interconnection Exchange) – domestic voice switching hub between operators; handles call routing, ensures LNP/MNP consistency, provides CDRs to BTRC as required.
C) Access networks & retail service providers
MNO (Mobile Cellular Operator) – full mobile licence with spectrum; RAN/core rollout obligations; USO and emergency services; SMP remedies if dominant.
MVNO (Mobile Virtual Network Operator) – retail services using host MNO radio access; requires reference access agreement; KYC, billing, QoS, complaint handling similar to MNO light.
ISP (Internet Service Provider) – typically tiered by geography (Nationwide/Divisional/District/Thana) and sometimes by access tech (wired/wireless). Rights to last-mile, IP transit purchase from IIG, address pool management, QoS and peering obligations.
IPTSP (IP Telephony Service Provider) – fixed/nomadic voice over IP numbers; E.164 numbering blocks, 09-series or as allocated; emergency calling support and lawful-interception capable.
Cable/MSO & IPTV over managed networks – where TV distribution uses telecom resources; interplay with media regulator for content carriage; QoS and customer care obligations.
Call Center/BPO Licence – Domestic and International call center operations; predictive dialers, DID allocation, CLI, Do-Not-Disturb adherence, recording retention and privacy safeguards.
VAS/VSP (Value-Added Service/Service Provider) – ring-tone/CRBT, missed-call alerts, infotainment, USSD/IVR apps, in-network content and service aggregation with MNO/ISP integration.
E) Satellite, fixed wireless & special access
VSAT Provider / VSAT User – satellite hub operators and enterprise terminals for remote regions, offshore, DR/backup links; earth-station specs and frequency coordination.
GMPCS/LEO Constellation Gateways – licensing/authorisation for non-terrestrial networks (e.g., L-band mobiles, emerging LEO broadband) including landing rights and gateway stations.
Fixed Wireless Access / Microwave Links – point-to-point or point-to-multipoint links for operators or enterprises (licensed bands), with coordination, hop planning and interference control.
F) IoT/M2M, telemetry & tracking
VTS (Vehicle Tracking Service) – telematics platform and SIM/A2P integration; map data localisation, 24×7 monitoring, LEA access, data retention, and device homologation.
IoT/M2M Service Authorisation – device network management platforms; numbering/resource ranges for M2M; security and KYC of embedded SIMs/eSIMs; remote management obligations.
G) Private radio & special users
Private Land Mobile Radio (PLMR) / VHF/UHF – walkie-talkies and base stations for factories, hotels, ports, logistics; frequency assignment, ERP limits, site clearance, call signs.
Maritime & Aeronautical Stations – ship and aircraft radio licences, EPIRBs, AIS/ADS-B, distress frequencies; operator certificates and station logs.
H) Numbering, codes, and identifiers (ancillary allocations)
Numbering blocks (IPTSP, fixed, mobile virtual)
Short Codes (customer care, emergency, helplines; e.g., 10xx/16xxx families)
Toll-free and shared-cost numbers
A2P Sender IDs and USSD codes
I) Equipment control & market access
Type Approval (TA) – homologation for telecom equipment: 3GPP/ETSI/FCC-style conformity, SAR/RF tests, EMC/LVD, device labelling, CEIR/IMEI alignment for handsets.
Import NOC – shipment-specific approvals for BTS, radios, routers, satellite dishes, IoT devices, SIMs/USIMs/eSIM profiles, batteries and special power systems.
Choosing the right path: who needs which licence?
Banks/fintechs/data-heavy enterprises: Usually don’t need a service licence unless selling connectivity; but you do need (i) Type Approval & Import NOC for network gear, (ii) private radio authorisations if you use VHF/UHF, (iii) short code/A2P allocations for customer messaging, and (iv) leased capacity from NTTN/ISPs/IIGs compliant with BTRC guidelines.
E-commerce/retail platforms: Often require A2P/SMS hub arrangements (either via an aggregator licence holder) and short code; if you run an in-house call center, secure the Call Center/BPO licence.
Factories/ports/logistics: Private radio licence (VHF/UHF), VTS authorisation for fleet, and microwave links if inter-site connectivity uses licensed bands; import NOC for radios and antennas.
Media/content/OTT: If you rely on USSD/IVR/CRBT or in-network apps, you may need VAS/VSP. Content carriage is co-regulated; plan for both telecom and media permissions.
ISPs: The core is the ISP licence in the right geography tier, IP transit contracts with IIGs, peering/IX if applicable, and sometimes microwave or FTTx build approvals and numbering for IPTSP if you offer voice.
Satellite connectivity: If you resell satellite broadband or operate hubs, you need VSAT Provider or landing rights/GMPCS authorisations, plus Type Approval for terminals.
Telecom operators/infrastructure: Depending on your model, one or more of MNO/MVNO, NTTN, Tower, ICX/IGW/IIG, IPTSP, and associated spectrum & numbering.
The end-to-end application playbook (works across licences)
1) Corporate & eligibility groundwork
Local company: Most service licences require a Bangladesh-incorporated entity with defined paid-up capital and local office. Foreign investors should plan an SPV with compliant shareholding (watch any sector-specific caps/fit-and-proper criteria).
Directors & shareholders: Provide e-TINs, photo IDs/passports, bank solvency, affidavits, and security vetting forms (especially for gateway/spectrum-heavy categories).
Financials: Audited statements (or founders’ net-worth evidence for newcos), bank certificates, project capex/opex plan, source of funds.
2) Technical & rollout plan
Network architecture: topology diagrams, PoPs, capacity, redundancy, LI (lawful interception) interfaces, QoS monitoring tools, data retention systems.
Coverage & milestones: roll-out schedule by district/division; site counts; fibre route km; tower tenancy projections.
Interconnects: upstream/downstream partners (e.g., BSCCL/IIG for IP; ICX for voice; NTTN for backhaul).
Numbering/spectrum needs: ranges requested, bands/blocks, justification with traffic forecasts.
3) Compliance & consumer protection
KYC & privacy: SIM/subscriber registration (for MVNO/MNO), enterprise customer onboarding for IPTSP/ISP, data-retention and LEA interface SOPs, complaint handling, and refund/escalation.
Security & resilience: NOC/SOC plans, cyber incident response, DDoS mitigation, DR sites, power/backup, and EMP/EMF safety compliance at sites.
Prescribed application form and fee (bank draft or online).
Corporate documents (COI, MoA/AoA with relevant objects, trade licence, tax/VAT).
Board resolution authorising the application and responsible signatories.
Technical proposal with network, security, and compliance annexes.
Environmental & site notes where applicable (tower/fibre).
Undertakings/affidavits on code of practice, anti-fraud, DND, child protection, and emergency services.
5) Engagement & vetting
Expect queries from the licensing wing on technical, financial, or security clarifications.
For spectrum or landing rights, frequency coordination and interference studies may be requested.
For tower/NTTN/fibre builds, rights-of-way approvals with local authorities/utility owners will be required in parallel.
6) Grant, fees, bank guarantees & go-live
After approval in principle, you will deposit initial fees and Performance Bank Guarantees (PBG); then receive the Licence with conditions and assigned identifiers (numbering/spectrum/codes).
Before commercial launch, you may need a readiness inspection (NOC, LI, QoS probes, customer care, billing) and sample test call/test traffic logs.
Ongoing obligations most licence-holders forget (and pay for later)
Annual/renewal fees and timelines; late payment penalties escalate quickly.
Lawful interception (LI): keep LI interfaces tested and staffed 24×7; privacy segregation; secure chain-of-custody for CDRs/IDs.
Data retention: maintain CDRs, IP-DRs, logs for the mandated durations; segregate high-sensitivity datasets; audit trails for access.
Outage & incident reporting: notify significant outages, cyber incidents, fraud events; maintain a single incident register for regulator and sector supervisors (e.g., Bangladesh Bank for PSPs).
Spectrum compliance: pay spectrum charges on time; stay within ERP limits; renew frequency assignments; keep RF logbooks and measurement reports.
EMF/RoHS & site safety: EMF exposure compliance at towers; hazard signage; grounding and lightning protection; fuel storage norms.
Key traps: resale without sub-licensing; unmanaged resellers; poor KYC; misuse of public IPv4 pools; inadequate LI support.
2) IPTSP (IP Telephony Service Provider)
Scope: Fixed/nomadic VoIP services within Bangladesh with allocated number ranges; emergency calling support; interconnect to ICX/MNO as per interconnect regime.
11) Private Radio (VHF/UHF), Microwave, Maritime/Aero
Private radios: factory/port/hotel operations; channel plan, base station power, antenna heights, coverage maps; annual frequency charges; site inspections.
Pitfalls: shadow SIMs without KYC; data exports without transfer safeguards; device radio interference.
13) Type Approval & Import NOC
Type Approval: submit datasheets, test reports, certifications (RF/SAR/EMC/LVD/3GPP/ETSI), software/firmware declarations, labels/IMEI for handsets.
Import NOC: shipment-specific; must match Type Approval; quantities, HS codes, serial ranges; ensure CEIR/IMEI preregistration for handsets.
Pitfalls: importing “look-alike” models not covered by TA; mixing frequency variants; missing battery safety documents.
Spectrum: planning, paying, and preserving it
Assignment & renewal: Spectrum is assigned per licence category; you pay initial and annual charges; renew before expiry to avoid re-farm risk.
Interference control: perform link planning; keep frequency logs; cooperate in coordination exercises; remediate harmful interference promptly.
EMF safety: maintain measurement records at sites; publish public notices where required; respond to community concerns with data.
Refarming & migration: prepare for band replans; budget for retuning/replacements; maintain multi-band strategy for resilience.
Numbering & codes: do it once, do it right
Allocation: justify ranges with demand forecasts; meet utilisation ratios before requesting more; align numbering with retail packs and CRM.
Short codes: clearly disclose tariffs; map IVR trees; ensure capacity; include Bangla prompts; integrate with DND and emergency exceptions.
A2P Sender IDs: register alpha tags; block look-alikes of banks/brands; throttle suspicious spikes; provide complaint portals.
Lawful interception, data retention & cybersecurity: the non-negotiables
LI: ETSI-style handover interfaces; delivery to LI centre as directed; keep systems tested with logs; dual-control access; strict privacy segregation.
Data retention: store CDRs, IPDRs, session logs, subscriber KYC records for the prescribed periods; ensure secure, immutable storage with audited access.
Cybersecurity: incident classification matrix; 24×7 SOC/NOC; DDoS playbooks; patch SLAs; supply-chain risk for vendors; coordinated disclosure with authorities for major events.
Foreign companies: market entry and operating models
Pick the right legal vehicle: Most service licences require a Bangladesh company. Representative/liaison offices cannot hold telecom service licences.
Ownership & fit-and-proper: Some categories historically imposed local ownership or fit-and-proper tests; plan shareholding accordingly; vet directors.
JV vs. wholesale: If you’re testing the market, consider wholesale/reseller or platform partnerships while you prepare a full licence application.
Data & security: Be prepared for local log retention, lawful-interception capability, and on-shore elements (e.g., data mirrors, KYC).
Equipment: Align device portfolios to Type Approval variants for Bangladesh bands; avoid importing global SKUs that fail local band plans.
Common failure modes (and how to avoid them)
Wrong licence class (e.g., running a call center over a regular ISP line without call center authorisation).
Reseller chains without KYC or sub-licence control, leading to spam/grey traffic issues traced back to you.
Grey route exposure in voice/SMS through uncontrolled partners; penalties can be severe.
Type Approval gaps—importing equipment covered by a similar but not identical certificate.
Spectrum/EMF non-compliance—no RF audits; community complaints lead to site shutdowns.
Under-invested LI interface—tests fail; licence renewal delayed.
Missed renewals/fees—avoidable suspensions and penalties.
Incomplete outage reports—erodes regulator trust; affects renewals and tariff filings.
Documentation checklists you can copy
Universal filing pack (service licences)
Application form + fee proof
Certificate of Incorporation, MoA/AoA (telecom objects present), trade licence, TIN/VAT
Full internal audit of KYC/DR/LI/retention controls
Business continuity drill; disaster recovery site failover test
Policy refresh (spam/DND, privacy, security)
Training for operations, SOC/NOC, customer care on new rules
Practical FAQs (fast answers you’ll actually use)
Do I need a licence to send bulk SMS to my customers? If you aggregate and deliver A2P traffic at scale or provide it to third parties, yes—you (or your vendor) need the appropriate A2P/SMS hub/aggregator authorisation and short code/sender-ID registrations. If you’re only using a licensed aggregator to message your own customers, ensure contracts include DND/consent and complaint SLAs.
We’re an international SaaS platform—can we run a call center from Bangladesh to serve global users? Yes, with the correct Call Center/BPO licence and compliant telecom routes (no grey VoIP). Add data-transfer/processing clauses and security controls if you handle foreign personal data.
Can a foreign company hold an ISP or MVNO licence? Foreign ownership is generally permitted subject to company law, sectoral guidelines, fit-and-proper checks, and any policy caps that may apply. Practically, set up a local SPV, appoint resident directors, and prepare for security vetting.
Do factories really need radio licences for walkie-talkies? Yes. Private radio uses licensed frequencies; you must apply for channels, power levels, and sites. Unlicensed operation risks seizure and interference penalties.
Can we import handsets/network gear without Type Approval? No. Most telecom equipment requires Type Approval, and handsets must align with the national IMEI/CEIR regime. Plan TA 6–12 weeks ahead of shipments to avoid demurrage.
We plan to use LEO satellite broadband at remote sites. What’s required? You’ll need landing rights/VSAT/GMPCS authorisations for the specific constellation, plus Type Approval for terminals and site notices. Coordinate frequencies and follow any local gateway requirements if applicable.
Is grey routing really that risky? Yes—penalties include substantial fines, equipment seizures, and licence jeopardy. Build strong anti-fraud, CLI integrity and route-validation controls, and choose partners with spotless compliance.
The TRW method (how we de-risk and accelerate)
Strategy & mapping — align your business model to the precise BTRC licence(s); structure the Bangladesh SPV; MoA objects; fit-and-proper checks.
Architecture & compliance — design LI, QoS, data retention, KYC, SOC, DR, RF safety, and consumer protection frameworks that pass inspection.
Type Approval & NOC factory — run parallel TA pipelines; model variants; battery/power compliance; shipment-wise NOCs; CEIR/IMEI alignment.
Filings & engagement — compile and file applications, manage queries, frequency coordination, numbering/short code allocations, and PBGs.
BTRC licensing is manageable when you choose the right category, engineer compliance into your network from day one, and run a monthly rhythm of reporting, retention, LI testing and consumer care. Whether you are an ISP lighting up districts, a bank securing short codes, a factory licensing radios, or a global platform building an MVNO, this playbook gets you licensed, launched and operating cleanly—and keeps the regulator, your customers and your partners confident in your service.
Labour Law Compliance in Bangladesh (2025): A 360° Playbook for Employers, HR Heads, and Foreign Investors
By TRW Law Firm — Employment, Industrial Relations & Compliance
Why this guide (and how to use it)
Bangladesh is a fast-growing market with a dense manufacturing base (RMG, leather, light engineering), a huge services sector (retail, logistics, tech), and an increasingly sophisticated regulatory apparatus. Getting labour compliance right isn’t just about avoiding fines: it affects factory approvals, export certifications, banking relationships, due-diligence outcomes, and your ability to recruit and retain talent.
This is a comprehensive, practical manual you can use to set up a compliant operation from scratch, clean up a messy file, or harmonise a multinational’s global policies with Bangladesh Labour Act 2006 (as amended), Labour Rules, and the expectations of DIFE (Department of Inspection for Factories & Establishments), plus allied rules and court guidelines. It is written for both local companies and foreign clients operating in Bangladesh.
Important: specific numbers (rates, timelines, thresholds) can change via amendments, gazette notifications, wage-board awards, and sectoral circulars. Use this as your operating blueprint and confirm current figures at implementation.
The big picture: your compliance architecture
Think in five layers:
Entity & registration layer – getting your basic licences, registrations, and displays right.
People & documentation layer – appointment letters, service rules/standing orders, registers, ID cards.
When these run as a monthly rhythm (not an annual scramble), you reduce inspections risk, speed up bank approvals, and pass audits by brands, donors, and buyers with far less drama.
Part A — Registrations, licences, and the “front door” of compliance
1) Establishment setup & DIFE registration
Every factory or establishment should be registered with DIFE and, where applicable, have a Factory Licence or approval. Keep your licence current, reflecting correct headcount, nature of process, and shift pattern.
Trade licence and TIN/VAT must reflect accurate address and scope; mismatches are a red flag in inspections.
2) Statutory notices & displays
Display in a prominent location: abstract of the Labour Act/Rules in Bangla; weekly-holiday notice; work hours and shift schedules; wage period; standing orders/service rules; name and contacts of first-aiders; emergency numbers; and complaint committee details for sexual-harassment prevention.
For factories, show danger notices on machines and restricted areas; mark exit routes and assembly points.
3) Establishment rules/standing orders
If you employ the statutory minimum number of workers (commonly 50+), you must have certified standing orders or approved service rules covering classification of workers, leave, holidays, attendance, discipline, misconduct, grievance handling, and termination. If you don’t have certified rules, default rules in the schedule apply — but that leaves gaps; draft and certify your own.
4) Registers & returns Maintain, at minimum, the following registers (paper or digital, but printable on demand):
Employee register (with identity, category, date of joining, wages)
Visitors/machine-maintenance logs for OSH. File periodic returns to DIFE as required and keep acknowledgments.
Part B — Hiring, contracts, and worker classification
1) Appointment letters & ID
Issue a Bangla appointment letter on day one in the prescribed format, with: name/ID, designation, place of work, wage structure (basic + allowances), probation period, working hours, weekly holiday, leave entitlements, termination notice, disciplinary code, and benefits.
Provide a photo ID card and collect onboarding documents (NID, bank/mobile wallet for wages, emergency contacts, medical fitness if required).
2) Worker categories
Permanent (after successful probation), probationer, badli (substitute), casual, temporary, and apprentice. Categorisation drives notice periods, benefits, and discipline. Misclassification is a common audit failure.
3) Probation
Usually up to 6 months for workers and longer for technical/supervisory roles (confirm current limits). Put performance expectations in writing and evaluate before the last week of probation.
4) Contractors & agencies
If you use labour contractors, ensure joint and several liability risks are managed: collect contractor registrations, wage records, PF/gratuity status (if applicable), ESI-equivalent arrangements (where provided by policy), and safety training. Keep gate logs of contractor staff and ensure they receive appointment letters and ID.
5) Foreign employees
Obtain work permits and visas through the competent authority (investment authority/line ministry). Observe any local-to-expat ratio policy. Expat contracts should align to local law on working hours, leave, tax withholding, and termination.
Part C — Working hours, overtime, and holidays
1) Hours of work
The typical legal baseline: 8 hours per day, 48 hours per week. Overtime is permitted within statutory limits (weekly and quarterly averages apply). Manage shifts to reflect night work and ensure rest intervals within the working day (meal/tea breaks).
Maintain a weekly holiday (usually one full day). For factories, rotating weekly holidays are acceptable with a duty roster.
2) Overtime (OT)
Overtime is generally paid at twice the ordinary rate of wages (2x). Track OT by machine, line, and department; pre-approve with a written requisition; and show OT on payslips.
3) Festival & public holidays
Prepare a yearly holiday calendar (national days + religious/festival days relevant to your workforce profile). Display it and reflect it in the timekeeping system.
4) Night shifts & women workers
Night shift policies should address transport, safety, and consent protocols. Comply with special provisions related to adolescent and women workers (e.g., limits around late-night work, maternity, and workplace safety).
Part D — Wages, minimum wage, and structure
1) Minimum wage & wage boards
Minimum wages are sector-specific, set by wage boards and notified by the government. Do not rely on generic figures: check the rate for your sector and grade (Grade-1 to Grade-7 or relevant scale). When wages are revised, update basic pay and all linked allowances.
2) Wage structure A common structure includes:
Basic wage (the foundation for OT, leave encashment, termination compensation, gratuity where applicable)
House rent allowance (a statutory or policy-based percentage of basic)
Medical allowance
Conveyance/transport allowance
Tiffin/meal allowance or canteen subsidy
Attendance/shift allowances (where used)
Production incentives or piece-rate elements (must be transparent and not erode basic compliance)
3) Wage period & payment
Keep the wage period at a maximum of one month. Pay wages within the statutory period after the end of the wage month and earlier on termination. Use bank transfer/mobile wallets for transparency and to pass buyer audits.
4) Deductions
Only statutory/authorised deductions are allowed: tax, permitted fines, authorised advances/loans, and contributions to funds. Cap deductions within legal limits and record them in the deductions register with worker acknowledgment for advances.
5) Payslips
Issue itemised payslips every pay cycle showing: basic, allowances, OT hours and rate, gross, deductions (with heads), and net. Payslips must match the wage register.
Part E — Leave, holidays, and maternity
1) Casual & sick leave
Bangladesh practice commonly provides 10 days casual leave and 14 days sick leave per year (confirm current statutory minimums for your industry). Sick leave generally requires a medical certificate beyond short absences. Unused casual leave typically lapses, while sick leave may not accumulate unless your policy is more generous.
2) Annual/Earned leave
Adult workers accrue earned leave based on days worked (e.g., 1 day per 18 days of work in many factory settings; thresholds differ by category — confirm yours). Maintain an earned-leave register. Encashment or carry-forward depends on policy and law; calculate on the average daily wage basis.
3) Festival holidays
Provide festival holidays as notified each year. If the establishment must run on a festival day, give substitute leave and applicable premium pay.
4) Maternity protection
Women workers are entitled to paid maternity benefits for a statutory period (commonly 16 weeks, split 8 weeks before and 8 weeks after delivery), subject to qualifying service (typically 6 months’ continuous service before the expected date). During the postnatal period, no work should be taken from the mother. Keep a maternity register, require medical certificates, and ensure non-discrimination.
Do not terminate or reduce wages due to pregnancy. Failure here attracts severe legal and reputational risk.
5) Special categories
Miscarriage or stillbirth benefits and protections follow statutory rules; build these into your HR manual.
Paternity leave is not yet a uniform statutory entitlement; however, many employers provide 3–10 days by policy — a positive indicator in audits.
Part F — Child and adolescent workers
1) Child labour prohibition
Children below the statutory minimum age cannot be employed. Keep explicit hiring filters and a documented age-verification process (NID/Birth certificate). Inspectors will test you on this.
2) Adolescents (typically 14–18)
Adolescents may work subject to fitness certificates, restricted hours and hazardous-work prohibitions. Maintain an adolescents register, display a notice with their details, and comply with night-work restrictions.
No adolescent should operate hazardous machinery or work in dangerous processes listed in schedules.
3) Apprenticeships
Apprenticeship contracts must be in writing, with structured training, reasonable stipends, and supervision. Apprentices are not a shadow workforce: training plans should exist.
Part G — Occupational safety and health (OSH)
1) Policy & risk assessment
Adopt a written OSH policy signed by the CEO. Conduct risk assessments (machine, chemical, electrical, fire, ergonomics) and update after incidents or process changes.
2) Safety committee
Establish a Safety Committee in establishments above the statutory headcount, with worker and management representatives. Meet at least quarterly, minute actions, and track closure.
3) First aid, medical, ambulance
Keep first-aid boxes with trained first-aiders by shift and floor. Larger units should maintain medical rooms, nurses, and in high-risk sectors, ambulance/arrangements with nearby hospitals.
4) Fire safety
Install fire detection and alarm systems, adequate extinguishers, hydrants/sprinklers where required, clear exits, and emergency lighting. Conduct fire drills per shift; maintain logbooks with participation records. Keep an assembly plan posted on every floor.
5) Machine safety & PPE
Guards on rotating/reciprocating parts; emergency stop switches; lock-out/tag-out (LOTO) procedures. Provide PPE (gloves, eyewear, masks, helmets) relevant to risk, train on use, and replace on wear.
6) Hazardous substances
Maintain MSDS (material safety data sheets) in Bangla/English; ventilate storage; train on spills; keep secondary containment. For boilers/pressure vessels, maintain inspection certificates.
7) Welfare facilities
Canteen: often mandatory above a headcount threshold; where not mandated, provide hygienic meal facilities.
Creche: required for establishments employing a statutory minimum number of women workers (commonly 40+); modern practice is to provide childcare rooms near production areas with trained attendants.
Restrooms & drinking water: segregated, clean, well-lit, with adequate supply.
Shelter/latrines/wash areas: adequate to headcount with cleaning logs.
8) Accident reporting
Record all accidents and near-misses; investigate root causes; file statutory reports for serious incidents; maintain a lost-time injury dashboard for the board and Safety Committee.
Part H — Sexual-harassment prevention (binding court guidelines)
Bangladesh’s highest court has issued binding guidelines requiring every employer to:
Constitute a Complaint Committee with a woman chair and external member(s) where feasible.
Publish a zero-tolerance policy in Bangla and English; train all staff; display posters.
Provide confidential reporting channels (not just line managers).
Protect against retaliation; complete time-bound investigations; and provide remedies ranging from apology and counselling to disciplinary action.
Keep annual statistics (anonymised) for board oversight.
Brand audits and donor projects treat this as non-negotiable.
Part I — Worker participation, unions, and industrial relations
1) Participation Committee (PC)
Establish a PC in establishments with the threshold number of workers (commonly 50+). It is a bipartite forum for productivity, welfare, OSH, and dispute prevention. Keep minutes and action registers.
2) Trade unions
Workers may form and join trade unions subject to registration requirements (typical rule: minimum 20% of workforce membership, though thresholds have changed over time). Employers must not interfere in union formation or discriminate against members.
3) Collective bargaining & CBA
Where a Collective Bargaining Agent (CBA) exists, negotiate in good faith. Record settlements in writing and deposit with the authority where required. Honour check-off arrangements if agreed.
4) Grievance handling
Maintain a formal grievance procedure: written complaint → supervisor/HR review → PC or grievance committee → management decision within a stipulated period → appeal route. Keep a grievance register and resolutions.
5) Strikes/lockouts
Strikes and lockouts are regulated with notice, conciliation, and cooling-off stages. Keep legal counsel involved; maintain essential services and safety.
Part J — Discipline, misconduct, and domestic inquiry
1) Misconduct catalogue
Your service rules should define misconduct (theft, fraud, wilful insubordination, strike without notice, violence, sexual harassment, absence without leave, safety violations, etc.). Avoid vague catch-alls.
2) Due process
Show-cause notice with specifics and time to respond.
Domestic inquiry by unbiased officers; permit co-worker assistance for the worker; allow cross-examination of witnesses; record proceedings.
Speaking order with reasons and proportional penalty (warning, suspension, fine, demotion, dismissal).
For suspension pending inquiry, pay subsistence allowance per policy/law.
3) Documentation
Keep the entire file: complaint, show-cause, reply, inquiry minutes, evidence, findings, order, and acknowledgement. Courts set aside penalties if due process is weak.
Part K — Retrenchment, lay-off, termination, and closure
1) Termination simpliciter
For permanent workers, employers may terminate with notice (commonly 120 days for monthly-rated and 60 days for others) or pay in lieu. Workers with one year+ service are generally entitled to termination compensation (often 30 days’ wages per completed year or part beyond six months).
Pay all dues (wages, leave encashment, OT, allowances) within the statutory timeline.
2) Discharge
Discharge for physical/mental incapacity or continued ill-health after medical assessment; compensation norms often mirror termination compensation.
3) Dismissal for misconduct
After a domestic inquiry that proves gross misconduct, dismissal may be ordered. Compensation rules differ from termination; ensure strict adherence to due process, or risk reinstatement/back wages.
4) Retrenchment (redundancy)
When positions are abolished for economic/operational reasons, use LIFO (last-in-first-out) unless recorded reasons justify deviation. Provide notice, inform the authority/unions where required, and pay retrenchment compensation (commonly 30 days’ wages per year of service).
If the unit recruits for the same role within a defined period, offer re-employment to retrenched workers first.
5) Lay-off
Temporary inability to provide work due to shortage of power/raw materials, breakdown of machinery, or other reasons recognized by law. Pay lay-off compensation per legal formula and record days accurately. Track cumulative lay-off days to avoid disguised retrenchment.
6) Closure
For permanent closure of an undertaking, notify authorities and workers in advance; pay closure compensation (often 30 days’ wages per completed year). Return identity cards, cancel access, and issue service certificates.
7) Settlement agreements
Where disputes exist, record settlements in writing, in clear Bangla and English; include waiver clauses to the extent permissible by law and deposit/notify as required.
Part L — Social security-style benefits: gratuity, provident fund, WPPF
1) Gratuity
Not universally mandatory by statute in all sectors; often established by service rules or collective agreements. When provided, it is typically a multiple of basic wage per completed year of service. Fund it prudently; use actuarial valuation for larger headcounts.
2) Provident Fund (PF)
Establish a PF trust if you choose to offer it (or where required by policy/award). Contributions are typically employer-employee matched at a fixed percentage of basic. Maintain independent trustees, audited accounts, and clear withdrawal rules.
3) Workers’ Profit Participation Fund (WPPF)
Certain companies must establish a WPPF and Welfare Fund, allocating a statutory percentage of net profits each year to workers, a welfare fund, and a benevolent fund. Keep trust deeds, audited accounts, and timely distributions.
4) Group insurance/ESI-equivalents
While there is no universal ESI scheme, many employers provide group life and hospitalisation cover by policy. Buyers increasingly look for medical insurance proof.
Part M — Wages protection, equality, and non-discrimination
1) Equal pay
Ensure equal remuneration for equal work irrespective of gender and avoid discriminatory job ads or criteria.
2) Persons with disabilities
Provide reasonable accommodation (ramps, accessible toilets, seated operations where feasible). Consult the worker and document the accommodation plan.
3) Anti-discrimination & dignity at work
Include caste, religion, ethnicity, disability, pregnancy, union membership in your non-discrimination code. Train supervisors.
4) Wage protection
No unauthorised deductions, no fines without due process and display of rules, no “blank paper” signatures, no retention of original IDs. Payment must be in full and on time.
Part N — Inspections, audits, and dealing with authorities
1) Labour inspections
DIFE may conduct routine or targeted inspections. Keep a compliance room file with copies of all registers, licences, standing orders, wage records, leave registers, OSH logs, and committee minutes. Assign a compliance escort team: HR, Admin, Safety Officer, and an interpreter where needed.
2) Post-inspection
If you receive a notice of irregularities, reply within deadlines with documentary proof and an action plan; close items and request closure confirmation.
3) Brand/donor audits
Beyond the law, global buyers look at working hours/overtime, wage accuracy, child/young worker controls, harassment prevention, and freedom of association. Keep a buyer-audit pack and an improvement tracker.
Part O — Dispute resolution: conciliation to courts
1) Internal resolution
Use the grievance procedure and Participation Committee early. Many issues settle with back wages, re-assignment, or policy clarification.
2) Conciliation
If disputes become industrial disputes, a conciliation officer may attempt settlement. Participate in good faith; prepare a brief with data and options.
3) Labour Court & Appellate Tribunal
For unresolved matters (dismissals, wages, compensation), cases proceed to Labour Court, with appeals to the Appellate Tribunal. Maintain a litigation file with certified copies, inquiry records, payslips, and registers.
Part P — Foreign investors & multinationals: the added layer
1) Global policy localisation
Map your global Code of Conduct, POSH (anti-harassment), Whistle-blowing, and Disciplinary codes to Bangladesh law. Where global policy is stricter than local law (e.g., generous leave, paternity leave), that’s fine; where it’s looser (e.g., termination compensation), tighten for Bangladesh.
2) Contract harmonisation
Use Bangla-English bilingual appointment letters and handbooks. Cross-reference standing orders; ensure notice/compensation clauses meet statutory floors.
3) Supply-chain responsibility
If you rely on suppliers (e.g., in RMG/leather), audit their working hours, wage slips, child-labour controls, WPPF, and fire safety; include corrective action plans and consequences.
4) Expatriate leadership
Train expat managers on Bangladesh-specific rules: OT caps, festival leave, grievance protocol, domestic inquiries, and union engagement. Cultural missteps in discipline are costly.
5) Data & privacy
HR files are personal data; handle per your privacy program (see our PDPO guide). Keep medical and disciplinary files with need-to-know access only.
Part Q — The 30/60/90-day implementation plan
Days 1–30 — Stabilise
Appoint a Labour Compliance Lead and a Safety Officer (if not already).
Verify DIFE registration/licence, trade licence, and displays.
Audit appointment letters, ID cards, and worker classification.
Part V — Frequently asked questions (fast, practical answers)
Q: Do I have to pay overtime on allowances or only on basic? A: Overtime is computed at a premium on ordinary wages; the composition of “ordinary wages” depends on the legal definition and sectoral awards. As a conservative rule, ensure OT is not calculated on a base that undercuts statutory intent. When in doubt, adopt the buyer-friendly approach and document your method.
Q: Is a festival bonus mandatory? A: The law mandates festival holidays; treatment of festival bonuses varies by sectoral awards, settlements, and practice. Many industries pay two festival bonuses annually; if you do, fix the calculation base in policy and be consistent.
Q: We run continuous process operations. Can we work 60 hours a week? A: The Act permits overtime within caps and weekly/quarterly average limits. You must still provide weekly rest and ensure average weekly hours over the quarter do not exceed the legal ceiling. Build a true roster and monitor averages.
Q: Can I dismiss a worker for theft without a domestic inquiry? A: No. Even for gross misconduct, due process is mandatory: show-cause, inquiry, and a reasoned order based on evidence.
Q: Are contractors’ workers our responsibility? A: Yes — regulators and buyers hold principals jointly responsible for many labour standards. Audit your contractors and withhold payments for non-compliance.
Q: What happens if a worker becomes pregnant during probation? A: Pregnancy cannot be used to deny confirmation or terminate; apply maternity protections if eligibility criteria are met, and extend probation only for objective, performance-related reasons unconnected to pregnancy.
Q: Can adolescents work night shifts with consent? A: No — adolescents face statutory restrictions on night work and hazardous processes irrespective of consent.
Part W — TRW’s end-to-end labour compliance package
Labour compliance in Bangladesh is achievable and predictable when you turn it into a monthly operating rhythm: clean contracts and registers, accurate wages and hours, working safety systems, a real POSH framework, and disciplined grievance and discipline processes. Put this playbook in motion for 90 days and you’ll be in the top decile of compliant employers — the place where inspections are routine, audits are boring, and your brand (and margins) are protected.
Data Protection & Privacy in Bangladesh (2025): What Companies—Local & Foreign—Must Do Now
By TRW Law Firm — Technology, Financial Services & Cross-Border Practice (Dhaka & Dubai)
Snapshot (as of September 2, 2025 — Dhaka time)
Bangladesh is on the cusp of a comprehensive data-privacy regime. A Personal Data Protection Ordinance (PDPO) has been drafted/finalized at ministry level; it sets out extraterritorial scope, lawful bases, data-subject rights, breach notification, audits, and cross-border transfer/localization concepts. It has not yet been clearly gazetted into force at the time of writing, but its core design is visible and should be treated as “imminent.”
Cybersecurity laws have shifted. A Cyber Security Ordinance 2025 has been promulgated, replacing the Cyber Security Act 2023; it governs cyber offenses, investigations and powers. Expect overlaps with PDPO around incident handling.
Sectoral rules already bite. Bangladesh Bank’s ICT Security Guidelines and related circulars impose security, cloud and record-keeping obligations on banks/NBFIs; the Digital Bank Guidelines (Aug 2025) require cloud located inside Bangladesh. Telecom/ISP directions from BTRC include extended user-log retention.
Bottom line: Even before the PDPO formally lands, banks, PSPs, fintechs, telcos, platforms, exporters/importers, healthcare, e-commerce, and multinationals already carry concrete security and privacy obligations. Build for PDPO now so you’re compliant on day one.
What the PDPO is expected to require (and how to prepare)
The following reflects features consistently described in official statements and near-final English drafts in circulation. Treat specifics as directional; final text may shift.
Scope & extraterritoriality
In scope: any “data-fiduciary” or “processor” operating in Bangladesh; processing in Bangladesh; or processing abroad that targets or profiles people in Bangladesh (offer of goods/services or monitoring). That includes foreign companies with no entity in Bangladesh but active users there.
Personal data & sensitive data
Broad personal-data definition. “Sensitive personal data” typically includes biometric/genetic, health, religious/political beliefs, union membership, ethnicity, and financial data—triggering stronger protections.
Lawful bases & principles
Familiar principles (fairness, purpose limitation, minimization, accuracy, storage limitation, integrity/confidentiality, transparency). Expect consent, contractual necessity, legal obligation, public interest and similar bases.
Rights & governance
Data-subject rights (access/correction/erasure/portability).
Certain large or “major-importance” data-fiduciaries to appoint a Data Protection Officer (DPO) and undergo independent data audits from an approved panel.
Breach notification
Notify the Authority when a breach risks significant harm, with details of scope, affected data, and mitigation steps. Customer notification may be directed by the Authority.
Cross-border transfers & localization
Expect an adequacy/approval model, with power to suspend transfers and to classify data for local storage (e.g., national security, financial, public-safety datasets). Plan for contracts plus transfer assessments.
Regulator & enforcement
Enforcement via a national data authority with powers to inspect, demand records, order deletions/cessation, and fine. Fines scale with severity; appeal mechanism exists.
Existing obligations you must already meet (today)
Cybersecurity framework (public law): The new ordinance enables investigations, seizures, and sanctions for cyber offenses. For companies, this intensifies your incident-response, log-retention, and cooperation duties with law enforcement.
Banking/fintech (Bangladesh Bank):
ICT Security Guidelines: risk management, access control, encryption, outsourcing controls, secure development, and board oversight are mandatory for banks/NBFIs/PSPs.
Digital banks (Aug 2025): cloud must be in Bangladesh; comply with BB cloud/ICT guidelines; maintain Core Banking controls.
Payment services & partner networks: approval files must include a data-protection policy, consent processes, MIS/internal-control description—these are reviewed by BB.
Telecom/ISP (BTRC): user-log retention requirements; SIM and subscriber governance; lawful-interception cooperation. If you’re an ISP, CDN, or platform with local POPs, align logging/retention with license terms.
Other public rules touching privacy: sectoral procurement rules, RTI exceptions for personal privacy, and health/education record practices. These don’t form a full privacy regime but affect how you handle user data in practice.
Foreign companies operating in (or serving) Bangladesh: what changes
Extraterritorial reach: The draft PDPO catches foreign platforms, SaaS, adtech, marketplaces, fintechs, cloud and BPO providers if they offer services to or profile individuals in Bangladesh—even without a local entity.
Local representative & DPO: Large-scale or high-risk processors will likely need a DPO. Regulations may also require a local representative or enrolment for “major-importance” controllers.
Cross-border transfer controls: Prepare legal mechanisms (contractual clauses/adequacy/approvals), transfer impact assessments, and technical measures (encryption, key control) to sustain BD↔global data flows.
Localization pockets: If you run digital banking, payment infrastructure, or other “critical” functions, assume local hosting may be required—already explicit for digital banks and likely for future “restricted” data classes.
Contracts with Bangladeshi clients: Expect model clauses or PDPO-compliant DPAs, audit rights by the Authority, and data-audit obligations via approved auditors.
A practical compliance blueprint (works now, future-proofs for PDPO)
1) Map your data (30 days)
Records of Processing (RoPA): what personal data you collect in BD; purposes; lawful bases; recipients; retention; locations; processors/sub-processors.
Classify sensitive vs. non-sensitive; identify children’s, financial, biometric/health data.
Tag datasets that are exported and those hosted in BD.
2) Pick your lawful bases & consent models
Draft justification memos for each purpose (consent, contract, legal obligation, etc.). Be strict on marketing/analytics (separate opt-in, easy opt-out).
Sensitive data → require explicit consent or another clearly applicable lawful basis.
Access (RBAC/MFA/least privilege), encryption at rest/in transit, network segmentation, event logging to meet local retention concepts, secure SDLC, third-party risk (due diligence, contract security exhibits), BCP/DR.
Align with Bangladesh Bank’s ICT security baseline; if you’re applying for a digital-bank license, ensure local cloud.
5) Children & special categories
Age-gating and parental consent where services appeal to minors.
Health/biometric/religion/ethnicity → use minimality + explicit consent + impact assessment before rollout.
6) Cross-border transfer governance
Build a Transfer Register listing: data categories, destinations, purposes, legal mechanism (contract/adequacy/approval), encryption & key management (ideally keys in BD).
Draft Transfer Impact Assessments that consider possible adequacy/approval and the Authority’s power to suspend/condition transfers.
7) Data-subject rights (DSR) handling
Single intake channel (web form/email), identity-verification steps, 15–30 day resolution targets (confirm final PDPO timelines), and an appeal/escalation path.
8) Vendor & cloud contracts
DPA exhibit: purpose, instructions, security measures (e.g., ISO-aligned), sub-processor approvals, assistance with DSRs/breaches, deletion/return at end.
Localization clause (if needed): hosting region BD; data export only under an approved mechanism.
9) Breach readiness
Internal “24–72-hour” detection/triage rule; notify the Authority without undue delay if significant harm is likely.
Decide quickly on user notification; coordinate with Bangladesh Bank for regulated institutions; retain forensic images and chain-of-custody.
10) Governance model
DPO (mandatory for defined classes): independent reporting line to CEO/Board; local escalation rights; tracks RoPA, DPIAs, training, and audits.
Board MI each quarter: incidents, DSR volumes, audit status, vendor risk, transfer register, remediation trackers.
Distribution, marketing, HR & product: where privacy risks actually appear
Sales/marketing
Consent for promotional SMS/email; no bundled consent. Maintain a preference center in Bangla/English.
CCTV, access cards, GPS/telemetry on field staff → purpose-limited, with notice, retention caps, and access logs; avoid covert monitoring except where lawful and necessary.
Product & app teams
Privacy-by-design gates in SDLC: threat modeling; data minimization; config to disable PII logging in lower envs; privacy reviews for new analytics SDKs.
Defaults: end-to-end encryption for messaging; masked PII in support tools.
Procurement & finance
DPAs with all processors; ensure banking/BB and BTRC retention/security alignment in vendor SOWs; no uncontrolled offshore support without an assessed transfer mechanism.
Special notes for high-risk sectors
Banks, NBFIs, PSPs, MFS, Digital Banks
Implement the banking ICT baseline; local cloud for digital banks; Core Banking controls; incident/forensic coordination with the central bank.
Telecom/ISPs/CDNs
Logging/retention consistent with BTRC license conditions; identity/SIM governance; data disclosure only under proper legal process.
Healthcare & insurance
Treat health data as sensitive; explicit consent and strict access; audit trails for every read of medical records.
E-commerce & marketplaces
Transparent delivery/return flows; limit KYC to what’s necessary; escrow/shipping partners bound by DPAs; added protections for minors.
Adtech & platforms
Map identifiers (MAIDs, cookies, device prints); run transfer assessments for global ad supply chain; strict controls on data enrichment and sharing.
Cross-border transfers: workable playbook for foreign groups
Pick a lawful mechanism consistent with PDPO’s adequacy/approval approach; implement Bangladesh-specific DPA clauses and transfer assessments.
Engineer technical safeguards: encryption in transit/at rest, key custody in BD, tokenization, differential privacy for analytics.
Limit scope: keep operational PII in BD; export pseudonymized analytics where possible.
Be ready for suspensions: the Authority may order cessation/suspension of foreign transfers; keep a BD-region failover for critical services.
Enforcement & exposure
Administrative fines scale with severity and recurrence; the Authority can order deletion, stop processing, or halt outbound data flows; appellate route exists.
For regulated sectors (banking/telecom), sector supervisors can take parallel action for security/control failures.
90-Day Bangladesh Privacy Implementation Plan
Days 1–30 — Stabilize
Appoint Privacy Lead/DPO-designate; publish a CEO note committing to PDPO-readiness.
Build your RoPA, Data Map, and Transfer Register; tag sensitive and child data.
Issue/update Privacy Policy (Bangla+English) and Breach SOP; align your security baseline with banking ICT guidance or equivalent.
Days 31–60 — Institutionalize
Execute DPAs with all processors; add localization and transfer clauses.
Launch a DSR portal; standardize identity-verification and turnaround times.
Run DPIAs for high-risk products (biometric onboarding, geo-tracking, health/financial profiling).
Draft cookie/SDK governance; switch to consent-based marketing.
Days 61–90 — Assure
Tabletop a data breach and practice Authority notification.
Internal privacy audit (or external readiness check) against PDPO and sector rules; fix gaps.
Board dashboard: incidents, DSRs, audits, vendor risk, transfer inventory, remediation.
Sub-processors: disclosure + approval; flow-down of obligations.
Transfers: lawful mechanism + transfer assessment; stop/suspend on Authority order.
Audit & assistance: allow Authority-mandated audits; assist with DSRs and breaches.
Exit: data return/deletion; verified by certificate.
Breach-notice checklist (internal 24-hour pack)
What happened; when detected; systems/data impacted; individuals affected; encryption status; containment; likelihood of harm; proposed notifications; law-enforcement/regulator contact; remediation; lessons learned.
Privacy-by-Design gate (product)
Data minimization; purpose test; sensitive-data review; default privacy settings; logging; retention; DPIA decision; transfer check; localization feasibility; rollback plan.
FAQs
Is PDPO already in force? Not yet. As of September 2, 2025, government statements and public drafts indicate a finalized draft ordinance with imminent adoption. Build now to avoid a scramble on commencement.
We’re a foreign SaaS with Bangladesh users but no BD entity—are we covered? Yes. The draft applies extraterritorially to services offered to or profiling people in Bangladesh. Expect to appoint a DPO (if classed), sign DPAs, and implement a transfer mechanism.
Can we keep using global clouds? Generally yes with lawful transfer mechanisms and strong technical safeguards—however, some sectors (e.g., digital banks) require local cloud. Future classifications could localize certain “restricted” datasets.
How long do ISPs/platform POPs need to retain logs? Follow your license terms and BTRC directions, which have moved toward extended user-log retention. Confirm the exact durations applicable to your license.
How TRW helps (end-to-end)
PDPO-ready program: privacy policy stack, RoPA/DPIA, DSR workflows, transfer kits, Bangla-first notices and consent UX.
If you engineer privacy into operations now—data maps, governance, contracts, security baselines, and transfer controls—you’ll be compliant on day one of PDPO, smoother with Bangladesh Bank and BTRC, and far more resilient when breaches or audits strike. The window before full adoption is the best time to get this right.
Competition & Antitrust Compliance (2025): Practical Guidance for Bangladesh, Dubai (UAE), and London (UK) — with a Special Section for Foreign Clients Operating in Bangladesh
By TRW Law Firm — Competition, Distribution & Investigations
Why this guide
Whether you sell FMCG across Dhaka and Chattogram, bid on infrastructure in the UAE, or run a London-based marketplace serving multiple regions, competition/antitrust rules govern how you set prices, talk to competitors, design distribution, and close M\&A. Breaches trigger fines, damages claims, criminal exposure (in some jurisdictions), director bans, and deal delays. This field-tested guide gives you an operating manual that works across Bangladesh, Dubai (UAE federal law) and London (UK law)—with an extra, hands-on section for foreign clients trading or investing in Bangladesh.
Thresholds and forms change—use this as a blueprint and confirm current numbers when you file.
Abuse of dominance: using market power to exclude or exploit (unjustified refusals, predation, tying, margin squeeze, discriminatory pricing). Illegal when effects are anticompetitive.
Merger control: some deals must be notified and are subject to a standstill before closing.
Information exchange: sharing future pricing/volumes or detailed customer-level data with competitors (including via a common distributor or trade association) can be tantamount to a cartel.
Dawn raids & leniency: authorities can inspect without notice; first-in leniency can cut penalties dramatically.
Part A — Bangladesh: what businesses really face
1) Framework & institutions
Competition Act creates the Bangladesh Competition Commission (BCC).
BCC pursues: (i) agreements that restrict competition (horizontal cartels; vertical restraints), (ii) abuse of dominant position, and (iii) unfair trade practices with competitive harm.
Merger control: a formal, modern filing regime is developing; for now, BCC attention skews to cartels, bid rigging and dominance issues. Expect increasing scrutiny around consolidations and sectors with price spikes (e.g., commodities, essential goods, logistics).
2) How issues arise in practice (Bangladesh typologies)
Bid rigging in public procurement: cover bidding, bid rotation, identical errors across multiple tenders, “syndicates” around e-GP submission windows.
Distributor coordination: competing brands using the same super-distributor or key wholesaler to exchange future prices/targets (“hub-and-spoke”).
RPM & margin policing: suppliers enforcing minimum retail prices (including on Facebook/marketplaces) through stock threats or rebates.
Trade association “price announcements”: disguised coordination; even “recommended” prices can be unlawful if they influence market behaviour.
Dominance abuses (where market shares and barriers are high): exclusive dealing that forecloses entrants; discriminatory supplies; tying of must-have SKUs to slow-moving ones; loyalty rebates that punish switching.
3) Foreign-investor friction points in Bangladesh
Exclusive import & territory contracts with long terms and hard targets (risk of foreclosure if rivals cannot get access to distribution).
Most-Favoured-Nation (MFN) clauses with major e-commerce or retailers that effectively cap discounting across smaller channels.
Joint procurement/logistics among rivals to “save costs” that drifts into allocation or common price templates.
“No-poach” pacts and wage-fixing between competitor employers—these are treated increasingly like cartels worldwide; avoid them.
4) What BCC expects (practical)
No competitor price talks (even via agents/distributors); clean trade-association agendas; counsel in sensitive meetings.
Documented, pro-competitive rationale for exclusivity, rebates, or selective distribution (quality, investment, free-riding control).
Internal guardrails for tenders: independent bid teams, strict confidentiality, no cross-firm “clarification” calls.
Evidence: price lists, emails, WhatsApp, and spreadsheets are decisive—train people accordingly.
Part B — Dubai / United Arab Emirates (UAE federal regime)
1) Framework & scope
Federal Competition Law (and executive decisions) applies across the UAE (including Dubai). It targets restrictive agreements, abuse of dominance, and economic concentrations (mergers/acquisitions that meet thresholds).
Certain sectors may be exempt or separately regulated (e.g., telecommunications, financial services), and SMEs can enjoy limited relief—verify current positions before relying on them.
2) What the Ministry of Economy looks at
Horizontal conduct: any coordination among competitors (prices, quotas, territories).
Vertical conduct: RPM, exclusivity, territorial and customer restrictions, narrow MFNs. These may be assessable (not per se), but the bar for justifying RPM is high—expect scrutiny.
Dominance: exploitative/exclusionary conduct by firms with strong market power.
Merger control: transactions that create or strengthen market power must be pre-notified if turnover/market share thresholds are met. The regime includes a standstill—don’t close before clearance.
3) Dubai reality checks
Commercial Agencies Law (separate from competition) gives registered agents protections that interact with competition (territorial exclusivity, termination standards). Draft distribution around these realities without drifting into anticompetitive foreclosure.
Franchising & luxury: selective distribution can be fine if objective and proportionate; hard RPM and online sales bans are rarely safe.
Deals: build merger timelines with clearance in mind; data rooms and clean teams are standard when parties overlap.
Part C — London / United Kingdom
1) Framework & enforcers
Competition Act prohibits (i) anticompetitive agreements (Chapter I) and (ii) abuse of dominance (Chapter II).
Enterprise Act covers merger control (voluntary system, but the CMA can “call in”) and criminal cartel offenses for individuals.
The CMA is assertive on cartels, RPM, hub-and-spoke, online restrictions, and killer acquisitions (tech, life sciences). A modern digital markets regime strengthens scrutiny of platform conduct and data advantages.
2) UK hallmarks to internalize
Information exchange: sharing future pricing/strategy, even via a common supplier or retailer, is high-risk.
RPM: treated as a hardcore vertical restriction; monitoring retailers’ online prices and interfering with discounting is dangerous.
Merger control: even below turnover thresholds, the share-of-supply test lets CMA review UK-nexus deals. Plan filing strategy early in cross-border M\&A.
Leniency: first to confess a cartel can earn major reductions; directors risk disqualification/criminal exposure.
Part D — Vertical agreements & distribution: a simple, safe architecture
Design principles across all three jurisdictions
No RPM: prefer recommended prices without pressure, penalties, or monitoring that chills discounting.
Selective distribution: use objective criteria (showroom quality, service standards), allow online sales (quality standards OK), avoid blanket marketplace bans without a quality rationale.
Exclusivity/territory: keep term reasonable, justify with investments/brand protection, include carve-outs (e.g., passive online sales).
Rebates: volume-based is fine; loyalty or retroactive rebates may raise foreclosure risk if you’re strong—model customer lock-in effects.
MFN/price parity: avoid wide MFNs (no cheaper anywhere); narrow MFNs (no cheaper on your own site) still draw scrutiny—use only with justification and sunset.
Data & analytics with retailers: aggregate and anonymize; no access to rivals’ customer-level data via a shared intermediary.
Bangladesh specifics
Keep vertical restraints short and reviewable; don’t use stock threats or rebate clawbacks to enforce RPM.
If you appoint a single national distributor, record the investment rationale (warehousing, cold chain, market-development KPIs) and keep freedom for online passive sales.
UAE specifics
Check agency registrations before rolling out exclusivity; consider non-registered distribution where flexibility is needed.
RPM and tight online restrictions face higher risk—use quality-based e-commerce standards instead.
UK specifics
Treat RPM as presumptively unlawful; any monitoring tools that suppress discounting are a red flag.
Marketplace and advertising restrictions (e.g., PPC bidding limits) must be objectively justified.
Part E — Information exchange & trade associations
Golden rules
Never discuss current or future prices, margins, costs, capacity, customer lists, or strategic plans with competitors.
Trade association meetings: pre-circulated agenda, counsel on call, written minutes; break off if sensitive topics arise.
Benchmarking: only with independent aggregation, aged data, and sufficient participants so no firm-specific insights can be reverse-engineered.
Shared intermediaries (distributors, media buyers, consultants) must not act as “hubs.” Contractual firewalls + training.
Part F — Abuse of dominance: do’s & don’ts
When are you “dominant”? High market share + barriers to entry + dependence of counterparties. The label differs by jurisdiction, but if you are a “must-have” partner or your share is very high, behave like a regulated utility:
Don’ts
RPM + exclusivity that block rivals simultaneously.
Refusals to supply without objective criteria.
Predatory pricing (below cost to eliminate rivals).
Margin squeeze (input price vs. downstream price too tight for rivals).
Unfair discrimination between similarly situated customers.
Tying/bundling must-have products with unrelated ones without technical justification.
Do’s
Publish non-discriminatory criteria for access, discounts, and service levels.
Use cost-based, volume-linked, and transparent rebate ladders.
Keep decision memos explaining objective reasons when cutting off a reseller.
Part G — Merger control triage (Bangladesh, UAE, UK)
Bangladesh: expect a strengthening regime. For now, build competition analysis into deals that concentrate local markets; engage early if overlaps are material.
UAE: many transactions require pre-notification to the Ministry of Economy if thresholds are met. Assume a standstill obligation—no closing or integration before clearance. Plan for data, market definitions, and remedy discussions in concentrated sectors.
UK: the system is voluntary, but the CMA can call-in deals; impose hold-separate orders; and review even global deals with a UK nexus. Model both turnover and share-of-supply tests; make a pre-notification strategy early.
Integration planning
Clean teams for competitively sensitive info.
Gun-jumping training for deal teams (no joint pricing, no customer allocation, no directing each other’s business pre-close).
Stand up hold-separate protocols if the authority orders them.
Part H — Dawn raids & investigations: one playbook, three locations
Be raid-ready in Dhaka, Dubai, and London:
Front desk script: verify IDs, notify Legal/Compliance, escort officials, request a reasonable time to gather counsel.
Scope control: understand the warrant/order scope; track what is copied or taken; assert privilege where applicable.
IT & mobile: stop auto-deletion; IT lead mirrors requested data; avoid obstructing.
Interviews: right to counsel; avoid speculation; correct misunderstandings in writing after review.
Post-raid: litigation hold; internal review; board brief; consider leniency or settlement where appropriate.
Part I — Special section: foreign clients operating in Bangladesh
1) Distributor & agency structures
Keep terms short and reviewable (2–3 years with renewal options).
Avoid absolute territorial protection; allow passive online sales across borders.
Ban RPM; instead, tie bonuses to non-price KPIs (availability, merchandising, service level).
2) Joint ventures & local partners
Clear antitrust clauses in the JV agreement: independent pricing, no exchange of competitively sensitive info beyond the JV perimeter, clean-team rules, and exit triggers for violations.
If the JV lessens local competition, prepare a competition effects memo and stakeholder map (deal strategy, entry barriers, buyer power, efficiencies).
3) Tendering
Train bid teams on no-contact rules with competitors; one bid captain per tender; strict confidentiality; audit trails for all Q\&A with the authority.
Watch for trade association “coordination meetings” around key tenders—decline and record your refusal.
4) Compliance infrastructure
Bangla-first training for field teams and distributors.
Trade-association SOPs; pre-approved agendas; counsel dial-in for sensitive industry topics (fuel, freight, wages).
WhatsApp/e-mail hygiene: no price talks, no “let’s align the market” jokes—screenshots sink cases.
5) When the market is concentrated
If you are a global brand with share leadership, install dominance safeguards now: objective access criteria, published discount ladders, documentation culture for delistings/refusals.
Part J — HR & labor-market restraints
No-poach and wage-fixing agreements among competitors are increasingly treated like cartels (UK already active; UAE/Bangladesh align with global direction).
Legitimate protections: reasonable non-solicit clauses in commercial contracts; confidentiality and IP protections; training-repayment agreements proportionate to actual costs. Avoid horizontal restraints on hiring.
Part K — E-commerce & platforms
Parity clauses: avoid wide MFNs; use narrowly and review regularly.
Data use: don’t use third-party seller data to undercut them while favouring your own label (UK emphasis).
Online RPM: price monitoring tools that punish discounting raise risk—prefer quality standards over price control.
Part L — Quick tools you can copy
1) Sales & BD “never” list (wallet card)
Never discuss prices, discounts, margins, future plans with competitors (including via distributors).
Never fix bids, allocate customers, or rotate tenders.
Never enforce minimum resale prices.
Never share customer-level data with a shared intermediary who also acts for a rival.
If a competitor starts: walk out and email Legal immediately.
2) Distribution checklist (before signing)
Term ≤ 3 years (renewable); no RPM; allow passive online sales; objective performance KPIs; transparent rebates; audit rights for stock/claims; carved-out public procurement if needed.
3) Trade association rules
Pre-cleared agenda; counsel if pricing/capacity topics may arise; minutes; immediate objection & exit on sensitive discussions; no WhatsApp side groups.
4) Clean team protocol (M\&A)
Only clean team sees: future pricing, customer-level margins, pipeline.
Aggregated, anonymized reports to the main team; nothing that would coordinate behaviour pre-close.
Part M — 90-day implementation plan (tri-jurisdiction)
Days 1–30 (Stabilize)
Appoint Competition Compliance Officer; issue CEO note.
One-page Global Antitrust Standard + Bangladesh/UAE/UK addenda.
Present board dashboard (incidents, audits, contract fixes, training rates).
Part N — Investigations, leniency & remediation
If you detect a cartel risk: cease conduct immediately, preserve evidence, and brief counsel. Consider leniency/settlement options (particularly in the UK).
Remediate vertical issues by rewriting policies, withdrawing coercive communications to retailers, and documenting a pro-competitive rationale for any remaining restrictions.
For dominance risks: publish access criteria, rework rebates, and implement a refusal-to-supply SOP with legal sign-off.
Part O — Board dashboard (quarterly)
Training & attestations by function and jurisdiction.
Deal pipeline with merger control flags (UAE pre-notification timelines; UK call-in risk; BD watchlist).
Distribution health: % contracts free of RPM/MFNs; online standards adoption.
Trade association engagements (meetings held; legal attendance).
Complaints & investigations (antitrust topics; time to closure).
Q: Can I stop retailers in Bangladesh from discounting online? A: No. Set recommended prices and quality standards; avoid RPM. Police brand presentation, not price.
Q: We’re one of two big players in a UAE niche—can we run exclusive territories? A: Possibly, with objective rationale and limited duration. Avoid foreclosure of rivals. Review for merger-level effects and seek advice before implementing.
Q: UK retailer asks us to “match competitor’s minimum price.” A: You can choose your wholesale price, but coordinating minimum retail prices is RPM and high-risk. Don’t solicit or enforce minimum retail prices.
Q: Can competitors collaborate on a joint bid for a large Bangladeshi tender? A: Only if genuinely necessary (complementary capabilities, capacity shortfall) and fully documented; keep collaboration to what’s essential, and do not exchange unrelated pricing strategy.
Q: Are no-poach agreements acceptable between two UAE franchisees? A: Treat as high-risk horizontal restraints. Use lawful tools (NDAs, IP, training-repayment) rather than cross-employer no-hire pacts.
Part Q — How TRW helps
Risk mapping & policy suite tailored for Bangladesh/UAE/UK.
Distribution and platform design (selective distribution, online standards, MFN/MAP audits).
Merger control strategy (UAE filings; UK call-in risk management; Bangladesh engagement).
Trade association & tender protocols (agendas, minutes, red-flag scripts).
Competition compliance is operational: how you brief a distributor, how you behave in a trade association, how you structure rebates, how you plan a deal, how you answer a knock at the door. Put these controls in place across Bangladesh, Dubai, and London, and you’ll keep your growth strategy on track—without fines, delays, or reputational bruises.
Bangladesh is a high-opportunity market with a dense web of government touchpoints—permits, utilities, customs, taxation, public procurement, banking, land administration. Those touchpoints create corruption risk for both local and foreign companies. Enforcement pressure is growing (criminal, administrative, debarment, and donor cross-debarment), and global laws (like FCPA/UKBA) can apply to conduct inside Bangladesh if your group has a foreign nexus. The safest path is to engineer anti-bribery controls into the way you sell, buy, hire, build, import/export, and book your numbers.
This guide is a no-nonsense operating manual: the law landscape, the real-life typologies we see, how to design a Bangladesh-fit ABC program, what red flags to watch, and how to investigate and respond when something goes wrong.
Time-sensitive thresholds may change—use this as a practical blueprint and verify any monetary limits when you implement.
Part A — The Legal & Enforcement Landscape (Bangladesh-centric)
Core criminal offenses. Bribery, gratification to and by public servants, criminal breach of trust, cheating, forgery, false accounting, and abetment are prosecutable under Bangladesh criminal laws (including the prevention-of-corruption framework and the Penal Code). “Facilitation payments” (speed money) are not lawful—they are bribes by another name.
Public procurement regime. The public procurement law and rules (including e-GP) govern tenders, eligibility, blacklisting/debarment, conflict-of-interest, and bid integrity. Violations can trigger vendor debarment, contract cancellation, and recovery.
Anti-Corruption Commission (ACC). The ACC is empowered to investigate and prosecute corruption; matters proceed in special courts. ACC can search/seize with process, question suspects, and pursue asset recovery.
Money laundering linkage. Corruption/bribery proceeds commonly qualify as predicate offenses for money laundering, exposing companies and bankers to additional liabilities (KYC/EDD, suspicious transaction reporting, and asset freezing).
Public servant conduct codes. Government servants are restricted on gifts, hospitality, outside employment, private benefits, and must report/hand over certain gifts. Corporate “gifting policies” must be stricter than the public-sector rules to keep you safe.
Corporate & securities overlay. For listed issuers, the corporate governance code and disclosure rules demand related-party control, board oversight, and integrity in books and records. Private companies face board fiduciary duties and fraud/forgery liabilities.
Extraterritorial risk. If your group is listed or headquartered abroad (or pays via a foreign bank), foreign anti-bribery laws can bite—even for payments made wholly in Bangladesh.
Bottom line: Bangladesh criminalizes bribery; there is no legal “small facilitation” exception; false books can be separate crimes; public procurement and donor rules add debarment exposure; and global statutes can piggyback.
Part B — What bribery looks like in Bangladesh (field typologies)
Below are realistic, anonymized patterns we encounter across sectors. Use them to design controls and train your teams.
1) Public procurement & tenders
Kickbacks on award (a percentage of contract value paid via “consultant/marketing” fees).
Bid rigging/cartels: pre-arranged winners, sham quotes from allied firms, identical typos, sequential IPs on e-GP submissions.
Change-order corruption: low-ball bid wins, then inflated variations approved for a cut.
Quality/quantity skimming: inferior materials, short supply, doctored inspection memos.
Syndicates with local political patrons: competitors pressured to abstain; security/intimidation on bid day.
2) Customs, bonded warehouses & logistics
Speed money to clear HS reclassification risks, valuation disputes, or container inspections.
Transit/short-landing manipulation and “lost” cartons to mask over-/under-invoicing.
Bond misuse: duty-free inputs diverted to local market with collusion.
3) Tax & VAT
Audit settlement money disguised as “consulting” with a fixer.
Refunds released against kickbacks; transfer pricing “comfort” arrangements through unofficial payments.
4) Land, utilities & permits
Mutation/land record updates requiring unofficial fees through touts.
Utility connections (electricity/gas/water) with “file movement charges.”
Factory approvals (fire, environment, building) conditioned on “managing” inspections.
5) Healthcare & pharma
Formulary listing & tender favoritism via gifts/trips disguised as “CME” or “training.”
Clinical trial site payments to steer enrollment/approvals.
Hospital procurement: split orders to stay under approval thresholds.
6) Banking & NBFIs
Loan sanction kickbacks, inflated collateral valuations, quick NPL evergreening for a fee.
LC opening and forex allocations driven by inducements; relationship managers using “facilitators.”
7) Education & public institutions
Admissions/recruitment payments; exam leaks; research grant skimming; “honoraria” with no work.
8) Private-to-private (commercial bribery)
Buyer inducements: distributor kicks back part of discounts to the customer’s procurement manager.
Shelf-space and listing fees routed through marketing agencies with sham activation invoices.
Conflict-of-interest: employee’s relative owns a vendor; prices padded.
9) Donor-funded projects
Cross-debarred vendors re-enter under new shells; per-diem fraud; counterfeit attendance.
Audit intimidation: site teams pressured to clear findings.
Part C — The Bangladesh ABC risk map for companies
Build a touchpoint map by function. Here’s a starter template (expand for your business):
Function
High-risk touchpoints
Typical red flags
Sales/BD
Public tendering; discounts; rebates; “agents/distributors”
Demands for cash; “success fees”; vague market development invoices; exclusive agent insists on cash advances
Procurement
Vendor selection; emergency buys; SLA penalties
One-bid awards; repeated rounding; split POs just under approval limits; new vendors sharing bank/phone/email DNA with staff
Logistics/Customs
HS codes; inspections; bond; demurrage
“All-inclusive clearing” fee; third-party asks to be paid in cash; frequent BoE amendments
Finance/Tax
VAT credits; refunds; assessments; TP
Consulting invoices near audit closure; shell advisory firms; missing deliverables
HR/Recruitment
Mass hiring; overtime; per diems
Same contact for multiple candidates; cash reimbursements without receipts; ghost salaries
Land/Permits
Mutation; utility; factory licences
“File movement charge”; middlemen with no LOA; off-site meetings only
CSR/Donations
Grants; sponsorships; political exposure
Beneficiary linked to officials; “urgent” donation near tender dates
Marketing/Events
Conferences; travel; gifts
First-class tickets for public officials; family add-ons; luxury venues with sparse agendas
Part D — Designing an ABC program that actually works in Bangladesh
1) Tone, policy & accountability
Written ABC Policy: flat ban on bribes and facilitation payments; strict rules on gifts, hospitality, travel, donations, sponsorships, and political contributions.
Board & CEO ownership: ABC statement, resourcing, and quarterly metrics.
Local Responsible Officer: a named compliance lead in Bangladesh with escalation rights and direct access to the board/audit committee.
2) Risk assessment (Bangladesh-specific)
Score KYC/third-parties, public procurement exposure, customs intensity, tax disputes, permits, cash intensity, agent networks, and donor-funded business.
Map government touchpoints across the life cycle: incorporation → land → construction → operations → imports/exports → tax → expansion/closure.
3) Third-party due diligence (TPDD) with substance
What to collect: Trade licence, TIN/BIN, ownership/UBO chart, board list, litigation/blacklist checks, references, premises/site visit photos, bank letter (account in legal name), sample invoices, previous principals.
Scoring & approval: Low/Medium/High; enhanced DD for PEP-linked or government-facing roles; contract approval gated by DD result.
Contractual guardrails: anti-bribery warranties, no third-party payments, audit rights, training duty, right to terminate for breach, no success-fee without verifiable services.
Payment discipline: bank transfer only to contracted entity, no cash, milestone-based against documentary outputs (reports, attendance, deliverables).
Public officials: extremely conservative; no cash, gift cards, per-diems; modest refreshments in business settings only; pre-approval for any training/travel with detailed agenda, coach-class travel, pay vendors directly (no cash to attendee), and no sightseeing days.
Private counterparties: sensible, recorded limits; always logged in a Gifts & Hospitality Register; no reciprocal kickbacks (e.g., “placement fees”).
Festivals & events: if you distribute hampers/merch, keep items low-value, logo-branded, and record recipient lists; never to public servants where prohibited.
5) Donations, sponsorships & community spend
No “front” charities. Do CSR only through vetted organizations; verify governance, beneficiaries, deliverables; sign grant agreements with reporting; keep bank proof and photos.
No political donations unless your board adopts a policy compliant with law; if allowed, record meticulously and disclose as required.
6) Procurement integrity
Approved vendor list; segregation of duties (request/approve/receive/pay); random re-tendering; conflict-of-interest declarations; price reasonableness memos; three quotes or justification file.
e-GP preferred for public sector bids; avoid side channels.
Execution: quantity/quality verification by separate teams; photo-evidence with GPS/time stamps; material tests archived; joint measurement books; drone flyovers on milestones.
Commercial: change-order governance; independent price bench for claims; escrow for advance payments.
2) Pharma & medical devices
Ban gifts to prescribers/public hospitals; med-ed grants via institution, not individuals; fair-market-value honoraria with deliverables.
Tender controls: sample custody logs, blinded evaluations, lab test independence.
Samples and HCP travel governed by strict SOPs; no per-diems—pay hotels/airlines directly.
3) Apparel/RMG & consumer
Bonded warehouse compliance monitoring; random carton checks; GRN vs. BoE reconciliation.
Trade marketing spend: pre-approved activation plans, photo proofs, sales-uplift post-analysis; ban cash to store staff.
4) Telecom/ICT
Spectrum/tower permits: only legal fees; maintain full file of applications, fees, notices; centralize all regulator interactions through a small, trained team.
Vendor lock-ins: rotate auditors for site acceptance; no single vendor enjoys exclusive knowledge.
5) Banks & NBFIs
Credit approval: rotation of valuers; independent credit admin; KYC on introducers; whistleblower channel for RM pressure.
Gifts to clients/prospects tightly limited and logged; no political fundraisers.
6) NGOs/INGOs & donor projects
Screen vendors against debarment lists; verify field activity with random back-checks; require GPS/photo audit trails for trainings and distributions; per-diem policy with biometric attendance.
Part F — Red flags: quick-scan matrices you can print
Payments & invoices
Round sums (Tk 50,000/100,000 repeated), vague descriptions, “consulting/marketing” with no outputs, mismatched bank beneficiary names, third-country routing, requests for cash or bearer cheques, split POs under approval caps.
Deal dynamics
“Only one agent can access decision makers,” “urgent” before holidays, “quiet contributions” to “community funds,” insistence on off-site or cash meetings, requests to “top-up” travel per-diems.
People & relationships
Vendor and employee share phone/address/IP; undisclosed relatives; new supplier incorporated days before award; former officials acting “advisors” without clarity.
If two or more flags appear, pause and escalate.
Part G — Investigations & response (when something goes wrong)
Investigate at least one high-risk third-party end-to-end (site visit, UBO, references).
Run a “tender integrity drill” before your next bid.
Present the ABC dashboard to the board (incidents, training, DD status, audit findings, remediation timelines).
Approve incident response plan (ACC engagement, dawn-raid SOP, media protocol).
Days 91–100 — Lock-in
Embed ABC checks into onboarding (vendors, employees, agents).
Set quarterly refreshers and annual certification for staff and Tier-1 partners.
Publish a one-page “Never List” (what the company will not do) in Bangla on every noticeboard.
Part J — Mini clause & checklist kit (copy/adapt)
Anti-bribery clause (short-form)
“The Partner shall not, directly or indirectly, offer, promise, authorize, solicit or accept any undue advantage to or from any person (including any public official) in connection with this Agreement. The Partner shall keep accurate books and records, permit audit on reasonable notice, comply with all applicable anti-corruption and procurement laws, and immediately notify Company of any breach or suspected breach. Company may terminate immediately for breach of this clause without penalty.”
Third-party questionnaire (top items)
Legal name; trade licence; TIN/BIN; registered address; bank account (name must match legal entity); UBO chart; directors/officers; government ties/PEPs; references; past debarments; litigation; past principals; scope of services; success-fee terms; subcontractors.
Gifts & hospitality rules (pocket version)
Never cash or gift cards.
Public officials: no gifts; hospitality only if pre-approved, modest, business-purpose, and paid to vendors directly.
Record everything over a low threshold in the Register.
Family and leisure not allowed on company dime.
Conflict-of-interest declaration (staff)
Do you or your immediate family hold any ownership or roles in a company that supplies us?
Have you received any benefit (cash, gifts, trips) from a supplier/customer?
Any government or political roles?
Sign & update annually.
Tender integrity checklist
Bid/no-bid memo; independence certificate from each evaluator; data-room logs; Q\&A via formal channel only; blacklist & PEP checks on all partners; pricing model locked; post-bid debrief documented.
Part K — FAQs (fast answers for busy executives)
Are “speed money” payments ever allowed if they only expedite something we are entitled to? No. Payments to secure or expedite routine government action are bribes and banned.
Can we fly a regulator or public-hospital doctor to our training abroad? Only if permitted by law and policy, with strict pre-approval: business-only agenda, economy class, pay vendors directly, no per-diems/gifts, and full transparency. When in doubt, don’t.
If a distributor pays a bribe without telling us, can we still be liable? Yes—especially if we were willfully blind or benefited. That’s why TPDD, contract clauses, and audit rights matter.
We inherited a dodgy customs broker—how do we unwind risk? Run expedited DD; re-paper scope and rates; move to a compliant broker; review the last 12 months of BoE/HS choices; self-correct any false declarations and reset the relationship with customs on clean footing.
What if an official demands money and threatens to block us? Refuse; escalate to your local Responsible Officer; document the incident; seek legal routes (supervisor escalation, formal complaint) and consider industry associations for collective engagement.
Part L — What “good” looks like (metrics the board should see quarterly)
Third-party risk: % of high-risk partners with completed DD; # contracts re-papered with ABC clauses; site visit ratio.
Financial red flags: duplicate/round-sum/split payments trend; % invoices with clear deliverables; exceptions resolved.
Incidents & investigations: allegations received, substantiated, average days to closure, dismissals/discipline.
Training: completion rates by function; quiz pass scores; retraining for low scorers.
