Decision 599 of August 2018 outlines the corruption risk management methodology for the Romanian central government. Despite the Romanian government's efforts to adopt a standardised methodology for corruption risk management, its implementation has been uneven, with varying levels of adoption.

This report focuses on the challenges faced in implementing the corruption risk methodology from a behavioural perspective and proposes concrete avenues to increase its adoption. It follows the BASIC methodology developed by the OECD (BASIC stands for Behaviour, Analysis, Strategy, Intervention, Change), a five-step methodology that provides guidance to policymakers on the steps to apply behavioural insights systematically when designing policy interventions. Across several ministries, the OECD conducted interviews and reviewed corruption risk registries through a behavioural lens.

As a result of Romania's National Anti-Corruption Strategy (NAS), Decision 599/2018 outlines a methodology for assessing and managing corruption risks, along with a standard approach for evaluating integrity incidents. The framework aligns with established good practices recommended by the OECD and other international organisations.

Based on the interviews and focus groups, the OECD developed a behavioural flowchart to illustrate the explicit and implicit steps required to manage corruption risk. Despite following international standards and being apparently clear, the flowchart evidences that the methodology is de facto cognitively demanding and time-consuming. In addition, public managers typically lack the required expert knowledge; attempting to transform all public managers into anti-corruption experts would not be efficient.

This complexity of the methodology, along with its cognitive and time demands, leads to the following challenges that in the end undermine the effectiveness of corruption risk management in practice:

• The first step to manage corruption risks is to identify the context where the risks may materialise. The Romanian methodology does not provide a clear definition of how to identify this context, however, leading authorities to identify corruption risk contexts using different criteria. This leads to not homogenous assessments which is making it difficult for authorities to compare their practices and for the Technical Secretariat of the NAS to provide meaningful feedback. Moreover, poorly identified risks create problems when designing meaningful intervention measures.

• The complexity of assessing the likelihood and impact of risks may lead the internal working group members, who are in charge of leading the risk assessment at entity level, to use mental shortcuts (“heuristics”) and overlook important information needed to correctly assess the identified risks.

• Intervention measures recur to “easy solutions”, such as recommending more trainings, and are designed without following a clear theory of change and an action plan. Indeed, many of the reviewed corruption risk registries suggest unspecified intervention measures. In addition, most interventions lack specified implementation timeframes and a clear verification method.

To address the challenges identified, this report provides the following recommendations aimed at empowering and supporting public managers in view of increasing the de facto adoption of the corruption risk management methodology:

• Redesign the risk registers to include intermediate indicators for intervention measures to guide public officials in the process of thinking why a specific intervention measure is supposed to generate the desired impact. This would increase working group members' opportunities to learn from the progress made in implementing the measures to control the identified risks and reduce the risk of falling back to easy solution that do not respond to the identified risks.

• Design a user guide for the adoption of corruption risk methodology in Decision 599/2018 that helps working group members learn from best practices and examples. Interviewed public managers were stating that more guidance to them is needed. The guide should include a step-by-step manual on how to design intervention measures using a theory of change.

• Develop a web-based application to guide the management of corruption risk that offers easy access to historical information on corruption incidents and intervention measures. Such an application can at the same time provide automated guidance and reduce the cognitive burden for public managers. A web-based application developed by the Romanian Ministry of Internal Affairs serves as an example of how this tool could be adapted to fit all central authorities in Romania.

• Establish a dedicated unit or person within each ministry to steer and assist the working group in managing corruption risks. All public managers cannot become experts in corruption which is why they require support. Cases from the Ministries of Energy and the Ministry of Internal Affairs could provide an example of how to implement this unit or dedicated person.

Finally, the report provides guidance on how such an intervention could be tested in an experimental setting, on how to implement the flowchart tool to map behaviours and the complexity of processes such as the corruption risk management methodology, and on basic elements of a communication strategy to raise awareness of the relevance of corruption risk management.