How-to guide: How to protect your company from violations of the United States Foreign Corrupt Practices Act (USA)

Introduction

This guide will assist in-house counsel, private practice lawyers, and risk and compliance professionals with the steps their organization should take to prevent bribery of foreign officials and to reduce the risk of a US Foreign Corrupt Practices Act (FCPA) violation.

In recent years, global enforcement agencies such as the US Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC) have focused their attention on and coordinated their regulatory efforts regarding anti-corruption enforcement. The DOJ and SEC have put the onus on organizations to develop robust compliance programs, accurately record business transactions, and maintain internal controls to mitigate the potential risks associated with conducting business across borders.

This guide covers the following:

Legal framework
What is the FCPA?
Understanding key terms to the FCPA
Who is covered under the FCPA?
How to protect yourself from third parties under the FCPA
The business purpose test under the FCPA
International fight against corruption
Enforcement of the FCPA
What type of penalties could your organization face under the FCPA?
How to navigate an FCPA investigation: Investigations, mitigation, and remediation
How to protect your organization from violating the FCPA

At no point is this guide a substitute for the actual law, and it should be used only in conjunction with a careful review of the FCPA as amended.

This guide can be read in conjunction with How-to guide: What to include in an FCPA compliance program and Checklists: Anti-bribery and corruption risk assessment and What to include in an FCPA compliance program.

Section 1 – Legal framework

The two federal laws that provide the legal framework for anti-corruption efforts in the US are the Foreign Corrupt Practices Act 1977 (FCPA) and the Securities Exchange Act of 1934.

The FCPA (15 U.S.C. 78dd-1 et seq) was enacted in 1977 in reaction to congressional and public outcry regarding improper payments made to foreign officials by US corporations. It was amended twice in 1998 (the 1998 Amendments), first, to add two affirmative defenses as described in section 10.2 below; and again, to confirm the Anti-Bribery Convention, as described below in section 3.4.

The Securities Exchange Act of 1934 is presently codified at 15 U.S.C. sections 78m, 78dd-1, 78dd-2, 78dd-3, and 78ff. Section 21F of the Act, the so-called ‘’Whistleblower’ amendments,’ allows whistleblowers – people who report an organization’s legal violations to the appropriate authorities - to receive a monetary award of 10% to 30% of any monetary recovery in excess of $1 million obtained by the US government. The whistleblower reports original information to the SEC regarding violations of the anti-bribery and ‘books and records’ or ‘accounting’ provisions of the FCPA. In order for the whistleblower to receive an award, the information provided must result in the successful prosecution of a judicial or administrative action brought by the SEC.

Section 2 – What is the FCPA?

Congress enacted the FCPA in 1977, making the corruption and bribery of foreign officials a crime and imposing civil penalties on organizations and individuals that engage in such behavior. The goal of the FCPA is to promote free markets and ethical business competition.

The FCPA is divided into two sections: anti-bribery provisions and accounting provisions.

2.1 Anti-bribery provisions

The anti-bribery provisions prohibit directly or indirectly offering, promising, authorizing, or paying anything of value to any foreign official in order to obtain or retain business, or to secure any other improper business advantage.

The text of the anti-bribery provisions (emphasis added) is as follows:

‘It shall be unlawful for any Issuer…or for any officer, director, employee, or agent of such Issuer or any stockholder…to make use of the mails or any means or instrumentality of interstate commerce ‘corruptly’ ‘in furtherance of’ an offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give, or authorization of the giving of ‘anything of value’ to –

any ‘foreign official’ for purposes of -
1. (i) influencing any act or decision of such foreign official in his official capacity, (ii) inducing such foreign official to do or omit to do any act in violation of the lawful duty of such official, or (iii) securing any improper advantage; or
2. inducing such foreign official to use his influence with a ‘foreign government or instrumentality thereof’ to affect or influence any act or decision of such government or instrumentality, in order to assist such Issuer in obtaining or retaining business for or with, or directing business to, any person;
any foreign political party or official thereof or any candidate for foreign political office for purposes of –
1. (i) influencing any act or decision of such party, official, or candidate in its or his official capacity, (ii) inducing such party, official, or candidate to do or omit to do an act in violation of the lawful duty of such party, official, or candidate, or (iii) securing any improper advantage; or
2. inducing such party, official, or candidate to use its or his influence with a foreign government or ‘instrumentality’ thereof to affect or influence any act or decision of such government or ‘instrumentality’, in order to assist such Issuer in ‘obtaining or retaining business’ for or with, or directing business to, any person; or
any person, while knowing that all or a portion of such money or ‘thing of value’ will be offered, given, or promised, directly or indirectly, to any foreign official, to any foreign political party or official thereof, or to any candidate for foreign political office, for purposes of –
1. (i) influencing any act or decision of such foreign official, political party, party official, or candidate in his or its official capacity, (ii) inducing such foreign official, political party, party official, or candidate to do or omit to do any act in violation of the lawful duty of such ‘foreign official’, political party, party official, or candidate, or (iii) securing any ‘improper advantage’; or
2. inducing such foreign official, political party, party official, or candidate to use his or its influence with a foreign government or ‘instrumentality’ thereof to affect or influence any act or decision of such government or ‘instrumentality’, in order to assist such Issuer in ‘obtaining or retaining business’ for or with, or directing business to, any person.’

2.2 Accounting provisions

The FCPA’s accounting provisions ‘are intended to operate in tandem’ with the anti-bribery provisions by assuring that an Issuer's books and records accurately and fairly reflect its transactions. S. Rep. No. 114, 95th Cong., 1st Sess. 4, 7. See Section 4.1 below for the definition of ‘Issuer.’

These provisions are also known as the ‘books and records’ provisions. They require organizations to create and maintain sufficient accounting, internal controls and compliance procedures. Additionally, they prohibit organizations from knowingly falsifying books and records.

2.2.1 Wholly owned and majority-owned subsidiaries

The Issuer of wholly and majority-owned subsidiaries must comply with accounting provisions. If the Issuer has less than 50% ownership, the Issuer is only required to ‘proceed in good faith to use its influence, to the extent reasonable under the Issuer's circumstances, to cause such domestic or foreign company to devise and maintain a system of internal accounting controls consistent with [the accounting provisions]. Such circumstances include the relative degree of the Issuer's ownership of the domestic or foreign firm and the laws and practices governing the business operations of the country in which such firm is located. An Issuer which demonstrates good faith efforts to use such influence shall be conclusively presumed to have complied with the requirements of [the accounting provisions].’ See 15 U.S.C. section 78m(b)(6).

Section 3 – Understanding key terms of the FCPA

In order to understand what the FCPA prohibits and how to better protect your organization, you should familiarize yourself with the key terms of the FCPA summarized below.

3.1 ‘Anything of value’

The term ‘anything of value’ includes cash, items of monetary value, gifts, hospitality, transportation/travel, or entertainment. See Checklist: Charitable and political donations and gifts, travel, entertainment compliance.

The determination of what is ‘anything of value’ is fact specific, though examples may be found in case law. Examples of ‘anything of value’ include:

employment of a government official’s close relative;
donations to a charitable organization that benefits a foreign official, such as the outreach program of the church that the governmental official attends; and
providing special favors or benefits if it involves misuse of governmental power or authority, such as providing a government official who is responsible for approving your organization’s land development project with a trip for himself and his family—including travel, accommodations, meals, and entertainment—to see the proposed development site in person and enjoy the surrounding community.

3.2 ‘Corruptly’

The legislative history of the FCPA notes that: ‘The word ‘corruptly’ is used to make clear that the offer, payment, promise or gift, must be intended to induce the recipient to misuse his official position in order to wrongfully direct business to the payor or his client, or to obtain preferential legislation or a favorable regulation. The word ‘corruptly’ connotes an evil motive or purpose, an intent to wrongfully influence the recipient.’ See S. Rep. No. 114, 95th Cong., 2d Sess. 10-11, reprinted in 1977 U.S.C.C.A.N. 4098, 4107-08.

Thus, merely having the intent to pay a bribe is enough to violate the FCPA, and no action is needed to impose liability.

3.3 ‘Facilitation payments’

Facilitation payments are payments made to a foreign government official to use his or her power or authority to perform a ministerial act. They are also known as a ‘grease payments.’

These payments are not considered an ‘improper payment’ if made for a routine or procedural actions that are documented and available to all persons or entities, such as paying a routine fee for expediting a passport application. It is an ‘improper payment’ if meant to induce an official to act corruptly to perform a ministerial act or decision. For example, paying a governmental official an undocumented fee to expedite an application when no such fee officially exists. There is no monetary limit on when a lawful facilitation payment becomes illegal.

3.4 ‘Foreign official’

The term ‘foreign official’ under the FCPA is construed broadly. The term includes:

any elected official or an officer of a foreign government, agency or department
political parties and leaders of a political party;
employees of an ’instrumentality’ of a foreign government, department or agency. ‘Instrumentality’ is fact-specific analysis. See step 3.8 below; and
representatives of public international organizations such as the United Nations. The term was added in the 1998 amendments to conform with the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.

3.5 ‘Improper business advantage’

The 1998 Amendments made it a crime for any person to offer or give money or something of value to a foreign official to obtain business or gain an improper business advantage. Some examples include:

making governmental decisions or performing acts that provide a benefit to the bribe paying company;
awarding government contracts to the bribe payor; and
using governmental power to expedite services or goods despite such service or good not being available to all people or companies.

3.6 ‘Improper payment’

An ‘improper payment’ is corruptly offering or giving anything of value to a foreign official to obtain or retain business. Note that an ‘improper payment’ does not actually have to be made in order to violate the FCPA, it just needs to be offered.

3.7 ‘In furtherance of’

‘In furtherance of’ means that a nexus exists between a person or entity’s use of interstate commerce and the unlawful payment or, if the person is a non-U.S. person or non-U.S., non-Issuer company, between any act within the United States and the unlawful payment.

Typically, this nexus is created using electronic communications for payments, such as by wiring money or other electronic payment methods.

3.8 ‘Instrumentality of a foreign government’

An ‘instrumentality of a foreign government’ is an arm of the government that may appear to be private in nature but is owned or controlled by the government, such as a public hospital. See United States v. Joel Esquenazi, et al., 752 F.3d 912 (11th Cir. 2014). Also see ‘foreign official’ definition in section 3.4, above.

3.9 ‘To obtain or retain business’

The term ‘to obtain or retain business’ is expansively interpreted to include payments intended to influence a broad range of government decisions, including payments to obtain favorable treatment on tax, tariff or customs obligations or to obtain permits to operate in a country to which a person is otherwise not entitled. See United States v. Kay, 359 F.3d 758 (5th Cir. 2004).

3.10 ‘Willfully’

An individual/entity does not have to know that they violated the FCPA, as long as they know they generally violated the law or prohibition on bribery or corruption. See Bryan v. United States, 524 U.S. 184 (1998).

Section 4 – Who is covered under the FCPA?

When determining who is covered under the FCPA, the jurisdictional nexus is construed broadly. Listed below are the types of people/entities that are covered under the FCPA.

4.1 Issuers of securities

All Issuers of securities, which may include officers, directors, employees, agents and stockholders, are obliged to comply with the FCPA. The accounting provisions apply to any Issuers on a public market exchange such as the New York Stock Exchange (NYSE) or similar US public market for listing securities of a company, including the American Depository Receipts (ADRs) of a foreign Issuer.

4.2 Domestic concerns

Domestic concerns are those whose principal place of business is in the United States or is organized under the laws of the United States. They include US citizens, nationals, and residents, and U.S. entities located or registered under US law, including all employees regardless of their nationality. See, eg, United States v. Hoskins, 902 F.3d 69 (2d Cir. 2018) for a discussion of ‘domestic concern.’

4.3 Other foreign nationals or entities

If an act ‘in furtherance’ of a corrupt payment is made inside the US by other foreign nationals or entities, these are subject to the anti-bribery provisions of the FCPA. Use of interstate commerce may qualify as an act in furtherance of a corrupt payment to impose FCPA liability. This includes the relevant actions of officers, directors, employees, or agents (third parties) of foreign nationals or entities.

Section 5 – How to protect your organization from third parties under the FCPA

Under various theories of the ‘conduct of others,’ companies can be held liable for the acts of third parties. See United States v. Kozeny, 664 F. Supp. 2d 369 (S.D.N.Y. 2009).

It is important to understand the following:

who a third-party is;
how your organization can be liable for a third-party;
what the DOJ focuses on; and
what you can do to protect your organization.

5.1 Who is considered a third-party?

Third parties include, but are not limited to: agents, brokers, consultants, distributors, resellers, contractors, subcontractors, customs or shipping agents, licensing or permitting agents, and joint ventures. Please note this is not an exhaustive list, but rather examples to illustrate the breadth of who is considered a third-party. Note that categorizing a third-party with whom your organization does business as an ‘independent contractor’ is not sufficient to shield your business from FCPA liability.

5.2 How is your organization or an individual liable for the actions of a third-party?

Generally, actions of a third-party are imputed to the principal, which means that prosecutors need not prove the company’s corrupt intent or independent knowledge. Prosecutors will look at the level of control the company has over the third-party's actions. See How-to-guide: How to protect your organization from third-party liability under the FCPA.

5.3 What does the DOJ focus on?

When analyzing whether an organization’s management of the third parties that it engages is compliant, the DOJ focuses on the following:

Is the management process appropriately tailored to the specific level of risk posed by a third-party?
How has the company ensured that there is a valid business need for the use of the third-party?
Did the company implement mechanisms to ensure that:
- the contractual terms clearly describe the services to be performed and the location where (e.g. statements of work and territories where work is to be performed);
- the remuneration is appropriate;
- the work meets or exceeds satisfactory performance; and
- the compensation is commensurate with the third parties’ obligations?
How does the company monitor and maintain control over the third parties it engages?
Does the company have audit and/or inspection rights to analyze the books and accounts of such third parties, and has it exercised those rights in the past?
Does the company train its third-party relationship managers about compliance risks and how to manage them effectively?
What is the company's process for terminating or off-boarding third parties, and how does it ensure that risks are mitigated during this phase?
How does the company handle red flags or indications of misconduct by third parties once they are identified?

5.4 How an organization can ensure third-party management compliance

An organization should carefully consider and analyze how it compensates and incentivizes third parties, to ensure compliance with laws, regulations, policies and procedures.

See How-to-guide: How to protect your organization from third-party liability under the FCPA for more information. See also the Additional resources section below.

Section 6 – The Business Purpose Test under the FCPA

In United States v Kay and Murphy, 359 F.3d 738 (5th Cir. 2004), the court established the ‘Business Purpose Test’ under which the payment or offer must be made to assist in ‘obtaining or retaining business for or with, or directing business to, any person.’ Please see examples of actions taken to obtain or retain business on page 12 of the FCPA Resource Guide.

Section 7 – International fight against corruption

Businesses of all sizes seeking growth in foreign jurisdictions are subject to local anti-corruption laws that prohibit the bribing of foreign officials. It is important to note that almost all countries prohibit bribing government officials, but some enforce such laws more vigorously than others. Internationally, countries are joining the fight against corruption by signing international conventions to actively pursue enforcement worldwide. Examples of international conventions to prevent corruption include:

United Nations Convention Against Corruption (UNCAC).
The Organization for Economic Cooperation and Development (OECD)'s Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, known as the ‘Anti-bribery Convention for member countries to enact to combat corruption'.

Section 8 – Enforcement of the FCPA

The DOJ and the SEC share dual enforcement powers under the FCPA as follows:

Agency	Department of Justice (DOJ)		Securities and Exchange Commission (SEC)
Person	Issuers	Domestic concerns	Issuers
Type of Enforcement	Criminal	Criminal and Civil	Civil

8.1 Civil liability

Scienter, or knowledge, is not required for imposition of civil liability. However, inadvertent errors are not sufficient to trigger action by SEC or DOJ. For example, a businessperson meets a stranger in a bar. The businessperson buys the stranger a drink and they begin talking. During the conversation, the businessperson expresses frustration that a local government office is holding up his or her company’s request for a permit. Later, the businessperson finds out that the stranger is actually the government official handling the organization’s permit request. Is the drink purchased for the official by the businessperson considered a bribe? No, the purchase of the drink would be considered an inadvertent error not sufficient to trigger FCPA liability. Note, however, that the businessperson should not continue to discuss the issue or buy the official any more drinks after the relationship comes to light.

8.2 Criminal liability

Criminal liability is limited to instances where a person knowingly or willfully falsifies any book or record. See 15 U.S.C. sections 78m(b)(5) and 78ff(a).

8.3 Other government entities and agencies

While the DOJ and SEC share in providing guidance and enforcing the FCPA, other government entities and also assist. The DOJ has an FBI group from the FBI International Corruption Unit that provides investigatory assistance. The Department of State and Department of Commerce also provide support. See section on additional resources at the end of this guide for more information.

Section 9 – What type of penalties could your organization face under the FCPA?

Penalties under the FCPA can be levied against individuals and/or companies depending on the type of violation as follows:

Penalty type

Individual penalties

Company penalties

Type of violation

Anti-bribery

Accounting

Anti-bribery

Accounting

Potential penalties

Up to $250,000 and/or imprisonment up to five years

Up to $5,000,000 and/or imprisonment up to twenty years

Up to $2,000,000

per violation

Up to $25,000,000 per violation

Other sanctions, such as administrative penalties or an increase in penalty, may also be imposed.

Administrative penalties include, for example, debarment from government contracts.
Under the Alternative Fines Act, 18 U.S.C. section 3571(d), fines may be increased to twice the gross financial gain or twice the gross financial loss to any other person or entity if the facts supporting the increased fines are included in the indictment and either admitted to in a guilty plea or proved beyond a reasonable doubt at trial.

These are the statutory maximum penalties. Actual penalties can vary widely depending on the specifics of the violation, cooperation with authorities, the existence of an effective compliance program, and other mitigating or aggravating factors. Civil penalties can also be levied in addition to these criminal penalties.

Section 10 – How to navigate an FCPA investigation: Investigations, mitigation, and remediation

If a company or individual has received a hotline tip or an inquiry from an enforcement agency, the process may proceed in one of several ways depending upon whether the notification of a potential violation came internally or from an enforcement agency. Regardless of the source, your organization should conduct its own internal investigation. Should such investigation reveal potential FCPA violations and, thus, potential charges and/or penalties, there are some mitigation and remediation measures, such as asserting affirmative defenses and making voluntary self-disclosures, that can be undertaken right away.

10.1 Internal investigations

Investigations of potential employee or third-party misconduct usually begin with an internal investigation of the alleged offending employee(s) and/or third-party agent(s) by in-house or outside counsel.

Employees, relationship managers, and other personnel should act as your organization’s eyes and ears when it comes to misconduct by another employee or third-party.

Additionally, your corporate whistleblower hotline for anonymous tips may lead an internal investigation to review domestic or foreign news reports and social media may reveal a red flag or that corrupt activity has taken place.

Your organization should act immediately to preserve any information and secure access to emails, telephone calls, relevant data, invoices, calendars, personnel (whether internal or external), and other relevant information as best as possible.

Finally, counsel should encourage his or her organization to take precautions if they are unable to secure third-party cooperation. For example:

exercise contract rights including termination, request indemnification for damages, and claw back previously paid monies;
bar the individual or third-party from future work, subject to FCPA compliance; or
suspend or remove the party from involvement in organization activity related to the transaction and prevent that individual from working in other areas where compliance with laws is necessary.

See How-to-guide: How to protect your organization from third-party liability under the FCPA.

Make sure to document every step taken along the way including efforts made to obtain third-party cooperation.

10.2 Affirmative defenses

If your organization is ever faced with a potential FCPA violation, assess whether you can assert one or both of the existing affirmative defenses to an alleged FCPA violation which were added by the 1998 Amendment. The accused bears the burden of proof when asserting affirmative defenses. The two affirmative defenses provided for in the FCPA are:

that the payment was lawful under the written laws of the foreign country (the ‘local law’ defense); and
that the money was spent as part of demonstrating a product or performing a contractual obligation (the ‘reasonable and bona fide business expenditure’ defense).

But see, eg, United States v. Kay, 359 F.3d 738, 756 (5th Cir. 2004) where the Court stated that

by narrowly defining exceptions and affirmative defenses against a backdrop of broad applicability, Congress reaffirmed its intention for the statute to apply to payments that even indirectly assist in obtaining business or maintaining existing business operations in a foreign country.

10.2.1 Local law defense

The local law defense applies when a payment was lawful under the written laws of the foreign country at the time of the offense.

However, absence of law is not a defense. See United States v. Kozeny, 664 F. Supp. 2d 369 (S.D.N.Y. 2009), where local law defense could not be applied because there was no express written law allowing for the bribe.

10.2.2 Reasonable bona fide business expense defense

The reasonable bona fide business expense defense applies when money is spent as part of promoting, demonstrating, or explaining a product or performing a contractual obligation. Examples of what is allowed includes: travel and expenses to visit facilities, for training and for meetings.

See Checklist: Charitable and political donations and gifts, travel, entertainment compliance.

10.3 Voluntary self-disclosure

Consider whether to disclose the violation to the proper enforcement authorities. Both the DOJ and SEC encourage businesses to self-disclose known violations. Note that the number of organizations who self-report violations is very low, but that under the US Sentencing Guidelines, organizations will be credited with self-reporting in the penalty phase of a case if a violation has been found.

10.4 Resolving investigations

After conducting an internal investigation that results in findings of a potential violation, or if an organization received an inquiry from an enforcement agency, in-house counsel should consider whether to cooperate with the DOJ or the SEC.

Organizations that opt to cooperate with the enforcement agencies usually provide them with any information available regarding the misconduct so as to obtain a favorable settlement.

10.5 Deferred Prosecution Agreements (DPA) and Non-Prosecution Agreements (NPA)

A deferred prosecution agreement and a non-prosecution agreement are both options for settlement with the DOJ and/or SEC in an FCPA investigation.

10.5.1 DPA

A deferred prosecution agreement is an unofficial probation which allows a company or entity facing a FCPA violation to defer its plea based on the agreement.

10.5.2 NPA

A non-prosecution agreement is a declination to prosecute because no violation is found or because, according to the DOJ, the company took all appropriate steps such as investigating, self-reporting, fully disclosing, and remediating the issue.

Your organization can make these agreements with the DOJ and/or SEC to mitigate the amount of penalties and damages assessed for an alleged violation.

Note that if your organization is entering into a plea, non-prosecution, or deferred prosecution agreement, you may be required to retain a ‘Corporate monitor’, which is someone hired by the defendant and agreed to by the DOJ, to oversee your organization’s FCPA mitigation and remediation efforts. Corporate monitors help to prevent, detect or report any additional misconduct.

For public organizations, particularly government contractors that do business with the US or foreign governments, there are additional potential consequences stemming from a conviction or plea, such as suspension or debarment, which may impose greater penalties or more consequential damage than the FCPA violation penalty itself.

Section 11 – How to protect your organization from violating the FCPA

There are several ways to protect your organization from potential FCPA violations. While the FCPA does not explicitly mandate that organizations perform any specific act or due diligence with respect to international business and third-party associates, or with respect to acquisitions of new business entities, the DOJ and SEC make several recommendations for organizations to follow. The amount and extent of due diligence to be performed is left to the judgment of each organization.

Organizations should keep in mind that enforcement agencies will closely scrutinize the amount of due diligence conducted by them to determine if, in hindsight, reasonable steps were taken to prevent a FCPA violation. Numerous DOJ recommendations that will help educate persons and companies subject to the FCPA can be found in the various Opinion Releases, statements on enforcement policy, and guides issued related to corporate compliance programs. All materials are in the additional resources section below, with some pertinent points outlined here.

11.1 Corporate compliance program

The most important way of protecting your organization from a potential FCPA violation is to create and implement an overall FCPA compliance program, consisting of policies on risk assessment, due diligence, third-party engagement, gifts and travel, and donations.

In 2017, the DOJ issued compliance program guidance for organizations to follow in order to prevent and detect possible violations. See Additional resources below and How-to-guide: How to protect your organization from third-party liability under the FCPA and Checklists: Anti-bribery and corruption risk assessment, What to include in an FCPA compliance program, Charitable and political donations and gifts, travel, entertainment compliance, and What to include in an FCPA compliance program.

The DOJ requires organizations to institute the following:

11.1.1 Culture

Senior management should communicate to employees through their words and actions that compliance with laws is essential to the organization’s overall ethical conduct.

11.1.2 Compliance policies and procedures

Organizations should issue and make readily available detailed, documented, effective policies and procedures, and should ensure that they are communicated to all applicable employees and third parties. See DOJ FCPA Opinion Release No. 10-02.

11.1.3 Continuous or periodic program evaluation processes (monitoring and review)

Organizations should audit the program regularly and continuously (through an internal or external audit function), including all sub-policies and procedures, perform tests on processes, and improve procedures if weaknesses are discovered or there are changes in applicable law.

11.1.4 Education and training

Organizations should annually educate and train their employees and agents (third parties) in compliance matters. Third parties should be trained at the beginning of their engagement with the organization. In the training and education program, mention that all employees and third parties should receive certificates of completion for all training they receive. The certificates are important to create a paper trail of compliance and to document an additional step in the overall FCPA analysis.

11.1.5 Due diligence

Organizations should always perform due diligence on the various categories of third parties before engaging or renewing them. Due diligence should also be conducted prior to a merger or acquisition. See Checklist: FCPA due diligence of third-party intermediaries. A best practice is using technological methods to conduct continuous due diligence in order to be aware of issues that may arise between contract renewal and engagement.

11.1.6 Risk assessments

Organizations should conduct effective risk assessments and have related written procedures in place to help identify potential issues (such as red flags) on an ongoing basis and to mitigate such risks. See Checklist: Anti-bribery risk assessment.

11.1.7 Hotline

Organizations should set up a means by which employees and others may voluntarily provide tips on potential misconduct. These tips should be documented thoroughly and immediately reported up the chain of authority within the organization so that the proper personnel may follow up, including launching an internal investigation, if necessary. Organizations should ensure that any employee who files a report is subjected to any retaliation for making such a report in good faith.

11.1.8 Employee discipline

Organizations should have clear, written disciplinary procedures which provide for disciplinary measures proportionate to the severity of the violation, up to and including termination. The procedures should be carried out equally and consistently throughout the company, without regard to the position of the violator.

11.1.9 Donations and gift, travel and entertainment giving policy

Organizations should implement a gift giving, travel, and entertainment policy to use in assessing whether a specific payment is appropriate. See Checklist: Charitable and political donations and gifts, travel, entertainment compliance.

11.2 Contract drafting and management

The second most important method for protecting your organization from a potential FCPA violation is the use of contracts. Draft agreements with clauses and provisions designed to protect your organization and to prevent violations.

For example, if practicable, all third-party agreements should include the following:

compliance representations and warranties;
indemnifications corresponding to representations and warranties;
limitations of liability;
audit rights;
clawback rights; and
termination rights.

See How-to-guide: How to protect your organization from third-party liability under the FCPA for more detailed information.

11.3 Obtain an FCPA Opinion through the DOJ

The DOJ administers an FCPA review procedure that allows Issuers or domestic concerns to request a statement of the DOJ's official view about whether certain activities are likely to trigger a prosecution or other enforcement action. The specified procedures are located at 28 C.F.R. section 80.1 et seq. The procedures and opinions are available here.

Please note that obtaining a DOJ FCPA Opinion creates a rebuttable presumption that the intended conduct complies with the FCPA, as long as the request for the opinion is signed by a senior officer of the company, full and true disclosure including all documents is made and all relevant and material information is provided.

11.4 Use data analytics

A relatively new method of compliance incorporates the use of data science and analytics. Companies have access to large amounts of internal data to use in the detection and prevention of improper conduct and continuous monitoring as part of their compliance program. By using various tools and techniques to analyze data companies may be able to prevent or detect improper conduct.

Compliance and personnel responsible for internal controls should make use of this data to timely and effectively monitor and or test the company policies, procedures, internal controls and transactions.

Organizations should ensure that all personnel involved in risk management and compliance have access to all relevant data sources to continuously monitor the effective functioning of the compliance program.

Additional resources

Report an FCPA violation: email: [email protected]
Department of Justice and Securities and Exchange Commission

FCPA: A Resources Guide to the U.S. Foreign Corrupt Practices Act – July 2020

Department of Justice

Evaluation of Corporate Compliance Programs (Updated September 2024)
Corporate Enforcement Policy
Criminal Section
- Justice Manual (includes FCPA in different languages, opinions, and agreements)

Securities and Exchange Commission

United States Sentencing Commission Guidelines Manual
Department of Commerce

Filed under

Topics

Organisations

Laws

Foreign Corrupt Practices Act 1977 (USA)