Cookie Notice: This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our privacy statement for more information on how we use cookies.


The Foreign Corrupt Practices Act (FCPA)

The Foreign Corrupt Practices Act (FCPA)

It's more than just bribery and the consequences are serious.

Globalization has allowed for the geographic expansion of corporate borders to happen quickly, and it often takes time for the infrastructure to catch up. As a result, many businesses routinely:

  • Operate internationally in countries with a high level of perceived corruption based on Transparency International ratings
  • Utilize agents, distributors, or intermediaries that they have no prior dealings with
  • Acquire and integrate new international operations to drive market growth

But this is business as usual for many of us, right?

With the SEC’s recent announcement of a settlement with Walmart for violation of the Foreign Corrupt Practices Act (FCPA), it is a good time for companies doing business internationally to evaluate their business operations and ensure compliance with all aspects of the FCPA. When most people think of the FCPA, they assume that it applies only to the payment of bribes and that the SEC pursues violations like those committed by MobileTeleSystems. However, as was the case with Walmart’s violation and subsequent $282 million in penalties, companies can also be held liable for “failing to operate a sufficient anti-corruption compliance program.” This is because the FCPA has two provisions: Anti-Bribery and Accounting.

In order to avoid being on the wrong end of an SEC enforcement action, there are key issues to address. And in addressing them it is important to focus on the risk being mitigated, the reasonableness of the solution, and the effort required for implementation.

Who is subject to the FCPA? Basically, everyone …

  • Companies that issue securities on a US exchange
  • Any director, officer, employee, stockholder, or agent of a publicly-traded company
  • US domestic concerns (individuals, private corporations, partnerships, trusts, etc.)

Where does the risk arise and how do I determine the level of risk?

Risk exists. It cannot be eliminated but there should be an active process in place to identify and assess it (managing and monitoring come next). Internal policies, procedures, and oversight will help to identify tactical and strategic risks, whether they are driven by an individual transaction or region-wide operation. As the comprehensiveness of policies and procedures goes down and as transactional value goes up, the risk of corruption increases. The most common areas for violations to originate include:

  • Third-party vendors or agents
  • Cash payments
  • Expense reimbursements
  • Political contributions
  • Gifts and entertainment
  • Fees required by non-US government regulators (visas, licenses, customs duties, taxes, etc.)
  • Regulations requiring the use of local sponsors or partnerships with local suppliers/service providers

What steps can be taken to manage and mitigate the risk?

The key to an effective anti-corruption program lies in clearly identifying the corruption risks you face and what the industry best practices are from a legal/compliance perspective, as these will likely be in line with what is expected by regulatory authorities. Once you have the mitigating options available, they can be tailored to match the identified risk profile and to allocate resources effectively and efficiently.

What is the best way to develop compliance policies and procedures that address international operations and can expand quickly?

Compliance program policies and procedures need to be dynamic to adapt to new situations or to incorporate best practices from lessons learned. Companies should address the following compliance areas:

  • Training and certification
  • Internal compliance resources
  • Defined process for the internal reporting of issues
  • Process for the initiation and completion of internal investigations and the implementation of changes arising from results
  • Monitoring, testing/auditing, and updating policies and procedures
  • Procedures to formally document, address, and report violations (if warranted)

What is the best way to manage third parties that are not subject to internal controls?

Third parties are a large risk because the reduced oversight limits the effectiveness of internal controls, which can offer numerous avenues for the avoidance of detection. Because of this, it is important that all third parties undergo rigorous due diligence before contracting, that contracts include FCPA or anti-corruption provisions, that the relationships are actively managed to identify red flags, and that all issues raised are investigated and resolved.

What if an FCPA violation is suspected?

Assuming a robust compliance program, regulatory authorities will expect a thorough internal investigation so that a company can provide the information necessary to assess the potential violation. This will include, but is not limited to:

  • What, if any, payments were made?
  • Who were the payments made to, who were they made by, and who was aware of them?
  • What benefit was received in return for the payments?
  • What policies were in place to prevent the violation, how did the payments pass through the controls, how were they identified, what revisions need to be made to prevent recurrences?
  • Is this an institutional issue or an isolated issue?
  • If disclosures need to be made to comply with regulations, what are they (US and local)?

Companies and their insurers alike cannot turn a blind eye to the realities of international trade. In many countries, corruption is an accepted aspect of the culture and it will be encouraged, tolerated, or ignored. But with that in mind, make sure the policies and procedures in place address not only your current operational risks but those that are a part of your 3- or 5-year strategic plan. Consider the following:

  • Third-party due diligence processes
  • FCPA training
  • Assessment of policies and procedures
  • Risk assessment and mitigation
  • Internal control testing
  • Documentation of and reporting on potential violations

Keep up with the latest research and announcements from our team.
person Created with Sketch. Directory