On March 7th, the Department of Justice (DOJ) announced a new whistleblower reward program intended to help prosecutors bring more foreign corruption cases. Under the new program, individuals who report corporate misconduct can earn a share of any resulting DOJ forfeiture. This comes on the heels of one of the world’s largest commodity trading firms agreeing to pay about $661 million after admitting to bribing Ecuadorean officials. These events reinforce anti-bribery and corruption laws as one of the significant compliance risks companies face in an increasingly competitive global marketplace.

The Biden administration and its Justice Department have established countering corruption as a core U.S. national security interest, highlighting the threat that global corruption poses to prosperity, competition, and democracy. Violations in 2023 continued to rebound from their COVID slump, with approximately $770 million in fines, penalties, and disgorgement. That trajectory is expected to continue through 2024 and beyond. While companies competing for new markets grapple with surging tariffs, sanctions, and other trade restrictions, the risk of failing to implement compliance programs can increase as well.

Companies with any international operations should ensure they have a robust written policy and compliance program focused on anti-bribery and corruption. Compliance risk touches nearly all industries, including materials, industrials, financials, healthcare, consumer services, energy, and information technology. This is especially true where companies have foreign subsidiaries or engage third parties in foreign countries for sales, consulting, and other activities.

Anti-Bribery and Corruption Laws

Most countries have some form of anti-bribery and corruption laws. The U.S. version is known as the Foreign Corrupt Practices Act (FCPA). All such laws generally prohibit the offering of payments or anything of value to a government official to induce that official to affect any government act or decision in a manner that will assist a company to obtain or retain business. Most violations stem from doing business in countries in Latin America, Asia, the Middle East, and Africa. However, companies should be familiar with the laws in all countries in which they operate. The U.K. Bribery Act, for instance, also prohibits “business to business” bribery, i.e., private sector bribery. Violations of these laws can lead to civil and criminal penalties, sanctions, and remedies, including fines, disgorgement, and/or prison.

The FCPA addresses international corruption in two ways: anti-bribery provisions and accounting provisions. The anti-bribery provisions prohibit U.S persons and businesses (domestic concerns), U.S. and foreign public companies listed on stock exchanges in the U.S., or which are required to file periodic reports with the Securities and Exchange Commission (issuers), and certain foreign persons and businesses acting while in the U.S. from making corrupt payments to foreign officials to obtain or retain business. The accounting provisions require issuers to make and keep accurate books and records and to devise and maintain an adequate system of internal accounting controls. The accounting provisions also prohibit individuals and businesses from knowingly falsifying books and records or knowingly circumventing or failing to implement a system of internal controls.

The FCPA applies to any individual, firm, officer, director, employee, or agent of a company covered by the FCPA and any stockholder (or other owner) acting on behalf of the company. The DOJ and SEC share FCPA enforcement authority. The DOJ is the chief enforcement agency for all criminal and civil enforcement with respect to domestic concerns and foreign companies and nationals. The SEC is responsible for civil enforcement of anti-bribery provisions with respect to issuers.

Anti-Bribery Provisions

In general, the FCPA prohibits giving, promising, offering, or authorizing the payment of money or anything of value to a foreign official in order to influence any act or decision of the foreign official in his or her official capacity or to secure any other improper advantage in order to obtain or retain business.

Foreign official. This includes any person acting in an official capacity on behalf of any government, agency, department, or regulatory authority or any instrumentality, such as state-owned or state-controlled entities. Such state-owned entities can include utility companies, banking and finance, universities and other educational institutions, healthcare and life sciences, telecommunications, and transportation.

Gifts, Travel, and Entertainment. While payments often involve cash, they can include travel expenses or other gifts and benefits, such use of vehicles, vacation homes, or private club memberships. Charitable and political contributions are other pitfalls that can be used as a way to funnel bribes to foreign officials.

Third Parties. The FCPA also prohibits corrupt payments made through third parties or intermediaries. Approximately 90% of all FCPA cases involve third parties. This can include law firms, advertising firms, agencies, suppliers, consultants, sales agents, business partners and others representing the company. Companies should consider a due diligence checklist before engaging with third parties.

Foreign Subsidiaries. U.S. parent corporations may be held liable for the acts of foreign subsidiaries where they authorized, directed, or controlled the activity in question, as can U.S. citizens or residents, who were employed by or acting on behalf of such foreign-incorporated subsidiaries.

Mergers and Acquisitions. Failure to perform adequate anti-bribery and corruption due diligence prior to a merger or acquisition may result in both legal and business risks through successor liability law.

Accounting Provisions

Bribes are often mischaracterized in a company’s books or records as commissions, consulting fees, discounts, or other expenses. The FCPA prohibits such off-the-books accounting. First, under the “books and records” provision, issuers must make and keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect an issuer’s transactions and dispositions of issuer’s assets. Second, under the “internal controls” provision, issuers must devise and maintain a system of internal accounting controls sufficient to assure management’s control, authority, and responsibility over the firm’s assets.

Unlike the anti-bribery provisions, the accounting provisions do not apply to private companies. Even so, private companies should consider invoking these accounting requirements as good housekeeping as part of its compliance program.

Written Policy and Compliance Program

While not a defense to prosecution of corporate misconduct, a robust compliance program can have a direct and significant impact on the terms of a potential resolution. An effective written policy and compliance program plays a vital role in assessing violations and penalties.

Company compliance programs are not one-size-fits-all. An effective program should take into account the company size, type of business, locations of subsidiaries, use of third parties, and the level and type of interactions with foreign officials. For instance, does the company or a subsidiary seek regulatory approvals, permitting, or licensing in a foreign country? Does it conduct research activities? Does it pay commissions to third parties? These are just a few questions to consider when preparing an effective policy.

While each policy should be tailored to the specific company, the DOJ has highlighted the following hallmarks for an effective compliance program:

• Commitment from senior management and a clearly articulated policy
• Code of conduct and compliance policies and procedures
• Oversight, autonomy, and resources
• Training and continuing advice
• Incentives and disciplinary measures
• Third party due diligence and payments
• Confidential reporting and internal investigation
• Continuous improvement through periodic testing and review
• Pre-acquisition due diligence for mergers and acquisitions

Companies should also regularly review their policies in light of any recent developments from the DOJ. One such development is the encouraging of companies to include compensation and personnel policies that incentivize compliance and disincentive non-compliance through such tools as compensation clawbacks. Another is whether the policy covers use of personal devices and third-party applications, like WhatsApp and Signal, to ensure access to and preservation of corporate communications.

While an effective policy is a strong first step in a compliance program, the policy should be communicated at all levels of the company, with ongoing training and auditing.

What Does it All Mean?

Before jumping into FCPA compliance head-first, ask a few questions:

• Does my company have any international operations? If the answer is yes, you should consider that those operations may be subject to the FCPA.
• Does my company already have a written compliance program for anti-bribery and corruption? If not, you need one.
• If your company already has a compliance program, when was the last time it was updated? If it’s been a while, now is a good opportunity to review, revise, retrain, and make all other necessary adjustments.

No one wants to be the next headline touting a multi-million-dollar FCPA penalty.