Understanding FCPA Compliance: How to Protect Your Business

The stakes are high for everyone when it comes to the U.S. Foreign Corrupt Practices Act (FCPA). The FCPA prevents bribery and corruption in international business dealings, and the consequences for non-compliance can range from hefty fines to criminal charges.

Compliance with the FCPA isn't something to take lightly. By understanding the requirements of the FCPA and implementing proper internal controls and procedures, you can protect your company from potential legal issues and ensure your business practices remain ethical and transparent.

Read on for an overview of the FCPA, what businesses need to know for FCPA compliance, and tips on how to best make sure that your corporate compliance program is up to scratch.

How the FCPA Works

Similar to the U.K. Bribery Act, the FCPA is a federal law designed to prevent bribery and corruption risk in international business deals.

Enforced by the U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC), the law covers a wide range of activities around gaining business or endorsements, including giving gifts and entertainment to foreign officials, making improper payments to foreign officials, and using third parties to bribe foreign officials.

The FCPA has two main sections, anti-bribery provisions and accounting provisions:

• The anti-bribery provisions stop entities from offering, paying (or promising to pay), or authorizing any money, gift, loan, or anything else of value to a foreign official or foreign political party solely to gain or keep their business.
• The accounting provisions make it mandatory for businesses to keep accurate records of any payments made to foreign officials and to have adequate internal controls to manage those types of payments.

Not only do FCPA issues cover U.S. companies and citizens, but it also covers businesses that trade U.S.-based financial assets regardless of their geographical location. This makes the scope of the law quite far-reaching and requires foreign companies trading in the U.S. to take care to comply with the requirements of the FCPA.

What Are the Penalties for Breaching the FCPA?

The penalties for violation of the FCPA depend on the type of violation committed and who's committing it:

• For individuals, civil penalties can include fines of up to $100,000 and imprisonment of up to five years per violation. In some cases, if they knowingly violated the FCPA's provisions (known as a "willful violation"), the minimum prison term can increase to 20 years and the fine up to $5 million.
• For business entities, including corporations, penalties can include fines of up to $2 million per violation. In the case of willful violations, the maximum fine can increase to $25 million per violation.

And if that wasn't enough to convince you, fines can also be doubled under the Alternative Fines Act, and those convicted of violations can be barred from federal programs or obtaining certain operational licenses.

Tell-Tale Signs of Potential FCPA Violations

To help your understanding, teams need to be aware of tell-tale signs of potential FCPA violations so they can take steps to prevent them in their operations — both internally and with their third-party providers.

Here are some of the most common red flags to look out for:

• Unusual or excessive expenses: Are payments being made to seemingly random intermediaries? Has a third-party invoice been submitted without proof of work taking place? Has there been a surge in cash payments or unauthorized incentives?
• Poor record-keeping: Are internal records being maintained accurately, if at all? Are payments being made to third parties without supporting documentation?
• Inconsistent stories: Are your contacts giving different stories about their trading activities or changing their stories frequently? Are they omitting important information?
• Lack of credentials: Is it clear the third-party provider that has been hired doesn't have the necessary credentials or certifications for the task they've been hired for?
• Conflicts of interest: Are there signs of a conflict of interest between a third-party provider and your business? Are they acting in a way to benefit themselves rather than your business? Are they trying to influence the decision-making process?

If your third-party risk management program picks up on any of these signs, take immediate action to carry out internal investigations and stop any potential issues in their tracks.

Examples of High-Profile FCPA Violations

As companies expand and conduct more business globally, the risk of facing an FCPA violation increases — and as we've seen, organizations that fail to comply with the FCPA requirements can face severe penalties. Despite this, sometimes it can be difficult to picture how it can become a major concern for your business.

To help you put it in perspective, we've outlined two high-profile FCPA investigations that have made headlines around the world in recent years.

Siemens AG's Decades of Bribery and Corruption

In 2008, Siemens AG, a German industrial manufacturing company, and its subsidiaries were on the hook to pay American and European authorities a $1.6 billion settlement fee after pleading guilty to decades of corrupt payments for various government contracts.

A 2006 police raid of Siemens' Munich headquarters uncovered that the company had illegally provided at least $1.4 billion in kickbacks to foreign government officials for joint ventures in Asia, Africa, Europe, the Middle East, and Latin America through hidden bank accounts and crooked "consultants".

According to a New York Times article, the bribery culture at Siemens was integrated to the point that the Federal Bureau of Investigation (FBI) called it “standard operating procedures for corporate executives who viewed bribery as a business strategy.”

Goldman Sachs and the 1MDB Scandal

In 2020, global regulators — including the DOJ — fined Goldman Sachs a record $2.9 billion fine for its involvement in the 1Malaysia Development Berhad (1MDB) fund corruption scandal in Malaysia.

The scandal revolved around Goldman Sachs' role in helping raise $6.5 billion for the Malaysian government's 1MDB state fund and, in turn, helping corrupt Malaysian financiers make off with a significant amount of cash from that fund — which was, instead, supposed to pay for infrastructure projects and the country's economic improvement.

During the legal investigation, the bank admitted to making several mistakes in maintaining compliance, particularly with due diligence on the parties involved in the deals.

How to Make Sure Your Organization Maintains FCPA Compliance

Following an FCPA compliance program can be difficult — and risky — for businesses that don't have the proper systems in place to do so. However, putting the right processes in place to follow the regulations doesn't have to be difficult or time-consuming.

Here are the steps you can take to ensure your organization has an effective compliance program in place:

• Do your due diligence on third-party providers before engaging them: An effective procurement process will conduct thorough risk assessments of potential partners' business practices and compliance with local laws and regulations to make sure you have a handle on your organization's risk exposure.
• Signpost your company's FCPA compliance policies: This will help prevent any potential misconduct by employees and third parties. And make sure you have specific policies in place regarding gifts and entertainment and a reporting system for any FCPA violations that are discovered.
• Implement controls to nip bad behavior in the bud: Controls can include procedures for verifying the accuracy of financial records through SOC reports, requiring dual signatures for large payments, and conducting internal audits to sniff out any suspicious activity.
• Train your employees on anti-corruption laws: Tailoring your FCPA compliance training to each individual's role and running sessions on an ongoing basis will keep your team up-to-date on their responsibilities to detect and report potential violations. Also, it will help them understand the consequences of violations.
• Vet and monitor your third-party providers regularly: Be sure they're sticking to FCPA compliance at all times. This includes steps such as conducting due diligence reviews, implementing anti-corruption policies and procedures, and conducting regular audits and reviews of their business activities.
• Make your third-party risk management processes more efficient: The right technology can help reduce the risk associated with your FCPA compliance by giving your team a comprehensive view of their third-party relationships and making your process orchestration more efficient. Software like Certa can help you automate your third-party risk assessment and due diligence processes, which can reduce the risk of an FCPA violation through risk exposure.