A young Michael Jackson might have disagreed, but ABCs aren’t always as easy as 1-2-3.  Anti-Bribery and Corruption is the focus of the Foreign Corrupt Practices Act (FCPA), for which the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) have recently jointly published a second edition of their resource guide.  This guide gives further clarity into the regulators’ intentions to enforce some of the more debated aspects of FCPA and highlights the need for next-generation technology to defend against violations.1

A (Very) Quick Recap of FCPA

The FCPA is a U.S. law which was passed in 1977 and which prohibits bribery of foreign officials to further business deals.2

There are two main articles.  The first lays out the anti-bribery provisions, and the second lays out accounting transparency and internal control guidelines. Both the SEC and the DOJ are responsible for enforcing the FCPA.3

The Perils of Violating FCPA

The SEC’s punitive measures in response to FCPA violations have made headlines for decades, some of which have had price tags well over $100MM.

It’s worth noting that many of the settlements around FCPA are based on the second provision of accounting transparency and internal controls.  What’s interesting about this is that many companies pay the price (both monetary and reputational) for anti-bribery/corruption without definitively engaging in bribery or corruption – a fact that has been criticized over the years.

 “A Resource Guide to the U.S. Foreign Corrupt Practices Act”

In 2012, the SEC and the DOJ jointly released “A Resource Guide to the U.S. Foreign Corrupt Practices Act” to offer guidance for compliance with FCPA.4

For the eight years since then, that guide was the primary guiding light in FCPA compliance – until July of this year, when “A Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition” was released.

The release of the second edition has caused quite a stir – “What’s changed?” is being widely discussed.

One of the more anticipated subjects within the new edition is that of the second provision around accounting and internal controls.  In short, the second edition does add some new clarification on this topic, but it does not back down on the intention to uphold that part of the law.  Here are some details:

  • There was emphasis on the mens rea (i.e. willful) aspect of this provision, however there was also emphasis on the intention to uphold the accounting provisions.
  • The new edition notes that “improper recording of expenses may be viewed as evidence of corrupt intent.”
  • The SEC has been criticized in the past for bringing claims of FCPA violations when the violations seem to relate to a company’s compliance program, whereas FCPA is specific to internal accounting controls. The second edition acknowledges that “internal accounting controls” and “compliance program” are not synonymous, however it also says that there is overlap between the two.  The takeaway may be that the SEC does not intend to shift focus in terms of enforcement of this aspect of the law.

What’s the Impact?

The bottom line: The above points highlight potential areas of continued DEC and DOJ involvement regarding the accounting and internal controls provisions of FCPA.

The bad news: even very large and sophisticated corporations continue to get hit with FCPA violations and fines every year.  Though the statute has been around for decades, many companies have still not perfected the art of compliance.

The good news: with technology constantly evolving and improving, there are more opportunities than ever to tighten compliance programs.

Control Frameworks and Monitoring Programs to Defend Against FCPA Violations

Conceptually, use of control frameworks and monitoring programs is simple: simply keep an eye out for signs of bribery/corruption. As with many things, it’s more complicated in practice.  Let’s break this down:

Keep an eye out for signs of bribery/corruption. What are signs of bribery/corruption?  Commonly, these are referred to as red flags.  Here are some examples:

  • The party or its employees have connections to governments or public officials. This could take the form of business ties, financial contributions, political alignments, and/or family relationships.
  • The party has a tarnished reputation, indicated by:
  • The party lacks the structure, resources, or employees to have relevant experience regarding the services to be provided.
  • The party follows questionable accounting or invoicing practices that result in incorrect or missing information regarding payments, compensation, vendor relationships, and contributions.
  • The party conducts unorthodox deals such as not commencing due diligence or refusing to sign written paperwork.

Now, let’s have a look at the other half of that sentence: Keep an eye out for signs of bribery/ corruption.  With the vast amount of data that passes in and out of a firm any given day, this is no simple task.  There are two main ways a company can monitor for red flags: manual or automated.

A firm may choose to utilize manual methods, for instance sorting through reports, ledgers, and conducting other types of due diligence by hand. However, the process requires human capital and proper training, and is often subject to human error. Due to these drawbacks, automated monitoring has grown in popularity among organizations.

The automated method is similar in theory to the manual method, except, of course, the steps are executed by a tool rather than a human, saving time and boosting efficiency and accuracy.  Here are some of the noted benefits of using automated tools for red flags monitoring:

  • Cutting-edge data analytics and data visualization capabilities give real-time insights to steer focus and resources towards the highest risks, while cutting down on devoting disproportionate time and resources to lower-risk activities, and allowing the organization to continuously improve its compliance program
  • Compliance Analytics harness the power of data and artificial intelligence to automate bribery and corruption identification and mitigation through things like Emotion/Sentiment Analytics (using things like Natural Language Processing (NLP), Machine Learning and stochastic modeling), and Detection of Deceptive Behavior, allowing enterprises to shift from policy to active prevention
  • Continuous monitoring for red flag alerts (e.g. politically exposed people) and transaction monitoring of employee spend, travel and expense (T&E), and accounts payable transactions
  • Automatically maintained audit trail with relevant documentation for all alerts and resolutions
  • Third-party risk management (TPRM) solutions provide third-party screening based on dynamic risk profiles of vendors, distributors, and suppliers

In Conclusion

The recent publication of the “Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition” brought FCPA compliance back into the spotlight.  Given that the DOJ and SEC plan not to back down on their intention to enforce the second article, it is critical that firms assess their compliance programs and consider technology solutions to boost efficiency and effectiveness.  For any inquiries or to find out more on the topic, please reach out to me.


  1. A Resource Guide to the U.S. Foreign Corrupt Practices Act Second Edition https://www.justice.gov/criminal-fraud/file/1292051/download
  2. Department of Justice Foreign Corrupt Practices Act https://www.justice.gov/criminal-fraud/foreign-corrupt-practices-act 
  3. U.S. Securities and Exchange Commission Spotlight on Foreign Corrupt Practices Act https://www.sec.gov/spotlight/foreign-corrupt-practices-act.shtml 
  4. A Resource Guide to the U.S. Foreign Corrupt Practices Act https://www.sec.gov/spotlight/fcpa/fcpa-resource-guide.pdf

Submit a Comment

Your email address will not be published.