The US Foreign Corrupt Practices Act (FCPA) of 1977 is the first major piece of national legislation aimed at combating bribery and the first to introduce corporate liability, responsibility for third parties and extra-territoriality for corruption offenses. The prohibition of bribery payments is limited to foreign officials, and the FCPA includes a limited exception for facilitation payments. With nearly global jurisdiction, the FCPA is widely enforced, and the current trend points towards increased enforcement actions, fines, and imprisonment.
The US Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC) consider the extent to which a company has self-reported, cooperated and taken appropriate remedial actions when considering an enforcement action. In addition, the DOJ and SEC will evaluate the adequacy of the company’s compliance program.
The DOJ and SEC do not formulate requirements regarding compliance programs. When evaluating compliance programs, inquiries relate to three questions: (1) Is the company’s compliance program well designed? (2) Is it applied in good faith? (3) Does it work?
Each company may have different compliance needs that depend on their size or risk exposure, so there is no compliance program that suits every business. However, in order to design an effective compliance program, the Resource Guide to the FCPA recommends that a program include the following policies and procedures:
A commitment from senior management and a clearly articulated policy against corruption.
The code of conduct is the foundation of an effective compliance program. Policies and procedures detailing proper internal controls, auditing practices, documentation policies, and disciplinary measures should be in place.
Individuals in charge of oversight should be autonomous from management and should have sufficient resources to ensure the program is implemented correctly.
Companies should analyze and address the specific risks they face.
Companies should take the appropriate steps to ensure that the policies and procedures have been communicated throughout the organization.
Clear disciplinary procedures should be in place and the adherence to compliance policies and procedures should be incentivized throughout the company.