The US Foreign Corrupt Practices Act (FCPA) of 1977 is the first major piece of national legislation aimed at combating bribery and the first to introduce corporate liability, responsibility for third parties and extra-territoriality for corruption offenses. Prohibition of bribery payments is limited to foreign officials, and the FCPA includes a limited exception for facilitation payments. With nearly global jurisdiction, the FCPA is widely enforced, and the current trend points towards increased enforcement actions, fines and imprisonment.
The US Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC) consider the extent to which a company has self-reported, cooperated and taken appropriate remedial actions when considering an enforcement action. In addition, the DOJ and SEC will evaluate the adequacy of the company’s compliance programme.
The DOJ and SEC do not formulate requirements regarding compliance programmes. When evaluating compliance programmes, inquiries relate to three questions: (1) Is the company’s compliance programme well designed? (2) Is it applied in good faith? (3) Does it work?
Each company may have different compliance needs that depend on their size or risk exposure, so there is no compliance programme that suits every business. However, in order to design an effective compliance programme, the Resource Guide to the FCPA recommends that a programme include the following policies and procedures:
Tone at the Top
A commitment from senior management and a clearly articulated policy against corruption.
Code of Conduct & Compliance Policies
The code of conduct is the foundation of an effective compliance program. Policies and procedures detailing proper internal controls, auditing practices, documentation policies, and disciplinary measures should be in place.
Oversight, Autonomy and Resources
Individuals in charge of oversight should be autonomous from management and should have sufficient resources to ensure the program is implemented correctly.
Companies should analyze and address the specific risks they face.
Companies should take the appropriate steps to ensure that the policies and procedures have been communicated throughout the organization.
Incentives and Disciplinary Measures
Clear disciplinary procedures should be in place and the adherence to compliance policies and procedures should be incentivized throughout the company.
Third-Party Due Diligence & Payments
Third-parties should be assessed regularly and should be informed of the company’s compliance program and code of conduct.
Employees should be able to report violations without fear of retaliation through a whistleblowing mechanism based on confidentiality. The compliance program and internal controls should be updated after an internal investigation.
Testing and Review
As a company’s business and environment in which it operates changes over time, a good compliance program should be reviewed and constantly evolve over time.