Compliance Guides

FCPA Compliance Guide

The US Foreign Corrupt Practices Act (FCPA) of 1977 is the first major piece of national legislation aimed at combating bribery and the first to introduce corporate liability, responsibility for third parties and extra-territoriality for corruption offenses. Prohibition of bribery payments is limited to foreign officials, and the FCPA includes a limited exception for facilitation payments. With nearly global jurisdiction, the FCPA is widely enforced, and the current trend points towards increased enforcement actions, fines and imprisonment.

The US Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC) consider the extent to which a company has self-reported, cooperated and taken appropriate remedial actions when considering an enforcement action. In addition, the DOJ and SEC will evaluate the adequacy of the company’s compliance programme.

The DOJ and SEC do not formulate requirements regarding compliance programmes. When evaluating compliance programmes, inquiries relate to three questions: (1) Is the company’s compliance programme well designed? (2) Is it applied in good faith? (3) Does it work?

Each company may have different compliance needs that depend on their size or risk exposure, so there is no compliance programme that suits every business. However, in order to design an effective compliance programme, the Resource Guide to the FCPA recommends that a programme include the following policies and procedures:

tone_at_the_top-01.png

Tone at the Top

A commitment from senior management and a clearly articulated policy against corruption.

CodeOfConduct_n_CompliancePolicies-01.png

Code of Conduct & Compliance Policies

The code of conduct is the foundation of an effective compliance programme. Policies and procedures detailing proper internal controls, auditing practices, documentation policies and disciplinary measures should be in place.

oversaight_autonomy_resources-01.png

Oversight, Autonomy and Resources

Individuals in charge of oversight should be autonomous from management and should have sufficient resources to ensure the programme is implemented correctly.

risk_assessment-01.png

Risk Assessment

Companies should analyze and address the specific risks they face.

training-01.png

Training

Companies should take the appropriate steps to ensure that the policies and procedures have been communicated throughout the organization. 

Incentives_n_disciplinary_measures-01.png

Incentives and Disciplinary Measures

Clear disciplinary procedures should be in place and the adherence to compliance policies and procedures should be incentivised throughout the company. 

third_party_due_diligence_n_payments-01.png

Third-Party Due Diligence & Payments

Third-parties should be assessed regularly and should be informed of the company’s compliance programme and code of conduct.

reporting-01.png

Reporting

Employees should be able to report violations without fear of retaliation through a whistleblowing mechanism based on confidentiality. The compliance programme and internal controls should be updated after an internal investigation.

testing_n_review-01.png

Testing and Review

As a company’s business and environment in which it operates changes over time, a good compliance programme should be reviewed and constantly evolve over time.

 

FCPA Summary
FCPA Full Text

Topics: United States