I won’t pretend to be a subject matter expert on corruption and bribery, but what I do know is it can be complicated to understand. When framed within the Foreign Corrupt Practices Act (FCPA), the rules and regulations become even more complex. It’s taken me a decent amount of research to 1) realize just how serious this subject is, and 2) how important it is for companies to have sufficient programs in place to mitigate the risk of violation.
What is FCPA?
For those of you who need a quick history lesson, the Foreign Corrupt Practices Act (FCPA) is a law that Congress passed in 1977 to punish bribery intended to influence the decisions of foreign officials. It is punishable by criminal and civil penalties that can be applied against both companies and individuals.
Under the Foreign Corrupt Practices Act (FCPA), it is unlawful for a U.S. person or company to The FCPA makes it a crime to: 1) make a payment of, offer or promise to pay, or authorize a payment of money or anything of value, directly or indirectly; 2) to any foreign official, politician, party official, candidate for office; 3) with a corrupt intent; 4) for the purpose of influencing one of these person’s official acts or decisions in violation of his or her lawful duty; 5) in order to assist in obtaining or retaining business.
Examples of FCPA accounting violations include failing to implement internal controls, keeping accurate books and records, to conduct appropriate audits of payments, and to implement sufficient anti-bribery compliance policies.
Since the law was passed, billions of dollars in financial penalties have been paid to resolve FCPA violations. In 2021 alone, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) brought actions against four companies and imposed financial penalties totaling $282 million. The year before, 12 companies paid a record $6.4 billion to resolve FCPA cases.
Mitigating FCPA Violations
So, what can organizations do to avoid these types of penalties?
If any portion of business is conducted overseas, a good place to start testing the existing FCPA controls is with a simple checklist like the one below. 
- Identify the nature of your business and all sectors in which you operate.
- Keep an updated log of all nations in which you operate and/or engage in commerce.
- List all public/governmental agencies to which you market and/or sell products and services.
- Research the Corruptions Perception Index published by Transparency International — a global coalition with a mission to stop corruption and promote transparency — for each nation in which you operate and/or engage in commerce (www. transparency.org).
- Inventory the strengths and weaknesses of your corporate internal controls.
- Identify all executives and employees responsible for compliance with federal statutes and regulations.
- Revisit record keeping and accounting procedures for all international transactions to ensure accurate characterization of all expenditures.
- Implement an anonymous hotline for employee concerns with measurable follow-up and accountability for addressing each call in a timely manner.
- Review your employee compliance training on an annual basis.
- Develop an ongoing relationship and exchange of information with knowledgeable external legal counsel.
Effective FCPA Compliance Programs
Another way to mitigate the risk is to review your current compliance program. The Department of Justice highlights the following qualities to be the “Hallmarks of Effective Compliance Programs.”
- Commitment from Senior Management and a Clearly Articulated Policy Against Corruption
- Code of Conduct and Compliance Policies and Procedures
- Oversight, Autonomy, and Resources
- Risk Assessment
- Training and Continuing Advice
- Incentives and Disciplinary Measures
- Third-Party Due Diligence and Payments
- Confidential Reporting and Internal Investigation
- Continuous Improvement: Periodic Testing and Review
- Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration
- Investigation, Analysis, and Remediation of Misconduct
These are dense and expensive initiatives that not every company can afford to implement. Even then, does checking all of the boxes above remove the risk of FCPA non-compliance? The answer is no.
The Use of Data Analytics in FCPA Prevention
In the past couple of years, the focus of corporate compliance program evaluation has shifted. The June 2020 revision to the DOJ compliance guidelines requires prosecutors to investigate how a company is tracking the functionality of its operations and compliance efforts. Part of this determination is done by looking at the company’s use of data analytics.
Using data analytics could help continuously monitor and ensure third-party compliance by identifying risks as they emerge. This gives companies more time to evaluate and determine the best course of action to mitigate potential liability.
Oversight for FCPA
Oversight for FCPA is an automated transaction monitoring solution that addresses three specific areas of best practice:
- Continuous monitoring of transactions and activities for improper behavior.
- Performing compliance audits around travel & entertainment (T&E) and accounts payables (AP) transactions.
- Reinforcing policy compliance.
Oversight for FCPA provides a centralized transaction monitoring system that automatically identifies risky activities and facilitates efficient resolution of any issues. Our library of FCPA analytics looks across multiple dimensions including employees, attendees, vendors, and countries over an extended time horizon for behaviors or patterns. This can reveal FCPA risk across expense reports and card transactions in T&E, or invoices and payments in AP.
Oversight’s library of FCPA analytics looks across multiple dimensions including employees, attendees, vendors, and countries over an extended time horizon. This can pinpoint employees exhibiting patterns of potentially improper behavior or collusion that are difficult to detect in traditional FCPA monitoring and audit approaches. From this analysis, we present FCPA risk in the form of cases/exceptions needing further investigation and resolution.
Oversight is always on the lookout for anti-bribery and corruption risk
Oversight enables clients to easily demonstrate to the executive team and board, and to government agencies, if necessary, that they are proactively monitoring their business transactions for FCPA risk and acting on the exceptions.
A continuous transaction monitoring solution such as Oversight is an important part of an effective compliance program addressing the DOJ’s guidelines for compliance monitoring, communication with employees, compliance evidence, and audit trails.
High-Risk Transactions and FCPA
Leveraging Transparency International Corruption Perception Index and the CIA or Dow Jones Politically Exposed Persons databases, Oversight for FCPA identifies high-risk transactions in T&E based on factors including the employee, the attendees, the merchant, the vendor, and the country where the transaction occurred. Oversight then combs through transactions for FCPA-specific keywords such as ministry, facilitation fee, consulting fee and other suspicious terms. Multiple languages are also included in our keyword analysis.
Within Payables, Oversight for FCPA evaluates the type of transaction, the vendor, and the country where the transaction occurred using the Corruption Perception Index, PEP lists, and FCPA specific keywords. Based on political exposure, Oversight also identifies voucher outliers, unusual vouchers or payments, split invoices, and high-risk vendors.
Oversight automatically prioritizes exceptions, highlighting the highest risk countries, employees, spend categories, merchants, and vendors to streamline the review process. Compliance auditors access these exceptions through a secure web-based portal where they can leverage the built-in case management functionality to communicate, collaborate, and act on the findings.
Oversight maintains a permanent, tamper-proof audit log that automatically documents the steps taken to resolve issues. This ensures you can effectively address anti-bribery and corruption risks.
Oversight’s library of FCPA analytics takes a risk-based approach to identify anomalies that may suggest FCPA concerns. With built-in workflows, any actions taken during the review and resolution of potential FCPA violations are recorded automatically. Because these workflows are retained indefinitely, the records provide a defensible audit trail demonstrating that there is continuous monitoring of all business transactions.
Oversight can operationalize FCPA compliance efforts to monitor your travel, entertainment, and payables at an affordable price point, and a timeframe that is achievable. While there is no guarantee that you will be able to prevent bad actors from circumventing controls, with Oversight you can have a best practice approach to identify possible FCPA violations in travel, entertainment, and payables.
One final thought I’ll put out there for you to consider - identifying corruption and bribery can be a daunting task but is the risk of reputational damages, hefty fines, or imprisonment for failing to do your due diligence worth it? Oversight uses AI and automation to reduce the risk of a potential FCPA violation so you can sleep better at night, making it well worth the investment.
Criminal Division. A resource guide to the U.S. Foreign Corrupt Practices Act. U.S. Department of Justice : U.S. Securities and Exchange Commission.