Quick Summary: FCPA at a Glance
| Aspect | Details |
|---|---|
| What it prohibits | Bribing foreign government officials to obtain/retain business |
| Who it covers | US companies, US persons, foreign companies listed on US exchanges, anyone acting in US territory |
| Two main provisions | Anti-bribery + Books and records/internal controls |
| Enforcers | DOJ (criminal) + SEC (civil, for issuers) |
| Maximum penalties | Criminal: $250K–$25M per violation + imprisonment; Civil: disgorgement + penalties |
| Largest settlement | Goldman Sachs: $2.9 billion (2020); Ericsson: $1.06 billion (2019) |
Table of Contents
- Executive Summary
- What Is the Foreign Corrupt Practices Act?
- The Anti-Bribery Provisions
- The Accounting Provisions
- Who Is Covered by the FCPA?
- What Constitutes a Violation?
- FCPA Red Flags
- Penalties and Enforcement
- Building an FCPA Compliance Programme
- Third-Party Due Diligence
- FCPA vs UK Bribery Act
- Top 5 FCPA Compliance Mistakes
- Conclusion
Reading time: 15 min read
Executive Summary
The Foreign Corrupt Practices Act (FCPA) is a US federal law that prohibits paying bribes to foreign government officials to obtain or retain business. Enacted in 1977, it has become one of the most aggressively enforced anti-corruption laws in the world.
The stakes are enormous:
FCPA enforcement has generated over $30 billion in corporate penalties since 2008. Single cases have reached nearly $3 billion. Executives have been imprisoned. And the DOJ has made clear that self-policing is expected—companies that discover and report violations receive substantially better treatment than those caught by investigators.
The FCPA has two main provisions:
- Anti-bribery provisions — Prohibit corrupt payments to foreign officials
- Accounting provisions — Require accurate books and records and adequate internal controls
This guide provides a comprehensive framework for FCPA compliance: what the law prohibits, who it covers, how to identify risks, and how to build a programme that satisfies DOJ and SEC expectations.
"Companies cannot use third parties as a shield against FCPA liability. The Department of Justice will hold companies accountable for the corrupt acts of their agents, consultants, and intermediaries."
— Kenneth Polite Jr., former Assistant Attorney General, DOJ Criminal Division, justice.gov
The Extraterritorial Reach
The FCPA reaches far beyond US borders. It applies to conduct anywhere in the world by US companies, US persons, and foreign companies with US connections. A bribe paid in Asia by a European subsidiary of a US parent company is an FCPA violation.
Need anti-bribery training? Our compliance courses cover FCPA, anti-corruption, and third-party risk management.
What Is the Foreign Corrupt Practices Act?
Background and Purpose
The FCPA was enacted in 1977 after SEC investigations revealed that over 400 US companies had made questionable payments totalling more than $300 million to foreign officials. Congress determined that such payments:
- Undermine confidence in US business integrity
- Create unfair competitive advantages
- Harm diplomatic relations
- Perpetuate corruption in developing countries
The Two Provisions
| Provision | Requirement | Enforcer |
|---|---|---|
| Anti-bribery | Prohibits corrupt payments to foreign officials | DOJ (all); SEC (issuers) |
| Accounting | Requires accurate books/records and internal controls | SEC (issuers only) |
Key Definitions
| Term | FCPA Meaning |
|---|---|
| Foreign official | Officer/employee of foreign government, state-owned enterprise, public international organisation, or political party |
| Corruptly | Intent to wrongfully influence the recipient |
| Anything of value | Money, gifts, travel, entertainment, jobs, charitable donations—anything with value |
| Obtain or retain business | Win contracts, secure permits, gain favourable treatment |
| Issuer | Company with securities registered in US or required to file SEC reports |
The Anti-Bribery Provisions
What Is Prohibited
The FCPA prohibits offering, paying, promising to pay, or authorising payment of anything of value to:
- A foreign official
- A foreign political party or party official
- A candidate for foreign political office
- Any person while knowing that all or part will be passed to the above
For the purpose of:
- Influencing an official act or decision
- Inducing an act or omission in violation of lawful duty
- Securing an improper advantage
- Inducing use of influence with a foreign government
To obtain or retain business.
What Is NOT Prohibited
| Permitted | Why |
|---|---|
| Facilitating payments | Small payments to expedite routine governmental action (visa processing, utility connection)—but many companies prohibit these anyway |
| Reasonable business entertainment | Modest meals, gifts consistent with local custom (if not corrupt) |
| Payments lawful under local law | Written local law (rare in practice) |
| Bona fide expenditures | Reasonable travel/lodging directly related to contract performance or promotion |
The "Knowing" Standard
You can violate the FCPA by:
- Actually knowing about the bribe
- Being aware of a high probability that a bribe will occur
- Consciously disregarding or being wilfully blind to circumstances
"I didn't know my agent was bribing officials" is not a defence if you should have known.
The Accounting Provisions
Books and Records
Issuers must:
- Make and keep books, records, and accounts that accurately and fairly reflect transactions
- This applies to all transactions, not just those involving foreign officials
- Violations can occur even without a bribe—falsifying records is itself illegal
Internal Controls
Issuers must:
- Devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that:
- Transactions are executed in accordance with management authorisation
- Transactions are recorded as necessary to permit preparation of financial statements and maintain accountability for assets
- Access to assets is permitted only with management authorisation
- Recorded assets are compared with existing assets at reasonable intervals
Why Accounting Provisions Matter
Many FCPA cases are resolved on accounting violations alone because they:
- Don't require proving corrupt intent
- Apply to any false record (not just bribes)
- Can be charged even if no bribe occurred
- Carry substantial penalties
Who Is Covered by the FCPA?
Categories of Covered Persons
| Category | Anti-Bribery | Accounting | Notes |
|---|---|---|---|
| US issuers | ✅ | ✅ | Companies listed on US exchanges or filing SEC reports |
| US domestic concerns | ✅ | ❌ | US citizens, residents, and companies |
| Foreign issuers | ✅ | ✅ | Non-US companies listed on US exchanges |
| Foreign nationals/companies | ✅ (if act in US) | ❌ | Conduct occurring within US territory |
| Agents acting on behalf of above | ✅ | ✅ (if issuer) | Third parties, subsidiaries |
What "Acting in US Territory" Means
The FCPA can reach foreign persons/companies if they:
- Use US mail or means of interstate commerce (including email, wire transfers, phone calls)
- Take any act in furtherance of the bribe while in the US
- Use US banks or financial institutions
A single email routed through a US server can create FCPA jurisdiction.
Subsidiary and Parent Liability
| Scenario | Liability |
|---|---|
| US parent, foreign subsidiary bribes | Parent liable for subsidiary's actions if it authorised, directed, or controlled the conduct |
| Foreign parent, US subsidiary | US subsidiary subject to FCPA; foreign parent may be liable if involved |
| Joint ventures | Proportionate liability based on control and involvement |
Build your anti-corruption programme. Our FCPA and anti-bribery courses cover compliance requirements and third-party risk.
What Constitutes a Violation?
Elements of an Anti-Bribery Violation
For a violation, prosecutors must prove:
- Covered person — Issuer, domestic concern, or person acting in US territory
- Payment or offer — Made, offered, promised, or authorised
- Anything of value — Money, gifts, jobs, charitable donations, etc.
- To a foreign official — Broadly defined
- Corrupt intent — Purpose to influence improperly
- Business purpose — To obtain or retain business
Examples of Violations
| Scenario | Violation Type |
|---|---|
| Paying customs official to release goods without inspection | Anti-bribery |
| Hiring minister's son to secure government contract | Anti-bribery |
| Funding official's "study trip" during contract negotiations | Anti-bribery |
| Concealing payments to agents as "consulting fees" | Books and records |
| No approval process for third-party payments | Internal controls |
| Charitable donation to charity controlled by official | Anti-bribery |
Examples of Non-Violations
| Scenario | Why Not a Violation |
|---|---|
| Reasonable business dinner during negotiations | Not corrupt; bona fide business expense |
| Hiring qualified candidate who happens to be official's relative | If merit-based and properly documented |
| Small payment to expedite visa processing | Facilitating payment exception (though risky) |
| Gift of company-branded merchandise | Nominal value, promotional purpose |
FCPA Red Flags
Third-Party Red Flags
| Red Flag | Concern |
|---|---|
| Agent requests payment to offshore account | Concealment; pass-through to official |
| Unusually high commission rates | Funds available for bribes |
| Agent has government connections | Access used for improper influence |
| Agent recommended by government official | Quid pro quo relationship |
| Agent has no office or employees | Shell company for payments |
| Agent lacks qualifications for the work | No legitimate business purpose |
| Agent requests cash or bearer instruments | Concealment; difficulty tracing |
| Country has high corruption risk | Heightened scrutiny required |
Transaction Red Flags
| Red Flag | Concern |
|---|---|
| Unusually favourable contract terms | May reflect improper influence |
| Last-minute government contract win | Suspect timing |
| Vague invoices ("consulting services") | Concealment of true purpose |
| Payments just before/after government action | Correlation with bribery |
| Requests to backdate documents | Falsification |
| Charitable donations tied to business | Indirect benefit to official |
| Lavish gifts/entertainment | Excessive value; corrupt intent |
Structural Red Flags
| Red Flag | Concern |
|---|---|
| Acquisitions in high-risk countries | Inheriting liabilities |
| Decentralised payment authority | Weak controls |
| Sales compensation tied only to results | Incentive to bribe |
| No due diligence on third parties | Wilful blindness |
| Resistance to compliance controls | Concealment |
Penalties and Enforcement
Criminal Penalties (DOJ)
| Violator | Anti-Bribery | Accounting |
|---|---|---|
| Corporations | Up to $2M per violation; alternative: twice gain or loss | Up to $25M per violation |
| Individuals | Up to $250K and/or 5 years per violation | Up to $5M and/or 20 years per violation |
Civil Penalties (SEC)
| Violator | Anti-Bribery | Accounting |
|---|---|---|
| Corporations | Up to $16K per violation or disgorgement | Up to $16K per violation |
| Individuals | Up to $16K per violation | Up to $160K per violation |
Recent Major Settlements
| Company | Year | Amount | Conduct |
|---|---|---|---|
| Goldman Sachs | 2020 | $2.9B | 1MDB bribery scheme |
| Ericsson | 2019 | $1.06B | Bribes in multiple countries |
| Airbus | 2020 | $3.9B | Global bribery (with UK, France) |
| Telia | 2017 | $965M | Uzbekistan telecom bribes |
| Petrobras | 2018 | $853M | Brazilian corruption |
| Odebrecht | 2016 | $3.5B | Latin America bribes |
Individual Accountability
The DOJ prioritises individual prosecution:
- Executives have received prison sentences up to 15 years
- Companies receive credit for cooperating against individuals
- "Yates Memo" emphasises individual accountability
Building an FCPA Compliance Programme
DOJ's Evaluation Criteria
The DOJ evaluates compliance programmes based on three questions:
- Is the programme well designed?
- Is it being applied earnestly and in good faith?
- Does it work in practice?
Essential Programme Elements
| Element | Requirements |
|---|---|
| Commitment from senior management | Tone at the top; resources; accountability |
| Code of conduct and policies | Clear prohibitions; practical guidance |
| Risk assessment | Country, industry, transaction risks |
| Training and communication | Role-based; documented; ongoing |
| Third-party due diligence | Risk-based vetting; contractual controls |
| Reporting mechanisms | Hotline; non-retaliation; investigation |
| Discipline and incentives | Consequences for violations; rewards for compliance |
| Periodic testing and review | Audits; continuous improvement |
| M&A due diligence | Pre-acquisition review; post-acquisition integration |
Risk-Based Approach
| Risk Level | Due Diligence | Controls |
|---|---|---|
| High | Enhanced investigation; site visits; ongoing monitoring | Senior approval; audit rights; compliance certifications |
| Medium | Standard due diligence; background checks | Manager approval; periodic review |
| Low | Basic verification | Standard terms; routine monitoring |
Third-Party Due Diligence
Why Third Parties Matter
Over 90% of FCPA enforcement actions involve third-party intermediaries—agents, consultants, distributors, JV partners. Companies are liable for third-party bribes if they knew or should have known.
Due Diligence Process
| Step | Activities |
|---|---|
| 1. Risk assessment | Evaluate transaction, country, third-party profile |
| 2. Questionnaire | Business purpose, government connections, ownership |
| 3. Background check | Verify information; screen for red flags |
| 4. Reference checks | Prior business relationships |
| 5. Site visit | For high-risk relationships |
| 6. Approval | Risk-appropriate sign-off |
| 7. Contracting | Anti-corruption representations; audit rights; termination |
| 8. Ongoing monitoring | Periodic re-verification; transaction review |
Contractual Protections
| Provision | Purpose |
|---|---|
| Anti-corruption representations | Third party certifies compliance |
| Compliance with laws | Obligation to follow FCPA, local law |
| Audit rights | Company can inspect books/records |
| Termination for breach | Right to exit for violations |
| Flow-down clauses | Third party imposes on its subcontractors |
| Training requirements | Third party must train relevant staff |
FCPA vs UK Bribery Act
Key Differences
| Aspect | FCPA | UK Bribery Act |
|---|---|---|
| Scope | Foreign officials only | Public and private bribery |
| Facilitation payments | Exception exists | No exception |
| Strict liability | No | Yes (failure to prevent) |
| Adequate procedures defence | No | Yes |
| Commercial bribery | Not covered | Covered |
| Extraterritorial reach | US nexus required | UK nexus or "close connection" |
Implications for Multinationals
Companies operating globally must comply with both—typically by adopting the stricter standard:
- Prohibit facilitation payments (UKBA stricter)
- Cover private sector bribery (UKBA stricter)
- Implement adequate procedures (UKBA requirement)
Top 5 FCPA Compliance Mistakes
1. Inadequate Third-Party Diligence
The mistake: Superficial or no due diligence on agents, distributors, and consultants.
The fix: Risk-based, documented diligence before engagement and ongoing monitoring. The higher the risk, the deeper the investigation.
2. Training That Doesn't Reach the Right People
The mistake: Generic training that doesn't address the specific risks employees face.
The fix: Role-based training with scenarios relevant to job functions. Salespeople, procurement, and executives need different content than general staff.
3. Ignoring Accounting Provisions
The mistake: Focusing only on anti-bribery while neglecting books and records.
The fix: Ensure all transactions are accurately recorded, approvals are documented, and internal controls are tested.
4. No Mechanism for Updates
The mistake: Due diligence and risk assessments that are done once and never updated.
The fix: Periodic re-verification of third parties, annual risk assessment updates, and continuous monitoring of high-risk relationships.
5. Tone at the Top Without Middle Management Buy-In
The mistake: CEO commitment that doesn't translate to business unit behaviour.
The fix: Embed compliance into business processes, incentives, and performance reviews at all levels.
Conclusion
The FCPA is not going away—enforcement remains robust, penalties continue to climb, and the DOJ expects companies to police themselves. But compliance is achievable with the right approach.
Effective FCPA compliance:
- Starts at the top with genuine commitment from leadership
- Addresses real risks through assessment and tailored controls
- Focuses on third parties where most violations occur
- Documents everything to demonstrate good faith
- Evolves continuously as risks and regulations change
Key Takeaways
| Priority | Action |
|---|---|
| Know your risks | Assess countries, industries, and third parties |
| Control third parties | Due diligence, contracts, monitoring |
| Train the right people | Role-based, scenario-based, ongoing |
| Document everything | Decisions, approvals, investigations |
| Test your programme | Audits, assessments, continuous improvement |
| Foster speak-up culture | Reporting mechanisms, non-retaliation |
Ready to strengthen your anti-corruption programme?
CompliQuest offers FCPA and anti-bribery training designed for global organisations. Our courses cover the law, red flags, and practical compliance strategies.
Browse All Courses · Contact Us
Frequently Asked Questions
What is the Foreign Corrupt Practices Act (FCPA)?
The Foreign Corrupt Practices Act is a US federal law enacted in 1977 that makes it illegal to bribe foreign government officials to obtain or retain business. The FCPA has two main components: anti-bribery provisions, which prohibit corrupt payments to foreign officials, and accounting provisions, which require publicly traded companies to maintain accurate books and records and adequate internal controls. The law was passed after SEC investigations revealed that over 400 US companies had made hundreds of millions of dollars in questionable payments to foreign officials. Since its enactment, the FCPA has become one of the most aggressively enforced anti-corruption laws in the world, with combined DOJ and SEC enforcement actions generating over $30 billion in penalties. See the DOJ FCPA Resource Guide for the full statutory text and enforcement guidance.
Who does the FCPA apply to?
The FCPA applies to three categories of persons and entities. First, US issuers -- any company with securities registered on a US stock exchange or required to file reports with the SEC, regardless of where the company is headquartered. Second, US domestic concerns -- all US citizens, nationals, residents, and any business entity organised under US law or with its principal place of business in the US. Third, any person -- including foreign nationals and companies -- who takes any act in furtherance of a corrupt payment while in US territory or using US interstate commerce (including email, phone, or wire transfers routed through the US). A single email passing through a US server can create FCPA jurisdiction. The SEC FCPA enforcement page tracks enforcement actions by entity type.
What are the penalties for FCPA violations?
FCPA penalties are among the most severe in corporate law. For anti-bribery violations, corporations face criminal fines up to $2 million per violation (or twice the gain or loss), while individuals face up to $250,000 and 5 years imprisonment per violation. For accounting violations, corporate criminal fines can reach $25 million per violation, and individuals face up to $5 million and 20 years imprisonment. Civil penalties add further exposure through disgorgement of profits and additional fines. The largest FCPA-related settlements include Goldman Sachs ($2.9 billion in 2020), Airbus ($3.9 billion in a combined international settlement in 2020), and Ericsson ($1.06 billion in 2019). Beyond financial penalties, companies may face compliance monitors, deferred prosecution agreements, and reputational damage. See the Stanford FCPA Clearinghouse for a database of enforcement actions.
What is a "foreign official" under the FCPA?
The FCPA defines "foreign official" very broadly to include any officer or employee of a foreign government, a department, agency, or instrumentality of a foreign government (including state-owned or state-controlled enterprises), a public international organisation (such as the United Nations or World Bank), or any person acting in an official capacity for any of the above. This definition extends to officials of state-owned enterprises (SOEs), which is particularly significant because in many countries, the government controls major industries including energy, telecommunications, healthcare, and transportation. A doctor at a government-run hospital, an employee of a state-owned oil company, or a professor at a public university can all qualify as "foreign officials." The DOJ/SEC FCPA Resource Guide provides detailed analysis of who qualifies.
Does the FCPA apply to conduct outside the United States?
Yes, the FCPA has significant extraterritorial reach. For US companies, US citizens, and US residents, the FCPA applies to their conduct anywhere in the world, regardless of where the corrupt payment occurs. A bribe paid in Asia by a European subsidiary of a US parent company constitutes an FCPA violation. For foreign companies and individuals, the FCPA applies if any act in furtherance of the corrupt payment occurs within US territory or uses US interstate commerce -- including US banking systems, email servers, phone networks, or wire transfers. Courts have interpreted this jurisdictional hook broadly. Companies operating internationally must also consider parallel anti-corruption laws such as the UK Bribery Act 2010, which has even broader extraterritorial application and covers private-sector bribery.
How do you build an effective FCPA compliance programme?
The DOJ evaluates FCPA compliance programmes based on three fundamental questions: Is the programme well designed? Is it being applied earnestly and in good faith? Does it work in practice? Essential elements include senior management commitment (tone at the top), a clear code of conduct and anti-corruption policies, risk assessment covering countries, industries, and third parties, role-based training that is documented and ongoing, risk-based third-party due diligence with contractual protections, a confidential reporting mechanism with non-retaliation protections, consistent disciplinary enforcement, periodic auditing and testing, and M&A due diligence for acquisitions in high-risk markets. The DOJ's Evaluation of Corporate Compliance Programs provides the most authoritative guidance on what prosecutors expect from compliance programmes.
Related Insights
- Regulatory Compliance Training Guide — Overview of compliance training.
- Ethics Training for Employees — Building ethical culture.
- BSA/AML Risk Assessment — Financial crime compliance.
Our Compliance Training Courses
- Anti-Bribery & Corruption Training — FCPA and UK Bribery Act.
- Third-Party Risk Management — Due diligence and monitoring.
- Ethics and Code of Conduct — Values-based compliance.
- Global Compliance Training — International requirements.