Benchmarking Your FCPA Compliance Program: Six Practical Tips From Recent SEC Settlements

Bloomberg BNA’s Corporate Law & Accountability Report is available on the Corporate Law Resource Center. This news service keeps corporate practitioners informed of legal developments of...

Mark A. Srere Kristin Robinson

By Mark A. Srere and Kristin Robinson

Mark Srere is co-leader of Bryan Cave's Global Anti-Corruption/FCPA Team. He provides a full range of counseling for clients in anticorruption compliance areas, including drafting policies, implementing compliance programs, and addressing due diligence issues that arise from mergers and acquisitions, hiring of agents and joint ventures. Mr. Srere also conducts internal investigations related to anticorruption issues, counsels clients on disclosure issues and defends against government investigations.

Kristin Robinson is a member of Bryan Cave's White Collar Defense and Investigation group, where she defends individuals and corporations under investigation by government agencies. She also conducts internal investigations for corporate clients involving whistle-blower complaints and other allegations of fraud.

Anticorruption compliance is not a new frontier. For the past 10 years, the U.S. government has significantly enhanced its enforcement of the Foreign Corrupt Practices Act (FCPA) against both companies and individuals. As a result, every year or so, a new nine-figure monetary penalty is imposed and another top executive goes to jail. By now, every U.S. company doing business overseas should at least have an anticorruption policy and an associated compliance program. As part of such a program, a company should conduct periodic reviews to evaluate and improve its program. In conducting such a review, it is helpful to review recent enforcement actions to assess how the government views compliance programs. The Securities and Exchange Commission (SEC) is not shy in criticizing companies for perceived compliance failures. This article offers six practical tips on benchmarking your company's FCPA compliance program against recent enforcement actions.

Corporate Hospitality

Corporate hospitality is an area that can create friction between Sales and Compliance. To reduce that tension, a company should have in place clear, written policies of what conduct and expenditures are acceptable or prohibited and what situations must be pre-cleared by Compliance/Legal. In this area, the SEC has made clear that an actual bribe is not necessary to find an FCPA violation. In the May 2015 settlement with BHP Billiton, the SEC noted that even though the company “recognized that inviting government officials to the Olympics created a heightened risk of violating anti-corruption laws and the company's own Guide to Business Conduct … the internal controls it developed and relied upon in an effort to address this risk were insufficient” (21 CARE 21, 5/22/15). Thus, while there were no allegations that any bribes were contemplated or paid, the SEC highlighted the risk that a bribe could take place by Billiton inviting to the Olympics government officials who were in a position to influence pending contract negotiations.

  • Tip: When setting up a hospitality program for customers and potential customers, ensure that any customer who might be considered a “foreign official” be segregated and treated in a manner consistent with the FCPA resource guide issued by the SEC and the Department of Justice (DOJ) in the fall of 2012. This process will bring heightened awareness to how these potential “foreign officials” may be treated by the company.


The government will not go after a company that provides “reasonable and bona fide” travel and lodging expenses to foreign officials as long as those expenses are (i) directly related to the promotion, demonstration, or explanation of a company's products or services, or (ii) related to a company's execution or performance of a contract with a foreign government or agency. In the February 2016 SciClone Pharmaceuticals settlement for $12.8 million, the SEC criticized the company for using local travel agencies to arrange travel and lodging for conferences that either did not include a legitimate educational purpose or were minimal in comparison to the associated recreational activities, such as a half-day of educational activities compared to six days of sightseeing.

  • Tip: If your trip itinerary for a foreign official includes Disneyland or the Grand Canyon, it is likely to be viewed as not “reasonable and bona fide.” It is a good idea to require advance Compliance/Legal review and approval of all such proposed trip activities.

Human Resources/Hiring

Two settlements in March 2015, one with a major financial institution and one with a major telecommunications company, emphasize that your anticorruption compliance program should not ignore the Human Resources department or any established process for hiring decisions. In the first settlement, the SEC stated that the bank's “system of internal accounting controls was insufficiently tailored to the corruption risks inherent in the hiring of client referrals, and therefore was inadequate to fully effectuate [its] stated policy against bribery of foreign officials.” In the second settlement, the SEC cited e-mails discussing “must place” or “special” hires. These decisions show that offering a job (even an unpaid internship) could be viewed as violating the FCPA.

  • Tip: Your compliance program should have a protocol in place to ensure that any job offer or internship that falls outside of the normal HR process be reviewed by Legal/Compliance to ensure that it does not violate the FCPA.

Internal Controls

The SEC criticizes companies for failing to detect payments that raise red flags. In some cases, such as the $9 million settlement in April 2016 with a Fortune 500 company, the surrounding circumstances point to an overall lax control environment (68 CARE, 4/8/16). In that case, “tens of millions of dollars … [were] paid out without appropriate documentation or authorization,” a consultant referred to as a “beard” was paid $32 million, and one employee received a $26,000 cash advance and an $86,000 cash reimbursement without proper authorization. Similarly, in the February 2016 settlement with a software company, the SEC stated that the company's internal controls failed to flag an 82 percent discount on software licenses, which allowed an employee to create a slush fund from which to pay bribes.

In other cases, however, the SEC has found fault with a company's controls where red flag payments are deliberately hidden from company auditors. In a $14 million settlement in July 2016, the company had acquired a Chinese subsidiary that was involved in bribes before the acquisition. The company cleaned house and instituted a new compliance program. The Chinese employees deliberately circumvented the new controls and continued paying bribes by falsely characterizing the payments as vendor payments in amounts that were so small that they were considered to be low risk. The SEC criticized the company's global auditors for not truly understanding the transactions.

  • Tip: The Legal/Compliance personnel assigned to oversee the anticorruption compliance program should conduct periodic reviews of the company's internal controls to ensure that they are designed to detect ways in which employees may circumvent the controls to create pools of money from which bribes could be paid.


The purpose of an effective compliance program is to prevent and detect misconduct. A key component of such a program is to ensure that compliance-related issues are investigated promptly and appropriately. In the $28 million settlement with PTC in February 2016, the SEC specifically criticized PTC for failing to identify and stop the illicit payments to Chinese government officials and failing to take effective remedial measures despite conducting compliance reviews in its Chinese subsidiaries during 2006, 2008 and 2010 that included investigating possible corruption involving its business partners (31 CARE, 2/17/16).

  • Tip: Be thorough in investigating compliance issues that are identified. Although you do not have to “boil the ocean” in an investigation, you should ensure that you feel comfortable that you have reasonably pulled the strings that are out there and determined that they do not indicate wrongdoing.

Mergers and Acquisitions

Although the FCPA does not impose liability on an acquiring company for a target company's conduct that occurred before an acquisition, the moment a U.S. company acquires a foreign company, it is on the hook for violations that occur after the acquisition. In the $16.2 million settlement with Goodyear Tire & Rubber in February 2015, the SEC criticized the company for failing to conduct “adequate due diligence” when it acquired a Kenyan company and for failing to implement “adequate FCPA compliance training and controls after the acquisition” (13 CARE 440, 2/27/15).

  • Tip: Perform exacting anticorruption due diligence before buying a company. It will not only help prevent possible corruption problems, but it will give you a better understanding of the true value of the acquisition. In addition, after the acquisition, ensure that the company's anticorruption compliance program is applied to the new subsidiary and ensure that there is adequate training for new employees.

The above tips are important reminders to keep monitoring and updating as necessary your company's anticorruption compliance program. It is not sufficient for a program to remain stagnant; instead, you must actively engage and train appropriate employees to understand the policies and procedures and ensure that those policies and procedures are implemented and followed.

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.