Skip to content
Employee Conflicts of Interest Insider Trading MNPI & Enterprise Conflicts NA Regulations

How to Maintain FCPA Compliance

Bribery and corruption, unfortunately, pose a risk in any business dealings, but the lines can blur when it comes to liaising with foreign officials. Here, the StarCompliance team offers a guide to maintaining airtight FCPA compliance. 


The Foreign Corrupt Practices Act (FCPA) prohibits and penalizes unethical and corrupt foreign business dealings, with a particular focus on bribery. The act is enforced by the U.S. Department of Justice (DOJ) to prevent “certain classes of persons and entities [from making] payments to foreign government officials to assist in obtaining or retaining business.”

This pertains to all agents, consultants, joint ventures, distributors, and third-party business partners, as well as foreign companies with subsidiaries in the U.S., those that do business in the U.S., or those whose transactions are processed in the U.S. banking system. 

Under the terms of the FCPA, publicly traded companies are required to keep records of every transaction, both foreign and domestic, that accurately and transparently reflect all financial activity. Created in 1977, the act initially applied to all U.S. individuals and firms, plus “certain foreign issuers of securities”; since amendments made in 1998, the FCPA now includes “foreign firms and persons who cause, directly or through agents, an act in furtherance of such a corrupt payment to take place within the territory of the United States.”

In recent years, both the DOJ and the Securities and Exchange Commission (SEC) have tightened their enforcement, resulting in billions of dollars in resolution payments. According to research by Stanford University, the average cost of an investigation into FCPA violations is over $1.5 million per month, with investigations lasting an average of 39 months. 


The primary purpose of the FCPA is to prevent U.S. companies from obtaining or retaining business by making, offering, promising, or authorizing payments or gifts to any of the following: 

  • A foreign official
  • An international organization official
  • A foreign political party or official
  • A candidate for a foreign political office 
  • Non-government third parties acting for or on behalf of foreign government officials

To monitor for these infractions, the FCPA requires every firm that reports to the SEC to follow specific accounting transparency measures. This makes it imperative that companies have internal controls to catch and address potential red flags in their records. The SEC can also use these records to investigate general accounting fraud unrelated to bribery. 

Firms and individuals are at risk of both civil and criminal penalties for FCPA violations, with the civil being most relevant to compliance, audit, and risk officers. The civil provisions—including requirements regarding record-keeping and internal controls—are enforced by the SEC, which can pursue civil charges without corresponding criminal charges by the DOJ. Even if the DOJ determines that there is no evidence of bribery in a case, the SEC can still bring charges against firms or leadership for weak internal controls that merely allow for the possibility of bribery. 

Because FCPA violations can be severe, it’s essential to make internal policies and processes as easy to understand. This includes defining what constitutes as bribery, the consequences for both the involved parties and the company, and internal anti-bribery policies for gifts and entertainment and other spending approvals. Even employees who live in or are citizens of countries outside the U.S. are held to FCPA provisions and subject to prosecution. 

Behaviors that can trigger a civil or criminal investigation include: 

  • Bribing any of the individuals or entities mentioned above
  • Offering or mentioning the possibility of a bribe, even if there is no follow-through
  • Any attempt, perceived or otherwise, to alter or obscure cross-border financial records 

When it comes to political contributions, the SEC’s pay-to-play rule (or the Advisers Act Rule 206(4)-5) applies to international transactions as well as domestic ones. This rule prohibits investment advisers from providing their services to government clients for two years after they or their staff make campaign donations to political candidates who can influence advisory contract decisions. 


Clear-cut cases of international bribery give obvious cause for DOJ and SEC investigations. However, the FCPA civil provisions enforced by the SEC can be slightly murkier to navigate and monitor for. 

The following is a non-exhaustive list of actions or behaviors that fall out of compliance with FCPA civil provisions: 

  • Poor documentation processes
  • Lack of anti-bribery policies for spending approvals, receipts, or other documentation
  • Poor third-party spending controls
  • Lax accounting policies
  • Lack of an audit or compliance officer
  • Failing to re-evaluate the FCPA compliance program amid business changes
  • Lack of employee training around regulatory compliance or suspicious activity 

Gift giving in the course of doing business is not considered an FCPA violation, provided it is compliant with FINRA Rule 3220

The consequences for these violations are extensive and severe, including government fines, imprisonment, and lasting reputational damage. 

On rare occasions during an investigation, either the SEC or the DOJ could determine that a firm or individual made an honest mistake, provided that each investigating entity confirms that every possible internal control was in place and the subject of the investigation was well educated on FCPA provisions. These conditions can stand as “evidence of good faith” and absolve the subject of any perceived infraction.  


The best protection against FCPA noncompliance is a robust employee training program, followed closely by scalable compliance software solutions. When employees understand the risks and behaviors associated with unethical business transactions, it reduces the likelihood of noncompliance for your entire organization

Up-to-date technology, controls, and training can provide evidence to the DOJ and SEC that a firm is performing its due diligence regarding regulatory compliance. Even if an individual employee is legitimately found to have violated FCPA provisions, the presence of these safeguards can save the employee’s firm from fines or prosecution.  

FCPA compliance best practices should be incorporated into your firm’s existing compliance training and include most or all of the elements in the following checklist. 


  • Commitment: No plan can be fully effective without unwavering support from senior leadership. Attitudes trickle down from the top, so leadership and management should make it clear that they take anti-bribery and anti-corruption seriously, setting an example for the rest of the firm. 
  • Control systems: The obvious key element of an FCPA compliance plan is the system that solves for it. Internal systems—whether they be manual or technological—need to be able to detect, investigate, and remedy possible violations. For example, spending limits or blocks should be automatically applied to transactions with third parties who have not yet been assessed for risk. 
  • Accountability & ownership: Appoint a single person or group responsible for overseeing and maintaining FCPA compliance measures, ensuring they have the necessary resources to do so. They are the first point of contact regarding all noncompliance concerns.
  • Clarity & communication: There is no such thing as being too clear—written policies should explicitly prohibit corrupt payments to foreign officials or candidates for office. Communicate compliance program policies and procedures throughout the organization, including detailed standards and guidance for addressing specific FCPA issues.
  • Right-sized policies: Make sure your firm’s anti-bribery policies and procedures are proportionate to the types of risks you may encounter.
  • Documentation: A major part of FCPA compliance is documentation, so be sure that your plan includes detailed instructions and processes for documenting all transactions (not only foreign ones) while maintaining confidentiality where applicable.
  • Governance of third parties: Pursue confirmation or attestations from all third parties confirming that they will not engage in bribery when doing business with your firm. You are within your right to perform risk assessments and include a right-to-audit clause in your contracts.
  • Consequences & incentives: Establish clear consequences in the event that employees violate the compliance policy. Adherence can also be positively incentivized—encourage employees to report possible violations and regularly communicate that FCPA compliance contributes to an overall culture of compliance.
  • Confidentiality: In the event that an employee does notice suspicious behavior, they should be guaranteed confidentiality once they blow the whistle. Protective whistleblowing measures against retaliation should be communicated as part of positive incentivization.
  • Assessment & testing: Perform regular anti-bribery assessments on new markets entered, mergers, and new business partnerships. Keep all parties informed of regulatory updates and your firm’s code of conduct regarding anti-bribery measures (and overall compliance). Administer regular testing and remediation for employees as well.


Manual, paper-based systems pose too much of a risk these days for global or cross-border enterprises. Not only are they time consuming, they are prone to human error—no matter how adept your compliance teams are. 

After comprehensive training and employee readiness, regulatory technology is your best safeguard against corruption or malfeasance, whether internal or external. The right compliance software should be able to do all of the following: 

  • Enforce preventive controls, such as tracking employee trading activities, monitoring gift and entertainment spending, and collecting  proper documentation or pre-approvals
  • Be able to provide audit records, providing regulators with documentation that your firm is doing everything possible to prevent and mitigate corruption and bribery.
  • Serve as a single source of truth throughout the company
  • Integrate seamlessly with your existing systems
  • Scale with your business 
  • Feature an intuitive user interface 

The Employee Conflicts of Interest solution from StarCompliance is a future-ready, configurable tool that can help your firm maintain comprehensive regulatory compliance, including with the FCPA. With features specifically designed to monitor political donations, gifts and entertainment, personal trading, and more, our solutions help you comply with confidence so your teams can deliver consistent and trustworthy business results.