Foreign Corrupt Practices Act (FCPA): Key Requirements & Compliance Strategies

The Foreign Corrupt Practices Act (FCPA) is a pivotal U.S. federal law enacted in 1977 to combat bribery of foreign officials and promote ethical business conduct in global commerce. The law prohibits U.S. individuals and businesses—and certain foreign issuers and individuals—from offering, paying, or authorizing anything of value to foreign officials to gain an improper business advantage. It also mandates accurate recordkeeping and internal controls for publicly traded companies. The statute is enforced primarily by the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC).

Who It Applies To

• U.S. companies and individuals, including officers, directors, employees, agents, and stockholders acting on their behalf
• Foreign companies and individuals who act within the U.S. or whose securities are traded on U.S. exchanges
• Public companies registered with the SEC and their subsidiaries or affiliates
• Third parties (consultants, agents, partners) acting on behalf of covered entities

The FCPA has broad extraterritorial reach, applying to conduct that occurs outside the United States when linked to U.S. persons, issuers, or acts committed within U.S. territory.

Key Requirements

• Anti-Bribery Provisions: Makes it unlawful to offer, pay, promise, or authorize the giving of money or anything of value to a foreign official, foreign political party, candidate, or any person knowing it will go to such parties—for the purpose of obtaining, retaining, or directing business.
  • “Knowing” includes conscious disregard and willful blindness.
  • “Foreign official” is broadly defined and can include employees of state-owned enterprises.
  • Includes direct and indirect payments (via intermediaries or agents).
• Accounting Provisions: Requires publicly traded companies to:
  • Keep accurate books and records reflecting all transactions and dispositions of assets.
  • Maintain a system of internal accounting controls to ensure all transactions are properly authorized and recorded.
  • Prohibits falsifying records or circumventing internal controls.
• Recordkeeping and Internal Controls: Applies not only to parent companies but also to overseas subsidiaries and affiliates whose finances are consolidated into the issuer’s financial statements.

Practical Impact

• Global Conduct: Multinationals must monitor all worldwide activities for FCPA risks, including joint ventures, agents, consultants, and mergers or acquisitions.
• Internal Controls: Public companies spend significant resources on anti-bribery training, due diligence, and internal audits to comply with FCPA mandates.
• Deals and Relationships: All transactions, contracts, gifts, travel, entertainment, and charitable contributions connected to foreign business must be reviewed for FCPA implications.
• Third-Party Risks: Companies are legally responsible for bribes offered or paid by intermediaries if they know or should have known of the corrupt practice.

Examples

• A U.S. firm’s marketing agent overseas offers a bribe to a customs officer to clear goods—a clear FCPA violation if the company authorized, directed, or was willfully blind to the action.
• A foreign subsidiary of a U.S. corporation makes a payment to win government contracts; the parent company is liable if it knew or should have known about the scheme.
• A company books bribe payments as “consulting fees” in its records, violating both anti-bribery and accounting provisions.

Compliance Checklist

• Develop and maintain a written FCPA compliance program, with board-level oversight and a dedicated compliance officer.
• Conduct due diligence on agents, consultants, business partners, and acquisition targets, especially in high-risk countries and industries.
• Provide regular employee training tailored to roles and exposure, and document attendance and learning outcomes.
• Review all contracts for anti-bribery clauses and audit rights.
• Monitor expense accounts, gifts, hospitality, travel, and charitable donations for FCPA compliance.
• Establish confidential reporting and whistleblower mechanisms, and promptly investigate all complaints.
• Conduct periodic internal and external audits of books, records, and controls.
• Update compliance strategies based on audit findings, changes in law, or emerging business risks.

Penalties for Non-Compliance

Category	Company Penalty	Individual Penalty
Criminal Fines	Up to $2 million per anti-bribery violation; up to $25 million for accounting violations	Up to $250,000 per violation (anti-bribery); up to $5 million (accounting); up to 20 years in prison
Civil Penalties	Up to $16,000 per anti-bribery violation; substantial fines for accounting violations	Up to $16,000 per violation; disgorgement; prohibition from serving as officer/director
Disgorgement	Required to return ill-gotten gains	Required if applicable
Additional	Debarment from government contracts, reputational damage	Loss of professional licenses, career impact

Courts may impose higher fines under the Alternative Fines Act, including up to twice the benefit gained or loss caused.

Recent Updates and Changes

• 2025 DOJ Enforcement Guidance: As of June 2025, the DOJ shifted toward more selective, risk-based FCPA enforcement, requiring senior approval for new investigations and concessions for companies that self-disclose, cooperate, and remediate issues.
• 2025 Executive Order Pause: Early 2025 saw a temporary pause in FCPA enforcement, intended to address concerns about overexpansive application. Guidelines now clarify a more strategic, national interest-driven approach, though FCPA remains actively enforced for egregious or impactful violations.
• Focus on Individual Accountability: The DOJ and SEC increasingly target individuals, not just companies, in enforcement actions.
• Technological Developments: Compliance programs must now address increased risks associated with digital payments, cryptocurrencies, and global supply chains.

Future Amendments and Regulatory Trends

• Enhanced DOJ and SEC guidance on the use of artificial intelligence and automated compliance tools.
• Greater global cooperation and data-sharing with foreign regulators to combat cross-border corruption.
• Evolving standards for disclosures and due diligence in emerging markets and digital assets, especially as enforcement further emphasizes company self-reporting and remediation.
• Continued scrutiny of third-party risk management and transparent recording of all international transactions.

Comparison Table: FCPA vs. International Anti-Corruption Standards

Feature	FCPA (U.S.)	International (UK Bribery Act, OECD, EU)
Prohibited Conduct	Bribery of foreign officials, record falsification	Broad (including commercial/private bribery)
Books & Records	Strict requirements for issuers	Varies, not always explicit
Facilitation Payments	Narrowly permitted	Generally prohibited (UK Bribery Act bans all)
Jurisdiction	Broad, covers U.S. and certain foreign actors	UK Bribery Act is even broader; OECD/EU wide
Self-Disclosure Mitigation	Enforcement leniency for self-reporting/cooperation	Also emphasized under OECD, UK, EU frameworks
Enforcement	DOJ and SEC	Serious Fraud Office (UK), OECD members, various

Although the FCPA is a global benchmark, other regimes sometimes impose broader bans (e.g., the UK Bribery Act’s private/commercial bribery prohibition).

Challenges for Companies

• Navigating high-risk markets with entrenched local corruption customs
• Conducting meaningful due diligence on partners, suppliers, and third parties in opaque jurisdictions
• Maintaining compliance during rapid expansion, mergers, and foreign investments
• Ensuring robust, up-to-date employee training and reporting mechanisms worldwide
• Balancing U.S. law with sometimes conflicting local customs or requirements

Looking Ahead

The FCPA continues to be a driving force behind global anti-bribery and corruption compliance. As enforcement adapts to new risks and economic realities, companies must maintain comprehensive compliance systems, adapt to evolving regulatory expectations, and foster ethical corporate cultures wherever they operate. With U.S. and global regulators increasingly collaborating, the cost of non-compliance continues to rise—in both financial and reputational terms.

Useful Resources

• DOJ FCPA Resource Center
• SEC FCPA Resource Page
• International Trade Administration FCPA Guidance
• CFPB Bribery and Corruption Compliance
• NMLS, OECD Anti-Bribery Resources
• FCPA Compliance Checklist

FAQs

Q: Who enforces the FCPA and what conduct is prohibited?
A: The DOJ and SEC jointly enforce the FCPA, which prohibits offering or paying anything of value to foreign officials to obtain business, and mandates accurate recordkeeping and internal controls.

Q: Does the FCPA cover only U.S. companies?
A: No—foreign firms, subsidiaries, and individuals can be prosecuted for acts closely connected to the U.S. (e.g., payments through U.S. banks or securities markets).

Q: What counts as a “foreign official?”
A: Employees or agents of foreign governments—including state-owned businesses, agencies, or even international organizations—can all be considered foreign officials.

Q: Are facilitation payments or “grease payments” allowed?
A: The FCPA contains a narrow exception for facilitation payments, but many companies ban them, and other countries (e.g., UK) outlaw them entirely.

Q: What are the biggest FCPA compliance risks?
A: Third-party agents, M&A in high-risk jurisdictions, gifts, entertainment, and travel for foreign officials are common sources of violations.