Answer ... Companies are generally not required to have an anti-corruption compliance programme under US laws or regulations. However, in determining both whether to initiate an investigation and how to charge a corporation, the US government will consider the corporation’s remedial actions, including any efforts to implement an effective corporate compliance programme (Department of Justice (DOJ) and Securities and Exchange Commission (SEC), “A Resource Guide to the US Foreign Corrupt Practices Act” at 53 (2012, updated 2015)). US issuers, by contrast, are required to implement internal controls designed to provide reasonable assurances that transactions are executed properly and not in violation of anti-bribery laws (15 USC § 78m(b)(2)(B)).

Answer ... The DOJ and SEC recognise that an effective corporate compliance programme must be tailored to each company’s own needs, risk and challenges, but should have the following elements:

• Senior and middle management should show a commitment to a ‘culture of compliance’ and clearly articulate a policy against corruption. Employees should be aware that any criminal conduct will not be tolerated.
• The company should have a written code of conduct and compliance policies and procedures.
• The company should have an autonomous and adequately resourced compliance function.
• One or more senior executives should be assigned to oversee the compliance programme and be provided with sufficient autonomy, authority and resources, including adequate funding and experienced personnel.
• The compliance programme should analyse the company’s risk and be tailored to those risks.
• The company should provide training on its compliance policies and offer continuing advice concerning those policies.
• The company should have clear disciplinary procedures for compliance violations and offer positive incentives to drive compliant behaviour.
• The company should engage in due diligence of third parties and monitor those relationships, including payments to third parties.
• The company should have a mechanism for confidential reporting of violations and a procedure for conducting internal investigations.
• The company should seek to continuously improve its compliance programme by periodically reviewing and testing its controls through audits (DOJ, FCPA Corporate Enforcement Policy, March 2019; DOJ and SEC, “A Resource Guide to the US Foreign Corrupt Practices Act” at 57–62 (2012, updated 2015)); DOJ, Evaluation of Corporate Compliance Programs, April 2019).

Answer ... The Foreign Corrupt Practices Act’s (FCPA) accounting provisions require issuers to make and keep accurate books and records, and to devise and maintain an adequate system of internal accounting controls. The books and records provision, in particular, requires issuers to “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the issuer” (15 USC § 13(b)(2)(A)). The term ‘reasonable detail’ is defined as the level of detail that would “satisfy prudent officials in the conduct of their own affairs” (15 USC § 78m(b)(7)). The accounting provisions also prohibit individuals and businesses from knowingly falsifying books and records or knowingly circumventing or failing to implement a system of internal controls. A common example of a books and records violation is the recording of a payment of a cash bribe in corporate records as a legitimate expense, such as a ‘consulting fee’ (DOJ and SEC, “A Resource Guide to the US Foreign Corrupt Practices Act” at 38 (2012, updated 2015)).

Answer ... There is no general requirement under US law that companies report financial irregularities or actual or potential anti-corruption violations. However, in both civil and criminal FCPA cases the government considers self-reporting when determining an appropriate punishment (DOJ and SEC, “A Resource Guide to the US Foreign Corrupt Practices Act” at 54 (2012, updated 2015)).

Answer ... A failure to implement an adequate anti-corruption programme is not a criminal violation in the United States. However, failure to establish an adequate books and records programme or adequate internal control provisions could constitute a regulatory violation (DOJ and SEC, “A Resource Guide to the US Foreign Corrupt Practices Act” at 38–39 (2012, updated 2015)).