Skip to content
Compliance Reference

An introduction to the Foreign Corrupt Practices Act (“FCPA”)

In the United States, the principal anti-bribery and corruption law—as it pertains specifically to improper attempts to influence foreign government officials—is the U.S. Foreign Corrupt Practices Act (“FCPA”), 15 U.S.C. §§ 78dd-1, et seq. Originally enacted in 1977, the FCPA has been used with increasing frequency in more recent years to prosecute organizational misconduct involving attempts to secure an improper business advantage through quid pro quo arrangements with foreign officials. Both the U.S. Department of Justice (“DOJ”) and the U.S. Securities and Exchange Commission (“SEC”) enforce the provisions of the FCPA.

Pursuant to the so-called “anti-bribery” provisions of the FCPA, it is illegal for any publicly traded company (“issuers”), their officers, directors, employees, agents, and stockholders, to pay, promise to pay, or authorize the payment of money or anything else of value to a foreign official to influence any act or decision, to secure any improper advantage, or obtain or retain business. The FCPA’s anti-bribery provisions also apply to “domestic concerns”—namely, any individual who is a citizen, national, or resident of the United States, or any entity other than a publicly traded company that is organized under the laws of the United States or its states, territories, possessions, or commonwealths or that has its principal place of business in the United States.[1]

From a jurisdictional perspective, the FCPA’s anti-bribery provisions apply to both conduct inside and outside the United States. Issuers and domestic concerns may also be prosecuted for using the mail or any other instrumentality of interstate commerce in furtherance of a corrupt payment. As the DOJ’s FCPA Resource Guide notes, even the most remote conduct such as placing a telephone call or sending an email, text message, or fax from, to or through the United States is sufficient to trigger the jurisdictional reach of the FCPA.[2] Moreover, the FCPA applies with equal force to individuals or entities who act on behalf of issuers or domestic concerns, including agents and other intermediaries commonly utilized by organizations to conceal illegal activity.

The “accounting” provisions of the FCPA consist of two (2) primary facets—namely, the “books and records” provisions and the “internal controls” provisions. Under the books and records provisions, issuers are required to make and keep books, records and accounts, which in “reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.”[3] Mischaracterization of any transactions in a company’s financial records to conceal illicit payments made to foreign officials are a direct violation of the books and records provision. In recent years, the books and records provision has been utilized with increasing frequency by federal prosecutors to hold culpable organizations criminally liable when a requisite element of an anti-bribery claim—typically, the absence of any connection to interstate commerce—is present.

Under the second component of the FCPA’s accounting provisions—namely, the “internal controls” requirement—issuers are obliged to “devise and maintain a system of internal accounting controls sufficient to provide [certain] reasonable assurances.”[4] Such assurances include requirements that all transactions (i) are executed in accordance with management’s general or specific authorization; (ii) are recorded as necessary to permit the preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and to maintain accountability for assets. The internal controls provisions further mandate that “access to [an issuer’s] assets is permitted only in accordance with management’s general or specific authorization”; and that the “recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.”

While the FCPA itself is silent as to specific controls covered issuers must adopt, the FCPA Resource Guide provides a useful framework for gauging the appropriateness of such controls. Among other things, the FCPA Resource Guide specifies that organizations should take into account their own “operational realities and risks attendant to the company’s business.” These include, but are not limited to, considerations about the nature of the company’s products and services; how those products and services are ultimately delivered; the nature of the company’s workforce; the degree of regulation faced by the organization; the extent of its government interaction; and the degree to which the company operates in regions presenting a higher-than-average corruption risk.[5]

Individuals face up to five (5) years' imprisonment for each violation of the anti-bribery provisions of the FCPA or up to twenty (20) years for certain willful violations.[6] Corporations and other business entities may be fined up to $2 million for each violation and individuals up to $100,000.[7] The maximum fine may be increased to $25 million for corporations and other business entities and $5 million for individuals in the case of certain willful violations.[8] All criminal fines—including those imposed under the FCPA—may be increased to twice the gain obtained by reason of the offense or twice the loss to any other person.[9] Both the DOJ and SEC may seek a court order enjoining individuals and organizations from further violations of the FCPA.[10]

A survey of recent FCPA violations

As a preliminary matter, it should be noted that the vast majority of all FCPA-related enforcement actions brought by the DOJ and or SEC involve the use of third parties—that is, an organization’s consultants, agents, service providers, distributors, resellers and other intermediaries that are commonly used to conceal misconduct and serve as a conduit for the provision of illicit payments to foreign officials. Often, this conduct occurs through the utilization of shell companies and sham “consulting” agreements that have no discernible benefit to the organization as a whole. A survey of recent enforcement actions publicized by the DOJ and SEC illustrate the potent pecuniary impact that an FCPA violation can cause.

In December 2022, the DOJ announced a resolution with ABB Ltd. (“ABB”), a Switzerland based company subject to the FCPA by virtue of being an issuer within the meaning of the FCPA’s bribery prohibitions. According to charging documents filed in the case, between roughly 2014 and 2017, ABB paid a high-ranking official affiliated with a state-owned energy company in South Africa to both retain and obtain engineering contracts for the maintenance of a specific power plant. Tellingly, ABB facilitated its bribery scheme by hiring subcontractors with close ties to the government official in question to deliver unspecified engineering services, even though none of the subcontractors were apparently qualified to perform the work they were assigned. The subcontractors in the ABB case were essentially used as a conduit to funnel payments directly to the government official. In exchange for payments of an unknown aggregate value, ABB benefitted by receiving preferential treatment from the government official in question, including access to confidential bid information and the payment of grossly inflated invoices. ABB was charged criminally by the DOJ and also held civilly liable by the SEC for its misconduct. To settle the criminal proceeding, ABB entered into a three-year Deferred Prosecution Agreement (“DPA”) and consented to the payment of a criminal penalty of $315 million, with a portion of that offset by the $75 million civil penalty it was obliged to pay to the SEC. In addition to the monetary settlement, ABB agreed to report annually on the status of upgrades to its FCPA compliance program during the effective term of the DPA.

Earlier, in September 2022, Oracle Corporation—a notorious repeat offender on the FCPA violator list—agreed to resolve both books and records and internal controls violations with the SEC in the context of an administrative proceeding. According to the cease-and-desist order issued in that case, Oracle subsidiaries in Turkey, India, and the United Arab Emirates entered into a variety of schemes that involved indirect resellers that would pass along improper benefits to foreign government officials. The essence of the scheme involved complicity on the part of Oracle employees who apparently authorized excess discounts to value-added distributors and resellers. These discounts were then “pooled” and operated as proverbial “slush funds” to lavish foreign officials with expensive travel and entertainment. Under a no-admission settlement with the SEC, Oracle ultimately agreed to pay a total penalty of approximately $23 million, of which $15 million consisted of a civil penalty, and $7.9 million consisted of disgorgement and prejudgment interest. Notably, Oracle was chided by the SEC in 2012 for substantially similar misconduct involving the operation of unmonitored customer slush funds in India.


  1. 15 U.S.C. § 78dd-2. ↩︎

  2. A Resource Guide to the United States Foreign Corrupt Practices Act (Second Edition), United States Department of Justice and the Securities and Exchange Commission, July 2020, p. 10 (hereinafter “FCPA Resource Guide”). ↩︎

  3. Section 13(b)(2)(A) of the Exchange Act, 15 U.S.C. § 78m(b)(2)(A). ↩︎

  4. Section 13(b)(2)(B) of the Exchange Act, 15 U.S.C. § 78m(b)(2)(B). ↩︎

  5. FCPA Resource Guide at 40-41. ↩︎

  6. 15 U.S.C. §§ 78dd-2(g), 78dd-3(e), and 78ff(a), (c). ↩︎

  7. 15 U.S.C. §§ 78dd-2(g), 78dd-3(e), and 78ff(c). ↩︎

  8. 15 U.S.C. § 78ff(a). ↩︎

  9. 18 U.S.C. §3571(d). ↩︎

  10. 15 U.S.C. §§ 78dd-2(d), 78dd-3(d), and 78u(d)(1). ↩︎