1. Anti-Corruption Compliance: What the Doj Checks When It Investigates
When the DOJ investigates a company for corruption, it does not just look at what happened. It looks at whether the company had a real compliance program in place before it happened.
Prosecutors ask three questions. Did the company have a program that was actually designed around its real business risks? Did it follow that program in practice? And did the program catch or prevent problems? A company that can answer yes to all three questions is in a fundamentally different position than one that hands over a policy document that no one ever read.
The gap between a program that looks good on paper and one that actually works is where most enforcement penalties are made or lost. An attorney who handles ethics and compliance program reviews can identify that gap before prosecutors do.
The Three Areas Doj Prosecutors Focus on First
Risk assessment is the first area prosecutors examine. They want to know whether the company identified its actual corruption risks before designing its controls. A company that sells directly to private consumers in stable markets has different risks than one that wins government contracts through local agents in high-risk countries. A compliance program that treats both the same way raises immediate red flags for prosecutors.
Training is the second area. General annual training delivered to all employees the same way does not satisfy DOJ expectations. Employees in sales, finance, procurement, and government affairs face different risks and need training that addresses those specific situations. Prosecutors ask whether training was role-specific, how frequently it was delivered to high-risk employees, and whether there is documentation showing who completed it.
Internal reporting is the third area. A hotline that employees do not trust produces no reports. No reports do not mean no problems. Prosecutors treat a reporting system with unusually low usage as evidence that employees did not believe it was safe to come forward. Investigations, compliance, and ethics program assessments regularly surface this issue before it becomes a government finding.
| Doj Evaluation Area | What Prosecutors Look for | Common Gap | Fix |
|---|---|---|---|
| Risk assessment | Program designed around actual business risks | Generic program not tailored to operations | Conduct documented risk mapping by business line |
| Training | Role-specific, documented, frequent for high-risk staff | One-size-fits-all annual training | Segment training by job function and risk level |
| Internal reporting | Functional, trusted, non-retaliatory | Low usage suggesting fear of retaliation | Audit hotline effectiveness and confidentiality |
| Monitoring | Periodic testing of controls | Controls set up but never tested | Schedule and document regular control testing |
2. Anti-Corruption Compliance and M&A: Avoiding Inherited Liability
Buying a company means buying its compliance history. If the target paid bribes before the acquisition, the acquirer can face liability for those payments even if it had no knowledge of them at the time of closing.
The DOJ's position is straightforward. If adequate pre-acquisition due diligence would have uncovered the corruption, then failure to conduct that diligence is itself a compliance failure. Companies that skip corruption due diligence to close a deal faster sometimes find themselves disclosing violations to the DOJ within months of closing, paying fines that exceed the value of the acquisition, and installing a compliance monitor at the acquired business for the next three years.
This risk is highest in transactions involving targets with significant government relationships, operations in high-risk markets, or third-party agent networks that have never been audited. It is also highest when the deal timeline is compressed and due diligence is treated as a box to check rather than a genuine investigation.
What Pre-Acquisition Corruption Due Diligence Must Cover
Corruption due diligence in an M&A transaction goes beyond a standard legal review. It requires looking at how the target actually wins business, not just how it describes its business in marketing materials.
The core review areas are the target's government relationships and third-party agent network, its payment records for anything flowing to or through government-connected parties, the internal compliance program documentation and its actual implementation history, any prior government inquiries or internal investigations, and the quality of its books and records relative to FCPA accounting requirements.
Corporate due diligence at this level is not standard transactional due diligence. It requires people who know what corruption looks like in practice and can read payment records and agent agreements with that specific question in mind. Once the deal closes, the acquirer typically has 12 months to complete integration of the target's compliance program, and the DOJ expects documentation showing that integration happened on schedule.
Anti-corruption compliance problems discovered after a DOJ subpoena are ten times more expensive to resolve than problems discovered and fixed internally. Fines, monitors, and deferred prosecution agreements each last years. Contact our attorneys today for a confidential compliance program assessment before an investigation begins.
3. Anti-Corruption Compliance for Government Contractors: Extra Obligations
Companies that hold federal government contracts face anti-corruption compliance requirements that go beyond the FCPA. These requirements come from the Federal Acquisition Regulation and carry their own separate penalties.
The FAR requires contractors above the simplified acquisition threshold to maintain a written code of business ethics, run an ongoing compliance training program, and operate an internal control system designed to catch and report improper conduct. These are not aspirational standards. They are contract requirements. A contractor that certifies compliance with these requirements while not actually meeting them faces False Claims Act liability on top of any underlying corruption exposure.
The hardest part of this framework for most contractors is the mandatory disclosure obligation. FAR 52.203-13 requires contractors to disclose to the contracting officer when they have credible evidence of certain violations, including bribery and False Claims Act violations. That disclosure obligation has a timeline. Missing it turns a compliance issue into an additional violation. An attorney who handles government contracts compliance can assess whether your company's internal reporting structure is capturing the information needed to meet this obligation before the clock runs out.
What Happens When the Government Requires a Compliance Monitor
A compliance monitor is appointed by the DOJ or SEC as a condition of settling a corruption case. The company pays the monitor's fees. The monitor has the authority to review records, interview employees, test controls, and report findings directly to the government.
Monitorships typically last two to three years. The monitor's final report determines whether the company has satisfied the terms of its deferred prosecution agreement. A negative report can extend the monitorship or prompt the government to reinstate charges. For large companies, monitor fees can reach several million dollars per year on top of the original fine.
The companies that get through monitorships fastest are the ones that treat the monitor as a partner rather than an adversary, document every remediation step in real time, and demonstrate measurable improvement at each review cycle. The companies that struggle are the ones that implement changes on paper without changing actual employee behavior. An attorney who handles monitorships can advise on how to structure the remediation process, prepare employees for monitor interviews, and build the documentation record that supports early monitorship termination.
How Sanctions Compliance Fits into Anti-Corruption Program
Corruption risk and sanctions risk tend to cluster in the same geographic markets and involve the same third parties. A company that has strong anti-corruption controls but has not screened its counterparties against OFAC's sanctions lists has a gap that prosecutors notice.
OFAC sanctions prohibit transactions with designated individuals, entities, and countries. The list changes frequently. Screening at the time of onboarding is not enough. Counterparties must be rescreened whenever the relationship is renewed, whenever a payment is processed, and whenever OFAC publishes a significant list update. Many of the third-party agents and government-connected intermediaries that generate the highest corruption risk are also the ones most likely to appear on or have connections to sanctioned parties.
OFAC sanctions compliance and anti-corruption compliance share the same infrastructure: third-party due diligence, transaction monitoring, and a reporting structure that escalates red flags before they become violations. Running both programs through a unified framework is more efficient and produces fewer gaps than treating them as separate workstreams.
Government contract debarment, FCPA fines, and monitorship costs can each run into the tens of millions. Global anti-corruption standards are tightening across every major market. Contact our attorneys today before a compliance gap turns into an enforcement action that takes years to resolve.
4. Frequently Asked Questions about Anti-Corruption Compliance
Business owners, compliance officers, and executives building or updating anti-corruption programs ask the same practical questions about what is actually required and what happens if something goes wrong. The answers below address what matters most.
What Is Anti-Corruption Compliance and Why Does It Matter for My Business?
Anti-corruption compliance is the set of policies, controls, training, and monitoring a company puts in place to prevent and detect bribery and corruption in its operations. It matters because the DOJ and SEC evaluate a company's compliance program when deciding how large a fine to impose and whether to require a monitor. Companies with effective programs documented before a violation occurred consistently receive lower penalties and better resolution terms than companies without them.
How Is Anti-Corruption Compliance Different from Anti-Bribery Compliance?
Anti-bribery compliance focuses on preventing prohibited payments to government officials and private parties. Anti-corruption compliance is broader. It covers bribery prevention alongside internal controls, books-and-records accuracy, sanctions screening, government contractor disclosure obligations, and the governance structures needed to catch problems before they reach the government. A company subject to FCPA, FAR contractor requirements, and OFAC sanctions needs a program that addresses all three, not just the payment prohibition.
What Does the Doj Look for in a Corporate Compliance Program?
The DOJ asks three questions: Is the program designed around the company's actual risks? Is it being followed in practice? Does it actually work? Prosecutors review the risk assessment methodology, training completion records, internal reporting data, and control testing documentation. A program that cannot produce evidence of real implementation is treated the same as no program at all when the DOJ is deciding on fines and whether to require a monitor.
Do We Need Corruption Due Diligence before an Acquisition?
Yes, particularly for acquisitions involving targets with government relationships, operations in high-risk markets, or third-party agent networks. The DOJ has held acquiring companies liable for pre-acquisition violations that adequate due diligence would have uncovered. The scope of review should be proportional to the corruption risk profile of the target. Post-closing integration of the target's compliance program into the acquirer's framework is also required and should be completed within 12 months of closing.
What Is a Compliance Monitor and How Long Does It Last?
A compliance monitor is an independent expert appointed by the DOJ or SEC as a condition of resolving a corruption case through a deferred prosecution agreement. The monitor reviews the company's remediation efforts, tests controls, interviews employees, and reports findings directly to the government. Monitorships typically last two to three years. The company pays all monitor fees, which can reach several million dollars annually. Early termination is possible but requires demonstrating sustained, documented improvement across all remediation areas.
What Are the Penalties for Anti-Corruption Compliance Failures?
Corporate fines for FCPA violations can reach the greater of $2 million per violation or twice the gain from the conduct under the Alternative Fines Act. SEC civil penalties are assessed per violation without a statutory cap. Government contractors found in violation of FAR integrity requirements face suspension and debarment from federal contracting. All of these consequences can run simultaneously, and each is resolved on its own timeline by a different agency. An attorney who handles anti-corruption investigations can assess your company's total exposure across all three enforcement tracks.
26 May, 2026
