How Should Companies Build Anti Bribery Compliance?

A corporation that lacks adequate anti-bribery compliance faces criminal prosecution under the FCPA and state laws, with penalties including fines up to twice the benefit obtained from the corrupt transaction, imprisonment of officers, and potential debarment from government contracts. Beyond criminal sanctions, the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) pursue civil enforcement actions that result in disgorgement of profits and mandatory compliance monitoring. In practice, these violations rarely map neatly onto a single enforcement track; a corporation may face parallel DOJ criminal investigation, SEC civil action, and state regulatory review simultaneously. Reputational harm often exceeds the financial penalty, as investors, customers, and business partners distance themselves from companies associated with corruption.

A well-designed compliance program demonstrates to regulators and courts that a corporation took reasonable steps to prevent misconduct, which can mitigate penalties and support a defense against liability. Effective programs include written policies prohibiting bribery, due diligence procedures for third-party agents and vendors, training for employees who interact with government officials or operate in high-risk jurisdictions, and internal audit and reporting mechanisms. Courts and enforcement agencies evaluate whether a compliance program was genuinely implemented or merely a paper exercise; a program that exists only in documents but receives no real resources or accountability will not shield a corporation from liability.

A comprehensive anti-bribery policy must define what constitutes a bribe, prohibited payments, and permissible business courtesies. The policy should cover direct payments to government officials, indirect payments through intermediaries, gifts and entertainment, travel and accommodation expenses, charitable contributions that may serve as disguised payments, and facilitation payments (which are illegal under the FCPA but permitted under some foreign laws, creating compliance tension). The policy must apply to all employees, contractors, consultants, and business partners acting on behalf of the corporation. Effective policies include specific examples relevant to the corporation's industry and geographic operations, clear escalation procedures for reporting suspected violations, and explicit consequences for non-compliance, including termination.

Corporations are liable for bribery committed by agents, distributors, consultants, and other third parties acting on their behalf, even if senior management did not authorize or know about the misconduct. Due diligence procedures must evaluate the background, reputation, and financial condition of third parties before engagement and periodically thereafter. High-risk indicators include lack of transparency regarding ownership or operations, unusually high compensation relative to services rendered, requests for cash payments or payments to offshore accounts, and prior involvement in corruption or sanctions violations. Many corporations now require representations and warranties from third parties that they will comply with anti-bribery laws and contractual provisions permitting audit and termination for violations.

New York Penal Law Section 200 criminalizes commercial bribery, which covers payments to private parties (not just government officials) to obtain business advantage. This statute creates liability separate from the FCPA and applies to corporations and individuals regardless of whether foreign officials or international commerce is involved. A corporation operating in New York or dealing with New York-based customers or suppliers must comply with both federal and state anti-bribery standards. State prosecutors in New York have shown willingness to prosecute commercial bribery as part of broader corruption investigations, and conviction can result in felony charges affecting corporate licensing, bonding, and contract eligibility.

Documentation is the primary evidence of a genuine compliance program. Corporations should maintain training records showing that employees completed anti-bribery instruction, including sign-off sheets and assessment results. Gift and entertainment logs should record the recipient, value, business purpose, and approver for any courtesy extended to government officials or business partners. Third-party due diligence files must contain background checks, representations and warranties, financial information, and periodic recertification. Internal audit reports, compliance committee meeting minutes, and investigation files regarding reported violations demonstrate that the corporation monitored and enforced its policies. When regulators investigate or when litigation arises, courts and prosecutors scrutinize whether documentation was created contemporaneously and maintained consistently, or whether it was assembled after-the-fact to defend against accusations. Contemporaneous, organized records are far more persuasive.

Corporations should conduct a comprehensive audit of their current compliance program against the FCPA Resource Guide and DOJ/SEC enforcement priorities to identify gaps. Evaluate whether training reaches all employees who interact with government officials, particularly in high-risk jurisdictions or industries. Formalize third-party due diligence procedures in writing and apply them consistently to all new agents and vendors before engagement. Establish a reporting mechanism that allows employees to raise concerns without fear of retaliation, and ensure that reported violations receive documented investigation and follow-up. Document the results of compliance reviews and maintain records of remedial actions taken, as these demonstrate to regulators that the corporation takes violations seriously. Finally, designate a compliance officer or committee with clear authority and resources to monitor implementation, and ensure that senior management and the board receive regular reporting on compliance metrics and investigations.