Compliance with the Foreign Corrupt Practices Act in the Post-Sarbanes-Oxley World


Every company with operations or sales overseas should carefully consider whether it has effective policies and procedures in place that adequately manage the company’s risks under the Foreign Corrupt Practices Act (“FCPA”).  Recently, The Wall Street Journal reported that Enron Corp. is the target of a new U.S. Department of Justice criminal investigation involving allegations of FCPA violations.  The allegations concern Enron’s pipeline, power and water-privatization projects in several foreign countries.  Given the intense scrutiny federal regulators are placing on corporate conduct following passage of the Sarbanes-Oxley Act -- which places additional burdens on corporate officials to ensure that accounts and financial statements accurately reflect the financial condition of their companies -- Enron may not be the only company that finds itself the subject of a criminal FCPA investigation.

The FCPA has been law since 1977.  While most business executives are aware of the FCPA’s basic objectives, fewer do an adequate job of protecting their companies and their employees from potentially disastrous consequences -- stiff fines and prison sentences -- that could result from a failure to comply.

Complying with the FCPA

Companies must proactively protect themselves against FCPA violations.  The “Federal Sentencing Guidelines for Organizations,” issued by the U.S. Sentencing Commission and applicable to criminal violations of all federal statutes such as the FCPA, require federal courts handing down criminal sanctions to take into account the existence or absence of effective corporate compliance programs.  The presence of an effective compliance program can significantly reduce a corporation’s sentence, in some cases by as much as 95%, while the absence of such a program can increase the sentence.

In the Caremark case, the Delaware Chancery Court held that the failure to have an adequate corporate information and reporting system in place could constitute a breach of fiduciary duty by the company’s board of directors.  Among other things, this could leave directors liable for losses incurred by companies for non-compliance with applicable law.  In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del Ch. 1996).

What We Recommend

In order to meet the challenge of the Sarbanes-Oxley Act and the standards of the Federal Sentencing Guidelines for Organizations, we recommend that companies take a number of actions with respect to the FCPA:

  • Adopt a Corporate Policy.  The company should adopt a written corporate policy on FCPA compliance and distribute the policy to all employees, including those located in overseas offices.  The FCPA policy should be carefully crafted to reflect the actual business and operations of the company (and not merely duplicated from another company’s policy or standards).  The FCPA policy, as well as implementing procedures, should be updated regularly to reflect new developments in the United States, the widespread adoption of the OECD Convention on Combating Bribery, and rapidly evolving changes in anti-bribery laws around the world, especially in Europe.
  • Adopt Comprehensive Implementing Procedures.  The company should implement its FCPA policy by putting in place comprehensive monitoring and reporting procedures.  Possibilities include establishment of an executive-level FCPA Review Committee to manage and review FCPA issues as they arise, designation of an FCPA Compliance Officer or Ombudsman to whom FCPA referrals may be made by employees on a confidential basis, development of screening methods and checklists to identify when FCPA issues may occur during normal business operations, development of questionnaires for use internally and with third-parties, and development of appropriate contract language for inclusion in all agreements that may give rise to FCPA concerns.  These procedures should be carefully crafted to reflect the company’s business and operations.  Failure to do so may not only deprive the company of the legal benefits of having an effective compliance program, such failure can also stifle and disrupt normal business operations.
  • Communicate With and Train Employees.  As important as it is to have an appropriate FCPA policy and procedures, it is equally important that they be communicated effectively to employees.  The language used in the materials must be clear and understandable to employees at all levels of the organization.  Affected employees should also receive adequate training regarding the FCPA policy and procedures.  Each employee with substantive responsibilities that relate to overseas operations or sales should be required to attend periodic training sessions, incorporating practical guidance on how to deal with situations that may arise in the course of the employee’s work.  Such training is best conducted in person by a company’s compliance officer or legal counsel so that issues particular to a group of employees can be addressed.  The company should keep a detailed record of the employees who attend these training sessions.
  • Act Swiftly if FCPA Violations Occur.  In the event allegations of FCPA violations are received, the company should take swift action to investigate.  In the event actual violations have occurred, the company should have in place standard disciplinary procedures that apply to all employees who violate the FCPA policy.  Prompt action must be taken with respect to actual abuses in an effort to avoid repeated occurrences.  The company should also assess whether or not its policy and procedures need to be modified and its internal enforcement strengthened.  In appropriate cases, the company should consider voluntary disclosure of apparent FCPA violations to the federal government in order to mitigate its exposure to enforcement action.
  • Review FCPA Matters Regularly.  The company’s FCPA Review Committee or Compliance Officer should report, on a regular basis, to the company’s board of directors any policy violations, enforcement measures and disciplinary actions.  The board of directors should periodically evaluate the effectiveness of the FCPA policy and procedures.


All companies that engage in international commerce, large and small, should develop and implement an FCPA compliance policy and training program so that employees, whether based in the U.S. or abroad, are aware of conduct that could create liability for themselves or their company.  Indeed, companies seriously should consider making an FCPA compliance policy part of a broader compliance program, encompassing standards and procedures on compliance with U.S. trade and investment embargoes, export controls and anti-boycott laws.  Having an effective and comprehensive corporate compliance policy in place will demonstrate to employees and, if necessary, U.S. federal regulators and law enforcement officials, that the company considers compliance an important corporate goal.  If done properly, a comprehensive compliance program can become a valuable corporate asset that enhances company operations, facilitates compliance with law and mitigates damage when and if violations take place. 

Further Information

Our Firm’s International Trade and Dispute Resolution Practice Group and Project Finance Practice Group have significant experience in developing and implementing compliance programs covering FCPA, economic sanctions, export controls and customs issues.  We regularly provide transactional and regulatory advice in these areas and, where appropriate, represent clients in civil and criminal enforcement cases.

If you would like to learn more about compliance programs for the FCPA or other international trade or investment obligations, please contact your regular Haynes and Boone attorney or any of the attorneys listed above.

Email Disclaimer