Foreign Corrupt Practices Act (FCPA): Definition and Use in Compliance

What is Foreign Corrupt Practices Act (FCPA)?

The Foreign Corrupt Practices Act is a 1977 U.S. federal law with two jobs: stop companies from bribing foreign officials, and force public companies to keep honest books. Both parts matter, and many compliance teams underweight the second one.

The anti-bribery provisions ban offering or giving anything of value to a foreign government official to win or keep business. The reach is wide. "Foreign official" includes employees of state-owned enterprises, so a sales rep entertaining a procurement manager at a government-owned hospital is squarely in scope. "Anything of value" isn't limited to cash. The SEC has pursued cases over paid internships handed to officials' children and over charitable donations that functioned as quid pro quo.

The accounting provisions apply to SEC issuers. They require accurate books and records and a working system of internal accounting controls. A company can violate these even where prosecutors never prove an actual bribe. If your records mislabel a payment or your controls let money flow without oversight, that alone is actionable.

Consider a U.S. manufacturer expanding into a high-risk market. It hires a local agent to "facilitate permits." The agent bills a vague $200,000 "consulting fee," then passes part of it to a customs official. The company recorded the payment as a legitimate expense. That's two violations: the bribe through an intermediary, and the false books-and-records entry. Knowing your counterparties, including the ultimate beneficial owner behind an agent, is the first line of defense.

How is Foreign Corrupt Practices Act (FCPA) used in practice?

In practice, an FCPA program lives at the intersection of third-party risk and payment controls. Few companies bribe officials directly. They do it through agents, distributors, and joint venture partners, so that's where the controls concentrate.

Onboarding a new vendor in a high-risk jurisdiction triggers enhanced due diligence: ownership verification, screening against sanctions lists, and adverse media screening for past corruption allegations. If a politically exposed person sits in the ownership chain, the file escalates for senior review before any contract is signed.

The payments side runs parallel. Finance applies approval thresholds for gifts, travel, and entertainment. Expense systems flag round-dollar payments to consultants, invoices lacking deliverables, and payments routed to a country different from where the vendor operates. These patterns overlap with transaction monitoring red flags, so many firms reuse the same detection logic.

Here's a concrete workflow. A regional sales team requests approval to pay a $50,000 "success fee" to a local intermediary after winning a government tender. Compliance checks the intermediary's beneficial ownership, confirms the contract predates the payment, verifies the deliverable, and documents the business rationale. The whole chain is logged. If a regulator asks two years later, that contemporaneous record is what separates a defensible decision from an indictment.

Self-reporting decisions also fall here. The DOJ's Corporate Enforcement Policy offers declination or reduced penalties for prompt voluntary disclosure and full cooperation.

Foreign Corrupt Practices Act (FCPA) in regulatory context

The FCPA doesn't operate alone. It sits inside a global anti-corruption framework that compliance teams have to track jurisdiction by jurisdiction.

The DOJ and SEC publish a joint FCPA Resource Guide, now in its second edition, which is the practical reference for how both agencies read the statute. It explains the "anything of value" standard, successor liability in mergers, and what the agencies expect from a compliance program. Read it before designing controls.

Internationally, the FCPA aligns with the OECD Anti-Bribery Convention, which 46 countries have signed. The UK Bribery Act 2010 goes further in places: it covers commercial bribery between private parties and creates a strict-liability corporate offense for failing to prevent bribery. A multinational often has to satisfy both. The toughest standard usually wins.

There's overlap with anti-money laundering rules too. Bribe proceeds get laundered, so corruption is a predicate offense under most AML regimes. The FATF treats corruption as a major money laundering threat, and its mutual evaluations assess how well countries pursue bribery proceeds.

Picture a bank processing wire transfers for a corporate client whose subsidiary is under FCPA investigation. The bank's AML team may need to file a suspicious activity report even though the underlying conduct is corruption, not classic laundering. The two regimes feed each other.

Common challenges and how to address them

The hardest FCPA problem is visibility into third parties. You can vet an agent at onboarding, then lose track of what they do with your money. Subagents, undisclosed partners, and changes in ownership all create blind spots after the contract is signed.

The fix is continuous monitoring, not point-in-time checks. Re-screen vendors on a schedule and on trigger events: a change in beneficial ownership, a negative news hit, entry into a new market. Tie payment approvals to the risk rating so a high-risk agent can't quietly move from a $5,000 relationship to a $500,000 one without re-review.

A second challenge is data fragmentation. Vendor records sit in procurement, payments in finance, and screening results in compliance. When these don't connect, a flagged agent in one system still gets paid through another. Entity resolution and a single golden record per counterparty close that gap, so a match against one identity propagates everywhere.

A third issue is documentation. Enforcement actions often turn on what a company knew and when. Without a complete audit trail, even a good-faith decision looks negligent in hindsight. Log the rationale, the approver, and the evidence reviewed for every high-risk payment.

Take a firm that acquired a competitor with operations in a high-bribery market. Post-close, it found the target had paid undisclosed agents for years. Strong pre-acquisition due diligence and a fast post-close integration audit are what limit successor liability here. The DOJ has repeatedly credited companies that uncovered and remediated such issues quickly.

Related terms and concepts

FCPA compliance pulls in a wide set of adjacent disciplines, and understanding the connections makes the controls coherent rather than a checklist.

On the customer and counterparty side, the FCPA program leans on the same foundations as AML onboarding: know your customer, know your business for corporate vendors, and customer due diligence as the baseline. High-risk relationships escalate to deeper review, while routine, low-risk vendors may sit in a lighter process.

Because corruption is a predicate offense for money laundering, FCPA risk connects directly to the broader fight against money laundering. Bribe payments often move through shell companies and nominee shareholders to obscure who's really being paid, the same techniques used in classic laundering schemes.

The detection toolkit overlaps too. The anomaly logic that powers transaction monitoring flags the round-dollar consultant payments and routing oddities that signal a possible bribe. Network analysis reveals hidden links between vendors and officials.

Governance ties it together. The three lines of defense model assigns ownership: the business owns the relationship, compliance sets the standard, and internal audit tests it. A strong control environment is what regulators look for when deciding whether to credit a program. For teams building this out, regulatory compliance automation connects the screening, payment, and audit pieces into one workflow.