Introduction

The Foreign Corrupt Practices Act of 1977 (FCPA) is one of the most powerful and frequently enforced anti-corruption statutes in the world. Enacted in the wake of a series of scandals in which hundreds of American companies were found to have paid bribes to foreign government officials to secure business, the FCPA imposes two distinct sets of obligations on companies subject to its reach. The anti-bribery provisions prohibit any “covered person” — which includes U.S. companies and citizens, foreign companies listed on U.S. stock exchanges, and any person or company acting while physically present in the United States — from paying, offering, or authorizing payments of anything of value to a foreign official for the purpose of obtaining or retaining business. The accounting provisions, applicable to companies whose securities are registered in the United States, require that those companies maintain books and records that accurately and fairly reflect their transactions and maintain a system of internal accounting controls sufficient to provide reasonable assurances that transactions are properly authorized and recorded.

The Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) share jurisdiction over FCPA enforcement, with DOJ handling criminal prosecutions and SEC pursuing civil enforcement against issuers. Over the past two decades, enforcement of the FCPA has intensified substantially. Penalties in significant cases regularly reach into the hundreds of millions of dollars, and in landmark matters have exceeded one billion dollars. Companies found to have violated the FCPA face criminal fines, disgorgement of profits, compliance monitorships, deferred prosecution agreements, and lasting reputational damage. Senior executives have faced prosecution and imprisonment.

Given the stakes, companies operating internationally — particularly those with operations, sales, or distribution relationships in higher-risk jurisdictions — have a compelling interest in engaging experienced FCPA counsel. The following discussion examines the principal ways in which FCPA lawyers can help companies manage their exposure, respond to problems when they arise, and build the institutional resilience necessary to operate with integrity across challenging markets.

1. Undertaking Internal Investigations

When a company receives credible allegations of potential FCPA violations — whether through a whistleblower complaint, an anonymous tip through a compliance hotline, the exercise of audit rights that reveals irregularities in a distributor’s accounts, or a government subpoena or inquiry — the company’s response in the days and weeks that follow will shape its legal exposure for years to come. An internal investigation conducted promptly, rigorously, and under the direction of outside counsel experienced in FCPA matters is a foundational tool for understanding what happened, assessing legal risk, and making informed decisions about next steps.

FCPA internal investigations serve several interrelated purposes. First, they allow the company to understand the full scope and nature of the conduct at issue before regulators do. A company that learns of potential violations from its own compliance infrastructure and investigates thoroughly is in a fundamentally different position than one that first learns of the problem from a government subpoena or a press inquiry. Second, a well-structured investigation conducted by outside counsel preserves the attorney-client privilege and work product protections that allow the company to investigate candidly, share findings with senior management and the board, and make litigation strategy decisions without exposing privileged communications to adverse parties. Third, an investigation conducted with appropriate independence — typically by outside counsel reporting to the audit committee or board rather than to management that may itself be implicated — provides credibility to the government that the company has taken the matter seriously.

FCPA counsel typically leads an investigation team that coordinates document preservation and collection, forensic accounting analysis, review of electronic communications and financial records, and witness interviews. The scope of the investigation must be calibrated carefully: an investigation that is too narrow risks missing relevant conduct and undermining the company’s credibility with enforcement authorities, while one that is unnecessarily expansive creates cost, distraction, and the risk that unrelated issues are surfaced in ways that complicate the privilege analysis. Experienced counsel help companies draw those lines intelligently, and adjust the scope as new facts develop.

One of the most consequential decisions that arises in the course of an FCPA internal investigation is whether to make a voluntary self-disclosure to the DOJ and SEC. The current DOJ FCPA Corporate Enforcement and Voluntary Self-Disclosure Policy provides significant incentives for companies that voluntarily disclose potential violations, fully cooperate, and undertake timely remediation, including the possibility of a declination (no prosecution) or a non-prosecution agreement in lieu of a criminal plea, and substantial reductions in penalty ranges. FCPA counsel help companies assess the disclosure decision, weighing the benefits of cooperation credit against the risks of prosecution, and guide companies through the disclosure process if they choose to make one.

2. Developing and Testing Compliance Programs

The existence of a genuine, well-designed, and properly implemented compliance program is not merely a defense to FCPA liability — it is the primary mechanism through which companies prevent violations from occurring in the first place. Both the DOJ and the SEC have emphasized that they evaluate the quality of a company’s compliance program both at the time of any alleged violation and at the time of resolution, and that a robust compliance program is a significant factor in determining whether and how to charge a company and in calibrating the penalty. The DOJ’s guidance document Evaluation of Corporate Compliance Programs, which is regularly updated, provides a detailed framework that prosecutors apply when assessing program adequacy. It is not a checkbox exercise; it demands evidence that the program actually works in practice.

FCPA counsel play a central role in designing compliance programs that are appropriate to a company’s particular risk profile. The starting point is always a risk assessment (discussed in greater detail below) that identifies the geographic markets, business lines, transaction types, and relationships that carry the greatest FCPA exposure. From that foundation, counsel help companies build the core elements of an effective program: clear written policies and procedures that employees understand and can actually follow; anti-corruption training tailored to the roles and risk levels of different employee populations; a confidential reporting mechanism through which employees can raise concerns without fear of retaliation; financial controls designed to prevent the creation of slush funds or the miscoding of payments; and clear protocols for approving transactions, retaining third parties, and making payments to government-adjacent entities.

Critically, FCPA counsel also help companies avoid the “paper program” failure mode that regulators and prosecutors regard with particular skepticism. A company that has an elaborate anti-corruption policy but no evidence that it is enforced, or that trains its employees annually but cannot demonstrate that training is tailored to actual risk areas, or that maintains a due diligence process for third parties that in practice rubber-stamps approvals, will receive little credit for its compliance program and may face harsher treatment in enforcement proceedings. Counsel help companies implement testing and auditing protocols that probe whether controls are actually functioning — for example, targeted audits of high-risk distributors, transaction reviews in markets where red flags have been identified, or tabletop exercises that test how employees respond to realistic scenarios involving government officials.

Compliance programs also require periodic review and updating. Markets change, business models evolve, and enforcement priorities shift. FCPA counsel help companies build the organizational discipline to conduct annual or biennial program reviews, incorporating feedback from the internal audit function, compliance reporting data, developments in government enforcement, and lessons learned from investigations at peer companies. A compliance program that was appropriate five years ago may be materially inadequate today.

3. Mitigating Risk in Business Partner Relationships

A significant proportion of FCPA enforcement actions involve payments made not by company employees directly, but by third-party intermediaries — sales agents, distributors, customs brokers, freight forwarders, consultants, local partners in joint ventures, and similar entities — acting on behalf of the company. The legal principle is straightforward: a company can be liable under the FCPA for corrupt payments made by a third party if it knew, or consciously disregarded or deliberately ignored facts indicating, that the third party would use the payments to bribe foreign officials. This “knew or should have known” standard means that willful blindness is not a defense, and that companies cannot simply insulate themselves from liability by routing payments through intermediaries.

FCPA counsel help companies build a disciplined framework for managing third-party risk across the full relationship lifecycle. Before engaging a new business partner, this means conducting risk-tiered due diligence commensurate with the nature of the relationship, the markets involved, and the specific risk indicators present. For a low-risk supplier in a developed market, a standard background check and representations in a vendor agreement may be sufficient. For a sales agent operating in a country with a high Corruption Perceptions Index score who will have regular contact with government procurement officials, a far more searching inquiry is warranted — including examination of ownership and beneficial interest, review of the agent’s reputation in the local market, financial analysis to assess whether the proposed commission structure is commercially reasonable, and direct conversations about the company’s compliance expectations.

Contractual protections are also an essential component of third-party risk management. FCPA counsel help companies negotiate and include robust anti-corruption representations, warranties, and covenants in their agreements with business partners — provisions that require the partner to comply with applicable anti-corruption laws, prohibit improper payments to government officials, require maintenance of accurate books and records, and grant the company audit rights that can be exercised if red flags arise. Termination rights for FCPA breaches should be clearly articulated and practically enforceable. While contractual provisions cannot by themselves prevent a violation, they establish expectations, create accountability, and, in the event of a problem, demonstrate to enforcement authorities that the company took the risk seriously.

Beyond onboarding, FCPA counsel assist companies in building ongoing monitoring systems for their most significant third-party relationships. This includes periodic recertification of anti-corruption representations, review of commission payments and expense reimbursements for anomalies, monitoring of public reporting about the partner’s activities, and integration of third-party risk into the internal audit cycle. When red flags emerge mid-relationship — an agent requests the ability to make payments on the company’s behalf that are difficult to document, or a distributor is implicated in a government investigation in its home country — counsel help companies evaluate those flags, conduct targeted inquiries, and make informed decisions about whether and how to continue the relationship.

4. Performing Transactional Due Diligence

Mergers, acquisitions, and joint venture transactions present a distinct and particularly consequential FCPA risk: successor liability. Under long-standing DOJ and SEC guidance, a successor company that acquires a target with undisclosed FCPA violations can inherit liability for those violations, even if they predated the transaction. The principle applies to both criminal and civil liability, and enforcement authorities have demonstrated a willingness to pursue it. At the same time, companies that conduct thorough pre-acquisition FCPA due diligence, voluntarily disclose violations identified during that process, and undertake remediation promptly following closing, are well-positioned to receive significant cooperation credit and, in many cases, avoid prosecution for pre-closing conduct.

FCPA due diligence in transactions is therefore a critical element of deal risk management. FCPA counsel begin by working with the transaction team to assess the risk profile of the target: What geographies does the target operate in? Does it have significant relationships with government customers, government-owned or partially owned entities, or regulated industries where approvals from government officials are required? Does it use a network of sales agents, distributors, or other third-party intermediaries in higher-risk markets? Has it been the subject of prior government investigations, adverse audit findings, or internal whistleblower complaints? The answers to these questions determine both the scope of the FCPA diligence and its urgency within the overall deal timetable.

Based on this risk profile, FCPA counsel develop targeted due diligence protocols that may include review of financial records and books of account for unusual payments, review of third-party contracts and payment records, examination of entertainment and hospitality expenses in markets with significant government interaction, interviews with key finance, compliance, and business development personnel, and forensic testing of transaction data. Where access to data rooms or personnel is limited in the pre-signing phase — as is often the case in competitive auction processes — counsel help clients prioritize the highest-risk areas for investigation and structure contractual protections, including representations and warranties, indemnities, and potentially FCPA-specific escrow arrangements, to address residual risk.

Post-closing integration is equally important. FCPA counsel help acquiring companies conduct a structured integration of the acquired business into their compliance program — rolling out anti-corruption policies and training, conducting a prompt post-closing review of the acquired entity’s third-party relationships, and implementing the acquirer’s financial controls. Where violations are discovered post-closing, counsel guide the company through the disclosure and remediation process in the manner most likely to maximize cooperation credit and limit broader liability.

5. Conducting Risk Assessments

The foundation of any effective FCPA compliance program — and of any rational allocation of compliance resources — is a well-constructed risk assessment. The DOJ has made clear in its Evaluation of Corporate Compliance Programs that it considers the existence, quality, and utilization of a risk assessment to be a key indicator of program seriousness. A compliance program that is not grounded in a genuine understanding of the company’s specific risk profile is unlikely to be effective, and enforcement authorities will probe for evidence that the program addresses the risks the company actually faces rather than generic risks derived from boilerplate policy templates.

FCPA risk assessments examine the company’s operations along multiple dimensions. Geographic risk is often the starting point: the Transparency International Corruption Perceptions Index, the Business Environment Risk Intelligence assessments, and other benchmarks provide a useful first-order view of which markets carry elevated corruption risk. But geography alone is insufficient. Industry and business-model risk must also be assessed: companies in industries with heavy government licensing or regulatory approval requirements (infrastructure, energy, telecommunications, pharmaceuticals, defense) face systematically higher risk than those selling consumer goods in competitive private-sector markets. The nature and structure of government interactions also matters: a company that sells directly to private-sector customers faces different risk than one that relies on intermediaries who interface with government procurement officials.

FCPA counsel bring both legal expertise and practical knowledge of how enforcement authorities evaluate risk to the risk assessment process. They help companies structure the assessment methodology — combining document review, interviews with business unit leaders, finance and accounting personnel, and regional compliance officers, with quantitative analysis of transaction flows and payment records — and ensure that findings are documented in a way that supports a defensible, privilege-protected record. Risk assessments should produce not just a risk map, but a prioritized set of recommendations for compliance program enhancements and resource allocation, with clear timelines and ownership. A risk assessment that sits on a shelf unused provides little protection; one that is actively incorporated into compliance planning demonstrates the kind of serious institutional commitment that enforcement authorities recognize and reward.

Risk assessments should be conducted at regular intervals and updated when material changes occur in the company’s business — entry into new geographic markets, launch of new product lines with significant government customer exposure, major acquisitions, or changes in regulatory environment. FCPA counsel can also help companies use risk assessments to engage senior management and the board productively on FCPA compliance, framing the risk in terms that resonate with business leaders and enabling informed decisions about risk appetite and compliance investment.

6. Defending Against Enforcement Actions in the United States

When a company becomes the subject of a formal FCPA investigation by the DOJ or SEC — whether initiated by a government-issued subpoena, a formal order of investigation, or notification of a parallel foreign proceeding — the defense of that investigation becomes one of the most consequential and resource-intensive legal engagements the company will undertake. The government’s investigative tools are formidable: grand jury subpoenas for documents and testimony, SEC formal orders of investigation with subpoena power, requests for mutual legal assistance through treaty partners in foreign jurisdictions, and the ability to seek cooperation from current and former employees, business partners, and counterparties around the world. Against that backdrop, experienced FCPA defense counsel are essential.

A central objective of FCPA defense counsel in the early stages of a government investigation is to develop a comprehensive understanding of the facts — often by conducting or extending an internal investigation — while simultaneously managing the company’s relationship with the enforcement authorities. The decision about whether and how to cooperate with the government is among the most significant strategic decisions the company will face. The DOJ’s current policies provide substantial cooperation credit to companies that voluntarily disclose violations, provide full and proactive cooperation, and undertake appropriate remediation — including the possibility of a declination, which means the government declines to bring charges. FCPA counsel help companies understand the framework, assess the available options, and execute a cooperation strategy, including making disclosure to prosecutors and agents, producing documents, making witnesses available, and providing factual briefings that assist the government’s investigation.

When a resolution is being negotiated, FCPA counsel advocate vigorously for the most favorable outcome available in light of the facts and the company’s cooperation. Possible resolutions range from a declination at one end of the spectrum to a guilty plea at the other, with deferred prosecution agreements (DPAs) and non-prosecution agreements (NPAs) representing the most common resolutions for corporate defendants in FCPA matters. The financial terms of a resolution — including the criminal fine, civil penalty, and disgorgement amount — are calculated under the U.S. Sentencing Guidelines and SEC disgorgement principles, and are subject to negotiation. Experienced counsel understand the inputs to those calculations, the arguments available to seek downward adjustments, and the precedents from prior resolutions that can inform the negotiation.

In some cases, companies that receive full cooperation credit and have voluntarily disclosed, remediated comprehensively, and implemented effective compliance programs will be required to retain an independent compliance monitor for a period of years following the resolution. The monitor reviews, tests, and reports on the company’s compliance program, with findings that are shared with enforcement authorities. FCPA defense counsel help companies navigate the monitorship process — including negotiating the scope and term of the monitorship, engaging constructively with the monitor’s review, and working to achieve early termination when warranted by the company’s compliance progress.

It is also important to note that FCPA investigations frequently involve parallel civil litigation risk: private plaintiffs, including company shareholders, have brought securities fraud class actions in connection with FCPA disclosures, and derivative litigation by shareholders alleging breach of fiduciary duty by directors and officers is not uncommon. FCPA defense counsel work closely with securities litigation counsel to coordinate defense strategy across parallel proceedings, manage privilege issues that arise at the intersection of the government investigation and private litigation, and ensure that positions taken in one forum do not create unnecessary risk in another.

Conclusion

The FCPA presents a complex, high-stakes legal landscape for companies operating in international markets. The statute’s broad reach, the vigor of U.S. enforcement, and the severity of the consequences that can follow a violation — criminal prosecution, nine-figure penalties, compliance monitorships, and reputational damage — make the engagement of experienced FCPA counsel not a luxury but a business necessity. Whether the goal is to build a proactive compliance infrastructure that prevents violations from occurring, to conduct a thorough internal investigation when concerns arise, to manage corruption risk in the complex webs of third-party relationships through which modern international business is conducted, to assess the FCPA dimensions of a transaction before it closes, or to defend the company’s interests in an enforcement action, FCPA lawyers bring specialized knowledge and practical experience that can make a material difference in outcomes.

Companies that invest in FCPA compliance and engage counsel proactively — rather than waiting until a problem forces their hand — are better positioned to compete with integrity in global markets, to respond effectively when problems do arise, and to demonstrate to enforcement authorities the kind of institutional seriousness that drives favorable resolutions. The guidance set out in this article reflects our firm’s experience advising companies across a wide range of industries and geographies on FCPA matters. We would be pleased to discuss how these considerations apply to your company’s particular circumstances.