Does your anti-corruption program meet global standards?

When the Foreign Corrupt Practices Act (FCPA) was enacted in 1977, the US became the first country to criminalize the bribery of foreign government officials. The FCPA’s purpose was to ensure that US-based companies won business on merits, not by using bribery and corruption of foreign officials. After its enactment, however, the FCPA became a catalyst, driving a growing international recognition that bribery was not a victimless crime. As a March 2023 World Bank brief, “Combatting Corruption,” noted: “corruption has a disproportionate impact on the poor and most vulnerable, increasing costs and reducing access to services, including health, education, and justice.”   

Evolution of worldwide anti-bribery enforcement 

After the FCPA took effect, international efforts to combat corruption got underway. The OECD Anti-Bribery Conventionentered into force in 1999, and the UN Convention Against Corruption was adopted by the General Assembly in 2003 after more than 20 years of negotiation. Over 50 countries have adopted specific laws criminalizing the receipt and payment of bribes.  

This multiplicity of conventions and laws may not sound like a global standard for anti-corruption efforts. But in area of enforcement, the FCPA has shifted from its original, US focus into a worldwide enforcement means for combatting corruption, augmented by active judicial cooperation in other jurisdictions. The facts tell the story: 

1) Non-US companies account for 9 out of the 10 largest fines paid to settle Foreign Corrupt Practices Act cases brought by the US Department of Justice since the statute was enacted in 1977: 

  • 2022 – Glencore plc (Switzerland) $700 million 
  • 2021 – Deutsche Bank AG (Germany) $122.9 million 
  • 2020 – Goldman Sachs Group, Inc. (United States) $3.3 billion 
  • 2019 – Telefonaktiebolaget LM Ericsson (Sweden) $1.06 billion 
  • 2018 – Petróleo Brasileiro S.A. – Petrobras (Brazil) $1.78 billion 
  • 2017 – Telia Company AB (Sweden) $1.01 billion 
  • 2016 – VimpelCom Limited (Netherlands) $795 million 
  • 2015 – BHP Billiton (Australia) $25 million 
  • 2014 – Alstom S.A. (France) $772 million 
  • 2013 – Total S.A. (France) $398 million 

2) Over the last 10 years, 47% of all US FCPA prosecutions involved non-US companies. 

3) The trend continues. In the first six months of 2023, 5 out of the 7 FCPA prosecutions concluded by the US Department of Justice and Securities and Exchange Commission involved non-US companies. 

Why has the FCPA taken on the role of global anti-bribery policeman? In the mid-2000s, there was an increased willingness of many countries’ enforcement agencies to cooperate after the 9/11 terrorist attacks, particularly under the OECD Anti-Bribery Convention. US regulators had the resources and willingness to bring enforcement actions. As a result, prosecution of non-US companies increased significantly.  

For example, the 2008 US FCPA prosecution of Siemens Corporation that resulted in a $1.8 billion fine was instigated by German prosecutors and involved cooperation across multiple jurisdictions. Moreover, US enforcement agencies make use of the extraterritorial provisions of the FCPA to exert jurisdiction on the basis of actions as slight as registering American Depository Receipts, sending incriminating emails, or making a transfer to a US bank account.   

Worldwide anti-corruption compliance is starting to respond to the risk posed by global enforcement, particularly in Europe. In May 2023, the European Commission proposed a new directive, which, if implemented, would require EU member states to meet common standards in their anti-corruption legislation. The directive mandates that effective “internal controls, ethics awareness, and compliance programmes” aimed at preventing corruption will be considered a mitigating factor where an offense has been committed by a corporation. This approach mirrors that of the Department of Justice, which places similar emphasis on the role of effective ethics and compliance programs in preventing and mitigating the effects of misconduct.   

This convergence of regulatory expectations means that ethics and compliance programs will increasingly be held to the same standards of effectiveness by regulators around the world. The sheer impact of massive FCPA fines alone and their prevalence among non-US companies underpins the need for programs to evolve to meet those standards whether they are US, EU, or otherwise. 

“High-water mark” ethics and compliance programs 

LRN conducts yearly research on program effectiveness that confirms the evolution of a global standard of compliance. Over the past several years, that research has documented a clear convergence of ethics and compliance best practices across countries and regions. There is general agreement on the necessary components of an E&C program—including company policies, code of conduct, training, audit, tone at the top, and other essential elements. Although there are a few regional differences in how these foundational elements are implemented, there are no alternate models of what an ethics and compliance program generally looks like, or what it is designed to do.   

For multinational companies, the practical challenges of identifying which legislation may apply, where and when and what enforcement agencies may become involved in the event of a violation, means that companies should adopt a “high-water mark” approach. In practice, this means ensuring compliance with the most stringent aspects of laws implementing the new directive, the FCPA, and other applicable laws and associated guidance.   

The key takeaway

Companies with multinational operations should consider the extensive guidance issued by US authorities such as the Department of Justice Evaluation of Corporate Compliance Programs in relation to compliance programs. For example, European organizations subject to the new directive when it takes effect should consider putting in place policies and procedures to protect against improper payments made by “associated persons” (for example, agents, service providers, or intermediaries). While these might not be caught by the directive, they may be considered an offence under US and other applicable laws. Given the global nature of anti-bribery enforcement, the risk of massive fines, and prosecution in multiple jurisdictions, that would be a prudent approach.