FCPA Compliance: Documentation Necessary


When under scrutiny for potential Foreign Corrupt Practices Act violations, how does a company prove that it was doing the right thing? The memories of your employees, along with their narratives of what happened will not be persuasive. Sure, interviewing them can uncover helpful information. But nothing is so compelling as documentation that supports the company’s position.

Your company must be able to document several things as it relates to possible FCPA violations:

  1. The existence of a compliance program, and details about what that program actually entails
  2. How the company evaluates employees, vendors, customers, and business partners that may pose FCPA-related risks.
  3. The details surrounding potential violations and actual violations (Receipts, agendas, business operations, background investigations…. all the types of things that show what the company did to ensure compliance and fully investigate any potential sources of problems.)
  4. The steps taken once a possible FCPA violation was discovered (Did the company investigate, what/how was the investigation done, what was uncovered, etc.)
  5. The remediation efforts of the company (Based on what was found about a violation or non-violation, did the company update its compliance policies and procedures accordingly? What action was taken against the employees and parties involved in a violation or potential violation?)

This sounds so “common sense” when you’re reading this article, but if you’ve ever dealt with companies and compliance issues, you realize how easy it is for things to fall through the cracks. All it takes is one person dropping the ball (and no one else following up on the issue) for a company to be left with a gaping hole in their compliance efforts, which doesn’t look good when the government initiates an investigation.

If a company doesn’t have documentation to support its efforts at complying with the FCPA, how will it prove that those efforts were sufficient? And make no mistake… the government requires companies to prove they’re are actively engaging in compliance activities. As William Athanas notes in his article Demonstrating “Systemic Success” in FCPA Compliance: Identifying and Maintaining Evidence to Respond to Government Investigations . . . Before They Begin:

Where the government assumes – or expects to find – the worst in a company, such as rampant corruption or reckless disregard for the law, corporations must step forward with solid contrary evidence calculated to dislodge the government from its view. Simply demonstrating that the corporation did not have a widespread business model built on bribe payments will not carry the day, however. Rather, corporations under scrutiny must offer tangible proof that they have acted with genuine commitment to conducting themselves within the parameters of the law, even when doing so resulted in significant financial harm or verifiable lost opportunities.

Athanas provides a lists of examples which demonstrate that a company has a good compliance program which works to stop prohibited behaviors and provides consequences for those found to engage in such behaviors.  He includes things like a company proactively detecting a potential FCPA violation before it occurs, and taking appropriate remedial measures, including disciplinary actions against involved parties.  Another good example is enhancing a compliance program after internal, voluntary testing uncovers weaknesses.

But at the end of the day, all of these actions are diminished if the company does not have adequate documentation of them.  And don’t think that simply having a piece of paper related to an event means the company has adequate documentation. The quality of the document itself will be scrutinized to see that it provides sufficient detail about the item it purports to represent.

As Aaron Murphy explains so well in his book Foreign Corrupt Practices Act: A Practical Resource for Managers and Executives, the more detail a document contains, the more persuasive it will be. Which is better evidence: A receipt with a one-line generic description, or a receipt with a line-by-line description of charges? Which provides better support for the true business purpose of a meeting: A one-line entry in someone’s calendar about the meeting, or a detailed agenda which includes the participants and the topics of discussion?

Clearly, more detail will help substantiate business activities and their propriety under the FCPA. Having an effective FCPA compliance program is not enough. The company must be able to prove that the program exists, what it entails, its past success in preventing FCPA violations, and evidence of enhancements to the compliance program based on continually evolving information. Documentation is necessary to prove all of these items.


Leave a Reply