HSE University Anti-Corruption Portal
U.S. Issues Updated Guide to FCPA
Natalia Gorbacheva

The U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC) have announced the publication of the second edition of A Resource Guide to the U.S. Foreign Corrupt Practices Act.



The first edition of the document was published in November 2012: the 120-page Guide covered a wide range of topics regarding the content, interpretation and peculiarities of enforcement of the FCPA. It was designed to raise awareness of entities about the said law and the policy of law enforcement bodies in the proceedings concerning the FCPA.

The updated version, like the previous one, has eight key sections:

  • the FCPA: anti-bribery provisions;
  • the FCPA: books and records and internal accounting controls provisions;
  • other related U.S. laws;
  • guiding principles of enforcement;
  • FCPA penalties, sanctions, and remedies;
  • resolutions;
  • whistleblower provisions and protections;
  • DOJ opinion procedure.

At the same time, the content of these sections was updated to some extent.

Foreign official

The updated Guide clarifies the provisions regarding the definition of types of instrumentalities whose officer or employee is considered a “foreign official”.

In particular, the ruling of the court in the 2014 United States v. Esquenazi case defines an “instrumentality” as “an entity controlled by the government of a foreign country that performs a function the controlling government treats as its own”. The respective ruling of the court also provided the following non-exhaustive list of factors to determine whether the government “controls” an entity:

  • the foreign government’s formal designation of that entity;
  • whether the government has a majority interest in the entity;
  • the government’s ability to hire and fire the entity’s principals;
  • the extent to which the entity’s profits, if any, go directly into the governmental fiscal accounts, and, by the same token, the extent to which the government funds the entity if it fails to break even;
  • the length of time these indicia have existed.

Besides that, the court listed the following non-exhaustive factors to determine whether the entity performs a function that the government treats as its own:

  • whether the entity has a monopoly over the function it exists to carry out;
  • whether the government subsidizes the costs associated with the entity providing services;
  • whether the entity provides services to the public at large in the foreign country;
  • whether the public and the government of that foreign country generally perceive the entity to be performing a governmental function.

Conspiracy, aiding and abetting

The second edition of the Guide could not disregard the high-profile United States v. Hoskins case. In the case a UK citizen and employee of the French company who had never been to the United States and therefore did not meet the FCPA territoriality requirement, was nevertheless charged by DOJ with conspiring to violate the FCPA. In March 2020, the court held that individuals not directly covered by the FCPA could not be found guilty of conspiring with individuals affected by the FCPA provisions to violate, or aiding and abetting them in violating the FCPA.

However, as some experts have already highlighted (see, for example, Shearman & Sterling or Covington & Burling) this ruling is only a temporary derogation from the policy of applying an aggressive jurisdictional theory by DOJ. This is also evidenced by the content of the updated version of the Guide, which stresses that at least one district court (the reference is to the United States v. Firtash case) had already rejected the reasoning in the Hoskins decision, concluding that the defendants could be criminally liable for conspiracy to violate the FCPA, and aiding and abetting a violation, even though they did not belong “to the class of individuals capable of committing a substantive FCPA violation”.

In addition, as stated in the Guide, the accounting provisions, unlike the provisions concerning bribery, apply to “any individual”, which means that the rationale behind the Hoskins decision with respect to conspiracy, aiding and abetting, is not applicable if it regards the violation of books and records/internal controls provisions.

Affirmative defense

The FCPA provides for a number of affirmative defenses:

  • facilitating payments,
  • “reasonable and bona fide” expenses,
  • payments to foreign officials which are lawful under the written laws of the the respective countries.

DOJ and SEC reiterate that the third of the above defenses is hardly applied, as “the written laws and regulations of countries rarely, if ever, permit corrupt payments”. In support of it the Guide cites the example of the United States v. Ng Lap Seng case. The defendant was accused of having bribed UN officials and requested the court to instruct the jury with respect to the local law affirmative defense, as some jurors examining the case concluded that the payments at issue were not unlawful under the written laws and regulations of Antigua and the Dominican Republic. The court, however, denied the defendant’s request, finding that the proposed instruction was inconsistent with the plain meaning of the language of the written laws and regulations concerning affirmative defense: domestic legal acts should explicitly stipulate that such payments are licit rather than not list them among illicit ones.

Internal controls

The updated edition clarifies to some extent the provisions of the FCPA regarding internal controls violations.

At present, law enforcement agencies (above all, SEC) quite often employ the strategy according to which an entity is charged only with the violation of books and records and internal controls provisions, without being directly accused of bribery. In doing so, law enforcement bodies proceed from the assumption that the design of internal controls must take into account the operational realities and risks attendant to the company’s business and cover specific areas of its activities (for example, procurement, interaction with counterparts and recruitment).

Legislation, however, does not have these provisions: § 78m(b)(2)(B), Section 15 of the U.S. Code requires issuers to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that: 1) transactions are executed in accordance with management’s authorization, 2) transactions are recorded as necessary, 3) access to assets is permitted only in accordance with management’s authorization, 4) the recorded accountability for assets is periodically compared with the existing assets and appropriate action is taken with respect to any differences. Therefore, law enforcement agencies use overextensive and legally unfounded interpretation of the cases of internal controls violations.

The new Guide highlights that legislation does not regulate which internal controls provisions should be adopted by companies: they have the right to independently choose the mechanisms in accordance with their needs and other circumstances. As a result, for charges relating to internal controls violations to be brought it is necessary to provide evidence that the company and its officials acted “knowingly and willfully”. These provisions seem to indicate a certain restriction of the broad interpretation of the norms concerning internal controls violations.

However, the second edition of the Guide still contains the suggestion that the internal controls mechanisms must take into account specific risks that a company faces. Therefore, as some experts note, in the absence of clear indications specifying which internal controls provisions should be adopted, law enforcement agencies will continue to employ their extensive interpretation.


The second edition of the Guide was supplemented with provisions regarding corporate FCPA resolutions (DOJ FCPA Corporate Enforcement Policy, CEP).

The CEP was first introduced in 2016 as a pilot programme. It subsequently acquired permanent character and was included in the Justice Manual (section 9-47.120). The CEP stipulates that there will be a presumption that DOJ will decline prosecution of a company under certain conditions and absent aggravating circumstances. Otherwise, the amount of sanctions will be reduced in the event that the company only partly complies with the set conditions. The latter provide that: 

  • the company voluntarily self-discloses misconduct;
  • it fully cooperates; and
  • timely and appropriately remediates.

The CEP and the updated Guide provide certain examples of aggravating circumstances, including but not limited to criminal recidivism (i.e. a situation where a company has already been prosecuted for FCPA violations), involvement of executive management of the company in the misconduct, a significant profit to the company from the misconduct, and pervasiveness of the misconduct within the company.

As noted in the Guide, even where aggravating circumstances exist, DOJ may still decline prosecution. It is also highlighted that there is a high probability of a declination in the event that a company which undertakes a merger or acquisition uncovers misconduct by the merged or acquired entity and voluntarily self-discloses the misconduct. In this case, the company may count on a declination even if there are aggravating circumstances with respect to the merged or acquired entity.

The list of declinations is published in a dedicated section of the DOJ’s website. The Guide gives several anonymous examples of such cases. For instance, the first to be mentioned is the case of a company based in the United Kingdom that manufactures and sells equipment used to detect seismic events (although the Guide does not provide the company name, this example quite obviously regards the inquiry into Guralp Systems). The company had made payments amounting to nearly 1 million USD to the officials of a Korean government-funded research centre to conclude supply contracts with the latter. The company received a declination for having voluntarily self-disclosed the detected misconduct, fully cooperated with the investigation and appropriately remediated. In addition, the company was the subject of a parallel investigation in the United Kingdom. The director of the research centre, engaged in the illicit activities, was convicted by the U.S. authorities and subsequently sentenced to 14 months in prison.


The updated Guide is supplemented with the provisions regarding the use of such sanctions as forfeiture and disgorgement, as well as coordinated resolutions and anti-piling on policy by law enforcement bodies.

DOJ and SEC resort to forfeiture and disgorgement along with criminal and civil penalties. As indicated in the Guide, while the purpose of a penalty or a fine is to “punish and deter misconduct”, the purpose of forfeiture and disgorgement as “equitable relief”, is primarily to “return” the perpetrator to the same position before the crime, ensuring that the perpetrator does not profit from the misconduct.

It should be noted that for a long time there had been expert debates on whether disgorgement could be considered a sanction. The ambiguity of the situation was also due to the fact that SEC, resorting to it in most inquiries, perceived it more as a form of sanctions, while not applying the statute of limitations for the “punitive” sanctions to disgorgement, as it was not formally considered a penalty.

However, the 2017 Kokech v. SEC ruling put an end to those debates: the court concluded that disgorgement (i) is aimed at repairing the damage inflicted by a crime against the public rather than an individual, and (ii) is applied with the purpose to punish and deter rather than to compensate, which therefore fulfils the criteria of a “punitive” measure. Furthermore, the court ruled that since disgorgement is a “sanction”, the possibility to impose it depends on the statutes of limitations just as much as for other sanctions. Therefore, this measure cannot be applied if the information about the crime was received over five years ago.

The new edition of the Guide also specifies that in accordance with § 3301, Section 18 of the U.S. Code for violations of the FCPA accounting provisions there is a limitations period of six years. The previous version, however, did not contain this clause: as in the case of anti-bribery provisions it recommended that general five-year limitations period apply for violations of the accounting provisions in criminal matters (§ 3282, Section 18 of the U.S. Code).

The Guide mentions another recent inquiry regarding the use of disgorgement. In Liu v. SEC the defendants made an appeal, claiming that Congress had never granted powers to make disgorgement orders to SEC. In spite of the fact that the court did not support the appellants’ position, it held that disgorgement was permissible equitable relief when it did not exceed a wrongdoer’s net profits and was awarded for victims.

The Guide also contains provisions concerning the approach adopted by DOJ and SEC to avoid imposing “duplicative” penalties for the same conduct. In particular, when crediting penalties, the two authorities take into account both their parallel investigations (for example, DOJ may take into consideration the sanctions imposed by SEC in the framework of civil proceedings when determining the amount of sanctions within criminal proceedings against the same offences) and inquiries conducted by other countries (similarly, DOJ may deduct from the total amount of fine it imposes the sanctions paid to the authorities of another country for the same corrupt practices).


The updated Guide contains provisions reflecting DOJ’s current policies on selecting independent monitors, in particular those of Benczkowski Memo, 2018 and of Morford Memo, 2008.

Under these provisions, the following considerations should guide prosecutors when assessing the need and propriety of a monitor: (1) the potential benefits that employing a monitor may have for the corporation and the public and (2) the cost of a monitor and its impact on the operations of a corporation. In evaluating the monitorship “potential benefits”, prosecutors should consider: (a) whether the underlying misconduct involved the manipulation of corporate books and records or the exploitation of an inadequate compliance programme or internal control systems; (b) whether the misconduct at issue was pervasive across the business organisation or approved or facilitated by senior management; (c) whether the corporation has made significant investments in, and improvements to, its corporate compliance programme and internal control systems; and (d) whether remedial improvements to the compliance programme and internal controls have been tested to demonstrate that they would prevent or detect similar misconduct in the future. It is highlighted that where a corporation’s compliance programme and controls are demonstrated to be effective, a monitor will likely not be necessary.

Compliance programmes

The Guide specifies some elements of the assessment of corporate compliance programmes.

In particular, the fact that a company has an appropriate compliance programme can be taken into account when:

  1. the decision on corporate resolution is being made, e.g. whether the NPA/DPA is appropriate;
  2. the amount of a penalty is being determined;
  3. the decision on an independent monitor is being taken.

U.S. legislation does not provide for any strict requirements for the measures to be included in an effective compliance programme. As noted in the Guide, law enforcement bodies normally employ common sense to evaluating compliance programmes, making inquiries related to three basic questions (it is noteworthy that the listed questions correspond to those provided in DOJ’s manual on Evaluation of Corporate Compliance Programs):

  1. Is the company’s compliance program well designed?
  2. Is it being applied in good faith?
  3. Does it work in practice?

Both the first and the second editions of the Guide contain some of the basic elements law enforcement bodies consider when evaluating compliance programmes. They are based on the provisions of a number of DOJ’s internal documents. The updated Guide, if compared with the previous version, is supplemented only with the criterion entitled “Investigation, Analysis, and Remediation of Misconduct”. It is recommended that companies have a well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct, have an established means of documenting the response, including any disciplinary or remediation measures taken, and analyse the root causes of the misconduct to remediate those causes to prevent future compliance breaches.

In addition, the updated Guide provides a practical example of how even an effective compliance programme does not always make it possible to prevent misconduct. However, if a company has such programme in place, law enforcement bodies can decide not to prosecute. This example regards a financial institution that even after having conducted an extensive due diligence on the third parties and transactions failed to learn that a foreign public official owned nearly 50% of an entity which it interacted with and that that entity was used as a vehicle for corrupt payments. The law enforcement bodies took into account the efforts of the company and did not take enforcement action against it, whereas its executive who had deliberately circumvented the existing compliance programme pleaded guilty to conspiracy to violate the FCPA.

Foreign bribery
Criminal prosecution

We use cookies in order to improve the quality and usability of the HSE website. More information about the use of cookies is available here, and the regulations on processing personal data can be found here. By continuing to use the site, you hereby confirm that you have been informed of the use of cookies by the HSE website and agree with our rules for processing personal data. You may disable cookies in your browser settings.