The Department of Justice (“DOJ” or “Department”) and the Securities and Exchange Commission (“SEC”) have dramatically stepped up their enforcement of the Foreign Corrupt Practices Act (“FCPA”). Perhaps the most noteworthy development this year was the first ever FCPA sting in which Federal Bureau of Investigations (“FBI”) agents posed as agents representing foreign government officials and solicited bribes from executives in the defense and law enforcement products industry. However, less sensational enforcement efforts—including investigations arising out of industry-wide probes and self-reporting—continue to be a focus for the DOJ and reports of more investigations surface seemingly every week. Most recently it has come to light that Australian natural resources firm, BHP Billiton, is under investigation by the SEC for possible violations of the FCPA, as well as by officials from the United Kingdom for possible corruption stemming from their operations in Cambodia and elsewhere.

The FCPA is a federal law that prohibits offering, promising, or giving anything of value, as well as authorizing such an offer, promise, or gift, to a foreign official for the purpose of obtaining, retaining, or directing business to a person or entity. This prohibition is contained in the FCPA’s anti-bribery provisions, which are enforced by the DOJ. The FCPA’s anti-bribery provisions have a much broader reach than many other U.S. laws. U.S. corporations can be liable for conduct that occurs entirely outside the United States and multinational corporations can be liable for conduct that bears only a tenuous connection to the United States, such as where a corrupt payment is routed through a U.S. bank account or an employee in the United States receives an email regarding a corrupt transaction.

The FCPA also contains accounting provisions, which are enforced by the SEC. The FCPA’s accounting provisions require publicly held companies (under the Securities and Exchange Act) to (1) keep records that “accurately and fairly” reflect transactions, including any bribes; (2) devise a system that maintains accountability and control over assets with suitable and adequate internal controls; and (3) devise and maintain a system of accounting controls sufficient to provide reasonable assurance that all transactions are authorized and consistent with Generally Accepted Accounting Principles.

Companies and individuals who violate the FCPA can face devastating consequences. In 2008, Siemens AG paid a record high fine totaling $800 million to settle charges with the DOJ and SEC. Individuals accused of FCPA violations can face jail time as well as high fines. Even being under investigation for alleged FCPA violations can tarnish the reputation of a company or individual and have long-lasting effects on a company’s business and on an individual’s career.

Any company with U.S. operations that does business in moderate to high-risk countries, such as Brazil, China, Nigeria, or Iraq, which score anywhere from 3.7 to 1.5 on Transparency International’s Corruption Perceptions Index should be aware of their risk under the FCPA, take a proactive stance regarding compliance with the FCPA, and be alert to red flags that would require investigation. Implementing a strong compliance program can help prevent FCPA violations and is likely to reduce potential fines and penalties, particularly if the compliance program is initiated before beginning operations in a moderate or high risk country.

The first step in establishing a compliance program is drafting and disseminating a strong Code of Conduct that prohibits employees from engaging in illegal and unethical behavior. In addition, a robust employee training program should be established to educate employees on the FCPA, as well as any other relevant laws. To follow up on the training element of the compliance program, companies should have their employees sign periodic certifications that they are aware of and have complied with company policies and all relevant laws. In addition, new employees should be required to pass background checks prior to being hired by the company.

The next step is establishing the proper mechanisms to deal with actual or suspected violations. This includes setting up a hotline or some other kind of confidential reporting mechanism that enables employees to report conduct they feel violates company policies or the law, as well as establishing protocols for investigating any reports of improper conduct. Employees who are found to have engaged in conduct that violates company policies or the law must be disciplined.

A proper compliance program will also address third party service providers. Companies face significant exposure when using third parties, especially because under the FCPA “knowledge” of corrupt payments can be established on the basis of conscious avoidance. This means that an individual could be held liable where he or she was aware there was a high probability a corrupt payment was being offered or made but consciously avoided confirming whether or not that was the case. Because of the risk inherent in working with third parties, it is important to create comprehensive protocols for establishing, continuing, and terminating the business relationship. As with employees, companies should ensure that they thoroughly vet third party service providers prior to beginning the relationship. Furthermore, when negotiating agreements with third parties, companies should protect themselves by including provisions that, among other things, provide for audit rights and termination at will. Once the relationship has begun, companies should provide training, as appropriate, on the FCPA and other laws to the relevant third-party employees. Companies should also investigate all red flags, such as extra-contractual payments or other unusual expenditures that are incurred through a third party and should obtain periodic certifications of compliance with U.S. and local laws.

Doing business in today’s global world carries increased risk, but companies with a proactive approach to compliance can help insulate themselves from some, if not all, of their potential liability.