FCPA Enforcement Is Changing; What Does It Mean for Compliance Programs? [Q&A]

Rumors of the death of foreign bribery as a crime were greatly exaggerated, to borrow a possibly apocryphal quip by Mark Twain. But the Trump Administration’s moves to shift the focus of FCPA enforcement — and then pause DOJ enforcement entirely for at least 180 days — have many people in the corporate integrity world wondering what comes next.

Companies hoping to soften their anti-corruption and FCPA compliance programs should give no weight to that notion, legal and compliance observers told Corporate Compliance Insights, lest they risk investigations from overseas authorities or even an increase in employee misconduct unrelated to the FCPA.

“There are tangible costs to companies that weaken controls and extend latitude to employee conduct around interactions with public officials. Although enforcement risk is always a consideration in internal investigations, the reality is that many issues raised through hotline complaints are not purely about anti-bribery compliance,” Hogan Lovells partner Matthew Sullivan, a former federal prosecutor, told CCI in a written Q&A. “Even in a context of diminished US enforcement risk — when companies will no doubt be assessing how best to direct their compliance resources — organizations will have a strong incentive to assess and investigate internal complaints and other compliance issues that arise.”

Both the DOJ and SEC are empowered to investigate violations of the FCPA, though the current pause applies only to the DOJ, which has historically been the chief enforcer. In 2019, the third year of President Donald Trump’s first term, the Justice Department brought 37 enforcement actions, the DOJ’s high-water mark, compared to 17 that year for the SEC.

The 1977 Foreign Corrupt Practices Act, which makes it a crime to bribe foreign officials in the pursuit of contracts, was signed into law by President Jimmy Carter after years of post-Watergate revelations about international corporate misconduct. It was the first such law in the world governing the conduct of domestic businesses in foreign domains, but it has since served as a model for lawmakers globally, and international risks still exist, observers warn.

The UK Bribery Act, for example, could ensnare US-based multinationals, Nicole Boeckmann, Mark Hunting and Margaret “Meg” Beasley of Bracewell said in a written Q&A.

“While the US leads the movement with anti-bribery laws, many other countries have in recent years created and enhanced their own versions of the FCPA that still apply to US and foreign companies,” they wrote. “For example, the U.K. Bribery Act 2010 has broad jurisdictional reach and applies to (i) offenses committed in the UK; (ii) offenses committed outside the UK where the person committing the act has a ‘close connection’ with the UK; and (iii) any company incorporated in the UK or that ‘carries on a business or part of a business in’ the UK.”

The complexity of compliance officers’ may grow, but a crime is still a crime, Ann Marie Wick, a managing director at FTI Consulting said in a written Q&A.

“[T]his executive action is not an overhaul of the FCPA,” Wick wrote.” The order does not repeal the US FCPA law. Bribery of foreign public officials, whether by US companies and individuals or foreign entities and individuals operating in the US, is still a criminal offense.”

In short, companies would be ill-advised to pull back on their FCPA-inspired compliance measures for many reasons — and the fact remains that bribery and corruption are illegal. Sullivan, a partner in Hogan Lovells’ Manhattan office; Boeckmann, Hunting and Beasley of Bracewell; and Wick of FTI Consulting explain more in the lightly edited Q&A below.

CCI: How should companies adjust their existing FCPA compliance programs during this 180-day enforcement pause (if at all)? Should monitoring or documentation practices be maintained at current levels despite the temporary hold?

Matthew Sullivan: Regardless of the exact contours of DOJ’s forthcoming FPCA enforcement guidelines, there are a host of reasons why companies have a strong interest in maintaining robust anti-corruption compliance programs. Even if FCPA enforcement is sharply narrowed under the Trump Administration, a subsequent administration could return to a more traditional FCPA enforcement approach and bring charges arising from conduct falling within the statute of limitations period of five years — which can be extended further in several ways. Second, enforcement authorities from many jurisdictions, including local authorities, continue to pursue anti-corruption agendas of their own and may seek to fill the gap left by softer US enforcement. More broadly, there are tangible costs to companies that weaken controls and extend latitude to employee conduct around interactions with public officials. Although enforcement risk is always a consideration in internal investigations, the reality is that many issues raised through hotline complaints are not purely about anti-bribery compliance. We routinely deal with matters that involve complaints or disputes involving competitors or business partners, misappropriation of company assets or information or other aspects that present some risk or disruption to the business. Even in a context of diminished US enforcement risk — when companies will no doubt be assessing how best to direct their compliance resources — organizations will have a strong incentive to assess and investigate internal complaints and other compliance issues that arise. 

Nicole Boeckmann, Mark Hunting and Margaret “Meg” Beasley: The executive order, both by its title and terms, pauses enforcement of the FCPA — it does not terminate it. Only Congress can repeal a statute. Nor does the order suspend the law’s application to conduct committed during the 180-day review period. Accordingly, companies should not adjust their compliance policies at all but rather act as if the FCPA applies with full force — because it does. Further, it is entirely possible that at the end of the 180-day period, FCPA enforcement remains unchanged. Moreover, irrespective of how the DOJ approaches the FCPA for the next four years, the statute of limitations will outrun President Trump’s term: Criminal and civil violations of the FCPA’s anti-bribery provisions have a five-year statute of limitations, and criminal violations of the books and records and internal controls provisions have a six-year statute of limitations. Additionally, if the violation involves a conspiracy, the statute of limitations doesn’t even begin to run until the conspiracy has ended. Thus, violations that occurred recently, remain ongoing or take place in the next four years would all be fair game for the next administration. Finally, certain conduct that could give rise to liability under the FCPA could also be the basis for other adverse legal outcomes. A bribe may be prosecutable under different criminal statutes, such as those prohibiting money laundering or wire fraud, or form the basis of civil litigation by private parties, such as civil RICO (for a pattern of bribery), securities law violations (for inadequate disclosures), breach of contract (for a breach of representation and warranty), torts (for fraud, tortious interference or breach of fiduciary duty) or antitrust. In short, while the pause on FCPA enforcement actions is certainly something to watch, we strongly recommend that companies maintain and invest in their anti-corruption policies and procedures. 

Ann Marie Wick: While the executive order and related attorney general’s directives should not drive significant changes in an already well-designed and executed compliance program, there are some areas of enhancement or actions that may need to be considered. Companies should assess their compliance programs, including resource deployment; communicate with boards, executives, employees and third parties and remind them of the key components of the compliance program; review third-party risk management practices, including screening and ongoing monitoring processes to ensure they are addressing areas of focus in the executive order, such as cartel and transnational criminal organization risks; reassess risk management activities for operations in geographies with higher rates of cartel and TCO activities or within industries highlighted in the order; and reassess the company’s whistleblower program.

CCI: What specific areas of FCPA compliance might be most affected by potential new DOJ guidance, and how can companies prepare for these changes while maintaining robust anti-corruption measures?

Sullivan: One clear piece of guidance is the Feb. 5 memo from Attorney General Pam Bondi, which endorses an enforcement priority shift, to focus DOJ’s efforts — including by the FCPA unit — “to pursue total elimination of Cartels and Transnational Criminal Organizations.” It’s unclear how strong a link the DOJ will seek before proceeding with FCPA investigations or enforcement actions implicating alleged drug cartel or organized criminal activity. That said, DOJ prosecutors will have an incentive to seek such ties and identify viable cases in furtherance of these goals. As a result, companies that operate in jurisdictions with cartel and organized criminal activity have an incentive to review their operations and third-party relationships, with an eye toward the Bondi memo’s directive. For its part, the Trump executive order describes a link between US national interests and the ability of its companies to gain business advantages in critical minerals, deep-water ports and other key infrastructure and assets. More broadly, there’s an emphasis on the need for US companies not to be hamstrung by disproportionate anti-bribery enforcement. These aspects suggest that non-US multinationals, including companies operating in sensitive sectors that compete with US companies, may remain in the crosshairs of FCPA enforcement. 

Boeckmann, Hunting and Beasley: The executive order also focuses on the competitiveness of American companies in the global economy, asserting that “overexpansive and unpredictable FCPA enforcement against American citizens and businesses — by our own government — for routine business practices in other nations not only wastes limited prosecutorial resources that could be dedicated to preserving American freedoms, but actively harms American economic competitiveness and, therefore, national security.” This rationale suggests that, going forward, the DOJ may elect not to enforce the FCPA against American citizens and companies in situations where such enforcement could put them at a competitive disadvantage. Conversely, the DOJ may more sharply focus on foreign entities that the administration perceives to have been operating at an advantage vis a vis American companies. Currently, roughly 40% of FCPA defendants are foreign entities. The flip side of the FCPA coin in this regard is the Foreign Extortion Prevention Act (FEPA), which was signed into law in January 2024. Meant as a complement to the FCPA, FEPA criminalizes the “demand” side of foreign bribery by specifically making it illegal for foreign officials to demand or accept bribes from any US citizen, company or resident in exchange for obtaining business. If the administration’s goal is to level the competitive playing field for US companies, an increase in FEPA enforcement could serve similar ends as a decrease in FCPA enforcement actions of those companies.

Wick: This action is, as it says in the title of the order, a “pause” in certain enforcement activities — and not all activities. While the president’s executive order has given rise to much speculation on the implications of this action, organizations should see this and related actions as opportunities to reaffirm and uphold their core values, emphasizing that, regardless of the jurisdiction in which they operate, they maintain a commitment to integrity and a zero-tolerance policy for bribery and corruption. Doing so makes not only makes practical sense, as we anticipate further regulatory and compliance developments as a result of the order and DOJ directives but also sends a meaningful message to employees and third-party partners and stakeholders. It’s important to regain perspective: The jobs of compliance officers may become more challenging in this environment, but this executive action is not an overhaul of the FCPA. The order does not repeal the US FCPA law. Bribery of foreign public officials, whether by US companies and individuals or foreign entities and individuals operating in the US, is still a criminal offense. When looking at compliance in the short term to long term, companies should be mindful that the statute of limitations under the FCPA’s anti-bribery provisions is five years (six years for a criminal violation under the accounting provision), which can be extended up to three years when the DOJ is pursuing evidence from a foreign authority.  Any violation of the FCPA today, or in the next four years, could be under investigation of a future administration. 

CCI: The SEC can also bring FCPA cases; should we expect a similar enforcement pause for that agency?

Sullivan: As of now, there’s significant uncertainty around the extent to which the SEC — during the 180-day pause and following the issuance of updated DOJ FCPA enforcement guidance — will continue with a more traditional enforcement agenda, or whether it instead will take a narrower approach more consistent with the DOJ’s apparent direction. Based on some of the key concerns set out in Trump’s executive order — including the desire to remove perceived burdens on US companies and US economic interests — it would be logical for the SEC to similarly narrow its enforcement agenda.

Boeckmann, Hunting and Beasley: So far, the SEC has not announced any changes to its FCPA enforcement program. However, Trump’s pick to head the SEC, Paul Atkins, has a track record of taking a fairly light touch on corporate enforcement actions. We will have to wait and see how, if it all, he decides to adjust his agency’s approach.

FCPA

No, Bribery Did Not Just Become Legal

by Joe Murphy

February 14, 2025

Those who take Chicken Little view overlook global nature of corruption & law enforcement

Read moreDetails

CCI: For multinational corporations, how does this enforcement pause interact with other international anti-corruption laws like the UK Bribery Act or EU anti-corruption regulations? What considerations should compliance officers keep in mind regarding overlapping jurisdictions?

Sullivan: There is no shortage of other anti-bribery regimes that companies will need to account for. 

Boeckmann, Hunting and Beasley: While the US leads the movement with anti-bribery laws, many other countries have in recent years created and enhanced their own versions of the FCPA that still apply to US and foreign companies. For example, the UK Bribery Act 2010 has broad jurisdictional reach and applies to (i) offenses committed in the UK; (ii) offenses committed outside the UK where the person committing the act has a “close connection” with the UK; and (iii) any company incorporated in the UK or that “carries on a business or part of a business in” the UK. Additionally, the European Parliament and Council of the European Union are, pursuant to a 2023 European Commission resolution, negotiating the final version of a directive that would require member states to meet common standards in their anticorruption legislation. As drafted, member states would have jurisdiction over bribery offenses committed (i) in whole or in part in the member state’s territory; (ii) by a national or ordinary resident of the member state; or (iii) for the benefit of a company established in the member state. Thus, even if the US takes a step back on prosecuting cross-border corruption schemes, other countries may step in to fill that enforcement role. Notably, France has said (somewhat cheekily) that it will continue to prosecute corruption. Accordingly, compliance officers must still evaluate the entire web of potential enforcement regimes and ensure that policies and procedures satisfy the most stringent standards.

Wick: Regulations in other parts of the world have not been impacted by this executive order. Companies should remain vigilant in their compliance efforts in all geographies in which they operate. Companies should remain focused on ensuring they are taking a proactive and comprehensive approach in addressing enterprise and compliance risks, launching prompt investigations of identified issues and setting remediation that allows for continued growth within the geographies in which they operate. 

CCI: What are the potential implications of this pause for companies currently under FCPA investigation or those that have existing corporate compliance monitors?

Sullivan: Companies currently under investigation can point to the principles set out in the Trump executive order and the enforcement priorities described in the Bondi memo, and — to the full extent they can — argue that, consistent with those statements, the DOJ should exercise its discretion not to pursue enforcement action where doing so would be inconsistent with those principles. The same is true of companies currently subject to corporate compliance monitorships or reporting obligations; this is an issue we’re actively evaluating. The executive order all but invites such efforts by stating that, once new FCPA enforcement guidelines are issued, “the Attorney General shall determine whether additional actions, including remedial measures with respect to inappropriate past FCPA investigations and enforcement actions, are warranted and shall take any such appropriate actions” in response. Time will tell under what circumstances the DOJ may be amenable to such arguments — that monitorship oversight or reporting obligations are inconsistent with current enforcement principles and as a result should end ahead of schedule. 

Boeckmann, Hunting and Beasley: The DOJ could renegotiate corporate settlement agreements. Individuals convicted of FCPA violations could be pardoned or have their sentences commuted by the president. It is even possible that the president could seek to have Congress repeal the FCPA. Though such review will not begin until the new guidelines are issued, some companies have already sought recourse in light of this portion of the order. On Feb. 13, attorneys representing former Cognizant Technology executives Gordon Coburn and Steven Schwartz, who are set to begin trial March 3 for allegedly approving a $2 million bribe in India, sought a dismissal directly from the Justice Department’s No. 2 official, Emil Bove. After a week of deliberation, on Feb. 21 prosecutors informed the court that they intend to proceed to trial.  This decision provides early insight into how the order will — or will not — impact the DOJ’s review of existing FCPA investigations.

CCI: How might this enforcement pause and subsequent guidance affect the DOJ’s corporate enforcement program, particularly regarding voluntary self-disclosure and cooperation credits?

Sullivan: The level of activity by the Trump DOJ makes it easy to forget just how recently the FCPA defense bar and in-house counsel were focused on the Biden Administration’s key initiatives, including its sustained efforts to incent voluntary self-disclosure, robust cooperation and whistleblower reporting. The reality is that the Trump Administration’s statements regarding FCPA enforcement will lead to legitimate discussions and reassessment around the thresholds and circumstances that might lead a company to seriously consider proceeding with a voluntary self-disclosure. We’re keeping an eye on additional statements from the DOJ that could help clarify its approach to aspects like cooperation credit.

Boeckmann, Hunting and Beasley: DOJ’s corporate enforcement program — including receiving cooperation credit for timely and complete voluntary self-disclosures — does not solely apply to the FCPA. As a result, whether we see a decline in the DOJ invoking the program related to FCPA enforcement actions will not have a broader impact on the program itself. Corporations will be well-served to continue evaluating their compliance programs and, when potential problems are identified, seek advice on whether an early self-report is in the best interests of the organization. This is especially true given that the Trump Administration has shown no indication it will revoke recently instituted whistleblower incentive programs.

CCI: How might this development affect cross-border M&A due diligence processes and post-acquisition integration plans?

Sullivan: M&A due diligence and post-acquisition review have been a focus of mine — and the impact on M&A diligence is similar to the impact on compliance efforts more generally. In particular, there’s a strong rationale for adhering to existing procedures, both during and after the enforcement pause, to uncover potential issues, which routinely include aspects that, separate from any compliance concern, can impact business processes, efficiency or integration. That said, it’s naïve to think that a diminished enforcement focus will have no impact on acquiring companies’ assessment of risk — particularly in circumstances where, following the issuance of the Trump DOJ’s FCPA guidelines, companies perceive less enforcement risk in connection with a given transaction.

Boeckmann, Hunting and Beasley: Companies that are being acquired may have committed crimes that give rise to liability under both the FCPA and other statutes. For example, offenses under the FCPA are predicate offenses for the purposes of money-laundering offenses, and there has been no indication of a change in enforcement priorities in this space. Accordingly, conducting thorough due diligence before and after the transaction — and making a voluntary self-disclosure of any latent improprieties under DOJ’s corporate voluntary self-disclosure policy — remains critical.

CCI: What should boards of directors and audit committees be considering during this enforcement pause, and how might their oversight responsibilities evolve?

Boeckmann, Hunting and Beasley: Boards of directors must still honor their duties of loyalty and care under applicable corporate governance laws. The FCPA enforcement pause does not abrogate directors’ oversight responsibilities, such as ensuring board-level reporting mechanisms and compliance controls to understand, document and address risks to the company. For example, under the corporate governance laws of Delaware — applicable to a vast majority of US-based companies — failure to do so may give rise to so-called Caremark claims and other causes of action. Even in an environment where the FCPA is less prominent, conduct that could violate the FCPA may also give rise to many other avenues of liability and thus still present significant risk. Further, anti-corruption policies and culture serve larger goals as well: They establish ethical standards for conducting business and encourage fair competition, set clear expectations for both employees and counterparties, prevent waste of corporate assets and instill confidence in management and pride in the company. Boards should continue to support and indeed require anticorruption programs for the benefit of their companies, employees and shareholders, as well as the community in which they operate. 

Wick: Take this as an opportunity to assess your compliance program as the current enforcement environment evolves. Review the company’s risk profile and risk management activities and communicate internally and with key external stakeholders their role in a well designed and implemented compliance program.  Work with the company compliance leaders to closely monitor the DOJ’s implementation of the executive order including revised FCPA enforcement guidelines and conduct a thorough and timely assessment of your program, including deployment of resources, against the updated guidelines.

CCI: What lessons from previous significant FCPA policy shifts might be relevant for companies navigating this current transition?

Sullivan: Even for those of us expecting substantial changes in corporate enforcement under the second Trump Administration, the broad FCPA enforcement pause, and prospect of a significant narrowing in enforcement by the DOJ, represents a remarkable break from the steady progression of FCPA enforcement, including throughout the first Trump Administration. But as with other, more subtle changes in US enforcement priorities, companies have a strong interest in coordinating with counsel and closely monitoring developments. That’s as true as ever today; the administration’s new FCPA enforcement guidance will be important — but what unfolds in individual cases, both within and beyond the public eye, will be the clearest indicator of how exactly the DOJ’s enforcement agenda will unfold.

Boeckmann, Hunting and Beasley: While the order is significant, it is not clear that there even will be a significant policy shift — only time will tell whether the second Trump Administration will take action on its stated antipathy to the FCPA. And even if it does, because the FCPA statute of limitations outruns this administration and because bribery can be prosecuted under many other criminal laws — US and foreign — it would be naïve to water down compliance programs. In sum, the long-term implications of the order and the Bondi memos are uncertain, and companies should continue to invest in their compliance programs and be alert to the evolving enforcement environment. Putting aside the legal implications, most organizations have codes of conduct, employment contracts and policies and procedures prohibiting corruption and unethical conduct. Add to that complex contractual matrices between employees, banks and financiers, vendors and other third parties and the organization that require compliance with the FCPA and similar laws. It is hard to see how an organization could unravel these requirements to reflect a change in position in the FCPA while continuing to comply with foreign laws and protect the company’s own assets.

Matthew Sullivan is a partner in the litigation, arbitration and employment practice in Hogan Lovells’ New York office. A former federal prosecutor, he defends corporate and individual clients facing government investigations, enforcement actions, sensitive internal investigations and complex civil litigation.

Nicole Boeckmann is a partner in the New York office of Bracewell and former chief at the Eastern District of New York. She represents companies and individuals in complex criminal, regulatory and civil investigations throughout the United States, drawing on her extensive experience participating in more than 30 trials.

Mark Hunting is a partner in the London office of Bracewell. He advises companies and corporate executives on business-related criminal and regulatory matters, including money laundering, bribery and corruption, financial and trade sanctions and export controls, corporate investigations, health and safety and financial institution trading regulations. 

Margaret “Meg” Beasley is an associate in the New York office Bracewell. She represents clients across a wide range of industries in every level of federal and state court, as well as in agency forums. She provides counsel in matters including white collar defense, government investigations, Foreign Agents Registration Act (FARA), sanctions compliance, anti-money laundering, FCPA and cybersecurity and data breach response.  

Ann Marie Wick is a managing director at FTI Consulting in the forensic and litigation consulting segment and is based in Milwaukee. She is a solutions-oriented, global finance and compliance executive known for driving significant global internal control improvements in an efficient and collaborative manner. With experience working in six of the seven continents, she has more than 30 years of global compliance, external and internal audit expertise focused on the consumer products and manufacturing industries.