10 most important internal controls for FCPA compliance
Updated in 2019
Under the FCPA, companies can be punished not only for the wrongful things they do, like paying bribes, but also for certain things they don’t do. In particular, the FCPA’s accounting provisions require companies to have internal controls in place. When companies do not have certain protections, such as appropriate accounting systems and anti-corruption policies, procedures and processes, they risk violating the law.
Specifically, the FCPA’s accounting provisions require issuers (both U.S. and non-U.S. companies that are publicly traded in the United States) to establish and maintain a system of internal controls sufficient to assure that (1) transactions are executed in accordance with management’s authorization, (2) access to assets is permitted only with the proper authorization and (3) the accounting records reflect the existing assets.
Below and in part two, we provide our list of the 10 most important internal controls for FCPA compliance. We arrange them into two categories – the first five are accounting-specific safeguards, and the next five are other types of processes for high-risk business activities.
ACCOUNTING CONTROLS. Accounting controls help ensure that company funds are not used for bribery. At a very basic level, this means that:
- Individuals with approval power for expenses are independent and have properly delegated authority,
- Approvals are based on supporting documentation,
- Transactions are properly and accurately recorded,
- Processes are regularly monitored, audited and tested and
- Finance personnel are trained to spot red flags.
It is important for companies to ensure such controls for the following types of payment processes.
1. Accounts Payable. Controls should be designed to ensure that types and amounts of the items and services invoiced to the company are legitimate and correctly correspond to the values and descriptions in written contracts, as well as the supporting documentation. Payments should be authorized against original invoices, and invoice numbers should be checked against files to prevent duplicate invoicing. Companies can require special approvals for payments to account numbers not on the master file, manual payments and unusual or unfamiliar vendors. The monitoring and testing program should give particular attention to variations in the normal purchasing process, unusual vendors, split payments to avoid authorized payment thresholds amounts, duplicate payments and frequent payments to the same vendor.
2. Expense Reimbursement. Written travel and hospitality policies should establish standard expense reimbursement rules. They can require approvals from management, the submission of original backup documentation and the timely entry of expense reports. Companies should keep records of the identities of recipients of funds, the business purposes of the expenses and internal authorizations required and received. Heightened oversight should be applied to expenses made on behalf of non-employees, which can include pre-approvals and special value and frequency limits,.
3. Payroll. Payroll responsibilities should be segregated for activities like data entry of employee details, authorizations and payments. Any changes to payroll files, such as salary increases, should include supporting documentation and be approved by someone other than the person inputting the information. Department heads should regularly review and approve payment reports to ensure that salary recipients currently work for the company.
4. Petty Cash. Companies should adopt written policies governing the disbursement of petty cash that dictate appropriate and authorized uses. Policies should ensure that access to petty cash is limited and subject to approvals and that reimbursements are based on supporting documentation and sufficient detail about use. Companies should frequently conduct reconciliations of petty cash disbursements.
5. Claims. Written policies for management of claims, such as returned goods or disputed services, should establish consistent methods for handling these issues. This can include requiring claims to be supported by documentation, recorded properly and approved by someone not involved in the original transaction.
This article was republished with permission from FCPAméricas Blog, for which Matteson Ellis is founder, editor and regular contributor.
The opinions expressed in this post are those of the author in his or her individual capacity and do not necessarily represent the views of anyone else, including the entities with which the author is affiliated, the author`s employers, other contributors, FCPAméricas or its advertisers. The information in the FCPAméricas blog is intended for public discussion and educational purposes only. It is not intended to provide legal advice to its readers and does not create an attorney-client relationship. It does not seek to describe or convey the quality of legal services. FCPAméricas encourages readers to seek qualified legal counsel regarding anti-corruption laws or any other legal issue. FCPAméricas gives permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author and to FCPAméricas LLC.
Matteson Ellis serves as Special Counsel to the FCPA and International Anti-Corruption practice group of Miller & Chevalier in Washington, DC. He is also founder and principal of Matteson Ellis Law PLLC, a law firm focusing on FCPA compliance and enforcement. He has extensive experience in a broad range of international anti-corruption areas. Previously, he worked with the anti-corruption and anti-fraud investigations and sanctions proceedings unit at The World Bank.
Mr. Ellis has helped build compliance programs associated with some of the largest FCPA settlements to date; performed internal investigations in more than 20 countries throughout the Americas, Asia, Europe and Africa considered “high corruption risk” by international monitoring organizations; investigated fraud and corruption and supported administrative sanctions and debarment proceedings for The World Bank and The Inter-American Development Bank; and is fluent in Spanish and Portuguese.
Mr. Ellis focuses particularly on the Americas, having spent several years in the region working for a Fortune 50 multinational corporation and a government ethics watchdog group. He regularly speaks on corruption matters throughout the region and is editor of the FCPAméricas Blog.
He has worked with every facet of FCPA enforcement and compliance, including legal analysis, internal investigations, third party due diligence, transactional due diligence, anti-corruption policy drafting, compliance training, compliance audits, corruption risk assessments, voluntary disclosures to the U.S. government and resolutions with the U.S. government. He has conducted anti-corruption enforcement and compliance work in the following sectors: agriculture, construction, defense, energy/oil and gas, engineering, financial services, medical devices, mining, pharmaceuticals, gaming, roads/infrastructure and technology.
Mr. Ellis received his law degree, cum laude, from Georgetown University Law Center, his masters in foreign affairs from Georgetown’s School of Foreign Service, and his B.A. from Dartmouth College. He co-founded and serves as chairman of the board of 
