Skip to Main Content
Our Commitment to Diversity

DOJ and SEC Issue First Major Update to FCPA Resource Guide Since 2012: What You Need to Know

Date: 13 July 2020
U.S. Investigations, Enforcement, and White Collar Alert


On 3 July 2020, the U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC) released the second edition of the Resource Guide to the U.S. Foreign Corrupt Practices Act (Resource Guide or Second Edition).1 The first edition of the Resource Guide was released in November 2012 and was widely viewed at the time as a helpful compilation of prior U.S. Foreign Corrupt Practices Act (FCPA) actions, caselaw, and government policies regarding FCPA enforcement. The updated compilation does not alter the DOJ’s or SEC’s fundamental FCPA enforcement priorities or principles. Instead, the update—the first in nearly eight years—signals the government’s continuing and aggressive pursuit of potential FCPA violators and reinforces the DOJ’s and SEC’s expansive view of FCPA liability. The update incorporates recent case law interpreting the FCPA and guidance on enforcement that will be familiar to practitioners in this area.

Although the Resource Guide breaks no new ground, it remains an important resource to help entities and individuals conducting business overseas understand current developments in the legal and policy landscape of FCPA enforcement. The Resource Guide effectively illustrates the primary pitfalls for companies operating in high-risk jurisdictions and industries. The updates reflect the fact that bribery has shifted from the former prototypical model of improper payments made via middlemen to more sophisticated schemes involving third parties, distributors, resellers, joint ventures, multijurisdictional financial transactions, networks of offshore entities, and increasingly, indirect corrupt arrangements. Consequently, responsive compliance programs, due diligence, and an appreciation of the risks presented by third-party commercial arrangements are more critical than ever.

Additionally, the Resource Guide reflects a renewed prosecutorial focus on the FCPA’s accounting provisions and internal accounting controls, reflecting the growing sophistication of bribery schemes using international financial systems and opaque banking jurisdictions. As before, however, the risk for a company subject to the FCPA lies primarily in its own books and records, as well as in the conduct of its own employees and agents. In this edition, the government emphasizes the extended statute of limitations for criminal violations of the accounting provisions and indicates that companies should tailor their internal accounting controls based on the unique risks posed by their business, just as the DOJ guidelines suggests for corporate compliance programs.

Finally, the updates to the Resource Guide affirm the recent trend toward more business-friendly enforcement practices by the DOJ, as expressed in two other key policy documents in this area: the Principles of Federal Prosecution of Business Organizations and the FCPA Corporate Enforcement Policy. The DOJ has demonstrated a willingness to decline prosecution of companies under limited circumstances, but proactive and full cooperation, transparency, and responsiveness are prerequisites to the successful resolution of an FCPA investigation.

Updates in the Second Edition

Though the Second Edition does not announce new policies, it helpfully assembles the last eight years of FCPA enforcement and guidance. As such, companies involved in international business transactions or operating overseas, especially in certain high-risk regions, should take note of this update.

Substantive Legal Developments
  • Incorporation of recent precedent discussing the definition of “instrumentality” under the FCPA. The Resource Guide discusses the Eleventh Circuit’s 2014 opinion in United States v. Esquenazi defining an instrumentality under the FCPA as “an entity controlled by the government of a foreign country that performs a function the controlling government treats as its own.”2 The update also adds the caveat that “[c]ompanies should consider these factors when evaluating the risk of FCPA violations and designing corporate compliance programs.”3
    • Who Should Take Note? Companies subject to the FCPA that:
      • Conduct business in a high-risk jurisdiction;
      • Acquire an entity (foreign or domestic) with operations that may pose FCPA-related risk;
      • Sell overseas through distributors, resellers, or other third parties; and
      • Invest in a high-risk jurisdiction (e.g., financial institutions).
  • Updated discussion of scope of criminal liability under the FCPA’s antibribery and accounting provisions. In United States v. Hoskins, the Second Circuit held that foreign nationals who do not fall within the “categories of persons directly covered” by the FCPA—i.e., as agents, employees, directors, officers, or shareholders of an American issuer or domestic concern—cannot be found liable for conspiracy to violate the statute.4 The Resource Guide further clarifies that the Second Circuit’s decision does not affect enforcement of the FCPA’s accounting provisions because they broadly apply to “any person” and not to the specific categories of persons enumerated by the statute.5 Thus, the DOJ and SEC appear to be interpreting more broadly who may be liable under the accounting provisions, and, further, suggesting that this may be an increasing area of enforcement.
    • Who Should Take Note?
      • Executives operating overseas;
      • Corporate executives approving transactions and partnerships with third-parties in high-risk jurisdictions;
      • Internal corporate compliance, audit, and finance personnel reviewing overseas transactions; and
      • Members of the audit committee of a public company board of directors.
  • Inclusion of recent case law limiting the use of disgorgement. In its recent Liu v. Securities and Exchange Commission decision, the Supreme Court found that disgorgement was permissible only when the disgorgement amount does not exceed the defendant’s net profits from the wrongdoing and when it is awarded for the victims.6 It remains an open question whether the SEC is permitted to continue seeking disgorgement in FCPA cases where there are no identifiable investor “victims” of a violation. Unless enforcement priorities shift or courts impose additional limits on disgorgement, however, the SEC’s use of disgorgement in FCPA cases will likely continue. Additionally, it is worth watching whether the trend of competitors harmed by bribery suing the company for damages continues, indicating that even if disgorgement disappears, the risk of potentially large monetary damages to third parties harmed by the underlying conduct might remain.7 While this is not specifically addressed in the Resource Guide, the government and regulated entities should be aware of this growing threat from FCPA investigations and resolutions.
    • Who Should Take Note?
      • In-house counsel; and
      • Controllers and other corporate finance/accounting personnel.
  • Clarification regarding statute of limitations and mens rea for criminal violations. The Resource Guide clarifies that the statute of limitations for criminal violations of the FCPA’s accounting provisions is six years, while the statute of limitations for civil violations is only five years.8 For a violation to be criminal, the conduct must be both willful and knowing. Additionally, the Supreme Court held in Liu that disgorgement is also subject to a five-year statute of limitations because it constitutes a “penalty” under 28 U.S.C. § 2462.9 Practically, the government’s inclusion of this in the Second Edition, despite the fact that there has been no change in the statute of limitations since 2012, suggests that enforcement of the books and records provisions will likely increase.
    • Who Should Take Note?
      • In-house counsel;
      • Internal audit and compliance personnel; and
      • Controllers and other corporate finance/accounting personnel.

Shifts in Enforcement Policies and Priorities

  • Clarification on internal accounting controls. The Resource Guide provides insight into the government’s expectations for a company’s internal accounting controls, emphasizing that they should “take into account the operational realities and risks attendant to the company’s business.”10 Consequently, a company should tailor its internal accounting controls based on the risks specific to its industry and global footprint, among other things, mirroring DOJ guidance on compliance programs and prior settlements involving similar entities and situations. Additionally, the Resource Guide notes that internal controls are not synonymous with a company’s compliance program, although there may be overlap if a company has an effective compliance program.11 This clarification continues the recent trend toward an expanding interpretation of what constitutes an effective internal accounting control program under the FCPA by requiring a tailored approach based on a company’s unique risks. For instance, the Resource Guide suggests that a financial services company may be subject to a higher standard for an internal controls program than a manufacturing company, suggesting that the SEC will conduct more critical evaluations of the appropriateness of a company’s internal accounting controls program.12 However, the reality is that the government will continue to use the internal controls provisions in ways that expand on the language of the statute and cover a variety of conduct, particularly in situations with a high risk of corruption but no direct evidence of a successful bribe payment.
    • Who Should Take Note?
      • Controllers and other corporate finance/accounting personnel;
      • Internal audit personnel; and
      • Compliance and other professionals involved in designing, implementing, enforcing, and testing internal financial controls.
  • Updated discussion of successor liability. The DOJ and SEC expressly “recognize that, in certain instances, robust pre-acquisition due diligence may not be possible.”13 In such cases, the government will consider “the timeliness and thoroughness” of postacquisition due diligence and compliance efforts, which is consistent with the FCPA Corporate Enforcement Policy.14 The policy provides more latitude for a company with strong internal controls and an effective compliance program to acquire and improve a company with a weaker compliance program. Additionally, the DOJ and SEC make clear that “an acquiring company that voluntarily discloses misconduct may be eligible for a declination, even if aggravating circumstances existed as to the acquired entity.”15 The Resource Guide also notes that “[m]ore often, DOJ and SEC have pursued enforcement actions against the predecessor company … particularly when the acquiring company uncovered and timely remedied the violations or when the government’s investigation of the predecessor preceded the acquisition.”16
    • Who Should Take Note? Companies subject to the FCPA that:
      • Acquire an entity (foreign or domestic) with operations that may pose FCPA-related risk.
        • Companies should take note of the DOJ’s guidance on pre and postacquisition due diligence and compliance, especially in situations where robust pre-acquisition due diligence is not possible.
  • Adoption of DOJ’s Principles of Federal Prosecution of Business Organizations. The Resource Guide adopts the DOJ’s Principals of Federal Prosecution of Business Organizations and emphasizes consideration of a company’s compliance program when calculating penalties or deciding whether to enter into a nonprosecution agreement—including improvements made after the company was informed of an investigation—and cooperation during an investigation. The updates also reflect the DOJ’s 2018 Coordination of Corporate Resolution Penalties, the so-called “anti-piling on” policy, for situations when a company is subject to penalties or fines from multiple government agencies.17
    • Who Should Take Note?
      • In-house counsel; and
      • Internal audit and compliance personnel.
  • Inclusion of the FCPA Corporate Enforcement Policy.18 The update reaffirms the principles identified in the DOJ’s FCPA Corporate Enforcement Policy, specifically, the presumption that the DOJ will decline to prosecute companies that voluntarily self-disclose misconduct, fully cooperate during an investigation, and timely remediate identified violations, failures, and weaknesses, unless aggravating circumstances dictate a different approach.19 These changes reflect DOJ’s trend toward more business-friendly enforcement priorities, but proactive cooperation and responsiveness are prerequisites to a company benefiting from the presumption for declination over prosecution.
    • Who Should Take Note?
      • In-house counsel; and
      • Corporate management.
  • Updated Corporate Compliance Program guidance.20 The DOJ and SEC updated the Resource Guide to include updates to the DOJ’s 2019 Corporate Compliance Program Guidance. Notably, these changes emphasize the need to: (i) conduct meaningful risk assessments; (ii) create a corporate culture of compliance and “tone at the top”; and (iii) continuously improve and update the compliance program so that it remains effective. For analysis of the latest adjustments to the DOJ’s Corporate Compliance Program Guidance, refer to our recent client alert.
    • Who Should Take Note?
      • In-house counsel; and
      • Internal audit and compliance personnel.
  • New considerations regarding use of compliance monitors.21 The Resource Guide instructs prosecutors to consider the benefits to the company and the public, the cost of a monitor, and its impact on the corporation.22
  • Additional domestic enforcement agencies pursuing FCPA cases. The update also clarifies that in addition to the DOJ and SEC, the U.S. Postal Service and the U.S. Commodity Futures Trading Commission will investigate foreign corruption matters when appropriate.23 This continues the trend, first seen in the JP Morgan referral hiring matter, in which nontraditional U.S. government agencies (in that case, the Federal Reserve) run parallel investigations alongside DOJ and SEC into FCPA-related conduct. While only the SEC and DOJ have statutory authorization to enforce the FCPA, other entities have increasingly sought to enter this space, particularly in cases involving well-known entities and high-profile facts. It is also consistent with the global trend of more and more entities in different countries coordinating with the DOJ and SEC in global corruption investigations, often with the result of massive, multientity resolutions for the effected entities. As more domestic regulators enter the foreign corruption enforcement space, there are more avenues for liability for companies and the potential domestic liability continues to become increasingly complex.


The updated Resource Guide is a helpful compilation of guidance from recent case law and government enforcement policies. There is, however, nothing new to report for those who have been practicing in this area and following these developments as they have emerged over the last eight years. Moreover, there is no indication that FCPA enforcement will wane as a result of these updates. Although the government has indicated it will take a more business-friendly posture moving forward, the Resource Guide reflects that the government will likely continue to take overly broad positions, especially as it relates to the FCPA accounting and controls provisions, and will continue aggressively pursuing claims against companies and individuals. Recent DOJ investigations, corporate resolutions, and prosecutions—especially of individuals—demonstrate the that the government will continue to aggressively pursue FCPA matters despite any statements to the contrary. Companies should continue to proactively monitor operations and third-party relationships in high-risk jurisdictions through due diligence, internal controls, and other compliance measures. Additionally, companies should continue to be aware of the risks associated with the FCPA—including the statute’s accounting provisions, and should take reasonable steps to investigate and remediate problems when they arise. Indeed, given the growing sophistication of bribery schemes that rely on the international financial system and opaque banking jurisdictions, the risk for a company subject to the FCPA usually lies in its own books and records. The updates to the Second Edition reflect this risk and the fact that a company’s accounting records are a point of particular vulnerability that may receive increasing attention by the DOJ and SEC.


2 United States v. Esquenazi, 752 F.3d 912, 920–33 (11th Cir. 2014).

3 Resource Guide, supra note 1, at 20.

4 United States v. Hoskins, 902 F.3d 69, 94 (2d Cir. 2018). The Hoskins decision is binding only in the Second Circuit and at least one district court in another circuit has expressed their disagreement with this decision. See United States v. Firtash, 392 F. Supp. 3d 872, 889 (N.D. Ill. 2019) (finding that an individual could be criminally liable even if they do not “belong to the class of individuals capable of committing a substantive FCPA violation”).

5 Resource Guide, supra note 1, at 46.

6 Resource Guide, supra note 1, at 71; Liu v. SEC, No 18-1501, 2020 WL 3405845, at *2 (U.S. June 22, 2020); see Neil T. Smith et al., Liu v. SEC: The Supreme Court Limits the SEC’s Disgorgement Power and Sets the Stage for Future Legal Battles, K&L GATES (June 24, 2020).

7 See, e.g., Dylan Tokar, Restitution Battle Throws Three-Year-Old Och-Ziff Settlement Into Limbo, WALL ST. J. (Sept. 7, 2019).

8 Resource Guide, supra note 1, at 36.

9 Kokesh v. SEC, 137 S. Ct. 1635 (2017).

10 Resource Guide, supra note 1, at 40.

11 Resource Guide, supra note 1, at 40.

12 Resource Guide, supra note 1, at 41.

13 Resource Guide, supra note 1, at 29.

14 Resource Guide, supra note 1, at 29.

15 Resource Guide, supra note 1, at 32, 52–54.

16 Resource Guide, supra note 1, at 30.

17 Resource Guide, supra note 1, at 71; see Barry M. Hartman et al., The Revised Manual for Federal Prosecutors: A Pragmatic Approach to Being Tough on Crime—Including White Collar Crime, K&L GATES (Dec. 18, 2018).

18 See Brian F. Saulnier et al., DOJ Revises Corporate Compliance Guidance Calling Attention to Three Areas Where Most Companies Fall Short: Risk Assessments, Compliance Culture, and Continuous Compliance Program Improvement, K&L GATES (May 16, 2019).


20 See Saulnier, supra note 13.

21 Brian A. Benczkowski, Assistant Att’y General, U.S. Dep’t of Justice, Memo to All Criminal Division Personnel on Selection of Monitors in Criminal Division Matters (Oct. 11, 2018).

22 Resource Guide, supra note 1, at 74.

23 Resource Guide, supra note 1, at 5.

This publication/newsletter is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer. Any views expressed herein are those of the author(s) and not necessarily those of the law firm's clients.

Return to top of page

Email Disclaimer

We welcome your email, but please understand that if you are not already a client of K&L Gates LLP, we cannot represent you until we confirm that doing so would not create a conflict of interest and is otherwise consistent with the policies of our firm. Accordingly, please do not include any confidential information until we verify that the firm is in a position to represent you and our engagement is confirmed in a letter. Prior to that time, there is no assurance that information you send us will be maintained as confidential. Thank you for your consideration.

Accept Cancel