Expanded security for SAP Business Technology Platform is here. Read More
Search
Solution Briefs

Foreign Corrupt Practices Act (FCPA)

Download

The FCPA was enacted in 1977. A host of other anti-bribery statutes around the world have come onto the books since then, including:

  • The U.K. Bribery Act
  • The Sapin II anti-corruption law in France
  • Brazil’s Clean Companies Act
  • Canada’s Corruption of Foreign Public Officials Act

All of these laws have the same basic structure as the FCPA. They prohibit the bribery of foreign government officials, and require businesses to maintain adequate books and records to identify potential illicit payments.

While enforcement of these laws will vary from country to country, the potential legal liability is the same across most jurisdictions. So the ability to maintain adequate books and records is crucial to compliance, no matter which particular statutes might apply to your business.

The U.S. Foreign Corrupt Practices Act (FCPA) is the foremost corporate anti-bribery statute in the world. It has a criminal section, which prohibits corporations from bribing officials of foreign governments to win business; and a civil section, which requires publicly-trading corporations to maintain adequate books and records that reflect corporate transactions.

The Justice Department enforces the criminal section, and can exercise jurisdiction over any corporation – public or private, based anywhere in the world – that does business in the United States.  The Securities and Exchange Commission (SEC) enforces the books-and-records provisions against any corporation that trades on the U.S. stock exchanges, even if that company does not do business in the United States.

Always remember that the FCPA books-and-records provisions provide the legal basis for SEX to punch corporate accounting fraud, even if the company is not violating the law’s criminal provisions.  That’s because the FCPA amends the Securities and Exchange Act of 1934, to specify that all companies trading on the U.S. stock exchanges must maintain adequate books and records. 

So any company trading on U.S stock exchanges must meet the books-and-standards dictated by the FCPA, even if that company does no business overseas whatsoever. 

The Role of Cybersecurity in Anti-bribery

Cybersecurity is crucial to compliance with the FCPA or any related anti-bribery statute. Bribery schemes work by disguising illicit payments as something else. The ability to create a false trail of transaction records – sales policies bent to generate slush funds, accounting policies abused to fund bribes, payment records altered to hide true recipients – is what allows corrupt payments to flow. Strong cybersecurity thwarts that manipulation.

Moreover, accounting fraud works by manipulating data. So any cybersecurity strategy that ignores threats at the application layer leaves a company vulnerable to accounting fraud, regardless of other security measures such as firewalls access control, and segregation of duties (SoD).

That is, an unauthenticated attack targeting a misconfiguration or vulnerability could target your company’s mission-critical applications, which supports financial operations, and manipulate underlying financial data without touching financial applications themselves or leaving an audit trail. Even with strong internal controls and audits at the infrastructure and database layers, weaknesses at the application layer can still leave financial data vulnerable to bribery or fraud schemes.

Steps to Take

  • Understand the nature of this security threat and assign responsibility for it. CISOs may not understand the demands of FCPA compliance, while internal audit or compliance teams may not grasp how important security is to reducing FCPA risks.
  • Develop a security strategy for mission-critical applications that encompasses FCPA books-and- records issues. That strategy should address configuration management, log management, custom application development, patches, continuous monitoring and more. Those steps must provide solid protection against books-and-records manipulation.
  • Find the right tools to do the job. Security teams, in conjunction with the finance organization and internal audit, need to identify risks and weaknesses that jeopardize FCPA compliance, and seal those gaps. With modern ERP systems supporting mission-critical applications, that’s no easy task. Using the right technology is crucial to do the job right.

Learn how Onapsis can help identify security and compliance risks and streamline your audit processes. https://onapsis.com/request-a-demo/

Back to Solution Briefs
Further Reading
Solution Briefs
Onapsis Assess for SAP BTP
Empower Your Business Users Without Sacrificing SAP Security with Onapsis Assess for SAP BTP
Read More
Solution Briefs
10 Reasons Why More Companies Choose Onapsis
Onapsis Is The Only Application Security & Compliance Solution Wholly Endorsed by SAP as Part of Their Endorsed Apps...
Read More
Solution Briefs
Onapsis SAP Incident Response Technology & Services
Leverage A Combined 85+ Years of In-Depth SAP and Cyber Expertise to Augment Your Critical Incident Response
Read More

©2024 Onapsis | All rights reserved

?>