Foreign Corrupt Practices Act (FCPA)
DownloadThe FCPA was enacted in 1977. A host of other anti-bribery statutes around the world have come onto the books since then, including:
- The U.K. Bribery Act
- The Sapin II anti-corruption law in France
- Brazil’s Clean Companies Act
- Canada’s Corruption of Foreign Public Officials Act
All of these laws have the same basic structure as the FCPA. They prohibit the bribery of foreign government officials, and require businesses to maintain adequate books and records to identify potential illicit payments.
While enforcement of these laws will vary from country to country, the potential legal liability is the same across most jurisdictions. So the ability to maintain adequate books and records is crucial to compliance, no matter which particular statutes might apply to your business.
The U.S. Foreign Corrupt Practices Act (FCPA) is the foremost corporate anti-bribery statute in the world. It has a criminal section, which prohibits corporations from bribing officials of foreign governments to win business; and a civil section, which requires publicly-trading corporations to maintain adequate books and records that reflect corporate transactions.
The Justice Department enforces the criminal section, and can exercise jurisdiction over any corporation – public or private, based anywhere in the world – that does business in the United States. The Securities and Exchange Commission (SEC) enforces the books-and-records provisions against any corporation that trades on the U.S. stock exchanges, even if that company does not do business in the United States.
Always remember that the FCPA books-and-records provisions provide the legal basis for SEX to punch corporate accounting fraud, even if the company is not violating the law’s criminal provisions. That’s because the FCPA amends the Securities and Exchange Act of 1934, to specify that all companies trading on the U.S. stock exchanges must maintain adequate books and records.
So any company trading on U.S stock exchanges must meet the books-and-standards dictated by the FCPA, even if that company does no business overseas whatsoever.
The Role of Cybersecurity in Anti-bribery
Cybersecurity is crucial to compliance with the FCPA or any related anti-bribery statute. Bribery schemes work by disguising illicit payments as something else. The ability to create a false trail of transaction records – sales policies bent to generate slush funds, accounting policies abused to fund bribes, payment records altered to hide true recipients – is what allows corrupt payments to flow. Strong cybersecurity thwarts that manipulation.
Moreover, accounting fraud works by manipulating data. So any cybersecurity strategy that ignores threats at the application layer leaves a company vulnerable to accounting fraud, regardless of other security measures such as firewalls access control, and segregation of duties (SoD).
That is, an unauthenticated attack targeting a misconfiguration or vulnerability could target your company’s mission-critical applications, which supports financial operations, and manipulate underlying financial data without touching financial applications themselves or leaving an audit trail. Even with strong internal controls and audits at the infrastructure and database layers, weaknesses at the application layer can still leave financial data vulnerable to bribery or fraud schemes.
Steps to Take
- Understand the nature of this security threat and assign responsibility for it. CISOs may not understand the demands of FCPA compliance, while internal audit or compliance teams may not grasp how important security is to reducing FCPA risks.
- Develop a security strategy for mission-critical applications that encompasses FCPA books-and- records issues. That strategy should address configuration management, log management, custom application development, patches, continuous monitoring and more. Those steps must provide solid protection against books-and-records manipulation.
- Find the right tools to do the job. Security teams, in conjunction with the finance organization and internal audit, need to identify risks and weaknesses that jeopardize FCPA compliance, and seal those gaps. With modern ERP systems supporting mission-critical applications, that’s no easy task. Using the right technology is crucial to do the job right.
Learn how Onapsis can help identify security and compliance risks and streamline your audit processes. https://onapsis.com/request-a-demo/