The FCPA does not stop at the US border. Neither do its consequences.
The Foreign Corrupt Practices Act was enacted by the United States Congress in 1977. It prohibits bribery of foreign government officials for the purpose of obtaining or retaining business. It also imposes books and records and internal controls requirements on companies registered with the Securities and Exchange Commission.
What the law's name does not make immediately obvious — and what a significant number of non-US companies have discovered through enforcement rather than compliance — is that its jurisdictional reach extends well beyond US entities. The FCPA applies to any issuer of securities registered with the SEC, regardless of where it is incorporated or where it operates. It applies to any US person or entity. And — critically — it applies to any person or company that takes any act in furtherance of a corrupt payment while within the territory of the United States.
That third category is the one that most frequently surprises non-US companies. A wire transfer routed through a US correspondent bank. An email sent from a server located in the United States. A meeting held in New York as part of a broader transaction. Each of these can constitute sufficient US nexus to bring an otherwise non-US company within the FCPA's reach — and the Department of Justice has pursued enforcement on exactly this basis.
The anti-bribery provisions and their practical scope.
The anti-bribery provisions of the FCPA prohibit offering, paying, promising to pay, or authorising the payment of anything of value to a foreign government official — including employees of state-owned enterprises, political party officials, and candidates for public office — for the purpose of influencing an official act, securing an improper advantage, or inducing the official to violate their lawful duty.
The definition of a foreign government official is broad. In sectors where state ownership of commercial entities is common — energy, infrastructure, telecommunications, aviation — the counterparty in an otherwise commercial transaction may be a government official for FCPA purposes. Companies operating in these sectors, or in markets where the boundary between public and private commercial activity is unclear, face a risk landscape that requires specific attention to how the FCPA defines the parties it covers.
Third-party liability is the dimension of the FCPA that most commonly generates enforcement exposure for companies that believe their own conduct to be clean. The law prohibits not only direct payments but also authorising payments that an agent, distributor, joint venture partner, or other intermediary makes to an official on the company's behalf. The 'knowing' standard under the FCPA is interpreted broadly: a company that ignores red flags suggesting a third party may be making improper payments cannot rely on ignorance as a defence.
The practical test is this: if a third party that acts on your behalf makes a payment to a government official in order to secure a contract for you, do you have confidence that you would have known? That your due diligence on that third party would have surfaced the risk? That your contractual protections require compliance with applicable law and give you audit rights? That you would have acted on the information if it had been surfaced? If the answer to any of these is uncertain, the third-party dimension of your FCPA risk is not adequately managed.
Enforcement has made the extraterritorial reach concrete.
The record of FCPA enforcement over the past two decades makes the law's extraterritorial scope impossible to treat as theoretical. Among the largest FCPA settlements in history, a significant proportion involve non-US companies — European, Asian, and Latin American entities that did not consider themselves subject to US law until the moment they received a subpoena or a voluntary disclosure request.
The mechanisms through which non-US companies become subject to FCPA jurisdiction are varied. Securities registered with the SEC create direct issuer jurisdiction. Subsidiaries of US parent companies are subject to the law through the parent. And the territorial jurisdiction — which requires only that some act in furtherance of the scheme occurred on US soil or used US infrastructure — has been applied with a scope that reflects the reality of how international financial transactions actually move.
For companies operating in high-risk sectors or geographies, or with significant US business relationships, the FCPA is not a foreign law of academic interest. It is a live compliance obligation that requires a programme designed to address its specific requirements: third-party due diligence calibrated to the risk of government-official relationships, books and records maintained to a standard that could withstand US regulatory scrutiny, and a culture that treats the boundary between acceptable facilitation and prohibited payment as a line that cannot be crossed under commercial pressure.
This article reflects the compliance advisory perspective of Compliance House and is intended for informational purposes. It does not constitute legal advice. Organisations seeking guidance on specific regulatory obligations should consult qualified legal counsel in the relevant jurisdiction.
Download this article
Save a PDF copy for offline reading, or share it with a colleague who might find it useful.