The part of the FCPA that most companies underestimate.
The Foreign Corrupt Practices Act is most commonly described in terms of its anti-bribery provisions — the prohibition on paying foreign government officials to obtain or retain business. This is the part of the law that generates headlines. It is also the part that receives the overwhelming majority of compliance attention.
But the FCPA contains a second set of provisions — the accounting provisions — that are both broader in scope and, in some respects, more dangerous for companies that have not specifically designed their compliance programmes to address them. These provisions apply exclusively to issuers: companies whose securities are registered with the SEC, including foreign private issuers listed on US exchanges.
The accounting provisions impose two distinct requirements. The books and records requirement obliges issuers to make and keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect the company's transactions and disposals of assets. The internal controls requirement obliges issuers to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurance that transactions are executed in accordance with management's authorisation and recorded in conformity with generally accepted accounting principles.
The intent threshold is lower than the anti-bribery provisions.
The anti-bribery provisions of the FCPA require proof of corrupt intent: a payment made with the purpose of influencing an official act. The accounting provisions do not carry the same intent requirement for civil liability. A company whose books contain inaccurate records — even where no corrupt payment has been made — may face civil FCPA liability if the inaccuracy is material and the company is an issuer.
This has significant practical implications. Payments described in the accounts as consulting fees, commissions, or promotional expenses, where the underlying substance does not support the characterisation, are a recurring enforcement target. The issue is not only that these payments may represent disguised bribes — it is that the characterisation itself represents a books and records violation, regardless of whether the underlying payment was corrupt in purpose.
The internal controls provision creates a parallel vulnerability. A company that lacks the controls necessary to detect or prevent improper payments — or that has controls that exist on paper but are not operational — may face an internal controls violation even where no improper payment has occurred. The standard is not perfection. But it is genuine operational effectiveness, assessed against the company's actual risk environment.
A useful diagnostic for the internal controls provision is to ask: if an employee wanted to make a payment to a government official and wanted to disguise it in the accounts, what controls would prevent or detect it? The honest answer to that question — applied to each category of high-risk expenditure — tells you where your FCPA accounting provisions exposure actually lies.
Finance and compliance must be designed to work together.
The accounting provisions of the FCPA create a compliance obligation that cannot be satisfied by the compliance function alone. The books and records requirement lives in accounting. The internal controls requirement spans finance, operations, and the IT systems that process and record transactions. A compliance programme that does not actively engage with these functions — that treats the accounting provisions as someone else's problem — is not designed to manage the full scope of FCPA exposure.
What a well-designed response to the accounting provisions looks like in practice: a regular review of high-risk expenditure categories — gifts, entertainment, travel, commissions, third-party payments — to verify that the accounting reflects the substance of the transaction. A clear approval process for payments above defined thresholds, with documentation requirements that create an audit trail. A periodic assessment of whether existing financial controls are capable of detecting the specific patterns of payment that FCPA enforcement history has identified as red flags.
For companies subject to both the FCPA and Sapin II — a position that describes many large companies with US listings and French operations or French subsidiaries — the overlap between the accounting provisions of the FCPA and the accounting controls requirement of Sapin II is an opportunity to build a single integrated response rather than two parallel programmes. The specific requirements differ in detail, but the underlying logic — that financial controls must be designed to detect and prevent corruption-related transactions — is the same.
The accounting provisions are not a technicality. They are a substantive obligation with a separate enforcement track, a lower intent threshold than the anti-bribery provisions, and a record of enforcement that demonstrates the SEC and DOJ's willingness to pursue them independently of any underlying bribery allegation. For issuers operating internationally, they deserve exactly the same compliance attention as the provisions whose name appears in the law's title.
This article reflects the compliance advisory perspective of Compliance House and is intended for informational purposes. It does not constitute legal advice. Organisations seeking guidance on specific regulatory obligations should consult qualified legal counsel in the relevant jurisdiction.
Download this article
Save a PDF copy for offline reading, or share it with a colleague who might find it useful.