Originally passed into law in 1977 and amended in 1988 and 1998, the U.S. Foreign Corrupt Practices Act (FCPA) makes it unlawful for U.S. citizens and companies to make payments to foreign government officials to assist in obtaining or retaining business. The law also contains provisions prohibiting foreign representatives from doing the same within the territory of the United States. The FCPA also requires companies whose securities are listed in the U.S. to keep records and maintain internal accounting controls to detect such transactions.
With fines for violations of up to $5 million and 20 years in prison, and $25 million for companies, it is important to ensure that not only your organization's practices, but also your third-party vendor's and supplier's practices, are compliant with FCPA to avoid business disruptions or reputational damage.
Provisions in the FCPA include:
The problem many organizations face when assessing their third parties’ anti-bribery and corruption (ABAC) policies is that the effort is highly manual and lacks real time insights into legal filings.
Ensure that procurement and sourcing teams have access to intelligence pertaining to all new supply chain partner ABAC practices. This can include centralized assessment results, reputational information, legal actions, country-level corruption perception index (CPI) scores, and sanctions data – enabling procurement to make informed supplier sourcing decisions.
Leverage an automated solution that hosts assessment questionnaires, raises risks if results don’t line up with expected risk tolerance levels, and offers specific remediation recommendations. Include supporting evidence and ABAC policy documentation with assessment results to simplify audit reporting.
Regular (usually annual) assessments and attestations are essential to documenting third party controls, policies and processes, but they are static and point-in-time. Adding real-time monitoring of the following sources will help to catch potential adverse events and validate the results of risk assessments.
Your third parties rely on their own suppliers and third parties to deliver goods and services to you and other customers. And you need to respond quickly when adverse events surface in your extended partner ecosystem. That’s why it’s important to identify and visualize relationships between your organization and third, fourth and Nth parties to discover dependencies and risks and avoid reputational hits.
The fastest, least-complex approach to meeting audit requirements is to automatically map the assessment results discussed in recommendation number 2 to reporting that aligns with FCPA requirements. This can’t be done using spreadsheets and email – you will need a central platform for collecting, assessing, analyzing, and reporting on findings.
Managing ESG Risks Across the Extended Enterprise
This analyst report from GRC 20/20 uncovers best practices for including ESG in your third-party risk management program.
The U.S. federal government does not hesitate to file charges against individuals and companies that violate the anti-bribery provisions in the FCPA. Since third parties can often be a weak link, how much visibility does your organization have into your third-party vendor ABAC policies?
Prevalent can help you centralize the management of third parties, define the appropriate assessment methodology, monitor adherence to requirements, and simplify regulatory reporting with our solutions for Foreign Corrupt Practices Act compliance. Get started today by monitoring your top vendors for free or contacting us for a strategy session.
CMMC v2.0 streamlines certification levels, eliminates proprietary maturity layers, and adjusts third-party risk assessment responsibilities. Learn...