This recent post discussed how the COVID-19 crisis once again demonstrates that there is a difference between the FCPA anti-bribery provisions (the statute) and how the FCPA’s anti-bribery provisions are enforced by the DOJ/SEC.
In the current crisis, some have raised legitimate concerns that doing risk assessments, due diligence of third parties, monitoring of third parties, in-country audits, and a host of other internal controls “best practices” have become difficult if not practically impossible – and thus Foreign Corrupt Practices Act violations are lurking. After all, the DOJ says a business organization should do the above-listed things (among others) in its Evaluation of Corporate Compliance Programs (“ECCP”)
Compliance professionals – take a deep breath. The ECCP is not the law and courts have held that failure to follow supposed “best practices” is not a legal violation.
Rather, in times like these remember that the internal controls standard is “reasonable.” “Reasonable” is a term used throughout the law and when used the standard contemplates a variety of factors including the circumstances in which conduct occurs. Indeed, this position finds grounding in the FCPA itself, its legislative history, FCPA judicial decisions, and even prior FCPA enforcement agency guidance.