Business organizations large and small are subject to the anti-bribery provisions of the Foreign Corrupt Practices Act.
Although the books and records and internal controls provisions only apply to issuers, issuers are not always large companies. These provisions make no explicit distinctions regarding the size of an issuer, but in the FCPA Guidance the DOJ and SEC sensibly acknowledge that a factor the enforcement agencies consider when evaluating an organization’s compliance program is the size of the organization. Specifically the Guidance states: ” small- and medium-size enterprises likely will have different compliance programs from large multi-national corporations, a fact DOJ and SEC take into account when evaluating companies’ compliance programs.”
Similarly, the DOJ’s November 2017 FCPA Corporate Enforcement Policy states: “implementation of an effective compliance and ethics program, the criteria for which will be periodically updated and which may vary based on the size and resources of the organization …”.
Despite this sensible FCPA enforcement agency guidance, does size actually matter?