Spotlight on FCPA Violations


Foreign Corrupt Practice Act (FCPA) enforcements are picking up at the start of 2023 after a slow-down due to Covid-19 lockdowns which made it more difficult for the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) to pursue prosecutions. The first quarter of 2023 sees two companies receiving FCPA enforcement actions totaling $19 million in settlements from Rio Tinto plc. and Flutter Entertainment.

The DOJ also announced new expectations for corporate compliance departments, enhanced penalties, and the broadening of industries and bad actors it will target with FCPA and “FCPA-related charges.” 

The 2022 Goodwin report noted the DOJ is now pursuing recipients of bribes in addition to their bribers, using “money laundering theories to charge foreign officials who are not themselves subject to the FCPA.” According to the report, the increased number of “FCPA-related” charges will include such malfeasant activities, such as wire fraud, money laundering, false statement, Tax violations, and Travel Act violations, “in addition to, or sometimes instead of, FCPA charges.”

The end of 2022 and the beginning of 2023, saw the DOJ announce further policy changes with  Deputy Attorney General Lisa Monaco’s Monaco Memo and Principal Deputy Assistant Attorney General Nicole M. Argentieri’s March special keynote speech followed by Assistant Attorney General Kenneth Polite’s  supplementary details on these changes. Highlights, include:

  • The DOJ announced its “first-ever Pilot Program on Compensation Incentives and Clawbacks,” which expect companies to “develop compliance-promoting criteria within its compensation and bonus system,” and the DOJ “provide fine reductions to companies who seek to claw back compensation from corporate wrongdoers.”
  • The DOJ is examining how electronic communication channels are employed with regard to preservation and deletion settings and retention policies associated with any “bring your own device,” or BYOD programs. 

These new policies, while justifiable, increase the burden on companies that might have difficulty enforcing these added foreign and domestic compliance expectations around privacy issues and laws with regard to BYOD devices and “clawback” policies. Recouping promised or earned compensation may also face legal challenges abroad.

Consequences for FCPA violations on both the individual and enterprise level

Bribery Violations/per violation

  • Enterprises – Criminal penalty of up to $2,000 
  • Individual – Criminal penalty up to $250,00 and five years of imprisonment
  • Enterprises and Individuals – Civil penalty up to $16,000 


Accounting Violations/per violation

  • Enterprises – Criminal penalty of up to $25,000,000 
  • Individuals – Criminal penalty of up to $5,000,000 plus up to 20 years imprisonment
  • Enterprises – Civil penalty of up to $750,000 
  • Individuals – Civil penalty of up to $150,000

Other Possible non-Monetary Consequences

  • Enterprises – Independent compliance monitorships

       – Certifications by Chief Executive Officers (CEO) and Chief Compliance Officers (CCO)


These are basic guidelines. There may be additional penalties that could include: injunctions, forfeiture of associated profits, forfeiture of assets, suspension (or in some instances banning) from doing business with the government, and jailtime. Unlisted costs are loss to reputation, effects on company and staff performance, and future revenue.

First Quarter 2023 FCPA Highlights

  • Flutter Entertainment plc, as successor-in-interest to The Stars Group, Inc. (3/2023): The Ireland-based global gaming and sports betting company agreed to pay a $4 million civil penalty to resolve violations of the FCPA internal books and records and internal accounting control provisions in connection with payments of approximately $8.9 million to consultants in Russia to support company operations and efforts to legalize poker there.
  • Rio Tinto plc (3/2023): The multi-national company and world’s second largest metals and mining corporation agreed to a pay a $15 million civil penalty to resolve charges that it violated the FCPA books and records and internal accounting control provision. This was in connection with a $10.5 million payment to a consultant to offer or pay money to a Guinean government official in order to retain mining rights in certain areas of the Simandou mountain region in Guinea.

Now is the time for companies to reevaluate their compliance programs. The importance of a robust and holistic compliance program is vital to protect a company from malfeasance, identify bad actors, and to mitigate business risks.

A healthy compliance and risk management program comprises integrating internal risk management and due diligence practices. These include: regular due diligence investigations (Tier III) on all new board members and executives—a deeper dive than standard background checks—along with conducting comprehensive due diligence on business partners, contractors, and supply chain vendors. Executive due diligence should also be exercised prior to new executive hires and importantly any Mergers and Acquisitions (M&A) proceeding. 

In creating the most successful risk mitigation program and having the most reliable and accurate due diligence investigation reports, your company needs to partner with an investigative firm with worldwide reach and resources that specializes in these areas, and is able to provide not just data, but actionable recommendations™ on how to mitigate the various risks you may be facing.

Anticipatory measures and identifying business risks are a best practice every business should implement in partnership with a risk management firm whose expertise includes deep due diligence investigations both nationally and globally.

Find out more by visiting Infortal.