ConnectedGRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

MetricStream Named Category Leader in All Seven Quadrants of the Chartis Research RiskTech Quadrant® for Integrated GRC Solutions, 2024

MetricStream Named Category Leader in All Seven Quadrants of the Chartis Research RiskTech Quadrant® for Integrated GRC Solutions, 2024

Learn More

Discover ConnectedGRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Find Everything You Need to Build Your GRC Journey and Thrive on Risk

Download this report to explore why cyber risk is rising in significance as a business risk.

Looking into 2025 – A Journey Through GRC Challenges and Priorities

Download the Report

Learn about our mission, vision, and core values

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
Blogs

The Pause in FCPA Enforcement – Why Self-Governance Matters Now More Than Ever

European-Compliance-Week-event-in-a-new-blog
6 min read

Introduction

The Foreign Corrupt Practices Act (FCPA) is a federal anti-corruption law that was introduced in 1977 by the United States of America to prevent American publicly traded companies from bribing foreign governments for business benefits. THE FCPA is jointly enforced by the Department of Justice (DOJ) that is responsible for criminal penalties, and the Securities Exchange Commission (SEC) that handles civil penalties. In February 2025, President Trump issued an executive order titled “Pausing Foreign Corrupt Practices Act Enforcement to Further American Economic and National Security,” that stopped any new FCPA investigations and enforcement for 180 days. The executive order also instructed the Attorney General to review ongoing and past FCPA investigations and resolutions, as well as disseminate guidelines on enforcement action within the 180 days.

But reduced external enforcement does not mean that companies can relax their internal governance practices. In fact, now is the time for American organizations with multinational operations to strengthen their internal governance and compliance practices to ensure transparent and ethical operations across the world.

Understanding the Pause in FCPA Enforcement

Even before the President’s issued the Executive Order, the number of enforcement actions by the SEC and DOJ were on the decline.

  • In 2023, there were 21 enforcement actions (The earlier 10 year average was 36)
  • Year 2024 saw 26 enforcement actions
  • There were just 4 publicly disclosed investigations in 2022, making it the fourth year with significantly fewer numbers than the 10- year average of 17
  • Total sanctions imposed in 2023 was less than USD 571 million, making it a 70 percent decline from the USD 1.5 billion recorded in 2022

This decline can be attributed to multiple reasons:

  • The Trump administration’s first term from 2017 -2021 saw less stringent enforcement actions on FCPA violations, and a strong focus on deregulation and reducing corporate compliance burdens
  • These changes in policy coincided with the pandemic related travel restrictions, unprecedented supply chain restrictions, and a global economic slowdown.
  • The DOJ and SEC also made a strategic shift towards larger, higher impact cases over the last few years, while some courts have been demanding more transparency in DOJ and SEC settlements
  • At the same time, corporate compliance programs have been improving steadily with objective of avoiding any FCPA regulations
    • Organizations have been investing in AI-powered compliance processes, forensic audits, and whistleblower protection programs to curb corruption before the DOJ and SEC get involved.
    • They have also been voluntarily reporting violations leading to settlements rather than prosecutions.

The Risks of Complacency

The question is, does the latest Presidential executive order on the FCPA mean that companies can relax their corporate governance programs?

The answer is a resounding no.

  • The impact of the Executive Order is not fully clear yet, but the FCPA is unlikely to be removed wholly as the pause is currently for 180 days after which next steps will be formulated.
  • FCPA is a federal law and can only be removed by the US Congress. More importantly, the order only applies to the DOJ and the SEC remains free to enforce it.
  • Over the last few years, the FCPA has focused on foreign enterprises and this could continue even with relaxed enforcement policies.
  • Organizations will still be subject to audits which will focus on bribery and corruption.
  • Customers, investors, shareholders and other stakeholders value ethical corporate conduct. Investors and shareholders can file lawsuits for breaches in ethical standards as well.
  • The executive order while causing new investigations to be deferred, doesn’t necessarily stop ongoing investigations by the Attorney General and DOJ

If organizations relax their self-governance strategies in response to the slowdown in FCPA enforcement, they run the risk of corrupt practices that will eventually draw attention from stakeholders, regulators, and law makers. Over the years, organizations have suffered severe consequences as a result of poor corporate governance.

Strengthening Internal Self-Governance

Strong corporate self- governance is now more important than ever before. Here are the key principles of an effective self- governance framework:

Robust Ethics and Compliance Program – Organizations must establish clear and enforceable policies governing ethics and compliance. Policies must be easily accessible, periodically reviewed and updated, and consistently applied. Mandatory and regular training and awareness programs to reinforce policies and ethical culture is critical. Above all, instituting a culture of compliance and ethics requires leadership commitment and involvement. 

Whistleblower Policies – A well-structured and robust whistleblower policy is a fundamental element of a strong corporate governance program as it can help quick detection and mitigation of risks. Employees and stakeholders must be empowered to report misconduct without fear of retaliation. Organizations must establish secure and anonymous channels where reports are handled by the compliance or ethics committee rather than line managers. There must be zero tolerance policies in place for retaliatory practices to protect whistleblowers, accompanied by quick and transparent investigations.

Third-Party Risk Management – As the corporate ecosystem grows to include more vendors and third parties, it is critical to effectively manage third party risks. Due diligence processes, risk assessments, contracts that include clauses on anti-corruption, anti-bribery, and ethics, and regular and ongoing monitoring and audits should be mandatorily included in the corporate governance strategy.

Technology and AI in Compliance – Technology, particularly, Artificial Intelligence can be a game changer when it comes to self-governance. AI and automation can drive significant improvements in internal risk monitoring, misconduct detection and help organizations enforce ethics policies. For example, AI can track patterns of unethical behavior, identify conflict of interest and possible policy violations quickly so that they can be addressed before they blow up into a scandal. Organizations can leverage AI to improve accountability and transparency in internal compliance efforts.

Why Now Is the Time to Act

The Presidential Executive Order merely puts a 180 day hold on enforcements and calls for review. It does not repeal the law as only the US Congress has the power to do that. Neither does it apply to corporate conduct during the 180-day period. Regardless of what action the DOJ takes once the 180 days are over, the statute of limitations on anti-bribery provisions under the FCPA will be longer than President Trump’s term in office – Civil and criminal violations have a five- year statute of limitations and criminal violations of the books and records and internal controls provisions carry a six-year statute of limitations term. It is also entirely possible that post the review the FCPA will remain unchanged and DOJ will continue with enforcements as before.

Also, American organizations operating in international markets are subject to local anti-corruption laws like the UK’s Bribery Act, and the EU Anti-Corruption Laws in addition to the FCPA. And they are subject to other regulations such as anti-bribery rules imposed by the World Bank, and global ethics standards like the UN Global Compact, ISO 37001 (Anti-Bribery Management System), and Corporate Social Responsibility (CSR) initiatives. Violation of any of these regulations and standards carry equal risk of penalties and reputational damage.

So regardless of the immediate action taken by the DOJ in response to the executive order, it would be prudent for American organizations to not only focus on self-governance but also strengthen their compliance programs. If the FCPA were to resume in its complete form after the current administration completes their term in office, then they should not be caught unprepared. A strong and proactive compliance program coupled with a robust self-governance strategy will help secure investor trust, and drive operational resilience and long term sustainability.

The current slowdown in FCPA enforcement does not mean that there is a slowdown in risks facing corporate America. Corporate ethics, and anti-corruption measures remain high on the priority list of most stakeholders including customers. A comprehensive self- governance program can prove to be a competitive advantage as the demand for corporate accountability and ethical behavior continues to grow. Now is the time for American companies to focus on building a resilient self- governance and compliance framework not just because it’s a regulatory requirement, but because it is of significant strategic value for their growth and reputation.

Assess and strengthen your compliance framework today with MetricStream’s Corporate Compliance solution.

Sumith_Sagar_new

Sumith Sagar Associate Director, Product Marketing

Sumith Sagar is a proven product marketing professional, specializing in software product positioning, product-led growth marketing, presales and sales enablement. With over 12 years of risk management solutioning experience ranging from Governance, Risk and Compliance (GRC), Commodity Trading & Risk Management (CTRM) and cybersecurity, she has been instrumental in driving BusinessGRC product marketing at MetricStream.

 

Related Resources

Blog
Blog
6 mins
Sumith Sagar
The Pause in FCPA Enforcement – Why Self-Governance Matters Now More Than Ever