As its name implies, the U.S. Foreign Corrupt Practices Act (“FCPA”) was designed to prevent U.S. companies from engaging in foreign bribery. The Department of Justice (“DOJ”) and the Securities Exchange Commission (“SEC”), the U.S. Government agencies charged with enforcing the FCPA, have made great use of the FCPA in this regard. They have secured more than $5 billion in settlements over the past five years. This success has resulted in more expansive views of the FCPA’s reach and innovative arguments to find liability when the alleged misconduct occurred entirely within the U.S. The apparent preference for the FCPA in these situations over other potentially applicable laws is likely due to the ease with which an FCPA violation may be proven. An internal policy violation is all that is needed.

The FCPA contains two provisions: (1) those dealing with bribes and (2) those dealing with accounting and internal controls. The bribery provisions prohibit corrupt payments of anything of value to foreign officials to obtain or retain business. These provisions by far receive the most fanfare. The lesser known accounting and internal controls provisions require the maintenance of internal controls that provide reasonable assurances that transactions are executed with required authorizations. There is no foreign conduct requirement here. There is also no requirement that a deficient control be linked to a foreign bribe, or any bribe for that matter, for there to be liability.

The SEC’s December 2016 settlement with United Airlines (“United”) is an example of the FCPA’s accounting and internal controls provisions being used to police alleged misconduct that occurred entirely within the U.S. United was alleged to have reinstated a non-stop route from Newark, New Jersey to Columbia, South Carolina even though the route was a proven money-loser. The chairman of the New York / New Jersey Port Authority (“Port Authority”) purportedly requested the route in exchange for approving a terminal lease that United wanted at Newark International Airport – the chairman had a home in South Carolina. United’s CEO allegedly bypassed the normal approval process, which included review by United’s Chief Revenue Officer and Board of Directors, and unilaterally reinstated the route the same day that the Port Authority approved the lease. United was charged with violating the FCPA’s accounting and internal controls provisions, not the bribery provisions, and paid a $2.4 million fine.

The lesson here is simple. A U.S. company engaged in wholly domestic conduct can still be guilty of an FCPA violation. All the company has to do is violate an internal policy to obtain some business advantage. This makes the FCPA a weapon of choice for the DOJ and SEC because an internal policy violation can almost always be found within a company and therefore no company is safe.