An Anti-Bribery and Corruption Policy is a formal written document that establishes an organization's commitment to conducting business without bribery, corruption, or improper payments, and sets out the procedures, controls, and responsibilities designed to prevent bribery by all persons associated with the organization. The policy identifies prohibited conduct, establishes gifts and hospitality thresholds, describes third-party due diligence requirements, sets out reporting channels for suspected violations, and details the consequences of non-compliance.

In the United States, the primary federal anti-bribery statute is the Foreign Corrupt Practices Act of 1977 (FCPA) (15 U.S.C. 78dd-1 et seq.), which was enacted in response to widespread disclosures of corporate bribery of foreign government officials. The FCPA contains two sets of provisions: the anti-bribery provisions, which prohibit the offer, promise, or payment of anything of value to a foreign government official for the purpose of obtaining or retaining business or securing an improper advantage; and the books-and-records provisions, which require issuers to maintain accurate financial records and a system of adequate internal accounting controls.

The Sarbanes-Oxley Act of 2002 (SOX) strengthened the internal controls framework applicable to public companies and imposed additional requirements for the certification of financial statements, the independence of audit committees, and the protection of whistleblowers. SOX section 806 (18 U.S.C. 1514A) provides anti-retaliation protections for employees who report FCPA and other securities violations.

Domestic bribery is addressed by 18 U.S.C. 201, which prohibits the bribery of federal public officials, and by the Travel Act (18 U.S.C. 1952), which makes it a federal crime to use interstate or foreign commerce to facilitate bribery in violation of state law. Most states have enacted their own anti-bribery and commercial corruption statutes that supplement federal law.

The DOJ and SEC jointly enforce the FCPA and have published the FCPA Resource Guide, which provides detailed guidance on the statute's application and the elements of an effective compliance program.

An Anti-Bribery and Corruption Policy is needed by every organization that operates in or has business connections with the United States, regardless of size. The FCPA applies not only to large multinational corporations but also to small and medium-sized businesses, particularly those that interact with foreign government officials through sales, licensing, permitting, or procurement processes.

Publicly traded companies (issuers) are subject to both the anti-bribery provisions and the books-and-records provisions of the FCPA. The SEC actively enforces the books-and-records provisions even in cases where no bribe was paid, if the company's internal controls were inadequate.

Private companies are subject to the anti-bribery provisions if they are domestic concerns (any U.S. citizen, national, resident, or business organized under U.S. law) or if they commit any act in furtherance of a corrupt payment while in the territory of the United States.

The DOJ Evaluation of Corporate Compliance Programs, most recently updated in 2023, identifies the existence and effectiveness of an anti-bribery compliance program as a critical factor in charging decisions, plea negotiations, and sentencing. Companies with effective compliance programs may receive reduced penalties, deferred prosecution agreements, or declinations.

The policy should be established when an organization is formed or when it begins operations that involve foreign government interaction. It should be reviewed at least annually, and updated following any significant change in the law, DOJ or SEC guidance, enforcement trends, or the organization's business activities, markets, or risk profile.

A comprehensive Anti-Bribery and Corruption Policy must address several essential elements to satisfy the requirements of the FCPA and the DOJ/SEC guidance on effective compliance programs.

The policy statement should clearly articulate the organization's zero-tolerance approach to bribery and corruption and should be endorsed by senior management, demonstrating the tone at the top that the DOJ considers essential.

The legal framework section should identify the applicable statutes, including the FCPA anti-bribery provisions and books-and-records provisions, 18 U.S.C. 201 for domestic bribery, the Travel Act, and applicable state laws.

Prohibited conduct should be clearly defined, including payments to foreign government officials, domestic public officials, and private commercial bribery. The policy should address both direct payments and payments made through third-party intermediaries.

Gifts and hospitality provisions should establish clear monetary thresholds, require prior approval and documentation, and impose heightened requirements for interactions with government officials.

Third-party due diligence procedures should address agents, consultants, distributors, joint venture partners, and other intermediaries. Due diligence should be risk-based and should include sanctions screening, adverse media searches, country risk assessment, and contractual anti-corruption commitments.

Books-and-records requirements should reflect the FCPA requirement to maintain accurate financial records and a system of adequate internal accounting controls. The policy should specify record retention periods.

The reporting and whistleblowing section should describe confidential and anonymous reporting channels and should reference the anti-retaliation protections available under the Dodd-Frank Act and SOX. Training requirements should specify frequency, risk-based targeting, and record-keeping obligations.