Uncovering bribes hidden in books and records: Studying areas flagged in SEC enforcement actions can help companies construct better fraud controls.

Author:Scheck, Howard

More than 40 years after the Foreign Corrupt Practices Act (FCPA) was enacted, the SEC and the U.S. Department of Justice (DOJ) continue to crack down on schemes in which bribes are paid to foreign officials with the intent to advance business interests.

In an effort to conceal illicit payments, individuals involved in illegal activity have gone to great lengths to falsify company books and records in the hopes of keeping them hidden from in-house accountants, internal and external auditors, or legal and compliance personnel. In some instances, a parent company or its officers may have unwittingly played a role in the illegal activity because the appropriate internal controls were not in place to prevent or detect improper payments.

For public companies operating in or with subsidiaries in countries that have been identified as high-risk (including Brazil, Russia, India, and China), understanding specific FCPA risks and the government's areas of focus can enhance compliance efforts and reduce exposure (see the sidebar "FCPA Accounting Provisions and Sanctions for Violations").

Although the SEC's prosecution of FCPA violations involves public companies, the DOJ handles criminal prosecution of both public and private entities.

While larger corporations and, to some extent, medium-size companies may have more mature anti-corruption compliance programs and sufficient resources to address their risks in these geographic locations, companies that do not have the necessary resources and robust anti-corruption compliance programs in place should consider obtaining advice to assess corruption risks and the adequacy of controls to mitigate issues and avoid violations.

To help companies of all sizes understand the books and records that create the most risk for prosecution, we analyzed all the SEC's FCPA enforcement actions from 2014 to 2018 and identified the financial accounts and expense categories that it flagged as attempts to conceal corrupt payments (see the graphic, "Details of SEC Citations"). Companies and their executives can use this historical analysis to enhance their anti-corruption compliance programs and to design targeted compliance monitoring procedures, including data analytics techniques, to identify potential improper payments or internal control deficiencies.


The SEC's enforcement actions indicate clear patterns of the identified improper behavior when it comes to key terms and categories used to "cook the books" and cover up bribery payments.

More specifically, the 57 companies charged by the SEC from 2014 to 2018 (excluding companies that entered into nonprosecution or deferred prosecution agreements) used various account categories to inaccurately record or falsify improper payments, including "consulting," "other business expenses," "gifts, travel, and entertainment," "commissions," "marketing," and "discounts." However, the specific accounts included both general descriptions (such as "research services" or "administrative expenses") and specific descriptions (such as "influencer fee" or "executive gifts: 5 watches"). Internal controls, therefore, need to be designed to address these recurring categories, as well as other potential categories in which companies may attempt to hide improper payments.

A review of the charging documents for these matters reveals that 84% included allegations of bribery initiated through an intermediary, such as a shell company, consultant, or local partner. Only nine of the 57 companies (16%) did not use an intermediary to facilitate bribery schemes. Many intermediaries were new partners engaged solely for the purpose of routing bribes.

Lack of adequate internal controls is the most common issue for companies that have landed in trouble with the government (see the sidebar "Control Failures: 2 Examples"). In a majority of these matters, the SEC also alleged control violations, with some companies appearing to have no controls at all. Within this context, a variety of control weaknesses were cited, including:

* Lack of understanding of...

To continue reading