November 13, 2020

Leveraging Trusted Methods to Mitigate FCPA Risk during COVID-19

Tricia Fratto, Juliette Gust, Stephen Ward


  • The COVID-19 pandemic heightens the risk of corruption and bribery exposure as employees and third parties face pressure to reverse the negative effects of the recent economic downturn.
  • What are some practical strategies businesses can employ to protect themselves during the pandemic?

Prior to the COVID-19 pandemic, investigators relied on a proven playbook for addressing potential bribery and corruption: due diligence into relevant personnel or vendors, in-person interviews, and surveillance operations. Meanwhile, audit teams reviewed archived records, historical issues, and wider market practices to discern common techniques, missteps, or potential problem areas. This process is more complex during the pandemic. Triggers for an FCPA investigation and the possible steps to address violations have shifted, obfuscating the future of these investigations and enforcement. The following discusses practical strategies for navigating this altered landscape.


An understanding of your FCPA risk profile—your vulnerabilities, compliance history, and partners—means reduced risk and increased post-incident control. Before the pandemic, risk profiles were likely more easily assessed, with security measures set up based on known patterns of industry or geographic risks. This profoundly changed because of the pandemic. Now, a more active approach is necessary. To anticipate issues, you must devote proper attention and analysis to the aspects of your business most disrupted by the pandemic—even those aspects not historically associated with FCPA risk.

Consider supply chains: As international providers are forced to adapt at every level—from product sourcing to tax approvals, customs brokerage, or transport management—there is immense pressure to maintain the consistency that their clients expect. A dramatic rise in the use of facilitation payments is sure to follow. Already a pronounced risk, these payments are often used to streamline the supply process. Businesses returning during the pandemic may scramble to recoup the months of losses accrued during quarantines. This combined with rising unemployment and income concerns creates additional stress for employees to meet deadlines and achieve results. This also creates a heightened risk of potentially improper payments and damage to the company. As businesses continue to respond to the pandemic, additional vulnerabilities may develop that further underscore every company’s need to examine the more stressed aspects of its operations.


Organizations must adapt their approach to meet the new challenges of corruption during the pandemic. The reality is that some historically successful methods, particularly in-person interviews, are not currently viable. As measures against physical contact preclude in-person solutions, investigators and auditors must rely on remote or digital methodologies to address potential corruption. Now is the time to use proven methods to address current challenges: self-assessments. In our experience, self-assessments and compliance program audits are powerful and proactive tools to combat corruption risk and mitigate current exposure. These tools allow an organization to have visibility through remote review of books and records and any programmatic weaknesses.

Self-Assessments. Self-assessment forms should be sent to all parties, whether internal or at a vendor, who interface with government officials or operate in historically vulnerable regions or industries. During the assessment, the responding parties answer multiple questions designed to identify risk and provide data to evidence compliance with corporate policies, procedures, and initiatives. Compliance is then rated on a one-to-five scale, ultimately allowing the organization to make an informed decision on next steps, which could potentially include a deeper investigation. Self-assessments also help to scale audits by identifying practical risks and to limit the need for in-person procedures.

Compliance Audits. Anti-corruption program compliance audits are also critical to helping companies uncover and remediate nascent issues before those issues rise to the level of criminal activity, civil liability, or regulatory action. As part of these audits, financial information is reviewed to ensure that expenditures for government-related services are appropriate and accurately recorded in the company’s books and records. Analytics often will reveal discrepancies between expense reimbursement requests and invoices, requiring a more detailed review. Armed with this information, a company can make an informed decision about policy and procedure changes, remedial action for any employees involved, and the need for further employee training. An informed decision can also be made about whether the company self-reports to regulators.


Although training, self-assessments, and compliance audits are critical, proactive approaches to mitigating corruption risk, it is also essential that your overall compliance program be nimble enough to react swiftly once an issue is suspected or identified. Review your FCPA training and guidelines to ensure both employees and business partners are made aware of the communication channels available to them for reporting suspected or witnessed wrongdoing. This should include contact information for compliance officers as well as an anonymous and confidential reporting option. Efforts should include ensuring that all reports are reviewed by a trained, objective, and independent team that is well-versed in how to respond to corruption-related allegations, evaluate the issues, and determine whether an internal investigation should be initiated.


Ultimately, the COVID-19 pandemic heightens the risk of corruption and bribery exposure even in traditionally compliant departments as employees and third parties face pressure to reverse the negative effects of the recent economic downturn. Investigators and auditors, meanwhile, can depend on trusted existing strategies to create sensible, scalable, and remote solutions.


For more business law content, visit

Tricia Fratto


Tricia has over 15 years of legal experience focused on internal and government-facing investigations. As a former director at Starwood, Tricia supervised the Legal-Compliance led global investigations, designed and implemented protocols and policies, developed and conducted training programs, and advised on remediation plans. Tricia also practiced at two of the world’s largest law firms as a white-collar litigator, advising a broad range of clients on fulfilling their legal obligations.

Juliette Gust

Certified Fraud Examiner

Juliette has led more than 1,500 investigations spanning 75 countries and advised on nearly 10,000 whistleblower reports. She is a former director of global fraud investigations, and project manager of an anti-corruption compliance program, for a Fortune 500 company. She also served as a PwC regulatory, senior manager and subject matter expert for the Forensics, Hospitality, and Regulatory advisory practices. Since 2007, Juliette has been a Certified Fraud Examiner.

Stephen Ward

Enterprise Security Supervisor

Mr. Ward helps clients address security vulnerabilities that come from conducting business in a global environment. Along with a broad spectrum of investigative services, he provides focused expertise in Brand and Intellectual Property Protection and Corporate Compliance Services. Mr. Ward supervises enterprise security programs for mid-size to large scale multinational organizations to deliver an integrated services model for Guard Force Management, Investigations, Supply Chain Security and Global Risk Ratings.