In depth

On February 5, 2025, newly confirmed US Attorney General Pamela Bondi issued an agencywide memorandum ("Memorandum") in which she directed the DOJ FCPA Unit to focus its investigations on "foreign bribery that facilitates the criminal operations of Cartels and Transnational Criminal Organizations (TCOs), and shift focus away from investigations that do not involve such a connection."¹ Five days later, on February 10 2025, President Donald Trump signed an Order instructing the Attorney General to pause the enforcement of the FCPA for a six month period while she reviews the DOJ's policies and guidelines governing FCPA enforcement actions.² During this pause, the Attorney General must:

• Cease initiating any new FCPA investigations and enforcement actions, without her authorization;
• Review all current FCPA investigation and enforcement actions and determine their status based on revised enforcement and foreign policy priorities; and
• Issue updated guidelines and policies to promote the President's discretion over foreign affairs, particularly in the interest of preserving the US's competitiveness in foreign markets.

After this period expires, the Attorney General may extend the review period for an additional 6 months if deemed necessary. Once the guidelines and policies have been revised, FCPA investigations and enforcement actions initiated thereafter must be governed by these new guidelines.

These two announcements, which are in some ways inconsistent and conflicting, have created substantial uncertainty regarding the future of FCPA enforcement. The Administration has provided very limited additional guidance on the practical implications of these directives, how each of these mandates will be reconciled, or steps companies should take in their wake. It remains to be seen how the Attorney General revises DOJ guidelines governing FCPA enforcement and allocates prosecutorial resources. The future of the DOJ's Corporate Enforcement Policy and Pilot Program on Voluntary Self-Disclosures for Individuals is unknown, casting further doubt on the value of voluntary disclosure (particularly during the 6-month investigation and enforcement moratorium). It is possible that some of the incentives afforded by disclosure policies may be eliminated or reduced, greatly altering the disclosure calculus for companies. Also uncertain is how, or if, the Memorandum and Order will impact the Security and Exchange Commission's (SEC) enforcement of the FCPA's accounting provisions.

Despite the uncertainty generated by the Memorandum's mandate and the Order, prudence dictates that companies substantially stay the course on compliance for several reasons:

• The Administration's actions seek to alter enforcement of the FCPA, not eliminate the law passed by Congress in 1977. Forthcoming guidelines and priorities could result in increased risk for certain companies, including non-US companies or companies operating in "non-friendly" countries. Trump's Order rests on the President's authority to conduct foreign affairs and protect national security, providing a broad landscape that makes the ultimate enforcement guidelines (and impact on companies in the medium and long term) difficult to predict. Any weakening of corporate compliance programs and the approach to corruption risk while awaiting this guidance on enforcement priorities should be muted.
• Bribery is still illegal in every country, and numerous countries have increased enforcement of bribery in recent years. This trend can be seen in Germany, Brazil, South Africa and even China, among others. Enforcement of these non-US regimes against US companies will not be directly impacted by the US Administration's actions and, in some instances, could even become more aggressive as part of countermeasures against US actions on tariffs and other geopolitical maneuvers.
• Both the Memorandum and the Order are silent on the SEC's civil enforcement of the accounting provisions of the FCPA. While the SEC may ultimately adopt a posture aligned with the DOJ, this remains unclear and the SEC remains unimpeded in its power to pursue civil FCPA investigations and enforcement. Reports suggest that newly-appointed SEC Commissioners are seeking to exercise more authority over FCPA-related investigations by requiring that SEC staff obtain the full Commission's approval to obtain the authority to issue subpoenas.³ This change in formal order authority does not necessarily mean that SEC enforcement actions will decline, but rather that the Commission aims to exercise more oversight of investigations earlier in the investigative process to control the types of cases being pursued by the Staff.
• Other key corporate stakeholders will likely still expect companies to thoroughly investigate allegations of bribery and fraud. External auditors are unlikely to turn a blind eye to such allegations and will still inquire about bribery-related reports to assess the potential impact on a company's financial statements. The risk of shareholder litigation relating to unresolved or poorly handled bribery-related allegations remains. Conducting appropriately rigorous and thorough corruption and fraud-related internal investigations under privilege will continue to protect companies in future litigation or regulatory action.
• US companies operating in foreign markets may still have an obligation under local law to investigate reports of bribery submitted through internal whistleblower channels. For example, under the European Union's Whistleblower Directive, member states are required to investigate reports made through company channels.⁴
• Compliance programs detect and prevent a variety of other significant legal and regulatory risks other than those related to the FCPA, including risks related to sanctions, data privacy, environmental regulations, and money laundering. Third-party due diligence programs reduce the risk of contracting with sanctioned or fraudulent parties and create additional oversight of third parties that present a heightened risk of violating applicable export controls. The controls implemented through a company's compliance program prevent harm to the company by monitoring and intercepting instances of fraud and self-dealing. These same controls benefit broader corporate financial wellbeing. Enterprise risk assessments will continue to provide valuable information on a variety of corporate legal, financial, and reputational risks, allowing companies to implement remediation to mitigate those risks.
• Regardless of near-term FCPA enforcement trends, the evidence suggests that ethics and compliance programs are good for business. A recent study indicates that consumers are willing to purchase products at a premium from companies that have robust compliance programs, signaling that compliance serves a function beyond just mitigating a company's liability. ⁵ Commitments to compliance foster a culture of ethical behavior and promote a positive market reputation. Similarly, the evidence shows that bribery is bad for business, potentially resulting in 'quick wins' while fostering a long-term culture antithetical to law-abiding and policy-adhering behavior. While there may be fewer DOJ press releases regarding FCPA investigations and settlements, companies can still suffer reputational damage from media attention to bribery issues, particularly in today's social media culture. Companies that make reactive changes to compliance programs and budgeting in the wake of the current FCPA enforcement uncertainty risk communicating to employees that unethical behavior that clearly harms corporate performance (such as self-dealing, conflicts of interest, or other forms of fraud) is now tolerated.
• The Trump Administration describes the specific implementation actions as a temporary priority shift. The Memorandum's mandate will be in place for 90 days, after which the DOJ will make a decision about whether to renew or solidify the mandate. The Order pauses DOJ enforcement of the FCPA for a period of 180 days pending guidance on priorities. Even if the Trump Administration extends its enforcement mandates throughout the entirety of its 4-year term, the next Administration may roll back the shift in enforcement priorities. As the statute of limitations under the FCPA is five years, conduct today could potentially still be investigated and prosecuted during the next Administration.

While the future of FCPA enforcement remains decidedly uncertain, companies are advised to consider the following:

• As compliance programs and ethical cultures take years to build and embed in corporations, any shift in compliance practices or resourcing in the wake of such uncertainty should be made with caution.
• Employees, as well as Directors and other stakeholders, will undoubtedly have questions regarding what potential changes in FCPA enforcement may mean for the business. Companies should consider communicating to employees their continued commitment to compliance through trainings and other appropriate messaging.
• Allegations of bribery or corruption that come to the attention of the company should be appropriately investigated and remediated to ensure expectations of key stakeholders, such as auditors, are met.
• Robust third party due diligence remains a critical process to allow companies to identify and manage numerous legal, financial, reputational and business risks.
• Risk assessments that cover a variety of enterprise risks (including corruption risk) will continue to provide information allowing companies to remediate numerous legal, financial, and reputational risks.
• Maintaining internal controls that help manage corruption, fraud, and self-dealing risk is advised.

1 Total Elimination of Cartels and Transnational Criminal Organizations

2 Pausing Foreign Corrupt Practices Act Enforcement to Further American Economic and National Security – The White House

3 Exclusive: SEC's Republican-led commission tightens oversight of probes, sources say | Reuters

4 https://commission.europa.eu/aid-development-cooperation-fundamental-rights/your-fundamental-rights-eu/protection-whistleblowers_en

5 https://magazine.ethisphere.com/how-corporate-compliance-builds-value/ (citing https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4380918)