The Foreign Corrupt Practices Act (FCPA) is one of the most consequential pieces of legislation for any US company with international operations. For companies doing business in Latin America, where corruption risk varies significantly by country and sector, understanding and implementing FCPA compliance is not optional β€” it's existential.

This guide covers what the FCPA requires, how it applies specifically to Latin American operations, and the practical steps compliance officers need to take to reduce exposure.

What is the FCPA?

The Foreign Corrupt Practices Act, enacted in 1977 and significantly strengthened in 1998, prohibits US companies and their employees, agents, and subsidiaries from paying bribes to foreign government officials to obtain or retain business. It applies to:

  • US companies and their wholly-owned foreign subsidiaries
  • US citizens and residents working anywhere in the world
  • Foreign companies listed on US stock exchanges
  • Any person or entity that takes any action in furtherance of a bribe while in US territory

The FCPA has two main components: the anti-bribery provisions, which prohibit corrupt payments, and the accounting provisions, which require accurate record-keeping and adequate internal controls. Both carry significant criminal and civil penalties.

FCPA risk in Latin America: the landscape

Latin America presents a complex FCPA risk environment. The region has seen some of the largest anti-corruption enforcement actions in history β€” including the Odebrecht case, which resulted in over $3.5 billion in penalties across multiple countries and implicated companies from the US, Europe, and throughout the Americas.

Key risk factors by sector in the region:

  • Energy and oil/gas: Government-owned entities dominate extraction rights. Any interaction with PEMEX in Mexico, Ecopetrol in Colombia, or Petrobras in Brazil involves government officials under FCPA
  • Construction and infrastructure: Government contracting is pervasive. The Odebrecht case demonstrated how systemic bribery in infrastructure projects can reach every level of government
  • Healthcare and pharmaceuticals: Government healthcare systems mean that hospital administrators and physicians are often government officials under FCPA definitions
  • Customs and logistics: Unofficial facilitation payments to expedite customs clearance are common practice in many LATAM markets β€” and are FCPA violations

What the FCPA requires from a compliance program

The US Department of Justice and Securities and Exchange Commission have published detailed guidance on what constitutes an effective FCPA compliance program. The core elements include:

1. Commitment from senior management

A compliance program must have visible, genuine commitment from the board and senior leadership β€” not just a policy document. This means executives who communicate compliance expectations, respond to compliance concerns, and demonstrate that no business deal is worth an FCPA violation.

2. Code of conduct and compliance policies

Written policies that explicitly address bribery, gifts and entertainment, facilitation payments, and interactions with government officials. These must be translated into the local language and regularly updated.

3. Third-party due diligence

FCPA liability extends to third parties acting on a company's behalf β€” agents, distributors, joint venture partners, consultants. Due diligence on these relationships is a core FCPA requirement. Red flags include requests for unusually large commissions, third parties with government connections, and vague service descriptions.

4. Internal controls and financial reporting

The accounting provisions of the FCPA require companies to maintain books and records that accurately reflect transactions and to implement internal accounting controls that prevent unauthorized payments. A slush fund β€” regardless of what it's called β€” is an FCPA red flag.

5. Anonymous reporting mechanism

DOJ and SEC guidance explicitly states that an effective compliance program must include a mechanism by which employees can report concerns about potential violations anonymously and without fear of retaliation. This is not a suggestion β€” it is a required element that prosecutors examine when assessing the adequacy of a company's compliance program.

Critical: anonymous reporting and FCPA credit

When companies self-report FCPA violations discovered through their own compliance program β€” including tips received through anonymous reporting channels β€” they receive significantly more favorable treatment from DOJ and SEC than companies whose violations are discovered through external investigations. An anonymous reporting system that surfaces FCPA concerns internally is not just a compliance requirement β€” it's your best defense if a violation does occur.

The facilitation payment trap

One of the most common FCPA compliance failures in Latin America involves facilitation payments β€” small payments made to low-level government officials to expedite routine, non-discretionary government actions (customs processing, permits, inspections).

While the original 1977 FCPA included a facilitation payment exception, US companies must understand that:

  • The exception is narrow and its scope has been significantly restricted in enforcement practice
  • Many local laws in LATAM countries prohibit facilitation payments entirely, creating local law violations even if the FCPA exception technically applied
  • What starts as a "small" facilitation payment often escalates into a pattern that clearly violates the FCPA
  • The UK Bribery Act β€” which applies to many companies that also operate in the UK β€” has no facilitation payment exception at all

The practical guidance: treat all payments to government officials as presumptively impermissible and require legal review before any such payment is made.

Building your FCPA compliance program for LATAM

Step 1
Risk assessment β€” identify your highest-risk countries, sectors, and third-party relationships
Step 2
Policy translation β€” translate all compliance policies into local languages with jurisdiction-specific guidance
Step 3
Anonymous channel β€” implement a confidential reporting mechanism that employees in every country can access

FCPA enforcement trends: what to expect in 2026

FCPA enforcement has consistently increased over the past decade, with average penalties reaching record levels. Several trends are particularly relevant for companies with LATAM operations:

  • Increased coordination between US authorities and local LATAM enforcement agencies β€” a violation investigated locally often triggers an FCPA investigation
  • Growing focus on individual accountability β€” executives, not just companies, are increasingly facing personal criminal charges
  • Higher scrutiny of third-party relationships β€” joint ventures and agency arrangements are a primary enforcement focus
  • Credit for self-disclosure remains meaningful β€” companies that discover and report their own violations continue to receive significantly better outcomes

Conclusion

FCPA compliance in Latin America is not a box to check β€” it's an ongoing risk management discipline. The companies that manage it best are the ones that invest in the infrastructure to surface problems early: rigorous third-party due diligence, accurate financial controls, and most importantly, an anonymous reporting channel that employees actually trust and use.

Every internal report that surfaces a potential FCPA concern is a report that didn't become a DOJ investigation.

Ready to protect your organization?

Start a 30-day free trial. No credit card charged today.

Start Free Trial β†’