S1 E5 | Anti-Corruption Compliance: Bribery & FCPA


In episode 5, Jim McCurry, Jon Kolodner, and Lisa Vicens provide insights on bribery and the Foreign Corrupt Practices Act (FCPA).

Topics discussed include, among other things:

  • What bribery and the FCPA are
  • Advice for companies doing business abroad
  • Compliance programs and best practices


Flyers and Resources


Thanks for checking out our additional content! Additional content was written/prepared by the Host or present/past Georgetown Law team members.

Our Articles may contain references to, or short excerpts from, specific statements in the Compliance & Legal Risk podcast episodes. Please note, to benefit the Article format, in many instances, statements referenced or quoted in an Article may have been edited or shortened, may only focus on one portion of a speaker’s answer to a question or commentary on an issue, or may have had certain interim questions/statements removed. We also repeat certain phraseology in all or many of our articles to aid listeners in comparing articles across episodes and to ensure our listeners have easy access to helpful episode information. For additional context and complete speaker answers, we always encourage you to listen to the full relevant podcast episode!


Why I’m Excited About This Episode

“To begin, this is our first episode on anti-corruption compliance, and so I’m interested to hear insights on this important area. Second, prior to coming to Georgetown Law, I worked at Cleary Gottlieb, and we have two speakers that I know from Cleary joining me for this episode.  Third, there can be some stiff criminal penalties for running afoul of certain anti-corruption laws, and sometimes these laws apply to us without us even knowing about it, so I think it’s to our advantage to learn as much about them as we can.”



Meet Our Guest Speakers

I asked our guests to “tell us a little bit about themselves, what they do and how they got there.”

Jim McCurry

“I started in the forensic accounting world back in university when I was majoring in accounting but wasn’t really sure that audit and tax were the right way to go. It seems a little less interesting than some of the things that I thought I’d like to do with my career.

So I managed to find a small consulting firm that was focused on litigation activities and investigations that really got me down the forensic accounting track and put me into a very different set of conversations with clients around issues related to the financial statement misstatement, issues relating to corruption, issues relating to procurement fraud. So it was really a whole host of areas that sort of sparked my interest and began what is now a 26 year career at EY, where I’m fortunate to be the Deputy Global Leader of a tremendous forensics practice, that’s got, I think we’re up at around 5000 people across over 40 countries at the moment.”

Jon Kolodner

“I joined Cleary about nine years ago in 2012. Before joining Cleary, I was at the U.S. Attorney’s Office for the Southern District of New York as a federal prosecutor for 12 years. While I was there, I was the Chief of the Complex Frauds Unit and then I was the Acting Chief of the Criminal Division, so I had a very interesting range of experiences while I was at the U.S. Attorney’s Office. Then, since I’ve joined Cleary, my practice has focused on enforcement matters, white collar criminal matters, internal investigations, a lot of which involve the FCPA, the Foreign Corrupt Practices Act. I also advise companies on cybersecurity issues and data privacy. So I have a pretty wide ranging investigations practice.”

Lisa Vicens

“My journey to how I got involved in working on FCPA and anti-corruption issues actually begins with Georgetown University. I went to the School of Foreign Service at Georgetown and graduated in 1999. And went on to get my Master’s degree in Latin American Studies also from the School of Foreign Service, where I really focused on getting an expertise regionally in both language skills as well as understanding the political and economic histories of the region, as well as the current issues facing the region at the time. After I got my Masters, I went to law school and then came to Cleary Gottlieb, which as a law firm, is well known as having a very international practice. And I was really fortunate as a very junior lawyer to begin working on investigations in white collar matters on behalf of our international clients, again, focusing on Latin America. So when I became partner (I was up for partner in 2014, became partner in 2015) the timing was fortunate in the sense that that was really when Lava Jato, the huge anti-bribery scandal, started in Brazil. I found that for the first many years of my partnership, I was really focused and working almost exclusively on FCPA matters arising out of Brazil and the region in connection with Lava Jato. So it started at Georgetown, but I ultimately found my home at Cleary.”


Defining White Collar/Investigations Practice

I asked our guests to define what a “white collar and investigations practice” is to them.

Jon Kolodner

“I’ve also heard it called an enforcement practice, and maybe just at a higher level, white collar crime refers to criminal conduct that involves financial gain, typically non-violent. What we’re talking about today, bribery, also fraud, theft of money, insider trading, crimes committed through the internet, cybercrime, money laundering.

I think those are all part of the white collar crime world. A defense and investigations practice, like the one that Lisa and I are a part of, and where we often work with folks like Jim, in his forensic world, we represent companies and individuals in these kinds of investigations. Typically involves the U.S. Department of Justice, but state criminal authorities can also be involved. The reason I mentioned enforcement is because it’s not just criminal, typically, it often involves enforcement actions that are brought by regulators like the Securities and Exchange Commission, the CFTC, the State Attorneys General, and even antitrust regulators. They can often be global, too, and involve regulators outside of the United States. I think collectively, those agencies, authorities, will seek to penalize companies and, as you mentioned at the beginning, impose significant penalties for violating the law. These often can be civil actions, if it’s an enforcement matter, and could be criminal, if it involves criminal authorities. There are typically significant financial penalties, and of course, for individuals, individuals face jail time, and that’s obviously a very significant penalty for them. We defend our clients in these kinds of investigations. They typically want the authority not to bring an action or a charge, and if we can’t convince them of that, then we’ll defend the case and try to either negotiate a favorable resolution or, in some instances we’ll go to trial. Companies will often also ask us to do internal investigations when they’ve identified misconduct themselves or when they learned about it from an outside source, like an authority or regulator coming to them and asking them for materials and documents and saying they’ve started an investigation. It could be just a newspaper report, or even whistleblower raising an issue internally within a company. In that circumstance we’ll do the investigation, often we’ll work with forensic firms like EY, and present our results to management and the board so they can decide what steps to take. I think an important part of our practices is that companies hire us to do that, in part, because we can do it under the attorney client privilege, which provides protection from disclosure to third parties of the investigation, and I think that’s an important part of what we do. I think there’s also an advisory side of our practice and which is a growing part of what we do, which is to provide advice to companies on their compliance programs, we’ll talk more about that later today, on controls, to detect and prevent wrongdoing, and that’s a big part of what we do as well.”

Lisa Vicens

“I think that is particularly relevant in the FCPA context. More and more, and we will talk about this, there’s a strong focus on putting into place controls, policies, and procedures to detect and prevent bribery before it occurs. But also, as we’ll talk about, there is this tremendous risk around the FCPA, and so for companies that are considering entering into joint ventures, for example, or acquiring a company, there’s a lot of focus on trying to identify the potential risk of those strategic transactions. So something that we will often do on the advisory side is really try to, as much as possible, conduct diligence to understand what risk companies are taking before they engage in strategic transactions. On the flip side of that, once you have conducted that acquisition of a company in another jurisdiction, how to integrate that company into your own compliance structure, so that you have better visibility going forward and can reduce your risk.”

Jim McCurry

“As Jon and Lisa are going through and working with the clients to understand the risk that they’re exposed to, there’s a lot of fact-finding required that firms like ours get involved in to collect all the documents, look at the financial information, understand the transaction flows, and what really happened, to provide substance around some of the allegations, and put the meat behind some of the pieces to determine whether there is substance to an allegation or not, and whether there are systemic problems potentially inside an organization, or whether it’s a one off rogue transaction. Our teams work very closely together in dealing with incredibly complex issues for our clients. And also, as Lisa and Jon both said, many of our clients are much more interested in avoiding these sorts of situations, so the compliance element is absolutely critical. Our work to identify what’s gone wrong in other situations, and how clients can avoid those issues, is a big part of what we like to support our clients on. It’s certainly an area I know we’re going to talk about a bit more today.”


Actionable Takeaways

I asked our guests for one “actionable, monetizable takeaway” for our listeners.

Jim McCurry

“Mine would be, make sure you’re listening and communicating because a lot of times, as I said earlier, there are issues going on inside the organization that are being addressed appropriately, but they’re not cascading the corrective activity into other areas of the business and really dealing with the problem in a systemic way. So you end up with a continuing cycle of problematic activity when you could have nipped it in the bud early on.”

Jon Kolodner

“I think the obvious one is the importance of compliance programs, which I think continues to be the greatest bang for the buck in terms of preventing corruption, detecting it early, and putting companies in the best position possible to avoid significant enforcement action. Certainly, that’s what the authorities will look at if there is ever an enforcement action. I suppose that’s the easiest answer.”

Lisa Vicens

“I echo what both Jon and Jim said. I think, building on to that, a key takeaway is that something that we’ve known for a long time and that I think has become increasingly apparent during a pandemic, where all of us are in different locations but participating on zoom, we’re increasingly global. Authorities around the world are focused on this as well and we can expect to see more cooperation by authorities across the world. What that means for companies is that companies that operate on a global basis also need to be more sensitive to what’s happening in the other countries that they operate in. Not only creating a unified compliance program, but really trying to create a unified culture and a unified understanding and sharing values around these issues.”


Advice for Starting Out

I asked our guests if “a student or someone more junior would like to do what you do or get into your area, what advice would you give them?”

Lisa Vicens

“Well, as a former Georgetown University student, I will say that my favorite thing about Georgetown, and which I think is actually the most helpful in the FCPA context, is curiosity about the world. Really understanding these different geographies, what institutions are like in them that can create potentially an environment for corruption.

That is what the focus of this recent Biden memo is on. It’s on transparency, it’s on institutions, it’s on looking at how our democracies are operating and whether or not they’re creating the conditions for corruption. As a nerd and as an academic, I’d say that two of the main resources that I think of when I think of the FCPA is actually the FCPA Resource Guide, which is issued by the SEC and the Department of Justice. It’s available on their websites. And because this is an area where, for the reasons that Jon identified with the corporate enforcement policy, a lot of these investigations end up being settled, there’s not a lot of case law. If you’re a law student and you’re trying to find case law on the FCPA to study up on it, like we do in a lot of other areas of the law, you’re not going to find any cases. They are mostly settled, and it’s a complex law with a lot of terms that are really sort of ambiguous under the law. So some of the best ways to try to formulate your understanding of how the law operates, and how it’s enforced, is looking at that resource guide, which is issued by the agencies that enforce the law, and looking at the releases that accompany some of these big settlements that we’re talking about, so that you can understand the facts and circumstances that gave rise to an investigation and ultimately a resolution.”

Jon Kolodner

“Maybe just to kind of take the career approach here, I think there are different ways to get into this kind of work, whether it’s the route that I took, which is to the government and then to private practice, or the route that Lisa took, which is straight through to private practice. I think looking for experience in investigations from the beginning of your career, your legal career or even before, working perhaps as a paralegal even is a way to get experience to try to get yourself involved in enforcement and criminal matters. I certainly agree that being curious, paying attention internationally to other cultures and other legal systems is also very important, but just from a practical perspective, trying to get real world experience in these areas, I think, is very helpful to becoming an enforcement lawyer or working for a firm like EY.”

Jim McCurry

“I’m going to steal part of Lisa’s point there and latch on to the international element of it, because I think the way companies operate, the way the regulators are looking, this is a very global issue. And it is nuanced, it’s challenging, but unless you have a global perspective on how to address it or understand what the challenges are to address it from a global perspective, it’s going to be difficult to get into the space. I think that would be my word of encouragement. Think about this as a very holistic global issue and something that literally the world is trying to confront on a day by day basis.”


Suggested Resources

I asked our guests to “recommend an article, book, blog, website, talk, or other resource” for our listeners.

Jim McCurry

“We’ve teamed often with Transparency International to put out some thought leadership. They do a regular survey on the Corruption Perceptions Index, that’s released annually, that’s quite interesting to look where the problems are around the world, how that’s changing year by year, and the sort of evolution over time.

So I think it’s an interesting resource to give you perspective on where the hotspots are around the world. Certainly, if you’re a company looking to make acquisitions or looking into expanding into other markets, it’s sort of a good first port of call. The World Bank does a wonderful Doing Business In series that will detail some of the issues and challenges of operating across the geographies, how long it takes to get a specific type of license, all the really interesting things that are a bit mundane, but as you think about how to operate in geographies, and the complexity of operating in some of those geographies, it can be quite useful. And it’s, as Jon said, EY has plenty of resources, country by country around corruption issues, and then how to address them and address specific compliance requirements in various markets.”

Jon Kolodner

“I agree with what Lisa said earlier, which is that the FCPA Resource Guide is a great option if you’re just looking to learn about the FCPA. I think just being up on world events is important and following along with developments in the law. There are a number of blogs out there that cover corruption issues. Cleary has one as well, we have our Cleary Enforcement Watch blog, which I would highly recommend to anyone who’s interested in kind of getting regular updates on these legal issues. But it doesn’t just have to be Cleary, of course, there are many other options as well.”

Lisa Vicens

“I feel like Jon and Jim identified so many good resources. I have to say, I think that I agree with Jim that there’s a lot of really great NGOs that really are focused on this, like Transparency International. I was going to say the World Bank Doing Business ranking, which I think is great. I work with two organizations, the Vance Center for International Justice and the Americas Society, both of whom put out a lot of information on corruption and the intersection, as I mentioned, with democracies and with institutions, which I think is very helpful. But there’s a lot of really good information out there. So I agree with Jim and Jon.”


Thought Leader Spotlight Series


Jim McCurry and others on Data and Risk

Jim McCurry co-authored a piece from May 2020 entitled “How can data help you manage the rapidly changing landscape of risk?”. The piece states, among other things:

“Businesses will need to complement experience and judgement with next-generation capabilities built on data and analytics. In April 2020, EY’s Global Board Risk Survey found that fewer than 20% of board members are extremely confident in risk reporting from management on a range of significant issues. Now more than ever, CXOs must be able to rapidly bring together information sources from across the enterprise alongside external data, to allow leaders to develop a deeper understanding of more complex emerging risks.”

Jon Kolodner, Lisa Vicens, and others on Corporate Criminal Enforcement Policies

Jon Kolodner and Lisa Vicens co-authored a piece with Cleary Gottlieb colleagues in November 2021 entitled “DOJ Announces First Set of Revisions Strengthening Corporate Criminal Enforcement Policies”. The piece discusses a new DOJ Memorandum and states, among other things:

“This initial set of changes to the DOJ’s corporate enforcement policies signals what most expected from the new administration: a renewed and aggressive focus on and approach to corporate misconduct. For a company facing criminal investigation, therefore, advocacy around these issues – such as which individuals were ‘involved’ in misconduct, the relevance of prior criminal conduct, and whether a monitor is warranted – will be of critical importance.”

Jon Kolodner, Lisa Vicens, and others on an Updated FCPA Resource Guide

Jon Kolodner and Lisa Vicens co-authored a piece with Cleary Gottlieb colleagues in July 2020 entitled “DOJ and SEC Release Updated FCPA Resource Guide”. On the updated FCPA (Foreign Corrupt Practices Act) guide, the Cleary Gottlieb piece states, among other things:

“Elaborating on the compliance program guidance in the first edition, the updated FCPA Guide expands its analysis of an effective compliance program by incorporating DOJ’s 2020 Evaluation of Corporate Compliance Programs. This updated guidance, which was first promulgated in 2017, provides a framework for DOJ’s analysis of the effectiveness of a company’s compliance program at the time of the offense and charging decision for the purpose of determining: ‘(1) the form of resolution or prosecution, if any; (2) the monetary penalty, if any; and (3) the compliance obligations to be included in any corporate criminal resolution (e.g., whether a compliance monitor is appropriate and the length and nature of any reporting obligations).’”

Jon Kolodner, Lisa Vicens, and others on an SEC Enforcement Action and Crypto Exchanges

Kolodner and Lisa Vicens co-authored a piece with Cleary Gottlieb colleagues in August 2021 entitled “SEC Enforcement Action Against Poloniex Signals Heightened Scrutiny for Crypto Exchanges”. The piece states, among other things:

“The action highlights the SEC’s heightened focus on and prioritization of regulating digital asset products and emerging industry players that the agency believes may not have abided by certain requirements of the federal securities laws. In its July 2017 DAO Report, the SEC warned that offers and sales of digital assets are subject to federal securities laws and stated that ‘any entity or person engaging in the activities of an exchange must register as a national securities exchange or operate pursuant to an exemption from such registration’ such as the exemption for alternative trading systems.”

Jon Kolodner and others on Colorado’s Privacy Act

Jon Kolodner co-authored a piece with Cleary Gottlieb colleagues in July 2021 entitled “The Centennial State Claims a New Number: Colorado to Become Third State in the U.S. to Enact Comprehensive ‘Privacy Act’”. The piece states, among other things:

“Another curious point to note, under the ColoPA [Colorado Privacy Act], the definition of ‘consumer’ covers Colorado residents acting in an individual or household context; however, ‘personal data’ under the Act only covers information that is linked or reasonably linkable to an ‘individual’, and not to an entire household. Thus, arguably, where data is collected that relates to a number of individuals within a household, but is not capable of being linked to one specific individual within that household, the rights afforded to Colorado consumers under the Act may not apply.”